mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-26 16:16:31 -06:00
Use common procedure to setup initial replication in both domain levels
Set up initial replication using GSSAPI also in domin level 0. For this to work, the supplied DM password is used to connect to remote master and set up agreements. The workflow is unchanged in DL1 where GSSAPI bind as host or admin is used. This obsoletes the conversion of replication agreements to GSSAPI made in DL0 during KDC installation. https://fedorahosted.org/freeipa/ticket/6406 Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
parent
8378e1e39f
commit
ce2bb47cca
@ -410,6 +410,16 @@ class DsInstance(service.Service):
|
||||
|
||||
|
||||
def __setup_replica(self):
|
||||
"""
|
||||
Setup initial replication between replica and remote master.
|
||||
GSSAPI is always used as a replication bind method. Note, however,
|
||||
that the bind method for the replication differs between domain levels:
|
||||
* in domain level 0, Directory Manager credentials are used to bind
|
||||
to remote master
|
||||
* in domain level 1, GSSAPI using admin/privileged host credentials
|
||||
is used (we do not have access to masters' DM password in this
|
||||
stage)
|
||||
"""
|
||||
replication.enable_replication_version_checking(
|
||||
self.realm,
|
||||
self.dm_password)
|
||||
@ -421,12 +431,17 @@ class DsInstance(service.Service):
|
||||
repl = replication.ReplicationManager(self.realm,
|
||||
self.fqdn,
|
||||
self.dm_password, conn=conn)
|
||||
if self.promote:
|
||||
repl.setup_promote_replication(self.master_fqdn)
|
||||
|
||||
if self.dm_password is not None and not self.promote:
|
||||
bind_dn = DN(('cn', 'Directory Manager'))
|
||||
bind_pw = self.dm_password
|
||||
else:
|
||||
repl.setup_replication(self.master_fqdn,
|
||||
r_binddn=DN(('cn', 'Directory Manager')),
|
||||
r_bindpw=self.dm_password)
|
||||
bind_dn = bind_pw = None
|
||||
|
||||
repl.setup_promote_replication(self.master_fqdn,
|
||||
r_binddn=bind_dn,
|
||||
r_bindpw=bind_pw,
|
||||
cacert=self.ca_file)
|
||||
self.run_init_memberof = repl.needs_memberof_fixup()
|
||||
|
||||
def __configure_sasl_mappings(self):
|
||||
|
@ -180,9 +180,6 @@ class KrbInstance(service.Service):
|
||||
self.step("adding the password extension to the directory", self.__add_pwd_extop_module)
|
||||
if setup_pkinit:
|
||||
self.step("installing X509 Certificate for PKINIT", self.__setup_pkinit)
|
||||
if not promote:
|
||||
self.step("enable GSSAPI for replication",
|
||||
self.__convert_to_gssapi_replication)
|
||||
|
||||
self.__common_post_setup()
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user