URL: https://github.com/freeipa/freeipa/pull/620
Author: felipevolpone
Title: #620: [WIP] Fixing 6549
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/620/head:pr620
git checkout pr620
From f4cd0e03cf9f56167a59329bbd59c2aafba6022f Mon Sep 17 00:00:00 2001
From: felipe <fbarreto@localhost.localdomain>
Date: Mon, 20 Mar 2017 13:59:34 -0300
Subject: [PATCH] Fixing the replica install against IPA 3.0.0 master. Now, at
the domain level 0, the replica install always uses Directory Manager
credentials to create the LDAP connection.
---
ipaserver/install/server/replicainstall.py | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index b4463fd..5e5cbb5 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1391,7 +1391,14 @@ def install(installer):
dsinstance.create_ds_user()
try:
- conn.connect(ccache=ccache)
+ if promote:
+ conn.connect(ccache=ccache)
+ else:
+ # Domain level 0 replica install should always use Directory
+ # manager credentials to create remote LDAP connection.
+ conn.connect(bind_dn=ipaldap.DIRMAN_DN, cacert=cafile,
+ bind_pw=config.dirman_password)
+
# Update and istall updated CA file
cafile = install_ca_cert(conn, api.env.basedn, api.env.realm, cafile)
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
