|
 |
ac7d03 |
From c34fa1891b774e98de6a1787001f2215ea85c0f3 Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Jan Cholasta <jcholast@redhat.com>
|
|
|
ac7d03 |
Date: Fri, 17 Mar 2017 09:34:08 +0000
|
|
|
ac7d03 |
Subject: [PATCH] replica prepare: fix wrong IPA CA nickname in replica file
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Lookup IPA CA subject and pass it to CertDB when creating dscert.p12 and
|
|
|
ac7d03 |
httpcert.p12, otherwise a generic nickname will be used for the IPA CA
|
|
|
ac7d03 |
certificate instead of "$REALM IPA CA".
|
|
|
ac7d03 |
|
|
|
ac7d03 |
This fixes replica install on domain level 0 from a replica file created
|
|
|
ac7d03 |
using ipa-replica-install on IPA 4.5.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
https://pagure.io/freeipa/issue/6777
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
ipaserver/install/ipa_replica_prepare.py | 7 ++++---
|
|
|
ac7d03 |
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
|
|
|
ac7d03 |
index f4925a6c46b6714362545ee5e8194b7b02de5091..95c3818a9fc34c937f8b418e91a1bfc28352b02e 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/ipa_replica_prepare.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/ipa_replica_prepare.py
|
|
|
ac7d03 |
@@ -34,7 +34,7 @@ import dns.resolver
|
|
|
ac7d03 |
from six.moves.configparser import SafeConfigParser
|
|
|
ac7d03 |
# pylint: enable=import-error
|
|
|
ac7d03 |
|
|
|
ac7d03 |
-from ipaserver.install import certs, installutils, bindinstance, dsinstance
|
|
|
ac7d03 |
+from ipaserver.install import certs, installutils, bindinstance, dsinstance, ca
|
|
|
ac7d03 |
from ipaserver.install.replication import enable_replication_version_checking
|
|
|
ac7d03 |
from ipaserver.install.server.replicainstall import install_ca_cert
|
|
|
ac7d03 |
from ipaserver.install.bindinstance import (
|
|
|
ac7d03 |
@@ -537,12 +537,13 @@ class ReplicaPrepare(admintool.AdminTool):
|
|
|
ac7d03 |
"""
|
|
|
ac7d03 |
hostname = self.replica_fqdn
|
|
|
ac7d03 |
subject_base = self.subject_base
|
|
|
ac7d03 |
+ ca_subject = ca.lookup_ca_subject(api, subject_base)
|
|
|
ac7d03 |
nickname = "Server-Cert"
|
|
|
ac7d03 |
|
|
|
ac7d03 |
try:
|
|
|
ac7d03 |
db = certs.CertDB(
|
|
|
ac7d03 |
- api.env.realm, nssdir=self.dir, subject_base=subject_base,
|
|
|
ac7d03 |
- host_name=api.env.host)
|
|
|
ac7d03 |
+ api.env.realm, nssdir=self.dir, host_name=api.env.host,
|
|
|
ac7d03 |
+ subject_base=subject_base, ca_subject=ca_subject)
|
|
|
ac7d03 |
db.create_passwd_file()
|
|
|
ac7d03 |
db.create_from_cacert()
|
|
|
ac7d03 |
db.create_server_cert(nickname, hostname)
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.12.1
|
|
|
ac7d03 |
|