[Freeipa-devel] [PATCH] 377 Using LDAPI to setup CA and KRA agents.
Endi Sukma Dewata
edewata at redhat.com
Mon Aug 31 20:15:25 UTC 2015
On 8/31/2015 6:18 AM, Martin Basti wrote:
>
>
> On 08/27/2015 09:41 PM, Endi Sukma Dewata wrote:
>> The CA and KRA installation code has been modified to use LDAPI
>> to create the CA and KRA agents directly in the CA and KRA
>> database. This way it's no longer necessary to use the Directory
>> Manager password or CA and KRA admin certificate.
>>
>> https://fedorahosted.org/freeipa/ticket/5257
>>
>>
>>
>
> Thank you.
>
> 1) Can you use following code instead of direct call of ldap2.ldap2()?
>
> if not api.Backend.ldap2.is_connected():
> api.Backend.ldap2.connect(autobind=True)
>
> conn = api.Backend.ldap2
It's actually isconnected() instead of is_connected(), but even so, the
proposed code doesn't work:
ipa.ipapython.install.cli.install_tool(Server): DEBUG The
ipa-server-install command failed, exception: TypeError: 'ldap2' object
is not callable
ipa.ipapython.install.cli.install_tool(Server): ERROR 'ldap2' object
is not callable
> 2) Patch needs rebase to master branch.
The original patch does apply cleanly to master. Did you see a conflict?
> 3)
> + user_dn = DN(('uid', "ipara"), ('ou', 'People'), self.basedn)
> + conn.create(
> + dn=user_dn,
>
> can you use add entry() instead of create()? We don't use native
> python-ldap, but rather ipaldap methods
It's actually calling the ldap2.create() defined in
ipaserver/plugins/ldap2.py, which calls add_entry().
So my original patch still stands.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list