[Freeipa-devel] [PATCH] 377 Using LDAPI to setup CA and KRA agents.
Jan Cholasta
jcholast at redhat.com
Tue Sep 1 05:06:45 UTC 2015
On 31.8.2015 22:15, Endi Sukma Dewata wrote:
> On 8/31/2015 6:18 AM, Martin Basti wrote:
>>
>>
>> On 08/27/2015 09:41 PM, Endi Sukma Dewata wrote:
>>> The CA and KRA installation code has been modified to use LDAPI
>>> to create the CA and KRA agents directly in the CA and KRA
>>> database. This way it's no longer necessary to use the Directory
>>> Manager password or CA and KRA admin certificate.
>>>
>>> https://fedorahosted.org/freeipa/ticket/5257
>>>
>>>
>>>
>>
>> Thank you.
>>
>> 1) Can you use following code instead of direct call of ldap2.ldap2()?
>>
>> if not api.Backend.ldap2.is_connected():
>> api.Backend.ldap2.connect(autobind=True)
>>
>> conn = api.Backend.ldap2
Why would you want to do that? The original code is fine, except the
connection check is not necessary (it is a new instance of ldap2, so
.isconnected() will always return False).
>
> It's actually isconnected() instead of is_connected(), but even so, the
> proposed code doesn't work:
>
> ipa.ipapython.install.cli.install_tool(Server): DEBUG The
> ipa-server-install command failed, exception: TypeError: 'ldap2' object
> is not callable
> ipa.ipapython.install.cli.install_tool(Server): ERROR 'ldap2' object
> is not callable
>
>> 2) Patch needs rebase to master branch.
>
> The original patch does apply cleanly to master. Did you see a conflict?
>
>> 3)
>> + user_dn = DN(('uid', "ipara"), ('ou', 'People'), self.basedn)
>> + conn.create(
>> + dn=user_dn,
>>
>> can you use add entry() instead of create()? We don't use native
>> python-ldap, but rather ipaldap methods
>
> It's actually calling the ldap2.create() defined in
> ipaserver/plugins/ldap2.py, which calls add_entry().
NACK. We don't use ldap2.create(). Use add_entry().
>
> So my original patch still stands.
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list