From 0acac0b033e8b9363d78f34ef3e11af87f9090e9 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkrizek@redhat.com>
Date: Fri, 26 Aug 2016 16:16:38 +0200
Subject: [PATCH] Enable LDAPS in replica promotion

With CA-less master and CA-less replica, attempting to install CA on replica
would fail. LDAPS has to be enabled during replica promotion, because it is
required by Dogtag.

https://fedorahosted.org/freeipa/ticket/6226
---
 ipaserver/install/server/replicainstall.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index c73600c..77d75b3 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1476,6 +1476,9 @@ def promote(installer):
         cainstance.export_kra_agent_pem()
         CA.fix_ra_perms()
 
+    # we now need to enable ssl on the ds
+    ds.enable_ssl()
+
     krb = install_krb(config,
                       setup_pkinit=not options.no_pkinit,
                       promote=True)