[Freeipa-devel] [PATCHES] 0191-0195 Use ipaldap in the client installer & password migration

[Martin Kosek]

On 03/06/2013 04:29 PM, Petr Viktorin wrote:
> Hello,
> These patches move ipaldap to ipapython, and make the client installer use it.
> Also password migration web-app is made to use ipaldap; they both called a
> shared a utility function that is converted to use ipaldap.
> 
> This should fix https://fedorahosted.org/freeipa/ticket/3446
> (freeipa-client-install KeyError in 'namingcontexts') and similar errors.
> 
> https://fedorahosted.org/freeipa/ticket/3487
> 

As we discussed, a prerequisite for these patches is that IPAdmin should be
able to avoid fetching remote LDAP schema. We do not want to get schema of
every LDAP server we try to discover on.

I did not test the patches, I just saw some strange changes when reading the
patches.

0193:

@@ -1645,6 +1640,7 @@ def get_ca_cert(fstore, options, server, basedn):
                         os.unlink(ca_file)
                         raise
             except Exception, e:
+                raise
                 root_logger.debug(str(e))
                 raise errors.NoCertificateError(entry=url)


@@ -2018,6 +2014,7 @@ def install(options, env, fstore, statestore):
                 del os.environ['KRB5_CONFIG']
             except Exception, e:
                 root_logger.error("Cannot obtain CA certificate\n%s", e)
+                raise
                 return CLIENT_INSTALL_ERROR

             # Now join the domain

What is it good for?

Martin