From 19912796edf5d6427920ff67c33e6288223e0466 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Nov 11 2016 11:13:56 +0000
Subject: fix incorrect invocation of ipa-getkeytab during DL0 host enrollment


https://fedorahosted.org/freeipa/ticket/6434

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

---

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index aadfab0..7150f20 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -521,7 +521,7 @@ def enroll_dl0_replica(installer, fstore, remote_api, debug=False):
             '-D', unicode(ipaldap.DIRMAN_DN),
             '-w', config.dirman_password,
             '-k', paths.KRB5_KEYTAB,
-            '-c', os.path.join(config.dir, 'ca.crt')
+            '--cacert', os.path.join(config.dir, 'ca.crt')
         ]
         ipautil.run(getkeytab_args, nolog=(config.dirman_password,))