From cdb6ffb779b7e1e563494eb3234b2441ba74d692 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Jan 05 2017 14:09:12 +0000
Subject: Set up DS TLS on replica in CA-less topology


Fixes: https://fedorahosted.org/freeipa/ticket/6226
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>

---

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 26cd246..1d3ae2e 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -393,7 +393,9 @@ class DsInstance(service.Service):
 
         if self.promote:
             self.step("creating DS keytab", self.__get_ds_keytab)
-            if self.ca_is_configured:
+            if self.pkcs12_info:
+                self.step("configuring ssl for ds instance", self.__enable_ssl)
+            else:
                 self.step("retrieving DS Certificate", self.__get_ds_cert)
             self.step("restarting directory server", self.__restart_instance)