Postpone enabling LDAPS in replica promotion

[tkrizek]

Fixes a bug that prevented ipa-replica-install with CA, because
LDAPS was configured before the SSL cerificate was assigned.

https://fedorahosted.org/freeipa/ticket/6226

[HonzaCholasta]

ipa-replica-install fails with:

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 786, in __enable_ssl
    self.nickname, self.fqdn, cadb)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 336, in create_server_cert
    cdb.issue_server_cert(self.certreq_fname, self.certder_fname)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 405, in issue_server_cert
    self.secdir, password, "ipaCert", **params)
  File "/usr/lib/python2.7/site-packages/ipapython/dogtag.py", line 156, in https_request
    method=method, headers=headers)
  File "/usr/lib/python2.7/site-packages/ipapython/dogtag.py", line 207, in _httplib_request
    raise NetworkError(uri=uri, error=str(e))
NetworkError: cannot connect to 'https://vm-058-011.abc.idm.lab.eng.brq.redhat.com:8443/ca/ee/ca/profileSubmitSSLClient': (SEC_ERROR_BUSY) NSS could not shutdown. Objects are still in use.

[HonzaCholasta]

However, I don't think this should block the release of 4.4.1, so I would just revert 89de60c and keep the ticket open.

[MartinBasti]

Reverted.

master:
https://fedorahosted.org/freeipa/changeset/dd02741896844a6e14d60f267d9b1cb27b039241