-
Notifications
You must be signed in to change notification settings - Fork 132
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes to cloning and security domain tables for client auth internald…
…b user The mechanism for getting an ldap connection to the internaldb was incorrect, both in the Security Domain Session Table and the DatabasePanel. As a result, connections to the internaldb failed for accessing the security domain session table and when trying to clone a master which connects to its database using client auth. The thread that handles reading the security domain session table is now only instantiated when running on a configured security domain master. Additionally, needed acls for the client auth certificate ldap user have been moved to manager.ldif. This includes acls to allow creation and management of replication agreements and replication users (now being created under ou=csusers, cn=config) Added logs to show when ldif import errors occur. Also made sure to write and remove master ldap password for use in replication. Ticket #5 Conflicts resolved: pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java pki/base/migrate/80/MigrateSecurityDomain.java pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java
- Loading branch information
Showing
16 changed files
with
380 additions
and
209 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# acis for cert manager | ||
|
||
dn: ou=csusers,cn=config | ||
objectClass: top | ||
objectClass: organizationalUnit | ||
ou: csusers | ||
|
||
dn: {rootSuffix} | ||
changetype: modify | ||
add: aci | ||
aci: (targetattr=*)(version 3.0; acl "cert manager access"; allow (all) userdn = "ldap:///{dbuser}";) | ||
|
||
dn: cn=ldbm database,cn=plugins,cn=config | ||
changetype: modify | ||
add: aci | ||
aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; allow (read) userdn="ldap:///{dbuser}";) | ||
|
||
dn: cn=config | ||
changetype: modify | ||
add: aci | ||
aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///{dbuser}";) | ||
|
||
dn: ou=csusers,cn=config | ||
changetype: modify | ||
add: aci | ||
aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication users"; allow (all) userdn = "ldap:///{dbuser}";) | ||
|
||
dn: cn="{rootSuffix}",cn=mapping tree,cn=config | ||
changetype: modify | ||
add: aci | ||
aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///{dbuser}";) | ||
|
||
dn: cn="{rootSuffix}",cn=mapping tree,cn=config | ||
changetype: modify | ||
add: aci | ||
aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///{dbuser}";) | ||
|
||
dn: cn="{rootSuffix}",cn=mapping tree,cn=config | ||
changetype: modify | ||
add: aci | ||
aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///{dbuser}";) | ||
|
||
dn: cn=tasks,cn=config | ||
changetype: modify | ||
add: aci | ||
aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///{dbuser}";) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
197 changes: 100 additions & 97 deletions
197
pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.