diff options
| author | Fraser Tweedale <frase@frase.id.au> | 2015-03-26 23:24:10 -0400 |
|---|---|---|
| committer | Fraser Tweedale <frase@frase.id.au> | 2015-04-13 00:06:40 -0400 |
| commit | 87fd6b473eb3490ffc17f7a385ba5acb7ceb9fb0 (patch) | |
| tree | 78ba843a6bed31950d8014400d9e773aa18222c9 | |
| parent | 1bfebdb6cc4385b5d83704a72f6eb9de78fded9b (diff) | |
| download | pki-87fd6b473eb3490ffc17f7a385ba5acb7ceb9fb0.tar.gz pki-87fd6b473eb3490ffc17f7a385ba5acb7ceb9fb0.tar.xz pki-87fd6b473eb3490ffc17f7a385ba5acb7ceb9fb0.zip | |
Add pkispawn config option for ldap profiles
Add the `pki_profiles_in_ldap' pkispawn config to control whether
profiles are stored on the filesystem (old behaviour) or LDAP (new
behaviour). The default is file-based profiles.
| -rw-r--r-- | base/ca/shared/conf/CS.cfg.in | 2 | ||||
| -rw-r--r-- | base/server/config/pkislots.cfg | 1 | ||||
| -rw-r--r-- | base/server/etc/default.cfg | 1 | ||||
| -rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 6 |
4 files changed, 9 insertions, 1 deletions
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in index 5b9f66680..8353edee1 100644 --- a/base/ca/shared/conf/CS.cfg.in +++ b/base/ca/shared/conf/CS.cfg.in @@ -1137,7 +1137,7 @@ smtp.host=localhost smtp.port=25 subsystem.0.class=com.netscape.ca.CertificateAuthority subsystem.0.id=ca -subsystem.1.class=com.netscape.cmscore.profile.ProfileSubsystem +subsystem.1.class=com.netscape.cmscore.profile.[PKI_PROFILE_SUBSYSTEM] subsystem.1.id=profile subsystem.1.enabled=false subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg index fffaab853..8ee93964e 100644 --- a/base/server/config/pkislots.cfg +++ b/base/server/config/pkislots.cfg @@ -41,6 +41,7 @@ PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT=[PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT] PKI_OPEN_STANDALONE_COMMENT_SLOT=[PKI_OPEN_STANDALONE_COMMENT] PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT=[PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT] PKI_PIDDIR_SLOT=[PKI_PIDDIR] +PKI_PROFILE_SUBSYSTEM_SLOT=[PKI_PROFILE_SUBSYSTEM] PKI_PROXY_SECURE_PORT_SLOT=[PKI_PROXY_SECURE_PORT] PKI_PROXY_UNSECURE_PORT_SLOT=[PKI_PROXY_UNSECURE_PORT] PKI_RANDOM_NUMBER_SLOT=[PKI_RANDOM_NUMBER] diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 5b22b33d7..8771c09b0 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -361,6 +361,7 @@ pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_name)s CA pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s pki_ocsp_signing_token=Internal Key Storage Token +pki_profiles_in_ldap=False pki_random_serial_numbers_enable=False pki_subordinate=False pki_subordinate_create_new_security_domain=False diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 6fb9e987d..e37b0e4a5 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -1227,6 +1227,12 @@ class PKIConfigParser: "restart" + " " + \ "pki-tomcatd" + "@" + \ self.mdict['pki_instance_name'] + "." + "service" + + if config.str2bool(self.mdict['pki_profiles_in_ldap']): + self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'LDAPProfileSubsystem' + else: + self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'ProfileSubsystem' + except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) |