Fix Bugzilla Bug 649910 - Console: an auditor or agent can be added to an administrator group. Minor config addition.

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1528 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

5 files changed, 23 insertions, 3 deletions

diff --git a/pki/base/ca/shared/conf/CS.cfg b/pki/base/ca/shared/conf/CS.cfg
index c82818cbc..463859a98 100644
--- a/pki/base/ca/shared/conf/CS.cfg
+++ b/pki/base/ca/shared/conf/CS.cfg
@@ -135,8 +135,6 @@ preop.subsystem.count=0
 subsystem.count=0
 passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
 passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
-multiroles=true
-multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
 CrossCertPair._000=##
 CrossCertPair._001=## CrossCertPair Import
 CrossCertPair._002=##
@@ -1056,3 +1054,8 @@ usrgrp._000=##
 usrgrp._001=## User/Group
 usrgrp._002=##
 usrgrp.ldap=internaldb
+multiroles._000=##
+multiroles._001=## multiroles
+multiroles._002=##
+multiroles.enable=true
+multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
index 79b67fcc1..5ac9e0dd1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
@@ -77,8 +77,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
     private IAuthzSubsystem mAuthz = null;
 
     private static String [] mMultiRoleGroupEnforceList = null;
+    private final static String MULTI_ROLE_ENABLE= "multiroles.enable";
     private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
 
+
     /**
      * Constructs User/Group manager servlet.
      */
@@ -1969,7 +1971,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 boolean multiRole = true;
 
                 try {
-                    multiRole = mConfig.getBoolean(Constants.PR_MULTIROLES);
+                    multiRole = mConfig.getBoolean(MULTI_ROLE_ENABLE);
                 } catch (Exception eee) {
                 }
                 while (st.hasMoreTokens()) {
diff --git a/pki/base/kra/shared/conf/CS.cfg b/pki/base/kra/shared/conf/CS.cfg
index 39ef0638a..e3b5966a6 100644
--- a/pki/base/kra/shared/conf/CS.cfg
+++ b/pki/base/kra/shared/conf/CS.cfg
@@ -352,3 +352,8 @@ usrgrp._000=##
 usrgrp._001=## User/Group
 usrgrp._002=##
 usrgrp.ldap=internaldb
+multiroles._000=##
+multiroles._001=## multiroles
+multiroles._002=##
+multiroles.enable=true
+multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
diff --git a/pki/base/ocsp/shared/conf/CS.cfg b/pki/base/ocsp/shared/conf/CS.cfg
index e633fadd0..89bd35c3b 100644
--- a/pki/base/ocsp/shared/conf/CS.cfg
+++ b/pki/base/ocsp/shared/conf/CS.cfg
@@ -308,3 +308,8 @@ usrgrp._000=##
 usrgrp._001=## User/Group
 usrgrp._002=##
 usrgrp.ldap=internaldb
+multiroles._000=##
+multiroles._001=## multiroles
+multiroles._002=##
+multiroles.enable=true
+multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
diff --git a/pki/base/tks/shared/conf/CS.cfg b/pki/base/tks/shared/conf/CS.cfg
index 3f1f8d15e..d9e3580a1 100644
--- a/pki/base/tks/shared/conf/CS.cfg
+++ b/pki/base/tks/shared/conf/CS.cfg
@@ -327,3 +327,8 @@ tks.jForte._004=##
 tks.jForte.auth_key=#30#31#32#33#34#35#36#37#38#39#3a#3b#3c#3d#3e#3f
 tks.jForte.mac_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
 tks.jForte.kek_key=#50#51#52#53#54#55#56#57#58#59#5a#5b#5c#5d#5e#5f
+multiroles._000=##
+multiroles._001=## multiroles
+multiroles._002=##
+multiroles.enable=true
+multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group