diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-07-07 20:09:30 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-07-07 20:09:30 +0000 |
commit | e5f83cbfceeac25ba1cdb532bf327c2f3e389d2f (patch) | |
tree | 6cb84d684417596b84f6a650a2acee01e819d958 | |
parent | c0e3cfede34e8b0dc0a31a5bebfdc4b67683b9be (diff) | |
download | pki-e5f83cbfceeac25ba1cdb532bf327c2f3e389d2f.tar.gz pki-e5f83cbfceeac25ba1cdb532bf327c2f3e389d2f.tar.xz pki-e5f83cbfceeac25ba1cdb532bf327c2f3e389d2f.zip |
Bugzilla BZ595391: session domain table to be moved to ldap (corrected BZ596391 to BZ595391 on 08/10/2010 by mharmsen)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1125 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
9 files changed, 397 insertions, 6 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg b/pki/base/ca/shared/conf/CS.cfg index e970ae11d..8a4b37594 100644 --- a/pki/base/ca/shared/conf/CS.cfg +++ b/pki/base/ca/shared/conf/CS.cfg @@ -29,6 +29,8 @@ ee.interface.uri=ca/ee/ca agent.interface.uri=ca/agent/ca preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445 securitydomain.flushinterval=86400000 +securitydomain.source=ldap +securitydomain.checkinterval=300000 instanceRoot=[PKI_INSTANCE_PATH] machineName=[PKI_MACHINE_NAME] instanceId=[PKI_INSTANCE_ID] diff --git a/pki/base/ca/shared/conf/schema.ldif b/pki/base/ca/shared/conf/schema.ldif index adb30a639..3ec6b84a6 100644 --- a/pki/base/ca/shared/conf/schema.ldif +++ b/pki/base/ca/shared/conf/schema.ldif @@ -405,6 +405,11 @@ attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.146 dn: cn=schema changetype: modify +add: attributeTypes +attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify add: objectClasses objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) @@ -468,3 +473,7 @@ changetype: modify add: objectClasses objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 1509d5b74..ae9acf9fe 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -546,6 +546,7 @@ public class DonePanel extends WizardPanelBase { cs.putString("securitydomain.httpsadminport", ownadminsport); cs.putString("securitydomain.httpsagentport", ownagentsport); cs.putString("securitydomain.httpseeport", ownsport); + cs.putString("securitydomain.select", "new"); } catch (Exception e) { CMS.debug("Caught exception trying to save security domain parameters for clone of a domain master"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java index bd4d6b7ab..f2b4589e3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java @@ -107,7 +107,7 @@ public class GetDomainXML extends CMSServlet { try { // get data from ldap String[] entries = {}; - String filter = "objectclass=*"; + String filter = "objectclass=pkiSecurityGroup"; LDAPSearchConstraints cons = null; String[] attrs = null; String dn = "ou=Security Domain," + basedn; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java new file mode 100644 index 000000000..55d39886e --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -0,0 +1,325 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2010 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; + +import java.util.*; +import java.io.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.apps.*; +import netscape.ldap.*; +import com.netscape.cmsutil.password.*; + +/** + * This object stores the values for IP, uid and group based on the cookie id in LDAP. + * Entries are stored under ou=Security Domain, ou=sessions, $basedn + */ +public class LDAPSecurityDomainSessionTable + implements ISecurityDomainSessionTable { + + private long m_timeToLive; + + public LDAPSecurityDomainSessionTable(long timeToLive) { + m_timeToLive = timeToLive; + } + + public void addEntry(String sessionId, String ip, + String uid, String group) { + IConfigStore cs = CMS.getConfigStore(); + LDAPConnection conn = null; + boolean sessions_exists = true; + + String basedn = null; + String sessionsdn = null; + try { + basedn = cs.getString("internaldb.basedn"); + sessionsdn = "ou=sessions,ou=Security Domain," + basedn; + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e); + return; + } + + try { + // create session entry (if it does not exist) + conn = getLDAPConn(); + + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "organizationalUnit")); + attrs.add(new LDAPAttribute("ou", "sessions")); + entry = new LDAPEntry(sessionsdn, attrs); + conn.add(entry); + } catch (Exception e) { + if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { + // continue + } else { + CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); + sessions_exists = false; + } + } + + // add new entry + try { + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + String entrydn = "cn=" + sessionId + "," + sessionsdn; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "securityDomainSessionEntry")); + attrs.add(new LDAPAttribute("cn", sessionId)); + attrs.add(new LDAPAttribute("host", ip)); + attrs.add(new LDAPAttribute("uid", uid)); + attrs.add(new LDAPAttribute("cmsUserGroup", group)); + attrs.add(new LDAPAttribute("dateOfCreate", Long.toString((new Date()).getTime()))); + + entry = new LDAPEntry(entrydn, attrs); + if (sessions_exists) { + conn.add(entry); + } + CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); + } + + try { + conn.disconnect(); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e); + } + } + + public void removeEntry(String sessionId) { + IConfigStore cs = CMS.getConfigStore(); + LDAPConnection conn = null; + try { + String basedn = cs.getString("internaldb.basedn"); + String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn; + conn = getLDAPConn(); + conn.delete(dn); + } catch (Exception e) { + if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { + // continue + } else { + CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e); + } + } + try { + conn.disconnect(); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e); + } + } + + public boolean isSessionIdExist(String sessionId) { + IConfigStore cs = CMS.getConfigStore(); + LDAPConnection conn = null; + boolean ret = false; + try { + String basedn = cs.getString("internaldb.basedn"); + String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; + String filter = "(cn=" + sessionId + ")"; + String[] attrs = { "cn" }; + + conn = getLDAPConn(); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + if (res.getCount() > 0) ret = true; + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); + } + + try { + conn.disconnect(); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); + } + return ret; + } + + + public Enumeration getSessionIds() { + IConfigStore cs = CMS.getConfigStore(); + LDAPConnection conn = null; + Vector ret = new Vector(); + + try { + String basedn = cs.getString("internaldb.basedn"); + String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; + String filter = "(objectclass=securityDomainSessionEntry)"; + String[] attrs = { "cn" }; + + conn = getLDAPConn(); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + while (res.hasMoreElements()) { + LDAPEntry entry = res.next(); + ret.add(entry.getAttribute("cn").getStringValueArray()[0]); + } + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); + } + + try { + conn.disconnect(); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); + } + + return ret.elements(); + } + + private String getStringValue(String sessionId, String attr) { + IConfigStore cs = CMS.getConfigStore(); + LDAPConnection conn = null; + String ret = null; + try { + String basedn = cs.getString("internaldb.basedn"); + String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; + String filter = "(cn=" + sessionId + ")"; + String[] attrs = { attr }; + conn = getLDAPConn(); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + if (res.getCount() > 0) { + LDAPEntry entry = res.next(); + ret = entry.getAttribute(attr).getStringValueArray()[0]; + } + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); + } + + try { + conn.disconnect(); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); + } + return ret; + } + + public String getIP(String sessionId) { + return getStringValue(sessionId, "host"); + } + + public String getUID(String sessionId) { + return getStringValue(sessionId, "uid"); + } + + public String getGroup(String sessionId) { + return getStringValue(sessionId, "cmsUserGroup"); + } + + public long getBeginTime(String sessionId) { + String beginStr = getStringValue(sessionId, "dateOfCreate"); + if (beginStr != null) { + return Long.parseLong(beginStr); + } + return -1; + } + + public long getTimeToLive() { + return m_timeToLive; + } + + public int getSize() { + IConfigStore cs = CMS.getConfigStore(); + LDAPConnection conn = null; + int ret =0; + + try { + String basedn = cs.getString("internaldb.basedn"); + String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; + String filter = "(objectclass=securityDomainSessionEntry)"; + String[] attrs = { "cn" }; + + conn = getLDAPConn(); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + ret = res.getCount(); + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); + } + + try { + conn.disconnect(); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); + } + + return ret; + } + + private LDAPConnection getLDAPConn() + throws IOException + { + IConfigStore cs = CMS.getConfigStore(); + + String host = ""; + String port = ""; + String pwd = null; + String binddn = ""; + String security = ""; + + IPasswordStore pwdStore = CMS.getPasswordStore(); + + if (pwdStore != null) { + //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); + pwd = pwdStore.getPassword("internaldb"); + } + + if ( pwd == null) { + throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); + } + + try { + host = cs.getString("internaldb.ldapconn.host"); + port = cs.getString("internaldb.ldapconn.port"); + binddn = cs.getString("internaldb.ldapauth.bindDN"); + security = cs.getString("internaldb.ldapconn.secureConn"); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: getLDAPConn" + e.toString()); + throw new IOException( + "Failed to retrieve LDAP information from CS.cfg."); + } + + int p = -1; + + try { + p = Integer.parseInt(port); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable getLDAPConn: " + e.toString()); + throw new IOException("Port is not valid"); + } + + LDAPConnection conn = null; + if (security.equals("true")) { + //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } + + //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p); + try { + conn.connect(host, p, binddn, pwd); + } catch (LDAPException e) { + CMS.debug("SecurityDomainSessionTable getLDAPConn: " + e.toString()); + throw new IOException("Failed to connect to the internal database."); + } + + return conn; + } + +} diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java index 4e74f1744..8848eabb1 100644 --- a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java @@ -257,10 +257,22 @@ public class CMSEngine implements ICMSEngine { String sd = mConfig.getString("securitydomain.select", ""); // my default is 1 day String flush_timeout = config.getString("securitydomain.flushinterval", "86400000"); - mSecurityDomainSessionTable = new SecurityDomainSessionTable((new Long(flush_timeout)).longValue()); + String secdomain_source = config.getString("securitydomain.source", "memory"); + String secdomain_check_interval = config.getString("securitydomain.checkinterval", "5000"); + + if (secdomain_source.equals("ldap")) { + mSecurityDomainSessionTable = new LDAPSecurityDomainSessionTable((new Long(flush_timeout)).longValue()); + } else { + mSecurityDomainSessionTable = new SecurityDomainSessionTable((new Long(flush_timeout)).longValue()); + } + mSDTimer = new Timer(); SessionTimer timertask = new SessionTimer(mSecurityDomainSessionTable); - mSDTimer.schedule(timertask, 5, 5000); + if ((state == 1) && (sd.equals("existing"))) { + // for non-security domain hosts, do not check session domain table + } else { + mSDTimer.schedule(timertask, 5, (new Long(secdomain_check_interval)).longValue()); + } // initialize the PasswordReader and PasswordWriter String pwdPath = config.getString("passwordFile"); diff --git a/pki/base/kra/shared/conf/schema.ldif b/pki/base/kra/shared/conf/schema.ldif index 4b9c1f65a..3ec6b84a6 100644 --- a/pki/base/kra/shared/conf/schema.ldif +++ b/pki/base/kra/shared/conf/schema.ldif @@ -391,6 +391,11 @@ attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1 dn: cn=schema changetype: modify add: attributeTypes +attributeTypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) dn: cn=schema @@ -400,6 +405,11 @@ attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.146 dn: cn=schema changetype: modify +add: attributeTypes +attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify add: objectClasses objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) @@ -456,10 +466,14 @@ objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ UnSecurePort ) X-ORIGIN 'user defined' ) +objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) dn: cn=schema changetype: modify add: objectClasses objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) diff --git a/pki/base/ocsp/shared/conf/schema.ldif b/pki/base/ocsp/shared/conf/schema.ldif index ded663f4b..3ec6b84a6 100644 --- a/pki/base/ocsp/shared/conf/schema.ldif +++ b/pki/base/ocsp/shared/conf/schema.ldif @@ -391,6 +391,11 @@ attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1 dn: cn=schema changetype: modify add: attributeTypes +attributeTypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) dn: cn=schema @@ -400,6 +405,11 @@ attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.146 dn: cn=schema changetype: modify +add: attributeTypes +attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify add: objectClasses objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) @@ -456,10 +466,14 @@ objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ UnSecurePort ) X-ORIGIN 'user defined' ) +objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) dn: cn=schema changetype: modify add: objectClasses objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) diff --git a/pki/base/tks/shared/conf/schema.ldif b/pki/base/tks/shared/conf/schema.ldif index ded663f4b..3ec6b84a6 100644 --- a/pki/base/tks/shared/conf/schema.ldif +++ b/pki/base/tks/shared/conf/schema.ldif @@ -391,6 +391,11 @@ attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1 dn: cn=schema changetype: modify add: attributeTypes +attributeTypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) dn: cn=schema @@ -400,6 +405,11 @@ attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.146 dn: cn=schema changetype: modify +add: attributeTypes +attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify add: objectClasses objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) @@ -456,10 +466,14 @@ objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ UnSecurePort ) X-ORIGIN 'user defined' ) +objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) dn: cn=schema changetype: modify add: objectClasses objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) |