summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/ca/shared/conf/manager.ldif2
-rw-r--r--base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java14
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java33
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java1
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java9
-rw-r--r--base/deploy/config/pkideployment.cfg1
-rw-r--r--base/deploy/src/scriptlets/pkijython.py1
-rw-r--r--base/kra/shared/conf/manager.ldif2
-rw-r--r--base/ocsp/shared/conf/manager.ldif2
-rw-r--r--base/tks/shared/conf/manager.ldif2
10 files changed, 59 insertions, 8 deletions
diff --git a/base/ca/shared/conf/manager.ldif b/base/ca/shared/conf/manager.ldif
index 52e486987..61aa70b8d 100644
--- a/base/ca/shared/conf/manager.ldif
+++ b/base/ca/shared/conf/manager.ldif
@@ -8,7 +8,7 @@ ou: csusers
dn: {rootSuffix}
changetype: modify
add: aci
-aci: (targetattr=*)(version 3.0; acl "cert manager access"; allow (all) userdn = "ldap:///{dbuser}";)
+aci: (targetattr=*)(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///{dbuser}";)
dn: cn=ldbm database,cn=plugins,cn=config
changetype: modify
diff --git a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java
index 6482b5f42..6d71b5de1 100644
--- a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java
+++ b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java
@@ -56,6 +56,7 @@ public class ConfigurationRequest {
private static final String REMOVEDATA = "removeData";
private static final String MASTER_REPLICATION_PORT = "masterReplicationPort";
private static final String CLONE_REPLICATION_PORT = "cloneReplicationPort";
+ private static final String REPLICATE_SCHEMA = "replicateSchema";
private static final String REPLICATION_SECURITY = "replicationSecurity";
private static final String ISSUING_CA = "issuingCa";
private static final String BACKUP_KEYS = "backupKeys";
@@ -149,6 +150,9 @@ public class ConfigurationRequest {
protected String cloneReplicationPort;
@XmlElement
+ protected String replicateSchema;
+
+ @XmlElement
protected String replicationSecurity;
@XmlElementRef
@@ -221,6 +225,7 @@ public class ConfigurationRequest {
removeData = form.getFirst(REMOVEDATA);
masterReplicationPort = form.getFirst(MASTER_REPLICATION_PORT);
cloneReplicationPort = form.getFirst(CLONE_REPLICATION_PORT);
+ replicateSchema = form.getFirst(REPLICATE_SCHEMA);
replicationSecurity = form.getFirst(REPLICATION_SECURITY);
//TODO - figure out how to get the cert requests
issuingCA = form.getFirst(ISSUING_CA);
@@ -721,6 +726,14 @@ public class ConfigurationRequest {
this.stepTwo = stepTwo;
}
+ public String getReplicateSchema() {
+ return replicateSchema;
+ }
+
+ public void setReplicateSchema(String replicateSchema) {
+ this.replicateSchema = replicateSchema;
+ }
+
@Override
public String toString() {
return "ConfigurationRequest [pin=XXXX" +
@@ -744,6 +757,7 @@ public class ConfigurationRequest {
", database=" + database +
", secureConn=" + secureConn +
", removeData=" + removeData +
+ ", replicateSchema=" + replicateSchema +
", masterReplicationPort=" + masterReplicationPort +
", cloneReplicationPort=" + cloneReplicationPort +
", replicationSecurity=" + replicationSecurity +
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index c5804f2d4..2a2c3b3ab 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -1254,11 +1254,18 @@ public class ConfigurationUtils {
try {
String select = cs.getString("preop.subsystem.select", "");
if (select.equals("clone")) {
- // if this is clone, add index before replication
- // don't put in the schema or bad things will happen
+ // in most cases, we want to replicate the schema and therefore
+ // NOT add it here. We provide this option though in case the
+ // clone already has schema and we want to replicate back to the
+ // master.
+ boolean replicateSchema = cs.getBoolean("preop.internaldb.replicateSchema", true);
+ if (! replicateSchema) {
+ importLDIFS("preop.internaldb.schema.ldif", conn);
+ }
importLDIFS("preop.internaldb.ldif", conn);
+
+ // add the index before replication, add VLV indexes afterwards
importLDIFS("preop.internaldb.index_ldif", conn);
- importLDIFS("preop.internaldb.manager_ldif", conn);
} else {
// data will be replicated from the master to the clone
// so clone does not need the data
@@ -1266,7 +1273,6 @@ public class ConfigurationUtils {
importLDIFS("preop.internaldb.ldif", conn);
importLDIFS("preop.internaldb.data_ldif", conn);
importLDIFS("preop.internaldb.index_ldif", conn);
- importLDIFS("preop.internaldb.manager_ldif", conn);
}
} catch (Exception e) {
e.printStackTrace();
@@ -1506,6 +1512,25 @@ public class ConfigurationUtils {
return dir.delete();
}
+ public static void populateDBManager() throws Exception {
+ CMS.debug("populateDBManager(): start");
+ IConfigStore cs = CMS.getConfigStore();
+
+ IConfigStore dbCfg = cs.getSubStore("internaldb");
+ ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory();
+ dbFactory.init(dbCfg);
+ LDAPConnection conn = dbFactory.getConn();
+
+ try {
+ importLDIFS("preop.internaldb.manager_ldif", conn);
+ } catch (Exception e) {
+ CMS.debug("populateDBManager(): Exception thrown: " + e);
+ throw e;
+ } finally {
+ releaseConnection(conn);
+ }
+ }
+
public static void populateVLVIndexes() throws Exception {
CMS.debug("populateVLVIndexes(): start");
IConfigStore cs = CMS.getConfigStore();
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index 67f10bd8e..5beb81244 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -489,6 +489,7 @@ public class DatabasePanel extends WizardPanelBase {
}
ConfigurationUtils.reInitSubsystem(csType);
+ ConfigurationUtils.populateDBManager();
ConfigurationUtils.populateVLVIndexes();
cs.putBoolean("preop.Database.done", true);
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
index 800f12365..27ee8a506 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
@@ -360,6 +360,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
replicationSecurity = "None";
}
cs.putString("internaldb.ldapconn.replicationSecurity", replicationSecurity);
+
+ cs.putString("preop.internaldb.replicateSchema", data.getReplicateSchema());
}
try {
@@ -386,6 +388,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
}
ConfigurationUtils.reInitSubsystem(csType);
+ ConfigurationUtils.populateDBManager();
ConfigurationUtils.populateVLVIndexes();
} catch (Exception e) {
@@ -860,6 +863,12 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
}
}
+ if ((data.getReplicateSchema() != null) && (data.getReplicateSchema().equalsIgnoreCase("false"))) {
+ data.setReplicateSchema("false");
+ } else {
+ data.setReplicateSchema("true");
+ }
+
if ((data.getBackupKeys() != null) && data.getBackupKeys().equals("true")) {
if ((data.getBackupFile() == null) || (data.getBackupFile().length()<=0)) {
//TODO: also check for valid path, perhaps by touching file there
diff --git a/base/deploy/config/pkideployment.cfg b/base/deploy/config/pkideployment.cfg
index a7e61ccb8..2a62c5e7d 100644
--- a/base/deploy/config/pkideployment.cfg
+++ b/base/deploy/config/pkideployment.cfg
@@ -107,6 +107,7 @@ pki_https_port=443
pki_ajp_port=8009
pki_clone=False
pki_clone_pkcs12_path=
+pki_clone_replicate_schema=True
pki_clone_replication_master_port=
pki_clone_replication_clone_port=
pki_clone_replication_security=None
diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py
index 28a705046..e984e0377 100644
--- a/base/deploy/src/scriptlets/pkijython.py
+++ b/base/deploy/src/scriptlets/pkijython.py
@@ -290,6 +290,7 @@ class rest_client:
data.setCloneUri(self.master['pki_clone_uri'])
data.setP12File(self.master['pki_clone_pkcs12_path'])
data.setP12Password(self.sensitive['pki_clone_pkcs12_password'])
+ data.setReplicateSchema(self.master['pki_clone_replicate_schema'])
data.setReplicationSecurity(
self.master['pki_clone_replication_security'])
if self.master['pki_clone_replication_master_port']:
diff --git a/base/kra/shared/conf/manager.ldif b/base/kra/shared/conf/manager.ldif
index 52e486987..61aa70b8d 100644
--- a/base/kra/shared/conf/manager.ldif
+++ b/base/kra/shared/conf/manager.ldif
@@ -8,7 +8,7 @@ ou: csusers
dn: {rootSuffix}
changetype: modify
add: aci
-aci: (targetattr=*)(version 3.0; acl "cert manager access"; allow (all) userdn = "ldap:///{dbuser}";)
+aci: (targetattr=*)(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///{dbuser}";)
dn: cn=ldbm database,cn=plugins,cn=config
changetype: modify
diff --git a/base/ocsp/shared/conf/manager.ldif b/base/ocsp/shared/conf/manager.ldif
index 52e486987..61aa70b8d 100644
--- a/base/ocsp/shared/conf/manager.ldif
+++ b/base/ocsp/shared/conf/manager.ldif
@@ -8,7 +8,7 @@ ou: csusers
dn: {rootSuffix}
changetype: modify
add: aci
-aci: (targetattr=*)(version 3.0; acl "cert manager access"; allow (all) userdn = "ldap:///{dbuser}";)
+aci: (targetattr=*)(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///{dbuser}";)
dn: cn=ldbm database,cn=plugins,cn=config
changetype: modify
diff --git a/base/tks/shared/conf/manager.ldif b/base/tks/shared/conf/manager.ldif
index 52e486987..61aa70b8d 100644
--- a/base/tks/shared/conf/manager.ldif
+++ b/base/tks/shared/conf/manager.ldif
@@ -8,7 +8,7 @@ ou: csusers
dn: {rootSuffix}
changetype: modify
add: aci
-aci: (targetattr=*)(version 3.0; acl "cert manager access"; allow (all) userdn = "ldap:///{dbuser}";)
+aci: (targetattr=*)(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///{dbuser}";)
dn: cn=ldbm database,cn=plugins,cn=config
changetype: modify