diff options
10 files changed, 59 insertions, 8 deletions
diff --git a/base/ca/shared/conf/manager.ldif b/base/ca/shared/conf/manager.ldif index 52e486987..61aa70b8d 100644 --- a/base/ca/shared/conf/manager.ldif +++ b/base/ca/shared/conf/manager.ldif @@ -8,7 +8,7 @@ ou: csusers dn: {rootSuffix} changetype: modify add: aci -aci: (targetattr=*)(version 3.0; acl "cert manager access"; allow (all) userdn = "ldap:///{dbuser}";) +aci: (targetattr=*)(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///{dbuser}";) dn: cn=ldbm database,cn=plugins,cn=config changetype: modify diff --git a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java index 6482b5f42..6d71b5de1 100644 --- a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java +++ b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java @@ -56,6 +56,7 @@ public class ConfigurationRequest { private static final String REMOVEDATA = "removeData"; private static final String MASTER_REPLICATION_PORT = "masterReplicationPort"; private static final String CLONE_REPLICATION_PORT = "cloneReplicationPort"; + private static final String REPLICATE_SCHEMA = "replicateSchema"; private static final String REPLICATION_SECURITY = "replicationSecurity"; private static final String ISSUING_CA = "issuingCa"; private static final String BACKUP_KEYS = "backupKeys"; @@ -149,6 +150,9 @@ public class ConfigurationRequest { protected String cloneReplicationPort; @XmlElement + protected String replicateSchema; + + @XmlElement protected String replicationSecurity; @XmlElementRef @@ -221,6 +225,7 @@ public class ConfigurationRequest { removeData = form.getFirst(REMOVEDATA); masterReplicationPort = form.getFirst(MASTER_REPLICATION_PORT); cloneReplicationPort = form.getFirst(CLONE_REPLICATION_PORT); + replicateSchema = form.getFirst(REPLICATE_SCHEMA); replicationSecurity = form.getFirst(REPLICATION_SECURITY); //TODO - figure out how to get the cert requests issuingCA = form.getFirst(ISSUING_CA); @@ -721,6 +726,14 @@ public class ConfigurationRequest { this.stepTwo = stepTwo; } + public String getReplicateSchema() { + return replicateSchema; + } + + public void setReplicateSchema(String replicateSchema) { + this.replicateSchema = replicateSchema; + } + @Override public String toString() { return "ConfigurationRequest [pin=XXXX" + @@ -744,6 +757,7 @@ public class ConfigurationRequest { ", database=" + database + ", secureConn=" + secureConn + ", removeData=" + removeData + + ", replicateSchema=" + replicateSchema + ", masterReplicationPort=" + masterReplicationPort + ", cloneReplicationPort=" + cloneReplicationPort + ", replicationSecurity=" + replicationSecurity + diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index c5804f2d4..2a2c3b3ab 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -1254,11 +1254,18 @@ public class ConfigurationUtils { try { String select = cs.getString("preop.subsystem.select", ""); if (select.equals("clone")) { - // if this is clone, add index before replication - // don't put in the schema or bad things will happen + // in most cases, we want to replicate the schema and therefore + // NOT add it here. We provide this option though in case the + // clone already has schema and we want to replicate back to the + // master. + boolean replicateSchema = cs.getBoolean("preop.internaldb.replicateSchema", true); + if (! replicateSchema) { + importLDIFS("preop.internaldb.schema.ldif", conn); + } importLDIFS("preop.internaldb.ldif", conn); + + // add the index before replication, add VLV indexes afterwards importLDIFS("preop.internaldb.index_ldif", conn); - importLDIFS("preop.internaldb.manager_ldif", conn); } else { // data will be replicated from the master to the clone // so clone does not need the data @@ -1266,7 +1273,6 @@ public class ConfigurationUtils { importLDIFS("preop.internaldb.ldif", conn); importLDIFS("preop.internaldb.data_ldif", conn); importLDIFS("preop.internaldb.index_ldif", conn); - importLDIFS("preop.internaldb.manager_ldif", conn); } } catch (Exception e) { e.printStackTrace(); @@ -1506,6 +1512,25 @@ public class ConfigurationUtils { return dir.delete(); } + public static void populateDBManager() throws Exception { + CMS.debug("populateDBManager(): start"); + IConfigStore cs = CMS.getConfigStore(); + + IConfigStore dbCfg = cs.getSubStore("internaldb"); + ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory(); + dbFactory.init(dbCfg); + LDAPConnection conn = dbFactory.getConn(); + + try { + importLDIFS("preop.internaldb.manager_ldif", conn); + } catch (Exception e) { + CMS.debug("populateDBManager(): Exception thrown: " + e); + throw e; + } finally { + releaseConnection(conn); + } + } + public static void populateVLVIndexes() throws Exception { CMS.debug("populateVLVIndexes(): start"); IConfigStore cs = CMS.getConfigStore(); diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index 67f10bd8e..5beb81244 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -489,6 +489,7 @@ public class DatabasePanel extends WizardPanelBase { } ConfigurationUtils.reInitSubsystem(csType); + ConfigurationUtils.populateDBManager(); ConfigurationUtils.populateVLVIndexes(); cs.putBoolean("preop.Database.done", true); diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java index 800f12365..27ee8a506 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java @@ -360,6 +360,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou replicationSecurity = "None"; } cs.putString("internaldb.ldapconn.replicationSecurity", replicationSecurity); + + cs.putString("preop.internaldb.replicateSchema", data.getReplicateSchema()); } try { @@ -386,6 +388,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } ConfigurationUtils.reInitSubsystem(csType); + ConfigurationUtils.populateDBManager(); ConfigurationUtils.populateVLVIndexes(); } catch (Exception e) { @@ -860,6 +863,12 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } } + if ((data.getReplicateSchema() != null) && (data.getReplicateSchema().equalsIgnoreCase("false"))) { + data.setReplicateSchema("false"); + } else { + data.setReplicateSchema("true"); + } + if ((data.getBackupKeys() != null) && data.getBackupKeys().equals("true")) { if ((data.getBackupFile() == null) || (data.getBackupFile().length()<=0)) { //TODO: also check for valid path, perhaps by touching file there diff --git a/base/deploy/config/pkideployment.cfg b/base/deploy/config/pkideployment.cfg index a7e61ccb8..2a62c5e7d 100644 --- a/base/deploy/config/pkideployment.cfg +++ b/base/deploy/config/pkideployment.cfg @@ -107,6 +107,7 @@ pki_https_port=443 pki_ajp_port=8009 pki_clone=False pki_clone_pkcs12_path= +pki_clone_replicate_schema=True pki_clone_replication_master_port= pki_clone_replication_clone_port= pki_clone_replication_security=None diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py index 28a705046..e984e0377 100644 --- a/base/deploy/src/scriptlets/pkijython.py +++ b/base/deploy/src/scriptlets/pkijython.py @@ -290,6 +290,7 @@ class rest_client: data.setCloneUri(self.master['pki_clone_uri']) data.setP12File(self.master['pki_clone_pkcs12_path']) data.setP12Password(self.sensitive['pki_clone_pkcs12_password']) + data.setReplicateSchema(self.master['pki_clone_replicate_schema']) data.setReplicationSecurity( self.master['pki_clone_replication_security']) if self.master['pki_clone_replication_master_port']: diff --git a/base/kra/shared/conf/manager.ldif b/base/kra/shared/conf/manager.ldif index 52e486987..61aa70b8d 100644 --- a/base/kra/shared/conf/manager.ldif +++ b/base/kra/shared/conf/manager.ldif @@ -8,7 +8,7 @@ ou: csusers dn: {rootSuffix} changetype: modify add: aci -aci: (targetattr=*)(version 3.0; acl "cert manager access"; allow (all) userdn = "ldap:///{dbuser}";) +aci: (targetattr=*)(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///{dbuser}";) dn: cn=ldbm database,cn=plugins,cn=config changetype: modify diff --git a/base/ocsp/shared/conf/manager.ldif b/base/ocsp/shared/conf/manager.ldif index 52e486987..61aa70b8d 100644 --- a/base/ocsp/shared/conf/manager.ldif +++ b/base/ocsp/shared/conf/manager.ldif @@ -8,7 +8,7 @@ ou: csusers dn: {rootSuffix} changetype: modify add: aci -aci: (targetattr=*)(version 3.0; acl "cert manager access"; allow (all) userdn = "ldap:///{dbuser}";) +aci: (targetattr=*)(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///{dbuser}";) dn: cn=ldbm database,cn=plugins,cn=config changetype: modify diff --git a/base/tks/shared/conf/manager.ldif b/base/tks/shared/conf/manager.ldif index 52e486987..61aa70b8d 100644 --- a/base/tks/shared/conf/manager.ldif +++ b/base/tks/shared/conf/manager.ldif @@ -8,7 +8,7 @@ ou: csusers dn: {rootSuffix} changetype: modify add: aci -aci: (targetattr=*)(version 3.0; acl "cert manager access"; allow (all) userdn = "ldap:///{dbuser}";) +aci: (targetattr=*)(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///{dbuser}";) dn: cn=ldbm database,cn=plugins,cn=config changetype: modify |