1 files changed, 25 insertions, 17 deletions

diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
index 951521d04..6afcc1037 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -292,6 +292,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
     private boolean mUseNonces = true;
     private int mMaxNonces = 100;
 
+    private static boolean foundHostAuthority = false;
+
     /**
      * Constructs a CA subsystem.
      */
@@ -514,9 +516,17 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             // being functional.
             initCRL();
 
-            if (isHostAuthority())
+            if (isHostAuthority() && haveLightweightCAsContainer()) {
                 loadLightweightCAs();
 
+                if (!foundHostAuthority) {
+                    CMS.debug("loadLightweightCAs: no entry for host authority");
+                    CMS.debug("loadLightweightCAs: adding entry for host authority");
+                    caMap.put(addHostAuthorityEntry(), this);
+                }
+
+                CMS.debug("CertificateAuthority: finished init of host authority");
+            }
         } catch (EBaseException e) {
             if (CMS.isPreOpMode())
                 return;
@@ -530,6 +540,19 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             + "," + getDBSubsystem().getBaseDN();
     }
 
+    private boolean haveLightweightCAsContainer() throws ELdapException {
+        LDAPConnection conn = dbFactory.getConn();
+        try {
+            LDAPSearchResults results = conn.search(
+                authorityBaseDN(), LDAPConnection.SCOPE_BASE, null, null, false);
+            return results != null;
+        } catch (LDAPException e) {
+            return false;
+        } finally {
+            dbFactory.returnConn(conn);
+        }
+    }
+
     private void initCRLPublisher() throws EBaseException {
         // instantiate CRL publisher
         if (!isHostAuthority()) {
@@ -1990,8 +2013,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
         LDAPConnection conn = dbFactory.getConn();
 
         LDAPSearchResults results = null;
-        boolean foundHostAuthority = false;
-        boolean haveLightweightCAsContainer = true;
         try {
             results = conn.search(
                 authorityBaseDN(), LDAPConnection.SCOPE_ONE,
@@ -2060,23 +2081,10 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
                 caMap.put(aid, ca);
             }
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) {
-                CMS.debug(
-                    "Missing lightweight CAs container '" + authorityBaseDN()
-                    + "'.  Disabling lightweight CAs.");
-                haveLightweightCAsContainer = false;
-            } else {
-                throw new ECAException("Failed to execute LDAP search for lightweight CAs: " + e);
-            }
+            throw new ECAException("Failed to execute LDAP search for lightweight CAs: " + e);
         } finally {
             dbFactory.returnConn(conn);
         }
-
-        if (haveLightweightCAsContainer && !foundHostAuthority) {
-            CMS.debug("loadLightweightCAs: no entry for host authority");
-            CMS.debug("loadLightweightCAs: adding entry for host authority");
-            caMap.put(addHostAuthorityEntry(), this);
-        }
     }
 
     public String getOfficialName() {