summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java25
1 files changed, 25 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index ec3c8657d..5615c6dfb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -518,10 +518,13 @@ public class DatabasePanel extends WizardPanelBase {
String baseDN = "";
String database = "";
String dn = "";
+ String dbuser = "";
try {
baseDN = cs.getString("internaldb.basedn");
database = cs.getString("internaldb.database", "");
+ dbuser = "uid=" + cs.getString("cs.type") + "-" + cs.getString("machineName") + "-"
+ + cs.getString("service.securePort") + ",ou=people," + baseDN;
} catch (Exception e) {
CMS.debug("DatabasePanel populateDB: " + e.toString());
throw new IOException(
@@ -652,6 +655,11 @@ public class DatabasePanel extends WizardPanelBase {
}
attrs.add(new LDAPAttribute("objectClass", oc3));
attrs.add(new LDAPAttribute(n, v));
+
+ String dbuserACI = "(targetattr=\"*\")(version 3.0; acl \"Cert Manager access\"; allow (all) userdn=\"ldap:///"
+ + dbuser + "\";)";
+ CMS.debug("ACI string is ["+ dbuserACI + "]");
+ attrs.add(new LDAPAttribute("aci", dbuserACI));
LDAPEntry entry = new LDAPEntry(baseDN, attrs);
conn.add(entry);
} catch (Exception e) {
@@ -719,6 +727,23 @@ public class DatabasePanel extends WizardPanelBase {
throw new IOException("Failed to find base DN");
}
+ // add dbuser aci to cn=config
+ String dbuserACI = "(targetattr=\"*\")(version 3.0; acl \"Cert Manager access\"; allow (read) userdn=\"ldap:///"
+ + dbuser + "\";)";
+ CMS.debug("ACI string is [" + dbuserACI + "]");
+ String configDN = "cn=ldbm database,cn=plugins,cn=config";
+ try {
+
+ LDAPAttribute attr = new LDAPAttribute("aci", dbuserACI);
+ LDAPModification mod = new LDAPModification(LDAPModification.ADD, attr);
+ conn.modify(configDN, mod);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
+ e.printStackTrace();
+ throw new IOException("Failed to add aci to " + configDN);
+ }
+ }
+
String select = "";
try {
select = cs.getString("preop.subsystem.select", "");
generated by cgit (git 2.34.1) at 2024-05-07 10:20:35 +0000