diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index ec3c8657d..5615c6dfb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -518,10 +518,13 @@ public class DatabasePanel extends WizardPanelBase { String baseDN = ""; String database = ""; String dn = ""; + String dbuser = ""; try { baseDN = cs.getString("internaldb.basedn"); database = cs.getString("internaldb.database", ""); + dbuser = "uid=" + cs.getString("cs.type") + "-" + cs.getString("machineName") + "-" + + cs.getString("service.securePort") + ",ou=people," + baseDN; } catch (Exception e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); throw new IOException( @@ -652,6 +655,11 @@ public class DatabasePanel extends WizardPanelBase { } attrs.add(new LDAPAttribute("objectClass", oc3)); attrs.add(new LDAPAttribute(n, v)); + + String dbuserACI = "(targetattr=\"*\")(version 3.0; acl \"Cert Manager access\"; allow (all) userdn=\"ldap:///" + + dbuser + "\";)"; + CMS.debug("ACI string is ["+ dbuserACI + "]"); + attrs.add(new LDAPAttribute("aci", dbuserACI)); LDAPEntry entry = new LDAPEntry(baseDN, attrs); conn.add(entry); } catch (Exception e) { @@ -719,6 +727,23 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("Failed to find base DN"); } + // add dbuser aci to cn=config + String dbuserACI = "(targetattr=\"*\")(version 3.0; acl \"Cert Manager access\"; allow (read) userdn=\"ldap:///" + + dbuser + "\";)"; + CMS.debug("ACI string is [" + dbuserACI + "]"); + String configDN = "cn=ldbm database,cn=plugins,cn=config"; + try { + + LDAPAttribute attr = new LDAPAttribute("aci", dbuserACI); + LDAPModification mod = new LDAPModification(LDAPModification.ADD, attr); + conn.modify(configDN, mod); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { + e.printStackTrace(); + throw new IOException("Failed to add aci to " + configDN); + } + } + String select = ""; try { select = cs.getString("preop.subsystem.select", ""); |