summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java172
1 files changed, 87 insertions, 85 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index 5615c6dfb..d3b0e380e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -23,6 +23,7 @@ import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.PrintStream;
+import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Random;
import java.util.StringTokenizer;
@@ -52,6 +53,7 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.dbs.IDBSubsystem;
+import com.netscape.certsrv.ldap.ILdapConnFactory;
import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.property.PropertySet;
@@ -318,8 +320,8 @@ public class DatabasePanel extends WizardPanelBase {
String masterport = "";
String masterbasedn = "";
try {
- masterhost = cs.getString("preop.internaldb.master.hostname", "");
- masterport = cs.getString("preop.internaldb.master.port", "");
+ masterhost = cs.getString("preop.internaldb.master.ldapconn.host", "");
+ masterport = cs.getString("preop.internaldb.master.ldapconn.port", "");
masterbasedn = cs.getString("preop.internaldb.master.basedn", "");
} catch (Exception e) {
}
@@ -518,13 +520,10 @@ public class DatabasePanel extends WizardPanelBase {
String baseDN = "";
String database = "";
String dn = "";
- String dbuser = "";
try {
baseDN = cs.getString("internaldb.basedn");
database = cs.getString("internaldb.database", "");
- dbuser = "uid=" + cs.getString("cs.type") + "-" + cs.getString("machineName") + "-"
- + cs.getString("service.securePort") + ",ou=people," + baseDN;
} catch (Exception e) {
CMS.debug("DatabasePanel populateDB: " + e.toString());
throw new IOException(
@@ -656,10 +655,6 @@ public class DatabasePanel extends WizardPanelBase {
attrs.add(new LDAPAttribute("objectClass", oc3));
attrs.add(new LDAPAttribute(n, v));
- String dbuserACI = "(targetattr=\"*\")(version 3.0; acl \"Cert Manager access\"; allow (all) userdn=\"ldap:///"
- + dbuser + "\";)";
- CMS.debug("ACI string is ["+ dbuserACI + "]");
- attrs.add(new LDAPAttribute("aci", dbuserACI));
LDAPEntry entry = new LDAPEntry(baseDN, attrs);
conn.add(entry);
} catch (Exception e) {
@@ -727,23 +722,6 @@ public class DatabasePanel extends WizardPanelBase {
throw new IOException("Failed to find base DN");
}
- // add dbuser aci to cn=config
- String dbuserACI = "(targetattr=\"*\")(version 3.0; acl \"Cert Manager access\"; allow (read) userdn=\"ldap:///"
- + dbuser + "\";)";
- CMS.debug("ACI string is [" + dbuserACI + "]");
- String configDN = "cn=ldbm database,cn=plugins,cn=config";
- try {
-
- LDAPAttribute attr = new LDAPAttribute("aci", dbuserACI);
- LDAPModification mod = new LDAPModification(LDAPModification.ADD, attr);
- conn.modify(configDN, mod);
- } catch (LDAPException e) {
- if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
- e.printStackTrace();
- throw new IOException("Failed to add aci to " + configDN);
- }
- }
-
String select = "";
try {
select = cs.getString("preop.subsystem.select", "");
@@ -753,9 +731,9 @@ public class DatabasePanel extends WizardPanelBase {
if (select.equals("clone")) {
// if this is clone, add index before replication
// don't put in the schema or bad things will happen
-
importLDIFS("preop.internaldb.ldif", conn);
importLDIFS("preop.internaldb.index_ldif", conn);
+ importLDIFS("preop.internaldb.manager_ldif", conn);
} else {
// data will be replicated from the master to the clone
// so clone does not need the data
@@ -765,6 +743,7 @@ public class DatabasePanel extends WizardPanelBase {
importLDIFS("preop.internaldb.ldif", conn);
importLDIFS("preop.internaldb.data_ldif", conn);
importLDIFS("preop.internaldb.index_ldif", conn);
+ importLDIFS("preop.internaldb.manager_ldif", conn);
}
try {
@@ -821,6 +800,16 @@ public class DatabasePanel extends WizardPanelBase {
throw new IOException("instanceId is missing");
}
+ String dbuser = null;
+ try {
+ dbuser = "uid=" + cs.getString("cs.type") + "-" + cs.getString("machineName") + "-"
+ + cs.getString("service.securePort") + ",ou=people," + baseDN;
+ } catch (EBaseException e) {
+ CMS.debug("Unable to construct dbuser" + e.toString());
+ e.printStackTrace();
+ throw new IOException("unable to construct dbuser");
+ }
+
String configDir = instancePath + File.separator + "conf";
while (tokenizer.hasMoreTokens()) {
@@ -862,6 +851,8 @@ public class DatabasePanel extends WizardPanelBase {
ps.print(baseDN);
} else if (tok.equals("database")) {
ps.print(database);
+ } else if (tok.equals("dbuser")) {
+ ps.print(dbuser);
}
if ((s.length() + 1) == n1) {
endOfline = true;
@@ -883,8 +874,14 @@ public class DatabasePanel extends WizardPanelBase {
throw new IOException(
"Problem of copying ldif file: " + filename);
}
-
- LDAPUtil.importLDIF(conn, filename);
+ ArrayList<String> errors = new ArrayList<String>();
+ LDAPUtil.importLDIF(conn, filename, errors);
+ if (! errors.isEmpty()) {
+ CMS.debug("DatabasePanel: importLDIFS: LDAP Errors in importing " + filename);
+ for (String error: errors) {
+ CMS.debug(error);
+ }
+ }
}
}
@@ -899,6 +896,7 @@ public class DatabasePanel extends WizardPanelBase {
context.put("firsttime", "false");
try {
+ @SuppressWarnings("unused")
String s = cs.getString("preop.database.removeData"); // check whether it's first time
} catch (Exception e) {
context.put("firsttime", "true");
@@ -1087,7 +1085,6 @@ public class DatabasePanel extends WizardPanelBase {
private void setupReplication(HttpServletRequest request,
Context context, String secure, String cloneStartTLS) throws IOException {
- String bindpwd = HttpInput.getPassword(request, "__bindpwd");
IConfigStore cs = CMS.getConfigStore();
String cstype = "";
@@ -1112,46 +1109,49 @@ public class DatabasePanel extends WizardPanelBase {
} catch (Exception e) {
}
- String master1_hostname = "";
- int master1_port = -1;
- String master1_binddn = "";
- String master1_bindpwd = "";
- String master1_replicationpwd = "";
-
+ // get connection to master
+ LDAPConnection masterConn = null;
+ ILdapConnFactory masterFactory = null;
try {
- master1_hostname = cs.getString("preop.internaldb.master.hostname", "");
- master1_port = cs.getInteger("preop.internaldb.master.port", -1);
- master1_binddn = cs.getString("preop.internaldb.master.binddn", "");
- master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", "");
- master1_replicationpwd = cs.getString("preop.internaldb.master.replicationpwd", "");
+ IConfigStore masterCfg = cs.getSubStore("preop.internaldb.master");
+ masterFactory = CMS.getLdapBoundConnFactory();
+ masterFactory.init(masterCfg);
+ masterConn = masterFactory.getConn();
} catch (Exception e) {
+ CMS.debug("Failed to set up connection to master:" + e.toString());
+ e.printStackTrace();
+ throw new IOException("Failed to set up replication: No connection to master");
}
- String master2_hostname = "";
- int master2_port = -1;
- String master2_binddn = "";
- String master2_bindpwd = "";
- String master2_replicationpwd = "";
-
+ // get connection to replica
+ LDAPConnection replicaConn = null;
+ ILdapConnFactory replicaFactory = null;
try {
- master2_hostname = cs.getString("internaldb.ldapconn.host", "");
- master2_port = cs.getInteger("internaldb.ldapconn.port", -1);
- master2_binddn = cs.getString("internaldb.ldapauth.bindDN", "");
- master2_bindpwd = bindpwd;
- master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", "");
+ IConfigStore replicaCfg = cs.getSubStore("internaldb");
+ replicaFactory = CMS.getLdapBoundConnFactory();
+ replicaFactory.init(replicaCfg);
+ replicaConn = replicaFactory.getConn();
} catch (Exception e) {
+ CMS.debug("Failed to set up connection to replica:" + e.toString());
+ e.printStackTrace();
+ throw new IOException("Failed to set up replication: No connection to replica");
}
- LDAPConnection conn1 = null;
- LDAPConnection conn2 = null;
- if (secure.equals("true")) {
- CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap");
- conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- } else {
- CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap");
- conn1 = new LDAPConnection();
- conn2 = new LDAPConnection();
+ String master_hostname = "";
+ int master_port = -1;
+ String master_replicationpwd = "";
+ String replica_hostname = "";
+ int replica_port = -1;
+ String replica_replicationpwd = "";
+
+ try {
+ master_hostname = cs.getString("preop.internaldb.master.ldapconn.host", "");
+ master_port = cs.getInteger("preop.internaldb.master.ldapconn.port", -1);
+ master_replicationpwd = cs.getString("preop.internaldb.master.replication.password", "");
+ replica_hostname = cs.getString("internaldb.ldapconn.host", "");
+ replica_port = cs.getInteger("internaldb.ldapconn.port", -1);
+ replica_replicationpwd = cs.getString("preop.internaldb.replicationpwd", "");
+ } catch (Exception e) {
}
String basedn = "";
@@ -1161,10 +1161,6 @@ public class DatabasePanel extends WizardPanelBase {
}
try {
- conn1.connect(master1_hostname, master1_port, master1_binddn,
- master1_bindpwd);
- conn2.connect(master2_hostname, master2_port, master2_binddn,
- master2_bindpwd);
String suffix = cs.getString("internaldb.basedn", "");
String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config";
@@ -1173,46 +1169,52 @@ public class DatabasePanel extends WizardPanelBase {
String masterBindUser = "Replication Manager " + masterAgreementName;
String cloneBindUser = "Replication Manager " + cloneAgreementName;
- createReplicationManager(conn1, masterBindUser, master1_replicationpwd);
- createReplicationManager(conn2, cloneBindUser, master2_replicationpwd);
+ createReplicationManager(masterConn, masterBindUser, master_replicationpwd);
+ createReplicationManager(replicaConn, cloneBindUser, replica_replicationpwd);
- String dir1 = getInstanceDir(conn1);
- createChangeLog(conn1, dir1 + "/changelogs");
+ String dir1 = getInstanceDir(masterConn);
+ createChangeLog(masterConn, dir1 + "/changelogs");
- String dir2 = getInstanceDir(conn2);
- createChangeLog(conn2, dir2 + "/changelogs");
+ String dir2 = getInstanceDir(replicaConn);
+ createChangeLog(replicaConn, dir2 + "/changelogs");
int replicaId = cs.getInteger("dbs.beginReplicaNumber", 1);
- replicaId = enableReplication(replicadn, conn1, masterBindUser, basedn, replicaId);
- replicaId = enableReplication(replicadn, conn2, cloneBindUser, basedn, replicaId);
+ replicaId = enableReplication(replicadn, masterConn, masterBindUser, basedn, replicaId);
+ replicaId = enableReplication(replicadn, replicaConn, cloneBindUser, basedn, replicaId);
cs.putString("dbs.beginReplicaNumber", Integer.toString(replicaId));
CMS.debug("DatabasePanel setupReplication: Finished enabling replication");
- createReplicationAgreement(replicadn, conn1, masterAgreementName,
- master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure,
+ createReplicationAgreement(replicadn, masterConn, masterAgreementName,
+ replica_hostname, replica_port, replica_replicationpwd, basedn, cloneBindUser, secure,
cloneStartTLS);
- createReplicationAgreement(replicadn, conn2, cloneAgreementName,
- master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure,
+ createReplicationAgreement(replicadn, replicaConn, cloneAgreementName,
+ master_hostname, master_port, master_replicationpwd, basedn, masterBindUser, secure,
cloneStartTLS);
// initialize consumer
- initializeConsumer(replicadn, conn1, masterAgreementName);
+ initializeConsumer(replicadn, masterConn, masterAgreementName);
- while (!replicationDone(replicadn, conn1, masterAgreementName)) {
+ while (!replicationDone(replicadn, masterConn, masterAgreementName)) {
CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete");
Thread.sleep(1000);
}
- String status = replicationStatus(replicadn, conn1, masterAgreementName);
+ String status = replicationStatus(replicadn, masterConn, masterAgreementName);
if (!status.startsWith("0 ")) {
CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " +
status);
throw new IOException("consumer initialization failed. " + status);
}
+ // remove master ldap password from password.conf (if present)
+ String passwordFile = cs.getString("passwordFile");
+ IConfigStore psStore = CMS.createFileConfigStore(passwordFile);
+ psStore.remove("master_internaldb");
+ psStore.commit(false);
+
} catch (Exception e) {
CMS.debug("DatabasePanel setupReplication: " + e.toString());
throw new IOException("Failed to setup the replication for cloning.");
@@ -1238,7 +1240,7 @@ public class DatabasePanel extends WizardPanelBase {
throws LDAPException {
LDAPAttributeSet attrs = null;
LDAPEntry entry = null;
- String dn = "cn=" + bindUser + ",cn=config";
+ String dn = "cn=" + bindUser + ",ou=csusers,cn=config";
try {
attrs = new LDAPAttributeSet();
attrs.add(new LDAPAttribute("objectclass", "top"));
@@ -1315,7 +1317,7 @@ public class DatabasePanel extends WizardPanelBase {
attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3"));
attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
- "cn=" + bindUser + ",cn=config"));
+ "cn=" + bindUser + ",ou=csusers,cn=config"));
attrs.add(new LDAPAttribute("cn", "replica"));
attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id)));
attrs.add(new LDAPAttribute("nsds5flags", "1"));
@@ -1330,7 +1332,7 @@ public class DatabasePanel extends WizardPanelBase {
try {
entry = conn.read(replicadn);
LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN");
- attr.addValue("cn=" + bindUser + ",cn=config");
+ attr.addValue("cn=" + bindUser + ",ou=csusers,cn=config");
LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
conn.modify(replicadn, mod);
} catch (LDAPException ee) {
@@ -1367,7 +1369,7 @@ public class DatabasePanel extends WizardPanelBase {
attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost));
attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport));
attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
- "cn=" + bindUser + ",cn=config"));
+ "cn=" + bindUser + ",ou=csusers,cn=config"));
attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple"));
attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd));
generated by cgit (git 2.34.1) at 2024-05-03 14:58:11 +0000