diff options
Diffstat (limited to 'pki/base/common')
6 files changed, 153 insertions, 202 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index 7912486f5..b8cc8022e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -249,14 +249,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { if (!cstype.equals("ca")) { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - + s1.append(",internaldb,internaldb.ldapauth,internaldb.ldapconn"); String content = - "uid=" - + uid - + "&pwd=" - + pwd - + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" - + c1.toString() + "&substores=" + s1.toString(); + "uid=" + uid + + "&pwd=" + pwd + + "&op=get&names=cloning.module.token,instanceId," + + "internaldb.ldapauth.password,internaldb.replication.password" + + c1.toString() + "&substores=" + s1.toString(); boolean success = updateConfigEntries(host, httpsport, true, "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index 5615c6dfb..d3b0e380e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -23,6 +23,7 @@ import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.io.PrintStream; +import java.util.ArrayList; import java.util.Enumeration; import java.util.Random; import java.util.StringTokenizer; @@ -52,6 +53,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.IDBSubsystem; +import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.property.PropertySet; @@ -318,8 +320,8 @@ public class DatabasePanel extends WizardPanelBase { String masterport = ""; String masterbasedn = ""; try { - masterhost = cs.getString("preop.internaldb.master.hostname", ""); - masterport = cs.getString("preop.internaldb.master.port", ""); + masterhost = cs.getString("preop.internaldb.master.ldapconn.host", ""); + masterport = cs.getString("preop.internaldb.master.ldapconn.port", ""); masterbasedn = cs.getString("preop.internaldb.master.basedn", ""); } catch (Exception e) { } @@ -518,13 +520,10 @@ public class DatabasePanel extends WizardPanelBase { String baseDN = ""; String database = ""; String dn = ""; - String dbuser = ""; try { baseDN = cs.getString("internaldb.basedn"); database = cs.getString("internaldb.database", ""); - dbuser = "uid=" + cs.getString("cs.type") + "-" + cs.getString("machineName") + "-" - + cs.getString("service.securePort") + ",ou=people," + baseDN; } catch (Exception e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); throw new IOException( @@ -656,10 +655,6 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("objectClass", oc3)); attrs.add(new LDAPAttribute(n, v)); - String dbuserACI = "(targetattr=\"*\")(version 3.0; acl \"Cert Manager access\"; allow (all) userdn=\"ldap:///" - + dbuser + "\";)"; - CMS.debug("ACI string is ["+ dbuserACI + "]"); - attrs.add(new LDAPAttribute("aci", dbuserACI)); LDAPEntry entry = new LDAPEntry(baseDN, attrs); conn.add(entry); } catch (Exception e) { @@ -727,23 +722,6 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("Failed to find base DN"); } - // add dbuser aci to cn=config - String dbuserACI = "(targetattr=\"*\")(version 3.0; acl \"Cert Manager access\"; allow (read) userdn=\"ldap:///" - + dbuser + "\";)"; - CMS.debug("ACI string is [" + dbuserACI + "]"); - String configDN = "cn=ldbm database,cn=plugins,cn=config"; - try { - - LDAPAttribute attr = new LDAPAttribute("aci", dbuserACI); - LDAPModification mod = new LDAPModification(LDAPModification.ADD, attr); - conn.modify(configDN, mod); - } catch (LDAPException e) { - if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { - e.printStackTrace(); - throw new IOException("Failed to add aci to " + configDN); - } - } - String select = ""; try { select = cs.getString("preop.subsystem.select", ""); @@ -753,9 +731,9 @@ public class DatabasePanel extends WizardPanelBase { if (select.equals("clone")) { // if this is clone, add index before replication // don't put in the schema or bad things will happen - importLDIFS("preop.internaldb.ldif", conn); importLDIFS("preop.internaldb.index_ldif", conn); + importLDIFS("preop.internaldb.manager_ldif", conn); } else { // data will be replicated from the master to the clone // so clone does not need the data @@ -765,6 +743,7 @@ public class DatabasePanel extends WizardPanelBase { importLDIFS("preop.internaldb.ldif", conn); importLDIFS("preop.internaldb.data_ldif", conn); importLDIFS("preop.internaldb.index_ldif", conn); + importLDIFS("preop.internaldb.manager_ldif", conn); } try { @@ -821,6 +800,16 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("instanceId is missing"); } + String dbuser = null; + try { + dbuser = "uid=" + cs.getString("cs.type") + "-" + cs.getString("machineName") + "-" + + cs.getString("service.securePort") + ",ou=people," + baseDN; + } catch (EBaseException e) { + CMS.debug("Unable to construct dbuser" + e.toString()); + e.printStackTrace(); + throw new IOException("unable to construct dbuser"); + } + String configDir = instancePath + File.separator + "conf"; while (tokenizer.hasMoreTokens()) { @@ -862,6 +851,8 @@ public class DatabasePanel extends WizardPanelBase { ps.print(baseDN); } else if (tok.equals("database")) { ps.print(database); + } else if (tok.equals("dbuser")) { + ps.print(dbuser); } if ((s.length() + 1) == n1) { endOfline = true; @@ -883,8 +874,14 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException( "Problem of copying ldif file: " + filename); } - - LDAPUtil.importLDIF(conn, filename); + ArrayList<String> errors = new ArrayList<String>(); + LDAPUtil.importLDIF(conn, filename, errors); + if (! errors.isEmpty()) { + CMS.debug("DatabasePanel: importLDIFS: LDAP Errors in importing " + filename); + for (String error: errors) { + CMS.debug(error); + } + } } } @@ -899,6 +896,7 @@ public class DatabasePanel extends WizardPanelBase { context.put("firsttime", "false"); try { + @SuppressWarnings("unused") String s = cs.getString("preop.database.removeData"); // check whether it's first time } catch (Exception e) { context.put("firsttime", "true"); @@ -1087,7 +1085,6 @@ public class DatabasePanel extends WizardPanelBase { private void setupReplication(HttpServletRequest request, Context context, String secure, String cloneStartTLS) throws IOException { - String bindpwd = HttpInput.getPassword(request, "__bindpwd"); IConfigStore cs = CMS.getConfigStore(); String cstype = ""; @@ -1112,46 +1109,49 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - String master1_hostname = ""; - int master1_port = -1; - String master1_binddn = ""; - String master1_bindpwd = ""; - String master1_replicationpwd = ""; - + // get connection to master + LDAPConnection masterConn = null; + ILdapConnFactory masterFactory = null; try { - master1_hostname = cs.getString("preop.internaldb.master.hostname", ""); - master1_port = cs.getInteger("preop.internaldb.master.port", -1); - master1_binddn = cs.getString("preop.internaldb.master.binddn", ""); - master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", ""); - master1_replicationpwd = cs.getString("preop.internaldb.master.replicationpwd", ""); + IConfigStore masterCfg = cs.getSubStore("preop.internaldb.master"); + masterFactory = CMS.getLdapBoundConnFactory(); + masterFactory.init(masterCfg); + masterConn = masterFactory.getConn(); } catch (Exception e) { + CMS.debug("Failed to set up connection to master:" + e.toString()); + e.printStackTrace(); + throw new IOException("Failed to set up replication: No connection to master"); } - String master2_hostname = ""; - int master2_port = -1; - String master2_binddn = ""; - String master2_bindpwd = ""; - String master2_replicationpwd = ""; - + // get connection to replica + LDAPConnection replicaConn = null; + ILdapConnFactory replicaFactory = null; try { - master2_hostname = cs.getString("internaldb.ldapconn.host", ""); - master2_port = cs.getInteger("internaldb.ldapconn.port", -1); - master2_binddn = cs.getString("internaldb.ldapauth.bindDN", ""); - master2_bindpwd = bindpwd; - master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", ""); + IConfigStore replicaCfg = cs.getSubStore("internaldb"); + replicaFactory = CMS.getLdapBoundConnFactory(); + replicaFactory.init(replicaCfg); + replicaConn = replicaFactory.getConn(); } catch (Exception e) { + CMS.debug("Failed to set up connection to replica:" + e.toString()); + e.printStackTrace(); + throw new IOException("Failed to set up replication: No connection to replica"); } - LDAPConnection conn1 = null; - LDAPConnection conn2 = null; - if (secure.equals("true")) { - CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); - conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); - conn1 = new LDAPConnection(); - conn2 = new LDAPConnection(); + String master_hostname = ""; + int master_port = -1; + String master_replicationpwd = ""; + String replica_hostname = ""; + int replica_port = -1; + String replica_replicationpwd = ""; + + try { + master_hostname = cs.getString("preop.internaldb.master.ldapconn.host", ""); + master_port = cs.getInteger("preop.internaldb.master.ldapconn.port", -1); + master_replicationpwd = cs.getString("preop.internaldb.master.replication.password", ""); + replica_hostname = cs.getString("internaldb.ldapconn.host", ""); + replica_port = cs.getInteger("internaldb.ldapconn.port", -1); + replica_replicationpwd = cs.getString("preop.internaldb.replicationpwd", ""); + } catch (Exception e) { } String basedn = ""; @@ -1161,10 +1161,6 @@ public class DatabasePanel extends WizardPanelBase { } try { - conn1.connect(master1_hostname, master1_port, master1_binddn, - master1_bindpwd); - conn2.connect(master2_hostname, master2_port, master2_binddn, - master2_bindpwd); String suffix = cs.getString("internaldb.basedn", ""); String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config"; @@ -1173,46 +1169,52 @@ public class DatabasePanel extends WizardPanelBase { String masterBindUser = "Replication Manager " + masterAgreementName; String cloneBindUser = "Replication Manager " + cloneAgreementName; - createReplicationManager(conn1, masterBindUser, master1_replicationpwd); - createReplicationManager(conn2, cloneBindUser, master2_replicationpwd); + createReplicationManager(masterConn, masterBindUser, master_replicationpwd); + createReplicationManager(replicaConn, cloneBindUser, replica_replicationpwd); - String dir1 = getInstanceDir(conn1); - createChangeLog(conn1, dir1 + "/changelogs"); + String dir1 = getInstanceDir(masterConn); + createChangeLog(masterConn, dir1 + "/changelogs"); - String dir2 = getInstanceDir(conn2); - createChangeLog(conn2, dir2 + "/changelogs"); + String dir2 = getInstanceDir(replicaConn); + createChangeLog(replicaConn, dir2 + "/changelogs"); int replicaId = cs.getInteger("dbs.beginReplicaNumber", 1); - replicaId = enableReplication(replicadn, conn1, masterBindUser, basedn, replicaId); - replicaId = enableReplication(replicadn, conn2, cloneBindUser, basedn, replicaId); + replicaId = enableReplication(replicadn, masterConn, masterBindUser, basedn, replicaId); + replicaId = enableReplication(replicadn, replicaConn, cloneBindUser, basedn, replicaId); cs.putString("dbs.beginReplicaNumber", Integer.toString(replicaId)); CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); - createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, + createReplicationAgreement(replicadn, masterConn, masterAgreementName, + replica_hostname, replica_port, replica_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); - createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, + createReplicationAgreement(replicadn, replicaConn, cloneAgreementName, + master_hostname, master_port, master_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); // initialize consumer - initializeConsumer(replicadn, conn1, masterAgreementName); + initializeConsumer(replicadn, masterConn, masterAgreementName); - while (!replicationDone(replicadn, conn1, masterAgreementName)) { + while (!replicationDone(replicadn, masterConn, masterAgreementName)) { CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete"); Thread.sleep(1000); } - String status = replicationStatus(replicadn, conn1, masterAgreementName); + String status = replicationStatus(replicadn, masterConn, masterAgreementName); if (!status.startsWith("0 ")) { CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + status); throw new IOException("consumer initialization failed. " + status); } + // remove master ldap password from password.conf (if present) + String passwordFile = cs.getString("passwordFile"); + IConfigStore psStore = CMS.createFileConfigStore(passwordFile); + psStore.remove("master_internaldb"); + psStore.commit(false); + } catch (Exception e) { CMS.debug("DatabasePanel setupReplication: " + e.toString()); throw new IOException("Failed to setup the replication for cloning."); @@ -1238,7 +1240,7 @@ public class DatabasePanel extends WizardPanelBase { throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; - String dn = "cn=" + bindUser + ",cn=config"; + String dn = "cn=" + bindUser + ",ou=csusers,cn=config"; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); @@ -1315,7 +1317,7 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + "cn=" + bindUser + ",ou=csusers,cn=config")); attrs.add(new LDAPAttribute("cn", "replica")); attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id))); attrs.add(new LDAPAttribute("nsds5flags", "1")); @@ -1330,7 +1332,7 @@ public class DatabasePanel extends WizardPanelBase { try { entry = conn.read(replicadn); LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN"); - attr.addValue("cn=" + bindUser + ",cn=config"); + attr.addValue("cn=" + bindUser + ",ou=csusers,cn=config"); LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); conn.modify(replicadn, mod); } catch (LDAPException ee) { @@ -1367,7 +1369,7 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost)); attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport)); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + "cn=" + bindUser + ",ou=csusers,cn=config")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple")); attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd)); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index 244b7df4c..b9932722e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; -import java.io.IOException; import java.util.Date; import java.util.Enumeration; import java.util.Vector; @@ -31,9 +30,11 @@ import netscape.ldap.LDAPSearchResults; import netscape.ldap.LDAPv2; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISecurityDomainSessionTable; -import com.netscape.cmsutil.password.IPasswordStore; +import com.netscape.certsrv.ldap.ELdapException; +import com.netscape.certsrv.ldap.ILdapConnFactory; /** * This object stores the values for IP, uid and group based on the cookie id in LDAP. @@ -43,9 +44,14 @@ public class LDAPSecurityDomainSessionTable implements ISecurityDomainSessionTable { private long m_timeToLive; + private ILdapConnFactory mLdapConnFactory = null; - public LDAPSecurityDomainSessionTable(long timeToLive) { + public LDAPSecurityDomainSessionTable(long timeToLive) throws ELdapException, EBaseException { m_timeToLive = timeToLive; + IConfigStore cs = CMS.getConfigStore(); + IConfigStore internaldb = cs.getSubStore("internaldb"); + mLdapConnFactory = CMS.getLdapBoundConnFactory(); + mLdapConnFactory.init(internaldb); } public int addEntry(String sessionId, String ip, @@ -67,7 +73,7 @@ public class LDAPSecurityDomainSessionTable try { // create session entry (if it does not exist) - conn = getLDAPConn(); + conn = mLdapConnFactory.getConn(); LDAPEntry entry = null; LDAPAttributeSet attrs = null; @@ -112,7 +118,7 @@ public class LDAPSecurityDomainSessionTable } try { - conn.disconnect(); + mLdapConnFactory.returnConn(conn); } catch (Exception e) { CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e); } @@ -126,7 +132,7 @@ public class LDAPSecurityDomainSessionTable try { String basedn = cs.getString("internaldb.basedn"); String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn; - conn = getLDAPConn(); + conn = mLdapConnFactory.getConn(); conn.delete(dn); status = SUCCESS; } catch (Exception e) { @@ -138,7 +144,7 @@ public class LDAPSecurityDomainSessionTable } } try { - conn.disconnect(); + mLdapConnFactory.returnConn(conn); } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e); } @@ -155,7 +161,7 @@ public class LDAPSecurityDomainSessionTable String filter = "(cn=" + sessionId + ")"; String[] attrs = { "cn" }; - conn = getLDAPConn(); + conn = mLdapConnFactory.getConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); if (res.getCount() > 0) ret = true; @@ -164,7 +170,7 @@ public class LDAPSecurityDomainSessionTable } try { - conn.disconnect(); + mLdapConnFactory.returnConn(conn); } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); } @@ -182,7 +188,7 @@ public class LDAPSecurityDomainSessionTable String filter = "(objectclass=securityDomainSessionEntry)"; String[] attrs = { "cn" }; - conn = getLDAPConn(); + conn = mLdapConnFactory.getConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); while (res.hasMoreElements()) { LDAPEntry entry = res.next(); @@ -201,7 +207,7 @@ public class LDAPSecurityDomainSessionTable } try { - conn.disconnect(); + mLdapConnFactory.returnConn(conn); } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); } @@ -218,7 +224,7 @@ public class LDAPSecurityDomainSessionTable String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; String filter = "(cn=" + sessionId + ")"; String[] attrs = { attr }; - conn = getLDAPConn(); + conn = mLdapConnFactory.getConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); if (res.getCount() > 0) { LDAPEntry entry = res.next(); @@ -229,7 +235,7 @@ public class LDAPSecurityDomainSessionTable } try { - conn.disconnect(); + mLdapConnFactory.returnConn(conn); } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); } @@ -271,7 +277,7 @@ public class LDAPSecurityDomainSessionTable String filter = "(objectclass=securityDomainSessionEntry)"; String[] attrs = { "cn" }; - conn = getLDAPConn(); + conn = mLdapConnFactory.getConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); ret = res.getCount(); } catch (Exception e) { @@ -279,78 +285,11 @@ public class LDAPSecurityDomainSessionTable } try { - conn.disconnect(); + mLdapConnFactory.returnConn(conn); } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); } return ret; } - - private LDAPConnection getLDAPConn() - throws IOException { - IConfigStore cs = CMS.getConfigStore(); - - String host = ""; - String port = ""; - String pwd = null; - String binddn = ""; - String security = ""; - String clientNick = ""; - - IPasswordStore pwdStore = CMS.getPasswordStore(); - - if (pwdStore != null) { - //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); - pwd = pwdStore.getPassword("internaldb"); - } - - if (pwd == null) { - throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); - } - - try { - host = cs.getString("internaldb.ldapconn.host"); - port = cs.getString("internaldb.ldapconn.port"); - binddn = cs.getString("internaldb.ldapauth.bindDN"); - security = cs.getString("internaldb.ldapconn.secureConn"); - clientNick = cs.getString("internaldb.ldapauth.clientCertNickname"); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getLDAPConn" + e.toString()); - throw new IOException( - "Failed to retrieve LDAP information from CS.cfg."); - } - - int p = -1; - - try { - p = Integer.parseInt(port); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable getLDAPConn: " + e.toString()); - throw new IOException("Port is not valid"); - } - - LDAPConnection conn = null; - if (!clientNick.equals("")) { - CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) client auth connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory(clientNick)); - } else if (security.equals("true")) { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); - } - - //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p); - try { - conn.connect(host, p, binddn, pwd); - } catch (LDAPException e) { - CMS.debug("SecurityDomainSessionTable getLDAPConn: " + e.toString()); - throw new IOException("Failed to connect to the internal database."); - } - - return conn; - } - } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 80a887fd2..ea0e79787 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -456,14 +456,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase { s1.append(","); s1.append("ca.connector.KRA"); } + + s1.append(",internaldb,internaldb.ldapauth,internaldb.ldapconn"); content = - "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" - + c1.toString() - + "&substores=" - + s1.toString() - + "&xmlOutput=true&sessionID=" - + session_id; + "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password," + + "internaldb.replication.password" + c1.toString() + + "&substores=" + s1.toString() + + "&xmlOutput=true&sessionID=" + + session_id; boolean success = updateConfigEntries(master_hostname, master_port, true, "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response); if (!success) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index 40190c9a7..ea47e82ed 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -620,19 +620,11 @@ public class WizardPanelBase implements IWizardPanel { } } - if (name.equals("internaldb.ldapconn.host")) { - config.putString("preop.internaldb.master.hostname", v); - } else if (name.equals("internaldb.ldapconn.port")) { - config.putString("preop.internaldb.master.port", v); - } else if (name.equals("internaldb.ldapauth.bindDN")) { - config.putString("preop.internaldb.master.binddn", v); - } else if (name.equals("internaldb.basedn")) { + if (name.equals("internaldb.basedn")) { config.putString(name, v); config.putString("preop.internaldb.master.basedn", v); - } else if (name.equals("internaldb.ldapauth.password")) { - config.putString("preop.internaldb.master.bindpwd", v); - } else if (name.equals("internaldb.replication.password")) { - config.putString("preop.internaldb.master.replicationpwd", v); + } else if (name.startsWith("internaldb")) { + config.putString(name.replaceFirst("internaldb", "preop.internaldb.master"), v); } else if (name.equals("instanceId")) { config.putString("preop.master.instanceId", v); } else if (name.equals("cloning.cert.signing.nickname")) { @@ -681,6 +673,23 @@ public class WizardPanelBase implements IWizardPanel { } } + // set master ldap password (if it exists) temporarily in password store + // in case it is needed for replication. Not stored in password.conf. + try { + String master_pwd = config.getString("preop.internaldb.master.ldapauth.password", ""); + if (!master_pwd.equals("")) { + config.putString("preop.internaldb.master.ldapauth.bindPWPrompt", "master_internaldb"); + String passwordFile = config.getString("passwordFile"); + IConfigStore psStore = CMS.createFileConfigStore(passwordFile); + psStore.putString("master_internaldb", master_pwd); + psStore.commit(false); + } + } catch (Exception e) { + CMS.debug("updateConfigEntries: Failed to temporarily store master bindpwd: " + e.toString()); + e.printStackTrace(); + throw new IOException(e.toString()); + } + return true; } else if (status.equals(AUTH_FAILURE)) { reloginSecurityDomain(response); diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java index 5fdcaece0..6ca1b6e7e 100644 --- a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java @@ -345,18 +345,19 @@ public class CMSEngine implements ICMSEngine { String secdomain_source = config.getString("securitydomain.source", "memory"); String secdomain_check_interval = config.getString("securitydomain.checkinterval", "5000"); - if (secdomain_source.equals("ldap")) { - mSecurityDomainSessionTable = new LDAPSecurityDomainSessionTable((new Long(flush_timeout)).longValue()); - } else { - mSecurityDomainSessionTable = new SecurityDomainSessionTable((new Long(flush_timeout)).longValue()); - } + if ((state == 1) && (!sd.equals("existing"))) { + // check session domain table only if this is a + // configured security domain host + + if (secdomain_source.equals("ldap")) { + mSecurityDomainSessionTable = new LDAPSecurityDomainSessionTable((new Long(flush_timeout)).longValue()); + } else { + mSecurityDomainSessionTable = new SecurityDomainSessionTable((new Long(flush_timeout)).longValue()); + } + + mSDTimer = new Timer(); + SessionTimer timertask = new SessionTimer(mSecurityDomainSessionTable); - mSDTimer = new Timer(); - SessionTimer timertask = new SessionTimer(mSecurityDomainSessionTable); - if ((state != 1) || (sd.equals("existing"))) { - // for non-security domain hosts or if not yet configured, - // do not check session domain table - } else { mSDTimer.schedule(timertask, 5, (new Long(secdomain_check_interval)).longValue()); } |