From 87fd6b473eb3490ffc17f7a385ba5acb7ceb9fb0 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <frase@frase.id.au>
Date: Thu, 26 Mar 2015 23:24:10 -0400
Subject: Add pkispawn config option for ldap profiles

Add the `pki_profiles_in_ldap' pkispawn config to control whether
profiles are stored on the filesystem (old behaviour) or LDAP (new
behaviour).  The default is file-based profiles.
---
 base/server/config/pkislots.cfg                       | 1 +
 base/server/etc/default.cfg                           | 1 +
 base/server/python/pki/server/deployment/pkiparser.py | 6 ++++++
 3 files changed, 8 insertions(+)

(limited to 'base/server')

diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg
index fffaab853..8ee93964e 100644
--- a/base/server/config/pkislots.cfg
+++ b/base/server/config/pkislots.cfg
@@ -41,6 +41,7 @@ PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT=[PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT]
 PKI_OPEN_STANDALONE_COMMENT_SLOT=[PKI_OPEN_STANDALONE_COMMENT]
 PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT=[PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT]
 PKI_PIDDIR_SLOT=[PKI_PIDDIR]
+PKI_PROFILE_SUBSYSTEM_SLOT=[PKI_PROFILE_SUBSYSTEM]
 PKI_PROXY_SECURE_PORT_SLOT=[PKI_PROXY_SECURE_PORT]
 PKI_PROXY_UNSECURE_PORT_SLOT=[PKI_PROXY_UNSECURE_PORT]
 PKI_RANDOM_NUMBER_SLOT=[PKI_RANDOM_NUMBER]
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index 5b22b33d7..8771c09b0 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -361,6 +361,7 @@ pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_name)s CA
 pki_ocsp_signing_signing_algorithm=SHA256withRSA
 pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s
 pki_ocsp_signing_token=Internal Key Storage Token
+pki_profiles_in_ldap=False
 pki_random_serial_numbers_enable=False
 pki_subordinate=False
 pki_subordinate_create_new_security_domain=False
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 6fb9e987d..e37b0e4a5 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -1227,6 +1227,12 @@ class PKIConfigParser:
                     "restart" + " " + \
                     "pki-tomcatd" + "@" + \
                     self.mdict['pki_instance_name'] + "." + "service"
+
+            if config.str2bool(self.mdict['pki_profiles_in_ldap']):
+                self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'LDAPProfileSubsystem'
+            else:
+                self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'ProfileSubsystem'
+
         except OSError as exc:
             config.pki_log.error(log.PKI_OSERROR_1, exc,
                                  extra=config.PKI_INDENTATION_LEVEL_2)
-- 
cgit