[Pki-devel] [PATCH] 0030 Add pkispawn config option for ldap profiles
Fraser Tweedale
ftweedal at redhat.com
Mon Mar 30 07:29:37 UTC 2015
This patch introduces a pkispawn config option to specify whether to
use file-based or LDAP profiles. File-based profiles (the existing
behaviour) are the default.
-------------- next part --------------
>From b242dbae34050011cfb51cebc2e6ec108a362e63 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <frase at frase.id.au>
Date: Thu, 26 Mar 2015 23:24:10 -0400
Subject: [PATCH] Add pkispawn config option for ldap profiles
Add the `pki_profiles_in_ldap' pkispawn config to control whether
profiles are stored on the filesystem (old behaviour) or LDAP (new
behaviour). The default is file-based profiles.
---
base/ca/shared/conf/CS.cfg.in | 2 +-
base/server/config/pkislots.cfg | 1 +
base/server/etc/default.cfg | 1 +
base/server/python/pki/server/deployment/pkiparser.py | 6 ++++++
4 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index 5b9f66680d14bbcc9f38133fd032bf2400e75ecc..8353edee13c4d008e8303b2f6e5c086422b9442a 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -1137,7 +1137,7 @@ smtp.host=localhost
smtp.port=25
subsystem.0.class=com.netscape.ca.CertificateAuthority
subsystem.0.id=ca
-subsystem.1.class=com.netscape.cmscore.profile.ProfileSubsystem
+subsystem.1.class=com.netscape.cmscore.profile.[PKI_PROFILE_SUBSYSTEM]
subsystem.1.id=profile
subsystem.1.enabled=false
subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem
diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg
index fffaab853b62d3c5e3427a20ccb70871633c794d..8ee93964ead2c12a1682bd7b3fcc32c3142f147d 100644
--- a/base/server/config/pkislots.cfg
+++ b/base/server/config/pkislots.cfg
@@ -41,6 +41,7 @@ PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT=[PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT]
PKI_OPEN_STANDALONE_COMMENT_SLOT=[PKI_OPEN_STANDALONE_COMMENT]
PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT=[PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT]
PKI_PIDDIR_SLOT=[PKI_PIDDIR]
+PKI_PROFILE_SUBSYSTEM_SLOT=[PKI_PROFILE_SUBSYSTEM]
PKI_PROXY_SECURE_PORT_SLOT=[PKI_PROXY_SECURE_PORT]
PKI_PROXY_UNSECURE_PORT_SLOT=[PKI_PROXY_UNSECURE_PORT]
PKI_RANDOM_NUMBER_SLOT=[PKI_RANDOM_NUMBER]
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index 5b22b33d70800f0e708b39ed67ba8d17bf855504..8771c09b0e0f2ab87c06b616859591f3f231711b 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -361,6 +361,7 @@ pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_name)s CA
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s
pki_ocsp_signing_token=Internal Key Storage Token
+pki_profiles_in_ldap=False
pki_random_serial_numbers_enable=False
pki_subordinate=False
pki_subordinate_create_new_security_domain=False
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 6fb9e987dc9e339713c5066b0c726973480d74d3..e37b0e4a563030145a39cd911064830926f79dc3 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -1227,6 +1227,12 @@ class PKIConfigParser:
"restart" + " " + \
"pki-tomcatd" + "@" + \
self.mdict['pki_instance_name'] + "." + "service"
+
+ if config.str2bool(self.mdict['pki_profiles_in_ldap']):
+ self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'LDAPProfileSubsystem'
+ else:
+ self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'ProfileSubsystem'
+
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
--
2.1.0
More information about the Pki-devel
mailing list