external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: aa9e12e2 | patch | commit | ignore whitespace

The code in ReplicationCliMain assumed that when the first server where rep...

jvergara

22.29.2009 284cc30fd544917e405f1a10b922afeb5a9625db

The code in ReplicationCliMain assumed that when the first server where replication was enabled always had the server itself registered in the ADS.  This is not true when all the suffixes had already been disabled in that server.  With this fix the user can enable and disable replication for all suffixes without problems on a given server.

2 files modified

	opends/src/ads/org/opends/admin/ads/ADSContext.java	195 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java	30 ●●●●● patch \| view \| raw \| blame \| history

 opends/src/ads/org/opends/admin/ads/ADSContext.java

@@ -186,8 +186,8 @@
     * named by the ds-cfg-key-id attribute from the server entry.
     */
    INSTANCE_PUBLIC_KEY_CERTIFICATE(
            "ds-cfg-public-key-certificate",
            ADSPropertySyntax.CERTIFICATE_BINARY);
        "ds-cfg-public-key-certificate",
        ADSPropertySyntax.CERTIFICATE_BINARY);

    private String attrName;
    private ADSPropertySyntax attSyntax;
@@ -373,7 +373,7 @@
  }

  private static HashMap<String, AdministratorProperty>
    nameToAdminUserProperty = null;
  nameToAdminUserProperty = null;

  /**
   * Get a AdministratorProperty associated to a name.
@@ -439,7 +439,7 @@
      }
      dirContext.createSubcontext(dn, attrs).close();
      if (serverProperties.containsKey(
                                ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE))
          ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE))
      {
        registerInstanceKeyCertificate(serverProperties, dn);
      }
@@ -452,7 +452,7 @@
        memberList = new HashSet<String>();
      }
      String newMember = "cn="
          + Rdn.escapeValue(serverProperties.get(ServerProperty.ID));
        + Rdn.escapeValue(serverProperties.get(ServerProperty.ID));

      memberList.add(newMember);
      serverGroupProperties.put(ServerGroupProperty.MEMBERS, memberList);
@@ -469,7 +469,7 @@
      }
      groupList.add(ALL_SERVERGROUP_NAME);
      serverProperties.put(ServerProperty.GROUPS, groupList);
    updateServer(serverProperties, null);
      updateServer(serverProperties, null);

    }
    catch (ADSContextException ace)
@@ -497,7 +497,7 @@
   */
  public void updateServer(Map<ServerProperty, Object> serverProperties,
      String newServerId) throws ADSContextException
  {
      {
    LdapName dn = makeDNFromServerProperties(serverProperties);

    try
@@ -517,7 +517,7 @@
      dirContext.modifyAttributes(dn, DirContext.REPLACE_ATTRIBUTE,
          attrs);
      if (serverProperties.containsKey(
                                ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE))
          ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE))
      {
        registerInstanceKeyCertificate(serverProperties, dn);
      }
@@ -536,7 +536,7 @@
      throw new ADSContextException(
          ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
    }
  }
      }

  /**
   * Method called to unregister a server in the ADS. Note that the server's
@@ -703,7 +703,7 @@
   */
  public int registerOrUpdateServer(
      Map<ServerProperty, Object> serverProperties) throws ADSContextException
  {
      {
    int result = 0;
    try
    {
@@ -722,7 +722,7 @@
      }
    }
    return result;
  }
      }

  /**
   * Returns the member list of a group of server.
@@ -735,7 +735,7 @@
   */
  public Set<String> getServerGroupMemberList(
      String serverGroupId) throws ADSContextException
  {
      {
    LdapName dn = nameFromDN("cn=" + Rdn.escapeValue(serverGroupId) + ","
        + getServerGroupContainerDN());

@@ -788,7 +788,7 @@
          ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
    }
    return result;
  }
      }

  /**
   * Returns a set containing the servers that are registered in the
@@ -924,7 +924,7 @@
      if (serverGroupProperties.containsKey(ServerGroupProperty.UID))
      {
        String newGroupId = serverGroupProperties
            .get(ServerGroupProperty.UID).toString();
        .get(ServerGroupProperty.UID).toString();
        if (!newGroupId.equals(groupID))
        {
          // Rename to entry
@@ -1079,7 +1079,7 @@

      sc.setSearchScope(SearchControls.ONELEVEL_SCOPE);
      String[] attList = { "cn", "userpassword", "ds-privilege-name",
          "description" };
      "description" };
      sc.setReturningAttributes(attList);
      ne = dirContext.search(getAdministratorContainerDN(), "(objectclass=*)",
          sc);
@@ -1314,7 +1314,7 @@
      makeDNFromAdministratorProperties(adminProperties);

    boolean updatePassword = adminProperties
        .containsKey(AdministratorProperty.PASSWORD);
    .containsKey(AdministratorProperty.PASSWORD);
    try
    {
      // Entry renaming
@@ -1343,7 +1343,7 @@
        SearchResult sr = (SearchResult)ne.next();

        currentPrivileges = sr.getAttributes().get("ds-privilege-name")
            .getAll();
        .getAll();
      }

      // Replace properties, if needed.
@@ -1393,10 +1393,10 @@
   */
  private static LdapName makeDNFromHostnameAndPath(String hostname,
      String ipath) throws ADSContextException
  {
      {
    String cnValue = Rdn.escapeValue(hostname + "@" + ipath);
    return nameFromDN("cn=" + cnValue + "," + getServerContainerDN());
  }
      }

  /**
   * This method returns the DN of the entry that corresponds to the given host
@@ -1433,7 +1433,7 @@
      throw new ADSContextException(ADSContextException.ErrorType.MISSING_NAME);
    }
    return nameFromDN("cn=" + Rdn.escapeValue(serverGroupId) + "," +
          getServerGroupContainerDN());
        getServerGroupContainerDN());
  }

  /**
@@ -1446,7 +1446,7 @@
   */
  private static LdapName makeDNFromServerProperties(
      Map<ServerProperty, Object> serverProperties) throws ADSContextException
  {
      {
    String serverID ;
    if ( (serverID = getServerID(serverProperties)) != null )
    {
@@ -1464,7 +1464,7 @@
      ServerDescriptor s = ServerDescriptor.createStandalone(serverProperties);
      return makeDNFromServerUniqueId(s.getHostPort(true));
    }
  }
      }

  /**
   * This method returns the DN of the entry that corresponds to the given
@@ -1476,12 +1476,12 @@
   */
  public static String getServerIdFromServerProperties(
      Map<ServerProperty, Object> serverProperties) throws ADSContextException
  {
      {
    LdapName ldapName = makeDNFromServerProperties(serverProperties);
    String rdn = ldapName.get(ldapName.size() -1);
    int pos = rdn.indexOf("=");
    return rdn.substring(pos+1);
  }
      }

  /**
   * This method returns the DN of the entry that corresponds to the given
@@ -1547,7 +1547,7 @@
      }

      LinkedList privileges = (LinkedList)
        adminProperties.get(AdministratorProperty.PRIVILEGE);
      adminProperties.get(AdministratorProperty.PRIVILEGE);
      for( Object o : privileges)
      {
        String p = o.toString() ;
@@ -1643,17 +1643,17 @@

    switch(property)
    {
      case INSTANCE_PUBLIC_KEY_CERTIFICATE:
        result = null;  // used in separate instance key entry
        break;
      case GROUPS:
        result = new BasicAttribute(ServerProperty.GROUPS.getAttributeName());
        for (Object o : ((Set) value)) {
            result.add(o);
        }
        break;
      default:
        result = new BasicAttribute(property.getAttributeName(), value);
    case INSTANCE_PUBLIC_KEY_CERTIFICATE:
      result = null;  // used in separate instance key entry
      break;
    case GROUPS:
      result = new BasicAttribute(ServerProperty.GROUPS.getAttributeName());
      for (Object o : ((Set) value)) {
        result.add(o);
      }
      break;
    default:
      result = new BasicAttribute(property.getAttributeName(), value);
    }
    return result;
  }
@@ -1719,10 +1719,10 @@
    case MEMBERS:
      result = new BasicAttribute(
          ServerGroupProperty.MEMBERS.getAttributeName());
        for (Object o : ((Set) value)) {
            result.add(o);
        }
        break;
      for (Object o : ((Set) value)) {
        result.add(o);
      }
      break;
    default:
      result = new BasicAttribute(property.getAttributeName(), value);
    }
@@ -1738,7 +1738,7 @@
   */
  private Map<ServerGroupProperty, Object> makePropertiesFromServerGroupAttrs(
      Attributes attrs) throws ADSContextException
  {
      {
    HashMap<ServerGroupProperty, Object> result =
      new HashMap<ServerGroupProperty, Object>();
    try
@@ -1778,7 +1778,7 @@
          ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
    }
    return result;
  }
      }

  /**
   * Returns the properties of a server for some LDAP attributes.
@@ -1788,7 +1788,7 @@
   */
  private Map<ServerProperty, Object> makePropertiesFromServerAttrs(
      Attributes attrs) throws ADSContextException
  {
      {
    HashMap<ServerProperty, Object> result =
      new HashMap<ServerProperty, Object>();
    try
@@ -1847,7 +1847,7 @@
          ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
    }
    return result;
  }
      }


  /**
@@ -1960,7 +1960,7 @@
   */
  private static String getHostname(
      Map<ServerProperty, Object> serverProperties) throws ADSContextException
  {
      {
    String result = (String)serverProperties.get(ServerProperty.HOST_NAME);
    if (result == null)
    {
@@ -1973,7 +1973,7 @@
          ADSContextException.ErrorType.NOVALID_HOSTNAME);
    }
    return result;
  }
      }

  /**
   * Returns the Server ID for the given properties.
@@ -2003,7 +2003,7 @@
   */
  private static String getInstallPath(
      Map<ServerProperty, Object> serverProperties) throws ADSContextException
  {
      {
    String result = (String)serverProperties.get(ServerProperty.INSTANCE_PATH);
    if (result == null)
    {
@@ -2016,7 +2016,7 @@
          ADSContextException.ErrorType.NOVALID_IPATH);
    }
    return result;
  }
      }


  /**
@@ -2176,7 +2176,7 @@
    oc.add("groupofurls");
    attrs.put(oc);
    attrs.put("memberURL", "ldap:///" + getAdministratorContainerDN() +
        "??one?(objectclass=*)");
    "??one?(objectclass=*)");
    attrs.put("description", "Group of identities which have full access.");
    createEntry(getAdministratorContainerDN(), attrs);
  }
@@ -2241,12 +2241,12 @@
   * Removes the administration suffix.
   * @throws ADSContextException if something goes wrong.
   */
//  private void removeAdministrationSuffix() throws ADSContextException
//  {
//    ADSContextHelper helper = new ADSContextHelper();
//    helper.removeAdministrationSuffix(getDirContext(),
//                                      getDefaultBackendName());
//  }
//private void removeAdministrationSuffix() throws ADSContextException
//{
//ADSContextHelper helper = new ADSContextHelper();
//helper.removeAdministrationSuffix(getDirContext(),
//getDefaultBackendName());
//}

  /**
   * Returns the default backend name of the administration data.
@@ -2269,7 +2269,7 @@


  /*
     *** CryptoManager related types, fields, and methods. ***
   *** CryptoManager related types, fields, and methods. ***
   */

  /**
@@ -2284,12 +2284,35 @@
  /**
  Returns the parent entry of the secret key entries in ADS.
  @return the parent entry of the secret key entries in ADS.
  */
 public static String getSecretKeysContainerDN()
 {
   return "cn=secret keys," + getAdministrationSuffixDN();
 }
   */
  public static String getSecretKeysContainerDN()
  {
    return "cn=secret keys," + getAdministrationSuffixDN();
  }

  /**
   * Tells whether the provided server is registered in the registry.
   * @param server the server.
   * @param registry the registry.
   * @return <CODE>true</CODE> if the server is registered in the registry
   * and <CODE>false</CODE> otherwise.
   */
  public static boolean isRegistered(
      ServerDescriptor server,
      Set<Map<ADSContext.ServerProperty, Object>> registry)
  {
    boolean isRegistered = false;
    for (Map<ADSContext.ServerProperty, Object> s : registry)
    {
      ServerDescriptor servInRegistry = ServerDescriptor.createStandalone(s);
      if (servInRegistry.getId().equals(server.getId()))
      {
        isRegistered = true;
        break;
      }
    }
    return isRegistered;
  }

  /**
   Register instance key-pair public-key certificate provided in
@@ -2305,8 +2328,8 @@
   getting the instance public key certificate ID.
   */
  private void registerInstanceKeyCertificate(
          Map<ServerProperty, Object> serverProperties,
          LdapName serverEntryDn)
      Map<ServerProperty, Object> serverProperties,
      LdapName serverEntryDn)
  throws ADSContextException {
    ADSContextHelper helper = new ADSContextHelper();
    helper.registerInstanceKeyCertificate(dirContext, serverProperties,
@@ -2320,15 +2343,15 @@
  the instance key entry belongs.
  @param serverEntryDn The server's ADS entry DN.
  @throws NamingException In case some JNDI operation fails.
  */
 private void unregisterInstanceKeyCertificate(
         Map<ServerProperty, Object> serverProperties,
         LdapName serverEntryDn)
 throws ADSContextException {
   ADSContextHelper helper = new ADSContextHelper();
   helper.unregisterInstanceKeyCertificate(dirContext, serverProperties,
       serverEntryDn);
 }
   */
  private void unregisterInstanceKeyCertificate(
      Map<ServerProperty, Object> serverProperties,
      LdapName serverEntryDn)
  throws ADSContextException {
    ADSContextHelper helper = new ADSContextHelper();
    helper.unregisterInstanceKeyCertificate(dirContext, serverProperties,
        serverEntryDn);
  }

  /**
   Return the set of valid (i.e., not tagged as compromised) instance key-pair
@@ -2343,7 +2366,7 @@
   @see org.opends.server.crypto.CryptoManagerImpl#getTrustedCertificates
   */
  public Map<String,byte[]> getTrustedCertificates()
          throws ADSContextException
  throws ADSContextException
  {
    final Map<String, byte[]> certificateMap = new HashMap<String, byte[]>();
    final String baseDNStr = getInstanceKeysContainerDN();
@@ -2351,25 +2374,25 @@
      ADSContextHelper helper = new ADSContextHelper();
      final LdapName baseDN = new LdapName(baseDNStr);
      final String FILTER_OC_INSTANCE_KEY
           = new StringBuilder("(objectclass=")
           .append(helper.getOcCryptoInstanceKey())
           .append(")").toString();
      = new StringBuilder("(objectclass=")
      .append(helper.getOcCryptoInstanceKey())
      .append(")").toString();
      final String FILTER_NOT_COMPROMISED = new StringBuilder("(!(")
              .append(helper.getAttrCryptoKeyCompromisedTime())
              .append("=*))").toString();
      .append(helper.getAttrCryptoKeyCompromisedTime())
      .append("=*))").toString();
      final String searchFilter = new StringBuilder("(&")
              .append(FILTER_OC_INSTANCE_KEY)
              .append(FILTER_NOT_COMPROMISED)
              .append(")").toString();
      .append(FILTER_OC_INSTANCE_KEY)
      .append(FILTER_NOT_COMPROMISED)
      .append(")").toString();
      final SearchControls searchControls = new SearchControls();
      searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
      final String attrIDs[]= {
              ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(),
              ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE
                      .getAttributeName() + ";binary"};
          ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(),
          ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE
          .getAttributeName() + ";binary"};
      searchControls.setReturningAttributes(attrIDs);
      NamingEnumeration<SearchResult> keyEntries
              = dirContext.search(baseDN, searchFilter, searchControls);
      = dirContext.search(baseDN, searchFilter, searchControls);
      while (keyEntries.hasMore()) {
        final SearchResult entry = keyEntries.next();
        final Attributes attrs = entry.getAttributes();
@@ -2381,7 +2404,7 @@
    }
    catch (NamingException x) {
      throw new ADSContextException(
              ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
          ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
    }
    return certificateMap;
  }

 opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java

@@ -4603,7 +4603,7 @@
          {
            adsCtx1.createAdministrator(getAdministratorProperties(uData));
          }
          if (registry2.size() == 0)
          if (!ADSContext.isRegistered(server2, registry2))
          {
            server2.updateAdsPropertiesWithServerProperties();
            registerServer(adsCtx1, server2.getAdsProperties());
@@ -4612,6 +4612,11 @@
          {
            registerServer(adsCtx1, registry2.iterator().next());
          }
          if (!ADSContext.isRegistered(server1, registry1))
          {
            server1.updateAdsPropertiesWithServerProperties();
            registerServer(adsCtx1, server1.getAdsProperties());
          }

          ctxSource = ctx1;
          ctxDestination = ctx2;
@@ -4624,7 +4629,7 @@
          {
            adsCtx2.createAdministrator(getAdministratorProperties(uData));
          }
          if (registry1.size() == 0)
          if (!ADSContext.isRegistered(server1, registry1))
          {
            server1.updateAdsPropertiesWithServerProperties();
            registerServer(adsCtx2, server1.getAdsProperties());
@@ -4633,6 +4638,11 @@
          {
            registerServer(adsCtx2, registry1.iterator().next());
          }
          if (!ADSContext.isRegistered(server2, registry2))
          {
            server2.updateAdsPropertiesWithServerProperties();
            registerServer(adsCtx2, server2.getAdsProperties());
          }

          ctxSource = ctx2;
          ctxDestination = ctx1;
@@ -4664,6 +4674,13 @@
        }
        server1.updateAdsPropertiesWithServerProperties();
        registerServer(adsCtx2, server1.getAdsProperties());
        Set<Map<ADSContext.ServerProperty, Object>> registry2 =
          adsCtx2.readServerRegistry();
        if (!ADSContext.isRegistered(server2, registry2))
        {
          server2.updateAdsPropertiesWithServerProperties();
          registerServer(adsCtx2, server2.getAdsProperties());
        }

        ctxSource = ctx2;
        ctxDestination = ctx1;
@@ -4678,6 +4695,13 @@
        }
        server2.updateAdsPropertiesWithServerProperties();
        registerServer(adsCtx1, server2.getAdsProperties());
        Set<Map<ADSContext.ServerProperty, Object>> registry1 =
          adsCtx1.readServerRegistry();
        if (!ADSContext.isRegistered(server1, registry1))
        {
          server1.updateAdsPropertiesWithServerProperties();
          registerServer(adsCtx1, server1.getAdsProperties());
        }

        ctxSource = ctx1;
        ctxDestination = ctx2;
@@ -5247,7 +5271,7 @@
        // contents of the ADS.
        try
        {
          Thread.sleep(2000);
          Thread.sleep(5000);
        }
        catch (Throwable t)
        {

			@@ -186,8 +186,8 @@
			* named by the ds-cfg-key-id attribute from the server entry.
			*/
			INSTANCE_PUBLIC_KEY_CERTIFICATE(
			"ds-cfg-public-key-certificate",
			ADSPropertySyntax.CERTIFICATE_BINARY);
			"ds-cfg-public-key-certificate",
			ADSPropertySyntax.CERTIFICATE_BINARY);

			private String attrName;
			private ADSPropertySyntax attSyntax;
			@@ -373,7 +373,7 @@
			}

			private static HashMap<String, AdministratorProperty>
			nameToAdminUserProperty = null;
			nameToAdminUserProperty = null;

			/**
			* Get a AdministratorProperty associated to a name.
			@@ -439,7 +439,7 @@
			}
			dirContext.createSubcontext(dn, attrs).close();
			if (serverProperties.containsKey(
			ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE))
			ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE))
			{
			registerInstanceKeyCertificate(serverProperties, dn);
			}
			@@ -452,7 +452,7 @@
			memberList = new HashSet<String>();
			}
			String newMember = "cn="
			+ Rdn.escapeValue(serverProperties.get(ServerProperty.ID));
			+ Rdn.escapeValue(serverProperties.get(ServerProperty.ID));

			memberList.add(newMember);
			serverGroupProperties.put(ServerGroupProperty.MEMBERS, memberList);
			@@ -469,7 +469,7 @@
			}
			groupList.add(ALL_SERVERGROUP_NAME);
			serverProperties.put(ServerProperty.GROUPS, groupList);
			updateServer(serverProperties, null);
			updateServer(serverProperties, null);

			}
			catch (ADSContextException ace)
			@@ -497,7 +497,7 @@
			*/
			public void updateServer(Map<ServerProperty, Object> serverProperties,
			String newServerId) throws ADSContextException
			{
			{
			LdapName dn = makeDNFromServerProperties(serverProperties);

			try
			@@ -517,7 +517,7 @@
			dirContext.modifyAttributes(dn, DirContext.REPLACE_ATTRIBUTE,
			attrs);
			if (serverProperties.containsKey(
			ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE))
			ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE))
			{
			registerInstanceKeyCertificate(serverProperties, dn);
			}
			@@ -536,7 +536,7 @@
			throw new ADSContextException(
			ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
			}
			}
			}

			/**
			* Method called to unregister a server in the ADS. Note that the server's
			@@ -703,7 +703,7 @@
			*/
			public int registerOrUpdateServer(
			Map<ServerProperty, Object> serverProperties) throws ADSContextException
			{
			{
			int result = 0;
			try
			{
			@@ -722,7 +722,7 @@
			}
			}
			return result;
			}
			}

			/**
			* Returns the member list of a group of server.
			@@ -735,7 +735,7 @@
			*/
			public Set<String> getServerGroupMemberList(
			String serverGroupId) throws ADSContextException
			{
			{
			LdapName dn = nameFromDN("cn=" + Rdn.escapeValue(serverGroupId) + ","
			+ getServerGroupContainerDN());

			@@ -788,7 +788,7 @@
			ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
			}
			return result;
			}
			}

			/**
			* Returns a set containing the servers that are registered in the
			@@ -924,7 +924,7 @@
			if (serverGroupProperties.containsKey(ServerGroupProperty.UID))
			{
			String newGroupId = serverGroupProperties
			.get(ServerGroupProperty.UID).toString();
			.get(ServerGroupProperty.UID).toString();
			if (!newGroupId.equals(groupID))
			{
			// Rename to entry
			@@ -1079,7 +1079,7 @@

			sc.setSearchScope(SearchControls.ONELEVEL_SCOPE);
			String[] attList = { "cn", "userpassword", "ds-privilege-name",
			"description" };
			"description" };
			sc.setReturningAttributes(attList);
			ne = dirContext.search(getAdministratorContainerDN(), "(objectclass=*)",
			sc);
			@@ -1314,7 +1314,7 @@
			makeDNFromAdministratorProperties(adminProperties);

			boolean updatePassword = adminProperties
			.containsKey(AdministratorProperty.PASSWORD);
			.containsKey(AdministratorProperty.PASSWORD);
			try
			{
			// Entry renaming
			@@ -1343,7 +1343,7 @@
			SearchResult sr = (SearchResult)ne.next();

			currentPrivileges = sr.getAttributes().get("ds-privilege-name")
			.getAll();
			.getAll();
			}

			// Replace properties, if needed.
			@@ -1393,10 +1393,10 @@
			*/
			private static LdapName makeDNFromHostnameAndPath(String hostname,
			String ipath) throws ADSContextException
			{
			{
			String cnValue = Rdn.escapeValue(hostname + "@" + ipath);
			return nameFromDN("cn=" + cnValue + "," + getServerContainerDN());
			}
			}

			/**
			* This method returns the DN of the entry that corresponds to the given host
			@@ -1433,7 +1433,7 @@
			throw new ADSContextException(ADSContextException.ErrorType.MISSING_NAME);
			}
			return nameFromDN("cn=" + Rdn.escapeValue(serverGroupId) + "," +
			getServerGroupContainerDN());
			getServerGroupContainerDN());
			}

			/**
			@@ -1446,7 +1446,7 @@
			*/
			private static LdapName makeDNFromServerProperties(
			Map<ServerProperty, Object> serverProperties) throws ADSContextException
			{
			{
			String serverID ;
			if ( (serverID = getServerID(serverProperties)) != null )
			{
			@@ -1464,7 +1464,7 @@
			ServerDescriptor s = ServerDescriptor.createStandalone(serverProperties);
			return makeDNFromServerUniqueId(s.getHostPort(true));
			}
			}
			}

			/**
			* This method returns the DN of the entry that corresponds to the given
			@@ -1476,12 +1476,12 @@
			*/
			public static String getServerIdFromServerProperties(
			Map<ServerProperty, Object> serverProperties) throws ADSContextException
			{
			{
			LdapName ldapName = makeDNFromServerProperties(serverProperties);
			String rdn = ldapName.get(ldapName.size() -1);
			int pos = rdn.indexOf("=");
			return rdn.substring(pos+1);
			}
			}

			/**
			* This method returns the DN of the entry that corresponds to the given
			@@ -1547,7 +1547,7 @@
			}

			LinkedList privileges = (LinkedList)
			adminProperties.get(AdministratorProperty.PRIVILEGE);
			adminProperties.get(AdministratorProperty.PRIVILEGE);
			for( Object o : privileges)
			{
			String p = o.toString() ;
			@@ -1643,17 +1643,17 @@

			switch(property)
			{
			case INSTANCE_PUBLIC_KEY_CERTIFICATE:
			result = null; // used in separate instance key entry
			break;
			case GROUPS:
			result = new BasicAttribute(ServerProperty.GROUPS.getAttributeName());
			for (Object o : ((Set) value)) {
			result.add(o);
			}
			break;
			default:
			result = new BasicAttribute(property.getAttributeName(), value);
			case INSTANCE_PUBLIC_KEY_CERTIFICATE:
			result = null; // used in separate instance key entry
			break;
			case GROUPS:
			result = new BasicAttribute(ServerProperty.GROUPS.getAttributeName());
			for (Object o : ((Set) value)) {
			result.add(o);
			}
			break;
			default:
			result = new BasicAttribute(property.getAttributeName(), value);
			}
			return result;
			}
			@@ -1719,10 +1719,10 @@
			case MEMBERS:
			result = new BasicAttribute(
			ServerGroupProperty.MEMBERS.getAttributeName());
			for (Object o : ((Set) value)) {
			result.add(o);
			}
			break;
			for (Object o : ((Set) value)) {
			result.add(o);
			}
			break;
			default:
			result = new BasicAttribute(property.getAttributeName(), value);
			}
			@@ -1738,7 +1738,7 @@
			*/
			private Map<ServerGroupProperty, Object> makePropertiesFromServerGroupAttrs(
			Attributes attrs) throws ADSContextException
			{
			{
			HashMap<ServerGroupProperty, Object> result =
			new HashMap<ServerGroupProperty, Object>();
			try
			@@ -1778,7 +1778,7 @@
			ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
			}
			return result;
			}
			}

			/**
			* Returns the properties of a server for some LDAP attributes.
			@@ -1788,7 +1788,7 @@
			*/
			private Map<ServerProperty, Object> makePropertiesFromServerAttrs(
			Attributes attrs) throws ADSContextException
			{
			{
			HashMap<ServerProperty, Object> result =
			new HashMap<ServerProperty, Object>();
			try
			@@ -1847,7 +1847,7 @@
			ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
			}
			return result;
			}
			}


			/**
			@@ -1960,7 +1960,7 @@
			*/
			private static String getHostname(
			Map<ServerProperty, Object> serverProperties) throws ADSContextException
			{
			{
			String result = (String)serverProperties.get(ServerProperty.HOST_NAME);
			if (result == null)
			{
			@@ -1973,7 +1973,7 @@
			ADSContextException.ErrorType.NOVALID_HOSTNAME);
			}
			return result;
			}
			}

			/**
			* Returns the Server ID for the given properties.
			@@ -2003,7 +2003,7 @@
			*/
			private static String getInstallPath(
			Map<ServerProperty, Object> serverProperties) throws ADSContextException
			{
			{
			String result = (String)serverProperties.get(ServerProperty.INSTANCE_PATH);
			if (result == null)
			{
			@@ -2016,7 +2016,7 @@
			ADSContextException.ErrorType.NOVALID_IPATH);
			}
			return result;
			}
			}


			/**
			@@ -2176,7 +2176,7 @@
			oc.add("groupofurls");
			attrs.put(oc);
			attrs.put("memberURL", "ldap:///" + getAdministratorContainerDN() +
			"??one?(objectclass=*)");
			"??one?(objectclass=*)");
			attrs.put("description", "Group of identities which have full access.");
			createEntry(getAdministratorContainerDN(), attrs);
			}
			@@ -2241,12 +2241,12 @@
			* Removes the administration suffix.
			* @throws ADSContextException if something goes wrong.
			*/
			// private void removeAdministrationSuffix() throws ADSContextException
			// {
			// ADSContextHelper helper = new ADSContextHelper();
			// helper.removeAdministrationSuffix(getDirContext(),
			// getDefaultBackendName());
			// }
			//private void removeAdministrationSuffix() throws ADSContextException
			//{
			//ADSContextHelper helper = new ADSContextHelper();
			//helper.removeAdministrationSuffix(getDirContext(),
			//getDefaultBackendName());
			//}

			/**
			* Returns the default backend name of the administration data.
			@@ -2269,7 +2269,7 @@


			/*
			* CryptoManager related types, fields, and methods. *
			* CryptoManager related types, fields, and methods. *
			*/

			/**
			@@ -2284,12 +2284,35 @@
			/**
			Returns the parent entry of the secret key entries in ADS.
			@return the parent entry of the secret key entries in ADS.
			*/
			public static String getSecretKeysContainerDN()
			{
			return "cn=secret keys," + getAdministrationSuffixDN();
			}
			*/
			public static String getSecretKeysContainerDN()
			{
			return "cn=secret keys," + getAdministrationSuffixDN();
			}

			/**
			* Tells whether the provided server is registered in the registry.
			* @param server the server.
			* @param registry the registry.
			* @return <CODE>true</CODE> if the server is registered in the registry
			* and <CODE>false</CODE> otherwise.
			*/
			public static boolean isRegistered(
			ServerDescriptor server,
			Set<Map<ADSContext.ServerProperty, Object>> registry)
			{
			boolean isRegistered = false;
			for (Map<ADSContext.ServerProperty, Object> s : registry)
			{
			ServerDescriptor servInRegistry = ServerDescriptor.createStandalone(s);
			if (servInRegistry.getId().equals(server.getId()))
			{
			isRegistered = true;
			break;
			}
			}
			return isRegistered;
			}

			/**
			Register instance key-pair public-key certificate provided in
			@@ -2305,8 +2328,8 @@
			getting the instance public key certificate ID.
			*/
			private void registerInstanceKeyCertificate(
			Map<ServerProperty, Object> serverProperties,
			LdapName serverEntryDn)
			Map<ServerProperty, Object> serverProperties,
			LdapName serverEntryDn)
			throws ADSContextException {
			ADSContextHelper helper = new ADSContextHelper();
			helper.registerInstanceKeyCertificate(dirContext, serverProperties,
			@@ -2320,15 +2343,15 @@
			the instance key entry belongs.
			@param serverEntryDn The server's ADS entry DN.
			@throws NamingException In case some JNDI operation fails.
			*/
			private void unregisterInstanceKeyCertificate(
			Map<ServerProperty, Object> serverProperties,
			LdapName serverEntryDn)
			throws ADSContextException {
			ADSContextHelper helper = new ADSContextHelper();
			helper.unregisterInstanceKeyCertificate(dirContext, serverProperties,
			serverEntryDn);
			}
			*/
			private void unregisterInstanceKeyCertificate(
			Map<ServerProperty, Object> serverProperties,
			LdapName serverEntryDn)
			throws ADSContextException {
			ADSContextHelper helper = new ADSContextHelper();
			helper.unregisterInstanceKeyCertificate(dirContext, serverProperties,
			serverEntryDn);
			}

			/**
			Return the set of valid (i.e., not tagged as compromised) instance key-pair
			@@ -2343,7 +2366,7 @@
			@see org.opends.server.crypto.CryptoManagerImpl#getTrustedCertificates
			*/
			public Map<String,byte[]> getTrustedCertificates()
			throws ADSContextException
			throws ADSContextException
			{
			final Map<String, byte[]> certificateMap = new HashMap<String, byte[]>();
			final String baseDNStr = getInstanceKeysContainerDN();
			@@ -2351,25 +2374,25 @@
			ADSContextHelper helper = new ADSContextHelper();
			final LdapName baseDN = new LdapName(baseDNStr);
			final String FILTER_OC_INSTANCE_KEY
			= new StringBuilder("(objectclass=")
			.append(helper.getOcCryptoInstanceKey())
			.append(")").toString();
			= new StringBuilder("(objectclass=")
			.append(helper.getOcCryptoInstanceKey())
			.append(")").toString();
			final String FILTER_NOT_COMPROMISED = new StringBuilder("(!(")
			.append(helper.getAttrCryptoKeyCompromisedTime())
			.append("=*))").toString();
			.append(helper.getAttrCryptoKeyCompromisedTime())
			.append("=*))").toString();
			final String searchFilter = new StringBuilder("(&")
			.append(FILTER_OC_INSTANCE_KEY)
			.append(FILTER_NOT_COMPROMISED)
			.append(")").toString();
			.append(FILTER_OC_INSTANCE_KEY)
			.append(FILTER_NOT_COMPROMISED)
			.append(")").toString();
			final SearchControls searchControls = new SearchControls();
			searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
			final String attrIDs[]= {
			ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(),
			ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE
			.getAttributeName() + ";binary"};
			ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(),
			ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE
			.getAttributeName() + ";binary"};
			searchControls.setReturningAttributes(attrIDs);
			NamingEnumeration<SearchResult> keyEntries
			= dirContext.search(baseDN, searchFilter, searchControls);
			= dirContext.search(baseDN, searchFilter, searchControls);
			while (keyEntries.hasMore()) {
			final SearchResult entry = keyEntries.next();
			final Attributes attrs = entry.getAttributes();
			@@ -2381,7 +2404,7 @@
			}
			catch (NamingException x) {
			throw new ADSContextException(
			ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
			ADSContextException.ErrorType.ERROR_UNEXPECTED, x);
			}
			return certificateMap;
			}

			@@ -4603,7 +4603,7 @@
			{
			adsCtx1.createAdministrator(getAdministratorProperties(uData));
			}
			if (registry2.size() == 0)
			if (!ADSContext.isRegistered(server2, registry2))
			{
			server2.updateAdsPropertiesWithServerProperties();
			registerServer(adsCtx1, server2.getAdsProperties());
			@@ -4612,6 +4612,11 @@
			{
			registerServer(adsCtx1, registry2.iterator().next());
			}
			if (!ADSContext.isRegistered(server1, registry1))
			{
			server1.updateAdsPropertiesWithServerProperties();
			registerServer(adsCtx1, server1.getAdsProperties());
			}

			ctxSource = ctx1;
			ctxDestination = ctx2;
			@@ -4624,7 +4629,7 @@
			{
			adsCtx2.createAdministrator(getAdministratorProperties(uData));
			}
			if (registry1.size() == 0)
			if (!ADSContext.isRegistered(server1, registry1))
			{
			server1.updateAdsPropertiesWithServerProperties();
			registerServer(adsCtx2, server1.getAdsProperties());
			@@ -4633,6 +4638,11 @@
			{
			registerServer(adsCtx2, registry1.iterator().next());
			}
			if (!ADSContext.isRegistered(server2, registry2))
			{
			server2.updateAdsPropertiesWithServerProperties();
			registerServer(adsCtx2, server2.getAdsProperties());
			}

			ctxSource = ctx2;
			ctxDestination = ctx1;
			@@ -4664,6 +4674,13 @@
			}
			server1.updateAdsPropertiesWithServerProperties();
			registerServer(adsCtx2, server1.getAdsProperties());
			Set<Map<ADSContext.ServerProperty, Object>> registry2 =
			adsCtx2.readServerRegistry();
			if (!ADSContext.isRegistered(server2, registry2))
			{
			server2.updateAdsPropertiesWithServerProperties();
			registerServer(adsCtx2, server2.getAdsProperties());
			}

			ctxSource = ctx2;
			ctxDestination = ctx1;
			@@ -4678,6 +4695,13 @@
			}
			server2.updateAdsPropertiesWithServerProperties();
			registerServer(adsCtx1, server2.getAdsProperties());
			Set<Map<ADSContext.ServerProperty, Object>> registry1 =
			adsCtx1.readServerRegistry();
			if (!ADSContext.isRegistered(server1, registry1))
			{
			server1.updateAdsPropertiesWithServerProperties();
			registerServer(adsCtx1, server1.getAdsProperties());
			}

			ctxSource = ctx1;
			ctxDestination = ctx2;
			@@ -5247,7 +5271,7 @@
			// contents of the ADS.
			try
			{
			Thread.sleep(2000);
			Thread.sleep(5000);
			}
			catch (Throwable t)
			{