From d99a8227a80998e38d1b6b0193895090276db7f1 Mon Sep 17 00:00:00 2001
From: Ludovic Poitou <ludovic.poitou@forgerock.com>
Date: Mon, 21 May 2012 13:12:46 +0000
Subject: [PATCH] Fix OPENDJ-487: Normal acis under cn=config are not loaded at startup. Rather than using regular internal connection search, lets search directly in the config backend, as it's not yet registered as a workflow. The method is similar to what is done for the subEntryManager and the groupManager.
---
opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java | 79 +++++++++++++++++++++++++++------------
1 files changed, 54 insertions(+), 25 deletions(-)
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index 6e8596c..d0f6401 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -49,6 +49,7 @@
import org.opends.server.admin.std.server.DseeCompatAccessControlHandlerCfg;
import org.opends.server.api.AccessControlHandler;
import org.opends.server.api.ClientConnection;
+import org.opends.server.api.ConfigHandler;
import org.opends.server.backends.jeb.EntryContainer;
import org.opends.server.config.ConfigException;
import org.opends.server.controls.GetEffectiveRightsRequestControl;
@@ -1285,36 +1286,64 @@
*/
private void processConfigAcis() throws InitializationException
{
- try
+ LinkedHashSet<String> requestAttrs = new LinkedHashSet<String>(1);
+ requestAttrs.add("aci");
+ LinkedList<Message> failedACIMsgs = new LinkedList<Message>();
+ InternalClientConnection conn =
+ InternalClientConnection.getRootConnection();
+
+ ConfigHandler configBackend = DirectoryServer.getConfigHandler();
+ for (DN baseDN : configBackend.getBaseDNs())
{
- DN configDN = DN.decode("cn=config");
- LinkedHashSet<String> attrs = new LinkedHashSet<String>(1);
- attrs.add("aci");
- LinkedList<Message> failedACIMsgs = new LinkedList<Message>();
- InternalClientConnection conn =
- InternalClientConnection.getRootConnection();
- InternalSearchOperation op =
- conn.processSearch(configDN, SearchScope.WHOLE_SUBTREE,
- DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false,
- SearchFilter.createFilterFromString("aci=*"), attrs);
- if (!op.getSearchEntries().isEmpty())
+ try
{
- int validAcis =
- aciList.addAci(op.getSearchEntries(), failedACIMsgs);
- if (!failedACIMsgs.isEmpty())
+ if (! configBackend.entryExists(baseDN))
{
- aciListenerMgr.logMsgsSetLockDownMode(failedACIMsgs);
+ continue;
}
- Message message =
- INFO_ACI_ADD_LIST_ACIS.get(Integer.toString(validAcis),
- String.valueOf(configDN));
- logError(message);
}
- }
- catch (DirectoryException e)
- {
- Message message = INFO_ACI_HANDLER_FAIL_PROCESS_ACI.get();
- throw new InitializationException(message, e);
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ }
+
+ // FIXME -- Is there anything that we need to do here?
+ continue;
+ }
+
+ try {
+ InternalSearchOperation internalSearch = new InternalSearchOperation(
+ conn, InternalClientConnection.nextOperationID(),
+ InternalClientConnection.nextMessageID(),
+ null, baseDN, SearchScope.WHOLE_SUBTREE,
+ DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false,
+ SearchFilter.createFilterFromString("aci=*"), requestAttrs, null);
+ LocalBackendSearchOperation localSearch =
+ new LocalBackendSearchOperation(internalSearch);
+
+ configBackend.search(localSearch);
+
+ if (!internalSearch.getSearchEntries().isEmpty())
+ {
+ int validAcis =
+ aciList.addAci(internalSearch.getSearchEntries(), failedACIMsgs);
+ if (!failedACIMsgs.isEmpty())
+ {
+ aciListenerMgr.logMsgsSetLockDownMode(failedACIMsgs);
+ }
+ Message message =
+ INFO_ACI_ADD_LIST_ACIS.get(Integer.toString(validAcis),
+ String.valueOf(baseDN));
+ logError(message);
+ }
+ }
+ catch (Exception e)
+ {
+ Message message = INFO_ACI_HANDLER_FAIL_PROCESS_ACI.get();
+ throw new InitializationException(message, e);
+ }
}
}
--
Gitblit v1.10.0