Description of problem: When tps operator role was created, the ldap group tus officers was used to store users who were "operators". This is incorrect because this group is supposed to be used for those users who are security officers and allowed to log into the security officers workstation. A new group "tus operators" must be added and used instead. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 483767 [details] patch to fix
Comment on attachment 483767 [details] patch to fix good catch. Thanks.
8.1: [vakwetu@goofy-vm4 tps]$ svn ci -m "Bugzilla BZ#684259: incorrect group used for tps operators" Sending tps/scripts/addAgents.ldif Sending tps/src/include/tus/tus_db.h Sending tps/src/modules/tokendb/mod_tokendb.cpp Sending tps/src/tus/tus_db.c Transmitting file data .... Committed revision 1894. tip: [vakwetu@dhcp231-121 tps]$ svn ci -m "Bugzilla BZ#684259: incorrect group used for tps operators" Sending tps/scripts/addAgents.ldif Sending tps/src/include/tus/tus_db.h Sending tps/src/modules/tokendb/mod_tokendb.cpp Sending tps/src/tus/tus_db.c Transmitting file data .... Committed revision 1895.
Note to docs: This may have migration implications from 8.0-> 8.1. Specifically, for existing instances, the admin will need to : 1. add a new group for the TUS Operators 2. add all the users that were operators to this new group - either through ldap or through the admin UI pages. dn: cn=TUS Operators,ou=Groups,$TOKENDB_ROOT objectClass: top objectClass: groupOfNames cn: TUS Operators member: uid=admin,ou=People,$TOKENDB_ROOT description: Operators for TUS
Created attachment 486627 [details] ui patch
ui patch (tip): [vakwetu@dhcp231-121 tps-ui]$ svn ci -m "Bugzilla BZ684259: wrong group used for tps operators" Sending tps-ui/shared/docroot/tokendb/editUser.template Sending tps-ui/shared/docroot/tokendb/newUser.template Sending tps-ui/shared/docroot/tokendb/userDelete.template Transmitting file data ..... Committed revision 1902. 8.1: [vakwetu@goofy-vm4 tps-ui]$ svn ci -m "Bugzilla BZ684259: wrong group used for tps operators" Sending tps-ui/shared/docroot/tokendb/editUser.template Sending tps-ui/shared/docroot/tokendb/newUser.template Sending tps-ui/shared/docroot/tokendb/userDelete.template Transmitting file data ... Committed revision 15841.
I added step 11 to the TPS LDAP db migration procedure: http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Migration_Guide/Token_Processing_System_Migration.html
-Migration from CS 8.0 -> 8.1 created the TUS Operators group in the ldap db. -After the migration adding existing users to the TUS operators group using TPS UI is successful. -After the migration creating a new operator user in the TPS UI is successful. Marking the bug verified.