From e9f3fb9b8ba51a4710129d11f4030a53669dc157 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Aug 22 2014 16:09:19 +0000
Subject: Ticket 47665 - Create new instance results in setting wrong ACI for the "cn=config" entry


Bug Description:  When creating a new instance, ds_create uses the wrong uid
                  for the admin user.

Fix Description:  If the admin user is not set, then try and query it from the CGI
                  request, if that fails, then use the current logged in entry.

https://fedorahosted.org/389/ticket/47665

Reviewed by: rmeggins(Thanks!)

---

diff --git a/admserv/cgi-src40/ds_create.in b/admserv/cgi-src40/ds_create.in
index c91fce4..a922df6 100644
--- a/admserv/cgi-src40/ds_create.in
+++ b/admserv/cgi-src40/ds_create.in
@@ -68,10 +68,16 @@ $inf->{General}->{ConfigDirectoryAdminPwd} = $query->param('cfg_sspt_uid_pw');
 $inf->{General}->{AdminDomain} = $query->param('admin_domain') ||
     $admConf->{AdminDomain};
 
-# need to get the admin uid
+# Need to get the admin uid.  Start with querying suitespot3x_uid as this should be the admin user
+# ConfigDirectoryAdminID is the current account thats logged in, and it could be the root DN - bad
+# for ACI's
 if (!$inf->{admin}->{ServerAdminID}) {
-    my @rdns = ldap_explode_dn($inf->{General}->{ConfigDirectoryAdminID}, 1);
-    $inf->{admin}->{ServerAdminID} = $rdns[0];
+    $inf->{admin}->{ServerAdminID} = $query->param('suitespot3x_uid');
+    if (!$inf->{admin}->{ServerAdminID}) {
+        # Still can not find the admin user, we must use the logged in user
+        my @rdns = ldap_explode_dn($inf->{General}->{ConfigDirectoryAdminID}, 1);
+        $inf->{admin}->{ServerAdminID} = $rdns[0];
+    }
 }
 
 if (!createSubDSNoConn($inf, \@errs)) {