Index: security/core/src/main/java/com/sun/enterprise/security/cli/LocalStrings.properties =================================================================== --- security/core/src/main/java/com/sun/enterprise/security/cli/LocalStrings.properties (revision 33596) +++ security/core/src/main/java/com/sun/enterprise/security/cli/LocalStrings.properties (working copy) @@ -69,6 +69,7 @@ ldap.ok=LDAP server at {0} is accessible. ldap.na=LDAP server at {0} could not be accessed. Exception {1} was thrown with this message: {2}. ldap.realm.setup=The LDAP Auth Realm {0} was configured correctly in admin server''s configuration. +admin.realm.deleted=The {0} was deleted to prepare for the new LDAP Auth Realm. config.to.ldap=Auth Realm named {0} will be configured for given LDAP. Any existing realm with that name will be renamed to {1}. The renamed auth realm can be removed. #realm.not.refreshed=Admin auth realm could not be refreshed. Please restart the server. create.password.alias.alreadyexists=Password alias with the specified name already exists. Please use the update-password-alias command to change it \ No newline at end of file Index: security/core/src/main/java/com/sun/enterprise/security/cli/LDAPAdminAccessConfigurator.java =================================================================== --- security/core/src/main/java/com/sun/enterprise/security/cli/LDAPAdminAccessConfigurator.java (revision 33596) +++ security/core/src/main/java/com/sun/enterprise/security/cli/LDAPAdminAccessConfigurator.java (working copy) @@ -145,7 +145,8 @@ } } //following things should happen transactionally - TODO replace SingleConfigCode by ConfigCode ... - renameRealm(sb, getAdminRealm(asc.getSecurityService()), getNewRealmName(asc.getSecurityService())); + //renameRealm(sb, getAdminRealm(asc.getSecurityService()), getNewRealmName(asc.getSecurityService())); + deleteRealm(asc.getSecurityService(), sb); createRealm(asc.getSecurityService(), sb); configureAdminService(asc.getAdminService()); //configure(asc.getSecurityService(), asc.getAdminService(), sb); @@ -199,6 +200,20 @@ ConfigSupport.apply(scc, ss); } + private void deleteRealm(SecurityService ss, final StringBuilder sb) throws TransactionFailure { + SingleConfigCode scc = new SingleConfigCode() { + public Object run(SecurityService ss) throws PropertyVetoException, TransactionFailure { + //AuthRealm ldapr = createLDAPRealm(ss); + AuthRealm oldAdminRealm = getAdminRealm(ss); + ss.getAuthRealm().remove(oldAdminRealm); + //ss.getAuthRealm().add(ldapr); + appendNL(sb,lsm.getString("admin.realm.deleted", FIXED_ADMIN_REALM_NAME)); + return true; + } + }; + ConfigSupport.apply(scc, ss); + } + private void renameRealm(final StringBuilder sb, AuthRealm realm, final String to) throws PropertyVetoException, TransactionFailure { SingleConfigCode scc = new SingleConfigCode() { public Object run(AuthRealm realm) throws PropertyVetoException, TransactionFailure {