[Pki-devel] [PATCH] Added fix for pki-server for db-update

Wed, 13 Jul 2016 04:07:35 -0700 

Hi,

Please review this patch.Below is a small summary about this fix and
what we are trying to achieve.

CLI :  pki-server db-upgrade

what it should be doing is if it sees that issuerName doesn't exist,NULL
it will add it itself.

Operation 1 : Search for the empty cn value for issuerName
-------------------------------------------------------------------------------

Current :   '(&(objectclass=certificateRecord)(issuerName=*))  -- I
tried this it didn't show data even if i have record with empty issuerName

Modified :  (&(objectclass=certificateRecord)(!(issuerName=cn*)))'   --
This solves the purpose as it shows all the certs without issuerName


Operation 2 : If we see a empty cn value , we are replacing it with
value we get from code
------------------------------------------------------------------------------------------------------------------
< code>

cert = nss.Certificate(bytearray(attr_cert[0]))
        issuer_name = str(cert.issuer)

</code>

Current : we are updating the list it the format as mentioned 
'issuerName': ['', 'CN=CA Signing Certificate,O=example.com Security
Domain']

Do we want to keep this behavior or we want to overwrite it in first
place? I believe in place of we do it MOD_REPLACE.

<try:
            conn.ldap.modify_s(dn, [(ldap.MOD_ADD, 'issuerName',
issuer_name)])
>

Modified : onn.ldap.modify_s(dn, [(ldap.MOD_REPLACE, 'issuerName',
issuer_name)])

Thanks
Geetika

>From 7f5f7192eeb4cc56e4ee71ca34e23df5ec94f3bc Mon Sep 17 00:00:00 2001
From: Geetika Kapoor <gkap...@redhat.com>
Date: Wed, 13 Jul 2016 06:57:08 -0400
Subject: [PATCH] Added fix for pki-server for db-update

fixes: https://fedorahosted.org/pki/ticket/1667

Signed-off-by: Geetika Kapoor <gkap...@redhat.com>
---
 base/server/python/pki/server/cli/db.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/base/server/python/pki/server/cli/db.py b/base/server/python/pki/server/cli/db.py
index cc768da73b39fb80ce5b285c613f69949908d73f..b02f5845d5b7c1caa758db6edb7a22be84b3d404 100644
--- a/base/server/python/pki/server/cli/db.py
+++ b/base/server/python/pki/server/cli/db.py
@@ -202,7 +202,7 @@ class DBUpgrade(pki.cli.CLI):
             entries = conn.ldap.search_s(
                 repo_dn,
                 ldap.SCOPE_ONELEVEL,
-                '(&(objectclass=certificateRecord)(!(issuerName=*)))',
+                '(&(objectclass=certificateRecord)(!(issuerName=cn*)))',
                 None)
 
             for entry in entries:
@@ -227,7 +227,7 @@ class DBUpgrade(pki.cli.CLI):
         issuer_name = str(cert.issuer)
 
         try:
-            conn.ldap.modify_s(dn, [(ldap.MOD_ADD, 'issuerName', issuer_name)])
+            conn.ldap.modify_s(dn, [(ldap.MOD_REPLACE, 'issuerName', issuer_name)])
         except ldap.LDAPError as e:
             print(
                 'Failed to add issuerName to certificate {}: {}'
-- 
1.8.3.1


_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Reply via email to