[Pki-devel] [PATCH] 0031..0033 minor LDAPProfileSubsystem fixes

Tue Apr 14 00:37:55 UTC 2015

On Mon, Apr 13, 2015 at 12:21:10PM -0500, Endi Sukma Dewata wrote:
> ACK for #31 & #33.
> 
Thanks!  Pushed to master:

#33: bdd5cc7 Consolidate profile persistent search try/catch blocks
#31: d83f688 Remove unneeded collection from profile subsystems

> On 4/13/2015 1:12 AM, Fraser Tweedale wrote:
> >profileId = new X500Name(dn).getCommonName();
> 
> For #32, I don't think we should use X500Name since this is a generic LDAP
> DN, not necessarily a DN in a certificate. There may be multiple CN's in a
> generic DN (e.g. cn=...,cn=...,dc=example,dc=com).
> 
> Probably it should be like this:
> 
>     // assuming DN: cn=<profileId>,...
>     profileId = LDAPDN.explodeDN(dn, true)[0];
> 
New patch #32 attached.

Cheers,
Fraser
-------------- next part --------------
>From b4280b4d02ffca89ed154188c025d26abc0386be Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <frase at frase.id.au>
Date: Mon, 13 Apr 2015 01:19:58 -0400
Subject: [PATCH] Get profile ID from DN instead of CN attribute

---
 .../cmscore/profile/LDAPProfileSubsystem.java      | 23 ++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java
index 0c390be581f12d8364c2ea95c62dd4ab8da93cbb..bd41f94885587076b5ba871cf84efd4199e7359d 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java
@@ -28,6 +28,7 @@ import java.util.Vector;
 import netscape.ldap.LDAPAttribute;
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPControl;
+import netscape.ldap.LDAPDN;
 import netscape.ldap.LDAPEntry;
 import netscape.ldap.LDAPException;
 import netscape.ldap.LDAPSearchConstraints;
@@ -106,8 +107,13 @@ public class LDAPProfileSubsystem
         IPluginRegistry registry = (IPluginRegistry)
             CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
 
-        String profileId = (String)
-            ldapProfile.getAttribute("cn").getStringValues().nextElement();
+        String profileId = null;
+        String dn = ldapProfile.getDN();
+        if (!dn.startsWith("cn=")) {
+            CMS.debug("Error reading profile entry: DN " + dn + " does not start with 'cn='");
+            return;
+        }
+        profileId = LDAPDN.explodeDN(dn, true)[0];
 
         String classId = (String)
             ldapProfile.getAttribute("classId").getStringValues().nextElement();
@@ -218,13 +224,14 @@ public class LDAPProfileSubsystem
     }
 
     private void forgetProfile(LDAPEntry entry) {
-        String profileId = (String)
-            entry.getAttribute("cn").getStringValues().nextElement();
-        if (profileId == null) {
-            CMS.debug("forgetProfile: error retrieving cn (profileId) from LDAPEntry");
-        } else {
-            forgetProfile(profileId);
+        String profileId = null;
+        String dn = entry.getDN();
+        if (!dn.startsWith("cn=")) {
+            CMS.debug("forgetProfile: DN " + dn + " does not start with 'cn='");
+            return;
         }
+        profileId = LDAPDN.explodeDN(dn, true)[0];
+        forgetProfile(profileId);
     }
 
     /**
-- 
2.1.0

