[Pki-devel] [PATCH] 0031..0033 minor LDAPProfileSubsystem fixes
Fraser Tweedale
ftweedal at redhat.com
Thu May 7 04:49:36 UTC 2015
On Tue, Apr 14, 2015 at 10:37:55AM +1000, Fraser Tweedale wrote:
> On Mon, Apr 13, 2015 at 12:21:10PM -0500, Endi Sukma Dewata wrote:
> > ACK for #31 & #33.
> >
> Thanks! Pushed to master:
>
> #33: bdd5cc7 Consolidate profile persistent search try/catch blocks
> #31: d83f688 Remove unneeded collection from profile subsystems
>
> > On 4/13/2015 1:12 AM, Fraser Tweedale wrote:
> > >profileId = new X500Name(dn).getCommonName();
> >
> > For #32, I don't think we should use X500Name since this is a generic LDAP
> > DN, not necessarily a DN in a certificate. There may be multiple CN's in a
> > generic DN (e.g. cn=...,cn=...,dc=example,dc=com).
> >
> > Probably it should be like this:
> >
> > // assuming DN: cn=<profileId>,...
> > profileId = LDAPDN.explodeDN(dn, true)[0];
> >
> New patch #32 attached.
>
ping
> Cheers,
> Fraser
> >From b4280b4d02ffca89ed154188c025d26abc0386be Mon Sep 17 00:00:00 2001
> From: Fraser Tweedale <frase at frase.id.au>
> Date: Mon, 13 Apr 2015 01:19:58 -0400
> Subject: [PATCH] Get profile ID from DN instead of CN attribute
>
> ---
> .../cmscore/profile/LDAPProfileSubsystem.java | 23 ++++++++++++++--------
> 1 file changed, 15 insertions(+), 8 deletions(-)
>
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java
> index 0c390be581f12d8364c2ea95c62dd4ab8da93cbb..bd41f94885587076b5ba871cf84efd4199e7359d 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java
> @@ -28,6 +28,7 @@ import java.util.Vector;
> import netscape.ldap.LDAPAttribute;
> import netscape.ldap.LDAPConnection;
> import netscape.ldap.LDAPControl;
> +import netscape.ldap.LDAPDN;
> import netscape.ldap.LDAPEntry;
> import netscape.ldap.LDAPException;
> import netscape.ldap.LDAPSearchConstraints;
> @@ -106,8 +107,13 @@ public class LDAPProfileSubsystem
> IPluginRegistry registry = (IPluginRegistry)
> CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
>
> - String profileId = (String)
> - ldapProfile.getAttribute("cn").getStringValues().nextElement();
> + String profileId = null;
> + String dn = ldapProfile.getDN();
> + if (!dn.startsWith("cn=")) {
> + CMS.debug("Error reading profile entry: DN " + dn + " does not start with 'cn='");
> + return;
> + }
> + profileId = LDAPDN.explodeDN(dn, true)[0];
>
> String classId = (String)
> ldapProfile.getAttribute("classId").getStringValues().nextElement();
> @@ -218,13 +224,14 @@ public class LDAPProfileSubsystem
> }
>
> private void forgetProfile(LDAPEntry entry) {
> - String profileId = (String)
> - entry.getAttribute("cn").getStringValues().nextElement();
> - if (profileId == null) {
> - CMS.debug("forgetProfile: error retrieving cn (profileId) from LDAPEntry");
> - } else {
> - forgetProfile(profileId);
> + String profileId = null;
> + String dn = entry.getDN();
> + if (!dn.startsWith("cn=")) {
> + CMS.debug("forgetProfile: DN " + dn + " does not start with 'cn='");
> + return;
> }
> + profileId = LDAPDN.explodeDN(dn, true)[0];
> + forgetProfile(profileId);
> }
>
> /**
> --
> 2.1.0
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list