[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] [PATCH] 0031..0033 minor LDAPProfileSubsystem fixes



On Tue, Apr 14, 2015 at 10:37:55AM +1000, Fraser Tweedale wrote:
> On Mon, Apr 13, 2015 at 12:21:10PM -0500, Endi Sukma Dewata wrote:
> > ACK for #31 & #33.
> > 
> Thanks!  Pushed to master:
> 
> #33: bdd5cc7 Consolidate profile persistent search try/catch blocks
> #31: d83f688 Remove unneeded collection from profile subsystems
> 
> > On 4/13/2015 1:12 AM, Fraser Tweedale wrote:
> > >profileId = new X500Name(dn).getCommonName();
> > 
> > For #32, I don't think we should use X500Name since this is a generic LDAP
> > DN, not necessarily a DN in a certificate. There may be multiple CN's in a
> > generic DN (e.g. cn=...,cn=...,dc=example,dc=com).
> > 
> > Probably it should be like this:
> > 
> >     // assuming DN: cn=<profileId>,...
> >     profileId = LDAPDN.explodeDN(dn, true)[0];
> > 
> New patch #32 attached.
> 
ping

> Cheers,
> Fraser

> >From b4280b4d02ffca89ed154188c025d26abc0386be Mon Sep 17 00:00:00 2001
> From: Fraser Tweedale <frase frase id au>
> Date: Mon, 13 Apr 2015 01:19:58 -0400
> Subject: [PATCH] Get profile ID from DN instead of CN attribute
> 
> ---
>  .../cmscore/profile/LDAPProfileSubsystem.java      | 23 ++++++++++++++--------
>  1 file changed, 15 insertions(+), 8 deletions(-)
> 
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java
> index 0c390be581f12d8364c2ea95c62dd4ab8da93cbb..bd41f94885587076b5ba871cf84efd4199e7359d 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java
> @@ -28,6 +28,7 @@ import java.util.Vector;
>  import netscape.ldap.LDAPAttribute;
>  import netscape.ldap.LDAPConnection;
>  import netscape.ldap.LDAPControl;
> +import netscape.ldap.LDAPDN;
>  import netscape.ldap.LDAPEntry;
>  import netscape.ldap.LDAPException;
>  import netscape.ldap.LDAPSearchConstraints;
> @@ -106,8 +107,13 @@ public class LDAPProfileSubsystem
>          IPluginRegistry registry = (IPluginRegistry)
>              CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
>  
> -        String profileId = (String)
> -            ldapProfile.getAttribute("cn").getStringValues().nextElement();
> +        String profileId = null;
> +        String dn = ldapProfile.getDN();
> +        if (!dn.startsWith("cn=")) {
> +            CMS.debug("Error reading profile entry: DN " + dn + " does not start with 'cn='");
> +            return;
> +        }
> +        profileId = LDAPDN.explodeDN(dn, true)[0];
>  
>          String classId = (String)
>              ldapProfile.getAttribute("classId").getStringValues().nextElement();
> @@ -218,13 +224,14 @@ public class LDAPProfileSubsystem
>      }
>  
>      private void forgetProfile(LDAPEntry entry) {
> -        String profileId = (String)
> -            entry.getAttribute("cn").getStringValues().nextElement();
> -        if (profileId == null) {
> -            CMS.debug("forgetProfile: error retrieving cn (profileId) from LDAPEntry");
> -        } else {
> -            forgetProfile(profileId);
> +        String profileId = null;
> +        String dn = entry.getDN();
> +        if (!dn.startsWith("cn=")) {
> +            CMS.debug("forgetProfile: DN " + dn + " does not start with 'cn='");
> +            return;
>          }
> +        profileId = LDAPDN.explodeDN(dn, true)[0];
> +        forgetProfile(profileId);
>      }
>  
>      /**
> -- 
> 2.1.0
> 

> _______________________________________________
> Pki-devel mailing list
> Pki-devel redhat com
> https://www.redhat.com/mailman/listinfo/pki-devel


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]