[Pki-devel] [PATCH] Added fix for pki-server for db-update
Geetika Kapoor
gkapoor at redhat.com
Wed Jul 13 11:06:26 UTC 2016
Hi,
Please review this patch.Below is a small summary about this fix and
what we are trying to achieve.
CLI : pki-server db-upgrade
what it should be doing is if it sees that issuerName doesn't exist,NULL
it will add it itself.
Operation 1 : Search for the empty cn value for issuerName
-------------------------------------------------------------------------------
Current : '(&(objectclass=certificateRecord)(issuerName=*)) -- I
tried this it didn't show data even if i have record with empty issuerName
Modified : (&(objectclass=certificateRecord)(!(issuerName=cn*)))' --
This solves the purpose as it shows all the certs without issuerName
Operation 2 : If we see a empty cn value , we are replacing it with
value we get from code
------------------------------------------------------------------------------------------------------------------
< code>
cert = nss.Certificate(bytearray(attr_cert[0]))
issuer_name = str(cert.issuer)
</code>
Current : we are updating the list it the format as mentioned
'issuerName': ['', 'CN=CA Signing Certificate,O=example.com Security
Domain']
Do we want to keep this behavior or we want to overwrite it in first
place? I believe in place of we do it MOD_REPLACE.
<try:
conn.ldap.modify_s(dn, [(ldap.MOD_ADD, 'issuerName',
issuer_name)])
>
Modified : onn.ldap.modify_s(dn, [(ldap.MOD_REPLACE, 'issuerName',
issuer_name)])
Thanks
Geetika
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Added-fix-for-pki-server-for-db-update.patch
Type: text/x-patch
Size: 1467 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160713/a9a4abbf/attachment.bin>
More information about the Pki-devel
mailing list