summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2016-04-22 14:22:16 -0400
committerAde Lee <alee@redhat.com>2016-04-22 14:52:11 -0400
commit0c15fe725baad094929a26035bfeeba90f980979 (patch)
tree4d84785e39ff691d10061d0eefba95e1f813f7fb
parent1bee1688399eed154d969c04dccd41e3155b09f5 (diff)
downloadpki-0c15fe725baad094929a26035bfeeba90f980979.tar.gz
pki-0c15fe725baad094929a26035bfeeba90f980979.tar.xz
pki-0c15fe725baad094929a26035bfeeba90f980979.zip
Fix problem in creating certificate requests
Some incorrect code was added to request processing in the realm patches. In the request LDAP modification code, if the realm was not present, we added a modification to remove the realm attribute. Unfortunately, if the realm was not present to begin with, this resulted in LDAP returning a "No Such Attribute (16)" error, causing all kinds of requests - including certificate requests to fail to be submitted. At this point, we do not permit users to change the realm of a request. Therefore, there is no reason to remove the realm. If we ever need to do this in future, we'll have to be smarter about it.
-rw-r--r--base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java4
1 files changed, 2 insertions, 2 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java b/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java
index 074bff41c..a6e454dd1 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java
@@ -198,10 +198,10 @@ public class RequestRecord
mods.add(IRequestRecord.ATTR_EXT_DATA,
Modification.MOD_REPLACE, loadExtDataFromRequest(r));
+ // TODO(alee) - realm cannot be changed once set. Can the code be refactored to eliminate
+ // the next few lines?
if (r.getRealm() != null) {
mods.add(IRequestRecord.ATTR_REALM, Modification.MOD_REPLACE, r.getRealm());
- } else {
- mods.add(IRequestRecord.ATTR_REALM, Modification.MOD_DELETE, null);
}
for (int i = 0; i < mRequestA.length; i++) {