diff options
author | Ade Lee <alee@redhat.com> | 2016-04-22 14:22:16 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2016-04-22 14:52:11 -0400 |
commit | 0c15fe725baad094929a26035bfeeba90f980979 (patch) | |
tree | 4d84785e39ff691d10061d0eefba95e1f813f7fb | |
parent | 1bee1688399eed154d969c04dccd41e3155b09f5 (diff) | |
download | pki-0c15fe725baad094929a26035bfeeba90f980979.tar.gz pki-0c15fe725baad094929a26035bfeeba90f980979.tar.xz pki-0c15fe725baad094929a26035bfeeba90f980979.zip |
Fix problem in creating certificate requests
Some incorrect code was added to request processing
in the realm patches. In the request LDAP modification code,
if the realm was not present, we added a modification to remove the
realm attribute.
Unfortunately, if the realm was not present to begin with, this resulted
in LDAP returning a "No Such Attribute (16)" error, causing all kinds
of requests - including certificate requests to fail to be submitted.
At this point, we do not permit users to change the realm of a request.
Therefore, there is no reason to remove the realm. If we ever need
to do this in future, we'll have to be smarter about it.
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java b/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java index 074bff41c..a6e454dd1 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java +++ b/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java @@ -198,10 +198,10 @@ public class RequestRecord mods.add(IRequestRecord.ATTR_EXT_DATA, Modification.MOD_REPLACE, loadExtDataFromRequest(r)); + // TODO(alee) - realm cannot be changed once set. Can the code be refactored to eliminate + // the next few lines? if (r.getRealm() != null) { mods.add(IRequestRecord.ATTR_REALM, Modification.MOD_REPLACE, r.getRealm()); - } else { - mods.add(IRequestRecord.ATTR_REALM, Modification.MOD_DELETE, null); } for (int i = 0; i < mRequestA.length; i++) { |