From 0c15fe725baad094929a26035bfeeba90f980979 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Fri, 22 Apr 2016 14:22:16 -0400
Subject: Fix problem in creating certificate requests

Some incorrect code was added to request processing
in the realm patches.  In the request LDAP modification code,
if the realm was not present, we added a modification to remove the
realm attribute.

Unfortunately, if the realm was not present to begin with, this resulted
in LDAP returning a "No Such Attribute (16)" error, causing all kinds
of requests - including certificate requests to fail to be submitted.

At this point, we do not permit users to change the realm of a request.
Therefore, there is no reason to remove the realm.  If we ever need
to do this in future, we'll have to be smarter about it.
---
 .../cmscore/src/com/netscape/cmscore/request/RequestRecord.java       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java b/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java
index 074bff41c..a6e454dd1 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java
@@ -198,10 +198,10 @@ public class RequestRecord
         mods.add(IRequestRecord.ATTR_EXT_DATA,
                 Modification.MOD_REPLACE, loadExtDataFromRequest(r));
 
+        // TODO(alee) - realm cannot be changed once set.  Can the code be refactored to eliminate
+        // the next few lines?
         if (r.getRealm() != null) {
             mods.add(IRequestRecord.ATTR_REALM, Modification.MOD_REPLACE, r.getRealm());
-        } else {
-            mods.add(IRequestRecord.ATTR_REALM, Modification.MOD_DELETE, null);
         }
 
         for (int i = 0; i < mRequestA.length; i++) {
-- 
cgit