From b7b6faf14aaa8ac677ab9ebc2bcbf87e6b2a1146 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 7 Sep 2016 08:06:10 +0200
Subject: cert: fix cert-find --certificate when the cert is not in LDAP

Always return the cert specified in --certificate in cert-find result, even
when the cert is not found in LDAP.

https://fedorahosted.org/freeipa/ticket/6304

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 ipaserver/plugins/cert.py | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 6195a6b1e..8da18697f 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1266,17 +1266,15 @@ class cert_find(Search, CertMethod):
                     rule)
                 filters.append(filter)
 
-        cert = options.get('certificate')
-        if cert is not None:
-            filter = ldap.make_filter_from_attr('usercertificate', cert)
-            filters.append(filter)
-
         result = collections.OrderedDict()
         complete = bool(filters)
 
-        if cert is None:
+        cert = options.get('certificate')
+        if cert is not None:
+            filter = ldap.make_filter_from_attr('usercertificate', cert)
+        else:
             filter = '(usercertificate=*)'
-            filters.append(filter)
+        filters.append(filter)
 
         filter = ldap.combine_filters(filters, ldap.MATCH_ALL)
         try:
-- 
cgit