[PATCH] 296 - fix cert requests problem ..
by Ade Lee
Fix problem in creating certificate requests
Some incorrect code was added to request processing
in the realm patches. In the request LDAP modification code,
if the realm was not present, we added a modification to remove the
realm attribute.
Unfortunately, if the realm was not present to begin with, this resulted
in LDAP returning a "No Such Attribute (16)" error, causing all kinds
of requests - including certificate requests to fail to be submitted.
At this point, we do not permit users to change the realm of a request.
Therefore, there is no reason to remove the realm. If we ever need
to do this in future, we'll have to be smarter about it.
8 years
Trac; add "Lightweight CAs" feature?
by Fraser Tweedale
Hi all,
Could someone with the relevant permissions please add a
"Lightweight CAs" feature to the pki trac? There's a substantial
quantity of outstanding tickets for this feature so it would be good
to have something more formal than the summary by which to group
them.
Thanks,
Fraser
8 years
[PATCH] 285 - 293 Patches for fine grained authz in the KRA
by Ade Lee
This is the main series of patches that implements fine grained
authorization in the KRA as described in :
https://pagure.io/test_dogtag_designs/pull-request/5
I'll be moving this design to the wiki and adding some additional
documentation and test scripts shortly.
More to come including :
1. authz for the modify method in the Key service.
2. new VLV indexes
3. database migration script
4. Man page updates
5. Python unit tests for the Python CLI changes
Please review,
Thanks,
Ade
8 years
[284] fix authority monitor so server can start up correctly
by Ade Lee
Author: Ade Lee <alee(a)redhat.com>
Date: Fri Apr 15 14:36:00 2016 -0400
Add script to enable USN plugin
New authority monitor code requires the USN plugin to be
enabled in the database to ensure that the entryUSN attribute
is added to authority entries.
In the case where this plugin was disabled, accessing this
attribute resulted in a null pointer exception whch prevented server
startup.
The code has been changed so as not to throw a null pointer exception
on startup if the entryusn is not present, and also to call an LDIF
to enable the plugin when a subsystem is configured thorugh pkispawn.
Please review,
Ade
8 years