On Mon, Apr 13, 2015 at 12:21:10PM -0500, Endi Sukma Dewata wrote: > ACK for #31 & #33. > Thanks! Pushed to master: #33: bdd5cc7 Consolidate profile persistent search try/catch blocks #31: d83f688 Remove unneeded collection from profile subsystems > On 4/13/2015 1:12 AM, Fraser Tweedale wrote: > >profileId = new X500Name(dn).getCommonName(); > > For #32, I don't think we should use X500Name since this is a generic LDAP > DN, not necessarily a DN in a certificate. There may be multiple CN's in a > generic DN (e.g. cn=...,cn=...,dc=example,dc=com). > > Probably it should be like this: > > // assuming DN: cn=<profileId>,... > profileId = LDAPDN.explodeDN(dn, true)[0]; > New patch #32 attached.

Cheers, Fraser

>From b4280b4d02ffca89ed154188c025d26abc0386be Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <frase(a)frase.id.au&gt; Date: Mon, 13 Apr 2015 01:19:58 -0400 Subject: [PATCH] Get profile ID from DN instead of CN attribute --- .../cmscore/profile/LDAPProfileSubsystem.java | 23 ++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java index 0c390be581f12d8364c2ea95c62dd4ab8da93cbb..bd41f94885587076b5ba871cf84efd4199e7359d 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java @@ -28,6 +28,7 @@ import java.util.Vector; import netscape.ldap.LDAPAttribute; import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPControl; +import netscape.ldap.LDAPDN; import netscape.ldap.LDAPEntry; import netscape.ldap.LDAPException; import netscape.ldap.LDAPSearchConstraints; @@ -106,8 +107,13 @@ public class LDAPProfileSubsystem IPluginRegistry registry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY); - String profileId = (String) - ldapProfile.getAttribute("cn").getStringValues().nextElement(); + String profileId = null; + String dn = ldapProfile.getDN(); + if (!dn.startsWith("cn=")) { + CMS.debug("Error reading profile entry: DN " + dn + " does not start with 'cn='"); + return; + } + profileId = LDAPDN.explodeDN(dn, true)[0]; String classId = (String) ldapProfile.getAttribute("classId").getStringValues().nextElement(); @@ -218,13 +224,14 @@ public class LDAPProfileSubsystem } private void forgetProfile(LDAPEntry entry) { - String profileId = (String) - entry.getAttribute("cn").getStringValues().nextElement(); - if (profileId == null) { - CMS.debug("forgetProfile: error retrieving cn (profileId) from LDAPEntry"); - } else { - forgetProfile(profileId); + String profileId = null; + String dn = entry.getDN(); + if (!dn.startsWith("cn=")) { + CMS.debug("forgetProfile: DN " + dn + " does not start with 'cn='"); + return; } + profileId = LDAPDN.explodeDN(dn, true)[0]; + forgetProfile(profileId); } /** -- 2.1.0

_______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel