fix cert-find errors in CA-less deployment

Under some search conditions (in particular, when user is
specified), the CA sub-search of cert-find command throws an error
on CA-less deployments.  Do not execute the CA sub-search on CA-less
deployments.

Fixes: https://pagure.io/freeipa/issue/8369
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Fraser Tweedale 2020-06-15 14:55:57 +10:00 committed by Rob Crittenden
parent f6707a71dc
commit 19544d53ae

View File

@ -1839,9 +1839,14 @@ class cert_find(Search, CertMethod):
truncated = False
complete = False
for sub_search in (self._cert_search,
self._ca_search,
self._ldap_search):
# Do not execute the CA sub-search in CA-less deployment.
# See https://pagure.io/freeipa/issue/8369.
if ca_enabled:
searches = [self._cert_search, self._ca_search, self._ldap_search]
else:
searches = [self._cert_search, self._ldap_search]
for sub_search in searches:
sub_result, sub_truncated, sub_complete = sub_search(
all=all,
raw=raw,