IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

cert renewal: Include KRA users in Dogtag LDAP update

Browse Source 
https://fedorahosted.org/freeipa/ticket/5253

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Jan Cholasta 2015-08-27 07:23:39 +02:00
parent a78e751209
commit 43ee695195
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ipaserver/install/cainstance.py
View File

@ -1575,7 +1575,7 @@ def update_people_entry(dercert):
Returns True or False
"""
base_dn = DN(('ou','People'), ('o','ipaca'))
base_dn = DN(('o', 'ipaca'))
serial_number = x509.get_serial_number(dercert, datatype=x509.DER)
subject = x509.get_subject(dercert, datatype=x509.DER)
issuer = x509.get_issuer(dercert, datatype=x509.DER)
@ -1591,9 +1591,14 @@ def update_people_entry(dercert):
conn = ldap2.ldap2(api, ldap_uri=dogtag_uri)
conn.connect(autobind=True)
db_filter = conn.make_filter(
{'description': ';%s;%s' % (issuer, subject)},
exact=False, trailing_wildcard=False)
db_filter = conn.combine_filters(
[
conn.make_filter({'objectClass': 'inetOrgPerson'}),
conn.make_filter(
{'description': ';%s;%s' % (issuer, subject)},
exact=False, trailing_wildcard=False),
],
conn.MATCH_ALL)
try:
entries = conn.get_entries(base_dn, conn.SCOPE_SUBTREE, db_filter)
except errors.NotFound: