Bug 441362

Summary: Agent services: "Revoke Certificates" search produces LDAPException
Product: [Retired] Dogtag Certificate System Reporter: David Stutzman <david.k.stutzman2.ctr>
Component: Certificate ManagerAssignee: Andrew Wnuk <awnuk>
Status: CLOSED DUPLICATE QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: low    
Version: 1.0CC: awnuk, benl, dpal
Target Milestone: 1.0   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-08 00:49:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788    
Attachments:
Description Flags
ca debug log while doing a revoke search
none
ca debug log while doing a search none

Description David Stutzman 2008-04-07 18:36:21 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


If I try to search for certificates to revoke through the Revoke Certificates
feature, I get the following error: LDAP operation failure -
netscape.ldap.LDAPException: Bad search filter (89).  The same search options in
 Search for Certificates section works fine.

Steps to Reproduce:
1. Go to Agent Services and click on "Revoke Certificates"
2. Check the box for "Revoke certificates that fall within the following range"
3. Enter 0x1 in both boxes for lowest and highest serial number
4. Scroll to bottom and click find, receive exception message.
5. Go to Agent Services and click on "Search for Certificates"
6. Check the box for "Show certificates that fall within the following range"
7. Enter 0x1 in both boxes for lowest and highest serial number
8. Scroll to bottom and click find and one certificate is shown.
9. You can then click revoke button if you want to revoke the certificate.

Actual results:
LDAP operation failure - netscape.ldap.LDAPException: Bad search filter (89)

Expected results:
The search to perform successfully.

Additional info:
DS flavor for the CA install is Red Hat DS 8.0 running on a separate server.  I
don't see an error 89 show up in the logs of the LDAP server in the error case,
but I see the successful search show up.
Comment 1 David Stutzman 2008-04-07 18:36:21 UTC 
Created attachment 301547 [details]
ca debug log while doing a revoke search
Comment 2 David Stutzman 2008-04-07 18:36:52 UTC 
Created attachment 301548 [details]
ca debug log while doing a search
Comment 3 David Stutzman 2008-04-07 18:42:09 UTC 
It looks like the search filter gets munged in the case of the revoke search.
- 3 lines up from the bottom of attachment 301548 [details] (the good one) it shows the
ldap search filter string "searchCertificateswith time limit filter
(&(certRecordId>=0x1)(certRecordId<=0x1))".  
- 4 lines up from the bottom of attachment 301547 [details] (the bad one) it shows
"searchCertificateswith time limit filter (&)"

The same thing happens a few more lines up with "queryCertFilter".
Comment 4 David Stutzman 2008-04-22 16:24:22 UTC 
Under "Steps to Reproduce:" in the original report, only 1-4 apply.
5-9 are actually the workaround.
Comment 6 Andrew Wnuk 2008-10-08 00:49:59 UTC 

*** This bug has been marked as a duplicate of bug 445436 ***
Comment 7 Andrew Wnuk 2008-10-08 15:19:01 UTC 
SrchRevokeCert.html did not follow new schema for search filter generation on
the server side. Moving filter generation to the server side fixed
LDAPException issue.