Bug 488380

Summary: Change "mod_revocator" to bind against "mozldap" rather than "openldap" . . .
Product: [Retired] Dogtag Certificate System Reporter: Matthew Harmsen <mharmsen>
Component: TPSAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED WONTFIX QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: high    
Version: 1.0CC: alee, awnuk, benl, cfu, jmagne, kevinu, nhosoi, nkinder, rcritten, rmeggins, rrelyea
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-05 18:56:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788    

Description Matthew Harmsen 2009-03-03 23:19:08 UTC 
For RHCS 8.0, revocation checking needs to be supplied for the "pki-ra" and "pki-tps" components.  Since both of these components either are, or rely upon, Apache modules, a runtime requirement of "mod_revocator" will be added to both components to fulfill this need.

Currently, "mod_revocator" binds against "openldap" which uses "openssl";  "pki-ra" and "pki-tps" must use "nss" for their cryptographic processes, and therefore, it has been requested that "mod_revocator" be changed to bind against "mozldap" which uses "nss" to meet this requirement.
Comment 1 Rob Crittenden 2009-03-04 00:41:42 UTC 
The question to answer is: Where is CRL?

If the answer is: in an LDAP attribute that I fetch using LDAPS then linking with mozldap may be the right thing to do.

If the answer is: at a web address then there is no explicit need to change the linkage (other than offering a choice).
Comment 2 Matthew Harmsen 2009-03-05 18:55:26 UTC 
Per a discussion between Rob, Christina, Andrew, and myself, we determined that we were not going down this path.

Rather, we will close this bug as WON'T FIX, and will create a new bug assigned to Rob to build mod_revocator for 32-bit/64-bit RHEL 5 using the latest NSS (3.12.x).