Bug 948928
Summary: | LDAP upload CA cert sometimes double-encodes the value | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Najmuddin Chirammal <nc> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.5 | CC: | dpal, francesco.trentini, lmiksik, mkosek, nsoman, rcritten, yjog |
Target Milestone: | rc | Keywords: | Regression, ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ipa-3.0.0-30.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Identity Management upgrade process double-encoded CA certificate stored in the Directory Server in some situations.
Consequence: Some Identity Management clients (e.g. in RHEL-5 platform) failed to decode the CA certificate and client installation failed.
Fix: Upgrade process no longer double-encodes the CA certificate.
Result: Client installation CA certificate is correctly retrieved from IdM server and installation continues.
|
Story Points: | --- |
Clone Of: | 918262 | Environment: | |
Last Closed: | 2013-11-21 20:52:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 918262 | ||
Bug Blocks: | 960054, 964128 |
Description
Najmuddin Chirammal
2013-04-05 14:29:20 UTC
*** Bug 947889 has been marked as a duplicate of this bug. *** Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/f6f8307be282e96df4fa4f35e83f1ff17403cf86 ipa-3-1: https://fedorahosted.org/freeipa/changeset/80b544eb5a6dbb99620c0e196126c0d934134e7b Moving to POST. Verified using ipa-server-3.0.0-35 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: LDAP upload CA cert sometimes double-encodes the value bz964128 6.5 - bz 948928 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: ldapsearch for Cert (Expected 0, got 0) cACertificate;binary:: MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQ KEwxURVNUUkVMTS5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMzA5MTEy MDQ4NDZaFw0zMzA5MTEyMDQ4NDZaMDcxFTATBgNVBAoTDFRFU1RSRUxNLkNPTTEeMBwGA1UEAxMVQ 2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBVVMS agxK+NUWpyjR6XU+QggwZZ6gdFeG8AF9qt0Xkgd0Bv3GnPfTuY9TME1MTjOcO2XhHaL78DkyuF/EU GNxdmH+cdJkYOjnaAWMKDwHjJJ9wxK8OHxbAAjLKW6WXHbdlCxZZqfSZjWE2IBtnuaGDnh5Bjs/IT h4P0waNJ+kUzmmkrVV1pUWA1rsOiLn1zFmGjP/lwOCJr1Mq9ZkdNO0lMwQDVQscnh3q6MVnOo33xe gE6w2hmyOa3W6ig5QUFE8H4DY689YHFN/s6uPBA6Ep72Wcndw8qS6DdymotrMW8EaUPj/LxcUTV20 Ytpqbo4R3ZxNNlbjyhIb1im7srSQIDAQABo4GwMIGtMB8GA1UdIwQYMBaAFAASa4XhYEWDgw+giGF sVS7uvxWAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQAEmuF4WBF g4MPoIhhbFUu7r8VgDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9jbG91ZC1xZ S0xLXZtLTMudGVzdHJlbG0uY29tOjgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAE3gP7gAsk X2KcsTQbs+34nNzluHcLf8lLdZpoeqY4USFG9lgffE+4NRewhUj9DMSvYjC78eNzcfkZsc/dapBD6 BJsPYn3rw6EVegrqo1EeKhiTeorPuDfqww+7kBUmzNFrOf4CmuVwzZp0h7gzXnia4l5Jy1w05Kdbo ZTCQL4r3vNiIobDkukKq8mzrewWrpfTjoavaURLHwdlXsM1cCoAbh0ri0gfSUsVHZS1nsVaEuM0xM X+Y+cgLcMDznkUH2WtdDIj2IK2i05wkZHEy1exHUTAbkcnLWI2UzxKAB2+7qACX4m8As/TWaGr4LX RFXB1UyfJHJS94h20mJzRdbxQ= # search result :: [ PASS ] :: Cert before deletion (Expected 0, got 0) :: [ PASS ] :: ldap delete cert (Expected 0, got 0) # extended LDIF # # LDAPv3 # base <cn=CACert,cn=ipa,cn=etc,dc=testrelm,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object matchedDN: cn=ipa,cn=etc,dc=testrelm,dc=com # numResponses: 1 :: [ PASS ] :: Making sure cert is deleted (Expected 32, got 32) :: [ PASS ] :: Running ldap-updater with --plugins (Expected 0, got 0) :: [ PASS ] :: ldapsearch for Cert after ldap-updater (Expected 0, got 0) cACertificate;binary:: MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQ KEwxURVNUUkVMTS5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMzA5MTEy MDQ4NDZaFw0zMzA5MTEyMDQ4NDZaMDcxFTATBgNVBAoTDFRFU1RSRUxNLkNPTTEeMBwGA1UEAxMVQ 2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBVVMS agxK+NUWpyjR6XU+QggwZZ6gdFeG8AF9qt0Xkgd0Bv3GnPfTuY9TME1MTjOcO2XhHaL78DkyuF/EU GNxdmH+cdJkYOjnaAWMKDwHjJJ9wxK8OHxbAAjLKW6WXHbdlCxZZqfSZjWE2IBtnuaGDnh5Bjs/IT h4P0waNJ+kUzmmkrVV1pUWA1rsOiLn1zFmGjP/lwOCJr1Mq9ZkdNO0lMwQDVQscnh3q6MVnOo33xe gE6w2hmyOa3W6ig5QUFE8H4DY689YHFN/s6uPBA6Ep72Wcndw8qS6DdymotrMW8EaUPj/LxcUTV20 Ytpqbo4R3ZxNNlbjyhIb1im7srSQIDAQABo4GwMIGtMB8GA1UdIwQYMBaAFAASa4XhYEWDgw+giGF sVS7uvxWAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQAEmuF4WBF g4MPoIhhbFUu7r8VgDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9jbG91ZC1xZ S0xLXZtLTMudGVzdHJlbG0uY29tOjgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAE3gP7gAsk X2KcsTQbs+34nNzluHcLf8lLdZpoeqY4USFG9lgffE+4NRewhUj9DMSvYjC78eNzcfkZsc/dapBD6 BJsPYn3rw6EVegrqo1EeKhiTeorPuDfqww+7kBUmzNFrOf4CmuVwzZp0h7gzXnia4l5Jy1w05Kdbo ZTCQL4r3vNiIobDkukKq8mzrewWrpfTjoavaURLHwdlXsM1cCoAbh0ri0gfSUsVHZS1nsVaEuM0xM X+Y+cgLcMDznkUH2WtdDIj2IK2i05wkZHEy1exHUTAbkcnLWI2UzxKAB2+7qACX4m8As/TWaGr4LX RFXB1UyfJHJS94h20mJzRdbxQ= # search result :: [ PASS ] :: Cert after deletion (Expected 0, got 0) :: [ PASS ] :: Files /tmp/tmp.9tRte31EBW/sfile1 and /tmp/tmp.9tRte31EBW/sfile2 should not differ :: [ PASS ] :: CA cert is not double-encoded Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1651.html |