Bug 426439 - Unable to load CRL file for a DS instance - when its placed under /etc/dirsrv/slapd-INSTANCE
Summary: Unable to load CRL file for a DS instance - when its placed under /etc/dirsrv...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: UI - Configuration
Version: 8.0
Hardware: All
OS: Linux
high
high
Target Milestone: DS8.1
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 249650 FDS1.2.0
TreeView+ depends on / blocked
 
Reported: 2007-12-21 00:25 UTC by Chandrasekar Kannan
Modified: 2015-01-04 23:29 UTC (History)
5 users (show)

Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-29 23:01:31 UTC


Attachments (Terms of Use)
diffs (10.53 KB, patch)
2008-12-15 19:11 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (175 bytes, text/plain)
2008-12-15 20:07 UTC, Rich Megginson
no flags Details
crl file (2.32 MB, text/plain)
2009-04-03 13:10 UTC, Jenny Severance
no flags Details

Description Chandrasekar Kannan 2007-12-21 00:25:09 UTC
Attempts to load CRL (Base64) file to DS fails.

- Open DS console
- Open Directory Server Instance
- goto manage certificates
- goto revoked certs
- Click on Add
- Point to a CRL base64 encoded file that's located under 
/etc/dirsrv/slapd-<instance-name>/

Console complains that it can't locate the file.

- Copy the CRL base64 encoded file to 
/etc/dirsrv/admin-serv/

Console is now able to load the crl file.

Expected Results:
 - CRL file should be placed at the instance config level
   and not at the admin server level.

We could release note this for DS8.0 but fix the path issue
in 8.1

Comment 1 Rich Megginson 2008-12-15 19:11:07 UTC
Created attachment 327005 [details]
diffs

Comment 2 Rich Megginson 2008-12-15 20:07:25 UTC
Created attachment 327016 [details]
cvs commit log

Reviewed by: nhosoi (Thanks!)
Fix Description: The main problem was that it was not using the getSecurityDir function to get the security dir based on the SIE passed in.  This function is called in main after getting the SIE.  I changed the code to set this value in a static variable that can be used throughout the program.
In addition, I found and fixed some other bugs related to CRL handling:
1) The code did not work with ASCII CRLs generated by newer versions of crlutil which use the BEGIN CRL header.  I added processing for that header type.
2) The code did not handle date/time in generalized time format.  I added code to format the date/time based on the type of date/time stored in the CRL.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no

Comment 3 Jenny Severance 2009-04-03 13:10:09 UTC
Created attachment 338036 [details]
crl file

Comment 4 Jenny Severance 2009-04-03 13:11:19 UTC
attempting to import attached crl file from 
/etc/dirsrv/slapd-ID/
/etc/dirsrv/admin-serv/
/tmp/
All are resulting in file not found error.

Comment 5 Jenny Severance 2009-04-03 15:46:38 UTC
crl file must reside in /etc/dirsrv/slapd-ID/ and input only file name - not full path.

Entering only file name works.  
Verified RHEL 5 DS 8.1

Comment 6 Chandrasekar Kannan 2009-04-29 23:01:31 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html


Note You need to log in before you can comment on or make changes to this bug.