441362 – Agent services: "Revoke Certificates" search produces LDAPException

Bug 441362 - Agent services: "Revoke Certificates" search produces LDAPException

Summary: Agent services: "Revoke Certificates" search produces LDAPException

Keywords:
Status:	CLOSED DUPLICATE of bug 445436
Alias:	None
Product:	Dogtag Certificate System
Classification:	Retired
Component:	Certificate Manager
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	1.0
Assignee:	Andrew Wnuk
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	443788
TreeView+	depends on / blocked

Reported:	2008-04-07 18:36 UTC by David Stutzman
Modified:	2015-01-04 23:31 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-10-08 00:49:59 UTC
Embargoed:

Attachments	(Terms of Use)
ca debug log while doing a revoke search (5.71 KB, text/plain) 2008-04-07 18:36 UTC, David Stutzman	no flags	Details
ca debug log while doing a search (10.28 KB, text/plain) 2008-04-07 18:36 UTC, David Stutzman	no flags	Details
View All

Description David Stutzman 2008-04-07 18:36:21 UTC

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


If I try to search for certificates to revoke through the Revoke Certificates
feature, I get the following error: LDAP operation failure -
netscape.ldap.LDAPException: Bad search filter (89).  The same search options in
 Search for Certificates section works fine.

Steps to Reproduce:
1. Go to Agent Services and click on "Revoke Certificates"
2. Check the box for "Revoke certificates that fall within the following range"
3. Enter 0x1 in both boxes for lowest and highest serial number
4. Scroll to bottom and click find, receive exception message.
5. Go to Agent Services and click on "Search for Certificates"
6. Check the box for "Show certificates that fall within the following range"
7. Enter 0x1 in both boxes for lowest and highest serial number
8. Scroll to bottom and click find and one certificate is shown.
9. You can then click revoke button if you want to revoke the certificate.

Actual results:
LDAP operation failure - netscape.ldap.LDAPException: Bad search filter (89)

Expected results:
The search to perform successfully.

Additional info:
DS flavor for the CA install is Red Hat DS 8.0 running on a separate server.  I
don't see an error 89 show up in the logs of the LDAP server in the error case,
but I see the successful search show up.

Comment 1 David Stutzman 2008-04-07 18:36:21 UTC

Created attachment 301547 [details]
ca debug log while doing a revoke search

Comment 2 David Stutzman 2008-04-07 18:36:52 UTC

Created attachment 301548 [details]
ca debug log while doing a search

Comment 3 David Stutzman 2008-04-07 18:42:09 UTC

It looks like the search filter gets munged in the case of the revoke search.
- 3 lines up from the bottom of attachment 301548 [details] (the good one) it shows the
ldap search filter string "searchCertificateswith time limit filter
(&(certRecordId>=0x1)(certRecordId<=0x1))".  
- 4 lines up from the bottom of attachment 301547 [details] (the bad one) it shows
"searchCertificateswith time limit filter (&)"

The same thing happens a few more lines up with "queryCertFilter".

Comment 4 David Stutzman 2008-04-22 16:24:22 UTC

Under "Steps to Reproduce:" in the original report, only 1-4 apply.
5-9 are actually the workaround.

Comment 6 Andrew Wnuk 2008-10-08 00:49:59 UTC


*** This bug has been marked as a duplicate of bug 445436 ***

Comment 7 Andrew Wnuk 2008-10-08 15:19:01 UTC

SrchRevokeCert.html did not follow new schema for search filter generation on
the server side. Moving filter generation to the server side fixed
LDAPException issue.

Note You need to log in before you can comment on or make changes to this bug.