Bug 441362 - Agent services: "Revoke Certificates" search produces LDAPException
Agent services: "Revoke Certificates" search produces LDAPException
Status: CLOSED DUPLICATE of bug 445436
Product: Dogtag Certificate System
Classification: Community
Component: Certificate Manager (Show other bugs)
1.0
All Linux
low Severity low
: 1.0
: ---
Assigned To: Andrew Wnuk
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2008-04-07 14:36 EDT by David Stutzman
Modified: 2015-01-04 18:31 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-07 20:49:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ca debug log while doing a revoke search (5.71 KB, text/plain)
2008-04-07 14:36 EDT, David Stutzman
no flags Details
ca debug log while doing a search (10.28 KB, text/plain)
2008-04-07 14:36 EDT, David Stutzman
no flags Details

  None (edit)
Description David Stutzman 2008-04-07 14:36:21 EDT
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


If I try to search for certificates to revoke through the Revoke Certificates
feature, I get the following error: LDAP operation failure -
netscape.ldap.LDAPException: Bad search filter (89).  The same search options in
 Search for Certificates section works fine.

Steps to Reproduce:
1. Go to Agent Services and click on "Revoke Certificates"
2. Check the box for "Revoke certificates that fall within the following range"
3. Enter 0x1 in both boxes for lowest and highest serial number
4. Scroll to bottom and click find, receive exception message.
5. Go to Agent Services and click on "Search for Certificates"
6. Check the box for "Show certificates that fall within the following range"
7. Enter 0x1 in both boxes for lowest and highest serial number
8. Scroll to bottom and click find and one certificate is shown.
9. You can then click revoke button if you want to revoke the certificate.

Actual results:
LDAP operation failure - netscape.ldap.LDAPException: Bad search filter (89)

Expected results:
The search to perform successfully.

Additional info:
DS flavor for the CA install is Red Hat DS 8.0 running on a separate server.  I
don't see an error 89 show up in the logs of the LDAP server in the error case,
but I see the successful search show up.
Comment 1 David Stutzman 2008-04-07 14:36:21 EDT
Created attachment 301547 [details]
ca debug log while doing a revoke search
Comment 2 David Stutzman 2008-04-07 14:36:52 EDT
Created attachment 301548 [details]
ca debug log while doing a search
Comment 3 David Stutzman 2008-04-07 14:42:09 EDT
It looks like the search filter gets munged in the case of the revoke search.
- 3 lines up from the bottom of attachment 301548 [details] (the good one) it shows the
ldap search filter string "searchCertificateswith time limit filter
(&(certRecordId>=0x1)(certRecordId<=0x1))".  
- 4 lines up from the bottom of attachment 301547 [details] (the bad one) it shows
"searchCertificateswith time limit filter (&)"

The same thing happens a few more lines up with "queryCertFilter".
Comment 4 David Stutzman 2008-04-22 12:24:22 EDT
Under "Steps to Reproduce:" in the original report, only 1-4 apply.
5-9 are actually the workaround.
Comment 6 Andrew Wnuk 2008-10-07 20:49:59 EDT

*** This bug has been marked as a duplicate of bug 445436 ***
Comment 7 Andrew Wnuk 2008-10-08 11:19:01 EDT
SrchRevokeCert.html did not follow new schema for search filter generation on
the server side. Moving filter generation to the server side fixed
LDAPException issue.

Note You need to log in before you can comment on or make changes to this bug.