Bug 441362 - Agent services: "Revoke Certificates" search produces LDAPException
Summary: Agent services: "Revoke Certificates" search produces LDAPException
Status: CLOSED DUPLICATE of bug 445436
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Certificate Manager
Version: 1.0
Hardware: All
OS: Linux
low
low
Target Milestone: 1.0
Assignee: Andrew Wnuk
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 443788
TreeView+ depends on / blocked
 
Reported: 2008-04-07 18:36 UTC by David Stutzman
Modified: 2015-01-04 23:31 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2008-10-08 00:49:59 UTC


Attachments (Terms of Use)
ca debug log while doing a revoke search (5.71 KB, text/plain)
2008-04-07 18:36 UTC, David Stutzman
no flags Details
ca debug log while doing a search (10.28 KB, text/plain)
2008-04-07 18:36 UTC, David Stutzman
no flags Details

Description David Stutzman 2008-04-07 18:36:21 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


If I try to search for certificates to revoke through the Revoke Certificates
feature, I get the following error: LDAP operation failure -
netscape.ldap.LDAPException: Bad search filter (89).  The same search options in
 Search for Certificates section works fine.

Steps to Reproduce:
1. Go to Agent Services and click on "Revoke Certificates"
2. Check the box for "Revoke certificates that fall within the following range"
3. Enter 0x1 in both boxes for lowest and highest serial number
4. Scroll to bottom and click find, receive exception message.
5. Go to Agent Services and click on "Search for Certificates"
6. Check the box for "Show certificates that fall within the following range"
7. Enter 0x1 in both boxes for lowest and highest serial number
8. Scroll to bottom and click find and one certificate is shown.
9. You can then click revoke button if you want to revoke the certificate.

Actual results:
LDAP operation failure - netscape.ldap.LDAPException: Bad search filter (89)

Expected results:
The search to perform successfully.

Additional info:
DS flavor for the CA install is Red Hat DS 8.0 running on a separate server.  I
don't see an error 89 show up in the logs of the LDAP server in the error case,
but I see the successful search show up.

Comment 1 David Stutzman 2008-04-07 18:36:21 UTC
Created attachment 301547 [details]
ca debug log while doing a revoke search

Comment 2 David Stutzman 2008-04-07 18:36:52 UTC
Created attachment 301548 [details]
ca debug log while doing a search

Comment 3 David Stutzman 2008-04-07 18:42:09 UTC
It looks like the search filter gets munged in the case of the revoke search.
- 3 lines up from the bottom of attachment 301548 [details] (the good one) it shows the
ldap search filter string "searchCertificateswith time limit filter
(&(certRecordId>=0x1)(certRecordId<=0x1))".  
- 4 lines up from the bottom of attachment 301547 [details] (the bad one) it shows
"searchCertificateswith time limit filter (&)"

The same thing happens a few more lines up with "queryCertFilter".

Comment 4 David Stutzman 2008-04-22 16:24:22 UTC
Under "Steps to Reproduce:" in the original report, only 1-4 apply.
5-9 are actually the workaround.

Comment 6 Andrew Wnuk 2008-10-08 00:49:59 UTC

*** This bug has been marked as a duplicate of bug 445436 ***

Comment 7 Andrew Wnuk 2008-10-08 15:19:01 UTC
SrchRevokeCert.html did not follow new schema for search filter generation on
the server side. Moving filter generation to the server side fixed
LDAPException issue.


Note You need to log in before you can comment on or make changes to this bug.