Description of problem: When the browser presents a cert, the TPS calls tus_authenticate() which does an ldap search for entries with userCertificate = (your base64 encoded cert). The search is supposed to return a user record from under ou=people, dc= .. , from which the userid is extracted. The problem is that the search currently starts from the top level instead. This is not a problem for users who do not have a token, because the user certificate only shows up in the user record. For token users, however, two entries are returned - one for the tokenCertRecord (which does not contain a userid), and one for the user record. The fix is simply to make sure that the search is performed at the correct place Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 340963 [details] patch to fix simple fix. jmagne, please review.
Looks pretty simple: Attachment (id=340963) +jmagne .
Sending base/tps/src/tus/tus_db.c Sending dogtag/tps/pki-tps.spec Transmitting file data .. Committed revision 414.