Hide Forgot
+++ This bug was initially created as a clone of Bug #918262 +++ This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/3477 I found a situation where the CA certificate is stored in base64 encoding in a binary attribute, so for example, ldapsearch returns it double-encoded. To duplicate this: * Install IPA (I tested with master) * ldapdelete ... cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com * ipa-ldap-updater --plugins * ldapsearch -o ldif-wrap=no -x -b cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com --- Additional comment from Martin Kosek on 2013-03-07 14:11:43 IST --- Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/f6f8307be282e96df4fa4f35e83f1ff17403cf86 ipa-3-1: https://fedorahosted.org/freeipa/changeset/80b544eb5a6dbb99620c0e196126c0d934134e7b
*** Bug 947889 has been marked as a duplicate of this bug. ***
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/f6f8307be282e96df4fa4f35e83f1ff17403cf86 ipa-3-1: https://fedorahosted.org/freeipa/changeset/80b544eb5a6dbb99620c0e196126c0d934134e7b Moving to POST.
Verified using ipa-server-3.0.0-35 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: LDAP upload CA cert sometimes double-encodes the value bz964128 6.5 - bz 948928 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: ldapsearch for Cert (Expected 0, got 0) cACertificate;binary:: MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQ KEwxURVNUUkVMTS5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMzA5MTEy MDQ4NDZaFw0zMzA5MTEyMDQ4NDZaMDcxFTATBgNVBAoTDFRFU1RSRUxNLkNPTTEeMBwGA1UEAxMVQ 2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBVVMS agxK+NUWpyjR6XU+QggwZZ6gdFeG8AF9qt0Xkgd0Bv3GnPfTuY9TME1MTjOcO2XhHaL78DkyuF/EU GNxdmH+cdJkYOjnaAWMKDwHjJJ9wxK8OHxbAAjLKW6WXHbdlCxZZqfSZjWE2IBtnuaGDnh5Bjs/IT h4P0waNJ+kUzmmkrVV1pUWA1rsOiLn1zFmGjP/lwOCJr1Mq9ZkdNO0lMwQDVQscnh3q6MVnOo33xe gE6w2hmyOa3W6ig5QUFE8H4DY689YHFN/s6uPBA6Ep72Wcndw8qS6DdymotrMW8EaUPj/LxcUTV20 Ytpqbo4R3ZxNNlbjyhIb1im7srSQIDAQABo4GwMIGtMB8GA1UdIwQYMBaAFAASa4XhYEWDgw+giGF sVS7uvxWAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQAEmuF4WBF g4MPoIhhbFUu7r8VgDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9jbG91ZC1xZ S0xLXZtLTMudGVzdHJlbG0uY29tOjgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAE3gP7gAsk X2KcsTQbs+34nNzluHcLf8lLdZpoeqY4USFG9lgffE+4NRewhUj9DMSvYjC78eNzcfkZsc/dapBD6 BJsPYn3rw6EVegrqo1EeKhiTeorPuDfqww+7kBUmzNFrOf4CmuVwzZp0h7gzXnia4l5Jy1w05Kdbo ZTCQL4r3vNiIobDkukKq8mzrewWrpfTjoavaURLHwdlXsM1cCoAbh0ri0gfSUsVHZS1nsVaEuM0xM X+Y+cgLcMDznkUH2WtdDIj2IK2i05wkZHEy1exHUTAbkcnLWI2UzxKAB2+7qACX4m8As/TWaGr4LX RFXB1UyfJHJS94h20mJzRdbxQ= # search result :: [ PASS ] :: Cert before deletion (Expected 0, got 0) :: [ PASS ] :: ldap delete cert (Expected 0, got 0) # extended LDIF # # LDAPv3 # base <cn=CACert,cn=ipa,cn=etc,dc=testrelm,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object matchedDN: cn=ipa,cn=etc,dc=testrelm,dc=com # numResponses: 1 :: [ PASS ] :: Making sure cert is deleted (Expected 32, got 32) :: [ PASS ] :: Running ldap-updater with --plugins (Expected 0, got 0) :: [ PASS ] :: ldapsearch for Cert after ldap-updater (Expected 0, got 0) cACertificate;binary:: MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQ KEwxURVNUUkVMTS5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMzA5MTEy MDQ4NDZaFw0zMzA5MTEyMDQ4NDZaMDcxFTATBgNVBAoTDFRFU1RSRUxNLkNPTTEeMBwGA1UEAxMVQ 2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBVVMS agxK+NUWpyjR6XU+QggwZZ6gdFeG8AF9qt0Xkgd0Bv3GnPfTuY9TME1MTjOcO2XhHaL78DkyuF/EU GNxdmH+cdJkYOjnaAWMKDwHjJJ9wxK8OHxbAAjLKW6WXHbdlCxZZqfSZjWE2IBtnuaGDnh5Bjs/IT h4P0waNJ+kUzmmkrVV1pUWA1rsOiLn1zFmGjP/lwOCJr1Mq9ZkdNO0lMwQDVQscnh3q6MVnOo33xe gE6w2hmyOa3W6ig5QUFE8H4DY689YHFN/s6uPBA6Ep72Wcndw8qS6DdymotrMW8EaUPj/LxcUTV20 Ytpqbo4R3ZxNNlbjyhIb1im7srSQIDAQABo4GwMIGtMB8GA1UdIwQYMBaAFAASa4XhYEWDgw+giGF sVS7uvxWAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQAEmuF4WBF g4MPoIhhbFUu7r8VgDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9jbG91ZC1xZ S0xLXZtLTMudGVzdHJlbG0uY29tOjgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAE3gP7gAsk X2KcsTQbs+34nNzluHcLf8lLdZpoeqY4USFG9lgffE+4NRewhUj9DMSvYjC78eNzcfkZsc/dapBD6 BJsPYn3rw6EVegrqo1EeKhiTeorPuDfqww+7kBUmzNFrOf4CmuVwzZp0h7gzXnia4l5Jy1w05Kdbo ZTCQL4r3vNiIobDkukKq8mzrewWrpfTjoavaURLHwdlXsM1cCoAbh0ri0gfSUsVHZS1nsVaEuM0xM X+Y+cgLcMDznkUH2WtdDIj2IK2i05wkZHEy1exHUTAbkcnLWI2UzxKAB2+7qACX4m8As/TWaGr4LX RFXB1UyfJHJS94h20mJzRdbxQ= # search result :: [ PASS ] :: Cert after deletion (Expected 0, got 0) :: [ PASS ] :: Files /tmp/tmp.9tRte31EBW/sfile1 and /tmp/tmp.9tRte31EBW/sfile2 should not differ :: [ PASS ] :: CA cert is not double-encoded
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1651.html