Improvements to LdapPublisher-Rebase#1036
Open
Stueypoo wants to merge 1 commit intoKeyfactor:mainfrom
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Describe your changes
Note: This is a replacement pull request superceding #940. Some changes from #940 have not been incorporated as requested.
In testing with LdapPublisher, I found a few issues and provide some fixes as described below:
The method constructLDAPDN() appends the BaseDN after working out the LDAP DN. This is normally OK, but not if the BaseDN is 'blank'. Some situations may require a BaseDN set to 'blank', so have included a fix for this. Note that you could set a 'blank' BaseDN in the GUI by entering a space character.
The method getObjectClassAttribute() was limitted to creation of O and OU object classes. Generally, other object classes should be supported, such as DC, L, ST, and C. This method has been updated for this.
The method createIntermediateNodes() changed to use a recursive process of checking the existence of parent nodes, and then creating the missing nodes as the recursion unwinds. I suggest this code variation is a bit simpler and better handles a BaseDN that could be blank (which is sometimes required).
The method revokeCertificate() has the option to delete the revoked certificate from LDAP. However, if the user has multiple certificates in the LDAP, then all certificates will get deleted. This is mentioned in the documentation, but a better approach would be to keep the remaining certificates in the LDAP. A fix for this has been included.
The method revokeCertificate() can also delete the whole user entry in the LDAP when their certificate is revoked. A better approach would be to only delete an entry if there are no other certificates remaining once the revoked certificate is removed. A fix for this has been included.
Some changes to debug log messages included.
Some methods changed from 'private' to 'protected' to help further subclassing.
How has this been tested?
LdapPublisherUnitTest has been updated with additional tests to confirm these fixes. I have also performed some tests manually using a true LDAP server.
Checklist before requesting a review
See also Contributing Guidelines.