Closed
Conversation
Loading
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is changed?
In testing with LdapPublisher, I found a few issues and provide some fixes as described below:
The static strings for HOSTNAMES and BASEDN had typos. I fixed this and provided a change to upgrade() method to rectify any previous configurations using the incorrect spellings.
The method constructLDAPDN() appends the BaseDN after working out the LDAP DN. This is normally OK, but not if the BaseDN is 'blank'. Some situations may require a BaseDN set to 'blank', so have included a fix for this. Note that you could set a 'blank' BaseDN in the GUI by entering a space character.
The method getObjectClassAttribute() was limitted to creation of O and OU object classes. Generally, other object classes should be supported, such as DC, L, ST, and C. This method has been updated for this.
The method createIntermediateNodes() changed to use a recursive process of checking the existence of parent nodes, and then creating the missing nodes as the recursion unwinds. I suggest this code variation is a bit simpler and better handles a BaseDN that is blank..
The method revokeCertificate() has the option to delete the revoked certificate from LDAP. However, if the user has multiple certificates in the LDAP, then all certificates will get deleted. This is mentioned in the documentation, but a better approach would be to keep the remaining certificates in the LDAP. A fix for this has been included.
The method revokeCertificate() can also delete the whole user entry in the LDAP when their certificate is revoked. A better approach would be to only delete an entry if there are no other certificates remaining once the revoked certificate is removed. A fix for this has been included.
Some changes to debug log messages included.
Some methods changed from 'private' to 'protected' to help further subclassing.
How has this been tested?
Added extra testcase into LdapPublisherUnitTest.
Other testing performed manually using an LDAP service (OpenLdap and ViewDS). Tested publishing with CA and EE certs, included the creation of parent nodes. Tested revocation of EE cert using LDAP entries having one certificate, and others having two certificates.
Checklist before requesting a review
See also Contributing Guidelines.