URL: https://github.com/freeipa/freeipa/pull/824 Author: frasertweedale Title: #824: ca-add: validate Subject DN name attributes Action: opened
PR body: """ If the Subject DN is syntactically valid but contains unrecognised name attributes, FreeIPA accepts it but Dogtag rejects it, returning status 400 and causing the framework to raise RemoteRetrieveError.
Update the ca-add command to perform some additional validation on the user-supplied Subject DN, making sure that we recognise all the attributes.
Fixes: https://pagure.io/freeipa/issue/6987 """
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/824/head:pr824 git checkout pr824
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes
felipevolpone commented: """ I tested and it fixes the error.
I'm not sure if it's relevant, but maybe the unrecognized attributes could be printed as the user wrote them. This: ```ipa: ERROR: invalid 'Subject DN': Unrecognized attributes: dn``` Could be: ```ipa: ERROR: invalid 'Subject DN': Unrecognized attributes: DN```
Good to go. """
See the full comment at https://github.com/freeipa/freeipa/pull/824#issuecomment-304987610
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes
frasertweedale commented: """ @felipevolpone I did think about that. I agree it would be nice but IMO it adds unnecessary implementation complexity, for handling a probably-rare user error. """
See the full comment at https://github.com/freeipa/freeipa/pull/824#issuecomment-305035882
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes
frasertweedale commented: """ @felipevolpone I did think about that. I agree it would be nice but IMO it adds unnecessary implementation complexity, for handling a probably-rare user error. """
See the full comment at https://github.com/freeipa/freeipa/pull/824#issuecomment-305035882
URL: https://github.com/freeipa/freeipa/pull/824 Author: frasertweedale Title: #824: ca-add: validate Subject DN name attributes Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/824/head:pr824 git checkout pr824
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes
stlaz commented: """ Thanks for addressing my comment. @felipevolpone seems to be OK with the rest of the PR so I am adding the official ACK. """
See the full comment at https://github.com/freeipa/freeipa/pull/824#issuecomment-305398689
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes
Label: +ack
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes
Label: +pushed
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes
MartinBasti commented: """ master:
* 5f0e13ce9c3d1ead02de61a148de973fc6787b96 ca-add: validate Subject DN name attributes
"""
See the full comment at https://github.com/freeipa/freeipa/pull/824#issuecomment-305412301
URL: https://github.com/freeipa/freeipa/pull/824 Author: frasertweedale Title: #824: ca-add: validate Subject DN name attributes Action: closed
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/824/head:pr824 git checkout pr824
freeipa-devel@lists.fedorahosted.org
-
felipevolpone -
frasertweedale
-
MartinBasti
-
stlaz