From e73e728e10739792d7bf45134507b12407326502 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Mon, 15 Jun 2020 14:55:57 +1000
Subject: [PATCH] fix cert-find errors in CA-less deployment
Under some search conditions (in particular, when user is
specified), the CA sub-search of cert-find command throws an error
on CA-less deployments. Do not execute the CA sub-search on CA-less
deployments.
Fixes: https://pagure.io/freeipa/issue/8369
Reviewed-By: Christian Heimes <cheimes@redhat.com>
---
ipaserver/plugins/cert.py | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index de47ba95b11e9aca31f1417fa7571bc7e3b48321..57ad1327feb62d5f45266bc9d5c6b8fba75a81aa 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1826,9 +1826,14 @@ class cert_find(Search, CertMethod):
truncated = False
complete = False
- for sub_search in (self._cert_search,
- self._ca_search,
- self._ldap_search):
+ # Do not execute the CA sub-search in CA-less deployment.
+ # See https://pagure.io/freeipa/issue/8369.
+ if ca_enabled:
+ searches = [self._cert_search, self._ca_search, self._ldap_search]
+ else:
+ searches = [self._cert_search, self._ldap_search]
+
+ for sub_search in searches:
sub_result, sub_truncated, sub_complete = sub_search(
all=all,
raw=raw,
--
2.26.2