From e73e728e10739792d7bf45134507b12407326502 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Mon, 15 Jun 2020 14:55:57 +1000 Subject: [PATCH] fix cert-find errors in CA-less deployment Under some search conditions (in particular, when user is specified), the CA sub-search of cert-find command throws an error on CA-less deployments. Do not execute the CA sub-search on CA-less deployments. Fixes: https://pagure.io/freeipa/issue/8369 Reviewed-By: Christian Heimes --- ipaserver/plugins/cert.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index de47ba95b11e9aca31f1417fa7571bc7e3b48321..57ad1327feb62d5f45266bc9d5c6b8fba75a81aa 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1826,9 +1826,14 @@ class cert_find(Search, CertMethod): truncated = False complete = False - for sub_search in (self._cert_search, - self._ca_search, - self._ldap_search): + # Do not execute the CA sub-search in CA-less deployment. + # See https://pagure.io/freeipa/issue/8369. + if ca_enabled: + searches = [self._cert_search, self._ca_search, self._ldap_search] + else: + searches = [self._cert_search, self._ldap_search] + + for sub_search in searches: sub_result, sub_truncated, sub_complete = sub_search( all=all, raw=raw, -- 2.26.2