Updating a profile with bad profile data will appear to succeed. The new profile data will be saved to database, but will not be loaded correctly and existing profile data is used... until restart. Then the profile will be skipped because it does not load properly. Attempting to use, update or delete the profile will fail. Attempting to import a new profile will probably also fail, because the LDAP entry already exists.
A manual ldapmodify with good profile data can restore the situation.
Proposed fix: attempt to initialise profile with new profile data received in raw format BEFORE writing to database and returning from call. Bad data should result in status 400 with as much explanation as possible.
attachment pki-ftweedal-0043-Verify-raw-profile-config-before-accepting-it.patch
Fixed in master: c48c52703c374c8e7e65c11fdeee9eeda464290f
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1256967
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: 10.2.6
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2021
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.