Re: How to create a user with certificate with lib389

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm sorry, you didn't answer my questions .... can you answer the below questions, exactly and precisely, else I can't help you :( 

> 
> * WHAT is the test you are creating? What does it test? How? What steps from start to finish? Please list this exactly.
> * Use SSCA to make the user cert - it creates pem and der copies
> * Have you looked at: https://pagure.io/389-ds-base/blob/master/f/src/lib389/lib389/idm/account.py#_103
> 
> Till this point all ok . But not ok .  Its giving error . 
> (Pdb) Account(standalone, 'uid=testuser,ou=People,dc=example,dc=com').enroll_certificate(tls_locs['crt_der_path'])
> *** NameError: name 'ds_is_older' is not defined
> 
> Or 
> 
> (Pdb) users.list()[0].enroll_certificate(tls_locs['crt_der_path'])
> *** NameError: name 'ds_is_older' is not defined
> 
> Is there a problem with account.py file . 
> 
> https://pagure.io/389-ds-base/blob/master/f/src/lib389/lib389/idm/account.py
> It did not import >>>>   from lib389.utils import (ds_is_older) 
> 
> 
> Any way after using SSCA we have got the user with userCertificate field .
> 
> (Pdb) Account(standalone, 'uid=testuser,ou=People,dc=example,dc=com')._unsafe_raw_entry()
> dn: uid=testuser,ou=People,dc=example,dc=com
> cn: testuser
> gidNumber: 2000
> homeDirectory: /home/testuser
> objectClass: top
> objectClass: account
> objectClass: posixaccount
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: nsMemberOf
> objectClass: nsAccount
> objectClass: person
> sn: user
> uid: testuser
> uidNumber: 1000
> userCertificate;binary:: MIIFcjCCA1qgAwIBAgIFALFmh3wwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxDjAMBgNVBAcTBTM4OWRzMRAwDgYDVQQKEwd0ZXN0aW5nMR8wHQYDVQQDExZzc2NhLjM4OWRzLmV4YW1wbGUuY29tMB4XDTE5MDYxMzEzMDkwM1oXDTIxMDYxMzEzMDkwM1owVzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxDjAMBgNVBAcTBTM4OWRzMRAwDgYDVQQKEwd0ZXN0aW5nMREwDwYDVQQDEwh0ZXN0dXNlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALUUafcfMOhoY+8C3L/IYPlaxex2BcYqbTbD+FWonRlp4pE1CdZbk/2jdzkndBVMl4iTF2L0+y3SyNOsG8Lonbdhxz5bxwhzhDpTBD3wLbFlF5r9fe5VR7KfbhvLUSPpfra+UfhiFzgRPkyItUi6KFvcc9Zt2toXBydRaef0yjwI2yv/ileelrCeFKDtUNPAjXnHnqXH/aqpm3cYYy0KWqxSeKe4ET8ymkffJs2Tsomd7ofgcwWtce5bdMxtbhc2sRIbbbdQRIf0mXromkXftAXjTZb9gUAsNESfuRwulY1vkyY5LRhUvDuufxMrEnooJ5t7a6oOsGGrsyQddOWJMPEakuJbMpC/IonMkJdF6oNnfWdruFqBcfP1pBxjiNz1ZFbE/XudBEEuHHRh8wrR5uljH3Y+AUTUUuhVm7Yiuo23B041C1lggVNXpeCxkcYwJDEvJfTzXKOrgL0Pk36u4FhnsXFfzcWJuiOSNdeiBtSOc68g3YmMZyfjCAXPk77TEqrm8KdwBKLg90nnyjEjYqquMMIPzCJVoyH0ckmzA/W8ClQ4VEHav6wmcLjH3tE6eJofl9cLTUL
>  6Yfuxijf6AFGkcAfhXtblLiB3jeKiqjC91gqWh+bbXRFIEx50LoColCo55mUAmbse4z/RNSFfCG6JViWDrRiTy8LiDgGfDj2tAgMBAAGjNzA1MBEGCWCGSAGG+EIBAQQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCBPAwDQYJKoZIhvcNAQELBQADggIBAEpq9ZWRdpXTFzYtY++vbZZyQ+EDAyIj34jKzmCsXvnT6LIfu6K1dYZl83bhLKriurFmQijZb98JVCT+i7LpICb6lVcNU9Jz9CtWf9cWTvpqXPlHRgS+qxGH96vIQ4PDPzcI7HhhPlz7THtuPY1jFdF/vY8nbNdWRrWymrCYxk27c7a1g5crixPwggs1Kv3Oy045Xyv5c9KfA511IEC/DGWwUyOVx6l7gYQXVTnWGqwF+JfLoZvWlqPdkoH7N3dHPdmZQsG9ZEghjslE2SbaUp2XpvyhU6XYa8q9NFMCnm2E07Jm7R/Spah/gl0YiscG6FMtI3EISagQb5vxIJT9UjnYfj9y7Mu/U31wQEos9plJHxMtFZBjbumrFxziCIhNLzTgzX77CnBwIdA69fU5YyRJLLge2uO6zJBbAHKyz+FGbz+lA+oLFMSYPA1McRagRpe5FdhFoajrwSe6NIErhyMfhgGLHr7OQTznRlkqafamsbnxa2f4HzVlMAw1j5CD4uCeJHKpAvRMb1BUYxXyyYrw8W0uFa5yuIa0TzK12gz6/AgxXKOAsH/WHGd9ial4hG9c746D/KMyqERszb0bRRs4ncMnJtXFov41/jd1btm6+Vs9FpnQKPJ27zMbG2S63NQ1V++M6EbggR7cQbFBErzsOt1Jp3sIssuE06hpsteB
> 
> 
> Now i want to filter that user with filter.
> 
> (Pdb) crt = open('/etc/dirsrv/slapd-standalone1/user-testuser.der', 'rb').read()
> (Pdb) crt
> b'0\x82\x05r0\x82\x03Z\xa0\x03\x02\x01\x02\x02\x05\x00\xb1f\x87|0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000e1\x0b0\t\x06\x03U\x04\x06\x13\x02AU1\x130\x11\x06\x03U\x04\x08\x13\nQueensland1\x0e0\x0c\x06\x03U\x04\x07\x13\x05389ds1\x100\x0e\x06\x03U\x04\n\x13\x07testing1\x1f0\x1d\x06\x03U\x04\x03\x13\x16ssca.389ds.example.com0\x1e\x17\r190613130903Z\x17\r210613130903Z0W1\x0b0\t\x06\x03U\x04\x06\x13\x02AU1\x130\x11\x06\x03U\x04\x08\x13\nQueensland1\x0e0\x0c\x06\x03U\x04\x07\x13\x05389ds1\x100\x0e\x06\x03U\x04\n\x13\x07testing1\x110\x0f\x06\x03U\x04\x03\x13\x08testuser0\x82\x02"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x000\x82\x02\n\x02\x82\x02\x01\x00\xb5\x14i\xf7\x1f0\xe8hc\xef\x02\xdc\xbf\xc8`\xf9Z\xc5\xecv\x05\xc6*m6\xc3\xf8U\xa8\x9d\x19i\xe2\x915\t\xd6[\x93\xfd\xa3w9\'t\x15L\x97\x88\x93\x17b\xf4\xfb-\xd2\xc8\xd3\xac\x1b\xc2\xe8\x9d\xb7a\xc7>[\xc7\x08s\x84:S\x04=\xf0-\xb1e\x17\x9a\xfd}\xeeUG\xb2\x9fn\x1b\xcbQ#\xe9~\xb6\xbeQ\xf8b\x178\x11>L\x88\xb5H\xba([\xdcs\xd6m\xda\xda\x17\x07\'Qi\xe7\xf4\xca<\x08\xdb+\xff\x8aW\x9e\x96\xb0\x9e\x14\xa0\xedP\xd3\xc0\x8dy\xc7\x9e\xa5\xc7\xfd\xaa\xa9\x9bw\x18c-\nZ\xacRx\xa7\xb8\x11?2\x9aG\xdf&\xcd\x93\xb2\x89\x9d\xee\x87\xe0s\x05\xadq\xee[t\xccmn\x176\xb1\x12\x1bm\xb7PD\x87\xf4\x99z\xe8\x9aE\xdf\xb4\x05\xe3M\x96\xfd\x81@,4D\x9f\xb9\x1c.\x95\x8do\x93&9-\x18T\xbc;\xae\x7f\x13+\x12z(\'\x9b{k\xaa\x0e\xb0a\xab\xb3$\x1dt\xe5\x890\xf1\x1a\x92\xe2[2\x90\xbf"\x89\xcc\x90\x97E\xea\x83g}gk\xb8Z\x81q\xf3\xf5\xa4\x1cc\x88\xdc\xf5dV\xc4\xfd{\x9d\x04A.\x1cta\xf3\n\xd1\xe6\xe9c\x1fv>\x01D\xd4R\xe8U\x9b\xb6"\xba\x8d\xb7\x07N5\x0bY`\x81SW\xa5\xe0\xb1\x91\xc60$1/%\xf4\xf3\\\xa3\xab\x80\xbd\x0f\x93~\xae\xe0Xg\xb1q_\xcd\xc5\x89\xba#\x925\xd7\xa2\x06\xd4\x8es\xaf \xdd\x89\x8cg\'\xe3\x08\x05\xcf\x93\xbe\xd3\x12\xaa\xe6\xf0\xa7p\x04\xa2\xe0\xf7I\xe7\xca1#b\xaa\xae0\xc2\x0f\xcc"U\xa3!\xf4rI\xb3\x03\xf5\xbc\nT8TA\xda\xbf\xac&p\xb8\xc7\xde\xd1:x\x9a\x1f\x97\xd7\x0bMB\xfaa\xfb\xb1\x8a7\xfa\x00Q\xa4p\x07\xe1^\xd6\xe5. w\x8d\xe2\xa2\xaa0\xbd\xd6\n\x96\x87\xe6\xdb]\x11H\x13\x1et.\x80\xa8
\x94*9\xe6e\x00\x99\xbb\x1e\xe3?\xd15!_\x08n\x89V%\x83\xad\x18\x93\xcb\xc2\xe2\x0e\x01\x9f\x0e=\xad\x02\x03\x01\x00\x01\xa37050\x11\x06\t`\x86H\x01\x86\xf8B\x01\x01\x04\x04\x03\x02\x07\x800\x13\x06\x03U\x1d%\x04\x0c0\n\x06\x08+\x06\x01\x05\x05\x07\x03\x020\x0b\x06\x03U\x1d\x0f\x04\x04\x03\x02\x04\xf00\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x02\x01\x00Jj\xf5\x95\x91v\x95\xd3\x176-c\xef\xafm\x96rC\xe1\x03\x03"#\xdf\x88\xca\xce`\xac^\xf9\xd3\xe8\xb2\x1f\xbb\xa2\xb5u\x86e\xf3v\xe1,\xaa\xe2\xba\xb1fB(\xd9o\xdf\tT$\xfe\x8b\xb2\xe9 &\xfa\x95W\rS\xd2s\xf4+V\x7f\xd7\x16N\xfaj\\\xf9GF\x04\xbe\xab\x11\x87\xf7\xab\xc8C\x83\xc3?7\x08\xecxa>\\\xfbL{n=\x8dc\x15\xd1\x7f\xbd\x8f\'l\xd7VF\xb5\xb2\x9a\xb0\x98\xc6M\xbbs\xb6\xb5\x83\x97+\x8b\x13\xf0\x82\x0b5*\xfd\xce\xcbN9_+\xf9s\xd2\x9f\x03\x9du @\xbf\x0ce\xb0S#\x95\xc7\xa9{\x81\x84\x17U9\xd6\x1a\xac\x05\xf8\x97\xcb\xa1\x9b\xd6\x96\xa3\xdd\x92\x81\xfb7wG=\xd9\x99B\xc1\xbddH!\x8e\xc9D\xd9&\xdaR\x9d\x97\xa6\xfc\xa1S\xa5\xd8k\xca\xbd4S\x02\x9em\x84\xd3\xb2f\xed\x1f\xd2\xa5\xa8\x7f\x82]\x18\x8a\xc7\x06\xe8S-#q\x08I\xa8\x10o\x9b\xf1 \x94\xfdR9\xd8~?r\xec\xcb\xbfS}p@J,\xf6\x99I\x1f\x13-\x15\x90cn\xe9\xab\x17\x1c\xe2\x08\x88M/4\xe0\xcd~\xfb\npp!\xd0:\xf5\xf59c$I,\xb8\x1e\xda\xe3\xba\xcc\x90[\x00r\xb2\xcf\xe1Fo?\xa5\x03\xea\x0b\x14\xc4\x98<\rLq\x16\xa0F\x97\xb9\x15\xd8E\xa1\xa8\xeb\xc1\'\xba4\x81+\x87#\x1f\x86\x01\x8b\x1e\xbe\xceA<\xe7FY*i\xf6\xa6\xb1\xb9\xf1kg\xf8\x1f5e0\x0c5\x8f\x90\x83\xe2\xe0\x9e$r\xa9\x02\xf4LoPTc\x15\xf2\xc9\x8a\xf0\xf1m.\x15\xaer\xb8\x86\xb4O2\xb5\xda\x0c\xfa\xfc\x081\\\xa3\x80\xb0\x7f\xd6\x1cg}\x89\xa9x\x84o\\\xef\x8e\x83\xfc\xa32\xa8Dl\xcd\xbd\x1bE\x1b8\x9d\xc3\'&\xd5\xc5\xa2\xfe5\xfe7un\xd9\xba\xf9[=\x16\x99\xd0(\xf2v\xef3\x1b\x1bd\xba\xdc\xd45W\xef\x8c\xe8F\xe0\x81\x1e\xdcA\xb1A\x12\xbc\xec:\xddI\xa7{\x08\xb2\xcb\x84\xd3\xa8i\xb2\xd7\x81'
> 
> 
> (Pdb) Accounts(standalone, DEFAULT_SUFFIX).filter(f"(userCertificate={crt})")
> *** ldap.FILTER_ERROR: {'desc': 'Bad search filter', 'errno': 2, 'info': 'No such file or directory'}
> 
> And finally .
> Accounts(standalone, DEFAULT_SUFFIX).filter(f"(userCertificate={escape_bytes(crt)})")  >>> escape_bytes(this is function i want to put in utils.py)
> 
> 
> 
> Regards
> Anuj Borah
> 
> 
> 
> * Consider checking: https://pagure.io/389-ds-base/pull-request/49579#request_diff we can likely pull out the python from this branch and commit to master as it adds a lot of TLS support.
> 
> Thanks
> 
> —
> Sincerely,
> 
> William Brown
> 
> Senior Software Engineer, 389 Directory Server
> SUSE Labs
> 

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux