[FABC-709] Fix error message for LDAP converter

Durning enrollment for an identity LDAP, the incorrect error message was shown as to the reason for failure. Fixed this so that if an incorrect value is specified for an LDAP converter, the appropriate error is returned. Change-Id: Ic67d3b055402429e5614972f8d81c35d51bfb061 Signed-off-by: Saad Karim <skarim@us.ibm.com>
hyperledger · Sep 13, 2018 · 7cb4d81 · 7cb4d81
1 parent 15e18aa
commit 7cb4d81
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 10 deletions.
diff --git a/lib/serverrequestcontext.go b/lib/serverrequestcontext.go
@@ -278,7 +278,10 @@ func (ctx *serverRequestContextImpl) GetAttrExtension(attrReqs []*api.AttributeR
 	if err != nil {
 		return nil, err
 	}
-	allAttrs, _ := ui.GetAttributes(nil)
+	allAttrs, err := ui.GetAttributes(nil)
+	if err != nil {
+		return nil, err
+	}
 	if attrReqs == nil {
 		attrReqs = getDefaultAttrReqs(allAttrs)
 		if attrReqs == nil {

diff --git a/scripts/fvt/fabric-ca_utils b/scripts/fvt/fabric-ca_utils
@@ -535,6 +535,7 @@ function genRunconfig() {
    : ${FABRIC_TLS:='false'}
    : ${FABRIC_CA_DEBUG:='false'}
    local registry=""
+   local converters=""
    setTLS
 
    case ${version:-"yaml"} in
@@ -858,6 +859,26 @@ done)
       maxEnrollments: $maxEnroll
       attrs: []"
 fi
+
+converters='
+    converters:
+      - name: hf.GenCRL
+        value: attr("memberOf") =~ "cn=Gencrl,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
+      - name: hf.Revoker
+        value: attr("memberOf") =~ "cn=Revoker,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
+      - name: hf.IntermediateCA
+        value: attr("memberOf") =~ "cn=Ca,ou=groups,dc=example,dc=com"
+      - name: hf.Registrar.Roles
+        value: map(attr("memberOf"),"roles")'
+
+if [ "$LDAP_ERROR" == "true" ]; then converters='
+    converters:
+      - name: hf.GenCRL
+        value: attr("memberOf") =~ "cn=Gencrl,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
+      - name: hf.Type
+        value: client'
+fi
+
 cat > $runconfig <<EOF
 address: $CA_HOST_ADDRESS
 port: $CA_DEFAULT_PORT
@@ -902,15 +923,7 @@ ldap:
              "uidNumber",
              "memberOf"
            ]
-    converters:
-      - name: hf.GenCRL
-        value: attr("memberOf") =~ "cn=Gencrl,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
-      - name: hf.Revoker 
-        value: attr("memberOf") =~ "cn=Revoker,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
-      - name: hf.IntermediateCA
-        value: attr("memberOf") =~ "cn=Ca,ou=groups,dc=example,dc=com"
-      - name: hf.Registrar.Roles
-        value: map(attr("memberOf"),"roles")
+    $converters
     maps:
       ROLES:
          - name: cn=Client,ou=groups,dc=example,dc=com

diff --git a/scripts/fvt/ldap_test.sh b/scripts/fvt/ldap_test.sh
@@ -130,5 +130,11 @@ echo "User 'notadmin' is attempting to generate a crl ... "
 $FABRIC_CA_CLIENTEXEC gencrl -u $URI -H $UDIR/notadmin $TLSOPT 2>&1| grep 'Authorization failure'
 test "$?" -eq 0 || ErrorMsg "User 'notadmin' should not generate a crl"
 
+export LDAP_ERROR=true
+$SCRIPTDIR/fabric-ca_setup.sh -R
+$SCRIPTDIR/fabric-ca_setup.sh -I -a -D -X -S -n1
+CA_CFG_PATH=$UDIR enroll testUser testUserpw uid,hf.Revoker 2>&1 | grep "Failed to evaluate LDAP expression"
+test "$?" -eq 0 || ErrorMsg "Enroll should fail, incorrect LDAP converter specified"
+
 CleanUp $RC
 exit $RC