Hi Jan, Yes, you're correct - it's a bug. I filed a JIRA here: https://issues.apache.org/jira/browse/CXF-8071
Here is a PR to fix the problem - https://github.com/apache/cxf/pull/565 I made a change to the default serviceCertUIDTemplate, as I don't think it makes sense to have it use "cn" by default. Let me know what you think, Colm. On Mon, Jul 8, 2019 at 3:14 PM Jan Bernhardt <[email protected]> wrote: > Hi CXF developers, > > > > I’m trying to understand if there is a bug or a feature that I don’t > understand in the LDAP Repository implementation for CXF XKMS. > > > > > https://github.com/apache/cxf/blob/master/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java > > Line 206, 207 > > > > Here the service LDAP template filter gets applied first (looks fine to > me), but then the result is send to the getCertificateForUIDAttr method. > Here the UIDAttribute LDAP filter gets applied on top of the other filter, > making the first filter useless (or even breaks it). > > So from my perspective line 207 should look like line 241. > > > > Can you confirm? > > > > Jan > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
