[Freeipa-devel] [PATCH] 479 add service-disable command
Rob Crittenden
rcritten at redhat.com
Fri Jul 9 12:55:00 UTC 2010
Adam Young wrote:
> On 07/08/2010 02:57 PM, Rob Crittenden wrote:
>> Add API to delete a service principal key, service-disable. This is so
>> an admin can essentially revoke a service principal without deleting it.
>>
>> I have to do some pretty low-level LDAP work to achieve this. Since we
>> can't read the key using our modlist generator won't work and lots of
>> tricks would be needed to use the LDAPUpdate object in any case. The
>> alternative is to add a function to the ldap2 backend that achieves
>> this, or something similar like 'delete_attrs'. I just didn't see a
>> general case for it.
>>
>> I pulled usercertificate out of the global params and put into each
>> appropriate function because it makes no sense for service-disable.
>>
>> I added tests to verify that the certificate we issue is found in the
>> service. This also double-checks that the service commands actually
>> return certificate data.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Well, it builds and deploys. How do I test?
I added test information to ticket
https://fedorahosted.org/freeipa/ticket/52
More information about the Freeipa-devel
mailing list