[Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test
Martin Basti
mbasti at redhat.com
Wed Sep 14 16:03:37 UTC 2016
On 14.09.2016 17:53, Alexander Bokovoy wrote:
> On Wed, 14 Sep 2016, Martin Basti wrote:
>>
>>
>> On 14.09.2016 17:41, Alexander Bokovoy wrote:
>>> On Wed, 14 Sep 2016, Martin Basti wrote:
>>>> 1)
>>>> I still don't see the reason why AD trust is needed. Default trust
>>>> ID view is added just by ipa-adtrust-install, adding trust is not
>>>> needed for current implementation. You don't need AD for this,
>>>> IDviews is generic feature not just for AD. Is that user configured
>>>> on AD side?
>>> You cannot add non-AD user to 'default trust view', so you will not be
>>> able to set up certificates to ID override which does not exist.
>>>
>>> For non-'default trust view' you can add both IPA and AD users, so
>>> using
>>> some other view and then assign certificate for a ID override in that
>>> one.
>>>
>>
>> Ok then, but anyway I would like to see API/CLI tests for this
>> feature with proper output validation.
>>
>>
>> How can be this tested with SSSD?
> You need to log into the system with a certificate...
Is this possible from test? We are logged remotely as root, is there any
cmdline util which allows us to test certificate against AD user?
Martin^2
More information about the Freeipa-devel
mailing list