[Freeipa-devel] [PATCH] 479 add service-disable command
Adam Young
ayoung at redhat.com
Thu Jul 8 22:55:49 UTC 2010
On 07/08/2010 02:57 PM, Rob Crittenden wrote:
> Add API to delete a service principal key, service-disable. This is so
> an admin can essentially revoke a service principal without deleting it.
>
> I have to do some pretty low-level LDAP work to achieve this. Since we
> can't read the key using our modlist generator won't work and lots of
> tricks would be needed to use the LDAPUpdate object in any case. The
> alternative is to add a function to the ldap2 backend that achieves
> this, or something similar like 'delete_attrs'. I just didn't see a
> general case for it.
>
> I pulled usercertificate out of the global params and put into each
> appropriate function because it makes no sense for service-disable.
>
> I added tests to verify that the certificate we issue is found in the
> service. This also double-checks that the service commands actually
> return certificate data.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Well, it builds and deploys. How do I test?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100708/1a588313/attachment.htm>
More information about the Freeipa-devel
mailing list