[Freeipa-devel] [PATCH 0405] idviews: Add user certificate attribute to user ID overrides
Jan Cholasta
jcholast at redhat.com
Mon Apr 4 14:27:02 UTC 2016
Hi,
On 1.4.2016 16:53, Tomas Babej wrote:
> Hi,
>
> this extends the user ID overrides with capability to store the user
> certificate.
>
> https://fedorahosted.org/freeipa/ticket/4955
The preferred way of managing certificates nowadays is using
$OBJ-add-cert and $OBJ-remove-cert commands, you should add them here as
well.
I would even go as far as not allowing to modify certificates using
idoverrideuser-mod - in user-mod and host-mod, it's there just for
backward compatibility, which is not the case here. But I don't have a
strong opinion on that.
For consistency with user-find and host-find, the full certificate blob
should not be shown in idoverrideuser-find. You can do that by setting
search_display_attributes attribute on the idoverrideuser class
appropriately.
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list