[Freeipa-devel] [PATCH 0405] idviews: Add user certificate attribute to user ID overrides
Tomas Babej
tbabej at redhat.com
Wed Apr 13 07:55:18 UTC 2016
On 04/07/2016 01:53 PM, Sumit Bose wrote:
> On Mon, Apr 04, 2016 at 04:27:02PM +0200, Jan Cholasta wrote:
>> Hi,
>>
>> On 1.4.2016 16:53, Tomas Babej wrote:
>>> Hi,
>>>
>>> this extends the user ID overrides with capability to store the user
>>> certificate.
>>>
>>> https://fedorahosted.org/freeipa/ticket/4955
>>
>> The preferred way of managing certificates nowadays is using $OBJ-add-cert
>> and $OBJ-remove-cert commands, you should add them here as well.
>>
>> I would even go as far as not allowing to modify certificates using
>> idoverrideuser-mod - in user-mod and host-mod, it's there just for backward
>> compatibility, which is not the case here. But I don't have a strong opinion
>> on that.
>>
>> For consistency with user-find and host-find, the full certificate blob
>> should not be shown in idoverrideuser-find. You can do that by setting
>> search_display_attributes attribute on the idoverrideuser class
>> appropriately.
>
> I tested the current patch with my related patches for SSSD and all is
> working as expected.
>
> bye,
> Sumit
>
>>
>> Honza
>>
>> --
>> Jan Cholasta
>>
>> --
>> Manage your subscription for the Freeipa-devel mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
>
Thanks for the reviews,
attaching a updated patch that addresses Honza's comments.
Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0405-2-idviews-Add-user-certificate-attribute-to-user-ID-ov.patch
Type: text/x-patch
Size: 14406 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160413/54c4564c/attachment.bin>
More information about the Freeipa-devel
mailing list