Rob Crittenden wrote:
Add API to delete a service principal key, service-disable. This is so
an admin can essentially revoke a service principal without deleting it.
I have to do some pretty low-level LDAP work to achieve this. Since we
can't read the key using our modlist generator won't work and lots of
tricks would be needed to use the LDAPUpdate object in any case. The
alternative is to add a function to the ldap2 backend that achieves
this, or something similar like 'delete_attrs'. I just didn't see a
general case for it.
I pulled usercertificate out of the global params and put into each
appropriate function because it makes no sense for service-disable.
I added tests to verify that the certificate we issue is found in the
service. This also double-checks that the service commands actually
return certificate data.
rob
We need a similar functionality for hosts so I'm going to pull back this
patch and do both at once. I'm going to move the magic that does the key
deletion into ldap2 to make for a very simple call within the plugins.
rob
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
