On 05/20/2014 11:16 AM, Jan Cholasta wrote:
> On 20.5.2014 08:28, Martin Kosek wrote:
>> Hi there,
>> I checked the update CA Certificate renewal feature design page and one part
>> seemed awkward to me:
>> IIUC, when there are multiple iterations of a certificate stored, there will
>> one LDAP object with multiple cACertificate attributes, multiple ipaKeyUsage
>> attributes, ipaKeyTrust, ...
>> Given that LDAP does not guarantee order, how do I identify which
>> belongs to which attribute?
> There is no such relation, ipaKey* attributes apply to all of the
>> If I do ldapsearch for some specific ipaKeyUsage and I get this LDAP record
>> returned, how do I find out which certificate it is? Do I need to go through
>> all binary blobs, parse them and look which blob matches?
Could you then please state some example in
with more than one cACertificate;binary? I think it would greatly help
understand the relation of the new schema attributes and cACertificate. As you
can see, it may be pretty confusing.
Freeipa-devel mailing list