Dne 30.7.2014 v 15:51 David Kupka napsal(a):
On 07/23/2014 03:45 PM, Nalin Dahyabhai wrote:
On Wed, Jul 23, 2014 at 10:12:39AM +0200, Martin Kosek wrote:
Certmonger API looked complete enough to pull this off:
https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/api.txt
If I am wrong, please tell me.
No, it's meant to be complete -- the getcert command only uses the APIs
to talk to the daemon, so they provide at least what it needs.
Two words of caution:
* That file's manually maintained, so it might not completely reflect
what's available. The introspection data's generated at runtime, so
if you poke the service with an introspection request, or using
d-feet, which does so under the covers, you might spot discrepancies.
It probably goes without saying, but please report any that you find.
* The majority of properties are currently marked read-only, and you
currently have to use the 'modify' API request to change them. Mostly
this is a result of 'getcert' not having needed anything more than
that, and properties having been added after the initial versions, so
it's not set in stone.
HTH,
Nalin
In fact it is almost enough complete for us. The only operation I can't
find is 'write ca_external_helper'.
add_principal_to_cas and remove_principal_from_cas are modifying this
entry in ca file. Certmonger provide 'get_location' DBus method that
returns value of this entry but I can't find any 'set_location' method,
writable property or other way to modify it over DBus.
Am I searching wrong? If not I looked in certmonger code and think that
I will be able to add the missing functionality. But I'm unsure what is
the preferred way, I can think of two:
1. set_location method
2. read-write location/ca_external_helper property
These two functions are used to force local hostname in certmonger. IMO
the right thing to do here would be to drop these two functions and fix
ipa-submit so that it reads the required configuration from
/etc/ipa/default.conf.
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
