Dne 30.7.2014 v 15:51 David Kupka napsal(a):
On 07/23/2014 03:45 PM, Nalin Dahyabhai wrote:
On Wed, Jul 23, 2014 at 10:12:39AM +0200, Martin Kosek wrote:
Certmonger API looked complete enough to pull this off:

If I am wrong, please tell me.

No, it's meant to be complete -- the getcert command only uses the APIs
to talk to the daemon, so they provide at least what it needs.

Two words of caution:
* That file's manually maintained, so it might not completely reflect
   what's available.  The introspection data's generated at runtime, so
   if you poke the service with an introspection request, or using
   d-feet, which does so under the covers, you might spot discrepancies.
   It probably goes without saying, but please report any that you find.
* The majority of properties are currently marked read-only, and you
   currently have to use the 'modify' API request to change them.  Mostly
   this is a result of 'getcert' not having needed anything more than
   that, and properties having been added after the initial versions, so
   it's not set in stone.



In fact it is almost enough complete for us. The only operation I can't
find is 'write ca_external_helper'.
add_principal_to_cas and remove_principal_from_cas are modifying this
entry in ca file. Certmonger provide 'get_location' DBus method that
returns value of this entry but I can't find any 'set_location' method,
writable property or other way to modify it over DBus.
Am I searching wrong? If not I looked in certmonger code and think that
I will be able to add the missing functionality. But I'm unsure what is
the preferred way, I can think of two:
1. set_location method
2. read-write location/ca_external_helper property

These two functions are used to force local hostname in certmonger. IMO the right thing to do here would be to drop these two functions and fix ipa-submit so that it reads the required configuration from /etc/ipa/default.conf.

Jan Cholasta

Freeipa-devel mailing list

Reply via email to