On 04/16/2015 10:03 AM, Fraser Tweedale wrote:
Hi everyone,
Please review my Certificate Profiles design proposal:
http://www.freeipa.org/page/V4/Certificate_Profiles
Let me know what is unclear, what needs expansion, and what is plain
wrong :)
The schema for storing multiple certificates for a principal is
still being discussed but I expect it will be agreed soon, and I
will add it to the document.
I am revising the sub-CAs design proposal and it will soon be
published for review as well.
Cheers,
Fraser
Hello Fraser,
I will reiterate one of my concernes from our private mails here for the
wider audience :)
I'd really like to have a way how to list the profiles managed by IPA
other than using
the dogtag REST API directly. Simple wrapper around the api call for
/ca/rest/profiles[/$id[/raw]]
endpoints returning a list of IDs [and dumping the profile to file] for
the sake of consistency,
since other endpoints are wrapped by ipa commands, would be sufficient
for me.
This can be also used to query the information (at least the list of
IDs) when used in the web UI.
I don't know how exactly dogtag is wired into IPA (I've seen that there
is separate suffix
on the DS instance) and I don't really need to duplicate any data into
the defaultNamingContext
and its subtree.
Cheers,
Milan
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code