Dne 3.8.2015 v 14:00 Martin Babinsky napsal(a):
This patch fixes the inconsistency between storing certificates in
'userCertificate'/'userCertificate;binary' attribute for the user
entries: the certificate must be stored in the latter attribute only.

Since a more general fix is out of 4.2.1 scope, I have implemented some
workarounds in pre/post callbacks of user-* commands in order to enforce
this behavior.


+    def convert_usercertificate_pre(self, entry_attrs, **options):
+        if options.get('all', False):
+            return

We don't want to do any renaming when --raw is specified, not --all. Same for convert_usercertificate_post.


+        self.obj.convert_usercertificate_pre(entry_attrs, **options)

Rather than calling this directly from user_add, this should be called from baseuser.pre_common_callback(), which should be called from user_add.post_callback().

3) IMO you should change user_{add,remove}_cert to call baseuser.convert_usercertificate_{pre,post} as well, to avoid code duplication.


Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to