On Wed, 14 Sep 2016, Martin Basti wrote:



On 14.09.2016 17:41, Alexander Bokovoy wrote:
On Wed, 14 Sep 2016, Martin Basti wrote:
1)
I still don't see the reason why AD trust is needed. Default trust ID view is added just by ipa-adtrust-install, adding trust is not needed for current implementation. You don't need AD for this, IDviews is generic feature not just for AD. Is that user configured on AD side?
You cannot add non-AD user to 'default trust view', so you will not be
able to set up certificates to ID override which does not exist.

For non-'default trust view' you can add both IPA and AD users, so using
some other view and then assign certificate for a ID override in that
one.


Ok then, but anyway I would like to see API/CLI tests for this feature with proper output validation.


How can be this tested with SSSD?
You need to log into the system with a certificate...
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to