Title: #228: cert-request: allow directoryName in SAN extension
As I have understood from the mailing list discussion, we have two options:
1. We use this patch as is. That means Subject Alternative Name (SAN) DN always
has to be the same as the Subject DN. Is there any use case for this? To me
this seems like a duplicate info. Isn't the purpose of SAN to provide an
2. We extend the validation to allow any existing principal. Are there any use
cases for this?
Perhaps I'm missing something, but the first option doesn't seem very useful
and I don't know if the second one is a valid and needed use case.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code