Title: #228: cert-request: allow directoryName in SAN extension
@frasertweedale Oh, I didn't realize the DN in SAN matches the LDAP DN, while
the Subject DN does not.
In that case, this PR makes sense to me as is. I also don't see the need to
validate Subject DN and SAN DN differently, since they use different
representation (subject is a more generic identifier, as @tiran pointed out;
while SAN DN should be the unique LDAP DN identifier).
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code