Title: #398: Support for Certificate Identity Mapping
@flo-renaud, nevermind the `default_from` suggestion, I was wrong - if e.g.
both `--certmapdata` and `--certificate` are specified, we want to use both,
not throw away `--certificate`, which is exactly what would happen if
`--certmapdata` had default derived from `--certificate`.
One more issue, I think the `--certmapdata` option in `user-add-certmapdata`
and friends should actually be a positional argument, as that would be more
consistent with existing commands. The common pattern is that positional
arguments are used to specify the literal value of the attribute (such as
principal name in `user-add-principal`), but options need some preprocessing
(such as conversion from UID to DN in `group-add-member`). Currently the only
exception to this scheme is `user-add-cert` and friends, but that's only
because the original intent was to add a certificate file positional argument,
but it never happened.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code