URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping

HonzaCholasta commented:
@flo-renaud, nevermind the `default_from` suggestion, I was wrong - if e.g. 
both `--certmapdata` and `--certificate` are specified, we want to use both, 
not throw away `--certificate`, which is exactly what would happen if 
`--certmapdata` had default derived from `--certificate`.

One more issue, I think the `--certmapdata` option in `user-add-certmapdata` 
and friends should actually be a positional argument, as that would be more 
consistent with existing commands. The common pattern is that positional 
arguments are used to specify the literal value of the attribute (such as 
principal name in `user-add-principal`), but options need some preprocessing 
(such as conversion from UID to DN in `group-add-member`). Currently the only 
exception to this scheme is `user-add-cert` and friends, but that's only 
because the original intent was to add a certificate file positional argument, 
but it never happened.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to