On 02/21/2017 05:15 PM, Florence Blanc-Renaud wrote:

related to the Certificate Identity Mapping feature, a new CLI will be
needed to find all the users matching a given certificate.

I propose to provide this as:

ipa certmaptest --certificate <cert>
2 users matched
  Matched user login: test1
  Matched user login: test2
Number of entries returned 2

Please provide any comments, suggestions on the CLI or the output.

Thanks Flo for sharing it.

I don't like the command name. It is not self explanatory. It says it is testing something, it is not clear what and the actual result is users who match the map configuration or have the cert in their user's entry.

Better would be:
  $ ipa certmap-match --certificate

Pasting user story to give context if somebody is not familiar with it:
As a Security Officer, I want to present IdM Server with an Employee Smart Card certificate and list all Employees with a matching role account, so that I can validate the configuration is correct

Note: In FreeIPA 4.4, user-find --certificate can already find users linked with a certificate blob

Acceptance criteria:
* I can perform the administrative task both via IdM Web UI and CLI
* When asking IdM for the information, I should always receive the same list that would be matched in client authentication workflows (by SSSD) * The list of users should include both users linked via standard certificate blob and other generically mapped users
Petr Vobornik

Associate Manager, Engineering, Identity Management
Red Hat, Inc.

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to