URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping

sumit-bose commented:
It looks like the ACis on the latest version do not allow hosts to access the 
rules. When I do 'kinit -k' on the IPA server or a client and call

    ldapsearch -H ldap://ipa-server.ipa.devel 
'(&(objectClass=ipaCertMapRule)(ipaEnabledFlag=TRUE))' -Y GSSAPI

I do not get any results. When I call 'kinit admin' and use the same ldapsearch 
I get my rule returned. Can you confirm this or is my test system broken?

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to