URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
HonzaCholasta commented:
"""
I forgot to say that in the CLI, the certificate should be specified using a
file. PR #557 implements this.
"""
See the full comment at
https://gi
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
dkupka commented:
"""
master:
* ea34e17a46a60efb9c4dc81dab919a1639dec73b IdM Server: list all Employees with
matching Smart Card
"""
See the full comment at
https://github.co
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
dkupka commented:
"""
@flo-renaud Thank you.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/516#issuecomment-285049667
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
@dkupka
I added the following explanation in the doc for certmap_match:
"""
Search for users matching the provided certificate.
This comma
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
dkupka commented:
"""
@sumit-bose I agree. If this is in help text we can also display it in WebUI.
@flo-renaud Please add description and explanation of this behaviour into
__
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
sumit-bose commented:
"""
I agree, it would be good if the help text can mention that cached data is used
and maybe even mention the sss_cache utility to invalidate the entry. I
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
dkupka commented:
"""
@flo-renaud That's right but we should probably stress this somehow because
it's not intuitive. Also we're returning what SSSD would return on master but
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
Hi @dkupka
As the goal of this command is to return exactly the same list of users as SSSD
would consider for authentication, IMHO it is expected that
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
dkupka commented:
"""
@flo-renaud While playing with this command I've noticed one disturbing fact.
Because we rely on SSSD and SSSD rely its cache we will likely return
inaccu
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
HonzaCholasta commented:
"""
@flo-renaud, thanks, LGTM.
BTW Travis fails because there is no `sssd-dbus >= 1.15.1` - submitting a build
to freeipa-master now.
"""
See the full
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
Hi @HonzaCholasta
sorry I overlooked the change for count. It's updated now, thank you for the
review.
"""
See the full comment at
https://github.co
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
Hi @HonzaCholasta
thank you for your comments. Patch rebased.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/516#issuecomment-28
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
HonzaCholasta commented:
"""
@flo-renaud, please rebase.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/516#issuecomment-284404070
--
Manage your subscrip
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
@abbra ,
Thanks for your comment. Running in permissive mode I did not see any AVC
logged in the journal.
@HonzaCholasta
thanks for the tips re. writ
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
@abbra ,
Thanks for your comment. Running in permissive mode I did not see any AVC
logged in the journal.
@HonzaCholasta
thanks for the tips re. writ
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
sumit-bose commented:
"""
Yes, a hint aka user name will be used during authentication. But this PR here
is about to get an idea which user is allowed to authenticate based on t
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
simo5 commented:
"""
I am not sure we want to wait for replies from trusted domains, it may be very
slow, and in some cases it will just not work right (one way trusts with stri
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
Hi @simo5
The command must also be able to return matching entries coming from trusted
domains, and SSSD is able to handle this part for us.
"""
See
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
simo5 commented:
"""
Why do we need to talk to SSSD to do this?
Don't we have all the needed data in LDAP already ?
"""
See the full comment at
https://github.com/freeipa/freei
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
abbra commented:
"""
One thing I don't like is that SELinux policy requirements aren't mentioned. To
allow ipaapi user to talk to SSSD dbus interface, you have to have a policy
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
Note: this PR is work in progress. It requires PR#398 Support for Certificate
Identity Mapping and sssd patches not pushed yet.
"""
See the full comme
21 matches
Mail list logo
