URL:
https://github.com/freeipa/freeipa/pull/812
Title: #812: [WIP] Refactoring cert-find to use API call directly instead of using
HonzaCholasta commented:
"""
@felipevolpone, that is a bad idea. Calling the API instead of doing a direct LDAP search
would degrade performace (currently everything is done in a single LDAP search, with API
calls it will be *at least* one LDAP search per owner class) and offers less flexibility
(the current code allows you to find *any* LDAP entry which refers to a certificate, with
API calls you are limited to whatever is defined in the API).
The PR currently breaks the `--user` and `--host` options, because they no longer expect a
user name and host name, but principal names (as @martbab already pointed out).
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/812#issuecomment-305090643