>From cf2ef9a8f0f880b0d722d0740952c7bfc3dd1502 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 10 Aug 2015 12:40:39 +0200
Subject: [PATCH 2/2] IPA: Change the default of ldap_user_certificate to
 userCertificate;binary

This is safe from ldb point of view, because ldb gurantees the data is
NULL-terminated. We must be careful before we save the data, though.

Resolves:
https://fedorahosted.org/sssd/ticket/2742
---
 src/man/sssd-ldap.5.xml      | 2 +-
 src/providers/ipa/ipa_opts.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 978fdbe773cddce2d2fc5f78109bf7316b00b0a3..123ac3fac3cb1feaef67ba44be65f98cd0ab8043 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -821,7 +821,7 @@
                             certificate of the user.
                         </para>
                         <para>
-                            Default: no set in the general case, userCertificate
+                            Default: no set in the general case, userCertificate;binary
                             for IPA
                         </para>
                     </listitem>
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index 9576228d1bf3424c8867bda058b59c3ca6b2216b..f6c40dddbb58cd8af1079a351137422083e26cfe 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -204,7 +204,7 @@ struct sdap_attr_map ipa_user_map[] = {
     { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL },
     { "ldap_user_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL },
     { "ldap_user_auth_type", "ipaUserAuthType", SYSDB_AUTH_TYPE, NULL },
-    { "ldap_user_certificate", "userCertificate", SYSDB_USER_CERT, NULL },
+    { "ldap_user_certificate", "userCertificate;binary", SYSDB_USER_CERT, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
-- 
2.4.3