Re: [SSSD] [PATCH] Switch ldap_user_certificate default to userCertificate; binary

On 08/10/2015 12:59 PM, Jakub Hrozek wrote: >Hi, > >the attached patches fix #2742. The first one makes sure we can print >the certificate (or any binary attribute, really) safely. We only need >to make sure to escape the attribute values before saving them to sysdb, >because then ldb guarantees terminating them. > >The second just switches the attribute value. I tested using this howto: > http://www.freeipa.org/page/V4/User_Certificates#How_to_Test > >You'll also want to use a recent enough IPA version, one that fixes: > https://fedorahosted.org/freeipa/ticket/5173 > >Then, on the client, call: > dbus-send --print-reply \ > --system \ > --dest=org.freedesktop.sssd.infopipe \ > /org/freedesktop/sssd/infopipe/Users \ > org.freedesktop.sssd.infopipe.Users.FindByCertificate \ > string:"$( openssl x509 < cert.pem )" > >The result will be an object path. Ack.