the attached patches fix #2742. The first one makes sure we can print
the certificate (or any binary attribute, really) safely. We only need
to make sure to escape the attribute values before saving them to sysdb,
because then ldb guarantees terminating them.
The second just switches the attribute value. I tested using this howto:
You'll also want to use a recent enough IPA version, one that fixes:
Then, on the client, call:
dbus-send --print-reply \
string:"$( openssl x509 < cert.pem )"
The result will be an object path.