URL:
https://github.com/SSSD/sssd/pull/488
Title: #488: Two fixes for certificates in idoverrides
sumit-bose commented:
"""
Hi Jakub,
thank you for the review, I rebased the patches on top of the current master.
About userMappedCertificate, it is expected that it is not added on the client when
looking up the user by name of ID. If you lookup the user with the certificate on the
client the userMappedCertificate should be added to the cached user entry as well.
The userCertificate attribute was added to the override attributes to map the user to the
a certificate independent of other mapping rules. On the server side is was code-wise easy
to add the certificate from the override to the userMappedCertificate attribute even when
just looking up the user by name and hence is was done to improve the performance for the
first lookup by certificate. On the client it would require some larger code changes to
add the certificate from the override also during name or id based lookup so I skipped it
here. This is in agreement to lookups by certificate which are handled by the matching
rules, here as well the certificate is only added to userMappedCertificate during
certificate based lookups.
HTH
bye,
Sumit
"""
See the full comment at
https://github.com/SSSD/sssd/pull/488#issuecomment-360067152