diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-12-18 11:01:00 -0500 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2010-01-08 13:36:16 -0700 |
| commit | b8016807ebb95b97f0a4631574be484371f4dcd0 (patch) | |
| tree | 8d1a2fbd28d53e5911a3158e316d9d6ac32c03e4 /ipalib/plugins | |
| parent | 864490ff41c306b7388dd08ab5091df2f8310a55 (diff) | |
| download | freeipa-b8016807ebb95b97f0a4631574be484371f4dcd0.tar.gz freeipa-b8016807ebb95b97f0a4631574be484371f4dcd0.tar.xz freeipa-b8016807ebb95b97f0a4631574be484371f4dcd0.zip | |
Use the caIPAserviceCert profile for issuing service certs.
This profile enables subject validation and ensures that the subject
that the CA issues is uniform. The client can only request a specific
CN, the rest of the subject is fixed.
This is the first step of allowing the subject to be set at
installation time.
Also fix 2 more issues related to the return results migration.
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/cert.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py index a7cd4155f..a22d0753e 100644 --- a/ipalib/plugins/cert.py +++ b/ipalib/plugins/cert.py @@ -179,7 +179,7 @@ class cert_request(VirtualCommand): # going to add it try: if not principal.startswith('host/'): - service = api.Command['service_show'](principal, all=True, raw=True) + service = api.Command['service_show'](principal, all=True, raw=True)['result'] dn = service['dn'] else: realm = principal.find('@') @@ -196,7 +196,7 @@ class cert_request(VirtualCommand): if not add: raise errors.NotFound(reason="The service principal for this request doesn't exist.") try: - service = api.Command['service_add'](principal, **{}) + service = api.Command['service_add'](principal, **{})['result'] dn = service['dn'] except errors.ACIError: raise errors.ACIError(info='You need to be a member of the serviceadmin role to add services') |