summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-01-20 11:26:20 -0500
committerRob Crittenden <rcritten@redhat.com>2010-01-20 17:24:01 -0500
commite4470f8165242fba6c5ce477a2eeca0141891701 (patch)
tree01b9fa763a36cce597c7bc045badcd02fe29523c /ipalib/plugins
parent2955c955acc8fc510c6183b92fb8ca1b29b823e2 (diff)
downloadfreeipa-e4470f8165242fba6c5ce477a2eeca0141891701.tar.gz
freeipa-e4470f8165242fba6c5ce477a2eeca0141891701.tar.xz
freeipa-e4470f8165242fba6c5ce477a2eeca0141891701.zip
User-defined certificate subjects
Let the user, upon installation, set the certificate subject base for the dogtag CA. Certificate requests will automatically be given this subject base, regardless of what is in the CSR. The selfsign plugin does not currently support this dynamic name re-assignment and will reject any incoming requests that don't conform to the subject base. The certificate subject base is stored in cn=ipaconfig but it does NOT dynamically update the configuration, for dogtag at least. The file /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg would need to be updated and pki-cad restarted.
Diffstat (limited to 'ipalib/plugins')
-rw-r--r--ipalib/plugins/config.py18
1 files changed, 17 insertions, 1 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index 3030ce7c7..a3851e369 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -35,7 +35,7 @@ class config(LDAPObject):
'ipamaxusernamelength', 'ipahomesrootdir', 'ipadefaultloginshell',
'ipadefaultprimarygroup', 'ipadefaultdomain', 'ipasearchtimelimit',
'ipasearchrecordslimit', 'ipausersearchfields', 'ipagroupsearchfields',
- 'ipamigrationenabled',
+ 'ipamigrationenabled', 'ipacertificatesubjectbase',
]
attribute_names = {
'ipamaxusernamelength': 'maximum username length',
@@ -48,52 +48,68 @@ class config(LDAPObject):
'ipausersearchfields': 'search fields for users',
'ipagroupsearchfields': 'search fields for groups',
'ipamigrationenabled': 'enable migration mode',
+ 'ipacertificatesubjectbase': 'base for certificate subjects',
}
takes_params = (
Int('ipamaxusernamelength?',
cli_name='maxusername',
+ label='Max. Username length',
doc='Max. Username length',
minvalue=1,
),
Str('ipahomesrootdir?',
cli_name='homedirectory',
+ label='Home Directory base',
doc='Default location of home directories',
),
Str('ipadefaultloginshell?',
cli_name='defaultshell',
+ label='Default shell',
doc='Default shell for new users',
),
Str('ipadefaultprimarygroup?',
cli_name='defaultgroup',
+ label='Default users group',
doc='Default group for new users',
),
Str('ipadefaultemaildomain?',
cli_name='emaildomain',
+ label='Default e-mail domain',
doc='Default e-mail domain new users',
),
Int('ipasearchtimelimit?',
cli_name='searchtimelimit',
+ label='Search time limit',
doc='Max. amount of time (sec.) for a search (-1 is unlimited)',
minvalue=-1,
),
Int('ipasearchrecordslimit?',
cli_name='searchrecordslimit',
+ label='Search size limit',
doc='Max. number of records to search (-1 is unlimited)',
minvalue=-1,
),
Str('ipausersearchfields?',
cli_name='usersearch',
+ label='User search fields',
doc='A comma-separated list of fields to search when searching for users',
),
Str('ipagroupsearchfields?',
cli_name='groupsearch',
+ label='Group search fields',
doc='A comma-separated list of fields to search when searching for groups',
),
Bool('ipamigrationenabled?',
+ doc='Migration mode',
cli_name='enable_migration',
doc='Enabled migration mode',
),
+ Str('ipacertificatesubjectbase?',
+ label='Certificate Subject base',
+ cli_name='subject',
+ doc='base for certificate subjects (OU=Test,O=Example)',
+ ),
)
def get_dn(self, *keys, **kwargs):