From b8016807ebb95b97f0a4631574be484371f4dcd0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 18 Dec 2009 11:01:00 -0500
Subject: Use the caIPAserviceCert profile for issuing service certs.

This profile enables subject validation and ensures that the subject
that the CA issues is uniform. The client can only request a specific
CN, the rest of the subject is fixed.

This is the first step of allowing the subject to be set at
installation time.

Also fix 2 more issues related to the return results migration.
---
 ipalib/plugins/cert.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ipalib')

diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index a7cd4155..a22d0753 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -179,7 +179,7 @@ class cert_request(VirtualCommand):
         # going to add it
         try:
             if not principal.startswith('host/'):
-                service = api.Command['service_show'](principal, all=True, raw=True)
+                service = api.Command['service_show'](principal, all=True, raw=True)['result']
                 dn = service['dn']
             else:
                 realm = principal.find('@')
@@ -196,7 +196,7 @@ class cert_request(VirtualCommand):
             if not add:
                 raise errors.NotFound(reason="The service principal for this request doesn't exist.")
             try:
-                service = api.Command['service_add'](principal, **{})
+                service = api.Command['service_add'](principal, **{})['result']
                 dn = service['dn']
             except errors.ACIError:
                 raise errors.ACIError(info='You need to be a member of the serviceadmin role to add services')
-- 
cgit