Learn more about these different git repos.
Other Git URLs
I need to assign custom certificate to users.
So I do
# ipa user-add-cert --certificate="$(base64 client.der)" david
The
# ipa user-find --all --raw david | grep userCertificate
shows the certificate is there
userCertificate;binary: MIICrzCCAZeg[... truncated ...]EeI5/ug==
Yet when I do
# dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByCertificate string:"$( openssl x509 < client.crt )"
I get
Error org.freedesktop.sssd.Error.NotFound: User not found
This is with ipa-server-4.2.0-3.el7.x86_64 and sssd-1.13.0-7.el7.x86_64.
Things work when I add the certificate using ldapmodify with
changetype: modify add: usercertificate usercertificate:< file:client.der
The difference is that the attribute is {{{userCertificate}}}, not {{{userCertificate;binary}}}.
Also note https://fedorahosted.org/freeipa/ticket/5173.
You should be able to fix this by setting "ldap_user_certificate" to "userCertificate;binary" in the domain section in sssd.conf.
The "userCertificate;binary" name is required by related internet standards (see https://tools.ietf.org/html/rfc4523#section-4.1 or https://tools.ietf.org/html/draft-ietf-pkix-ldap-schema-02#section-3.1), so it should be the default value for "ldap_user_certificate", or SSSD could include attribute subtype matches from LDAP search results, so that "userCertificate;binary" values are included when searching for "userCertificate".
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.13.2
owner: somebody => jhrozek status: new => assigned
milestone: SSSD 1.13.2 => SSSD 1.13.1 patch: 0 => 1
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1202724 (Red Hat Enterprise Linux 7)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1202724 1202724]
resolution: => fixed status: assigned => closed
Metadata Update from @adelton: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.13.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3783
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.