bbed1ad certmap rules: altSecurityIdentities should only be used for trusted domains

Authored and Committed by abbra 4 years ago
    certmap rules: altSecurityIdentities should only be used for trusted domains
    
    IPA LDAP has no altSecurityIdentities in use, it only should apply to
    identities in trusted Active Directory domains.
    
    Add checks to enforce proper certmap rule attribution for specific
    Active Directory domains.
    
    Related: https://pagure.io/freeipa/issue/7932
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
    
        
file modified
+73 -0