#5733 CA ACL rejects user when full principal name used
Closed: Fixed None Opened 8 years ago by ftweedal.

ipa cert-request fails when given full user principal name.

% ipa cert-request --principal alice@IPA.LOCAL alice.csr
ipa: ERROR: alice@ipa.local: user not found

% ipa cert-request --principal alice alice.csr
Principal: alice
  Certificate: MIIDrTC... (command succeeds)

The full principal name should be supported.

Thanks to ab for reporting this issue.


master:

  • c2b92b5 caacl: correctly handle full user principal name

ipa-4-3:

  • 90ca7d4 caacl: correctly handle full user principal name

ipa-4-2:

  • 8a8ee89 caacl: correctly handle full user principal name

Tests:

master:

  • b0b9972 ipatests: fix for change_principal context manager
  • 0472300 ipatests: Add test case for requesting a certificate with full principal.

ipa-4-3:

  • c4fa656 ipatests: fix for change_principal context manager
  • e183030 ipatests: Add test case for requesting a certificate with full principal.

ipa-4-2:

  • eadd47e ipatests: fix for change_principal context manager
  • ffd6703 ipatests: Add test case for requesting a certificate with full principal.

Metadata Update from @ftweedal:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.2.5

7 years ago

Log in to comment on this ticket.

Metadata