On Tue, Feb 21, 2017 at 06:12:23PM +0100, Petr Vobornik wrote: > On 02/21/2017 05:15 PM, Florence Blanc-Renaud wrote: > > Hi, > > > > related to the Certificate Identity Mapping feature, a new CLI will be > > needed to find all the users matching a given certificate. > > > > I propose to provide this as: > > > > ipa certmaptest --certificate <cert> > > --------------- > > 2 users matched > > --------------- > > Matched user login: test1 > > Matched user login: test2 > > ---------------------------- > > Number of entries returned 2 > > ---------------------------- > > > > > > Please provide any comments, suggestions on the CLI or the output. > > Thanks, > > Flo. > > > > Thanks Flo for sharing it. > > I don't like the command name. It is not self explanatory. It says it is > testing something, it is not clear what and the actual result is users who > match the map configuration or have the cert in their user's entry. > > Better would be: > $ ipa certmap-match --certificate > How about `ipa certmap-find-user ...'? Doesn't get more obvious than that, IMO.
> > Pasting user story to give context if somebody is not familiar with it: > """ > As a Security Officer, I want to present IdM Server with an Employee Smart > Card certificate and list all Employees with a matching role account, so > that I can validate the configuration is correct > > Note: In FreeIPA 4.4, user-find --certificate can already find users linked > with a certificate blob > > Acceptance criteria: > * I can perform the administrative task both via IdM Web UI and CLI > * When asking IdM for the information, I should always receive the same list > that would be matched in client authentication workflows (by SSSD) > * The list of users should include both users linked via standard > certificate blob and other generically mapped users > """ > -- > Petr Vobornik > > Associate Manager, Engineering, Identity Management > Red Hat, Inc. > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
