-
Thomas Woerner authored
certmapdata was not processed properly. The certificate was not loaded and therefore the `issuer` and `subject` could not be compared to the certmapdata entries in the user record. The function `load_cert_from_str` from ansible_freeipa_moduleis used for this. Additionally there was no way to use the certmapdata data format. This is now possible with the `data` option in the certmapdata dict. Example: "data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test" `data` may not be used together with `certificate`, `issuer` and `subject` in the same record. Given certmapdata for the ipauser module is now converted to the internal data representation using also the new function `DN_x500_text` from `ansible_freeipa_module`. New functions `convert_certmapdata` and `check_certmapdata` have been added to ipauser. tests/user/certmapdata/test_user_certmapdata.yml has been extended with additional tasks to verify more complex issuer and subjects and also using the data format.
Thomas Woerner authoredcertmapdata was not processed properly. The certificate was not loaded and therefore the `issuer` and `subject` could not be compared to the certmapdata entries in the user record. The function `load_cert_from_str` from ansible_freeipa_moduleis used for this. Additionally there was no way to use the certmapdata data format. This is now possible with the `data` option in the certmapdata dict. Example: "data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test" `data` may not be used together with `certificate`, `issuer` and `subject` in the same record. Given certmapdata for the ipauser module is now converted to the internal data representation using also the new function `DN_x500_text` from `ansible_freeipa_module`. New functions `convert_certmapdata` and `check_certmapdata` have been added to ipauser. tests/user/certmapdata/test_user_certmapdata.yml has been extended with additional tasks to verify more complex issuer and subjects and also using the data format.
Loading