freeipa

Clone
Source Code
GIT

#2408 ipa config-mod allowed to add additional certificate subjects bases
Closed: Fixed None Opened 12 years ago by rcritten.

Closed: Fixed
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=794750 (Red Hat Enterprise Linux 6)

Description of problem:

[root@dhcp-187-17 ipa-config]# ipa config-show | grep Certificate
  Certificate Subject base: O=TESTRELM.COM

[root@dhcp-187-17 ipa-config]# ipa config-mod
--addattr=ipacertificatesubjectbase=O=DOMAIN.COM
  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/sh
  Default users group: ipausers
  Default e-mail domain: blah
  Search time limit: 2
  Search size limit: 100
  User search fields: uid,givenname,sn,telephonenumber,ou,title
  Group search fields: cn,description
  Enable migration mode: FALSE
  Certificate Subject base: O=TESTRELM.COM, O=DOMAIN.COM
  Password Expiration Notification (days): 4
  Password plugin features: AllowLMhash
  SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0-s0:c0.c1023$staff_u:
s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023

  Default SELinux user: guest_u:s0
[root@dhcp-187-17 ipa-config]# ipa config-show | grep Certificate
  Certificate Subject base: O=TESTRELM.COM, O=DOMAIN.COM

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:
:: [   LOG    ] :: ipaconfig_addaddtr negative test - ipacertificatesubjectbase
only one cn allowed -
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:

:: [09:26:29] ::  Executing: ipa config-mod
--addattr=ipacertificatesubjectbase=O=DOMAIN.COM
  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/sh
  Default users group: ipausers
  Default e-mail domain: blah
  Search time limit: 2
  Search size limit: 100
  User search fields: uid,givenname,sn,telephonenumber,ou,title
  Group search fields: cn,description
  Enable migration mode: FALSE
  Certificate Subject base: O=TESTRELM.COM, O=DOMAIN.COM
  Password Expiration Notification (days): 4
  Password plugin features: AllowLMhash
  SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0-s0:c0.c1023$staff_u:
s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
  Default SELinux user: guest_u:s0
:: [09:26:31] ::  ERROR: Expected "ipa config-mod
--addattr=ipacertificatesubjectbase=O=DOMAIN.COM" to fail.
:: [   FAIL   ] :: Verify expected error message. (Expected 0, got 1)





Version-Release number of selected component (if applicable):
ipa-server-2.2.0-101.20120215T0856zgit578669d.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. see description
2.
3.

Actual results:


Expected results:


Additional info:

Moving to next month iteration.

master: 8a7d7aa

ipa-2-2: 241955e

Metadata Update from @rcritten:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/04
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=794750
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.