[Freeipa-devel] [PATCH] 1028 service pac types
Rob Crittenden
rcritten at redhat.com
Fri Jun 22 20:27:07 UTC 2012
This patch is more a WIP than anything. I want to see if I'm on the
right track.
rob
-------------- next part --------------
From a9e9433d2cfec79c28de401c16bae198ddedb3d4 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten at redhat.com>
Date: Thu, 21 Jun 2012 12:18:34 -0400
Subject: [PATCH] Add per-service option to store the types of PAC it
supports.
Create a per-service default as well.
https://fedorahosted.org/freeipa/ticket/2184
---
API.txt | 12 ++++++++----
VERSION | 2 +-
install/share/60basev3.ldif | 1 +
install/updates/10-60basev3.update | 3 +++
install/updates/10-selinuxusermap.update | 5 +++++
install/updates/60-trusts.update | 4 ++++
ipalib/plugins/config.py | 9 ++++++++-
ipalib/plugins/service.py | 23 ++++++++++++++++++-----
tests/test_xmlrpc/test_host_plugin.py | 1 +
tests/test_xmlrpc/test_service_plugin.py | 13 +++++++++++++
10 files changed, 62 insertions(+), 11 deletions(-)
diff --git a/API.txt b/API.txt
index 5ad2dbaaa75ec4343a256fa64ac56c607f15c6e8..174892a6fa3fb2794b0ed364540e360f8630fdbb 100644
--- a/API.txt
+++ b/API.txt
@@ -445,7 +445,7 @@ args: 1,0,1
arg: Str('request_id')
output: Output('result', None, None)
command: config_mod
-args: 0,23,3
+args: 0,24,3
option: Int('ipamaxusernamelength', attribute=True, autofill=False, cli_name='maxusername', minvalue=1, multivalue=False, required=False)
option: IA5Str('ipahomesrootdir', attribute=True, autofill=False, cli_name='homedirectory', multivalue=False, required=False)
option: Str('ipadefaultloginshell', attribute=True, autofill=False, cli_name='defaultshell', multivalue=False, required=False)
@@ -462,6 +462,7 @@ option: Int('ipapwdexpadvnotify', attribute=True, autofill=False, cli_name='pwde
option: StrEnum('ipaconfigstring', attribute=True, autofill=False, cli_name='ipaconfigstring', csv=True, multivalue=True, required=False, values=(u'AllowLMhash', u'AllowNThash', u'KDC:Disable Last Success', u'KDC:Disable Lockout'))
option: Str('ipaselinuxusermaporder', attribute=True, autofill=False, cli_name='ipaselinuxusermaporder', multivalue=False, required=False)
option: Str('ipaselinuxusermapdefault', attribute=True, autofill=False, cli_name='ipaselinuxusermapdefault', multivalue=False, required=False)
+option: StrEnum('ipadefaultkrbauthzdata', attribute=True, autofill=False, cli_name='pac_type', csv=True, multivalue=True, required=False, values=(u'MS-PAC', u'UNIX-PAC'))
option: Str('setattr*', cli_name='setattr', exclude='webui')
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Str('delattr*', cli_name='delattr', exclude='webui')
@@ -2641,9 +2642,10 @@ output: Output('notmatched', (<type 'list'>, <type 'tuple'>, <type 'NoneType'>),
output: Output('error', (<type 'list'>, <type 'tuple'>, <type 'NoneType'>), None)
output: Output('value', <type 'unicode'>, None)
command: service_add
-args: 1,5,3
+args: 1,6,3
arg: Str('krbprincipalname', attribute=True, cli_name='principal', multivalue=False, primary_key=True, required=True)
option: Bytes('usercertificate', attribute=True, cli_name='certificate', multivalue=False, required=False)
+option: StrEnum('ipakrbauthzdata', attribute=True, cli_name='pac_type', csv=True, multivalue=True, required=False, values=(u'MS-PAC', u'UNIX-PAC'))
option: Flag('force', autofill=True, default=False)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@@ -2675,9 +2677,10 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('result', <type 'bool'>, None)
output: Output('value', <type 'unicode'>, None)
command: service_find
-args: 1,9,4
+args: 1,10,4
arg: Str('criteria?', noextrawhitespace=False)
option: Str('krbprincipalname', attribute=True, autofill=False, cli_name='principal', multivalue=False, primary_key=True, query=True, required=False)
+option: StrEnum('ipakrbauthzdata', attribute=True, autofill=False, cli_name='pac_type', csv=True, multivalue=True, query=True, required=False, values=(u'MS-PAC', u'UNIX-PAC'))
option: Int('timelimit?', autofill=False, minvalue=0)
option: Int('sizelimit?', autofill=False, minvalue=0)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -2691,9 +2694,10 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
output: Output('count', <type 'int'>, None)
output: Output('truncated', <type 'bool'>, None)
command: service_mod
-args: 1,8,3
+args: 1,9,3
arg: Str('krbprincipalname', attribute=True, cli_name='principal', multivalue=False, primary_key=True, query=True, required=True)
option: Bytes('usercertificate', attribute=True, autofill=False, cli_name='certificate', multivalue=False, required=False)
+option: StrEnum('ipakrbauthzdata', attribute=True, autofill=False, cli_name='pac_type', csv=True, multivalue=True, required=False, values=(u'MS-PAC', u'UNIX-PAC'))
option: Str('setattr*', cli_name='setattr', exclude='webui')
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Str('delattr*', cli_name='delattr', exclude='webui')
diff --git a/VERSION b/VERSION
index 77340e02e91c91b45e5431810aac2a5c9d6237b6..bc76959b3a1709c6bbad76a0e4405c2c6e329bdd 100644
--- a/VERSION
+++ b/VERSION
@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=38
+IPA_API_VERSION_MINOR=39
diff --git a/install/share/60basev3.ldif b/install/share/60basev3.ldif
index 2c24137b0dc39f215ed0e4b97079ffce0ec630d3..eb0869568dcb33866a1a42f99ab03becce4e5cee 100644
--- a/install/share/60basev3.ldif
+++ b/install/share/60basev3.ldif
@@ -29,6 +29,7 @@ attributeTypes: ( 2.16.840.1.113730.3.8.11.21 NAME 'ipaAllowToImpersonate' DESC
attributeTypes: ( 2.16.840.1.113730.3.8.11.22 NAME 'ipaAllowedTarget' DESC 'Target principals alowed to get a ticket for' SUP distinguishedName X-ORIGIN 'IPA-v3')
attributeTypes: (2.16.840.1.113730.3.8.11.30 NAME 'ipaSELinuxUser' DESC 'An SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3')
attributeTypes: (2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey' DESC 'SSH public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'IPA v3' )
+attributeTypes: (2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 'type of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' )
objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $ memberOf $ description $ owner) X-ORIGIN 'IPA v3' )
objectClasses: (2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) MAY ( ipaNTHash $ ipaNTLogonScript $ ipaNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN 'IPA v3' )
objectClasses: (2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' )
diff --git a/install/updates/10-60basev3.update b/install/updates/10-60basev3.update
index 96d012c14d26133b07a503e78fa1e8b33d2a56d9..c4f3fe35d11af808d4e614579263d73febd0bc7b 100644
--- a/install/updates/10-60basev3.update
+++ b/install/updates/10-60basev3.update
@@ -5,4 +5,7 @@ add:attributeTypes: ( 2.16.840.1.113730.3.8.11.22 NAME 'ipaAllowedTarget' DESC '
add:objectClasses: (2.16.840.1.113730.3.8.12.6 NAME 'groupOfPrincipals' SUP top AUXILIARY MUST ( cn ) MAY ( memberPrincipal ) X-ORIGIN 'IPA v3' )
add:objectClasses: (2.16.840.1.113730.3.8.12.7 NAME 'ipaKrb5DelegationACL' SUP groupOfPrincipals STRUCTURAL MAY ( ipaAllowToImpersonate $$ ipaAllowedTarget ) X-ORIGIN 'IPA v3' )
add:attributeTypes: (2.16.840.1.113730.3.8.11.32 NAME 'ipaKrbPrincipalAlias' DESC 'IPA principal alias' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3')
+add:attributeTypes: (2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 'type of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3')
+add:attributeTypes: (2.16.840.1.113730.3.8.11.38 NAME 'ipaDefaultKrbAuthzData' DESC 'Default service PAC type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3')
add:objectClasses: (2.16.840.1.113730.3.8.12.8 NAME 'ipaKrbPrincipal' SUP krbPrincipalAux AUXILIARY MUST ( krbPrincipalName $$ ipaKrbPrincipalAlias ) X-ORIGIN 'IPA v3' )
+replace:objectClasses: ( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf $$ managedBy ) X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf $$ managedBy $$ ipaKrbAuthzData) X-ORIGIN 'IPA v2' )
diff --git a/install/updates/10-selinuxusermap.update b/install/updates/10-selinuxusermap.update
index 431477adf87d2fd9aaf5ed288c8c9eaba7ca35f1..ce11d26e26399d428912a4995a9a47b3a617cdee 100644
--- a/install/updates/10-selinuxusermap.update
+++ b/install/updates/10-selinuxusermap.update
@@ -21,6 +21,11 @@ add:attributeTypes:
X-ORIGIN 'IPA v3')
replace:objectClasses:( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase ) )::( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder) )
+# Add the default PAC service type relies on the new SELinux user map
+# values being there so add it here.
+dn: cn=schema
+replace:objectClasses:( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder ) )::( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder $$ ipaDefaultKrbAuthzData) )
+
# Add the SELinux User map schema
add:attributeTypes:
( 2.16.840.1.113730.3.8.11.30
diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update
index 82d78315d773a4cc1f25a420e5171270504730a3..9e6a23948c1070edc61f01c8919f8e2e41f782ef 100644
--- a/install/updates/60-trusts.update
+++ b/install/updates/60-trusts.update
@@ -60,3 +60,7 @@ add:aci: '(target = "ldap:///cn=trusts,$SUFFIX")(targetattr = "ipaNTTrustType ||
# Samba user should be able to read NT passwords to authenticate
dn: $SUFFIX
add:aci: '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read NT passwords"; allow (read) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX";)'
+
+# Add the default PAC type to configuration
+dn: cn=ipaConfig,cn=etc,$SUFFIX
+add: ipaDefaultKrbAuthzData: MS-PAC
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index c8230e23a779163bca447594206a65b6062d4b37..0e038f40d4c7b8a77bfea43e40810e83a270a059 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -90,7 +90,7 @@ class config(LDAPObject):
'ipasearchrecordslimit', 'ipausersearchfields', 'ipagroupsearchfields',
'ipamigrationenabled', 'ipacertificatesubjectbase',
'ipapwdexpadvnotify', 'ipaselinuxusermaporder',
- 'ipaselinuxusermapdefault', 'ipaconfigstring',
+ 'ipaselinuxusermapdefault', 'ipaconfigstring', 'ipadefaultkrbauthzdata',
]
label = _('Configuration')
@@ -189,6 +189,13 @@ class config(LDAPObject):
label=_('Default SELinux user'),
doc=_('Default SELinux user when no match is found in SELinux map rule'),
),
+ StrEnum('ipadefaultkrbauthzdata*',
+ cli_name='pac_type',
+ label=_('PAC type'),
+ doc=_('Default types of PAC for new services'),
+ values=(u'MS-PAC', u'UNIX-PAC'),
+ csv=True,
+ ),
)
def get_dn(self, *keys, **kwargs):
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 60035bf6d8d53a498c6565fef6d3097a85263d20..33453f42e1e973d3659dce594d37634c6f9b3f9e 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -23,7 +23,7 @@ import base64
import os
from ipalib import api, errors, util
-from ipalib import Str, Flag, Bytes
+from ipalib import Str, Flag, Bytes, StrEnum
from ipalib.plugins.baseldap import *
from ipalib import x509
from ipalib import _, ngettext
@@ -223,8 +223,9 @@ class service(LDAPObject):
'krbprincipal', 'krbprincipalaux', 'krbticketpolicyaux', 'ipaobject',
'ipaservice', 'pkiuser', 'ipakrbprincipal'
]
- search_attributes = ['krbprincipalname', 'managedby']
- default_attributes = ['krbprincipalname', 'usercertificate', 'managedby']
+ search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata']
+ default_attributes = ['krbprincipalname', 'usercertificate', 'managedby',
+ 'ipakrbauthzdata',]
uuid_attribute = 'ipauniqueid'
attribute_members = {
'managedby': ['host'],
@@ -251,7 +252,14 @@ class service(LDAPObject):
label=_('Certificate'),
doc=_('Base-64 encoded server certificate'),
flags=['no_search',],
- )
+ ),
+ StrEnum('ipakrbauthzdata*',
+ cli_name='pac_type',
+ label=_('PAC type'),
+ doc=_('Types of PAC this service supports'),
+ values=(u'MS-PAC', u'UNIX-PAC'),
+ csv=True,
+ ),
)
api.register(service)
@@ -291,7 +299,12 @@ class service_add(LDAPCreate):
# don't exist in DNS.
util.validate_host_dns(self.log, hostname)
if not 'managedby' in entry_attrs:
- entry_attrs['managedby'] = hostresult['dn']
+ entry_attrs['managedby'] = hostresult['dn']
+ if 'ipakrbauthzdata' not in entry_attrs:
+ config = ldap.get_ipa_config()[1]
+ default_pac_type = config.get('ipadefaultkrbauthzdata', [])
+ if default_pac_type:
+ entry_attrs['ipakrbauthzdata'] = default_pac_type
# Enforce ipaKrbPrincipalAlias to aid case-insensitive searches
# as krbPrincipalName/krbCanonicalName are case-sensitive in Kerberos
diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py
index 69ef82e20dafdfed38669ec36c05a5055754b06c..efd52ed5fd7f50c72bfe8c5594fd96212c4a1799 100644
--- a/tests/test_xmlrpc/test_host_plugin.py
+++ b/tests/test_xmlrpc/test_host_plugin.py
@@ -611,6 +611,7 @@ class test_host(Declarative):
krbprincipalname=[service1],
objectclass=objectclasses.service,
managedby_host=[fqdn1],
+ ipakrbauthzdata=[u'MS-PAC'],
ipauniqueid=[fuzzy_uuid],
),
),
diff --git a/tests/test_xmlrpc/test_service_plugin.py b/tests/test_xmlrpc/test_service_plugin.py
index 5f089fbbb9099761a4552e0df83a3700b452d7df..28c6bb663429e2ca0336d9597d3d386c1c8d6da5 100644
--- a/tests/test_xmlrpc/test_service_plugin.py
+++ b/tests/test_xmlrpc/test_service_plugin.py
@@ -179,6 +179,7 @@ class test_service(Declarative):
krbprincipalname=[service1],
objectclass=objectclasses.service,
ipauniqueid=[fuzzy_uuid],
+ ipakrbauthzdata=[u'MS-PAC'],
managedby_host=[fqdn1],
),
),
@@ -207,6 +208,7 @@ class test_service(Declarative):
dn=lambda x: DN(x) == service1dn,
krbprincipalname=[service1],
has_keytab=False,
+ ipakrbauthzdata=[u'MS-PAC'],
managedby_host=[fqdn1],
),
),
@@ -226,6 +228,7 @@ class test_service(Declarative):
objectclass=objectclasses.service,
ipauniqueid=[fuzzy_uuid],
managedby_host=[fqdn1],
+ ipakrbauthzdata=[u'MS-PAC'],
has_keytab=False
),
),
@@ -244,6 +247,7 @@ class test_service(Declarative):
dn=lambda x: DN(x) == service1dn,
krbprincipalname=[service1],
managedby_host=[fqdn1],
+ ipakrbauthzdata=[u'MS-PAC'],
has_keytab=False,
),
],
@@ -265,6 +269,7 @@ class test_service(Declarative):
ipakrbprincipalalias=[service1],
objectclass=objectclasses.service,
ipauniqueid=[fuzzy_uuid],
+ ipakrbauthzdata=[u'MS-PAC'],
has_keytab=False,
managedby_host=[fqdn1],
),
@@ -282,6 +287,7 @@ class test_service(Declarative):
result=dict(
dn=lambda x: DN(x) == service1dn,
krbprincipalname=[service1],
+ ipakrbauthzdata=[u'MS-PAC'],
managedby_host=[fqdn1],
),
),
@@ -297,6 +303,7 @@ class test_service(Declarative):
result=dict(
dn=lambda x: DN(x) == service1dn,
krbprincipalname=[service1],
+ ipakrbauthzdata=[u'MS-PAC'],
managedby_host=[fqdn1],
),
),
@@ -312,6 +319,7 @@ class test_service(Declarative):
result=dict(
dn=lambda x: DN(x) == service1dn,
krbprincipalname=[service1],
+ ipakrbauthzdata=[u'MS-PAC'],
managedby_host=[fqdn1, fqdn2],
),
),
@@ -327,6 +335,7 @@ class test_service(Declarative):
result=dict(
dn=lambda x: DN(x) == service1dn,
krbprincipalname=[service1],
+ ipakrbauthzdata=[u'MS-PAC'],
managedby_host=[fqdn1],
),
),
@@ -342,6 +351,7 @@ class test_service(Declarative):
result=dict(
dn=lambda x: DN(x) == service1dn,
krbprincipalname=[service1],
+ ipakrbauthzdata=[u'MS-PAC'],
managedby_host=[fqdn1, fqdn3.lower()],
),
),
@@ -357,6 +367,7 @@ class test_service(Declarative):
result=dict(
dn=lambda x: DN(x) == service1dn,
krbprincipalname=[service1],
+ ipakrbauthzdata=[u'MS-PAC'],
managedby_host=[fqdn1],
),
),
@@ -381,6 +392,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
+ ipakrbauthzdata=[u'MS-PAC'],
managedby_host=[fqdn1],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
@@ -408,6 +420,7 @@ class test_service(Declarative):
krbprincipalname=[service1],
has_keytab=False,
managedby_host=[fqdn1],
+ ipakrbauthzdata=[u'MS-PAC'],
# These values come from the servercert that is in this
# test case.
valid_not_before=fuzzy_date,
--
1.7.10.2
More information about the Freeipa-devel
mailing list