From 157831a287c64106eed4da4ace5228d7e369ae2f Mon Sep 17 00:00:00 2001
From: David Kupka <dkupka@redhat.com>
Date: Mon, 10 Apr 2017 13:11:13 +0200
Subject: [PATCH] WebUI: cert login: Configure name of parameter used to pass
 username

Directive LookupUserByCertificateParamName tells mod_lookup_identity module the
name of GET parameter that is used to provide username in case certificate is
mapped to multiple user accounts.
Without this directive login with certificate that's mapped to multiple users
doesn't work.

https://pagure.io/freeipa/issue/6860

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
---
 install/conf/ipa.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index e1f1a581b..75c122e6c 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -117,6 +117,7 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login"
   NSSVerifyClient require
   NSSUserName SSL_CLIENT_CERT
   LookupUserByCertificate On
+  LookupUserByCertificateParamName "username"
   WSGIProcessGroup ipa
   WSGIApplicationGroup ipa
   GssapiImpersonate On