mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
c49320435d
A previous commit (ffb9a09a0d) removed the
definition of VERSION 2 in certmap.conf.template.
ipa-server-upgrade tool compares the template version with the version in
certmap.conf. As VERSION is not defined in either file, it concludes that
version = 0 for both and does not make a backup of certmap.conf even though
it prints that it will.
The fix re-defines VERSION in the template and adapts the code because the
template has changed (it is using $ISSUER_DN instead of
CN=Certificate Authority,$SUBJECT_BASE).
The fix also logs an error when a template file is not versioned.
https://fedorahosted.org/freeipa/ticket/6354
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
51 lines
1.7 KiB
Plaintext
51 lines
1.7 KiB
Plaintext
# VERSION 3 - DO NOT REMOVE THIS LINE
|
|
#
|
|
# This file is managed by IPA and will be overwritten on upgrades.
|
|
#
|
|
#
|
|
# This file configures how a certificate is mapped to an LDAP entry. See the
|
|
# documentation for more information on this file.
|
|
#
|
|
# The format of this file is as follows:
|
|
# certmap <name> <issuerDN>
|
|
# <name>:<prop1> [<val1>]
|
|
# <name>:<prop2> [<val2>]
|
|
#
|
|
# Notes:
|
|
#
|
|
# 1. Mapping can be defined per issuer of a certificate. If mapping doesn't
|
|
# exists for a particular 'issuerDN' then the server uses the default
|
|
# mapping.
|
|
#
|
|
# 2. There must be an entry for <name>=default and issuerDN "default".
|
|
# This mapping is the default mapping.
|
|
#
|
|
# 3. '#' can be used to comment out a line.
|
|
#
|
|
# 4. DNComps & FilterComps are used to form the base DN and filter resp. for
|
|
# performing an LDAP search while mapping the cert to a user entry.
|
|
#
|
|
# 5. DNComps can be one of the following:
|
|
# commented out - take the user's DN from the cert as is
|
|
# empty - search the entire LDAP tree (DN == suffix)
|
|
# attr names - a comma separated list of attributes to form DN
|
|
#
|
|
# 6. FilterComps can be one of the following:
|
|
# commented out - set the filter to "objectclass=*"
|
|
# empty - set the filter to "objectclass=*"
|
|
# attr names - a comma separated list of attributes to form the filter
|
|
#
|
|
|
|
certmap default default
|
|
#default:DNComps
|
|
#default:FilterComps e, uid
|
|
#default:verifycert on
|
|
#default:CmapLdapAttr certSubjectDN
|
|
#default:library <path_to_shared_lib_or_dll>
|
|
#default:InitFn <Init function's name>
|
|
default:DNComps
|
|
default:FilterComps uid
|
|
certmap ipaca $ISSUER_DN
|
|
ipaca:CmapLdapAttr seeAlso
|
|
ipaca:verifycert on
|