pki-bot
commented
4 years ago Comment from mharmsen (@mharmsen) at 2015-11-02 22:03:38
Per CS/DS meeting of 11/02/2015: 10.4 - trivial
Open pki-bot opened 4 years ago
pki-bot
commented
4 years ago Comment from mharmsen (@mharmsen) at 2015-11-02 22:03:38
Per CS/DS meeting of 11/02/2015: 10.4 - trivial
pki-bot
commented
4 years ago Comment from dminnich (@dminnich) at 2017-02-27 14:08:43
Metadata Update from @dminnich:
This issue was migrated from Pagure Issue #1679. Originally filed by dminnich (@dminnich) on 2015-10-23 18:54:42:
The CA request pages show boxes like
Request Information Request ID: 83 Request Type: enrollment Request Status: pending Requestor Host: 10.64.40.177 Assigned To:
Creation Time: Wed Oct 21 06:44:58 UTC 2015 Modification Time: Wed Oct 21 06:44:58 UTC 2015
Certificate Profile Information Certificate Profile Id: caServerCert Approved By: admin Certificate Profile Name: Manual Server Certificate Enrollment Certificate Profile Description: This certificate profile is for enrolling server certificates.
An RFE was recently worked to include a link on the cert in the agent gui to a page that contains those same request boxes. We did this so we could gather more info about a certs origin, in particular the person who requested it. This works well, but if people don't fill in the Requestor Name field in the profile the info is understandingly blank.
LDAP contains all kinds of tasty info about these original request, especially if dir based auth was used.
9970005, ca, requests, ca
dn: cn=9970005,ou=ca,ou=requests,o=ca extdata-auth--005ftoken--002euid--005b0--005d: dminnich extdata-auth--005ftoken--002euserdn: uid=dminnich,ou=users extdata-authenticatedname: uid=dminnich,ou=users,dc=redhat,dc=com extdata-auth--005ftoken--002email--005b0--005d: whatever@redhat.com extdata-auth--005ftoken--002egroups--005b0--005d: cn=directory administrators, extdata-auth--005ftoken--002euserid: dminnich
Could we expose some of this stuff in the request pages as well? In particular I'm interested in uid/userid/userdn/authenticatedname. Any of those would work. Don't know what we might need in the future though. Clicking a button and seeing all the things even it was just an ugly text dump might be useful.