From 5ac1c55462297d4458d07a6ff9941170056216ef Mon Sep 17 00:00:00 2001
From: David Kupka <dkupka@redhat.com>
Date: Mon, 10 Apr 2017 13:11:13 +0200
Subject: [PATCH] WebUI: cert login: Configure name of parameter used to pass
 username

Directive LookupUserByCertificateParamName tells mod_lookup_identity module the
name of GET parameter that is used to provide username in case certificate is
mapped to multiple user accounts.
Without this directive login with certificate that's mapped to multiple users
doesn't work.

https://pagure.io/freeipa/issue/6860

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
---
 install/conf/ipa.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index e1f1a581b4e8a91b899bcf165ca81f266fa9e516..75c122e6c94b941c278d724add84315753082531 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -117,6 +117,7 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login"
   NSSVerifyClient require
   NSSUserName SSL_CLIENT_CERT
   LookupUserByCertificate On
+  LookupUserByCertificateParamName "username"
   WSGIProcessGroup ipa
   WSGIApplicationGroup ipa
   GssapiImpersonate On
-- 
2.9.3