[Freeipa-devel] [PATCH 0030] Require rid-base and secondary-rid-base options in idrange-add when trust exists
Alexander Bokovoy
abokovoy at redhat.com
Tue Jun 11 16:44:57 UTC 2013
On Tue, 11 Jun 2013, Martin Kosek wrote:
>>> 2) Is the used ldapsearch really the best way to find out if Trust is
>>> configured on a given master? Isn't a search in cn=masters,cn=ipa,... better?
>>> Alexander?
>> What would the search in cn=masters,cn=ipa,.. give?
>>
>> We can have multiple CIFS services per realm. However, only those in
>> 'adtrust agents' group are the ones which are real DCs. And since
>> membership in the group is not handled via framework or UI, it is clear
>> indication that ipa-adtrust-install was run.
>
>It would say if there as an appropriate service configured by
>ipa-adtrust-install. In this case,
>"cn=ADTRUST,cn=FQDN,cn=masters,cn=ipa,cn=etc,SUFFIX. I am asking because this
>is a standard way in FreeIPA to ask for configured services.
>
>If that does not work for Trust, then your alternative way should be OK too.
This would work for making sure that ipa-adtrust-install was run on a
specific server. It will not work for making sure trusts are enabled
but in this case we only need to know that we have configured the host
to be a DC so your approach is fine.
I'm fine to use this approach, somehow it slipped out of my view when we
discussed it with Ana..
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list