[Freeipa-devel] [PATCH 0030] Require rid-base and secondary-rid-base options in idrange-add when trust exists

Ana Krivokapic akrivoka at redhat.com
Wed Jun 12 17:06:50 UTC 2013


On 06/11/2013 06:44 PM, Alexander Bokovoy wrote:
> On Tue, 11 Jun 2013, Martin Kosek wrote:
>>>> 2) Is the used ldapsearch really the best way to find out if Trust is
>>>> configured on a given master? Isn't a search in cn=masters,cn=ipa,... better?
>>>> Alexander?
>>> What would the search in cn=masters,cn=ipa,.. give?
>>>
>>> We can have multiple CIFS services per realm. However, only those in
>>> 'adtrust agents' group are the ones which are real DCs. And since
>>> membership in the group is not handled via framework or UI, it is clear
>>> indication that ipa-adtrust-install was run.
>>
>> It would say if there as an appropriate service configured by
>> ipa-adtrust-install. In this case,
>> "cn=ADTRUST,cn=FQDN,cn=masters,cn=ipa,cn=etc,SUFFIX. I am asking because this
>> is a standard way in FreeIPA to ask for configured services.
>>
>> If that does not work for Trust, then your alternative way should be OK too.
> This would work for making sure that ipa-adtrust-install was run on a
> specific server. It will not work for making sure trusts are enabled
> but in this case we only need to know that we have configured the host
> to be a DC so your approach is fine.
>
> I'm fine to use this approach, somehow it slipped out of my view when we
> discussed it with Ana..
>
>

I amended the name of the new command to 'adtrust_is_enabled'. I also simplified
the LDAP search used in the command, as suggested by Martin and Alexander.

Updated patch is attached.

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-akrivoka-0030-04-Require-rid-base-and-secondary-rid-base-in-idrange-a.patch
Type: text/x-patch
Size: 16149 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130612/73fa0d77/attachment.bin>


More information about the Freeipa-devel mailing list