[Freeipa-devel] [PATCH 0030] Require rid-base and secondary-rid-base options in idrange-add when trust exists

Ana Krivokapic akrivoka at redhat.com
Fri Jun 21 13:38:44 UTC 2013 

On 06/21/2013 02:39 PM, Tomas Babej wrote:
> On 06/12/2013 07:06 PM, Ana Krivokapic wrote:
>> On 06/11/2013 06:44 PM, Alexander Bokovoy wrote:
>>> On Tue, 11 Jun 2013, Martin Kosek wrote:
>>>>>> 2) Is the used ldapsearch really the best way to find out if Trust is
>>>>>> configured on a given master? Isn't a search in cn=masters,cn=ipa,...
>>>>>> better?
>>>>>> Alexander?
>>>>> What would the search in cn=masters,cn=ipa,.. give?
>>>>>
>>>>> We can have multiple CIFS services per realm. However, only those in
>>>>> 'adtrust agents' group are the ones which are real DCs. And since
>>>>> membership in the group is not handled via framework or UI, it is clear
>>>>> indication that ipa-adtrust-install was run.
>>>> It would say if there as an appropriate service configured by
>>>> ipa-adtrust-install. In this case,
>>>> "cn=ADTRUST,cn=FQDN,cn=masters,cn=ipa,cn=etc,SUFFIX. I am asking because this
>>>> is a standard way in FreeIPA to ask for configured services.
>>>>
>>>> If that does not work for Trust, then your alternative way should be OK too.
>>> This would work for making sure that ipa-adtrust-install was run on a
>>> specific server. It will not work for making sure trusts are enabled
>>> but in this case we only need to know that we have configured the host
>>> to be a DC so your approach is fine.
>>>
>>> I'm fine to use this approach, somehow it slipped out of my view when we
>>> discussed it with Ana..
>>>
>>>
>> I amended the name of the new command to 'adtrust_is_enabled'. I also simplified
>> the LDAP search used in the command, as suggested by Martin and Alexander.
>>
>> Updated patch is attached.
>>
>
> Can you please rebase the patch? I think tests -> ipatests change is the
> culprit here.
>
> Tomas

Sure, rebased patch is attached.

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-akrivoka-0030-05-Require-rid-base-and-secondary-rid-base-in-idrange-a.patch
Type: text/x-patch
Size: 16202 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130621/58c759ff/attachment.bin>

More information about the Freeipa-devel mailing list