[Freeipa-devel] [PATCH] 0144: trust: make sure we always discover topology of the forest trust
Alexander Bokovoy
abokovoy at redhat.com
Thu Feb 27 11:48:42 UTC 2014
Thanks to Martin for noticing we had been fetching information about
subdomains only in case there is algorithmic ID mapping in use. Instead,
we should always fetch the subdomains but create new ranges only for
algorithmic case.
https://fedorahosted.org/freeipa/ticket/4205
--
/ Alexander Bokovoy
-------------- next part --------------
>From f2cca17e5e9fa601934cc2b1bbae984b81195adb Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Thu, 27 Feb 2014 13:43:17 +0200
Subject: [PATCH 8/8] trust: make sure we always discover topology of the
forest trust
Even though we are creating idranges for subdomains only in case
there is algorithmic ID mapping in use, we still need to fetch
list of subdomains for all other cases.
https://fedorahosted.org/freeipa/ticket/4205
---
ipalib/plugins/trust.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index bd71253..ed91dac 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -458,13 +458,15 @@ sides.
result['result'] = entry_to_dict(trusts[0][1], **options)
+ # Fetch topology of the trust forest -- we need always to do it
+ # for AD trusts, regardless of the type of idranges associated with it
+ if options.get('trust_type') == u'ad':
+ domains = fetch_domains_from_trust(self, self.trustinstance,
+ result['result'], **options)
# For AD trusts with algorithmic mapping, we need to add a separate
# range for each subdomain.
if (options.get('trust_type') == u'ad' and
created_range_type != u'ipa-ad-trust-posix'):
-
- domains = fetch_domains_from_trust(self, self.trustinstance,
- result['result'], **options)
if domains and len(domains) > 0:
for dom in domains:
range_name = dom['cn'][0].upper() + '_id_range'
--
1.8.3.1
More information about the Freeipa-devel
mailing list