[Freeipa-devel] [PATCH 0030] Require rid-base and secondary-rid-base options in idrange-add when trust exists
Ana Krivokapic
akrivoka at redhat.com
Tue Jun 11 14:09:04 UTC 2013
On 06/06/2013 04:04 PM, Tomas Babej wrote:
> On 05/31/2013 07:35 PM, Ana Krivokapic wrote:
>> On 05/28/2013 04:49 PM, Ana Krivokapic wrote:
>>> Hello,
>>>
>>> This patch addresses https://fedorahosted.org/freeipa/ticket/3634
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> This updated patch applies on top of tbabej's patches 0053-0055.
>>
>> As suggested by Tomás(
>> (https://www.redhat.com/archives/freeipa-devel/2013-May/msg00352.html), I
>> refactored support of "mock" LDAP objects to tests/util, and modified
>> test_range_plugin and test_cli to use it.
>> --
>> Regards,
>>
>> Ana Krivokapic
>> Associate Software Engineer
>> FreeIPA team
>> Red Hat Inc.
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> I looked thoroughly at the issue here..
>
> The ticket is a little bit confusing about that, but you need to require
> primary/secondary rid base for the range after ipa-adtrust-install has been run.
>
> Currently, the way your patch works, the bases are required only if at least
> one trust exists.
>
> [root at vm-002 labtool]# ipa-adtrust-install
>
> The log file for this installation can be found in /var/log/ipaserver-install.log
> [snip]
> Setup complete
> [snip]
>
> [root at vm-002 labtool]# ipa idrange-add local
> First Posix ID of the range: 10
> Number of IDs in the range: 20
> ----------------------
> Added ID range "local"
> ----------------------
> Range name: local
> First Posix ID of the range: 10
> Number of IDs in the range: 20
> Range type: local domain range
>
> After adding the trust, everything works ok:
>
> [root at vm-002 labtool]# ipa trust-find
> ---------------
> 1 trust matched
> ---------------
> Realm name: test
> Domain NetBIOS name: TEST
> Domain Security Identifier: S-1-5-21-259319770-2312917334-591429603
> Trust type: Active Directory domain
>
> [root at vm-002 labtool]# ipa idrange-add local
> First Posix ID of the range: 10
> Number of IDs in the range: 10
> First RID of the corresponding RID range: 10
> First RID of the secondary RID range: 20
> ----------------------
> Added ID range "local"
> ----------------------
> Range name: local
> First Posix ID of the range: 10
> Number of IDs in the range: 10
> First RID of the corresponding RID range: 10
> First RID of the secondary RID range: 20
> Range type: local domain range
>
> We should require for primary/secondary rid base after ipa-adtrust-install has
> been run even if no trust is established.
>
> Tomas
This patch introduces a new command which can be used to determine if
ipa-adtrust-install has been run on the system.
Tests have been amended accordingly.
This patch applies on top of tbabej's patches 70 & 71.
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130611/4b81dfa7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-akrivoka-0030-03-Require-rid-base-and-secondary-rid-base-in-idrange-a.patch
Type: text/x-patch
Size: 16841 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130611/4b81dfa7/attachment.bin>
More information about the Freeipa-devel
mailing list