[Freeipa-devel] [PATCH 0030] Require rid-base and secondary-rid-base options in idrange-add when trust exists
Alexander Bokovoy
abokovoy at redhat.com
Tue Jun 11 16:24:38 UTC 2013
On Tue, 11 Jun 2013, Martin Kosek wrote:
>> This patch introduces a new command which can be used to determine if
>> ipa-adtrust-install has been run on the system.
>>
>> Tests have been amended accordingly.
>>
>> This patch applies on top of tbabej's patches 70 & 71.
>
>Just 2 quick notes:
>
>1) I would like the commands to be consistent with other similar commands like
>"dns_is_enabled". This would lead to "adtrust_is_enabled".
I agree. Ideally we could have defined is-enabled command that would
have accepted a name and then checked if conditions were met to 'enable'
that one, but we already have dns_is_enabled.
>2) Is the used ldapsearch really the best way to find out if Trust is
>configured on a given master? Isn't a search in cn=masters,cn=ipa,... better?
>Alexander?
What would the search in cn=masters,cn=ipa,.. give?
We can have multiple CIFS services per realm. However, only those in
'adtrust agents' group are the ones which are real DCs. And since
membership in the group is not handled via framework or UI, it is clear
indication that ipa-adtrust-install was run.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list