[Freeipa-devel] [PATCH 0030] Require rid-base and secondary-rid-base options in idrange-add when trust exists
Tomas Babej
tbabej at redhat.com
Fri Jun 21 12:39:22 UTC 2013
On 06/12/2013 07:06 PM, Ana Krivokapic wrote:
> On 06/11/2013 06:44 PM, Alexander Bokovoy wrote:
>> On Tue, 11 Jun 2013, Martin Kosek wrote:
>>>>> 2) Is the used ldapsearch really the best way to find out if Trust is
>>>>> configured on a given master? Isn't a search in cn=masters,cn=ipa,... better?
>>>>> Alexander?
>>>> What would the search in cn=masters,cn=ipa,.. give?
>>>>
>>>> We can have multiple CIFS services per realm. However, only those in
>>>> 'adtrust agents' group are the ones which are real DCs. And since
>>>> membership in the group is not handled via framework or UI, it is clear
>>>> indication that ipa-adtrust-install was run.
>>> It would say if there as an appropriate service configured by
>>> ipa-adtrust-install. In this case,
>>> "cn=ADTRUST,cn=FQDN,cn=masters,cn=ipa,cn=etc,SUFFIX. I am asking because this
>>> is a standard way in FreeIPA to ask for configured services.
>>>
>>> If that does not work for Trust, then your alternative way should be OK too.
>> This would work for making sure that ipa-adtrust-install was run on a
>> specific server. It will not work for making sure trusts are enabled
>> but in this case we only need to know that we have configured the host
>> to be a DC so your approach is fine.
>>
>> I'm fine to use this approach, somehow it slipped out of my view when we
>> discussed it with Ana..
>>
>>
> I amended the name of the new command to 'adtrust_is_enabled'. I also simplified
> the LDAP search used in the command, as suggested by Martin and Alexander.
>
> Updated patch is attached.
>
Can you please rebase the patch? I think tests -> ipatests change is the
culprit here.
Tomas
More information about the Freeipa-devel
mailing list