[Freeipa-devel] [PATCH 0030] Require rid-base and secondary-rid-base options in idrange-add when trust exists

[Tomas Babej]

On 06/21/2013 03:38 PM, Ana Krivokapic wrote:
> On 06/21/2013 02:39 PM, Tomas Babej wrote:
>> On 06/12/2013 07:06 PM, Ana Krivokapic wrote:
>>> On 06/11/2013 06:44 PM, Alexander Bokovoy wrote:
>>>> On Tue, 11 Jun 2013, Martin Kosek wrote:
>>>>>>> 2) Is the used ldapsearch really the best way to find out if Trust is
>>>>>>> configured on a given master? Isn't a search in cn=masters,cn=ipa,...
>>>>>>> better?
>>>>>>> Alexander?
>>>>>> What would the search in cn=masters,cn=ipa,.. give?
>>>>>>
>>>>>> We can have multiple CIFS services per realm. However, only those in
>>>>>> 'adtrust agents' group are the ones which are real DCs. And since
>>>>>> membership in the group is not handled via framework or UI, it is clear
>>>>>> indication that ipa-adtrust-install was run.
>>>>> It would say if there as an appropriate service configured by
>>>>> ipa-adtrust-install. In this case,
>>>>> "cn=ADTRUST,cn=FQDN,cn=masters,cn=ipa,cn=etc,SUFFIX. I am asking because this
>>>>> is a standard way in FreeIPA to ask for configured services.
>>>>>
>>>>> If that does not work for Trust, then your alternative way should be OK too.
>>>> This would work for making sure that ipa-adtrust-install was run on a
>>>> specific server. It will not work for making sure trusts are enabled
>>>> but in this case we only need to know that we have configured the host
>>>> to be a DC so your approach is fine.
>>>>
>>>> I'm fine to use this approach, somehow it slipped out of my view when we
>>>> discussed it with Ana..
>>>>
>>>>
>>> I amended the name of the new command to 'adtrust_is_enabled'. I also simplified
>>> the LDAP search used in the command, as suggested by Martin and Alexander.
>>>
>>> Updated patch is attached.
>>>
>> Can you please rebase the patch? I think tests -> ipatests change is the
>> culprit here.
>>
>> Tomas
> Sure, rebased patch is attached.
>
ACK

Tomas