[Freeipa-devel] [PATCH 0131] [PATCH 131/132] trusts: Do not pass base-id to the subdomain ranges
Alexander Bokovoy
abokovoy at redhat.com
Thu Nov 21 17:26:13 UTC 2013
On Thu, 21 Nov 2013, Tomas Babej wrote:
>Hi,
>
>this fixes
>
>https://fedorahosted.org/freeipa/ticket/4041
>
>--
>Tomas Babej
>Associate Software Engeneer | Red Hat | Identity Management
>RHCE | Brno Site | IRC: tbabej | freeipa.org
>
>
>From 97b0209a2e149ba6dd86ad9998f8e37e60014c3d Mon Sep 17 00:00:00 2001
>From: Tomas Babej <tomasbabej at gmail.com>
>Date: Thu, 21 Nov 2013 14:44:42 +0100
>Subject: [PATCH 131/132] trusts: Do not pass base-id to the subdomain ranges
>
>https://fedorahosted.org/freeipa/ticket/4041
>---
> ipalib/plugins/trust.py | 5 +++++
> 1 file changed, 5 insertions(+)
>
>diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
>index 32a93834394273c9f896ff5fd17bfcc753fe7b8e..5ba0905030c700c7f63003eef25891c52330934b 100644
>--- a/ipalib/plugins/trust.py
>+++ b/ipalib/plugins/trust.py
>@@ -375,6 +375,11 @@ sides.
> passed_options = options
> passed_options.update(range_type=created_range_type)
>
>+ # Do not pass the base id to the subdomains since it would
>+ # clash with the root level domain
>+ if 'base_id' in passed_options:
>+ del passed_options['base_id']
>+
> # Try to add the range for each subdomain
> try:
> self.add_range(range_name, dom_sid, *keys,
ACK.
Small comment that would probably be good to add to the commit message:
For trusted domains base id is calculated using a murmur3 hash of the
domain Security Identifier (SID). During trust-add we create ranges for
forest root domain and other forest domains. Since --base-id explicitly
overrides generated base id for forest root domain, its value should not
be passed to other forest domains' ranges -- their base ids must be
calculated based on their SIDs.
In case base id change for non-root forest domains is required, it can
be done manually through idrange-mod command after the trust is
established.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list