[Freeipa-devel] Ticket 3994
Alexander Bokovoy
abokovoy at redhat.com
Thu Oct 24 05:01:12 UTC 2013
Hi!
I've committed one-liner fix to #3994, courtesy of Jakub Hrozek, who
found that we are using wrong grouping of the filter elements (OR
instead of AND) in the filter that defines trusted forest root domains.
Due to this bug multiple trusts were not properly shown in CLI.
Committed to master, ipa-3-3.
https://fedorahosted.org/freeipa/ticket/3994
--
/ Alexander Bokovoy
-------------- next part --------------
>From 150b84b95494bfbc62555c5d9d094045b4f8d72a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed, 23 Oct 2013 19:39:17 +0200
Subject: [PATCH] trusts: combine filters with AND to make sure only the
intended domain matches
---
ipalib/plugins/trust.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index af7bf33a184fb8e138db9dac7e9c860a776f8daf..0d651f8861446cf8d31eb1ea303237bcd2b73201 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -255,7 +255,8 @@ class trust(LDAPObject):
trust_type = kwargs.get('trust_type')
if trust_type is None:
ldap = self.backend
- filter = ldap.make_filter({'objectclass': ['ipaNTTrustedDomain'], 'cn': [keys[-1]]})
+ filter = ldap.make_filter({'objectclass': ['ipaNTTrustedDomain'], 'cn': [keys[-1]] },
+ rules=ldap.MATCH_ALL)
filter = ldap.combine_filters((filter, "ipaNTSIDBlacklistIncoming=*"), rules=ldap.MATCH_ALL)
try:
result = ldap.get_entries(DN(self.container_dn, self.env.basedn),
--
1.8.3.1
More information about the Freeipa-devel
mailing list