[Freeipa-devel] [PATCH] 0144: trust: make sure we always discover topology of the forest trust
Martin Kosek
mkosek at redhat.com
Thu Feb 27 12:33:06 UTC 2014
On 02/27/2014 12:48 PM, Alexander Bokovoy wrote:
> Thanks to Martin for noticing we had been fetching information about
> subdomains only in case there is algorithmic ID mapping in use. Instead,
> we should always fetch the subdomains but create new ranges only for
> algorithmic case.
>
> https://fedorahosted.org/freeipa/ticket/4205
>
This works fine for the trustdomain part. However, we still create too many ID
ranges:
# ipa idrange-find
----------------
3 ranges matched
----------------
Range name: CHILD.TBAD.EXAMPLE.COM_id_range
First Posix ID of the range: 161000000
Number of IDs in the range: 200000
First RID of the corresponding RID range: 0
Domain SID of the trusted domain: S-1-5-21-972585150-1048339146-1910910075
Range type: Active Directory domain range
Range name: IDM.LAB.BOS.REDHAT.COM_id_range
First Posix ID of the range: 1258600000
Number of IDs in the range: 200000
First RID of the corresponding RID range: 1000
First RID of the secondary RID range: 100000000
Range type: local domain range
Range name: TBAD.EXAMPLE.COM_id_range
First Posix ID of the range: 10000
Number of IDs in the range: 200000
First RID of the corresponding RID range: 0
Domain SID of the trusted domain: S-1-5-21-2997650941-1802118864-3094776726
Range type: Active Directory trust range with POSIX attributes
----------------------------
Number of entries returned 3
----------------------------
CHILD.TBAD.EXAMPLE.COM_id_range should not be here given this is a POSIX trust.
Martin
More information about the Freeipa-devel
mailing list