[Freeipa-devel] [PATCH 0359] adtrust-install: Correctly determine 4.2 FreeIPA servers
Alexander Bokovoy
abokovoy at redhat.com
Tue Aug 11 14:58:11 UTC 2015
On Tue, 11 Aug 2015, Tomas Babej wrote:
>Hi,
>
> We need to detect a list of FreeIPA 4.2 (and above) servers, since
>only there is the required version of SSSD present.
>
>Since the maximum domain level for 4.2 is 0 (and not 1), we can filter
>for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes
>to generate the list.
>
>https://fedorahosted.org/freeipa/ticket/5199
>From 31bf121e4603bc1287eac88653ff48198c2f69c3 Mon Sep 17 00:00:00 2001
>From: Tomas Babej <tbabej at redhat.com>
>Date: Tue, 11 Aug 2015 16:05:32 +0200
>Subject: [PATCH] adtrust-install: Correctly determine 4.2 FreeIPA servers
>
>We need to detect a list of FreeIPA 4.2 (and above) servers, since
>only there is the required version of SSSD present.
>
>Since the maximum domain level for 4.2 is 0 (and not 1), we can filter
>for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes
>to generate the list.
>
>https://fedorahosted.org/freeipa/ticket/5199
>---
> install/tools/ipa-adtrust-install | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
>index 5340c31d16ed78da0cb39725d9ae93c76470b698..21e58dd9f25e82429ce8d0c776d1b512c2661809 100755
>--- a/install/tools/ipa-adtrust-install
>+++ b/install/tools/ipa-adtrust-install
>@@ -396,7 +396,7 @@ def main():
> # Search only masters which have support for domain levels
> # because only these masters will have SSSD recent enough to support AD trust agents
> (entries_m, truncated) = smb.admin_conn.find_entries(
>- filter="(&(objectclass=ipaSupportedDomainLevelConfig)(!(ipaMaxDomainLevel=0)))",
>+ filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))",
> base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL)
> except errors.NotFound:
> pass
ACK. I tested a manual version of this patch in the morning.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list