[Freeipa-devel] [PATCH 0357] trusts: Detect domain clash with IPA domain when adding a AD
Martin Babinsky
mbabinsk at redhat.com
Mon Aug 17 12:58:36 UTC 2015
On 08/06/2015 10:55 AM, Tomas Babej wrote:
> Hi,
>
> When IPA is deployed in the same domain as AD, trust-add fails since
> the names of the local domain and trusted domain ranges is the same
> - it's always DOMAIN.NAME_id_range.
>
> When adding a trusted domain, we look for previous ranges for
> this domain (which may have been left behind by previous trust
> attempts). Since AD and IPA are in the same domain, we find
> a local domain range, which does not have a SID.
>
> Detect such domain collisions early and bail out with an appropriate
> error message.
>
> https://fedorahosted.org/freeipa/ticket/4549
>
>
>
ACK
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list