[Freeipa-devel] [PATCH 0357] trusts: Detect domain clash with IPA domain when adding a AD
Martin Basti
mbasti at redhat.com
Mon Aug 17 15:09:40 UTC 2015
On 08/17/2015 02:58 PM, Martin Babinsky wrote:
> On 08/06/2015 10:55 AM, Tomas Babej wrote:
>> Hi,
>>
>> When IPA is deployed in the same domain as AD, trust-add fails since
>> the names of the local domain and trusted domain ranges is the same
>> - it's always DOMAIN.NAME_id_range.
>>
>> When adding a trusted domain, we look for previous ranges for
>> this domain (which may have been left behind by previous trust
>> attempts). Since AD and IPA are in the same domain, we find
>> a local domain range, which does not have a SID.
>>
>> Detect such domain collisions early and bail out with an appropriate
>> error message.
>>
>> https://fedorahosted.org/freeipa/ticket/4549
>>
>>
>>
> ACK
>
Pushed to:
master: 9ce074b36a54a450c91ac0151c345481da120290
ipa-4-2: 5fd2a893e65ba6cc888de930f76b2e48ba460b8d
More information about the Freeipa-devel
mailing list