[Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
Martin Basti
mbasti at redhat.com
Mon Jun 6 11:22:49 UTC 2016
On 06.06.2016 13:14, Alexander Bokovoy wrote:
> On Mon, 06 Jun 2016, Martin Basti wrote:
>>
>>
>> On 06.06.2016 12:36, Alexander Bokovoy wrote:
>>> Hi,
>>>
>>> MS-ADTS spec requires that TrustPartner field should be equal to the
>>> commonName (cn) of the trust. We used it a bit wrongly to express
>>> trust relationship between parent and child domains. In fact, we
>>> have parent-child relationship recorded in the DN (child domains
>>> are part of the parent domain's container).
>>>
>>> Remove the argument that was never used externally but only supplied by
>>> trust-specific code inside the IPA framework.
>>>
>>> Part of https://fedorahosted.org/freeipa/ticket/5354
>>>
>>>
>>>
>>
>> Hello, how is handled backward compatibility here, you just removes
>> the option from API, without any additional logic for older clients.
> This is not used by the external clients at all. It is part of internal
> logic of the code in trust.py+com.redhat.trust.fetch-domains which
> always talk to the same server they are running on.
>
> @register()
> class trustdomain_add(LDAPCreate):
> __doc__ = _('Allow access from the trusted domain')
> NO_CLI = True
>
>
Yes sorry, not old IPA clients, but it was part of API, shown in API
browser, and since this was in API, it is set to stone. So If you think
that it is safe to be removed and nobody can hit this, I'm okay for
removing that option. Maybe we should at least wrote it to release notes
(I'll let Honza to express his feelings as API versioning/compatibility
sensei)
And you forgot to increment api version in VERSION file
Martin^2
More information about the Freeipa-devel
mailing list