[Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
Jan Cholasta
jcholast at redhat.com
Mon Jun 6 11:29:51 UTC 2016
On 6.6.2016 13:22, Martin Basti wrote:
>
>
> On 06.06.2016 13:14, Alexander Bokovoy wrote:
>> On Mon, 06 Jun 2016, Martin Basti wrote:
>>>
>>>
>>> On 06.06.2016 12:36, Alexander Bokovoy wrote:
>>>> Hi,
>>>>
>>>> MS-ADTS spec requires that TrustPartner field should be equal to the
>>>> commonName (cn) of the trust. We used it a bit wrongly to express
>>>> trust relationship between parent and child domains. In fact, we
>>>> have parent-child relationship recorded in the DN (child domains
>>>> are part of the parent domain's container).
>>>>
>>>> Remove the argument that was never used externally but only supplied by
>>>> trust-specific code inside the IPA framework.
>>>>
>>>> Part of https://fedorahosted.org/freeipa/ticket/5354
>>>>
>>>>
>>>>
>>>
>>> Hello, how is handled backward compatibility here, you just removes
>>> the option from API, without any additional logic for older clients.
>> This is not used by the external clients at all. It is part of internal
>> logic of the code in trust.py+com.redhat.trust.fetch-domains which
>> always talk to the same server they are running on.
>>
>> @register()
>> class trustdomain_add(LDAPCreate):
>> __doc__ = _('Allow access from the trusted domain')
>> NO_CLI = True
>>
>>
>
> Yes sorry, not old IPA clients, but it was part of API, shown in API
> browser, and since this was in API, it is set to stone. So If you think
> that it is safe to be removed and nobody can hit this, I'm okay for
> removing that option. Maybe we should at least wrote it to release notes
> (I'll let Honza to express his feelings as API versioning/compatibility
> sensei)
IMHO it is safe to remove.
>
> And you forgot to increment api version in VERSION file
>
> Martin^2
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list