[Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
Martin Basti
mbasti at redhat.com
Thu Jun 9 19:10:42 UTC 2016
On 09.06.2016 17:56, Martin Babinsky wrote:
> On 06/06/2016 01:37 PM, Alexander Bokovoy wrote:
>> On Mon, 06 Jun 2016, Jan Cholasta wrote:
>>> On 6.6.2016 13:22, Martin Basti wrote:
>>>>
>>>>
>>>> On 06.06.2016 13:14, Alexander Bokovoy wrote:
>>>>> On Mon, 06 Jun 2016, Martin Basti wrote:
>>>>>>
>>>>>>
>>>>>> On 06.06.2016 12:36, Alexander Bokovoy wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> MS-ADTS spec requires that TrustPartner field should be equal to
>>>>>>> the
>>>>>>> commonName (cn) of the trust. We used it a bit wrongly to express
>>>>>>> trust relationship between parent and child domains. In fact, we
>>>>>>> have parent-child relationship recorded in the DN (child domains
>>>>>>> are part of the parent domain's container).
>>>>>>>
>>>>>>> Remove the argument that was never used externally but only
>>>>>>> supplied by
>>>>>>> trust-specific code inside the IPA framework.
>>>>>>>
>>>>>>> Part of https://fedorahosted.org/freeipa/ticket/5354
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Hello, how is handled backward compatibility here, you just removes
>>>>>> the option from API, without any additional logic for older clients.
>>>>> This is not used by the external clients at all. It is part of
>>>>> internal
>>>>> logic of the code in trust.py+com.redhat.trust.fetch-domains which
>>>>> always talk to the same server they are running on.
>>>>>
>>>>> @register()
>>>>> class trustdomain_add(LDAPCreate):
>>>>> __doc__ = _('Allow access from the trusted domain')
>>>>> NO_CLI = True
>>>>>
>>>>>
>>>>
>>>> Yes sorry, not old IPA clients, but it was part of API, shown in API
>>>> browser, and since this was in API, it is set to stone. So If you
>>>> think
>>>> that it is safe to be removed and nobody can hit this, I'm okay for
>>>> removing that option. Maybe we should at least wrote it to release
>>>> notes
>>>> (I'll let Honza to express his feelings as API
>>>> versioning/compatibility
>>>> sensei)
>>>
>>> IMHO it is safe to remove.
>>>
>>>>
>>>> And you forgot to increment api version in VERSION file
>> Updated patch attached, with a VERSION change.
>>
>>
>>
> ACK
>
Is there any ticket for this?
Martin^2
More information about the Freeipa-devel
mailing list