[Freeipa-devel] [PATCH 0440] Fix broken trust warnings
Alexander Bokovoy
abokovoy at redhat.com
Wed Mar 16 12:45:48 UTC 2016
On Wed, 16 Mar 2016, Martin Basti wrote:
>
>
>On 16.03.2016 13:32, Martin Basti wrote:
>>
>>
>>On 16.03.2016 13:32, Alexander Bokovoy wrote:
>>>On Wed, 16 Mar 2016, Martin Basti wrote:
>>>>
>>>>
>>>>On 15.03.2016 16:40, Martin Basti wrote:
>>>>>https://fedorahosted.org/freeipa/ticket/5737
>>>>>
>>>>>Patch attached.
>>>>>
>>>>>
>>>>Sekf NACK,
>>>>
>>>>fix should be just oneliner, I found out that domain are stored
>>>>hierarchically so extra finding of parents zone is needed.
>>>you meant 'not needed', I'd guess.
>>>
>>Yes, I meant that, sorry :)
>>
>
>Updated patch attached.
>From 74c55e5048af4b582469b1668a9dd592f868cf4b Mon Sep 17 00:00:00 2001
>From: Martin Basti <mbasti at redhat.com>
>Date: Wed, 16 Mar 2016 13:41:51 +0100
>Subject: [PATCH] Fix broken trust warnings
>
>Warning should be shown only for parent entries of trust domain. Sub
>domains do not contain SIDs at all.
>
>https://fedorahosted.org/freeipa/ticket/5737
>---
> ipalib/plugins/trust.py | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
>diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
>index ba0c98e2f3711924dace395b7becf2977ca8e35c..7d815fd6118586a4a75a1eeff7457103fe4c331c 100644
>--- a/ipalib/plugins/trust.py
>+++ b/ipalib/plugins/trust.py
>@@ -597,7 +597,9 @@ class trust(LDAPObject):
>
> try:
> entries, truncated = ldap.find_entries(
>- base_dn=DN(self.container_dn, self.api.env.basedn),
>+ base_dn=DN(self.api.env.container_adtrusts,
>+ self.api.env.basedn),
>+ scope=ldap.SCOPE_ONELEVEL,
> attrs_list=['cn'],
> filter='(&(ipaNTTrustPartner=*)'
> '(!(ipaNTSecurityIdentifier=*)))',
ACK if you change the commit message to say that subdomains do not
contain ipaNTSecurityIdentifier attribute.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list