[Freeipa-devel] [PATCH 0440] Fix broken trust warnings

Martin Basti mbasti at redhat.com
Wed Mar 16 12:52:13 UTC 2016 


On 16.03.2016 13:45, Alexander Bokovoy wrote:
> On Wed, 16 Mar 2016, Martin Basti wrote:
>>
>>
>> On 16.03.2016 13:32, Martin Basti wrote:
>>>
>>>
>>> On 16.03.2016 13:32, Alexander Bokovoy wrote:
>>>> On Wed, 16 Mar 2016, Martin Basti wrote:
>>>>>
>>>>>
>>>>> On 15.03.2016 16:40, Martin Basti wrote:
>>>>>> https://fedorahosted.org/freeipa/ticket/5737
>>>>>>
>>>>>> Patch attached.
>>>>>>
>>>>>>
>>>>> Sekf NACK,
>>>>>
>>>>> fix should be just oneliner, I found out that domain are stored 
>>>>> hierarchically so extra finding of parents zone is needed.
>>>> you meant 'not needed', I'd guess.
>>>>
>>> Yes, I meant that, sorry :)
>>>
>>
>> Updated patch attached.
>
>> From 74c55e5048af4b582469b1668a9dd592f868cf4b Mon Sep 17 00:00:00 2001
>> From: Martin Basti <mbasti at redhat.com>
>> Date: Wed, 16 Mar 2016 13:41:51 +0100
>> Subject: [PATCH] Fix broken trust warnings
>>
>> Warning should be shown only for parent entries of trust domain. Sub
>> domains do not contain SIDs at all.
>>
>> https://fedorahosted.org/freeipa/ticket/5737
>> ---
>> ipalib/plugins/trust.py | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
>> index 
>> ba0c98e2f3711924dace395b7becf2977ca8e35c..7d815fd6118586a4a75a1eeff7457103fe4c331c 
>> 100644
>> --- a/ipalib/plugins/trust.py
>> +++ b/ipalib/plugins/trust.py
>> @@ -597,7 +597,9 @@ class trust(LDAPObject):
>>
>>         try:
>>             entries, truncated = ldap.find_entries(
>> -                base_dn=DN(self.container_dn, self.api.env.basedn),
>> +                base_dn=DN(self.api.env.container_adtrusts,
>> +                           self.api.env.basedn),
>> +                scope=ldap.SCOPE_ONELEVEL,
>>                 attrs_list=['cn'],
>>                 filter='(&(ipaNTTrustPartner=*)'
>>                        '(!(ipaNTSecurityIdentifier=*)))',
>
> ACK if you change the commit message to say that subdomains do not
> contain ipaNTSecurityIdentifier attribute.
>
Thanks, changed

Pushed to:
master: de8c6d81fd5d0f759ac0201e2c517bcb8b43d960
ipa-4-3: 1e0208612087e80f673e7ec1f8e050b57b5f1fb7
ipa-4-2: fb11384e65d74b6a027bf8cfe9f93e003bba5236

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0440.3-Fix-broken-trust-warnings.patch
Type: text/x-patch
Size: 1171 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160316/6d3be7c6/attachment.bin>

More information about the Freeipa-devel mailing list