<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 06/06/2013 04:04 PM, Tomas Babej
wrote:<br>
</div>
<blockquote cite="mid:51B09703.9080801@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 05/31/2013 07:35 PM, Ana
Krivokapic wrote:<br>
</div>
<blockquote cite="mid:51A8DF79.9070700@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 05/28/2013 04:49 PM, Ana
Krivokapic wrote:<br>
</div>
<blockquote cite="mid:51A4C406.5000206@redhat.com" type="cite">
<pre wrap="">Hello,
This patch addresses <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/3634">https://fedorahosted.org/freeipa/ticket/3634</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
<br>
This updated patch applies on top of tbabej's patches 0053-0055.<br>
<br>
As suggested by Tomáš (<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://www.redhat.com/archives/freeipa-devel/2013-May/msg00352.html">https://www.redhat.com/archives/freeipa-devel/2013-May/msg00352.html</a>),
I refactored support of "mock" LDAP objects to tests/util, and
modified test_range_plugin and test_cli to use it.<br>
<pre class="moz-signature" cols="80">--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
I looked thoroughly at the issue here..<br>
<br>
The ticket is a little bit confusing about that, but you need to
require primary/secondary rid base for the range after
ipa-adtrust-install has been run.<br>
<br>
Currently, the way your patch works, the bases are required only
if at least one trust exists.<br>
<br>
[root@vm-002 labtool]# ipa-adtrust-install<br>
<br>
The log file for this installation can be found in
/var/log/ipaserver-install.log<br>
[snip]<br>
Setup complete<br>
[snip]<br>
<br>
[root@vm-002 labtool]# ipa idrange-add local<br>
First Posix ID of the range: 10<br>
Number of IDs in the range: 20<br>
----------------------<br>
Added ID range "local"<br>
----------------------<br>
Range name: local<br>
First Posix ID of the range: 10<br>
Number of IDs in the range: 20<br>
Range type: local domain range<br>
<br>
After adding the trust, everything works ok:<br>
<br>
[root@vm-002 labtool]# ipa trust-find<br>
---------------<br>
1 trust matched<br>
---------------<br>
Realm name: test<br>
Domain NetBIOS name: TEST<br>
Domain Security Identifier:
S-1-5-21-259319770-2312917334-591429603<br>
Trust type: Active Directory domain<br>
<br>
[root@vm-002 labtool]# ipa idrange-add local<br>
First Posix ID of the range: 10<br>
Number of IDs in the range: 10<br>
First RID of the corresponding RID range: 10<br>
First RID of the secondary RID range: 20<br>
----------------------<br>
Added ID range "local"<br>
----------------------<br>
Range name: local<br>
First Posix ID of the range: 10<br>
Number of IDs in the range: 10<br>
First RID of the corresponding RID range: 10<br>
First RID of the secondary RID range: 20<br>
Range type: local domain range<br>
<br>
We should require for primary/secondary rid base after
ipa-adtrust-install has been run even if no trust is established.<br>
<br>
Tomas<br>
</blockquote>
<br>
This patch introduces a new command which can be used to determine
if <br>
ipa-adtrust-install has been run on the system.<br>
<br>
Tests have been amended accordingly.<br>
<br>
This patch applies on top of tbabej's patches 70 & 71.<br>
<br>
<pre class="moz-signature" cols="80">--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.</pre>
</body>
</html>