[Freeipa-devel] [PATCH 1/1] Resolve external members from trusted domain via Global Catalog
Simo Sorce
simo at redhat.com
Thu Nov 1 19:48:17 UTC 2012
On Wed, 2012-10-31 at 22:52 +0200, Alexander Bokovoy wrote:
> A sequence is following:
> 1. Match external member against existing trusted domain
> 2. Find trusted domain's domain controller and preferred GC hosts
> 3. Fetch trusted domain account auth info
> 4. Set up ccache in /var/run/ipa_memcached/krb5cc_TD<domain> with
> principal ourdomain$@trusted.domain
> 5. Do LDAP SASL interactive bind using the ccache
> 6. Search for the member's SID
> 7. Decode SID
> 8. Replace external member name by SID
> ---
> ipalib/plugins/group.py | 32 ++++---
> ipalib/plugins/trust.py | 17 ++--
> ipaserver/dcerpc.py | 233
> +++++++++++++++++++++++++++++++++++++++++++++++-
> 3 files changed, 257 insertions(+), 25 deletions(-)
>
>
Ack!
Pushed to master and ipa-3-0
Thanks a lot!
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list