[Freeipa-devel] [PATCH 0030] Require rid-base and secondary-rid-base options in idrange-add when trust exists
Tomas Babej
tbabej at redhat.com
Thu Jun 6 14:04:51 UTC 2013
On 05/31/2013 07:35 PM, Ana Krivokapic wrote:
> On 05/28/2013 04:49 PM, Ana Krivokapic wrote:
>> Hello,
>>
>> This patch addresseshttps://fedorahosted.org/freeipa/ticket/3634
>>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> This updated patch applies on top of tbabej's patches 0053-0055.
>
> As suggested by Tomás(
> (https://www.redhat.com/archives/freeipa-devel/2013-May/msg00352.html), I
> refactored support of "mock" LDAP objects to tests/util, and modified
> test_range_plugin and test_cli to use it.
> --
> Regards,
>
> Ana Krivokapic
> Associate Software Engineer
> FreeIPA team
> Red Hat Inc.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
I looked thoroughly at the issue here..
The ticket is a little bit confusing about that, but you need to require
primary/secondary rid base for the range after ipa-adtrust-install has
been run.
Currently, the way your patch works, the bases are required only if at
least one trust exists.
[root at vm-002 labtool]# ipa-adtrust-install
The log file for this installation can be found in
/var/log/ipaserver-install.log
[snip]
Setup complete
[snip]
[root at vm-002 labtool]# ipa idrange-add local
First Posix ID of the range: 10
Number of IDs in the range: 20
----------------------
Added ID range "local"
----------------------
Range name: local
First Posix ID of the range: 10
Number of IDs in the range: 20
Range type: local domain range
After adding the trust, everything works ok:
[root at vm-002 labtool]# ipa trust-find
---------------
1 trust matched
---------------
Realm name: test
Domain NetBIOS name: TEST
Domain Security Identifier: S-1-5-21-259319770-2312917334-591429603
Trust type: Active Directory domain
[root at vm-002 labtool]# ipa idrange-add local
First Posix ID of the range: 10
Number of IDs in the range: 10
First RID of the corresponding RID range: 10
First RID of the secondary RID range: 20
----------------------
Added ID range "local"
----------------------
Range name: local
First Posix ID of the range: 10
Number of IDs in the range: 10
First RID of the corresponding RID range: 10
First RID of the secondary RID range: 20
Range type: local domain range
We should require for primary/secondary rid base after
ipa-adtrust-install has been run even if no trust is established.
Tomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130606/b1e88555/attachment.htm>
More information about the Freeipa-devel
mailing list