[Freeipa-devel] [PATCH 0030] Require rid-base and secondary-rid-base options in idrange-add when trust exists

Tomas Babej tbabej at redhat.com
Thu Jun 6 14:04:51 UTC 2013 

On 05/31/2013 07:35 PM, Ana Krivokapic wrote:
> On 05/28/2013 04:49 PM, Ana Krivokapic wrote:
>> Hello,
>>
>> This patch addresseshttps://fedorahosted.org/freeipa/ticket/3634
>>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> This updated patch applies on top of tbabej's patches 0053-0055.
>
> As suggested by Tomás( 
> (https://www.redhat.com/archives/freeipa-devel/2013-May/msg00352.html), I 
> refactored support of "mock" LDAP objects to tests/util, and modified 
> test_range_plugin and test_cli to use it.
> -- 
> Regards,
>
> Ana Krivokapic
> Associate Software Engineer
> FreeIPA team
> Red Hat Inc.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
I looked thoroughly at the issue here..

The ticket is a little bit confusing about that, but you need to require 
primary/secondary rid base for the range after ipa-adtrust-install has 
been run.

Currently, the way your patch works, the bases are required only if at 
least one trust exists.

[root at vm-002 labtool]# ipa-adtrust-install

The log file for this installation can be found in 
/var/log/ipaserver-install.log
[snip]
Setup complete
[snip]

[root at vm-002 labtool]# ipa idrange-add local
First Posix ID of the range: 10
Number of IDs in the range: 20
----------------------
Added ID range "local"
----------------------
   Range name: local
   First Posix ID of the range: 10
   Number of IDs in the range: 20
   Range type: local domain range

After adding the trust, everything works ok:

[root at vm-002 labtool]# ipa trust-find
---------------
1 trust matched
---------------
   Realm name: test
   Domain NetBIOS name: TEST
   Domain Security Identifier: S-1-5-21-259319770-2312917334-591429603
   Trust type: Active Directory domain

[root at vm-002 labtool]# ipa idrange-add local
First Posix ID of the range: 10
Number of IDs in the range: 10
First RID of the corresponding RID range: 10
First RID of the secondary RID range: 20
----------------------
Added ID range "local"
----------------------
   Range name: local
   First Posix ID of the range: 10
   Number of IDs in the range: 10
   First RID of the corresponding RID range: 10
   First RID of the secondary RID range: 20
   Range type: local domain range

We should require for primary/secondary rid base after 
ipa-adtrust-install has been run even if no trust is established.

Tomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130606/b1e88555/attachment.htm>

More information about the Freeipa-devel mailing list