[Freeipa-devel] [PATCH] 0154-0158 improve trust operations
Sumit Bose
sbose at redhat.com
Fri Aug 29 09:26:15 UTC 2014
On Thu, Aug 21, 2014 at 01:43:35PM +0300, Alexander Bokovoy wrote:
> Hi!
>
> Attached patchset improves trust operations:
>
> 1. Ensures we only allow establishing trust to forest root domain
> 2. Ensures that we select primary domain controllers
> 3. Ensures first create trust and later set it to transitive state and
> update forest topology
> 4. Relaxes filtering of domains obtained from AD side to allow some of
> possible topology combinations which were not accounted for
> previously
> 5. Reverts to any PDC rather than a closest one if closest one is not
> available due to site mismanagement.
>
> Affected tickets:
> https://fedorahosted.org/freeipa/ticket/4463
> https://fedorahosted.org/freeipa/ticket/4479
> https://fedorahosted.org/freeipa/ticket/4458
>
> The patches should apply cleanly to master and ipa-3-3 (and 4-0/4-1
> branches).
>
> They were tested with Windows Server 2008R2 and Windows Server 2012
> environments.
Patches are looking good and I didn't found any issue in my tests, ACK.
I only have a question about 158. I wonder if the admin calling ipa
trust-add would be interested to see that setting the transitive
attribute failed? Currently it is buried in the logs so chances are the
nobody will recognise it.
bye,
Sumit
>
> --
> / Alexander Bokovoy
More information about the Freeipa-devel
mailing list