On Mon, 12 Dec 2011, Sumit Bose wrote: > > --password <Value> [type-specific parameters] > > > > Creates a trust between FreeIPA realm and another realm of selected > > type. Only 'ads' type is currently supported. > > > > For 'ads' type running `ipa trust-add' would be equivalent to > > following sequence: > > * ipa-adtrust-install > > * net rpc trust create > > As Simo already mentioned theses should be two separate step and `ipa > trust-add' should just check is the needed components to create AD > trusts are already installed on the IPA server. See my answer to Simo, I think we can substantially improve this situation.
> Additionally I think we need some commands to define a UID range for the > trusted domains, especially for AD trusts. For the domain given with the > `ipa trust-add' command we could just use another command line option. > But if this domain already has trusts to other domains it will become > difficult to handle this with options to `ipa trust-add'. So I would > suggest to add a new command to the `ipa trust' family which can set UID > ranges for domains before the trust is created. If the trust is already > created we may still allow to change the range but with a strong warning > that existing UIDs and GIDs will change. Ok, this would qualify for ipa trust-add options for UID/GID ranges and would also warrant addition of ipa trust-mod that Rob has proposed. What else except UID/GID ranges could be modified? -- / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel