On Mon, 12 Dec 2011, Sumit Bose wrote:
> > --password <Value> [type-specific parameters]
> > 
> > Creates a trust between FreeIPA realm and another realm of selected 
> > type. Only 'ads' type is currently supported.
> > 
> > For 'ads' type running `ipa trust-add' would be equivalent to 
> > following sequence:
> >  * ipa-adtrust-install
> >  * net rpc trust create
> 
> As Simo already mentioned theses should be two separate step and `ipa
> trust-add' should just check is the needed components to create AD
> trusts are already installed on the IPA server.
See my answer to Simo, I think we can substantially improve this 
situation.

> Additionally I think we need some commands to define a UID range for the
> trusted domains, especially for AD trusts. For the domain given with the
> `ipa trust-add' command we could just use another command line option.
> But if this domain already has trusts to other domains it will become
> difficult to handle this with options to `ipa trust-add'. So I would
> suggest to add a new command to the `ipa trust' family which can set UID
> ranges for domains before the trust is created. If the trust is already
> created we may still allow to change the range but with a strong warning
> that existing UIDs and GIDs will change.
Ok, this would qualify for ipa trust-add options for UID/GID ranges 
and would also warrant addition of ipa trust-mod that Rob has proposed.

What else except UID/GID ranges could be modified?
-- 
/ Alexander Bokovoy

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to