On Thu, 04 Oct 2012, Sumit Bose wrote:
this is something that felt between the cracks. Some time ago we
introduced a new objectclass ipaIDobject to allow objects to have an
UID, GID or SID which are basically no users or groups. The DNA plugin
should be aware of this new objectclass which is fix by the first patch.
The second patch actually use this new objectclass in ipasam. Currenlty
ipasam generates a hardcoded SID for the trusted domain user which might
lead to confusion. With the second patch the trusted domain user has a
ACK, works for me.
/ Alexander Bokovoy
Freeipa-devel mailing list