On 06/11/2013 04:09 PM, Ana Krivokapic wrote: > On 06/06/2013 04:04 PM, Tomas Babej wrote: >> On 05/31/2013 07:35 PM, Ana Krivokapic wrote: >>> On 05/28/2013 04:49 PM, Ana Krivokapic wrote: >>>> Hello, >>>> >>>> This patch addresses https://fedorahosted.org/freeipa/ticket/3634 >>>> >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-devel mailing list >>>> Freeipa-devel@redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-devel >>> >>> This updated patch applies on top of tbabej's patches 0053-0055. >>> >>> As suggested by Tomáš >>> (https://www.redhat.com/archives/freeipa-devel/2013-May/msg00352.html), I >>> refactored support of "mock" LDAP objects to tests/util, and modified >>> test_range_plugin and test_cli to use it. >>> -- >>> Regards, >>> >>> Ana Krivokapic >>> Associate Software Engineer >>> FreeIPA team >>> Red Hat Inc. >>> >>> >>> _______________________________________________ >>> Freeipa-devel mailing list >>> Freeipa-devel@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-devel >> I looked thoroughly at the issue here.. >> >> The ticket is a little bit confusing about that, but you need to require >> primary/secondary rid base for the range after ipa-adtrust-install has been >> run. >> >> Currently, the way your patch works, the bases are required only if at least >> one trust exists. >> >> [root@vm-002 labtool]# ipa-adtrust-install >> >> The log file for this installation can be found in >> /var/log/ipaserver-install.log >> [snip] >> Setup complete >> [snip] >> >> [root@vm-002 labtool]# ipa idrange-add local >> First Posix ID of the range: 10 >> Number of IDs in the range: 20 >> ---------------------- >> Added ID range "local" >> ---------------------- >> Range name: local >> First Posix ID of the range: 10 >> Number of IDs in the range: 20 >> Range type: local domain range >> >> After adding the trust, everything works ok: >> >> [root@vm-002 labtool]# ipa trust-find >> --------------- >> 1 trust matched >> --------------- >> Realm name: test >> Domain NetBIOS name: TEST >> Domain Security Identifier: S-1-5-21-259319770-2312917334-591429603 >> Trust type: Active Directory domain >> >> [root@vm-002 labtool]# ipa idrange-add local >> First Posix ID of the range: 10 >> Number of IDs in the range: 10 >> First RID of the corresponding RID range: 10 >> First RID of the secondary RID range: 20 >> ---------------------- >> Added ID range "local" >> ---------------------- >> Range name: local >> First Posix ID of the range: 10 >> Number of IDs in the range: 10 >> First RID of the corresponding RID range: 10 >> First RID of the secondary RID range: 20 >> Range type: local domain range >> >> We should require for primary/secondary rid base after ipa-adtrust-install >> has been run even if no trust is established. >> >> Tomas > > This patch introduces a new command which can be used to determine if > ipa-adtrust-install has been run on the system. > > Tests have been amended accordingly. > > This patch applies on top of tbabej's patches 70 & 71.
Just 2 quick notes: 1) I would like the commands to be consistent with other similar commands like "dns_is_enabled". This would lead to "adtrust_is_enabled". 2) Is the used ldapsearch really the best way to find out if Trust is configured on a given master? Isn't a search in cn=masters,cn=ipa,... better? Alexander? Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel