On 06/21/2013 03:59 PM, Tomas Babej wrote:
On 06/21/2013 03:38 PM, Ana Krivokapic wrote:
On 06/21/2013 02:39 PM, Tomas Babej wrote:
On 06/12/2013 07:06 PM, Ana Krivokapic wrote:
On 06/11/2013 06:44 PM, Alexander Bokovoy wrote:
On Tue, 11 Jun 2013, Martin Kosek wrote:
2) Is the used ldapsearch really the best way to find out if
Trust is
configured on a given master? Isn't a search in
What would the search in cn=masters,cn=ipa,.. give?

We can have multiple CIFS services per realm. However, only those in
'adtrust agents' group are the ones which are real DCs. And since
membership in the group is not handled via framework or UI, it is
indication that ipa-adtrust-install was run.
It would say if there as an appropriate service configured by
ipa-adtrust-install. In this case,
"cn=ADTRUST,cn=FQDN,cn=masters,cn=ipa,cn=etc,SUFFIX. I am asking
because this
is a standard way in FreeIPA to ask for configured services.

If that does not work for Trust, then your alternative way should
be OK too.
This would work for making sure that ipa-adtrust-install was run on a
specific server. It will not work for making sure trusts are enabled
but in this case we only need to know that we have configured the host
to be a DC so your approach is fine.

I'm fine to use this approach, somehow it slipped out of my view
when we
discussed it with Ana..

I amended the name of the new command to 'adtrust_is_enabled'. I
also simplified
the LDAP search used in the command, as suggested by Martin and

Updated patch is attached.

Can you please rebase the patch? I think tests -> ipatests change is the
culprit here.

Sure, rebased patch is attached.



Pushed to master.


Freeipa-devel mailing list

Reply via email to