Thanks to Martin for noticing we had been fetching information about subdomains only in case there is algorithmic ID mapping in use. Instead, we should always fetch the subdomains but create new ranges only for algorithmic case.
https://fedorahosted.org/freeipa/ticket/4205 -- / Alexander Bokovoy
>From f2cca17e5e9fa601934cc2b1bbae984b81195adb Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <[email protected]> Date: Thu, 27 Feb 2014 13:43:17 +0200 Subject: [PATCH 8/8] trust: make sure we always discover topology of the forest trust Even though we are creating idranges for subdomains only in case there is algorithmic ID mapping in use, we still need to fetch list of subdomains for all other cases. https://fedorahosted.org/freeipa/ticket/4205 --- ipalib/plugins/trust.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index bd71253..ed91dac 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -458,13 +458,15 @@ sides. result['result'] = entry_to_dict(trusts[0][1], **options) + # Fetch topology of the trust forest -- we need always to do it + # for AD trusts, regardless of the type of idranges associated with it + if options.get('trust_type') == u'ad': + domains = fetch_domains_from_trust(self, self.trustinstance, + result['result'], **options) # For AD trusts with algorithmic mapping, we need to add a separate # range for each subdomain. if (options.get('trust_type') == u'ad' and created_range_type != u'ipa-ad-trust-posix'): - - domains = fetch_domains_from_trust(self, self.trustinstance, - result['result'], **options) if domains and len(domains) > 0: for dom in domains: range_name = dom['cn'][0].upper() + '_id_range' -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
