On 02/27/2014 12:48 PM, Alexander Bokovoy wrote: > Thanks to Martin for noticing we had been fetching information about > subdomains only in case there is algorithmic ID mapping in use. Instead, > we should always fetch the subdomains but create new ranges only for > algorithmic case. > > https://fedorahosted.org/freeipa/ticket/4205 >
This works fine for the trustdomain part. However, we still create too many ID ranges: # ipa idrange-find ---------------- 3 ranges matched ---------------- Range name: CHILD.TBAD.EXAMPLE.COM_id_range First Posix ID of the range: 161000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-972585150-1048339146-1910910075 Range type: Active Directory domain range Range name: IDM.LAB.BOS.REDHAT.COM_id_range First Posix ID of the range: 1258600000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range Range name: TBAD.EXAMPLE.COM_id_range First Posix ID of the range: 10000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-2997650941-1802118864-3094776726 Range type: Active Directory trust range with POSIX attributes ---------------------------- Number of entries returned 3 ---------------------------- CHILD.TBAD.EXAMPLE.COM_id_range should not be here given this is a POSIX trust. Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
