On 02/27/2014 12:48 PM, Alexander Bokovoy wrote:
> Thanks to Martin for noticing we had been fetching information about
> subdomains only in case there is algorithmic ID mapping in use. Instead,
> we should always fetch the subdomains but create new ranges only for
> algorithmic case.
> 
> https://fedorahosted.org/freeipa/ticket/4205
> 

This works fine for the trustdomain part. However, we still create too many ID
ranges:


# ipa idrange-find
----------------
3 ranges matched
----------------
  Range name: CHILD.TBAD.EXAMPLE.COM_id_range
  First Posix ID of the range: 161000000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
  Domain SID of the trusted domain: S-1-5-21-972585150-1048339146-1910910075
  Range type: Active Directory domain range

  Range name: IDM.LAB.BOS.REDHAT.COM_id_range
  First Posix ID of the range: 1258600000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range

  Range name: TBAD.EXAMPLE.COM_id_range
  First Posix ID of the range: 10000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
  Domain SID of the trusted domain: S-1-5-21-2997650941-1802118864-3094776726
  Range type: Active Directory trust range with POSIX attributes
----------------------------
Number of entries returned 3
----------------------------

CHILD.TBAD.EXAMPLE.COM_id_range should not be here given this is a POSIX trust.

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to