On 03/13/2014 12:45 PM, Tomas Babej wrote: > Hi, > > Changes the code in the idrange_del method to not only check for > the root domains that match the SID in the IDRange, but for the > SIDs of subdomains of trusts as well. > > https://fedorahosted.org/freeipa/ticket/4247
This is a very complicated validation procedure IMO. Lot of subcommands, lot of LDAP searches. Why can't we do just one LDAP search with - base api.env.container_trusts - scope SUB - filter (&(objectclass=ipaNTTrustedDomain)(ipanttrusteddomainsid=range_sid)) When errors.NotFound is raised, we are OK. When it is not raised, we have a problem. Wouldn't it be simpler? Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
