On Wed, Apr 16, 2014 at 04:59:55PM +0300, Alexander Bokovoy wrote:
> On Wed, 16 Apr 2014, Simo Sorce wrote:
> >On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote:
> >>On Wed, 16 Apr 2014, Simo Sorce wrote:
> >>>> +                'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo',
> >>>> +                'ipanttrustposixoffset',
> >>>> 'ipantsupportedencryptiontypes',
> >>>> +                'ipantsidblacklistincoming',
> >>>> 'ipantsidblacklistoutgoing',
> >>>> +                # ipaNTDomainAttrs:
> >>>> +                'ipantsecurityidentifier', 'ipantflatname',
> >>>> 'ipantdomainguid',
> >>>> +                'ipantfallbackprimarygroup',
> >>>> +            },
> >>>> +        },
> >>>> +    }
> >>>>
> >>>>      label = _('Trusts')
> >>>>      label_singular = _('Trust')
> >>>
> >>>In general I am not sure all authenticated users need access to all this
> >>>info. Alexander ?
> >>SSSD needs to read some of this information for subdomains support.
> >>That would be at least host/*@REALM who needs to access it.
> >
> >Can you please list exactly which ones are needed ?
> SSSD subdomains support needs:
>   - objectclasses ipaNTTrustedDomain/ipaNTDomainAttrs
>     - ipaNTFlatName
>     - ipaNTSecurityIdentifier
>     - ipaNTTrustedDomainSID
>       - cn
> 
>   - objectclass ipaIDRange
>     - cn
>       - ipaBaseID
>       - ipaIDRangeSize
>       - ipaBaseRID
>       - ipaSecondaryBaseRID

iparangetype and ipanttrusteddomainsid are needed as well.

bye,
Sumit

> 
> 
> 
> 
> >
> >Simo.
> >
> >
> >
> 
> -- 
> / Alexander Bokovoy
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to