On Thu, Aug 21, 2014 at 01:43:35PM +0300, Alexander Bokovoy wrote: > Hi! > > Attached patchset improves trust operations: > > 1. Ensures we only allow establishing trust to forest root domain > 2. Ensures that we select primary domain controllers > 3. Ensures first create trust and later set it to transitive state and > update forest topology > 4. Relaxes filtering of domains obtained from AD side to allow some of > possible topology combinations which were not accounted for > previously > 5. Reverts to any PDC rather than a closest one if closest one is not > available due to site mismanagement. > > Affected tickets: > https://fedorahosted.org/freeipa/ticket/4463 > https://fedorahosted.org/freeipa/ticket/4479 > https://fedorahosted.org/freeipa/ticket/4458 > > The patches should apply cleanly to master and ipa-3-3 (and 4-0/4-1 > branches). > > They were tested with Windows Server 2008R2 and Windows Server 2012 > environments.
Patches are looking good and I didn't found any issue in my tests, ACK. I only have a question about 158. I wonder if the admin calling ipa trust-add would be interested to see that setting the transitive attribute failed? Currently it is buried in the logs so chances are the nobody will recognise it. bye, Sumit > > -- > / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel