On Fri, 29 Aug 2014, Sumit Bose wrote:
On Thu, Aug 21, 2014 at 01:43:35PM +0300, Alexander Bokovoy wrote:
Hi!
Attached patchset improves trust operations:
1. Ensures we only allow establishing trust to forest root domain
2. Ensures that we select primary domain controllers
3. Ensures first create trust and later set it to transitive state and
update forest topology
4. Relaxes filtering of domains obtained from AD side to allow some of
possible topology combinations which were not accounted for
previously
5. Reverts to any PDC rather than a closest one if closest one is not
available due to site mismanagement.
Affected tickets:
https://fedorahosted.org/freeipa/ticket/4463
https://fedorahosted.org/freeipa/ticket/4479
https://fedorahosted.org/freeipa/ticket/4458
The patches should apply cleanly to master and ipa-3-3 (and 4-0/4-1
branches).
They were tested with Windows Server 2008R2 and Windows Server 2012
environments.
Patches are looking good and I didn't found any issue in my tests, ACK.
I only have a question about 158. I wonder if the admin calling ipa
trust-add would be interested to see that setting the transitive
attribute failed? Currently it is buried in the logs so chances are the
nobody will recognise it.
Unfortunately, we don't have means in the framework to return warnings
nicely formatted and separated from the original output. Thus, I decided
to leave it as it is, without additional Python exception raising
because one can easily see the error message when enabling debug output,
even without restarting Apache.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
