On Fri, Aug 29, 2014 at 12:35:05PM +0300, Alexander Bokovoy wrote: > On Fri, 29 Aug 2014, Sumit Bose wrote: > >On Thu, Aug 21, 2014 at 01:43:35PM +0300, Alexander Bokovoy wrote: > >>Hi! > >> > >>Attached patchset improves trust operations: > >> > >>1. Ensures we only allow establishing trust to forest root domain > >>2. Ensures that we select primary domain controllers > >>3. Ensures first create trust and later set it to transitive state and > >> update forest topology > >>4. Relaxes filtering of domains obtained from AD side to allow some of > >> possible topology combinations which were not accounted for > >> previously > >>5. Reverts to any PDC rather than a closest one if closest one is not > >> available due to site mismanagement. > >> > >>Affected tickets: > >> https://fedorahosted.org/freeipa/ticket/4463 > >> https://fedorahosted.org/freeipa/ticket/4479 > >> https://fedorahosted.org/freeipa/ticket/4458 > >> > >>The patches should apply cleanly to master and ipa-3-3 (and 4-0/4-1 > >>branches). > >> > >>They were tested with Windows Server 2008R2 and Windows Server 2012 > >>environments. > > > >Patches are looking good and I didn't found any issue in my tests, ACK. > > > >I only have a question about 158. I wonder if the admin calling ipa > >trust-add would be interested to see that setting the transitive > >attribute failed? Currently it is buried in the logs so chances are the > >nobody will recognise it. > Unfortunately, we don't have means in the framework to return warnings > nicely formatted and separated from the original output. Thus, I decided > to leave it as it is, without additional Python exception raising > because one can easily see the error message when enabling debug output, > even without restarting Apache.
ok, I see. bye, Sumit > -- > / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
