On 08/29/2014 11:35 AM, Alexander Bokovoy wrote: > On Fri, 29 Aug 2014, Sumit Bose wrote: >> On Thu, Aug 21, 2014 at 01:43:35PM +0300, Alexander Bokovoy wrote: >>> Hi! >>> >>> Attached patchset improves trust operations: >>> >>> 1. Ensures we only allow establishing trust to forest root domain >>> 2. Ensures that we select primary domain controllers >>> 3. Ensures first create trust and later set it to transitive state and >>> update forest topology >>> 4. Relaxes filtering of domains obtained from AD side to allow some of >>> possible topology combinations which were not accounted for >>> previously >>> 5. Reverts to any PDC rather than a closest one if closest one is not >>> available due to site mismanagement. >>> >>> Affected tickets: >>> https://fedorahosted.org/freeipa/ticket/4463 >>> https://fedorahosted.org/freeipa/ticket/4479 >>> https://fedorahosted.org/freeipa/ticket/4458 >>> >>> The patches should apply cleanly to master and ipa-3-3 (and 4-0/4-1 >>> branches). >>> >>> They were tested with Windows Server 2008R2 and Windows Server 2012 >>> environments. >> >> Patches are looking good and I didn't found any issue in my tests, ACK. >> >> I only have a question about 158. I wonder if the admin calling ipa >> trust-add would be interested to see that setting the transitive >> attribute failed? Currently it is buried in the logs so chances are the >> nobody will recognise it. > Unfortunately, we don't have means in the framework to return warnings > nicely formatted and separated from the original output.
What about http://www.freeipa.org/page/V3/Messages? We can do warnings already: # ipa dnszone-add example.test --forwarder 10.0.0.1 --name-server=`hostname`. Administrator e-mail address [hostmaster.example.test.]: ipa: WARNING: DNS forwarder semantics changed since IPA 4.0. You may want to use forward zones (dnsforwardzone-*) instead. For more details read the docs. Zone name: example.test. Active zone: TRUE Zone forwarders: 10.0.0.1 Authoritative nameserver: ipa.mkosek-fedora20.test. Administrator e-mail address: hostmaster.example.test. SOA serial: 1409322255 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant MKOSEK-FEDORA20.TEST krb5-self * A; grant MKOSEK-FEDORA20.TEST krb5-self * AAAA; grant MKOSEK-FEDORA20.TEST krb5-self * SSHFP; Dynamic update: FALSE Allow query: any; Allow transfer: none; > Thus, I decided > to leave it as it is, without additional Python exception raising > because one can easily see the error message when enabling debug output, > even without restarting Apache. _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
