On 08/29/2014 11:26 AM, Sumit Bose wrote: > On Thu, Aug 21, 2014 at 01:43:35PM +0300, Alexander Bokovoy wrote: >> Hi! >> >> Attached patchset improves trust operations: >> >> 1. Ensures we only allow establishing trust to forest root domain >> 2. Ensures that we select primary domain controllers >> 3. Ensures first create trust and later set it to transitive state and >> update forest topology >> 4. Relaxes filtering of domains obtained from AD side to allow some of >> possible topology combinations which were not accounted for >> previously >> 5. Reverts to any PDC rather than a closest one if closest one is not >> available due to site mismanagement. >> >> Affected tickets: >> https://fedorahosted.org/freeipa/ticket/4463 >> https://fedorahosted.org/freeipa/ticket/4479 >> https://fedorahosted.org/freeipa/ticket/4458 >> >> The patches should apply cleanly to master and ipa-3-3 (and 4-0/4-1 >> branches). >> >> They were tested with Windows Server 2008R2 and Windows Server 2012 >> environments. > > Patches are looking good and I didn't found any issue in my tests, ACK. > > I only have a question about 158. I wonder if the admin calling ipa > trust-add would be interested to see that setting the transitive > attribute failed? Currently it is buried in the logs so chances are the > nobody will recognise it. > > bye, > Sumit
Pushed all patches to master, ipa-4-1, ipa-4-0 and ipa-3-3. Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
