On 07/07/2015 04:31 PM, Alexander Bokovoy wrote:
> On Tue, 07 Jul 2015, Alexander Bokovoy wrote:
>> Hi,
>>
>> attached are patches to introduce one-way trust support and few more to
>> fix currently outstanding trust-related bugs.
>>
>> More details are in the commit messages.
>>
>> For oddjobd-activated helper, if you want to test the one-way trust
>> setup, you need to put SELinux into permissive. We have bugs for both
>> Fedora and RHEL to add the policy
>> (https://bugzilla.redhat.com/show_bug.cgi?id=1238163 for RHEL7), it is
>> in works.
> Updated patch 0181 after discussion with Simo and Sumit about empty rid
> array.
> 
> 
> 

Works fine for me, thanks. ACK.

Pushed to master: 5017726ebaf6eea3dedb1325efe00c0d6c4b6187

During review, I also pushed the attached oneliner.

Tomas
From d011ca36f1db5d0cb76ab53ef07a33bec54d9003 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 8 Jul 2015 01:24:10 +0200
Subject: [PATCH] dcerpc: Raise ACIError correctly

---
 ipaserver/dcerpc.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index bc75a60265de241f01b7e22c0274dc8a8523eeec..a1da0a641064f59a79639d97489ff73181787a4a 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -1093,9 +1093,11 @@ class TrustDomainInstance(object):
                     if self.validation_attempts < 10:
                         sleep(5)
                         return self.verify_trust(another_domain)
-                    raise errors.ACIError(reason=_('IPA master denied trust validation requests from AD DC '
-                                                   '%(count)d times. Most likely AD DC contacted a replica '
-                                                   'that has no trust information replicated yet.' % (self.validation_attempts)))
+                    raise errors.ACIError(
+                            info=_('IPA master denied trust validation requests from AD DC '
+                                   '%(count)d times. Most likely AD DC contacted a replica '
+                                   'that has no trust information replicated yet.')
+                                   % dict(count=self.validation_attempts))
                 raise assess_dcerpc_exception(*result.pdc_connection_status)
             return True
         return False
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to