Re: [Freeipa-devel] [PATCH 0359] adtrust-install: Correctly determine 4.2 FreeIPA servers

Wed, 12 Aug 2015 07:49:00 -0700 


On 08/11/2015 04:58 PM, Alexander Bokovoy wrote:
> On Tue, 11 Aug 2015, Tomas Babej wrote:
>> Hi,
>>
>> We need to detect a list of FreeIPA 4.2 (and above) servers, since
>> only there is the required version of SSSD present.
>>
>> Since the maximum domain level for 4.2 is 0 (and not 1), we can filter
>> for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes
>> to generate the list.
>>
>> https://fedorahosted.org/freeipa/ticket/5199
> 
>> From 31bf121e4603bc1287eac88653ff48198c2f69c3 Mon Sep 17 00:00:00 2001
>> From: Tomas Babej <[email protected]>
>> Date: Tue, 11 Aug 2015 16:05:32 +0200
>> Subject: [PATCH] adtrust-install: Correctly determine 4.2 FreeIPA servers
>>
>> We need to detect a list of FreeIPA 4.2 (and above) servers, since
>> only there is the required version of SSSD present.
>>
>> Since the maximum domain level for 4.2 is 0 (and not 1), we can filter
>> for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes
>> to generate the list.
>>
>> https://fedorahosted.org/freeipa/ticket/5199
>> ---
>> install/tools/ipa-adtrust-install | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/install/tools/ipa-adtrust-install
>> b/install/tools/ipa-adtrust-install
>> index
>> 5340c31d16ed78da0cb39725d9ae93c76470b698..21e58dd9f25e82429ce8d0c776d1b512c2661809
>> 100755
>> --- a/install/tools/ipa-adtrust-install
>> +++ b/install/tools/ipa-adtrust-install
>> @@ -396,7 +396,7 @@ def main():
>>             # Search only masters which have support for domain levels
>>             # because only these masters will have SSSD recent enough
>> to support AD trust agents
>>             (entries_m, truncated) = smb.admin_conn.find_entries(
>> -               
>> filter="(&(objectclass=ipaSupportedDomainLevelConfig)(!(ipaMaxDomainLevel=0)))",
>>
>> +               
>> filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))",
>>
>>                 base_dn=masters_dn, attrs_list=['cn'],
>> scope=ldap.SCOPE_ONELEVEL)
>>         except errors.NotFound:
>>             pass
> 
> ACK. I tested a manual version of this patch in the morning.
> 

* master: 1fc21e980bb901bf71f7ee024cdbb15c1caec3a7
* ipa-4-2: ef192fb17be348c526029e8fa5165b9108e1f6da

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to