On 16.03.2016 13:45, Alexander Bokovoy wrote:
On Wed, 16 Mar 2016, Martin Basti wrote:


On 16.03.2016 13:32, Martin Basti wrote:


On 16.03.2016 13:32, Alexander Bokovoy wrote:
On Wed, 16 Mar 2016, Martin Basti wrote:


On 15.03.2016 16:40, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5737

Patch attached.


Sekf NACK,

fix should be just oneliner, I found out that domain are stored hierarchically so extra finding of parents zone is needed.
you meant 'not needed', I'd guess.

Yes, I meant that, sorry :)


Updated patch attached.

From 74c55e5048af4b582469b1668a9dd592f868cf4b Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 16 Mar 2016 13:41:51 +0100
Subject: [PATCH] Fix broken trust warnings

Warning should be shown only for parent entries of trust domain. Sub
domains do not contain SIDs at all.

https://fedorahosted.org/freeipa/ticket/5737
---
ipalib/plugins/trust.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index ba0c98e2f3711924dace395b7becf2977ca8e35c..7d815fd6118586a4a75a1eeff7457103fe4c331c 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -597,7 +597,9 @@ class trust(LDAPObject):

        try:
            entries, truncated = ldap.find_entries(
-                base_dn=DN(self.container_dn, self.api.env.basedn),
+                base_dn=DN(self.api.env.container_adtrusts,
+                           self.api.env.basedn),
+                scope=ldap.SCOPE_ONELEVEL,
                attrs_list=['cn'],
                filter='(&(ipaNTTrustPartner=*)'
                       '(!(ipaNTSecurityIdentifier=*)))',

ACK if you change the commit message to say that subdomains do not
contain ipaNTSecurityIdentifier attribute.

Thanks, changed

Pushed to:
master: de8c6d81fd5d0f759ac0201e2c517bcb8b43d960
ipa-4-3: 1e0208612087e80f673e7ec1f8e050b57b5f1fb7
ipa-4-2: fb11384e65d74b6a027bf8cfe9f93e003bba5236

From cc25233e99d24d83fd97a3cf089b4f60be696e67 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 16 Mar 2016 13:41:51 +0100
Subject: [PATCH] Fix broken trust warnings

Warning should be shown only for parent entries of trust domain. Subdomains do not contain ipaNTSecurityIdentifier attribute at all.

https://fedorahosted.org/freeipa/ticket/5737
---
 ipalib/plugins/trust.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index ba0c98e2f3711924dace395b7becf2977ca8e35c..7d815fd6118586a4a75a1eeff7457103fe4c331c 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -597,7 +597,9 @@ class trust(LDAPObject):
 
         try:
             entries, truncated = ldap.find_entries(
-                base_dn=DN(self.container_dn, self.api.env.basedn),
+                base_dn=DN(self.api.env.container_adtrusts,
+                           self.api.env.basedn),
+                scope=ldap.SCOPE_ONELEVEL,
                 attrs_list=['cn'],
                 filter='(&(ipaNTTrustPartner=*)'
                        '(!(ipaNTSecurityIdentifier=*)))',
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to