Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container).
Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 -- / Alexander Bokovoy
From a7569cf6d9e78da97fcffae78c7e22d30edbf42a Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Mon, 6 Jun 2016 11:42:34 +0300 Subject: [PATCH 3/4] adtrust: remove nttrustpartner parameter MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. --- API.txt | 9 ++---- install/ui/test/data/ipa_init_commands.json | 43 ----------------------------- install/ui/test/data/ipa_init_objects.json | 13 --------- ipaserver/plugins/trust.py | 4 --- 4 files changed, 3 insertions(+), 66 deletions(-) diff --git a/API.txt b/API.txt index d5fbc27..4247dd7 100644 --- a/API.txt +++ b/API.txt @@ -5323,14 +5323,13 @@ output: Entry('result') output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: PrimaryKey('value') command: trustdomain_add -args: 2,9,3 +args: 2,8,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ipantflatname?', cli_name='flat_name') option: Str('ipanttrusteddomainsid?', cli_name='sid') -option: Str('ipanttrustpartner?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad', values=[u'ad']) @@ -5364,14 +5363,13 @@ output: Output('result', type=[<type 'bool'>]) output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: PrimaryKey('value') command: trustdomain_find -args: 2,10,4 +args: 2,9,4 arg: Str('trustcn', cli_name='trust') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='domain') option: Str('ipantflatname?', autofill=False, cli_name='flat_name') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid') -option: Str('ipanttrustpartner?', autofill=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -5382,7 +5380,7 @@ output: ListOfEntries('result') output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('truncated', type=[<type 'bool'>]) command: trustdomain_mod -args: 2,11,3 +args: 2,10,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('addattr*', cli_name='addattr') @@ -5390,7 +5388,6 @@ option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('ipantflatname?', autofill=False, cli_name='flat_name') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid') -option: Str('ipanttrustpartner?', autofill=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') diff --git a/install/ui/test/data/ipa_init_commands.json b/install/ui/test/data/ipa_init_commands.json index c7f717c..b5c482e 100644 --- a/install/ui/test/data/ipa_init_commands.json +++ b/install/ui/test/data/ipa_init_commands.json @@ -22023,20 +22023,6 @@ "type": "unicode" }, { - "attribute": true, - "class": "Str", - "deprecated_cli_aliases": [], - "doc": "Trusted domain partner", - "flags": [ - "no_display", - "no_option" - ], - "label": "Trusted domain partner", - "name": "ipanttrustpartner", - "noextrawhitespace": true, - "type": "unicode" - }, - { "name": "setattr" }, { @@ -22142,21 +22128,6 @@ "type": "unicode" }, { - "attribute": true, - "class": "Str", - "deprecated_cli_aliases": [], - "doc": "Trusted domain partner", - "flags": [ - "no_display", - "no_option" - ], - "label": "Trusted domain partner", - "name": "ipanttrustpartner", - "noextrawhitespace": true, - "query": true, - "type": "unicode" - }, - { "class": "Int", "deprecated_cli_aliases": [], "doc": "Time limit of search in seconds", @@ -22228,20 +22199,6 @@ "type": "unicode" }, { - "attribute": true, - "class": "Str", - "deprecated_cli_aliases": [], - "doc": "Trusted domain partner", - "flags": [ - "no_display", - "no_option" - ], - "label": "Trusted domain partner", - "name": "ipanttrustpartner", - "noextrawhitespace": true, - "type": "unicode" - }, - { "name": "setattr" }, { diff --git a/install/ui/test/data/ipa_init_objects.json b/install/ui/test/data/ipa_init_objects.json index ca98a1a..d8dfba2 100644 --- a/install/ui/test/data/ipa_init_objects.json +++ b/install/ui/test/data/ipa_init_objects.json @@ -8527,19 +8527,6 @@ "noextrawhitespace": true, "type": "unicode" }, - { - "class": "Str", - "deprecated_cli_aliases": [], - "doc": "Trusted domain partner", - "flags": [ - "no_display", - "no_option" - ], - "label": "Trusted domain partner", - "name": "ipanttrustpartner", - "noextrawhitespace": true, - "type": "unicode" - } ], "uuid_attribute": "" }, diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py index 98def2e..62fe96e 100644 --- a/ipaserver/plugins/trust.py +++ b/ipaserver/plugins/trust.py @@ -1478,10 +1478,6 @@ class trustdomain(LDAPObject): cli_name='sid', label=_('Domain Security Identifier'), ), - Str('ipanttrustpartner?', - label=_('Trusted domain partner'), - flags=['no_display', 'no_option'], - ), ) # LDAPObject.get_dn() only passes all but last element of keys and no kwargs -- 2.7.4
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code