Hi,
MS-ADTS spec requires that TrustPartner field should be equal to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
--
/ Alexander Bokovoy
From a7569cf6d9e78da97fcffae78c7e22d30edbf42a Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Mon, 6 Jun 2016 11:42:34 +0300
Subject: [PATCH 3/4] adtrust: remove nttrustpartner parameter
MS-ADTS spec requires that TrustPartner field should be equal to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only supplied by
trust-specific code inside the IPA framework.
---
API.txt | 9 ++----
install/ui/test/data/ipa_init_commands.json | 43 -----------------------------
install/ui/test/data/ipa_init_objects.json | 13 ---------
ipaserver/plugins/trust.py | 4 ---
4 files changed, 3 insertions(+), 66 deletions(-)
diff --git a/API.txt b/API.txt
index d5fbc27..4247dd7 100644
--- a/API.txt
+++ b/API.txt
@@ -5323,14 +5323,13 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: trustdomain_add
-args: 2,9,3
+args: 2,8,3
arg: Str('trustcn', cli_name='trust')
arg: Str('cn', cli_name='domain')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('ipantflatname?', cli_name='flat_name')
option: Str('ipanttrusteddomainsid?', cli_name='sid')
-option: Str('ipanttrustpartner?')
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('setattr*', cli_name='setattr')
option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad',
values=[u'ad'])
@@ -5364,14 +5363,13 @@ output: Output('result', type=[<type 'bool'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: trustdomain_find
-args: 2,10,4
+args: 2,9,4
arg: Str('trustcn', cli_name='trust')
arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='domain')
option: Str('ipantflatname?', autofill=False, cli_name='flat_name')
option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid')
-option: Str('ipanttrustpartner?', autofill=False)
option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False)
@@ -5382,7 +5380,7 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>])
command: trustdomain_mod
-args: 2,11,3
+args: 2,10,3
arg: Str('trustcn', cli_name='trust')
arg: Str('cn', cli_name='domain')
option: Str('addattr*', cli_name='addattr')
@@ -5390,7 +5388,6 @@ option: Flag('all', autofill=True, cli_name='all',
default=False)
option: Str('delattr*', cli_name='delattr')
option: Str('ipantflatname?', autofill=False, cli_name='flat_name')
option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid')
-option: Str('ipanttrustpartner?', autofill=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Flag('rights', autofill=True, default=False)
option: Str('setattr*', cli_name='setattr')
diff --git a/install/ui/test/data/ipa_init_commands.json
b/install/ui/test/data/ipa_init_commands.json
index c7f717c..b5c482e 100644
--- a/install/ui/test/data/ipa_init_commands.json
+++ b/install/ui/test/data/ipa_init_commands.json
@@ -22023,20 +22023,6 @@
"type": "unicode"
},
{
- "attribute": true,
- "class": "Str",
- "deprecated_cli_aliases": [],
- "doc": "Trusted domain partner",
- "flags": [
- "no_display",
- "no_option"
- ],
- "label": "Trusted domain partner",
- "name": "ipanttrustpartner",
- "noextrawhitespace": true,
- "type": "unicode"
- },
- {
"name": "setattr"
},
{
@@ -22142,21 +22128,6 @@
"type": "unicode"
},
{
- "attribute": true,
- "class": "Str",
- "deprecated_cli_aliases": [],
- "doc": "Trusted domain partner",
- "flags": [
- "no_display",
- "no_option"
- ],
- "label": "Trusted domain partner",
- "name": "ipanttrustpartner",
- "noextrawhitespace": true,
- "query": true,
- "type": "unicode"
- },
- {
"class": "Int",
"deprecated_cli_aliases": [],
"doc": "Time limit of search in seconds",
@@ -22228,20 +22199,6 @@
"type": "unicode"
},
{
- "attribute": true,
- "class": "Str",
- "deprecated_cli_aliases": [],
- "doc": "Trusted domain partner",
- "flags": [
- "no_display",
- "no_option"
- ],
- "label": "Trusted domain partner",
- "name": "ipanttrustpartner",
- "noextrawhitespace": true,
- "type": "unicode"
- },
- {
"name": "setattr"
},
{
diff --git a/install/ui/test/data/ipa_init_objects.json
b/install/ui/test/data/ipa_init_objects.json
index ca98a1a..d8dfba2 100644
--- a/install/ui/test/data/ipa_init_objects.json
+++ b/install/ui/test/data/ipa_init_objects.json
@@ -8527,19 +8527,6 @@
"noextrawhitespace": true,
"type": "unicode"
},
- {
- "class": "Str",
- "deprecated_cli_aliases": [],
- "doc": "Trusted domain partner",
- "flags": [
- "no_display",
- "no_option"
- ],
- "label": "Trusted domain partner",
- "name": "ipanttrustpartner",
- "noextrawhitespace": true,
- "type": "unicode"
- }
],
"uuid_attribute": ""
},
diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py
index 98def2e..62fe96e 100644
--- a/ipaserver/plugins/trust.py
+++ b/ipaserver/plugins/trust.py
@@ -1478,10 +1478,6 @@ class trustdomain(LDAPObject):
cli_name='sid',
label=_('Domain Security Identifier'),
),
- Str('ipanttrustpartner?',
- label=_('Trusted domain partner'),
- flags=['no_display', 'no_option'],
- ),
)
# LDAPObject.get_dn() only passes all but last element of keys and no
kwargs
--
2.7.4
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
