See description. This is a regression since FreeIPA 4.4.0.
-- / Alexander Bokovoy
From ce6dcc38fe4b1772941b281880ab156d7ae0db7c Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Mon, 31 Oct 2016 18:17:35 +0200 Subject: [PATCH 2/2] trustdomain-del: fix the way how subdomain is searched With FreeIPA 4.4 we moved child domains behind the 'trustdomain' topic. Update 'ipa trustdomain-del' command to properly calculate DN to the actual child domain and handle the case when it is missing correctly. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1389709 --- ipaserver/plugins/trust.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py index c0c080d..3540742 100644 --- a/ipaserver/plugins/trust.py +++ b/ipaserver/plugins/trust.py @@ -1614,13 +1614,16 @@ class trustdomain_del(LDAPDelete): # to always receive empty keys. We need to catch the case when root domain is being deleted for domain in keys[1]: - # Fetch the trust to verify that the entered domain is trusted - self.api.Command.trust_show(domain) + try: + dn = self.obj.get_dn(keys[0], domain, trust_type=u'ad') + entry = ldap.get_entry(dn) + except errors.NotFound: + if keys[0].lower() == domain: + raise errors.ValidationError(name='domain', + error=_("cannot delete root domain of the trust, " + "use trust-del to delete the trust itself")) + self.obj.handle_not_found(keys[0], domain) - if keys[0].lower() == domain: - raise errors.ValidationError(name='domain', - error=_("cannot delete root domain of the trust, " - "use trust-del to delete the trust itself")) try: self.api.Command.trustdomain_enable(keys[0], domain) except errors.AlreadyActive: -- 2.9.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
