[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones MartinBasti commented: """ master: * 4ba6b968399204aac66d82d917a8cc159e77ad4d Refactor the code checking for missing SIDs * c5bae577597fbababdd25ab3ae6463c490d90a40 only check for netbios name when LDAP backend is connected * 9348cfa996ce450bc88a4b35ee3f3bf52adfff39 Refactor the code searching and presenting missing trust agents * c17215ea3db58c7a5fe6e30b6b38f4f3012e25d2 adtrust.py: Use logging to emit error messages * ef37c42ab9d3530dc78fa4b754cd11c585b69d77 print the installation info only in standalone mode * 289060dd98a3ed8e2a916ed25eaa1824c795e842 check for installed dependencies when *not* in standalone mode * 77857ea77662e005b1a23039e2f9173c0a9b080b Add AD trust installer interface for composite installer * 13b5821fa4d32b5a1cc69a97386853fad44236ec expose AD trust related knobs in composite installers * aa353c5f21bf040579a4aeda6840b56ae93b4309 Merge AD trust configurator into server installer * eee319dba12a6ab7daa06ca0d7d8ac8fc754f961 Merge AD trust configurator into replica installer * f62f0b74855beff8db1ad6a24bf76fa66c3c4771 Fix erroneous short name options in ipa-adtrust-install man page * 23cebe1356bbf84ddfde2a622a795061c4924edf Update server/replica installer man pages * 612ea7f66e102c57c2b213eff99ad8f1c91e59a5 Provide basic integration tests for built-in AD trust installer """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-283362181 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones MartinBasti commented: """ Please rebase """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-283332782 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones martbab commented: """ I have added a commit that fixes the choeck for missing dependencies in composite installers. """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-283033182 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones martbab commented: """ OK I will then hard-code `add_sids=True` in ipa-server-install """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-282784419 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones abbra commented: """ Unless you specified --add-sids to ipa-adtrust-install (or `add_sids=True` in ADTrustInstance.setup() call), no task would be run. 'Activating sidgen task' only adds configuration to allow the task to be run. """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-282777294 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones martbab commented: """ @abbra I think that I am confused by the way sidgen plugin works. During LDAP configuration I can see that sidgen/extdom plugins are activated. e.g: ``` ... [43/47]: enabling compatibility plugin [44/47]: activating sidgen plugin [45/47]: activating extdom plugin ... ``` Yet unless I install AD trust related bits, there are no SIDs generated on entries I am added (user or groups). When the AD trust installer is run, I see that the sidgen task is activated: ``` ... [13/21]: activating sidgen task [14/21]: configuring smbd to start on boot ... ``` The admin user now has SID added by installer, yet the existing POSIX groups (editors) have no SIDs associated with them, only the new user I add afterwards. Do we have a documentation about the semantics of different sidgen-related operations somewhere? If not, can you please explain the behavior I am seeing here? """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-28272 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones abbra commented: """ If you can differentiate how the installer is being run, then for composite installer always run add_sids. """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-282739260 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones martbab commented: """ I have noticed that the check for installed dependencies is buggy, I will have to fix it before pushing. Also we would need to move the 'editors' group addition to the LDAP update phase since it remains with missing SID during ipa-server-install when `add_sids` knob is set to False. @abbra @rcritten is that ok with you? Please see inline comment for more details. """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-282730945 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones MartinBasti commented: """ Works for me, except, ipa-server-install --setup-adtrust works even without freeipa-server-trust-ad package. Please fix this in a new PR in way how DNS is done. """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-282312799 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones martbab commented: """ I have added a basic integration tests for the built-in AD trust installation, you can run them on 3 machines (master + 2 replicas) by running ```bash # ipa-run-tests --verbose /usr/lib/python2.7/site-packages/ipatests/test_integration/test_installation.py -k TestADTrustInstall ``` and having a properly configured test config. """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-281651733 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#479][comment] Merge AD trust installer into composite ones
URL: https://github.com/freeipa/freeipa/pull/479 Title: #479: Merge AD trust installer into composite ones martbab commented: """ Bump for review. """ See the full comment at https://github.com/freeipa/freeipa/pull/479#issuecomment-281635086 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
