Hi,
**NOTE**: This is to be applied on top of my PATCH 0024.
I found this glitch while working on 0024, however, it
does not fit into the scope of the ticket, so I am creating a
separate patch for it.
When modifing the idrange, one was able to add ipa NT trusted
AD domain sid without objectclass ipatrustedaddomainrange being
added. This patch fixes the issue.
Tomas
>From 9e72a92e942d0fe357ae82cf65a1a94ab03fa0e5 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 5 Dec 2012 11:19:57 -0500
Subject: [PATCH] Add trusted domain range objectclass to idrange-mod
When modifing the idrange, one was able to add ipa NT trusted
AD domain sid without objectclass ipatrustedaddomainrange being
added. This patch fixes the issue.
---
ipalib/plugins/idrange.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index eddb9817a9410a84bcf334cf2574f974eff1ede1..8aaa60adee2cd0f1ba8051f051548be7a2433f2c 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -448,6 +448,11 @@ class idrange_mod(LDAPUpdate):
# Validate SID as the one of trusted domains
self.obj.validate_trusted_domain_sid(options['ipanttrusteddomainsid'])
+
+ # Add trusted AD domain range object class, if it wasn't there
+ if not 'ipatrustedaddomainrange' in old_attrs['objectclass']:
+ entry_attrs['objectclass'].append('ipatrustedaddomainrange')
+
else:
# secondary base rid must be set if and only if base rid is set
if (in_updated_attrs('ipasecondarybaserid') != in_updated_attrs('ipabaserid')):
--
1.8.0.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
