Hi, **NOTE**: This is to be applied on top of my PATCH 0024.
I found this glitch while working on 0024, however, it does not fit into the scope of the ticket, so I am creating a separate patch for it. When modifing the idrange, one was able to add ipa NT trusted AD domain sid without objectclass ipatrustedaddomainrange being added. This patch fixes the issue. Tomas
>From 9e72a92e942d0fe357ae82cf65a1a94ab03fa0e5 Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Wed, 5 Dec 2012 11:19:57 -0500 Subject: [PATCH] Add trusted domain range objectclass to idrange-mod When modifing the idrange, one was able to add ipa NT trusted AD domain sid without objectclass ipatrustedaddomainrange being added. This patch fixes the issue. --- ipalib/plugins/idrange.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index eddb9817a9410a84bcf334cf2574f974eff1ede1..8aaa60adee2cd0f1ba8051f051548be7a2433f2c 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -448,6 +448,11 @@ class idrange_mod(LDAPUpdate): # Validate SID as the one of trusted domains self.obj.validate_trusted_domain_sid(options['ipanttrusteddomainsid']) + + # Add trusted AD domain range object class, if it wasn't there + if not 'ipatrustedaddomainrange' in old_attrs['objectclass']: + entry_attrs['objectclass'].append('ipatrustedaddomainrange') + else: # secondary base rid must be set if and only if base rid is set if (in_updated_attrs('ipasecondarybaserid') != in_updated_attrs('ipabaserid')): -- 1.8.0.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel