Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 06/10/2016 04:03 PM, Lukas Slebodnik wrote: > On (10/06/16 11:01), Martin Kosek wrote: >> On 06/10/2016 10:01 AM, Martin Basti wrote: >>> Sorry I misread that ticket in the commit message, because ipatool was >>> unable >>> to parse it from commit message >>> >>> Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073 >> >> I see no link to this ticket in the commit message in >> https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=185806432d6dfccc5cdd73815471ce60a575b073 >> Did you push old version of this patch? >> >> In general, I would suggest using the patch format from >> http://www.freeipa.org/page/Contribute/Patch_Format >> It makes automation easier... >> > And it would be much easier for author with .git-commit-template > @see > https://git.fedorahosted.org/cgit/sssd.git/commit/?id=3d9edb4c510028def2df41aa7b0ce705b197e6fc > > LS > Good idea, https://fedorahosted.org/freeipa/ticket/5952 -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On (10/06/16 11:01), Martin Kosek wrote:
>On 06/10/2016 10:01 AM, Martin Basti wrote:
>>
>>
>> On 09.06.2016 21:45, Alexander Bokovoy wrote:
>>> On Thu, 09 Jun 2016, Martin Basti wrote:
On 09.06.2016 17:56, Martin Babinsky wrote:
> On 06/06/2016 01:37 PM, Alexander Bokovoy wrote:
>> On Mon, 06 Jun 2016, Jan Cholasta wrote:
>>> On 6.6.2016 13:22, Martin Basti wrote:
On 06.06.2016 13:14, Alexander Bokovoy wrote:
> On Mon, 06 Jun 2016, Martin Basti wrote:
>>
>>
>> On 06.06.2016 12:36, Alexander Bokovoy wrote:
>>> Hi,
>>>
>>> MS-ADTS spec requires that TrustPartner field should be equal to the
>>> commonName (cn) of the trust. We used it a bit wrongly to express
>>> trust relationship between parent and child domains. In fact, we
>>> have parent-child relationship recorded in the DN (child domains
>>> are part of the parent domain's container).
>>>
>>> Remove the argument that was never used externally but only
>>> supplied by
>>> trust-specific code inside the IPA framework.
>>>
>>> Part of https://fedorahosted.org/freeipa/ticket/5354
>>>
>>>
>>>
>>
>> Hello, how is handled backward compatibility here, you just removes
>> the option from API, without any additional logic for older clients.
> This is not used by the external clients at all. It is part of
> internal
> logic of the code in trust.py+com.redhat.trust.fetch-domains which
> always talk to the same server they are running on.
>
> @register()
> class trustdomain_add(LDAPCreate):
> __doc__ = _('Allow access from the trusted domain')
> NO_CLI = True
>
>
Yes sorry, not old IPA clients, but it was part of API, shown in API
browser, and since this was in API, it is set to stone. So If you think
that it is safe to be removed and nobody can hit this, I'm okay for
removing that option. Maybe we should at least wrote it to release
notes
(I'll let Honza to express his feelings as API versioning/compatibility
sensei)
>>>
>>> IMHO it is safe to remove.
>>>
And you forgot to increment api version in VERSION file
>> Updated patch attached, with a VERSION change.
>>
>>
>>
> ACK
>
Is there any ticket for this?
>>> As I wrote in the commit message and in the email,
>>> it is part of https://fedorahosted.org/freeipa/ticket/5354
>>>
>> Sorry I misread that ticket in the commit message, because ipatool was unable
>> to parse it from commit message
>>
>> Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073
>
>I see no link to this ticket in the commit message in
>https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=185806432d6dfccc5cdd73815471ce60a575b073
>Did you push old version of this patch?
>
>In general, I would suggest using the patch format from
>http://www.freeipa.org/page/Contribute/Patch_Format
>It makes automation easier...
>
And it would be much easier for author with .git-commit-template
@see
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=3d9edb4c510028def2df41aa7b0ce705b197e6fc
LS
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 10.06.2016 12:13, Martin Basti wrote:
On 10.06.2016 11:01, Martin Kosek wrote:
On 06/10/2016 10:01 AM, Martin Basti wrote:
On 09.06.2016 21:45, Alexander Bokovoy wrote:
On Thu, 09 Jun 2016, Martin Basti wrote:
On 09.06.2016 17:56, Martin Babinsky wrote:
On 06/06/2016 01:37 PM, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Jan Cholasta wrote:
On 6.6.2016 13:22, Martin Basti wrote:
On 06.06.2016 13:14, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Martin Basti wrote:
On 06.06.2016 12:36, Alexander Bokovoy wrote:
Hi,
MS-ADTS spec requires that TrustPartner field should be
equal to the
commonName (cn) of the trust. We used it a bit wrongly to
express
trust relationship between parent and child domains. In
fact, we
have parent-child relationship recorded in the DN (child
domains
are part of the parent domain's container).
Remove the argument that was never used externally but only
supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
Hello, how is handled backward compatibility here, you just
removes
the option from API, without any additional logic for older
clients.
This is not used by the external clients at all. It is part
of internal
logic of the code in trust.py+com.redhat.trust.fetch-domains
which
always talk to the same server they are running on.
@register()
class trustdomain_add(LDAPCreate):
__doc__ = _('Allow access from the trusted domain')
NO_CLI = True
Yes sorry, not old IPA clients, but it was part of API, shown
in API
browser, and since this was in API, it is set to stone. So If
you think
that it is safe to be removed and nobody can hit this, I'm
okay for
removing that option. Maybe we should at least wrote it to
release notes
(I'll let Honza to express his feelings as API
versioning/compatibility
sensei)
IMHO it is safe to remove.
And you forgot to increment api version in VERSION file
Updated patch attached, with a VERSION change.
ACK
Is there any ticket for this?
As I wrote in the commit message and in the email,
it is part of https://fedorahosted.org/freeipa/ticket/5354
Sorry I misread that ticket in the commit message, because ipatool
was unable
to parse it from commit message
Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073
I see no link to this ticket in the commit message in
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=185806432d6dfccc5cdd73815471ce60a575b073
Did you push old version of this patch?
In general, I would suggest using the patch format from
http://www.freeipa.org/page/Contribute/Patch_Format
It makes automation easier...
Martin
Oh well, yes, my bad
I will revert the wrong commit and push the right one
Martin^2
Revert:
master
*478017357b50cb7fe30d6a4e26c3c47e111c91d0 Revert "adtrust: remove
nttrustpartner parameter"
The right patch:
master:
a0f953e0ff89900d9767df3e6ed868ae662616b4 adtrust: remove nttrustpartner
parameter
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 06/10/2016 10:01 AM, Martin Basti wrote:
>
>
> On 09.06.2016 21:45, Alexander Bokovoy wrote:
>> On Thu, 09 Jun 2016, Martin Basti wrote:
>>>
>>>
>>> On 09.06.2016 17:56, Martin Babinsky wrote:
On 06/06/2016 01:37 PM, Alexander Bokovoy wrote:
> On Mon, 06 Jun 2016, Jan Cholasta wrote:
>> On 6.6.2016 13:22, Martin Basti wrote:
>>>
>>>
>>> On 06.06.2016 13:14, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Martin Basti wrote:
>
>
> On 06.06.2016 12:36, Alexander Bokovoy wrote:
>> Hi,
>>
>> MS-ADTS spec requires that TrustPartner field should be equal to the
>> commonName (cn) of the trust. We used it a bit wrongly to express
>> trust relationship between parent and child domains. In fact, we
>> have parent-child relationship recorded in the DN (child domains
>> are part of the parent domain's container).
>>
>> Remove the argument that was never used externally but only
>> supplied by
>> trust-specific code inside the IPA framework.
>>
>> Part of https://fedorahosted.org/freeipa/ticket/5354
>>
>>
>>
>
> Hello, how is handled backward compatibility here, you just removes
> the option from API, without any additional logic for older clients.
This is not used by the external clients at all. It is part of internal
logic of the code in trust.py+com.redhat.trust.fetch-domains which
always talk to the same server they are running on.
@register()
class trustdomain_add(LDAPCreate):
__doc__ = _('Allow access from the trusted domain')
NO_CLI = True
>>>
>>> Yes sorry, not old IPA clients, but it was part of API, shown in API
>>> browser, and since this was in API, it is set to stone. So If you think
>>> that it is safe to be removed and nobody can hit this, I'm okay for
>>> removing that option. Maybe we should at least wrote it to release notes
>>> (I'll let Honza to express his feelings as API versioning/compatibility
>>> sensei)
>>
>> IMHO it is safe to remove.
>>
>>>
>>> And you forgot to increment api version in VERSION file
> Updated patch attached, with a VERSION change.
>
>
>
ACK
>>>
>>> Is there any ticket for this?
>> As I wrote in the commit message and in the email,
>> it is part of https://fedorahosted.org/freeipa/ticket/5354
>>
> Sorry I misread that ticket in the commit message, because ipatool was unable
> to parse it from commit message
>
> Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073
I see no link to this ticket in the commit message in
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=185806432d6dfccc5cdd73815471ce60a575b073
Did you push old version of this patch?
In general, I would suggest using the patch format from
http://www.freeipa.org/page/Contribute/Patch_Format
It makes automation easier...
Martin
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 09.06.2016 21:45, Alexander Bokovoy wrote:
On Thu, 09 Jun 2016, Martin Basti wrote:
On 09.06.2016 17:56, Martin Babinsky wrote:
On 06/06/2016 01:37 PM, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Jan Cholasta wrote:
On 6.6.2016 13:22, Martin Basti wrote:
On 06.06.2016 13:14, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Martin Basti wrote:
On 06.06.2016 12:36, Alexander Bokovoy wrote:
Hi,
MS-ADTS spec requires that TrustPartner field should be equal
to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only
supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
Hello, how is handled backward compatibility here, you just
removes
the option from API, without any additional logic for older
clients.
This is not used by the external clients at all. It is part of
internal
logic of the code in trust.py+com.redhat.trust.fetch-domains which
always talk to the same server they are running on.
@register()
class trustdomain_add(LDAPCreate):
__doc__ = _('Allow access from the trusted domain')
NO_CLI = True
Yes sorry, not old IPA clients, but it was part of API, shown in API
browser, and since this was in API, it is set to stone. So If you
think
that it is safe to be removed and nobody can hit this, I'm okay for
removing that option. Maybe we should at least wrote it to
release notes
(I'll let Honza to express his feelings as API
versioning/compatibility
sensei)
IMHO it is safe to remove.
And you forgot to increment api version in VERSION file
Updated patch attached, with a VERSION change.
ACK
Is there any ticket for this?
As I wrote in the commit message and in the email,
it is part of https://fedorahosted.org/freeipa/ticket/5354
Sorry I misread that ticket in the commit message, because ipatool was
unable to parse it from commit message
Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On Thu, 09 Jun 2016, Martin Basti wrote:
On 09.06.2016 17:56, Martin Babinsky wrote:
On 06/06/2016 01:37 PM, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Jan Cholasta wrote:
On 6.6.2016 13:22, Martin Basti wrote:
On 06.06.2016 13:14, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Martin Basti wrote:
On 06.06.2016 12:36, Alexander Bokovoy wrote:
Hi,
MS-ADTS spec requires that TrustPartner field should be
equal to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only
supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
Hello, how is handled backward compatibility here, you just removes
the option from API, without any additional logic for older clients.
This is not used by the external clients at all. It is part
of internal
logic of the code in trust.py+com.redhat.trust.fetch-domains which
always talk to the same server they are running on.
@register()
class trustdomain_add(LDAPCreate):
__doc__ = _('Allow access from the trusted domain')
NO_CLI = True
Yes sorry, not old IPA clients, but it was part of API, shown in API
browser, and since this was in API, it is set to stone. So If
you think
that it is safe to be removed and nobody can hit this, I'm okay for
removing that option. Maybe we should at least wrote it to
release notes
(I'll let Honza to express his feelings as API
versioning/compatibility
sensei)
IMHO it is safe to remove.
And you forgot to increment api version in VERSION file
Updated patch attached, with a VERSION change.
ACK
Is there any ticket for this?
As I wrote in the commit message and in the email,
it is part of https://fedorahosted.org/freeipa/ticket/5354
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 09.06.2016 17:56, Martin Babinsky wrote:
On 06/06/2016 01:37 PM, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Jan Cholasta wrote:
On 6.6.2016 13:22, Martin Basti wrote:
On 06.06.2016 13:14, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Martin Basti wrote:
On 06.06.2016 12:36, Alexander Bokovoy wrote:
Hi,
MS-ADTS spec requires that TrustPartner field should be equal to
the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only
supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
Hello, how is handled backward compatibility here, you just removes
the option from API, without any additional logic for older clients.
This is not used by the external clients at all. It is part of
internal
logic of the code in trust.py+com.redhat.trust.fetch-domains which
always talk to the same server they are running on.
@register()
class trustdomain_add(LDAPCreate):
__doc__ = _('Allow access from the trusted domain')
NO_CLI = True
Yes sorry, not old IPA clients, but it was part of API, shown in API
browser, and since this was in API, it is set to stone. So If you
think
that it is safe to be removed and nobody can hit this, I'm okay for
removing that option. Maybe we should at least wrote it to release
notes
(I'll let Honza to express his feelings as API
versioning/compatibility
sensei)
IMHO it is safe to remove.
And you forgot to increment api version in VERSION file
Updated patch attached, with a VERSION change.
ACK
Is there any ticket for this?
Martin^2
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On Mon, 06 Jun 2016, Jan Cholasta wrote:
On 6.6.2016 13:22, Martin Basti wrote:
On 06.06.2016 13:14, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Martin Basti wrote:
On 06.06.2016 12:36, Alexander Bokovoy wrote:
Hi,
MS-ADTS spec requires that TrustPartner field should be equal to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
Hello, how is handled backward compatibility here, you just removes
the option from API, without any additional logic for older clients.
This is not used by the external clients at all. It is part of internal
logic of the code in trust.py+com.redhat.trust.fetch-domains which
always talk to the same server they are running on.
@register()
class trustdomain_add(LDAPCreate):
__doc__ = _('Allow access from the trusted domain')
NO_CLI = True
Yes sorry, not old IPA clients, but it was part of API, shown in API
browser, and since this was in API, it is set to stone. So If you think
that it is safe to be removed and nobody can hit this, I'm okay for
removing that option. Maybe we should at least wrote it to release notes
(I'll let Honza to express his feelings as API versioning/compatibility
sensei)
IMHO it is safe to remove.
And you forgot to increment api version in VERSION file
Updated patch attached, with a VERSION change.
--
/ Alexander Bokovoy
From 71feb298933b3e447c060f4ab70d23fb269a40e2 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Mon, 6 Jun 2016 11:42:34 +0300
Subject: [PATCH 3/4] adtrust: remove nttrustpartner parameter
MS-ADTS spec requires that TrustPartner field should be equal to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
---
API.txt | 9 ++
VERSION | 4 +--
install/ui/test/data/ipa_init_commands.json | 43 -
install/ui/test/data/ipa_init_objects.json | 13 -
ipaserver/plugins/trust.py | 4 ---
5 files changed, 5 insertions(+), 68 deletions(-)
diff --git a/API.txt b/API.txt
index d5fbc27..4247dd7 100644
--- a/API.txt
+++ b/API.txt
@@ -5323,14 +5323,13 @@ output: Entry('result')
output: Output('summary', type=[, ])
output: PrimaryKey('value')
command: trustdomain_add
-args: 2,9,3
+args: 2,8,3
arg: Str('trustcn', cli_name='trust')
arg: Str('cn', cli_name='domain')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('ipantflatname?', cli_name='flat_name')
option: Str('ipanttrusteddomainsid?', cli_name='sid')
-option: Str('ipanttrustpartner?')
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('setattr*', cli_name='setattr')
option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad',
values=[u'ad'])
@@ -5364,14 +5363,13 @@ output: Output('result', type=[])
output: Output('summary', type=[, ])
output: PrimaryKey('value')
command: trustdomain_find
-args: 2,10,4
+args: 2,9,4
arg: Str('trustcn', cli_name='trust')
arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='domain')
option: Str('ipantflatname?', autofill=False, cli_name='flat_name')
option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid')
-option: Str('ipanttrustpartner?', autofill=False)
option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False)
@@ -5382,7 +5380,7 @@ output: ListOfEntries('result')
output: Output('summary', type=[, ])
output: Output('truncated', type=[])
command: trustdomain_mod
-args: 2,11,3
+args: 2,10,3
arg: Str('trustcn', cli_name='trust')
arg: Str('cn', cli_name='domain')
option: Str('addattr*', cli_name='addattr')
@@ -5390,7 +5388,6 @@ option: Flag('all', autofill=True, cli_name='all',
default=False)
option: Str('delattr*', cli_name='delattr')
option: Str('ipantflatname?', autofill=False, cli_name='flat_name')
option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid')
-option: Str('ipanttrustpartner?', autofill=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Flag('rights', autofill=True,
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 6.6.2016 13:22, Martin Basti wrote:
On 06.06.2016 13:14, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Martin Basti wrote:
On 06.06.2016 12:36, Alexander Bokovoy wrote:
Hi,
MS-ADTS spec requires that TrustPartner field should be equal to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
Hello, how is handled backward compatibility here, you just removes
the option from API, without any additional logic for older clients.
This is not used by the external clients at all. It is part of internal
logic of the code in trust.py+com.redhat.trust.fetch-domains which
always talk to the same server they are running on.
@register()
class trustdomain_add(LDAPCreate):
__doc__ = _('Allow access from the trusted domain')
NO_CLI = True
Yes sorry, not old IPA clients, but it was part of API, shown in API
browser, and since this was in API, it is set to stone. So If you think
that it is safe to be removed and nobody can hit this, I'm okay for
removing that option. Maybe we should at least wrote it to release notes
(I'll let Honza to express his feelings as API versioning/compatibility
sensei)
IMHO it is safe to remove.
And you forgot to increment api version in VERSION file
Martin^2
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 06.06.2016 13:14, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, Martin Basti wrote:
On 06.06.2016 12:36, Alexander Bokovoy wrote:
Hi,
MS-ADTS spec requires that TrustPartner field should be equal to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
Hello, how is handled backward compatibility here, you just removes
the option from API, without any additional logic for older clients.
This is not used by the external clients at all. It is part of internal
logic of the code in trust.py+com.redhat.trust.fetch-domains which
always talk to the same server they are running on.
@register()
class trustdomain_add(LDAPCreate):
__doc__ = _('Allow access from the trusted domain')
NO_CLI = True
Yes sorry, not old IPA clients, but it was part of API, shown in API
browser, and since this was in API, it is set to stone. So If you think
that it is safe to be removed and nobody can hit this, I'm okay for
removing that option. Maybe we should at least wrote it to release notes
(I'll let Honza to express his feelings as API versioning/compatibility
sensei)
And you forgot to increment api version in VERSION file
Martin^2
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On Mon, 06 Jun 2016, Martin Basti wrote:
On 06.06.2016 12:36, Alexander Bokovoy wrote:
Hi,
MS-ADTS spec requires that TrustPartner field should be equal to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
Hello, how is handled backward compatibility here, you just removes
the option from API, without any additional logic for older clients.
This is not used by the external clients at all. It is part of internal
logic of the code in trust.py+com.redhat.trust.fetch-domains which
always talk to the same server they are running on.
@register()
class trustdomain_add(LDAPCreate):
__doc__ = _('Allow access from the trusted domain')
NO_CLI = True
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
