Re: [Freeipa-devel] [PATCH 0359] adtrust-install: Correctly determine 4.2 FreeIPA servers
On 08/11/2015 04:58 PM, Alexander Bokovoy wrote: On Tue, 11 Aug 2015, Tomas Babej wrote: Hi, We need to detect a list of FreeIPA 4.2 (and above) servers, since only there is the required version of SSSD present. Since the maximum domain level for 4.2 is 0 (and not 1), we can filter for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes to generate the list. https://fedorahosted.org/freeipa/ticket/5199 From 31bf121e4603bc1287eac88653ff48198c2f69c3 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 11 Aug 2015 16:05:32 +0200 Subject: [PATCH] adtrust-install: Correctly determine 4.2 FreeIPA servers We need to detect a list of FreeIPA 4.2 (and above) servers, since only there is the required version of SSSD present. Since the maximum domain level for 4.2 is 0 (and not 1), we can filter for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes to generate the list. https://fedorahosted.org/freeipa/ticket/5199 --- install/tools/ipa-adtrust-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 5340c31d16ed78da0cb39725d9ae93c76470b698..21e58dd9f25e82429ce8d0c776d1b512c2661809 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -396,7 +396,7 @@ def main(): # Search only masters which have support for domain levels # because only these masters will have SSSD recent enough to support AD trust agents (entries_m, truncated) = smb.admin_conn.find_entries( - filter=((objectclass=ipaSupportedDomainLevelConfig)(!(ipaMaxDomainLevel=0))), + filter=((objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*)), base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL) except errors.NotFound: pass ACK. I tested a manual version of this patch in the morning. * master: 1fc21e980bb901bf71f7ee024cdbb15c1caec3a7 * ipa-4-2: ef192fb17be348c526029e8fa5165b9108e1f6da -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0359] adtrust-install: Correctly determine 4.2 FreeIPA servers
On 11.8.2015 16:58, Alexander Bokovoy wrote: On Tue, 11 Aug 2015, Tomas Babej wrote: Hi, We need to detect a list of FreeIPA 4.2 (and above) servers, since only there is the required version of SSSD present. Since the maximum domain level for 4.2 is 0 (and not 1), we can filter for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes to generate the list. https://fedorahosted.org/freeipa/ticket/5199 From 31bf121e4603bc1287eac88653ff48198c2f69c3 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 11 Aug 2015 16:05:32 +0200 Subject: [PATCH] adtrust-install: Correctly determine 4.2 FreeIPA servers We need to detect a list of FreeIPA 4.2 (and above) servers, since only there is the required version of SSSD present. Since the maximum domain level for 4.2 is 0 (and not 1), we can filter for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes to generate the list. https://fedorahosted.org/freeipa/ticket/5199 --- install/tools/ipa-adtrust-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 5340c31d16ed78da0cb39725d9ae93c76470b698..21e58dd9f25e82429ce8d0c776d1b512c2661809 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -396,7 +396,7 @@ def main(): # Search only masters which have support for domain levels # because only these masters will have SSSD recent enough to support AD trust agents (entries_m, truncated) = smb.admin_conn.find_entries( - filter=((objectclass=ipaSupportedDomainLevelConfig)(!(ipaMaxDomainLevel=0))), + filter=((objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*)), base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL) except errors.NotFound: pass ACK. I tested a manual version of this patch in the morning. Pushed to: master: 1fc21e980bb901bf71f7ee024cdbb15c1caec3a7 ipa-4-2: ef192fb17be348c526029e8fa5165b9108e1f6da -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0359] adtrust-install: Correctly determine 4.2 FreeIPA servers
On Tue, 11 Aug 2015, Tomas Babej wrote: Hi, We need to detect a list of FreeIPA 4.2 (and above) servers, since only there is the required version of SSSD present. Since the maximum domain level for 4.2 is 0 (and not 1), we can filter for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes to generate the list. https://fedorahosted.org/freeipa/ticket/5199 From 31bf121e4603bc1287eac88653ff48198c2f69c3 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 11 Aug 2015 16:05:32 +0200 Subject: [PATCH] adtrust-install: Correctly determine 4.2 FreeIPA servers We need to detect a list of FreeIPA 4.2 (and above) servers, since only there is the required version of SSSD present. Since the maximum domain level for 4.2 is 0 (and not 1), we can filter for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes to generate the list. https://fedorahosted.org/freeipa/ticket/5199 --- install/tools/ipa-adtrust-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 5340c31d16ed78da0cb39725d9ae93c76470b698..21e58dd9f25e82429ce8d0c776d1b512c2661809 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -396,7 +396,7 @@ def main(): # Search only masters which have support for domain levels # because only these masters will have SSSD recent enough to support AD trust agents (entries_m, truncated) = smb.admin_conn.find_entries( - filter=((objectclass=ipaSupportedDomainLevelConfig)(!(ipaMaxDomainLevel=0))), + filter=((objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*)), base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL) except errors.NotFound: pass ACK. I tested a manual version of this patch in the morning. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code