Re: [Freeipa-devel] [PATCH 0440] Fix broken trust warnings
On 16.03.2016 13:32, Martin Basti wrote: On 16.03.2016 13:32, Alexander Bokovoy wrote: On Wed, 16 Mar 2016, Martin Basti wrote: On 15.03.2016 16:40, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5737 Patch attached. Sekf NACK, fix should be just oneliner, I found out that domain are stored hierarchically so extra finding of parents zone is needed. you meant 'not needed', I'd guess. Yes, I meant that, sorry :) Updated patch attached. From 74c55e5048af4b582469b1668a9dd592f868cf4b Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Wed, 16 Mar 2016 13:41:51 +0100 Subject: [PATCH] Fix broken trust warnings Warning should be shown only for parent entries of trust domain. Sub domains do not contain SIDs at all. https://fedorahosted.org/freeipa/ticket/5737 --- ipalib/plugins/trust.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index ba0c98e2f3711924dace395b7becf2977ca8e35c..7d815fd6118586a4a75a1eeff7457103fe4c331c 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -597,7 +597,9 @@ class trust(LDAPObject): try: entries, truncated = ldap.find_entries( -base_dn=DN(self.container_dn, self.api.env.basedn), +base_dn=DN(self.api.env.container_adtrusts, + self.api.env.basedn), +scope=ldap.SCOPE_ONELEVEL, attrs_list=['cn'], filter='(&(ipaNTTrustPartner=*)' '(!(ipaNTSecurityIdentifier=*)))', -- 2.5.0 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0440] Fix broken trust warnings
On 16.03.2016 13:32, Alexander Bokovoy wrote: On Wed, 16 Mar 2016, Martin Basti wrote: On 15.03.2016 16:40, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5737 Patch attached. Sekf NACK, fix should be just oneliner, I found out that domain are stored hierarchically so extra finding of parents zone is needed. you meant 'not needed', I'd guess. Yes, I meant that, sorry :) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0440] Fix broken trust warnings
On Wed, 16 Mar 2016, Martin Basti wrote: On 16.03.2016 13:32, Martin Basti wrote: On 16.03.2016 13:32, Alexander Bokovoy wrote: On Wed, 16 Mar 2016, Martin Basti wrote: On 15.03.2016 16:40, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5737 Patch attached. Sekf NACK, fix should be just oneliner, I found out that domain are stored hierarchically so extra finding of parents zone is needed. you meant 'not needed', I'd guess. Yes, I meant that, sorry :) Updated patch attached. From 74c55e5048af4b582469b1668a9dd592f868cf4b Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Wed, 16 Mar 2016 13:41:51 +0100 Subject: [PATCH] Fix broken trust warnings Warning should be shown only for parent entries of trust domain. Sub domains do not contain SIDs at all. https://fedorahosted.org/freeipa/ticket/5737 --- ipalib/plugins/trust.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index ba0c98e2f3711924dace395b7becf2977ca8e35c..7d815fd6118586a4a75a1eeff7457103fe4c331c 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -597,7 +597,9 @@ class trust(LDAPObject): try: entries, truncated = ldap.find_entries( -base_dn=DN(self.container_dn, self.api.env.basedn), +base_dn=DN(self.api.env.container_adtrusts, + self.api.env.basedn), +scope=ldap.SCOPE_ONELEVEL, attrs_list=['cn'], filter='(&(ipaNTTrustPartner=*)' '(!(ipaNTSecurityIdentifier=*)))', ACK if you change the commit message to say that subdomains do not contain ipaNTSecurityIdentifier attribute. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0440] Fix broken trust warnings
On Wed, 16 Mar 2016, Martin Basti wrote: On 15.03.2016 16:40, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5737 Patch attached. Sekf NACK, fix should be just oneliner, I found out that domain are stored hierarchically so extra finding of parents zone is needed. you meant 'not needed', I'd guess. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0440] Fix broken trust warnings
On 15.03.2016 16:40, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5737 Patch attached. Sekf NACK, fix should be just oneliner, I found out that domain are stored hierarchically so extra finding of parents zone is needed. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code