|
 |
9991ea |
From bbba8c95ed2f5e551b4e468b394f5e0839be9f6f Mon Sep 17 00:00:00 2001
|
|
|
9991ea |
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
9991ea |
Date: Thu, 27 Feb 2014 13:43:17 +0200
|
|
|
9991ea |
Subject: [PATCH 52/53] trust: make sure we always discover topology of the
|
|
|
9991ea |
forest trust
|
|
|
9991ea |
|
|
|
9991ea |
Even though we are creating idranges for subdomains only in case
|
|
|
9991ea |
there is algorithmic ID mapping in use, we still need to fetch
|
|
|
9991ea |
list of subdomains for all other cases.
|
|
|
9991ea |
|
|
|
9991ea |
https://fedorahosted.org/freeipa/ticket/4205
|
|
|
9991ea |
---
|
|
|
9991ea |
ipalib/plugins/trust.py | 37 ++++++-------------------------------
|
|
|
9991ea |
1 file changed, 6 insertions(+), 31 deletions(-)
|
|
|
9991ea |
|
|
|
9991ea |
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
|
|
|
9991ea |
index bd71253607d6009414ff8a24b042175f0cb08d66..f2b00a6f58f5890e37aaa033a35dcf9bc39ccbc4 100644
|
|
|
9991ea |
--- a/ipalib/plugins/trust.py
|
|
|
9991ea |
+++ b/ipalib/plugins/trust.py
|
|
|
9991ea |
@@ -458,38 +458,13 @@ def execute(self, *keys, **options):
|
|
|
9991ea |
|
|
|
9991ea |
result['result'] = entry_to_dict(trusts[0][1], **options)
|
|
|
9991ea |
|
|
|
9991ea |
- # For AD trusts with algorithmic mapping, we need to add a separate
|
|
|
9991ea |
- # range for each subdomain.
|
|
|
9991ea |
- if (options.get('trust_type') == u'ad' and
|
|
|
9991ea |
- created_range_type != u'ipa-ad-trust-posix'):
|
|
|
9991ea |
-
|
|
|
9991ea |
+ # Fetch topology of the trust forest -- we need always to do it
|
|
|
9991ea |
+ # for AD trusts, regardless of the type of idranges associated with it
|
|
|
9991ea |
+ # Note that fetch_domains_from_trust will add needed ranges for
|
|
|
9991ea |
+ # the algorithmic ID mapping case.
|
|
|
9991ea |
+ if options.get('trust_type') == u'ad':
|
|
|
9991ea |
domains = fetch_domains_from_trust(self, self.trustinstance,
|
|
|
9991ea |
result['result'], **options)
|
|
|
9991ea |
- if domains and len(domains) > 0:
|
|
|
9991ea |
- for dom in domains:
|
|
|
9991ea |
- range_name = dom['cn'][0].upper() + '_id_range'
|
|
|
9991ea |
- dom_sid = dom['ipanttrusteddomainsid'][0]
|
|
|
9991ea |
-
|
|
|
9991ea |
- # Enforce the same range type as the range for the root
|
|
|
9991ea |
- # level domain.
|
|
|
9991ea |
-
|
|
|
9991ea |
- # This will skip the detection of the POSIX attributes if
|
|
|
9991ea |
- # they are not available, since it has been already
|
|
|
9991ea |
- # detected when creating the range for the root level domain
|
|
|
9991ea |
- passed_options = options
|
|
|
9991ea |
- passed_options.update(range_type=created_range_type)
|
|
|
9991ea |
-
|
|
|
9991ea |
- # Do not pass the base id to the subdomains since it would
|
|
|
9991ea |
- # clash with the root level domain
|
|
|
9991ea |
- if 'base_id' in passed_options:
|
|
|
9991ea |
- del passed_options['base_id']
|
|
|
9991ea |
-
|
|
|
9991ea |
- # Try to add the range for each subdomain
|
|
|
9991ea |
- try:
|
|
|
9991ea |
- add_range(self, range_name, dom_sid, *keys,
|
|
|
9991ea |
- **passed_options)
|
|
|
9991ea |
- except errors.DuplicateEntry:
|
|
|
9991ea |
- pass
|
|
|
9991ea |
|
|
|
9991ea |
# Format the output into human-readable values
|
|
|
9991ea |
result['result']['trusttype'] = [trust_type_string(
|
|
|
9991ea |
@@ -1270,7 +1245,7 @@ def fetch_domains_from_trust(self, trustinstance, trust_entry, **options):
|
|
|
9991ea |
# trust range must exist by the time fetch_domains_from_trust is called
|
|
|
9991ea |
range_name = trust_name.upper() + '_id_range'
|
|
|
9991ea |
old_range = api.Command.idrange_show(range_name, raw=True)['result']
|
|
|
9991ea |
- idrange_type = old_range['iparangetype']
|
|
|
9991ea |
+ idrange_type = old_range['iparangetype'][0]
|
|
|
9991ea |
|
|
|
9991ea |
for dom in domains:
|
|
|
9991ea |
dom['trust_type'] = u'ad'
|
|
|
9991ea |
--
|
|
|
9991ea |
1.8.5.3
|
|
|
9991ea |
|