From 027f61099c63c91aaac95a6c2b9d9a75e7b1f83e Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 19 Aug 2014 16:23:58 +0300
Subject: [PATCH] ipaserver/dcerpc.py: be more open to what domains can be seen
 through the forest trust

https://fedorahosted.org/freeipa/ticket/4463

Reviewed-By: Sumit Bose <sbose@redhat.com>
---
 ipaserver/dcerpc.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 78bfc5dbefc778519c5db0ac12d6551710257ba9..fcf1e4e775868f17220cac3c0203cc67dba2f839 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -1031,7 +1031,7 @@ def fetch_domains(api, mydomain, trustdomain, creds=None):
 
     result = []
     for t in domains.array:
-        if ((t.trust_attributes & trust_attributes['NETR_TRUST_ATTRIBUTE_WITHIN_FOREST']) and
+        if (not (t.trust_flags & trust_flags['NETR_TRUST_FLAG_PRIMARY']) and
             (t.trust_flags & trust_flags['NETR_TRUST_FLAG_IN_FOREST'])):
             res = dict()
             res['cn'] = unicode(t.dns_name)
-- 
1.9.3