From 9f131566a8218a082b59ec980e04f9193e9c85f7 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 16 Mar 2016 13:41:51 +0100 Subject: [PATCH] Fix broken trust warnings Warning should be shown only for parent entries of trust domain. Subdomains do not contain ipaNTSecurityIdentifier attribute at all. https://fedorahosted.org/freeipa/ticket/5737 Reviewed-By: Alexander Bokovoy --- ipalib/plugins/trust.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index d451325e31e4e1d8d7223f009677bbcb002c65cb..4b3cb7aab665e5cd952704a58e4b58ea55ecab0a 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -565,7 +565,9 @@ class trust(LDAPObject): try: entries, truncated = ldap.find_entries( - base_dn=DN(self.container_dn, self.api.env.basedn), + base_dn=DN(self.api.env.container_adtrusts, + self.api.env.basedn), + scope=ldap.SCOPE_ONELEVEL, attrs_list=['cn'], filter='(&(ipaNTTrustPartner=*)' '(!(ipaNTSecurityIdentifier=*)))', -- 2.5.0