590d18
From 6cc7d00a8d6966b4be24fa9b3df12dcba094b6ef Mon Sep 17 00:00:00 2001
590d18
From: Tomas Babej <tbabej@redhat.com>
590d18
Date: Tue, 11 Aug 2015 16:05:32 +0200
590d18
Subject: [PATCH] adtrust-install: Correctly determine 4.2 FreeIPA servers
590d18
590d18
We need to detect a list of FreeIPA 4.2 (and above) servers, since
590d18
only there is the required version of SSSD present.
590d18
590d18
Since the maximum domain level for 4.2 is 0 (and not 1), we can filter
590d18
for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes
590d18
to generate the list.
590d18
590d18
https://fedorahosted.org/freeipa/ticket/5199
590d18
590d18
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
590d18
---
590d18
 install/tools/ipa-adtrust-install | 2 +-
590d18
 1 file changed, 1 insertion(+), 1 deletion(-)
590d18
590d18
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
590d18
index 5340c31d16ed78da0cb39725d9ae93c76470b698..21e58dd9f25e82429ce8d0c776d1b512c2661809 100755
590d18
--- a/install/tools/ipa-adtrust-install
590d18
+++ b/install/tools/ipa-adtrust-install
590d18
@@ -396,7 +396,7 @@ def main():
590d18
             # Search only masters which have support for domain levels
590d18
             # because only these masters will have SSSD recent enough to support AD trust agents
590d18
             (entries_m, truncated) = smb.admin_conn.find_entries(
590d18
-                filter="(&(objectclass=ipaSupportedDomainLevelConfig)(!(ipaMaxDomainLevel=0)))",
590d18
+                filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))",
590d18
                 base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL)
590d18
         except errors.NotFound:
590d18
             pass
590d18
-- 
590d18
2.4.3
590d18