From 6cc7d00a8d6966b4be24fa9b3df12dcba094b6ef Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Tue, 11 Aug 2015 16:05:32 +0200
Subject: [PATCH] adtrust-install: Correctly determine 4.2 FreeIPA servers

We need to detect a list of FreeIPA 4.2 (and above) servers, since
only there is the required version of SSSD present.

Since the maximum domain level for 4.2 is 0 (and not 1), we can filter
for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes
to generate the list.

https://fedorahosted.org/freeipa/ticket/5199

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 install/tools/ipa-adtrust-install | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 5340c31d16ed78da0cb39725d9ae93c76470b698..21e58dd9f25e82429ce8d0c776d1b512c2661809 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -396,7 +396,7 @@ def main():
             # Search only masters which have support for domain levels
             # because only these masters will have SSSD recent enough to support AD trust agents
             (entries_m, truncated) = smb.admin_conn.find_entries(
-                filter="(&(objectclass=ipaSupportedDomainLevelConfig)(!(ipaMaxDomainLevel=0)))",
+                filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))",
                 base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL)
         except errors.NotFound:
             pass
-- 
2.4.3