diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-10-10 10:03:40 +0300 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-10-17 12:08:15 +0200 |
| commit | 21d893ddde06fb247093eccb409da546e0cf84d4 (patch) | |
| tree | 066d479216f0dc37618031b7b6b4fe5fa61ceea1 | |
| parent | 8222799b9137d8ec1cd6d7e6a7a036b77d4a59c8 (diff) | |
| download | freeipa-21d893ddde06fb247093eccb409da546e0cf84d4.tar.gz freeipa-21d893ddde06fb247093eccb409da546e0cf84d4.tar.xz freeipa-21d893ddde06fb247093eccb409da546e0cf84d4.zip | |
Warn about DNA plugin configuration when working with local ID ranges
https://fedorahosted.org/freeipa/ticket/3116
| -rw-r--r-- | ipalib/plugins/idrange.py | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index 8f2d4efdc..754708117 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -111,7 +111,6 @@ Typically the creation of ID ranges happens behind the scenes and this CLI must not be used at all. The ID range for the local domain will be created during installation or upgrade from an older version. The ID range for a trusted domain will be created together with the trust by 'ipa trust-add ...'. -The use cases for this CLI are USE CASES: @@ -141,6 +140,17 @@ the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user from this domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of the user. RIDs are unique in a domain, 32bit values and are used for users and groups. + +WARNING: + +DNA plugin in 389-ds will allocate IDs based on the ranges configured for the +local domain. Currently the DNA plugin *cannot* be reconfigured itself based +on the local ranges set via this family of commands. + +Manual configuration change has to be done in the DNA plugin configuration for +the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix +IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be +modified to match the new range. """) class idrange(LDAPObject): @@ -287,6 +297,17 @@ class idrange_add(LDAPCreate): --dom-sid must be given to add a new range for a trusted AD domain. + + WARNING: + + DNA plugin in 389-ds will allocate IDs based on the ranges configured for the + local domain. Currently the DNA plugin *cannot* be reconfigured itself based + on the local ranges set via this family of commands. + + Manual configuration change has to be done in the DNA plugin configuration for + the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix + IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be + modified to match the new range. """) msg_summary = _('Added ID range "%(value)s"') |