diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2015-07-06 14:46:24 +0000 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2015-07-07 11:09:03 +0300 |
commit | 52e2ec266a293891819682487e37644ffcf11e4a (patch) | |
tree | 8e48f121448c8d21a543c34d8d52dcee9f73035e /install/oddjob/com.redhat.idm.trust-fetch-domains | |
parent | a985b1792325e24584b2a0af27d88a494ef9c513 (diff) | |
download | freeipa-oneway-trust.tar.gz freeipa-oneway-trust.tar.xz freeipa-oneway-trust.zip |
trust: support retrieving POSIX IDs with one-way trust during trust-addoneway-trust
With one-way trust we cannot rely on cross-realm TGT as there will be none.
Thus, if we have AD administrator credentials we should reuse them.
Additionally, such use should be done over Kerberos.
Fixes:
https://fedorahosted.org/freeipa/ticket/4960
https://fedorahosted.org/freeipa/ticket/4959
Diffstat (limited to 'install/oddjob/com.redhat.idm.trust-fetch-domains')
-rwxr-xr-x | install/oddjob/com.redhat.idm.trust-fetch-domains | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/install/oddjob/com.redhat.idm.trust-fetch-domains b/install/oddjob/com.redhat.idm.trust-fetch-domains index 2571dd09a..85e3cc993 100755 --- a/install/oddjob/com.redhat.idm.trust-fetch-domains +++ b/install/oddjob/com.redhat.idm.trust-fetch-domains @@ -186,7 +186,9 @@ if domains: if idrange_type != u'ipa-ad-trust-posix': range_name = name.upper() + '_id_range' dom['range_type'] = u'ipa-ad-trust' - trust.add_range(range_name, dom['ipanttrusteddomainsid'], + # Do not pass ipaserver.dcerpc.TrustInstance to trust.add_range + # to force it using existing credentials cache + trust.add_range(None, range_name, dom['ipanttrusteddomainsid'], trusted_domain, name, **dom) except errors.DuplicateEntry: # Ignore updating duplicate entries |