diff options
| author | Tomas Babej <tbabej@redhat.com> | 2015-08-11 16:05:32 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-11 16:59:22 +0200 |
| commit | ef192fb17be348c526029e8fa5165b9108e1f6da (patch) | |
| tree | ff6bd516f076fa4742c53ff59ad5829fd9ea0eb7 /install | |
| parent | 190c7c08c87f6c57edde3cde4eaa1edeb9b7c8c4 (diff) | |
| download | freeipa-ef192fb17be348c526029e8fa5165b9108e1f6da.tar.gz freeipa-ef192fb17be348c526029e8fa5165b9108e1f6da.tar.xz freeipa-ef192fb17be348c526029e8fa5165b9108e1f6da.zip | |
adtrust-install: Correctly determine 4.2 FreeIPA servers
We need to detect a list of FreeIPA 4.2 (and above) servers, since
only there is the required version of SSSD present.
Since the maximum domain level for 4.2 is 0 (and not 1), we can filter
for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes
to generate the list.
https://fedorahosted.org/freeipa/ticket/5199
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'install')
| -rwxr-xr-x | install/tools/ipa-adtrust-install | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 5340c31d1..21e58dd9f 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -396,7 +396,7 @@ def main(): # Search only masters which have support for domain levels # because only these masters will have SSSD recent enough to support AD trust agents (entries_m, truncated) = smb.admin_conn.find_entries( - filter="(&(objectclass=ipaSupportedDomainLevelConfig)(!(ipaMaxDomainLevel=0)))", + filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))", base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL) except errors.NotFound: pass |