diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-06-20 16:08:33 +0300 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-06-28 16:53:33 +0200 |
commit | a6ff85f425d5c38dd89fcd8999e0d62eadb969a1 (patch) | |
tree | 04ae9b01be916209b2156e915da7ebddff065fc0 /ipalib/plugins/trust.py | |
parent | 52f69aaa8ab4d633bbeb96799bf96e8a715d0ae0 (diff) | |
download | freeipa-a6ff85f425d5c38dd89fcd8999e0d62eadb969a1.tar.gz freeipa-a6ff85f425d5c38dd89fcd8999e0d62eadb969a1.tar.xz freeipa-a6ff85f425d5c38dd89fcd8999e0d62eadb969a1.zip |
Add support for external group members
When using ipaExternalGroup/ipaExternalMember attributes it is
possible to add group members which don't exist in IPA database.
This is primarily is required for AD trusts support and therefore
validation is accepting only secure identifier (SID) format.
https://fedorahosted.org/freeipa/ticket/2664
Diffstat (limited to 'ipalib/plugins/trust.py')
-rw-r--r-- | ipalib/plugins/trust.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index 71ca23aba..40bd93e65 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -171,6 +171,10 @@ class trust_add(LDAPCreate): realm_server = options['realm_server'] trustinstance = ipaserver.dcerpc.TrustDomainJoins(self.api) + if not trustinstance.configured: + raise errors.NotFound(name=_('AD Trust setup'), + reason=_('''Cannot perform join operation without own domain configured. + Make sure you have run ipa-adtrust-install on the IPA server first''')) # 1. Full access to the remote domain. Use admin credentials and # generate random trustdom password to do work on both sides |