diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2014-03-12 19:01:00 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-03-12 18:16:52 +0100 |
| commit | 34d644ebdf9f887441ef82d71b4f101206d897a8 (patch) | |
| tree | b517dad4765f3ddb49a0d767c579898c495bb745 /ipalib/plugins/trust.py | |
| parent | 6195870e828cfa726b1cf7d868e5849ac2943bc7 (diff) | |
| download | freeipa-34d644ebdf9f887441ef82d71b4f101206d897a8.tar.gz freeipa-34d644ebdf9f887441ef82d71b4f101206d897a8.tar.xz freeipa-34d644ebdf9f887441ef82d71b4f101206d897a8.zip | |
trust: do not fetch subdomains in case shared secret was used to set up the trust
Until incoming trust is validated from AD side, we cannot run any operations
against AD using the trust. Also, Samba currently does not suport verifying
trust against the other party (returns WERR_NOT_SUPPORTED).
This needs to be added to the documentation:
When using 'ipa trust-add ad.domain --trust-secret', one has to manually
validate incoming trust using forest trust properties in AD Domains and
Trusts tool.
Once incoming trust is validated at AD side, use IPA command
'ipa trust-fetch-domains ad.domain' to retrieve topology of the AD forest.
From this point on the trust should be usable.
https://fedorahosted.org/freeipa/ticket/4246
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib/plugins/trust.py')
| -rw-r--r-- | ipalib/plugins/trust.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index fe395688b..f57cf7d89 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -462,7 +462,8 @@ sides. # for AD trusts, regardless of the type of idranges associated with it # Note that fetch_domains_from_trust will add needed ranges for # the algorithmic ID mapping case. - if options.get('trust_type') == u'ad': + if (options.get('trust_type') == u'ad' and + options.get('trust_secret') is None): domains = fetch_domains_from_trust(self, self.trustinstance, result['result'], **options) |