summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2013-09-27 12:39:57 +0200
committerMartin Kosek <mkosek@redhat.com>2013-10-04 10:25:31 +0200
commitf734988e24012bccdc5f982d56795213f9733f84 (patch)
treeab699fa22a98390766a6345b19da6a85f915aebd /ipalib/plugins
parenta87813bf420c19a99b1a19711e63d231cd4afd86 (diff)
downloadfreeipa-f734988e24012bccdc5f982d56795213f9733f84.tar.gz
freeipa-f734988e24012bccdc5f982d56795213f9733f84.tar.xz
freeipa-f734988e24012bccdc5f982d56795213f9733f84.zip
trust: integrate subdomains support into trust-add
Diffstat (limited to 'ipalib/plugins')
-rw-r--r--ipalib/plugins/trust.py23
1 files changed, 20 insertions, 3 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 9ba1f562b..f5cb1e756 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -345,7 +345,20 @@ sides.
base_dn = DN(api.env.container_trusts, api.env.basedn),
filter = trust_filter)
+
result['result'] = entry_to_dict(trusts[0][1], **options)
+ if options.get('trust_type') == u'ad':
+ domains = fetch_domains_from_trust(self, self.trustinstance, result['result'], **options)
+ if domains and len(domains) > 0:
+ for dom in domains:
+ range_name = dom['cn'][0].upper() + '_id_range'
+ range_type=options.get('range_type', u'ipa-ad-trust')
+ dom_sid = dom['ipanttrusteddomainsid'][0]
+ try:
+ self.add_range(range_name, dom_sid, range_type=range_type)
+ except errors.DuplicateEntry:
+ pass
+
result['result']['trusttype'] = [trust_type_string(result['result']['ipanttrusttype'][0])]
result['result']['trustdirection'] = [trust_direction_string(result['result']['ipanttrustdirection'][0])]
result['result']['truststatus'] = [trust_status_string(result['verified'])]
@@ -446,7 +459,7 @@ sides.
except errors.NotFound:
old_range = None
- if options.get('type') == u'ad':
+ if options.get('trust_type') == u'ad':
if range_type and range_type not in (u'ipa-ad-trust',
u'ipa-ad-trust-posix'):
raise errors.ValidationError(
@@ -1179,9 +1192,13 @@ class trustdomain_del(LDAPDelete):
api.register(trustdomain_del)
-def fetch_domains_from_trust(self, trustinstance, trust_entry):
+def fetch_domains_from_trust(self, trustinstance, trust_entry, **options):
trust_name = trust_entry['cn'][0]
- domains = ipaserver.dcerpc.fetch_domains(self.api, trustinstance.local_flatname, trust_name)
+ creds = None
+ password = options.get('realm_password', None)
+ if password:
+ creds = u"%s%%%s" % (options.get('realm_admin'), password)
+ domains = ipaserver.dcerpc.fetch_domains(self.api, trustinstance.local_flatname, trust_name, creds=creds)
result = []
if not domains:
return None