diff options
author | Tomas Babej <tbabej@redhat.com> | 2014-03-05 12:28:18 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-04-08 14:23:18 +0200 |
commit | 218a2617427a63c7e3d79427923e7986411af786 (patch) | |
tree | 7ce9e06a31469a535b632a6e7c281170524d0952 /ipalib | |
parent | 8d2b3fe7a727b0b618d78b9e4be29ebf4d2586a7 (diff) | |
download | freeipa-218a2617427a63c7e3d79427923e7986411af786.tar.gz freeipa-218a2617427a63c7e3d79427923e7986411af786.tar.xz freeipa-218a2617427a63c7e3d79427923e7986411af786.zip |
Extend ipa-range-check DS plugin to handle range types
The ipa-range-check plugin used to determine the range type depending
on the value of the attributes such as RID or secondary RID base. This
approached caused variety of issues since the portfolio of ID range
types expanded.
The patch makes sure the following rules are implemented:
* No ID range pair can overlap on base ranges, with exception
of two ipa-ad-trust-posix ranges belonging to the same forest
* For any ID range pair of ranges belonging to the same domain:
* Both ID ranges must be of the same type
* For ranges of ipa-ad-trust type or ipa-local type:
* Primary RID ranges can not overlap
* For ranges of ipa-local type:
* Primary and secondary RID ranges can not overlap
* Secondary RID ranges cannot overlap
For the implementation part, the plugin was extended with a domain ID
to forest root domain ID mapping derivation capabilities.
https://fedorahosted.org/freeipa/ticket/4137
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipalib')
0 files changed, 0 insertions, 0 deletions