1 files changed, 46 insertions, 5 deletions

diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 965ff76bb..87a1adbdb 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -20,9 +20,13 @@
 
 from ipalib.plugins.baseldap import *
 from ipalib.plugins.dns import dns_container_exists
+from ipapython.ipautil import realm_to_suffix
 from ipalib import api, Str, StrEnum, Password, _, ngettext
 from ipalib import Command
 from ipalib import errors
+from ldap import SCOPE_SUBTREE
+from time import sleep
+
 try:
     import pysss_murmur #pylint: disable=F0401
     _murmur_installed = True
@@ -313,7 +317,7 @@ sides.
         result = self.execute_ad(full_join, *keys, **options)
 
         if not old_range:
-            self.add_range(range_name, dom_sid, **options)
+            self.add_range(range_name, dom_sid, *keys, **options)
 
         trust_filter = "cn=%s" % result['value']
         ldap = self.obj.backend
@@ -418,9 +422,7 @@ sides.
                         'Only the ipa-ad-trust and ipa-ad-trust-posix are '
                         'allowed values for --range-type when adding an AD '
                         'trust.'
-                    )
-
-)
+                    ))
 
         base_id = options.get('base_id')
         range_size = options.get('range_size') != DEFAULT_RANGE_SIZE
@@ -468,7 +470,10 @@ sides.
 
         return old_range, range_name, dom_sid
 
-    def add_range(self, range_name, dom_sid, **options):
+    def add_range(self, range_name, dom_sid, *keys, **options):
+        # Sleep for 10 seconds, to make sure KDC contains refreshed data
+        sleep(10)
+
         base_id = options.get('base_id')
         if not base_id:
             base_id = DEFAULT_RANGE_SIZE + (
@@ -478,6 +483,42 @@ sides.
                 ) % 10000
             ) * DEFAULT_RANGE_SIZE
 
+        # Get information about ID space from AD
+        domain = keys[-1]
+
+        # Get the base dn
+        basedn = realm_to_suffix(domain)
+
+        # Search for information contained in
+        # CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System
+        info_filter = '(objectClass=msSFU30DomainInfo)'
+        info_dn = DN('CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System')\
+                  + basedn
+
+        # Get the domain validator
+        domain_validator = ipaserver.dcerpc.DomainValidator(self.api)
+        if not domain_validator.is_configured():
+            raise errors.NotFound(
+                reason=_('Cannot search in trusted domains without own domain '
+                         'configured. Make sure you have run ipa-adtrust-'
+                         'install on the IPA server first'))
+
+        for retry in range(10):
+            # Get the info from AD
+            info = domain_validator.search_in_gc(domain,
+                                                 info_filter,
+                                                 None,
+                                                 SCOPE_SUBTREE,
+                                                 basedn=info_dn,
+                                                 use_http=True)
+
+            if info is not None:
+                break
+            else:
+                sleep(2)
+
+        self.log.info('result: %s' % info)
+
         # Add new ID range
         api.Command['idrange_add'](range_name,
                                    ipabaseid=base_id,