1 files changed, 22 insertions, 4 deletions

diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 7c5843c03..71ca23aba 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -18,7 +18,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from ipalib.plugins.baseldap import *
-from ipalib import api, Str, Password, DefaultFrom, _, ngettext, Object
+from ipalib import api, Str, StrEnum, Password, DefaultFrom, _, ngettext, Object
 from ipalib.parameters import Enum
 from ipalib import Command
 from ipalib import errors
@@ -112,10 +112,17 @@ def make_trust_dn(env, trust_type, dn):
         return unicode(DN(DN(dn)[0], container_dn))
     return dn
 
-class trust_add_ad(LDAPCreate):
-    __doc__ = _('Add new trust to use against Active Directory domain.')
+class trust_add(LDAPCreate):
+    __doc__ = _('Add new trust to use')
 
     takes_options = (
+        StrEnum('trust_type',
+            cli_name='type',
+            label=_('Trust type (ad for Active Directory, default)'),
+            values=(u'ad',),
+            default=u'ad',
+            autofill=True,
+        ),
         Str('realm_admin?',
             cli_name='admin',
             label=_("Active Directory domain administrator"),
@@ -140,6 +147,16 @@ class trust_add_ad(LDAPCreate):
     msg_summary = _('Added Active Directory trust for realm "%(value)s"')
 
     def execute(self, *keys, **options):
+        if 'trust_type' in options:
+            if options['trust_type'] == u'ad':
+                result = self.execute_ad(*keys, **options)
+            else:
+                raise errors.ValidationError(name=_('trust type'), error=_('only "ad" is supported'))
+        else:
+            raise errors.RequirementError(name=_('trust type'))
+        return result
+
+    def execute_ad(self, *keys, **options):
         # Join domain using full credentials and with random trustdom
         # secret (will be generated by the join method)
         trustinstance = None
@@ -177,6 +194,7 @@ class trust_add_ad(LDAPCreate):
         if 'trust_secret' in options:
             result = trustinstance.join_ad_ipa_half(keys[-1], realm_server, options['trust_secret'])
             return dict(result=dict(), value=trustinstance.remote_domain.info['dns_domain'])
+        raise errors.ValidationError(name=_('AD Trust setup'), reason=_('Not enough arguments specified to perform trust setup'))
 
 class trust_del(LDAPDelete):
     __doc__ = _('Delete a trust.')
@@ -246,7 +264,7 @@ class trust_show(LDAPRetrieve):
         return dn
 
 api.register(trust)
-api.register(trust_add_ad)
+api.register(trust_add)
 api.register(trust_mod)
 api.register(trust_del)
 api.register(trust_find)