From 04a17f00b7a991297cc4f7441512a4f5ca436271 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Wed, 6 Mar 2013 12:17:28 +0100
Subject: Enforce exact SID match when adding or modifying a ID range

SID validation in idrange.py now enforces exact match on SIDs, thus
one can no longer use SID of an object in a trusted domain as a
trusted domain SID.

https://fedorahosted.org/freeipa/ticket/3432
---
 ipalib/plugins/idrange.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ipalib/plugins/idrange.py')

diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index d8989327a..54f6fbb3e 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -289,7 +289,7 @@ class idrange(LDAPObject):
 
         domain_validator = self.get_domain_validator()
 
-        if not domain_validator.is_trusted_sid_valid(sid):
+        if not domain_validator.is_trusted_domain_sid_valid(sid):
             raise errors.ValidationError(name='domain SID',
                   error=_('SID is not recognized as a valid SID for a '
                           'trusted domain'))
-- 
cgit