diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-10-10 15:33:50 +0300 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-11-02 16:38:33 +0100 |
| commit | 881fc3ac604e76f6b516a3b7869c97a97884dc92 (patch) | |
| tree | 21064326135f83e6f9eae5f129dba420002a1cf9 | |
| parent | 56beef9f775a28973106d074b191c48ab99d179d (diff) | |
| download | freeipa.git-881fc3ac604e76f6b516a3b7869c97a97884dc92.tar.gz freeipa.git-881fc3ac604e76f6b516a3b7869c97a97884dc92.tar.xz freeipa.git-881fc3ac604e76f6b516a3b7869c97a97884dc92.zip | |
Clarify trust-add help regarding multiple runs against the same domain
Since trust-add re-establishes the trust every time it is run and all the other
information fetched from the remote domain controller stays the same, it
can be run multiple times. The only change would occur is update of
trust relationship credentials -- they are supposed to be updated
periodically by underlying infrastructure anyway.
| -rw-r--r-- | ipalib/plugins/trust.py | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index ffff1e2f..b4a3d769 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -178,7 +178,19 @@ def make_trust_dn(env, trust_type, dn): return dn class trust_add(LDAPCreate): - __doc__ = _('Add new trust to use') + __doc__ = _(''' +Add new trust to use. + +This command establishes trust relationship to another domain +which becomes 'trusted'. As result, users of the trusted domain +may access resources of this domain. + +Only trusts to Active Directory domains are supported right now. + +The command can be safely run multiple times against the same domain, +this will cause change to trust relationship credentials on both +sides. + ''') takes_options = LDAPCreate.takes_options + ( StrEnum('trust_type', @@ -308,6 +320,11 @@ class trust_add(LDAPCreate): reason=_('''Cannot perform join operation without own domain configured. Make sure you have run ipa-adtrust-install on the IPA server first''')) + try: + existing_trust = api.Command['trust_show'](keys[-1]) + summary = _('Re-established trust to domain "%(value)s"') + except errors.NotFound: + summary = self.msg_summary # 1. Full access to the remote domain. Use admin credentials and # generate random trustdom password to do work on both sides if 'realm_admin' in options: @@ -360,14 +377,19 @@ class trust_add(LDAPCreate): raise errors.ValidationError(name=_('AD Trust setup'), error=_('Unable to verify write permissions to the AD')) - return dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified']) + ret = dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified']) + ret['summary'] = summary % ret + return ret + # 2. We don't have access to the remote domain and trustdom password # is provided. Do the work on our side and inform what to do on remote # side. if 'trust_secret' in options: result = trustinstance.join_ad_ipa_half(keys[-1], realm_server, options['trust_secret']) - return dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified']) + ret = dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified']) + ret['summary'] = summary % ret + return ret raise errors.ValidationError(name=_('AD Trust setup'), error=_('Not enough arguments specified to perform trust setup')) |