diff options
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/trust.py | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index ffff1e2f..b4a3d769 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -178,7 +178,19 @@ def make_trust_dn(env, trust_type, dn): return dn class trust_add(LDAPCreate): - __doc__ = _('Add new trust to use') + __doc__ = _(''' +Add new trust to use. + +This command establishes trust relationship to another domain +which becomes 'trusted'. As result, users of the trusted domain +may access resources of this domain. + +Only trusts to Active Directory domains are supported right now. + +The command can be safely run multiple times against the same domain, +this will cause change to trust relationship credentials on both +sides. + ''') takes_options = LDAPCreate.takes_options + ( StrEnum('trust_type', @@ -308,6 +320,11 @@ class trust_add(LDAPCreate): reason=_('''Cannot perform join operation without own domain configured. Make sure you have run ipa-adtrust-install on the IPA server first''')) + try: + existing_trust = api.Command['trust_show'](keys[-1]) + summary = _('Re-established trust to domain "%(value)s"') + except errors.NotFound: + summary = self.msg_summary # 1. Full access to the remote domain. Use admin credentials and # generate random trustdom password to do work on both sides if 'realm_admin' in options: @@ -360,14 +377,19 @@ class trust_add(LDAPCreate): raise errors.ValidationError(name=_('AD Trust setup'), error=_('Unable to verify write permissions to the AD')) - return dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified']) + ret = dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified']) + ret['summary'] = summary % ret + return ret + # 2. We don't have access to the remote domain and trustdom password # is provided. Do the work on our side and inform what to do on remote # side. if 'trust_secret' in options: result = trustinstance.join_ad_ipa_half(keys[-1], realm_server, options['trust_secret']) - return dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified']) + ret = dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified']) + ret['summary'] = summary % ret + return ret raise errors.ValidationError(name=_('AD Trust setup'), error=_('Not enough arguments specified to perform trust setup')) |