diff options
| author | Tomas Babej <tbabej@redhat.com> | 2015-08-11 16:05:32 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-11 16:59:22 +0200 |
| commit | 1fc21e980bb901bf71f7ee024cdbb15c1caec3a7 (patch) | |
| tree | bd29c90d02276ecac8f7cb18b26ff1b926d2ee4d /install/tools/ipa-adtrust-install | |
| parent | e92f25bd50b60ce3c5d2c09bea700001050651a3 (diff) | |
| download | freeipa-1fc21e980bb901bf71f7ee024cdbb15c1caec3a7.tar.gz freeipa-1fc21e980bb901bf71f7ee024cdbb15c1caec3a7.tar.xz freeipa-1fc21e980bb901bf71f7ee024cdbb15c1caec3a7.zip | |
adtrust-install: Correctly determine 4.2 FreeIPA servers
We need to detect a list of FreeIPA 4.2 (and above) servers, since
only there is the required version of SSSD present.
Since the maximum domain level for 4.2 is 0 (and not 1), we can filter
for any value of ipaMaxDomainLevel / ipaMinDomainLevel attributes
to generate the list.
https://fedorahosted.org/freeipa/ticket/5199
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'install/tools/ipa-adtrust-install')
| -rwxr-xr-x | install/tools/ipa-adtrust-install | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 5340c31d1..21e58dd9f 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -396,7 +396,7 @@ def main(): # Search only masters which have support for domain levels # because only these masters will have SSSD recent enough to support AD trust agents (entries_m, truncated) = smb.admin_conn.find_entries( - filter="(&(objectclass=ipaSupportedDomainLevelConfig)(!(ipaMaxDomainLevel=0)))", + filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))", base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL) except errors.NotFound: pass |