diff options
Diffstat (limited to 'ipalib/plugins/trust.py')
-rw-r--r-- | ipalib/plugins/trust.py | 37 |
1 files changed, 6 insertions, 31 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index 832230a11..fe395688b 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -458,38 +458,13 @@ sides. result['result'] = entry_to_dict(trusts[0], **options) - # For AD trusts with algorithmic mapping, we need to add a separate - # range for each subdomain. - if (options.get('trust_type') == u'ad' and - created_range_type != u'ipa-ad-trust-posix'): - + # Fetch topology of the trust forest -- we need always to do it + # for AD trusts, regardless of the type of idranges associated with it + # Note that fetch_domains_from_trust will add needed ranges for + # the algorithmic ID mapping case. + if options.get('trust_type') == u'ad': domains = fetch_domains_from_trust(self, self.trustinstance, result['result'], **options) - if domains and len(domains) > 0: - for dom in domains: - range_name = dom['cn'][0].upper() + '_id_range' - dom_sid = dom['ipanttrusteddomainsid'][0] - - # Enforce the same range type as the range for the root - # level domain. - - # This will skip the detection of the POSIX attributes if - # they are not available, since it has been already - # detected when creating the range for the root level domain - passed_options = options - passed_options.update(range_type=created_range_type) - - # Do not pass the base id to the subdomains since it would - # clash with the root level domain - if 'base_id' in passed_options: - del passed_options['base_id'] - - # Try to add the range for each subdomain - try: - add_range(self, range_name, dom_sid, *keys, - **passed_options) - except errors.DuplicateEntry: - pass # Format the output into human-readable values result['result']['trusttype'] = [trust_type_string( @@ -1268,7 +1243,7 @@ def fetch_domains_from_trust(self, trustinstance, trust_entry, **options): # trust range must exist by the time fetch_domains_from_trust is called range_name = trust_name.upper() + '_id_range' old_range = api.Command.idrange_show(range_name, raw=True)['result'] - idrange_type = old_range['iparangetype'] + idrange_type = old_range['iparangetype'][0] for dom in domains: dom['trust_type'] = u'ad' |