diff options
| author | Martin Basti <mbasti@redhat.com> | 2016-02-22 17:36:01 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-02-23 17:35:20 +0100 |
| commit | 70bd7c880259256840f2d4af181fb3e4ca96fcca (patch) | |
| tree | bee71eba3be73d52ccc81ee3f41a16c9f5bec556 /ipaserver/install/plugins | |
| parent | 9818e463f5d0a91b300801ee7c8f31f25de402b2 (diff) | |
| download | freeipa-70bd7c880259256840f2d4af181fb3e4ca96fcca.tar.gz freeipa-70bd7c880259256840f2d4af181fb3e4ca96fcca.tar.xz freeipa-70bd7c880259256840f2d4af181fb3e4ca96fcca.zip | |
trusts: use ipaNTTrustPartner attribute to detect trust entries
Trust entries were found by presence of ipaNTSecurityIdentifier
attribute. Unfortunately this attribute might not be there due the bug.
As replacement for this, attribute ipaNTTrustPartner can be used.
Note: other non trust entries located in cn=trusts subtree can be
cross-realm principals.
https://fedorahosted.org/freeipa/ticket/5665
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver/install/plugins')
| -rw-r--r-- | ipaserver/install/plugins/adtrust.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py index 5b81b2efd..ce58d7f17 100644 --- a/ipaserver/install/plugins/adtrust.py +++ b/ipaserver/install/plugins/adtrust.py @@ -294,7 +294,7 @@ class update_sids(Updater): attrs_list=["cn"], # more types of trusts can be stored under cn=trusts, we need # the type with ipaNTTrustPartner attribute - filter="(!(%s=*))" % attr_name + filter="(&(ipaNTTrustPartner=*)(!(%s=*)))" % attr_name ) except errors.NotFound: pass |