#2101 Use idrange of forest root if there is none for a member domain and type is ipa-ad-trust-posix
Closed: Fixed None Opened 9 years ago by sbose.

While discussing FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3910 we agreed that for member domains in a forest where the idrange of the forest root is of type ipa-ad-trust-posix, i.e. IDs are managed by AD, a missing idrange will indicate that the member domain will use the IDs from AD as well with the parameters as the forest root.

Fields changed

owner: somebody => sbose
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.2
rhbz: => 0

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Fields changed

changelog: => See the description -- in IPA-AD trust relationship, if an AD child domain does not have the idrange set explicitly, it will inherit the range of the AD forest root.

Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.2

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3143

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.