#2101 Use idrange of forest root if there is none for a member domain and type is ipa-ad-trust-posix
Closed: Fixed None Opened 5 years ago by sbose.

While discussing FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3910 we agreed that for member domains in a forest where the idrange of the forest root is of type ipa-ad-trust-posix, i.e. IDs are managed by AD, a missing idrange will indicate that the member domain will use the IDs from AD as well with the parameters as the forest root.

Fields changed

owner: somebody => sbose
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.2
rhbz: => 0

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Fields changed

changelog: => See the description -- in IPA-AD trust relationship, if an AD child domain does not have the idrange set explicitly, it will inherit the range of the AD forest root.

Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.2

2 years ago

Login to comment on this ticket.