orion / freeipa

Forked from freeipa 5 years ago
Clone
Source Code
GIT

dadfbf9 Handle various forms of admin accounts when establishing trusts

Authored and Committed by abbra 11 years ago
raw patch tree parent
2 files changed. 13 lines added. 0 lines removed.
ipalib/plugins/trust.py
file modified
+8 -0
ipaserver/dcerpc.py
file modified
+5 -0 
    Handle various forms of admin accounts when establishing trusts
    
    Realm administrator account may be specified using different form:
    Administrator, DOM\Administrator, Administrator@DOMAIN
    
    This patch introduces handling of the second two forms:
    - In DOM\Administrator only user name is used, short domain name
      is then taken from a discovered record from the AD DC
    - In Administrator@DOMAIN first DOMAIN is verified to be the same
      as the domain we are establishing trust to, and then user name
      is taken, together with short domain name taken from a discovered
      record from the AD DC
    
    Note that we do not support using to-be-trusted domain's trusted domains'
    accounts to establish trust as there is basically zero chance to verify
    that things will work with them. In addition, in order to establish trust
    one needs to belong to Enterprise Admins group in AD or have specially
    delegated permissions. These permissions are unlikely delegated to the
    ones in already trusted domain.
    
    https://fedorahosted.org/freeipa/ticket/2864
file modified
+8 -0
file modified
+5 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.