34d644e trust: do not fetch subdomains in case shared secret was used to set up the trust

1 file Authored by abbra 10 years ago, Committed by mkosek 10 years ago,
    trust: do not fetch subdomains in case shared secret was used to set up the trust
    
    Until incoming trust is validated from AD side, we cannot run any operations
    against AD using the trust. Also, Samba currently does not suport verifying
    trust against the other party (returns WERR_NOT_SUPPORTED).
    
    This needs to be added to the documentation:
    
       When using 'ipa trust-add ad.domain --trust-secret', one has to manually
       validate incoming trust using forest trust properties in AD Domains and
       Trusts tool.
    
       Once incoming trust is validated at AD side, use IPA command
       'ipa trust-fetch-domains ad.domain' to retrieve topology of the AD forest.
       From this point on the trust should be usable.
    
    https://fedorahosted.org/freeipa/ticket/4246
    
    Reviewed-By: Martin Kosek <mkosek@redhat.com>
    
        
file modified
+2 -1