#3634 After ipa-adtrust-install, do not allow local range add without rid and secondary-rid-base
Closed: Fixed None Opened 9 years ago by steeve.

  • Previously local range add would fail if secondary rid base was not given after ipa-adtrust-install

    [root@rasalghul ~]# ipa trust-find

    1 trust matched

    Realm name: adlab.qe

    Number of entries returned 1

    [root@rasalghul ~]# ipa range-add
    Range name: ADLAB.QE_id_range
    First Posix ID of the range: 392000000
    Number of IDs in the range: 20000
    First RID of the corresponding RID range: 401000
    ipa: ERROR: invalid Gettext('Range setup', domain='ipa', localedir=None): Ranges for local domain must have a secondary RID base

  • Now the local range is added without rid and secondary rid after ipa-adtrust-install. If this is allowed, SID (ipantsecurityidentifier) will not be assigned to IPA users.

    [root@django ~]# ipa trust-find

    1 trust matched

    Realm name: adlabs.com
    Domain NetBIOS name: ADLABS
    Domain Security Identifier: S-1-5-21-3069109027-1612402048-776712048
    Trust type: Active Directory domain


    Number of entries returned 1

    [root@django ~]# ipa idrange-add
    Range name: new_loca_range
    First Posix ID of the range: 1557000000
    Number of IDs in the range: 10


    Added ID range "new_loca_range"

    Range name: new_loca_range
    First Posix ID of the range: 1557000000
    Number of IDs in the range: 10
    Range type: local domain range


Rename "trusts" component to "Trusts" to achieve correct sorting.

Metadata Update from @steeve:
- Issue assigned to akrivoka
- Issue set to the milestone: FreeIPA 3.3 - 2013/06

5 years ago

Login to comment on this ticket.

Metadata