freeipa

Clone
Source Code
GIT

#3634 After ipa-adtrust-install, do not allow local range add without rid and secondary-rid-base
Closed: Fixed None Opened 10 years ago by steeve.

Closed: Fixed
Reopen Issue

  • Previously local range add would fail if secondary rid base was not given after ipa-adtrust-install

    [root@rasalghul ~]# ipa trust-find

    1 trust matched

    Realm name: adlab.qe

    Number of entries returned 1

    [root@rasalghul ~]# ipa range-add
    Range name: ADLAB.QE_id_range
    First Posix ID of the range: 392000000
    Number of IDs in the range: 20000
    First RID of the corresponding RID range: 401000
    ipa: ERROR: invalid Gettext('Range setup', domain='ipa', localedir=None): Ranges for local domain must have a secondary RID base

  • Now the local range is added without rid and secondary rid after ipa-adtrust-install. If this is allowed, SID (ipantsecurityidentifier) will not be assigned to IPA users.

    [root@django ~]# ipa trust-find

    1 trust matched

    Realm name: adlabs.com
    Domain NetBIOS name: ADLABS
    Domain Security Identifier: S-1-5-21-3069109027-1612402048-776712048
    Trust type: Active Directory domain

    Number of entries returned 1

    [root@django ~]# ipa idrange-add
    Range name: new_loca_range
    First Posix ID of the range: 1557000000
    Number of IDs in the range: 10

    Added ID range "new_loca_range"

    Range name: new_loca_range
    First Posix ID of the range: 1557000000
    Number of IDs in the range: 10
    Range type: local domain range

Rename "trusts" component to "Trusts" to achieve correct sorting.

master: 91a5d33

Metadata Update from @steeve:
- Issue assigned to akrivoka
- Issue set to the milestone: FreeIPA 3.3 - 2013/06
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Trusts
None
1
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.