freeipa

Clone
Source Code
GIT

#4111 trust-fetch-domains does not add idrange for subdomains found
Closed: Fixed None Opened 10 years ago by mkosek.

Closed: Fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1049926

Description of problem:
trust-fetch-domains does not add idrange for subdomain found

Version-Release number of selected component (if applicable):
ipa-server-3.3.3-8.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Setup Trust with AD forest root domain
2. Add a new subdomain to the AD forest / delete an existing subdomain with
# ipa trustdomain-del domain.com sub.domain.com

Delete its idrange
# ipa idrange-del SUB.DOMAIN.COM_id_range

3. Run
# ipa trust-fetch-domains

Actual results:
The subdomain is found, but no idrange call is made to add an idrange
automatically for that subdomain

Expected results:
idrange is added for the fetched subdomain

Additional info:
[root@dhcp207-43 ~]# ipa trust-find
---------------
1 trust matched
---------------
  Realm name: adtest.qe
  Domain NetBIOS name: ADTEST
  Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879
  SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2,
S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10,
S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16,
                          S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
  SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2,
S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10,
S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16,
                          S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
  Trust type: Active Directory domain
----------------------------
Number of entries returned 1
----------------------------

[root@dhcp207-43 ~]# ipa idrange-find
----------------
3 ranges matched
----------------
  Range name: ADTEST.QE_id_range
  First Posix ID of the range: 1148400000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
  Domain SID of the trusted domain: S-1-5-21-1910160501-511572375-3625658879
  Range type: Active Directory domain range

  Range name: PUNE.ADTEST.QE_id_range
  First Posix ID of the range: 839000000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
  Domain SID of the trusted domain: S-1-5-21-91314187-2404433721-1858927112
  Range type: Active Directory domain range

  Range name: TESTRELM.COM_id_range
  First Posix ID of the range: 1741800000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range
----------------------------
Number of entries returned 3
----------------------------

[root@dhcp207-43 ~]# ipa trustdomain-del adtest.qe pune.adtest.qe
-------------------------------------------------------------
Removed information about the trusted domain "pune.adtest.qe"
-------------------------------------------------------------

[root@dhcp207-43 ~]# ipa idrange-del PUNE.ADTEST.QE_id_range
------------------------------------------
Deleted ID range "PUNE.ADTEST.QE_id_range"
------------------------------------------

[root@dhcp207-43 ~]# ipa trustdomain-find adtest.qe
  Domain name: adtest.qe
  Domain NetBIOS name: ADTEST
  Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879
----------------------------
Number of entries returned 1
----------------------------

[root@dhcp207-43 ~]# ipa trust-fetch-domains adtest.qe
--------------------------------------------
List of trust domains successfully refreshed
--------------------------------------------
  Realm name: pune.adtest.qe
  Domain NetBIOS name: PUNE
  Domain Security Identifier: S-1-5-21-91314187-2404433721-1858927112
----------------------------
Number of entries returned 1
----------------------------

[root@dhcp207-43 ~]# ipa idrange-find
----------------
2 ranges matched
----------------
  Range name: ADTEST.QE_id_range
  First Posix ID of the range: 1148400000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
  Domain SID of the trusted domain: S-1-5-21-1910160501-511572375-3625658879
  Range type: Active Directory domain range

  Range name: TESTRELM.COM_id_range
  First Posix ID of the range: 1741800000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range
----------------------------
Number of entries returned 2
----------------------------

[root@dhcp207-43 ~]# ipa trustdomain-find
Realm name: adtest.qe
  Domain name: adtest.qe
  Domain NetBIOS name: ADTEST
  Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879

  Domain name: pune.adtest.qe
  Domain NetBIOS name: PUNE
  Domain Security Identifier: S-1-5-21-91314187-2404433721-1858927112
----------------------------
Number of entries returned 2
----------------------------

Alexander is working on it.

master: 0e2cda9[[BR]]
ipa-3-3: fa9bdaa

Metadata Update from @mkosek:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.3.x - 2014/01 (bug fixing)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Trusts
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1049926
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.