#7600 Enable compat tree to provide information about AD users and groups on trust agents
Closed: fixed a year ago by frenaud. Opened 2 years ago by frenaud.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1585020

RHEL IdM has an option to enable serving information about AD users and groups
in the compatibility tree (RFC2307) when converting IdM master to AD trust
controller. At the same time, AD trust controller can designate other IdM
masters to be able to resolve information about AD users and groups by
promoting them to AD trust agents.

However, there is no way to configure the compatibility tree on AD trust agents
to serve information about AD users and groups. As result, if legacy clients
are configured to use the compatibility tree on AD trust agents as opposed to
AD trust controllers, information about AD users' group membership will be
missing.

We should provide means to enable this functionality in the compatibility tree
on AD trust agents independently from converting AD trust agent to AD trust
controller.

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1585020

2 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/4277
- Issue set to the milestone: None (was: FreeIPA 4.6.5)

a year ago

Metadata Update from @frenaud:
- Issue assigned to frenaud

a year ago

master:

  • 68c72e3 Privilege: add a helper checking if a principal has a given privilege
  • 911992b ipa-adtrust-install: run remote configuration for new agents
  • fc4c3ac ipatests: add test for ipa-adtrust-install --add-agents

ipa-4-8:

  • 66154f8 Privilege: add a helper checking if a principal has a given privilege
  • 5edc674 ipa-adtrust-install: run remote configuration for new agents
  • 4afd6e5 ipatests: add test for ipa-adtrust-install --add-agents

ipa-4-7:

  • 2b5c409 Privilege: add a helper checking if a principal has a given privilege
  • 3a880ff ipa-adtrust-install: run remote configuration for new agents
  • 59b09f1 ipatests: add test for ipa-adtrust-install --add-agents

ipa-4-6:

  • d051d2d Privilege: add a helper checking if a principal has a given privilege
  • f9fcd2c ipa-adtrust-install: run remote configuration for new agents
  • 796c86a ipatests: add test for ipa-adtrust-install --add-agents

master:

  • 233a18b ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg missing
  • 1fbc4e0 selinux policy: add the right context for org.freeipa.server.trust-enable-agent

ipa-4-8:

  • 21c923c ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg missing
  • df0df14 selinux policy: add the right context for org.freeipa.server.trust-enable-agent

ipa-4-7:

  • 1fccdd0 ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg missing

ipa-4-6:

  • 79f9ba5 ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg missing

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata