This is a followup for ticket #3231
In that ticket we fixed filtering issue with AD 2012, however we decided to include a fixed white-list of SIDs to check for.
We should move that list in LDAP so that admins can tweak it if needed, otherwise in some situations legit SIDs may be prevented from being reported.
The list of SID is currently hard coded. We need to make it configurable. CLI/UI is not a priority and if we need to defer it we would need to go into a separate ticket.
RFE is now on a separate page.
master:[[BR]] 994e2cd ipa-sam: Fill SID blacklist when trust is added[[BR]] 827ea50 ipa-kdb: read SID blacklist from LDAP[[BR]] d4d19ff Add SID blacklist attributes[[BR]] e08307d ipa-kdb: reinitialize LDAP configuration for known realms[[BR]] ce90a45 ipa-kdb: avoid ENOMEM when all SIDs are filtered out[[BR]] e234edc ipa-kdb: add sentinel for LDAPDerefSpec allocation[[BR]]
ipa-3-1:[[BR]] f53e9db ipa-sam: Fill SID blacklist when trust is added[[BR]] edc76b7 ipa-kdb: read SID blacklist from LDAP[[BR]] c04a348 Add SID blacklist attributes[[BR]] 677e53e ipa-kdb: reinitialize LDAP configuration for known realms[[BR]] 07f7681 ipa-kdb: avoid ENOMEM when all SIDs are filtered out[[BR]] 18a598e ipa-kdb: add sentinel for LDAPDerefSpec allocation
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=910453 (Red Hat Enterprise Linux 7)
Review of UI part.
Web UI part posted for review.
Looks good for now. I think we could come up with a better way of managing line items through a data table in the future.
Web UI part:
master: - dc5fcc2 Web UI: configurable SID blacklists
We might want to push it to ipa-3-1 as well later.
ipa-3-1 - 0467825 Web UI: configurable SID blacklists
Rename "trusts" component to "Trusts" to achieve correct sorting.
Metadata Update from @simo: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.2 - 2013/02
Login to comment on this ticket.