#3919 Enable root suffixes at validation time
Closed: Fixed None Opened 10 years ago by simo.

When we create a trust with an AD forest and we have AD admin credentials we should also make the AD side query the list of domains from IPA so that by default at trust creation all the currently handled DNS suffixes are listed and available on the AD side for referral and forwarding of clients to the right KDC (IPA) for services in the IPA domain.


AD subdomains fixes pushed:

master:[[BR]]
46b3588 Require new SSSD to pull required AD subdomain fixes[[BR]]
d228b1b ipa-kdb: Handle parent-child relationship for subdomains[[BR]]
749111e KDC: implement transition check for trusted domains[[BR]]
0ab40cd ipasam: for subdomains pick up defaults for missing values[[BR]]
f734988 trust: integrate subdomains support into trust-add[[BR]]
a87813b ipaserver/dcerpc: remove use of trust account authentication[[BR]]
2d6c7e3 frontend: report arguments errors with better detail[[BR]]
0b29bfd trusts: support subdomains in a forest[[BR]]
0637f59 ipaserver/dcerpc.py: populate forest trust information using realmdomains[[BR]]

ipa-3-3:[[BR]]
dd1ddf8 Require new SSSD to pull required AD subdomain fixes[[BR]]
8ede637 ipa-kdb: Handle parent-child relationship for subdomains[[BR]]
6224ce0 KDC: implement transition check for trusted domains[[BR]]
0cd7923 ipasam: for subdomains pick up defaults for missing values[[BR]]
c6a6f97 trust: integrate subdomains support into trust-add[[BR]]
02158df ipaserver/dcerpc: remove use of trust account authentication[[BR]]
5fe7f7d frontend: report arguments errors with better detail[[BR]]
6f09063 trusts: support subdomains in a forest[[BR]]
45fc0b9 ipaserver/dcerpc.py: populate forest trust information using realmdomains[[BR]]

Metadata Update from @simo:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.3.x - 2013/09 (bug fixing)

7 years ago

Login to comment on this ticket.

Metadata