#4041 Trust add tries to add same value of --base-id for sub domain, causing an error
Closed: Fixed None Opened 10 years ago by tbabej.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1033068

Description of problem:
Trust-add with --base-id tries to set the given base-id for the sub domain as
well, causing an error.

Version-Release number of selected component (if applicable):
ipa-server-trust-ad-3.3.3-4.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Add trust with AD forest having a sub domain and use --base-id option

[root@rhel7-b ipa-trust-cli]# ipa trust-find
----------------
0 trusts matched
----------------
----------------------------
Number of entries returned 0
----------------------------

[root@rhel7-b ipa-trust-cli]# ipa idrange-find
---------------
1 range matched
---------------
  Range name: TESTRELM.COM_id_range
  First Posix ID of the range: 829600000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range
----------------------------
Number of entries returned 1
----------------------------

[root@rhel7-b ipa-trust-cli]# /usr/bin/ipa trust-add --type=ad adtest.qe
--admin Administrator --password --base-id 1511200000
Active directory domain administrator's password:
ipa: ERROR: Constraint violation: New base range overlaps with existing base
range.

[root@rhel7-b ipa-trust-cli]# ipa idrange-find
----------------
2 ranges matched
----------------
  Range name: ADTEST.QE_id_range
  First Posix ID of the range: 1511200000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
  Domain SID of the trusted domain: S-1-5-21-1910160501-511572375-3625658879
  Range type: Active Directory domain range

  Range name: TESTRELM.COM_id_range
  First Posix ID of the range: 829600000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range
----------------------------
Number of entries returned 2
----------------------------

[root@rhel7-b ipa-trust-cli]# ipa trust-find
---------------
1 trust matched
---------------
  Realm name: adtest.qe
  Domain NetBIOS name: ADTEST
  Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879
  SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2,
S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10,
S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16,
                          S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
  SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2,
S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10,
S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16,
                          S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
  Trust type: Active Directory domain
----------------------------
Number of entries returned 1
----------------------------

Actual results:
[root@rhel7-b ipa-trust-cli]# /usr/bin/ipa trust-add --type=ad adtest.qe
--admin Administrator --password --base-id 1511200000
Active directory domain administrator's password:
ipa: ERROR: Constraint violation: New base range overlaps with existing base
range.

Expected results:
No errors
Additional info:

Metadata Update from @tbabej:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 3.3.x - 2013/11 (bug fixing)

7 years ago

Login to comment on this ticket.

Metadata