Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1033068
Description of problem: Trust-add with --base-id tries to set the given base-id for the sub domain as well, causing an error. Version-Release number of selected component (if applicable): ipa-server-trust-ad-3.3.3-4.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Add trust with AD forest having a sub domain and use --base-id option [root@rhel7-b ipa-trust-cli]# ipa trust-find ---------------- 0 trusts matched ---------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@rhel7-b ipa-trust-cli]# ipa idrange-find --------------- 1 range matched --------------- Range name: TESTRELM.COM_id_range First Posix ID of the range: 829600000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range ---------------------------- Number of entries returned 1 ---------------------------- [root@rhel7-b ipa-trust-cli]# /usr/bin/ipa trust-add --type=ad adtest.qe --admin Administrator --password --base-id 1511200000 Active directory domain administrator's password: ipa: ERROR: Constraint violation: New base range overlaps with existing base range. [root@rhel7-b ipa-trust-cli]# ipa idrange-find ---------------- 2 ranges matched ---------------- Range name: ADTEST.QE_id_range First Posix ID of the range: 1511200000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-1910160501-511572375-3625658879 Range type: Active Directory domain range Range name: TESTRELM.COM_id_range First Posix ID of the range: 829600000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range ---------------------------- Number of entries returned 2 ---------------------------- [root@rhel7-b ipa-trust-cli]# ipa trust-find --------------- 1 trust matched --------------- Realm name: adtest.qe Domain NetBIOS name: ADTEST Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879 SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 Trust type: Active Directory domain ---------------------------- Number of entries returned 1 ---------------------------- Actual results: [root@rhel7-b ipa-trust-cli]# /usr/bin/ipa trust-add --type=ad adtest.qe --admin Administrator --password --base-id 1511200000 Active directory domain administrator's password: ipa: ERROR: Constraint violation: New base range overlaps with existing base range. Expected results: No errors Additional info:
master: 63d4f30[[BR]] ipa-3-3: ca11a28
Metadata Update from @tbabej: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 3.3.x - 2013/11 (bug fixing)
Login to comment on this ticket.