Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1075615
Description of problem: I can delete range of subdomain that is enabled for trust Version-Release number of selected component (if applicable): ipa-server-3.3.3-21.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Add trust with AD having a child domain 2. Trust should automatically create an idrange for child domain # ipa idrange-show child.addomain.test 3. Check the child domain is enabled for trust # ipa trustdomain-find addomain.test 4. Delete child domain range # ipa idrange-del CHILD.ADDOMAIN.TEST_id_range Actual results: [root@dhcp207-218 ~]# ipa idrange-show PUNE.ADTEST.QE_id_range Range name: PUNE.ADTEST.QE_id_range First Posix ID of the range: 839000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-91314187-2404433721-1858927112 Range type: Active Directory domain range [root@dhcp207-218 ~]# ipa trustdomain-find adtest.qe Domain name: adtest.qe Domain NetBIOS name: ADTEST Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879 Domain enabled: True Domain name: pune.adtest.qe Domain NetBIOS name: PUNE Domain Security Identifier: S-1-5-21-91314187-2404433721-1858927112 Domain enabled: True ---------------------------- Number of entries returned 2 ---------------------------- [root@dhcp207-218 ~]# ipa idrange-del PUNE.ADTEST.QE_id_range ------------------------------------------ Deleted ID range "PUNE.ADTEST.QE_id_range" ------------------------------------------ [root@dhcp207-218 ~]# ipa idrange-show PUNE.ADTEST.QE_id_range ipa: ERROR: PUNE.ADTEST.QE_id_range: range not found Expected results: Same as when we delete root AD domain range [root@dhcp207-218 ~]# ipa idrange-del ADTEST.QE_id_range ipa: ERROR: ADTEST.QE_id_range cannot be deleted because Active Trust adtest.qe requires it
Tomas, please work on this one.
master:
ipa-3-3:
Metadata Update from @dpal: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 3.3.5 (bug fixing)
Login to comment on this ticket.