Issue #4247: Deletion of active subdomain range should not be allowed - freeipa

freeipa

#4247 Deletion of active subdomain range should not be allowed

Closed: Fixed None Opened 10 years ago by dpal.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1075615

Description of problem:
I can delete range of subdomain that is enabled for trust

Version-Release number of selected component (if applicable):
ipa-server-3.3.3-21.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Add trust with AD having a child domain
2. Trust should automatically create an idrange for child domain
# ipa idrange-show child.addomain.test
3. Check the child domain is enabled for trust
# ipa trustdomain-find addomain.test
4. Delete child domain range
# ipa idrange-del CHILD.ADDOMAIN.TEST_id_range

Actual results:
[root@dhcp207-218 ~]# ipa idrange-show PUNE.ADTEST.QE_id_range
  Range name: PUNE.ADTEST.QE_id_range
  First Posix ID of the range: 839000000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
  Domain SID of the trusted domain: S-1-5-21-91314187-2404433721-1858927112
  Range type: Active Directory domain range

[root@dhcp207-218 ~]# ipa trustdomain-find adtest.qe
  Domain name: adtest.qe
  Domain NetBIOS name: ADTEST
  Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879
  Domain enabled: True

  Domain name: pune.adtest.qe
  Domain NetBIOS name: PUNE
  Domain Security Identifier: S-1-5-21-91314187-2404433721-1858927112
  Domain enabled: True
----------------------------
Number of entries returned 2
----------------------------

[root@dhcp207-218 ~]# ipa idrange-del PUNE.ADTEST.QE_id_range
------------------------------------------
Deleted ID range "PUNE.ADTEST.QE_id_range"
------------------------------------------

[root@dhcp207-218 ~]# ipa idrange-show PUNE.ADTEST.QE_id_range
ipa: ERROR: PUNE.ADTEST.QE_id_range: range not found

Expected results:
Same as when we delete root AD domain range

[root@dhcp207-218 ~]# ipa idrange-del ADTEST.QE_id_range
ipa: ERROR: ADTEST.QE_id_range cannot be deleted because Active Trust adtest.qe
requires it

mkosek commented 10 years ago

Tomas, please work on this one.

pviktori commented 10 years ago

master:

6242697 Prohibit deletion of active subdomain range

ipa-3-3:

8e7b209 Prohibit deletion of active subdomain range

mkosek commented 10 years ago

master:

6fb53bb Fix idrange unit test failure

ipa-3-3:

18da179 Fix idrange unit test failure

Metadata Update from @dpal:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 3.3.5 (bug fixing)

7 years ago

Metadata

Assignee

tbabej

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.3.5 (bug fixing)

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

abbra

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1075615

tester

None

changelog

None

design

None

freeipa

Source Code

#4247 Deletion of active subdomain range should not be allowed Closed: Fixed None Opened 10 years ago by dpal.

Metadata

#4247 Deletion of active subdomain range should not be allowed

Closed: Fixed None Opened 10 years ago by dpal.