`ipa trust-find' command should only show trusted forest root domains
The child domains should be visible via
ipa trustdomain-find forest.root
The difference between forest root (or external domain) and child domains is that root domain gets ipaIDObject class to allow assigning a POSIX ID to the object. This POSIX ID is used by Samba when an Active Directory domain controller connects as forest trusted domain object.
Child domains can only talk to IPA via forest root domain, thus they don't need POSIX ID for their TDOs. This allows us a way to differentiate objects for the purpose of 'trust-find' / 'trustdomain-find' commands.
master:
Metadata Update from @abbra: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.4
Login to comment on this ticket.