Issue #5942: trusts: make sure child domains are not shown as part of the trust-find command - freeipa

freeipa

#5942 trusts: make sure child domains are not shown as part of the trust-find command

Closed: Fixed None Opened 7 years ago by abbra.

`ipa trust-find' command should only show trusted forest root domains

The child domains should be visible via

ipa trustdomain-find forest.root

The difference between forest root (or external domain) and child
domains is that root domain gets ipaIDObject class to allow assigning a
POSIX ID to the object. This POSIX ID is used by Samba when an Active
Directory domain controller connects as forest trusted domain object.

Child domains can only talk to IPA via forest root domain, thus they
don't need POSIX ID for their TDOs. This allows us a way to
differentiate objects for the purpose of 'trust-find' /
'trustdomain-find' commands.

mbasti commented 7 years ago

master:

905db92 adtrust: optimize forest root LDAP filter

Metadata Update from @abbra:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.4

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.4

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Trusts

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

mbabinsk

external_tracker

None

rhbz

todo

tester

None

changelog

None

design

None

freeipa

Source Code

#5942 trusts: make sure child domains are not shown as part of the trust-find command Closed: Fixed None Opened 7 years ago by abbra.

Metadata

#5942 trusts: make sure child domains are not shown as part of the trust-find command

Closed: Fixed None Opened 7 years ago by abbra.