IPA IPA Trust WIP #69
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
2 times, most recently
from
3d8a8e8
to
e839e60
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
2 times, most recently
from
46645c8
to
52e5d99
Compare
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
2 times, most recently
from
65e1e4e
to
7d5560f
Compare
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
from
7d5560f
to
69edf96
Compare
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
from
af0dbe6
to
07d6b31
Compare
| ipa_domain = subdom->name; | ||
| DEBUG(SSSDBG_TRACE_LIBS, "Setting up IPA subdomain %s\n", subdom->name); | ||
|
|
||
| /* FIXME: Duplicated in ipa_options_new() */ |
Check notice
Code scanning / CodeQL
FIXME comment Note
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
2 times, most recently
from
d446636
to
672647d
Compare
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
2 times, most recently
from
663324e
to
f45272d
Compare
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
from
f45272d
to
69dad15
Compare
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
2 times, most recently
from
cd1143e
to
6e42f11
Compare
Similar to AD server/service discovery initialization, Allows callers to provide a service, and not just use "IPA"
ipa_srv_* functions will handle IPA and AD subdomains, not only AD.
After b3d7a4f we no longer use the 'upn' variable. During certain codepaths to ipa_s2n_save_objects() SYSDB_UPN is expected to be missing, so no need to check for it.
This gets executed when a one-way or two-way trust ipa is added. Rename this to avoid confusion.
SSSD goes offline in IPA trusted user look due to the IPA user private group:
[ipa_get_ad_acct_ad_part_done] (0x0020): [RID#7] Cannot find a SID.
In IPA-IPA trust, user private groups do not contain a SID. Lookup the
equivalent user object of the same name in IPA and use this SID instead.
Don't fail when processing the IPA user private group retrieved from the IPA server in a trusted user lookup. It is expected this object will have no SID.
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
from
45a6a3d
to
6aeca81
Compare
justin-stephenson
force-pushed
the
idm_idm_trust_wip
branch
from
6aeca81
to
8eb6d9d
Compare
|
Refactored |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.