Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Draft - Initial support for IDM IDM Trust #7679

Draft
wants to merge 13 commits into
base: master
Choose a base branch
from
Draft

Draft - Initial support for IDM IDM Trust #7679

wants to merge 13 commits into from

Conversation

justin-stephenson
Copy link
Contributor

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 1, 2024
View reviewed changes
src/providers/ipa/ipa_common.c Dismissed Show dismissed Hide dismissed
src/providers/ipa/ipa_subdomains_id.c Dismissed Show dismissed Hide dismissed
@justin-stephenson
SYSDB: Store IPA trust type
4324b07
@justin-stephenson
Rename struct ipa_ad_server_ctx, and add id_ctx union member
deffd9f
@justin-stephenson
ipa: Make ipa_service_init() like ad_failover_init()
f98c738 
Similar to AD server/service discovery initialization,
Allows callers to provide a service, and not just use "IPA"
@justin-stephenson
ad: Combine 1+2way trust options creation functions
8f78a9f
@justin-stephenson
ipa: Make ipa server ad* functions generic
ec7fa2d 
IPA subdomain functions often include ad in the name, these functions
will now handle IPA and AD subdomains, not only AD.
@justin-stephenson
ipa: Add ipa subdomain provider initialization
6b86eb1
@justin-stephenson
ipa: Support ipa subdomain account info requests
3408cee
@justin-stephenson
ipa s2n: Remove check for SYSDB_UPN
80bb46e 
After b3d7a4f we no longer use
the 'upn' variable. During certain codepaths to ipa_s2n_save_objects()
SYSDB_UPN is expected to be missing, so no need to check for it.
@justin-stephenson
ipa: Rename ipa_create_ad_1way_trust_ctx()
72b8945 
This gets executed when a one-way or two-way trust ipa
is added. Rename this to avoid confusion.
@justin-stephenson
Handle missing SID for user private group
64cafdb 
SSSD goes offline in IPA trusted user look due to the IPA user private group:

    [ipa_get_ad_acct_ad_part_done] (0x0020): [RID#7] Cannot find a SID.

In IPA-IPA trust, user private groups do not contain a SID. Lookup the
equivalent user object of the same name in IPA and use this SID instead.
@justin-stephenson
ipa s2n: Ignore trusted IPA user private group
a9fbf28 
Don't fail when processing the IPA user private group retrieved
from the IPA server in a trusted user lookup. It is expected
this object will have no SID.
@justin-stephenson
AD: Remove unused AD_AT_TRUST_TYPE attribute
b0d2129
@justin-stephenson justin-stephenson force-pushed the idm_idm_trust_pr branch 2 times, most recently from 239ec67 to 09940ca Compare November 4, 2024 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@justin-stephenson