Fix ipa-server-upgrade

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Christian Heimes 2021-05-21 14:56:32 +02:00 committed by Rob Crittenden
parent 51035d9354
commit 1e00748f18
3 changed files with 5 additions and 2 deletions

View File

@ -491,7 +491,7 @@ cn: ${REALM}_subid_range
ipaBaseID: eval($SUBID_RANGE_START) ipaBaseID: eval($SUBID_RANGE_START)
ipaIDRangeSize: eval($SUBID_RANGE_SIZE) ipaIDRangeSize: eval($SUBID_RANGE_SIZE)
# HACK: RIDs to work around adtrust sidgen issue # HACK: RIDs to work around adtrust sidgen issue
ipaBaseRID: eval($SUBID_RANGE_START - $IDRANGE_SIZE) ipaBaseRID: eval($SUBID_BASE_RID)
# 738065-838566 = IPA-SUB # 738065-838566 = IPA-SUB
ipaNTTrustedDomainSID: S-1-5-21-738065-838566-$DOMAIN_HASH ipaNTTrustedDomainSID: S-1-5-21-738065-838566-$DOMAIN_HASH
# HACK: "ipa-local-subid" range type causes issues with older SSSD clients # HACK: "ipa-local-subid" range type causes issues with older SSSD clients

View File

@ -102,7 +102,7 @@ default: cn: ${REALM}_subid_range
default: ipaBaseID: $SUBID_RANGE_START default: ipaBaseID: $SUBID_RANGE_START
default: ipaIDRangeSize: $SUBID_RANGE_SIZE default: ipaIDRangeSize: $SUBID_RANGE_SIZE
# HACK: RIDs to work around adtrust sidgen issue # HACK: RIDs to work around adtrust sidgen issue
default: ipaBaseRID: eval($SUBID_RANGE_START - $IDRANGE_SIZE) default: ipaBaseRID: eval($SUBID_BASE_RID)
default: ipaNTTrustedDomainSID: S-1-5-21-738065-838566-$DOMAIN_HASH default: ipaNTTrustedDomainSID: S-1-5-21-738065-838566-$DOMAIN_HASH
# HACK: "ipa-local-subid" range type causes issues with older SSSD clients # HACK: "ipa-local-subid" range type causes issues with older SSSD clients
# see https://github.com/SSSD/sssd/issues/5571 # see https://github.com/SSSD/sssd/issues/5571

View File

@ -59,8 +59,10 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None):
""" """
if idstart is None: if idstart is None:
idrange_size = None idrange_size = None
subid_base_rid = None
else: else:
idrange_size = idmax - idstart + 1 idrange_size = idmax - idstart + 1
subid_base_rid = constants.SUBID_RANGE_START - idrange_size
return dict( return dict(
REALM=realm, REALM=realm,
@ -81,6 +83,7 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None):
SUBID_RANGE_SIZE=constants.SUBID_RANGE_SIZE, SUBID_RANGE_SIZE=constants.SUBID_RANGE_SIZE,
SUBID_RANGE_MAX=constants.SUBID_RANGE_MAX, SUBID_RANGE_MAX=constants.SUBID_RANGE_MAX,
SUBID_DNA_THRESHOLD=constants.SUBID_DNA_THRESHOLD, SUBID_DNA_THRESHOLD=constants.SUBID_DNA_THRESHOLD,
SUBID_BASE_RID=subid_base_rid,
DOMAIN_HASH=murmurhash3(domain, len(domain), 0xdeadbeef), DOMAIN_HASH=murmurhash3(domain, len(domain), 0xdeadbeef),
MAX_DOMAIN_LEVEL=constants.MAX_DOMAIN_LEVEL, MAX_DOMAIN_LEVEL=constants.MAX_DOMAIN_LEVEL,
MIN_DOMAIN_LEVEL=constants.MIN_DOMAIN_LEVEL, MIN_DOMAIN_LEVEL=constants.MIN_DOMAIN_LEVEL,