diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index a1c12f16a..4d98485e1 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -1449,7 +1449,7 @@ def fetch_domains(api, mydomain, trustdomain, creds=None, server=None): # Older FreeIPA versions used netr_DsrEnumerateDomainTrusts call # but it doesn't provide information about non-domain UPNs associated # with the forest, thus we have to use netr_DsRGetForestTrustInformation - domains = netr_pipe.netr_DsRGetForestTrustInformation(td.info['dc'], '', 0) + domains = netr_pipe.netr_DsRGetForestTrustInformation(td.info['dc'], None, 0) return domains domains = None diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py index f2e0b1ee4..8a25b560f 100644 --- a/ipaserver/plugins/trust.py +++ b/ipaserver/plugins/trust.py @@ -1663,6 +1663,23 @@ def add_new_domains_from_trust(myapi, trustinstance, trust_entry, domains, **opt for x, y in six.iteritems(domains['suffixes']) if x not in domains['domains']) + try: + dn = myapi.Object.trust.get_dn(trust_name, trust_type=u'ad') + ldap = myapi.Backend.ldap2 + entry = ldap.get_entry(dn) + tlns = entry.get('ipantadditionalsuffixes', []) + tlns.extend(x for x in suffixes if x not in tlns) + entry['ipantadditionalsuffixes'] = tlns + ldap.update_entry(entry) + except errors.EmptyModlist: + pass + + is_nontransitive = int(trust_entry.get('ipanttrustattributes', + [0])[0]) & LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE + + if is_nontransitive: + return result + for dom in six.itervalues(domains['domains']): dom['trust_type'] = u'ad' try: @@ -1686,17 +1703,6 @@ def add_new_domains_from_trust(myapi, trustinstance, trust_entry, domains, **opt # Ignore updating duplicate entries pass - try: - dn = myapi.Object.trust.get_dn(trust_name, trust_type=u'ad') - ldap = myapi.Backend.ldap2 - entry = ldap.get_entry(dn) - tlns = entry.get('ipantadditionalsuffixes', []) - tlns.extend(x for x in suffixes if x not in tlns) - entry['ipantadditionalsuffixes'] = tlns - ldap.update_entry(entry) - except errors.EmptyModlist: - pass - return result