Add trust-related ACIs

A high-level description of the design and ACIs for trusts is available at https://www.redhat.com/archives/freeipa-devel/2011-December/msg00224.html and https://www.redhat.com/archives/freeipa-devel/2011-December/msg00248.html Ticket #1731
2025-02-25 18:55:28 -06:00 · 2012-05-15 20:03:16 +03:00
parent 000bcfe34f
commit bd0d858043
5 changed files with 196 additions and 81 deletions
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -224,13 +224,16 @@ def main():
    print "\t\t  * 389: (C)LDAP"
    print "\t\t  * 445: microsoft-ds"
    print ""
-    print "\tAdditionally you have to make sure the FreeIPA LDAP server cannot reached"
+    print "\tAdditionally you have to make sure the FreeIPA LDAP server cannot be reached"
    print "\tby any domain controller in the Active Directory domain by closing the"
    print "\tfollowing ports for these servers:"
    print "\t\tTCP Ports:"
    print "\t\t  * 389, 636: LDAP/LDAPS"
    print "\tYou may want to choose to REJECT the network packets instead of DROPing them"
    print "\tto avoid timeouts on the AD domain controllers."
+    print ""
+    print "\tWARNING: you MUST re-kinit admin user before using 'ipa trust-*' commands family"
+    print "\tin order to re-generate Kerberos tickets to include AD-specific information"

    return 0