Alexander Bokovoy 08d7d90ab0 ipasam: derive parent domain for subdomains automatically ... [MS-ADTS] 6.1.6.7.13 defines 'trustPartner' attribute as containing a FQDN of the trusted domain. In practice, for a subdomain of a forest, it would be FQDN of the subdomain itself in the trusted domain entry in the parent domain. This is reflected as ipaNTTrustPartner attribute in FreeIPA. Remove ipaNTTrustPartner from the searches that use NetBIOS name. We match cn of that entry already. Use RDN value of the entry to derive DNS domain name in case ipaNTTrustPartner is missing. For subdomains, set trust attributes to 0 and trust flags to mark them as being within the forest. This will trigger winbindd to not ask for credentials to reach those domain controllers directly. Fixes: https://pagure.io/freeipa/issue/8576 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>		2021-01-22 12:21:33 -05:00
..
dnssec	systemd: enforce en_US.UTF-8 locale in systemd units	2020-12-10 14:38:05 +02:00
ipa-kdb	ipa-kdb: provide correct logon time in MS-PAC from authentication time	2021-01-22 12:21:33 -05:00
ipa-otpd	systemd: enforce en_US.UTF-8 locale in systemd units	2020-12-10 14:38:05 +02:00
ipa-sam	ipasam: derive parent domain for subdomains automatically	2021-01-22 12:21:33 -05:00
ipa-slapi-plugins	On password reset also set krbLastAdminUnlock to unlock account	2020-11-11 10:29:25 +02:00
ipa-version.h.in	Build: move version handling from Makefile to configure	2016-11-09 13:08:32 +01:00
Makefile.am	build: Unify compiler warning flags used	2021-01-15 14:11:56 +01:00