freeipa/ipaserver
Alexander Bokovoy a57f613314 trust: detect and error out when non-AD trust with IPA domain name exists
Quite often users choose wrong type of trust on Active Directory side
when setting up a trust to freeIPA. The trust type supported by freeIPA
is just a normal forest trust to another Active Directory. However,
some people follow old internet recipes that force using a trust to MIT
Kerberos realm.

This is a wrong type of trust. Unfortunately, when someone used MIT
Kerberos realm trust, there is no way to programmatically remote the
trust from freeIPA side. As result, we have to detect such situation and
report an error.

To do proper reporting, we need reuse some constants and trust type
names we use in IPA CLI/Web UI. These common components were moved to
a separate ipaserver/dcerpc_common.py module that is imported by both
ipaserver/plugins/trust.py and ipaserver/dcerpc.py.

Fixes https://pagure.io/freeipa/issue/7264

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
2017-12-07 21:18:51 +02:00
..
advise logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
dnssec Update to python-ldap 3.0.0 2017-12-06 16:54:04 +01:00
install Remove Custodia keys on uninstall 2017-12-07 16:55:40 +01:00
plugins trust: detect and error out when non-AD trust with IPA domain name exists 2017-12-07 21:18:51 +02:00
secrets Remove Custodia keys on uninstall 2017-12-07 16:55:40 +01:00
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
dcerpc_common.py trust: detect and error out when non-AD trust with IPA domain name exists 2017-12-07 21:18:51 +02:00
dcerpc.py trust: detect and error out when non-AD trust with IPA domain name exists 2017-12-07 21:18:51 +02:00
dns_data_management.py DNS update: reduce timeout for CA records 2017-08-30 13:02:59 +02:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
p11helper.py py3: softhsm key_id must be bytes 2017-06-01 09:24:24 +02:00
rpcserver.py rpcserver: don't call xmlserver.Command 2017-09-08 15:42:07 +02:00
servroles.py Do not remove the old masters when setting the attribute fails 2017-07-04 14:42:43 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Update to python-ldap 3.0.0 2017-12-06 16:54:04 +01:00
topology.py fix incorrect suffix handling in topology checks 2017-06-05 18:37:37 +02:00