Bug 1052973

Summary: Need an option to show if an AD subdomain is enabled/disabled from using IPA resources
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED CURRENTRELEASE QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: pvoborni, rcritten, sgoveas
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.3.3-12.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 10:01:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2014-01-14 14:26:38 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4096

ipa trustdomain-find does not show if a subdomain is enabled or disabled from using IPA resources. An option or ipa trustdomain-show cmd will be helpful to display the subdomain status in a AD-IPA trust relation.
Comment 2 Martin Kosek 2014-01-15 15:20:42 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/0cad0fa1116cf3d23a6a44225d05e4956e3c4d95
ipa-3-3: https://fedorahosted.org/freeipa/changeset/2630ecbaff6d79ddf8e8961c585a25784935027f
Comment 5 Steeve Goveas 2014-01-16 18:33:26 UTC 
[root@dhcp207-43 ~]# ipa trustdomain-find adtest.qe
  Domain name: adtest.qe
  Domain NetBIOS name: ADTEST
  Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879
  Domain enabled: True

  Domain name: pune.adtest.qe
  Domain NetBIOS name: PUNE
  Domain Security Identifier: S-1-5-21-91314187-2404433721-1858927112
  Domain enabled: True
----------------------------
Number of entries returned 2
----------------------------

[root@dhcp207-43 ~]# ipa trustdomain-disable adtest.qe pune.adtest.qe
--------------------------------------
Disabled trust domain "pune.adtest.qe"
--------------------------------------

[root@dhcp207-43 ~]# ipa trustdomain-find adtest.qe
  Domain name: adtest.qe
  Domain NetBIOS name: ADTEST
  Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879
  Domain enabled: True

  Domain name: pune.adtest.qe
  Domain NetBIOS name: PUNE
  Domain Security Identifier: S-1-5-21-91314187-2404433721-1858927112
  Domain enabled: False
----------------------------
Number of entries returned 2
----------------------------

[root@dhcp207-43 ~]# ipa trust-find | grep S-1-5-21-91314187-2404433721-1858927112
  SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20, S-1-5-21-91314187-2404433721-1858927112
Comment 6 Steeve Goveas 2014-01-16 18:40:39 UTC 
Verified in version
ipa-server-3.3.3-12.el7.x86_64
Comment 7 Ludek Smid 2014-06-13 10:01:35 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.