Bug 1205144

Summary: RFE: Support one-way trusts for IPA
Product: Red Hat Enterprise Linux 7 Reporter: Jakub Hrozek <jhrozek>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: ahoness, grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mvarun, mzidek, nsoman, pbrezina, preichl, R.Eggermont
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.13.0-5.el7 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 11:37:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1145748, 1181710    

Description Jakub Hrozek 2015-03-24 10:25:08 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2579

This is just a tracker to support the one-way trusts in SSSD server mode. More info TBD as we design the feature.
Comment 1 Jakub Hrozek 2015-05-27 19:08:34 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2636
Comment 2 Jakub Hrozek 2015-05-27 19:09:23 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2637
Comment 3 Jakub Hrozek 2015-05-27 19:10:20 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2638
Comment 4 Jakub Hrozek 2015-05-27 19:11:13 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2639
Comment 5 Jakub Hrozek 2015-07-22 20:38:32 UTC 
Marking as MODIFIED since the functionality is available. Bugfixes can be delivered atop the current packages.
Comment 7 Jakub Hrozek 2015-07-29 12:36:18 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2729
Comment 8 Varun Mylaraiah 2015-09-18 10:09:50 UTC 
RFE verified.

ipa-server.x86_64 0:4.2.0-3.el7

RFE tested with below scenarios:: 
TC_01 : Add trust without --two-way option.
TC_02 : Obtain ticket to AD by re-establish trust (Negative Test)
TC_03 : Re-establish trust with --two-way=True option
TC_04 : Obtain ticket to AD by re-establish trust (Positive Test)
TC_05 : Add trust from IPA server with root AD having a child domain_Bz#1250190
TC_06 : Add one way trust_then delete_add two way trust_Bz#1250135
TC_07 : Add two way trust_then delete_add one way trust-add_Bz#1250135
TC_08 : Test with –trust-secret add one way trust from IPA server and add two way from AD server
TC_09 : Test with –trust-secret add one way trust from IPA server and add one way outgoing from AD server
TC_10 : Test with –trust-secret add two way trust from IPA server and add two way from AD server
Comment 9 errata-xmlrpc 2015-11-19 11:37:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html