Bug 1206613
Summary: | [RFE] Configure IPA to be a trust agent by default | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | Aneta Šteflová Petrová <apetrova> |
Priority: | medium | ||
Version: | 7.0 | CC: | abokovoy, mvarun, pasik, rcritten |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.2.0-1.el7 | Doc Type: | Release Note |
Doc Text: |
Configuring an IdM server to be a trust agent now supported
Identity Management (IdM) distinguishes two types of IdM master servers: trust controllers and trust agents. Trust controllers run all the services required for establishing and maintaining a trust; trust agents only run services required to provide resolution of users and groups from trusted Active Directory forests to IdM clients enrolled with these IdM servers.
By default, running the "ipa-adtrust-install" command sets up the IdM server as a trust controller. To configure another IdM server to be a trust agent, pass the "--add-agents" option to "ipa-adtrust-install".
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-19 12:03:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1181710 |
Description
Martin Kosek
2015-03-27 14:16:38 UTC
Fixed upstream: master: 2dd5b46d257eb03188fcfb21997e9348bc0e3f4d trust: support retrieving POSIX IDs with one-way trust during trust-add 5025204175fad221a74befa7dc52087fcd0751c6 trusts: add ACIs to allow AD trust agents to fetch cross-realm keytabs a9570e8ea347c3e5cb4c1489e70828bd00077a22 ipa-pwd-extop: expand error message to tell what user is not allowed to fetch keytab d5aa1ee04e2e4923f42bccd60d51f063df144a0b trusts: add support for one-way trust and switch to it by default 14992a07fc7ea6bb5c028e5fefaf7394af00a555 ipa-adtrust-install: allow configuring of trust agents aa21600822543a3a07a3d808bc6085d4088fa5e6 ipa-sidgen: reduce log level to normal if domain SID is not available 47e1de760413e5354f704fc808d960490d80338c trusts: pass AD DC hostname if specified explicitly 03c2d76186534081400846f4141fbbef8e41ae83 ipa-adtrust-install: add IPA master host principal to adtrust agents 785f6593caf1817b84332397ca19752d3cf50c25 add one-way trust support to ipasam RFE verified. ipa-server.x86_64 0:4.2.0-4.el7 RFE tested with below scenarios:: TC_01: Add trust on IPA server with existing replica with –add-agents option_Bz#1252414 TC_02: Add trust on IPA server with existing replica without –add-agents option TC_03: With 2 replica server, add 1 replica as a trust-agent TC_04: Re-establish Trust on trust agent replica. TC_05: List and Remove trust-agents_bug#1250162 TC_06: Install trust packages on a replica not added as trust agent Modified the doc text. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2362.html |