Bug 1205144 - RFE: Support one-way trusts for IPA
Summary: RFE: Support one-way trusts for IPA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Kaushik Banerjee
Depends On:
Blocks: 1145748 1181710
TreeView+ depends on / blocked
Reported: 2015-03-24 10:25 UTC by Jakub Hrozek
Modified: 2019-08-15 04:24 UTC (History)
12 users (show)

Fixed In Version: sssd-1.13.0-5.el7
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2015-11-19 11:37:00 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2355 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2015-11-19 10:27:42 UTC

Description Jakub Hrozek 2015-03-24 10:25:08 UTC
This bug is created as a clone of upstream ticket:

This is just a tracker to support the one-way trusts in SSSD server mode. More info TBD as we design the feature.

Comment 1 Jakub Hrozek 2015-05-27 19:08:34 UTC
Upstream ticket:

Comment 2 Jakub Hrozek 2015-05-27 19:09:23 UTC
Upstream ticket:

Comment 3 Jakub Hrozek 2015-05-27 19:10:20 UTC
Upstream ticket:

Comment 4 Jakub Hrozek 2015-05-27 19:11:13 UTC
Upstream ticket:

Comment 5 Jakub Hrozek 2015-07-22 20:38:32 UTC
Marking as MODIFIED since the functionality is available. Bugfixes can be delivered atop the current packages.

Comment 7 Jakub Hrozek 2015-07-29 12:36:18 UTC
Upstream ticket:

Comment 8 Varun Mylaraiah 2015-09-18 10:09:50 UTC
RFE verified.

ipa-server.x86_64 0:4.2.0-3.el7

RFE tested with below scenarios:: 
TC_01 : Add trust without --two-way option.
TC_02 : Obtain ticket to AD by re-establish trust (Negative Test)
TC_03 : Re-establish trust with --two-way=True option
TC_04 : Obtain ticket to AD by re-establish trust (Positive Test)
TC_05 : Add trust from IPA server with root AD having a child domain_Bz#1250190
TC_06 : Add one way trust_then delete_add two way trust_Bz#1250135
TC_07 : Add two way trust_then delete_add one way trust-add_Bz#1250135
TC_08 : Test with –trust-secret add one way trust from IPA server and add two way from AD server
TC_09 : Test with –trust-secret add one way trust from IPA server and add one way outgoing from AD server
TC_10 : Test with –trust-secret add two way trust from IPA server and add two way from AD server

Comment 9 errata-xmlrpc 2015-11-19 11:37:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.