Description of problem:
As seen there are already 3 related files with IPA and the required ports that should be opened during the product installation
The main idea behind this RFE is to create a new xml file (probably named freeipa-trust) as to handle all the ports required during the deployment of a trust setup
So, according to the following those are required ports
Endpoint resolution portmapper 135 TCP
NetBIOS-DGM 138 TCP and UDP
NetBIOS-SSN 139 TCP and UDP
LDAP 389 TCP and UDP
Microsoft-DS 445 TCP and UDP
Endpoint mapper listener range 1024-1300 TCP
AD Global Catalog 3268 TCP
Version-Release number of selected component (if applicable):
Steps to Reproduce:
instead of adding manually the ports to have the option to execute
the same as above
probably need to add a short note also to the description section of the previously mentioned files
<description>FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option if you plan to provide a FreeIPA Domain Controller using the LDAP protocol. You can also enable the 'freeipa-ldaps' service if you want to provide the LDAPS protocol. Enable the 'dns' service if this FreeIPA server provides DNS services and 'freeipa-replication' service if this FreeIPA server is part of a multi-master replication setup.</description>
According to the link above the port
LDAP 389 TCP and UDP [a]
is not required to be open on IdM servers for trust, but it is necessary for clients communicating with the IdM server.
Should it be part of freeipa-trust still?
Created attachment 1241245 [details]
Proposed freeipa-trust service file for firewalld
Please adapt the service file as needed. The documentation (short and description) might need some more information.
Fixed upstream: https://github.com/t-woerner/firewalld/commit/a170e8f9d016830c3f1ceeda58abf66603f14c96
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.