On Tue, 02 Oct 2012, Simo Sorce wrote:
On Tue, 2012-10-02 at 21:29 +0200, Sumit Bose wrote:
Hi,
this patch should fix https://fedorahosted.org/freeipa/ticket/2955 by
adding a fallback group as described in comment 2 of the ticket in
ipa-adtrust-install.
If you prefer to use a different kind of group I can change the patch
accordingly.
Patch works for me, so ACK except the group name.
Yes I think we should use a more natural group name. In my recent
testing I have been using the name 'Trust Users' that pairs well with
another group we create called 'Trust Admins'. But I am open to
suggestions on a better name, 'Domain Users' may be better if we really
want to associate the wellknown SID to this group.
I'm fine with 'Trust Users'.
On the SID side I wonder if using the wellknown 'Domain Users' SID is
the right thing to do. I do not see any special reasons why it shouldn't
but I also do not have any special reason why we should.
Anyone can think of any pros/cons of doing that ?
Since it only has special meaning within the same domain and we are not
using it for anything, it should be fine.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
