On Wed, 2012-10-31 at 22:52 +0200, Alexander Bokovoy wrote: > A sequence is following: > 1. Match external member against existing trusted domain > 2. Find trusted domain's domain controller and preferred GC hosts > 3. Fetch trusted domain account auth info > 4. Set up ccache in /var/run/ipa_memcached/krb5cc_TD<domain> with > principal [email protected] > 5. Do LDAP SASL interactive bind using the ccache > 6. Search for the member's SID > 7. Decode SID > 8. Replace external member name by SID > --- > ipalib/plugins/group.py | 32 ++++--- > ipalib/plugins/trust.py | 17 ++-- > ipaserver/dcerpc.py | 233 > +++++++++++++++++++++++++++++++++++++++++++++++- > 3 files changed, 257 insertions(+), 25 deletions(-) > > Ack! Pushed to master and ipa-3-0
Thanks a lot! Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
