URL: https://github.com/freeipa/freeipa/pull/1179 Author: abbra Title: #1179: adtrust: filter out subdomains when defining our topology to AD Action: opened PR body: """ When definining a topology of a forest to be visible over a cross-forest trust, we set *.<forest name> as all-catch top level name already. This means that all DNS subdomains of the forest will already be matched by this TLN. If we add more TLNs for subdomains, Active Directory will respond with NT_STATUS_INVALID_PARAMETER. Filter out all subdomains of the forest root domain. All other realm domains will be added with explicit TLN records. Fixes https://pagure.io/freeipa/issue/6666 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1179/head:pr1179 git checkout pr1179