Re: [Freeipa-devel] [PATCH] 478 better startup error handling
Adam Young wrote: On 06/25/2010 01:52 PM, Rob Crittenden wrote: This patch will limit the amount of output in the Apache error log by default. It should suppress the traceback and just display the exception. This is mostly to handle LDAP connection issues during startup where we retrieve the schema but it could have other implications as well. I've added a new config file directive, startup_traceback, defaulting to False. If you want the full traceback you can add this to /etc/ipa/default.conf (or ~/.ipa/default.conf) and get full tracebacks. In lite-server.py this defaults to True. I was looking for a way to cause Apache startup to fail if something blew up in IPA but I couldn't find anything in mod_wsgi to support that. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Ack pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 476 fix bad API call in selfsign
On 06/25/2010 03:46 PM, Rob Crittenden wrote: Use newer API in selfsign plugin. Fix missing import when running in the in-tree lite-server. rob Maybe we should remove the comment as well, if it's not valid anymore. Other than that: ACK. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 480 new search attribute
Add a new optional calss variable to store the attributes to search on. They might differ from the default attributes you want to display. Also link in any search attributes defined in cn=ipaconfig. Thesese are a comma-separated list of attributes. We only have user and group defined currently. rob freeipa-480-search.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 482 test cert storage
Verify that we're storing the same certificate that is being issued. Doesn't hurt to be a little extra paranoid. rob freeipa-482-cert.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 483 disable service/host
This patch supercedes patch 479 which is now defunct. It relies on patch 481. Add API to delete a service principal key, service-disable and host-disable. This is so an admin can essentially revoke a service principal without deleting it (a host stores its own host service principal). I pulled usercertificate out of the global params and put into each appropriate function because it makes no sense for service-disable. This also adds a new output parameter, has_keytab. It is a boolean that indicates whether the entry has a kerberos principal key (or at least our best guess at it). rob freeipa-483-disable.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 484 add framework for testing other cmdlines
In order to test service-disable I needed a way to get a keytab. For this we need to run ipa-getkeytab so I added some framework to be able to run the non-ipa command-line utilities. Right now I'm just testing the very basics of ipa-getkeytab but it's a start. rob freeipa-484-tests.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel