Re: [Freeipa-devel] [PATCH] admiyo-0133-bad-request-workaround
On 1/7/2011 6:10 AM, Adam Young wrote: ACK and pushed to master. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 034 Do not use LDAP_DEPRECATED in plugins and client
On Thu, Jan 06, 2011 at 01:27:50PM +0100, Jan Zelený wrote: > Jakub Hrozek wrote: > > Remove the LDAP_DEPRECATED constant and do not use functions that are > > marked as deprecated in recent OpenLDAP releases. Also always define > > WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that > > depend on that constant. > > > > A related question - since we only support Fedora 14 now and we always > > compile with --with-openldap on that platform, should we remove the > > mozldap code altogether? I don't think it would cause any harm, > > realistically, there should be no users. > > > > https://fedorahosted.org/freeipa/ticket/576 > > Nack, > > please unify whitespaces in indentation. Done. In this version, the whitespaces are the the same as in the original file (mostly spaces, one of them tabs). > Also I'm curious about adding those > includes in ipapwd.h - does this have any (positive/or negative) impact? They > seem a little redundant. > Harmless, but no positive effect, so I removed them. They were probably a result of refactoring or testing.. > Note: I think another patch changing whitespaces to correspond with our > coding > policy is in order after this one is pushed. > Agreed that we should unify the code w.r.t. whitespace used (die tabs, die..) This could be a cleanup task later on. >From 29fc8d7c5785c25b838751767c307cb7bc3ad14c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 3 Jan 2011 16:16:57 +0100 Subject: [PATCH] Do not use LDAP_DEPRECATED in plugins Remove the LDAP_DEPRECATED constant and do not use functions that are marked as deprecated in recent OpenLDAP releases. Also always define WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that depend on that constant. https://fedorahosted.org/freeipa/ticket/576 --- daemons/configure.ac |2 + daemons/ipa-kpasswd/ipa_kpasswd.c | 18 +-- daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h |2 - .../ipa-pwd-extop/ipapwd_common.c | 50 +++ .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c| 24 - ipa-client/ipa-client-common.h |4 ++ ipa-client/ipa-getkeytab.c |4 -- ipa-client/ipa-join.c | 31 +++-- 8 files changed, 106 insertions(+), 29 deletions(-) diff --git a/daemons/configure.ac b/daemons/configure.ac index 221a63a..370c5d6 100644 --- a/daemons/configure.ac +++ b/daemons/configure.ac @@ -199,9 +199,11 @@ AC_ARG_WITH([openldap], if test "x$with_openldap" == xyes; then LDAP_CFLAGS="${OPENLDAP_CFLAGS} $NSPR4 $NSS3 -DUSE_OPENLDAP" LDAP_LIBS="${OPENLDAP_LIBS}" +AC_DEFINE_UNQUOTED(WITH_OPENLDAP, 1, [Use OpenLDAP libraries]) else LDAP_CFLAGS="${MOZLDAP_CFLAGS}" LDAP_LIBS="${MOZLDAP_LIBS}" +AC_DEFINE_UNQUOTED(WITH_MOZLDAP, 1, [Use Mozilla LDAP libraries]) fi AC_SUBST(LDAP_CFLAGS) AC_SUBST(LDAP_LIBS) diff --git a/daemons/ipa-kpasswd/ipa_kpasswd.c b/daemons/ipa-kpasswd/ipa_kpasswd.c index 9b4c2dd..a506cec 100644 --- a/daemons/ipa-kpasswd/ipa_kpasswd.c +++ b/daemons/ipa-kpasswd/ipa_kpasswd.c @@ -42,7 +42,6 @@ #ifdef WITH_MOZLDAP #include #else -#define LDAP_DEPRECATED 1 #include #endif #include @@ -331,6 +330,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e struct berval *control = NULL; struct berval newpw; char hostname[1024]; + char *uri; struct berval **ncvals; char *ldap_base = NULL; char *filter; @@ -386,11 +386,19 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e goto done; } + ret = asprintf(&uri, "ldap://%s:389";, hostname); + if (ret == -1) { + syslog(LOG_ERR, "Out of memory!"); + goto done; + } + /* connect to ldap server */ /* TODO: support referrals ? */ - ld = ldap_init(hostname, 389); - if(ld == NULL) { - syslog(LOG_ERR, "Unable to connect to ldap server"); + ret = ldap_initialize(&ld, uri); + free(uri); + if(ret != LDAP_SUCCESS) { + syslog(LOG_ERR, "Unable to connect to ldap server: %s", + ldap_err2string(ret)); goto done; } @@ -414,7 +422,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e /* find base dn */ /* TODO: address the case where we have multiple naming contexts */ tv.tv_sec = 10; - tv.tv_usec = 0; + tv.tv_usec = 0; ret = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, "objectclass=*", root_attrs, 0, diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h index 4f8764f..aaaeeb7 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h +++ b/daemons/ipa-
Re: [Freeipa-devel] [PATCH] admiyo-0131-facet-nesting
On 1/7/2011 5:54 AM, Adam Young wrote: Use this patch to see the changes in the meta data. Depends on 131 ACK and pushed 131 & 132. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0130-dns-record-style
On 1/7/2011 1:16 AM, Adam Young wrote: Fixes https://fedorahosted.org/freeipa/ticket/693 ACK and pushed. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Move undo button next to selected radio button.
On 01/06/2011 08:40 PM, Endi Sukma Dewata wrote: Hi, The attached patch should fix item #2 in this bug: https://fedorahosted.org/freeipa/ticket/671 Thanks! ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK. Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Move undo button next to selected radio button.
Hi, The attached patch should fix item #2 in this bug: https://fedorahosted.org/freeipa/ticket/671 Thanks! -- Endi S. Dewata From 7a1f7cb1e0ad73316fbeb132a16e09195e6147fd Mon Sep 17 00:00:00 2001 From: Endi S. Dewata Date: Fri, 7 Jan 2011 08:26:20 +0700 Subject: [PATCH] Move undo button next to selected radio button. --- install/static/sudorule.js | 55 1 files changed, 40 insertions(+), 15 deletions(-) diff --git a/install/static/sudorule.js b/install/static/sudorule.js index ec90bf618d731fc1581ff1de1c9449d36c7e2959..23135c00b8dc2734db976cf06f7e5473aa38ea17 100755 --- a/install/static/sudorule.js +++ b/install/static/sudorule.js @@ -596,43 +596,68 @@ function ipa_sudorule_details_command_section(spec){ title: param_info ? param_info.doc : 'cmdcategory' }).appendTo(container); +var undo = $('', { +'name': 'undo', +'class': 'ui-state-highlight ui-corner-all', +'style': 'display: none;', +'html': 'undo' +}).appendTo(span); + $('', { -'type': 'radio', -'name': 'cmdcategory', -'value': 'allow' +type: 'radio', +name: 'cmdcategory', +value: 'allow', +click: function() { +undo.detach(); +undo.appendTo(option1_undo); +} }).appendTo(span); +// TODO: replace with i18n label span.append('Allow Any Command / Group'); span.append(' '); -$('', { -'name': 'undo', -'class': 'ui-state-highlight ui-corner-all', -'style': 'display: none;', -'html': 'undo' -}).appendTo(span); +var option1_undo = $('').appendTo(span); span.append(''); $('', { -'type': 'radio', -'name': 'cmdcategory', -'value': 'deny' +type: 'radio', +name: 'cmdcategory', +value: 'deny', +click: function() { +undo.detach(); +undo.appendTo(option2_undo); +} }).appendTo(span); +// TODO: replace with i18n label span.append('Deny Any Command / Group'); +span.append(' '); + +var option2_undo = $('').appendTo(span); + span.append(''); $('', { -'type': 'radio', -'name': 'cmdcategory', -'value': '' +type: 'radio', +name: 'cmdcategory', +value: '', +click: function() { +undo.detach(); +undo.appendTo(option3_undo); +} }).appendTo(span); +// TODO: replace with i18n label span.append('Specific Command / Group'); +span.append(' '); + +var option3_undo = $('').appendTo(span); + // TODO: replace with i18n label $('', { text: 'Allow', -- 1.6.6.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0133-bad-request-workaround
From 4c542393c0a9917ca22ece54f84bd3a21c601934 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Thu, 6 Jan 2011 17:57:28 -0500 Subject: [PATCH] bad request workaround not a permanent fix, but makes the web server accept valied request. https://fedorahosted.org/freeipa/ticket/691 --- install/conf/ipa-rewrite.conf |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/install/conf/ipa-rewrite.conf b/install/conf/ipa-rewrite.conf index f6bc9d01350f9b8b9c797b6511a656eb23b47762..ec9912c6834da23d3891571191f449c1ad60f3aa 100644 --- a/install/conf/ipa-rewrite.conf +++ b/install/conf/ipa-rewrite.conf @@ -1,6 +1,9 @@ # VERSION 2 - DO NOT REMOVE THIS LINE RewriteEngine on +RewriteLog /var/log/httpd/rewrite.log +RewriteLogLevel 0 + # By default forward all requests to /ipa. If you don't want IPA # to be the default on your web server comment this line out. -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0131-facet-nesting
Use this patch to see the changes in the meta data. Depends on 131 On 01/06/2011 05:25 PM, Adam Young wrote: ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel From 2d91fa66bbdaf3562e38afc308319af93c772e8d Mon Sep 17 00:00:00 2001 From: Adam Young Date: Thu, 6 Jan 2011 17:53:08 -0500 Subject: [PATCH] metatdata for facet_groups THis patch updates the metadata with the changes for the facet groups names. It is a large patch only in that the metadata is huge, but the change is trivial --- install/static/test/data/ipa_init.json | 63 1 files changed, 31 insertions(+), 32 deletions(-) diff --git a/install/static/test/data/ipa_init.json b/install/static/test/data/ipa_init.json index 1b43c81d3fa940b9d124dd7290a4fec6741c3de7..e399d8081a1d58121562a5b204a15e57706485fd 100644 --- a/install/static/test/data/ipa_init.json +++ b/install/static/test/data/ipa_init.json @@ -59,7 +59,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -192,7 +192,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -275,7 +275,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -382,7 +382,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -1714,7 +1714,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -2382,7 +2382,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -2600,7 +2600,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -3048,7 +3048,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -3231,7 +3231,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -3709,7 +3709,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -3832,7 +3832,7 @@ "no_indirect_" ], "memberof": [ -"Parent", +"Member Of", "in_", "not_in_" ] @@ -3981,7 +3981,7 @@ "not_man_by_" ], "memberof": [ -
[Freeipa-devel] [PATCH] admiyo-0131-facet-nesting
From c3deab7a6b52d01b559ee657b2c2e09a1c04d9f5 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Thu, 6 Jan 2011 17:14:13 -0500 Subject: [PATCH] facet nesting correctly nest the facet groups change 'parent' to 'member of' for facet group --- install/static/entity.js | 23 ++- install/static/ipa.css | 17 - ipalib/plugins/baseldap.py |2 +- ipalib/plugins/host.py |2 +- ipalib/plugins/netgroup.py |2 +- 5 files changed, 37 insertions(+), 9 deletions(-) diff --git a/install/static/entity.js b/install/static/entity.js index a6f31e84b238276f1343bf3b1d909d7a97403749..7f8d1ec87e59c3ea4eeca5b75fd0f66f478d7901 100644 --- a/install/static/entity.js +++ b/install/static/entity.js @@ -520,22 +520,35 @@ function ipa_facet_create_action_panel(container) { } var li = facet_groups[facet_group]; var link = build_link(other_facet, other_facet.label) +link.addClass('facet-group-member'); li.after(link ); +/* + If we are on the current facet, we make the text black, non-clickable, + add an icon and make suer the action controls are positioned underneath it. + */ if ( other_facet.name === ipa_current_facet( entity)){ var text = link.text(); link.text(''); link.append($(''). -append(''+ text+''). +append($('',{ +'class': 'entity-facet-selected', +html: $('',{ +'class':'input_link', +html:''+ text +})})). append($('',{ html:$('',{ -class:"action-controls"})}))); +class:"action-controls" +}) +})) + ); } facet_groups[facet_group] = li.next(); - } else { -ul.append(build_link(other_facet, other_facet.label)); +var innerlist = $('').appendTo(ul); +innerlist.append(build_link(other_facet, other_facet.label)); if ( other_facet.name === ipa_current_facet( entity)){ -ul.append($('')); +innerlist.append($('')); } } } diff --git a/install/static/ipa.css b/install/static/ipa.css index 85ec91f39e1780e048206f3ebeef496bae2d259b..455781b1c0f6021411c1e420208907ec22f5702e 100644 --- a/install/static/ipa.css +++ b/install/static/ipa.css @@ -465,12 +465,20 @@ span.main-separator{ text-transform: none; } +.action-panel li.entity-facet-selected { +font-family: "FreeWayBold", "Liberation Sans", Arial, Sans; +color: black; +text-transform: uppercase; +cursor: pointer; +} + .action-panel li.entity-facet-disabled { font-family: "Liberation Sans",Arial,sans-serif; color: gray; cursor: default; text-decoration: none; text-transform: none; + } .action-panel li.entity-facet-relation-label { @@ -479,8 +487,14 @@ span.main-separator{ cursor: default; text-transform: uppercase; font-size: 1.2em; +margin-left:1.8em; } +.action-panel li.facet-group-member { +margin-left:3.6em; +} + + .action-button { background: none; background-image:none; @@ -489,7 +503,8 @@ span.main-separator{ } .action-controls { -padding-left: 2em; +position: relative; +display:inline; } .client { diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 688f35badf6dc1ae614cb4fc26865aeabe9caba1..ecc3fd0b94ee329ee608f02a187309afaf29d938 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -250,7 +250,7 @@ class LDAPObject(Object): relationships = { # attribute: (label, inclusive param prefix, exclusive param prefix) 'member': ('Member', '', 'no_'), -'memberof': ('Parent', 'in_', 'not_in_'), +'memberof': ('Member Of', 'in_', 'not_in_'), 'memberindirect': ( 'Indirect Member', None, 'no_indirect_' ), diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 3b0b8eef453e6e08f40bd4f2d15fa7ab0c5cf404..9cc9978637a79a0356082dcb6031427e32d19990 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -171,7 +171,7 @@ class host(LDAPObject): } bindable = True relationships = { -'memberof': ('Parent', 'in_', 'not_in_'),
Re: [Freeipa-devel] [PATCH] 033 Add new installer option for reverse zone creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/06/2011 06:31 PM, Jakub Hrozek wrote: > On 01/05/2011 05:52 PM, Dmitri Pal wrote: >> Jan Zelený wrote: >>> Jakub Hrozek wrote: >>> On 01/05/2011 01:09 PM, Jan Zelený wrote: > Jakub Hrozek wrote: > >> ticket #678 >> > Nack, the unattended option given to the create_reverse function is > redundant, please remove it. > > Jan > OK, new patch attached. >>> >>> ack >>> >>> >> Jenny had some questions about the default value. Please hold off >> pushing before you reconcile with her. > > > > Based on recent discussion, I am withdrawing this patch and will prepare > a new one that will set up DNS by default, introduce a new option > --no-dns instead and also introduce --uninstall to ipa-dns-install. > > Jakub On reading the complete discussion (thanks for reminding me, Dmitri), we only flip the default for the reverse zone creation to True. Attached is a patch that has a --no-reverse option instead of --create-reverse and reverts the default in the installer. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0mDTYACgkQHsardTLnvCUMWQCeNYao4fZ83QHBsmZYnP7C67R7 3NIAoJlJQZbkaZADzo19iOnLKxo+ilfz =71kA -END PGP SIGNATURE- From 02e5e7944cc8dca6442e1077e8949c2a78e001a0 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 4 Jan 2011 08:55:47 -0500 Subject: [PATCH] Create the reverse zone by default A new option to specify reverse zone creation for unattended installs https://fedorahosted.org/freeipa/ticket/678 --- install/tools/ipa-dns-install |9 - install/tools/ipa-replica-install | 14 +- install/tools/ipa-server-install | 14 -- ipaserver/install/bindinstance.py |8 +++- 4 files changed, 36 insertions(+), 9 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index d4cd1eb..1e1dde5 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -40,6 +40,9 @@ def parse_options(): help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") +parser.add_option("--no-reverse", dest="no_reverse", + action="store_true", default=False, + help="Do not create reverse DNS zone") parser.add_option("--zonemgr", dest="zonemgr", help="DNS zone manager e-mail address. Defaults to root") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", @@ -164,7 +167,11 @@ def main(): # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) -create_reverse = bindinstance.create_reverse(options.unattended) +create_reverse = True +if options.unattended: +create_reverse = not options.no_reverse +elif not options.no_reverse: +create_reverse = bindinstance.create_reverse() bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) bind.create_instance() diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 9dda13f..2acc84e 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -66,6 +66,8 @@ def parse_options(): help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") +parser.add_option("--no-reverse", dest="no_reverse", action="store_true", + default=False, help="Do not create reverse DNS zone") parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true", default=False, help="Do not use DNS for hostname lookup during installation") @@ -83,6 +85,8 @@ def parse_options(): parser.error("You cannot specify a --forwarder option without the --setup-dns option") if options.no_forwarders: parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") +if options.no_reverse: +parser.error("You cannot specify a --no-reverse option without the --setup-dns option") elif options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") elif not options.forwarders and not options.no_forwarders: @@ -247,7 +251,15 @@ def install_bind(config, options): ip_address = resolve_host(config.
Re: [Freeipa-devel] [PATCH] Fixed tooltips in SUDO details page.
On 01/06/2011 10:32 AM, Endi Sukma Dewata wrote: Hi, The attached patch should fix item #1 in the following ticket: https://fedorahosted.org/freeipa/ticket/671 The title attribute in various HTML elements in SUDO details page has been set to show the proper tooltips. Most of the values are taken from the 'doc' attribute of sudorule parameters. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK. Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0043 fix ipa-dns-install to not require DM password
On Thu, 2011-01-06 at 10:35 +0100, Jan Zelený wrote: > Simo Sorce wrote: > > This patch makes it possible to run ipa-dns-install and use the admin > > kerberos credentials. > > > > Fixes #686. > > > > Simo. > > Nack, I have some comments: > > Exception handling (chunk #4): > Those prints should go away. But the main thing: that particular part of code > doesn't seem to produce any exceptions, which should be handled > > Function ldap_disconnect isn't used anywhere. That makes me wonder - is it > redundant or should it be somewhere in the code. I guess this is a policy > issue - either we want the connection to stay as long as possible or we want > to use it only for a certain set of commands and then disconnect it. Attached new patch that fixes hunk #4. Actually I ended up using ldap_disconnect() here as we need to test the ldap connection anyway. I also had to do minor changes to Bindinstance() as the code was clearing self.fqdn after Service.__init__ set it. Simo. binMFCLJMSzS8.bin Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0130-dns-record-style
Fixes https://fedorahosted.org/freeipa/ticket/693 From 7181e6ff4c9b21c079d329cac11402244c6e9c41 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Thu, 6 Jan 2011 13:14:38 -0500 Subject: [PATCH] dns record style THe client aread class is added after the create call. THe logic assumes that there are two divs under the tabs. THe records facet broke that assumption. THis fixes it --- install/static/policy.js |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/install/static/policy.js b/install/static/policy.js index 038b63071637b1cbe2ab42fb41679a713542a9d0..e80cd6034563bbdcf533ebf4d0fdb285e9004775 100644 --- a/install/static/policy.js +++ b/install/static/policy.js @@ -277,6 +277,9 @@ function ipa_records_facet(spec){ }; function create(container) { +var details = $('', { +'class': 'content' +}).appendTo(container); } function setup(container){ -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0129-remove-list-header
On 01/06/2011 12:54 PM, Kyle Baker wrote: ACK, push it. - Original Message - Makes list pages look like the spec ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0129-remove-list-header
ACK, push it. - Original Message - > Makes list pages look like the spec > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From 79c0b1e14b871d2136cca7c761a1864afb665c22 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Thu, 6 Jan 2011 12:52:17 -0500 Subject: [PATCH] remove list header --- install/static/search.js |4 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/install/static/search.js b/install/static/search.js index a111e0cada1bcf84bf88ea0dc5ecd9b466e4022b..613d24a824c3818cf719be6bd6936e197040a356 100644 --- a/install/static/search.js +++ b/install/static/search.js @@ -357,10 +357,6 @@ function ipa_search_facet(spec) { that.table.create(span); -container.children().last().prepend( -$('', { 'html': IPA.metadata[that.entity_name].label })); -container.children().last().prepend(''); - } function setup(container) { -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0129-remove-list-header
Makes list pages look like the spec From 79c0b1e14b871d2136cca7c761a1864afb665c22 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Thu, 6 Jan 2011 12:52:17 -0500 Subject: [PATCH] remove list header --- install/static/search.js |4 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/install/static/search.js b/install/static/search.js index a111e0cada1bcf84bf88ea0dc5ecd9b466e4022b..613d24a824c3818cf719be6bd6936e197040a356 100644 --- a/install/static/search.js +++ b/install/static/search.js @@ -357,10 +357,6 @@ function ipa_search_facet(spec) { that.table.create(span); -container.children().last().prepend( -$('', { 'html': IPA.metadata[that.entity_name].label })); -container.children().last().prepend(''); - } function setup(container) { -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0128-action-panel-style
On 01/06/2011 12:36 PM, Kyle Baker wrote: ACK, but change the font size to 11px. - Original Message - Some of the changes necessary for the actions panel. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Changed font size and pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 033 Add new installer option for reverse zone creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/05/2011 05:52 PM, Dmitri Pal wrote: > Jan Zelený wrote: >> Jakub Hrozek wrote: >> >>> On 01/05/2011 01:09 PM, Jan Zelený wrote: >>> Jakub Hrozek wrote: > ticket #678 > Nack, the unattended option given to the create_reverse function is redundant, please remove it. Jan >>> OK, new patch attached. >>> >> >> ack >> >> > Jenny had some questions about the default value. Please hold off > pushing before you reconcile with her. > > Based on recent discussion, I am withdrawing this patch and will prepare a new one that will set up DNS by default, introduce a new option - --no-dns instead and also introduce --uninstall to ipa-dns-install. Jakub -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0l/IgACgkQHsardTLnvCUqSwCgyplUxrEcokgFzzDQS4zVhh8x zIoAn0YTNxO4DS/Mcd9PALDWnpVpcDZB =k3e/ -END PGP SIGNATURE- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] bind-dyndb-ldap: new parameter "timeout"
Hello, attached patch introduces new bind-dyndb-ldap parameter called "timeout". It controls timeout of the LDAP queries and by default is set to 10 seconds. The patch solves https://fedorahosted.org/bind-dyndb-ldap/ticket/3. Regards, Adam -- Adam Tkac, Red Hat, Inc. >From ab991832581345bf40372fe7e1c488edb1567c1a Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Thu, 6 Jan 2011 18:17:14 +0100 Subject: [PATCH] Add new parameter - "timeout". This parameter controls timeout of the LDAP queries. Generally timeout of resolvers is 5 seconds so 10 seconds by default should be enough. Solves ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/3. Signed-off-by: Adam Tkac --- README|5 + src/ldap_helper.c | 11 ++- 2 files changed, 15 insertions(+), 1 deletions(-) diff --git a/README b/README index 758f141..5c80344 100644 --- a/README +++ b/README @@ -139,6 +139,11 @@ zone_refresh (default 0) a zone. If this option is set to 0, the LDAP driver will never refresh the settings. +timeout (default 10) + Timeout (in seconds) of the queries to the LDAP server. If the LDAP + server don't respond before this timeout then lookup is aborted and + BIND returns SERVFAIL. Value "0" means infinite timeout (no timeout). + 5.2 Sample configuration diff --git a/src/ldap_helper.c b/src/ldap_helper.c index fbe9f9e..9659b9d 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -126,6 +126,7 @@ struct ldap_instance { ld_string_t *base; unsigned intconnections; unsigned intreconnect_interval; + unsigned inttimeout; ldap_auth_t auth_method; ld_string_t *bind_dn; ld_string_t *password; @@ -291,6 +292,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, { "uri", no_default_string }, { "connections", default_uint(2)}, { "reconnect_interval", default_uint(60)}, + { "timeout", default_uint(10) }, { "base",no_default_string }, { "auth_method", default_string("none") }, { "bind_dn", default_string("") }, @@ -346,6 +348,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, ldap_settings[i++].target = ldap_inst->uri; ldap_settings[i++].target = &ldap_inst->connections; ldap_settings[i++].target = &ldap_inst->reconnect_interval; + ldap_settings[i++].target = &ldap_inst->timeout; ldap_settings[i++].target = ldap_inst->base; ldap_settings[i++].target = auth_method_str; ldap_settings[i++].target = ldap_inst->bind_dn; @@ -1258,6 +1261,7 @@ ldap_query(ldap_connection_t *ldap_conn, const char *base, int scope, char **att { va_list ap; isc_result_t result; + struct timeval timeout; REQUIRE(ldap_conn != NULL); @@ -1273,12 +1277,15 @@ ldap_query(ldap_connection_t *ldap_conn, const char *base, int scope, char **att return ISC_R_FAILURE; } + timeout.tv_sec = ldap_conn->database->timeout; + timeout.tv_usec = 0; + do { int ret; ret = ldap_search_ext_s(ldap_conn->handle, base, scope, str_buf(ldap_conn->query_string), - attrs, attrsonly, NULL, NULL, NULL, + attrs, attrsonly, NULL, NULL, &timeout, LDAP_NO_LIMIT, &ldap_conn->result); if (ret == 0) { @@ -1697,6 +1704,8 @@ handle_connection_error(ldap_connection_t *ldap_conn, isc_result_t *result) log_error("connection to the LDAP server was lost"); if (ldap_connect(ldap_conn) == ISC_R_SUCCESS) return 1; + } else if (err_code == LDAP_TIMEOUT) { + log_error("LDAP query timed out. Try to adjust \"timeout\" parameter"); } else { err_string = ldap_err2string(err_code); } -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0128-action-panel-style
Some of the changes necessary for the actions panel. From 3291c53b2d882adaa3afb416f787e0990c86bb38 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Thu, 6 Jan 2011 11:22:57 -0500 Subject: [PATCH] action panel style make clickable links blue change spacing to keep headers from wrapping convert most px values to em, to support scaling indent action controls and place them under the active facet --- install/static/entity.js | 37 -- install/static/ipa.css | 180 + 2 files changed, 114 insertions(+), 103 deletions(-) diff --git a/install/static/entity.js b/install/static/entity.js index 8620ef09dad4c0e9e50cc3ab4450ac3f1828b6e3..a6f31e84b238276f1343bf3b1d909d7a97403749 100644 --- a/install/static/entity.js +++ b/install/static/entity.js @@ -486,11 +486,22 @@ function ipa_facet_create_action_panel(container) { /*assume for now that entities with only a single facet do not have search*/ if (entity.facets.length > 0 ){ -main_facet.text( 'List ' + IPA.metadata[entity_name].label); +if ( entity.facets[0].name === ipa_current_facet( entity)){ +main_facet.text( IPA.metadata[entity_name].label); +main_facet.appendTo(ul); +ul.append($('')); +}else{ +main_facet.html( +$('',{ +"class":"input_link" +}).append( +$('',{ +"class":"ui-icon ui-icon-triangle-1-w " +}) +).append('Back to List ')); +main_facet.appendTo(ul); +} } -main_facet.appendTo(ul); - -ul.append($('')); var facet_groups = {}; for (var i=1; i'). +append(''+ text+''). +append($('',{ +html:$('',{ +class:"action-controls"})}))); +} facet_groups[facet_group] = li.next(); + } else { ul.append(build_link(other_facet, other_facet.label)); +if ( other_facet.name === ipa_current_facet( entity)){ +ul.append($('')); +} } } }else{ diff --git a/install/static/ipa.css b/install/static/ipa.css index df138aa2f5ed1a38953e10bc83ebc3291c14a583..5388a4166b480322904f5b7d6cfee66902e7fe81 100644 --- a/install/static/ipa.css +++ b/install/static/ipa.css @@ -8,16 +8,20 @@ */ -body{ -border-width: 0; -font-family:"Liberation Sans",Arial,Sans; -font-size:62.5%; -margin: 0; -} - @font-face {font-family: "FreeWay"; src:url("FreeWay.otf");} @font-face {font-family: "FreeWayBold"; src:url("FreeWay-Bold.otf");} +body{ +border-width: 0; +font-family:"Liberation Sans",Arial,Sans; +font-size:10px; +margin: 0; +} + +.ui-widget { +font-size: 1em; +} + .input_link { padding: .4em 1em .4em 2em; text-decoration: none; @@ -28,18 +32,17 @@ body{ .input_link span.ui-icon { -moz-border-radius: 0.3em; border: 1px solid #B8B8B8; -margin: -9px 0.4em 0em -0.3em; +margin: -0.9em 0.4em 0em -0.3em; position: absolute; left: .2em; top: 50%; - } /* Header */ div.header { background-color:#0C3B00; width: 100%; -height: 40px; +height: 4em; } div.header a { @@ -65,32 +68,22 @@ div.header span.header-logo a img { } div.header span.header-loggedinas { -width: 960px; +width: 96em; color: #fff; display: block; padding-left: none; -margin-top: -26px; +margin-top: -2.6em; margin-left: auto; -margin-right: 276px; -width: 200px; +margin-right: 27.6em; +width: 20em; } - - /* Navigation */ div.tabs { overflow: auto; width: 100%; height: 100%; -min-height: 400px; -} - -h1 { -font-size: 26pt; -font-weight: bold; -margin-bottom: 30px; -margin-left: 15px; -margin-top: 18px; +min-height: 40em; } div#content { @@ -101,7 +94,7 @@ div#content { ul#viewtype { -padding-left: 20px; +padding-left: 2em; } ul#viewtype li { @@ -109,7 +102,7 @@ ul#viewtype li { display: inline; font-weight: bold; list-style-type: none; -padding-right: 20px; +padding-right: 2em; } @@ -123,7 +116,7 @@ ul#viewtype li a { div.content div.content-buttons { float: right; -margin-right: 15px; +margin-right: 1.5em; } div.content div.content-buttons img { @@ -136,8 +129,8 @@ h2 { font-weight: normal; color: #33; text-transform: uppercase; -margin-left: 15px; -margin-bottom: 0px; +margin-l
Re: [Freeipa-devel] [PATCH] fixed typo for description usage example
JR Aquino wrote: There was a typo in the example for cli usage of sudocmd This is a 1 liner patch to correct the usage syntax and addresses ticket #704: https://fedorahosted.org/freeipa/ticket/704 -JR ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Handle error messages during Host operations
Martin Kosek wrote: Only a generic error message were displayed when a non-existing host was passed to host-del or host-disable operations. This patch adds catching these generic exceptions and raising new exceptions with the correct error message. https://fedorahosted.org/freeipa/ticket/303 ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Include some directories in spec file
Jan Zelený wrote: ipa.spec.in |2 ++ ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Fixed tooltips in SUDO details page.
Hi, The attached patch should fix item #1 in the following ticket: https://fedorahosted.org/freeipa/ticket/671 The title attribute in various HTML elements in SUDO details page has been set to show the proper tooltips. Most of the values are taken from the 'doc' attribute of sudorule parameters. -- Endi S. Dewata From 3844bebbd6b392765550e2cdfdbc20f86aa84a5c Mon Sep 17 00:00:00 2001 From: Endi S. Dewata Date: Thu, 6 Jan 2011 21:16:05 +0700 Subject: [PATCH] Fixed tooltips in SUDO details page. The title attribute in various HTML elements in SUDO details page has been set to show the proper tooltips. Most of the values are taken from the 'doc' attribute of sudorule parameters. --- install/static/details.js | 10 ++-- install/static/rule.js | 14 - install/static/sudorule.js | 126 --- 3 files changed, 123 insertions(+), 27 deletions(-) diff --git a/install/static/details.js b/install/static/details.js index 61c5579690897453daf440c4943b33c706bca531..7dfc0043054033242ea1fa03c65f52dbe379a11b 100644 --- a/install/static/details.js +++ b/install/static/details.js @@ -475,8 +475,9 @@ function ipa_details_facet(spec) { var section = that.sections[i]; $('', { -'name': section.name, -'html': that.get_section_header_prefix(true) + ' ' + section.label +name: section.name, +title: section.label, +html: that.get_section_header_prefix(true) + ' ' + section.label }).appendTo(details); var div = $('', { @@ -579,8 +580,9 @@ function ipa_button(spec) { spec = spec || {}; var button = $('', { -'id': spec.id, -'html': spec.label, +id: spec.id, +html: spec.label, +title: spec.title || spec.label, 'class': 'ui-state-default ui-corner-all input_link' }); diff --git a/install/static/rule.js b/install/static/rule.js index 885edaa0a649202a655ad675abeaa885b7be8cb8..96b5ab338645f316b5f8b945e3c71b808d444a69 100755 --- a/install/static/rule.js +++ b/install/static/rule.js @@ -38,7 +38,12 @@ function ipa_rule_details_section(spec){ if (that.text) container.append(that.text); -var span = $('', { 'name': that.field_name }).appendTo(container); +var param_info = ipa_get_param_info(that.entity_name, that.field_name); + +var span = $('', { +name: that.field_name, +title: param_info.doc +}).appendTo(container); if (that.options.length) { for (var i=0; i', { 'name': table.field_name }).appendTo(span); +param_info = ipa_get_param_info(that.entity_name, table.field_name); + +var table_span = $('', { +name: table.field_name, +title: param_info ? param_info.doc : table.field_name +}).appendTo(span); var field = that.get_field(table.field_name); field.create(table_span); diff --git a/install/static/sudorule.js b/install/static/sudorule.js index bc1ba95bfc7476b95fb329103010fe85a8e30206..ec90bf618d731fc1581ff1de1c9449d36c7e2959 100755 --- a/install/static/sudorule.js +++ b/install/static/sudorule.js @@ -435,16 +435,22 @@ function ipa_sudorule_details_general_section(spec){ 'style': 'width: 100%;' }).appendTo(container); +var param_info = ipa_get_param_info(that.entity_name, 'cn'); + var tr = $('').appendTo(table); var td = $('', { -'style': 'width: 100px; text-align: right;', -'html': 'Name:' +style: 'width: 100px; text-align: right;', +html: param_info.label+':', +title: param_info ? param_info.doc : 'cn' }).appendTo(tr); td = $('').appendTo(tr); -var span = $('', { 'name': 'cn' }).appendTo(td); +var span = $('', { +name: 'cn', +title: param_info ? param_info.doc : 'cn' +}).appendTo(td); $('', { 'type': 'text', @@ -461,16 +467,22 @@ function ipa_sudorule_details_general_section(spec){ 'html': 'undo' }).appendTo(span); +param_info = ipa_get_param_info(that.entity_name, 'description'); + tr = $('').appendTo(table); td = $('', { -'style': 'text-align: right; vertical-align: top;', -'html': 'Description:' +style: 'text-align: right; vertical-align: top;', +html: param_info.label+':', +title: param_info ? param_info.doc : 'description' }).appendTo(tr); td = $('').appendTo(tr); -span = $('', { 'name': 'description' }).appendTo(td); +span = $('', { +name: 'description', +title: param_info ? param_info.doc : 'description' +}).appendTo(td); $('', { 'name': 'description', @@ -487,16 +499,23 @@ function ipa_sudo
[Freeipa-devel] [PATCH] fixed typo for description usage example
There was a typo in the example for cli usage of sudocmd This is a 1 liner patch to correct the usage syntax and addresses ticket #704: https://fedorahosted.org/freeipa/ticket/704 -JR freeipa-jraquino-0012-fixed-typo-for-description-usage.patch Description: freeipa-jraquino-0012-fixed-typo-for-description-usage.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Handle error messages during Host operations
Only a generic error message were displayed when a non-existing host was passed to host-del or host-disable operations. This patch adds catching these generic exceptions and raising new exceptions with the correct error message. https://fedorahosted.org/freeipa/ticket/303 >From 8e1db8fa88fa16226055e69b9dade832e94eae9e Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 6 Jan 2011 13:27:24 +0100 Subject: [PATCH] Handle error messages during Host operations Only a generic error message were displayed when a non-existing host was passed to host-del or host-disable operations. This patch adds catching these generic exceptions and raising new exceptions with the correct error message. https://fedorahosted.org/freeipa/ticket/303 --- ipalib/plugins/host.py | 11 +-- 1 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index e24da1bf3cacba9a20f56d25a05fab2344243940..3b0b8eef453e6e08f40bd4f2d15fa7ab0c5cf404 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -456,7 +456,11 @@ class host_del(LDAPDelete): _attribute_types[attr], record[attr][i]) break -(dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate']) +try: +(dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate']) +except errors.NotFound: +self.obj.handle_not_found(*keys) + if 'usercertificate' in entry_attrs: cert = normalize_certificate(entry_attrs.get('usercertificate')[0]) try: @@ -651,7 +655,10 @@ class host_disable(LDAPQuery): done_work = False dn = self.obj.get_dn(*keys, **options) -(dn, entry_attrs) = ldap.get_entry(dn, ['krblastpwdchange', 'usercertificate']) +try: +(dn, entry_attrs) = ldap.get_entry(dn, ['krblastpwdchange', 'usercertificate']) +except errors.NotFound: +self.obj.handle_not_found(*keys) truncated = True while truncated: -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 034 Do not use LDAP_DEPRECATED in plugins and client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Remove the LDAP_DEPRECATED constant and do not use functions that are marked as deprecated in recent OpenLDAP releases. Also always define WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that depend on that constant. A related question - since we only support Fedora 14 now and we always compile with --with-openldap on that platform, should we remove the mozldap code altogether? I don't think it would cause any harm, realistically, there should be no users. https://fedorahosted.org/freeipa/ticket/576 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0lp1gACgkQHsardTLnvCXCxwCgvsea3YRxufYCk3jMsqRjWBvC rwcAoK+UE2vqbyplGptEU/5ucmGH5S11 =Knnx -END PGP SIGNATURE- From 63a9d029446b2cf40a71dbc35ced8383e82aa967 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 3 Jan 2011 16:16:57 +0100 Subject: [PATCH] Do not use LDAP_DEPRECATED in plugins Remove the LDAP_DEPRECATED constant and do not use functions that are marked as deprecated in recent OpenLDAP releases. Also always define WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that depend on that constant. https://fedorahosted.org/freeipa/ticket/576 --- daemons/configure.ac |2 + daemons/ipa-kpasswd/ipa_kpasswd.c | 18 +-- daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h |8 ++- .../ipa-pwd-extop/ipapwd_common.c | 50 +++ .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c| 24 - ipa-client/ipa-client-common.h |4 ++ ipa-client/ipa-getkeytab.c |4 -- ipa-client/ipa-join.c | 31 +++-- 8 files changed, 112 insertions(+), 29 deletions(-) diff --git a/daemons/configure.ac b/daemons/configure.ac index 221a63a..370c5d6 100644 --- a/daemons/configure.ac +++ b/daemons/configure.ac @@ -199,9 +199,11 @@ AC_ARG_WITH([openldap], if test "x$with_openldap" == xyes; then LDAP_CFLAGS="${OPENLDAP_CFLAGS} $NSPR4 $NSS3 -DUSE_OPENLDAP" LDAP_LIBS="${OPENLDAP_LIBS}" +AC_DEFINE_UNQUOTED(WITH_OPENLDAP, 1, [Use OpenLDAP libraries]) else LDAP_CFLAGS="${MOZLDAP_CFLAGS}" LDAP_LIBS="${MOZLDAP_LIBS}" +AC_DEFINE_UNQUOTED(WITH_MOZLDAP, 1, [Use Mozilla LDAP libraries]) fi AC_SUBST(LDAP_CFLAGS) AC_SUBST(LDAP_LIBS) diff --git a/daemons/ipa-kpasswd/ipa_kpasswd.c b/daemons/ipa-kpasswd/ipa_kpasswd.c index 9b4c2dd..18a2894 100644 --- a/daemons/ipa-kpasswd/ipa_kpasswd.c +++ b/daemons/ipa-kpasswd/ipa_kpasswd.c @@ -42,7 +42,6 @@ #ifdef WITH_MOZLDAP #include #else -#define LDAP_DEPRECATED 1 #include #endif #include @@ -331,6 +330,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e struct berval *control = NULL; struct berval newpw; char hostname[1024]; +char *uri; struct berval **ncvals; char *ldap_base = NULL; char *filter; @@ -386,11 +386,19 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e goto done; } +ret = asprintf(&uri, "ldap://%s:389";, hostname); +if (ret == -1) { +syslog(LOG_ERR, "Out of memory!"); +goto done; +} + /* connect to ldap server */ /* TODO: support referrals ? */ - ld = ldap_init(hostname, 389); - if(ld == NULL) { - syslog(LOG_ERR, "Unable to connect to ldap server"); +ret = ldap_initialize(&ld, uri); +free(uri); + if(ret != LDAP_SUCCESS) { + syslog(LOG_ERR, "Unable to connect to ldap server: %s", +ldap_err2string(ret)); goto done; } @@ -414,7 +422,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e /* find base dn */ /* TODO: address the case where we have multiple naming contexts */ tv.tv_sec = 10; - tv.tv_usec = 0; + tv.tv_usec = 0; ret = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, "objectclass=*", root_attrs, 0, diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h index 4f8764f..c3d13fb 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h @@ -41,6 +41,12 @@ # include #endif +#ifdef WITH_MOZLDAP +#include +#else +#include +#endif + #include #include #include @@ -49,8 +55,6 @@ #include #include -#define LDAP_DEPRECATED 1 - #include #include #include diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index cf6b3fc..2bc36c0 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -373,6 +373,40 @@ static void pwd_values_free(Slapi_ValueSet** results, slapi_vattr_values_free(results, actual_type_name, buffer_
Re: [Freeipa-devel] [PATCH] 0043 fix ipa-dns-install to not require DM password
On Thu, 2011-01-06 at 10:35 +0100, Jan Zelený wrote: > Simo Sorce wrote: > > This patch makes it possible to run ipa-dns-install and use the admin > > kerberos credentials. > > > > Fixes #686. > > > > Simo. > > Nack, I have some comments: > > Exception handling (chunk #4): > Those prints should go away. But the main thing: that particular part of code > doesn't seem to produce any exceptions, which should be handled Ok I will remove that part, it was half debugging code and half to handle code that has been later changed. > Function ldap_disconnect isn't used anywhere. That makes me wonder - is it > redundant or should it be somewhere in the code. I guess this is a policy > issue - either we want the connection to stay as long as possible or we want > to use it only for a certain set of commands and then disconnect it. I initially used it to do connect,op,disconnect, but later decided it was better to let connection live as long as the instance was around. In a future patch we may even move admin_conn to be a global handler so that multiple instances will use just one connection instead of having one pending per-instance type, but I didn't want to go that far. However I didn't remove ldap_disconnect because it will be useful if later on someone needs to change the code to have a temporary connection. I think I may want to use it in the next patch I am working on. I can remove it though and re-add it later if needed, I am ok either way. Simo. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0127-add-missing-files-in-rpm
On 2011-01-05 20:57, Adam Young wrote: Had to move some files around, and added to both Makefile.am and ipa.spec ACK. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0043 fix ipa-dns-install to not require DM password
On Thu, 2011-01-06 at 09:13 +0100, Jan Zelený wrote: > Simo Sorce wrote: > > This patch makes it possible to run ipa-dns-install and use the admin > > kerberos credentials. > > > > Fixes #686. > > > > Simo. > > The patch doesn't apply on current master - does it depend on some other > patch > or just a small glitch? Almost certainly depends on 0042 as I am touching the same files. I will rebase on top of master locally though, so if it still doesn't apply after 0042 let me know and I'll send updated patches. Simo. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel