Add --rights flag to *-show in baseldap so you can retrieve the
effective rights to modify the entry you are viewing.
The output is a dict of attributes. Each value is a list of rights.
It is pretty nasty looking output so I'm only displaying it when --all
is used. This is designed for the UI
https://fedorahosted.org/freeipa/ticket/338
From 16a5be32fd45d6d97e2effd26d3b787ed0c748a4 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Mon, 25 Oct 2010 21:38:14 -0400
Subject: [PATCH] association header
header was missing on the association pages.
---
install/static/associate.js |5 -
On 10/25/2010 06:28 PM, Simo Sorce wrote:
These are a few minor fixes and cleanups I split in multiple patches
for easier review.
1. makes sure we reset the generate flag at every loop, so that we do
not risk a false positive if multiple UUIDs are generated on an entry.
2. makes unlocks safer b
removal of the whoami plugin
From a7ddb2d66c3c535c91c8e665fe7cacc528df6c53 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Mon, 25 Oct 2010 20:36:48 -0400
Subject: [PATCH] whoami goodbye
Removing the whoami plugin, as it has been wrapped up into the user plugin
---
ipalib/plugins/whoami.py |
On Mon, Oct 25, 2010 at 06:59:18PM -0400, Simo Sorce wrote:
> I was meaning to ask you if we have any other way around. Is it
> possible to use a random salt instead of the principal name ?
>
> We do enforce pre-authentication by default, so IIRC it should be
> possible, but it doesn't seem to mak
On Mon, 25 Oct 2010 18:14:12 -0400
Nalin Dahyabhai wrote:
> On Fri, Oct 22, 2010 at 05:38:35PM -0400, Simo Sorce wrote:
> > This plugin intercepts a modrdn change so that when a user is
> > renamed the krbprincipalname is changhed accordingly.
>
> Changing the user's principal name usually break
When the ipaUuidEnforce option is set to TRUE only the Directory
Manager is allowed to set arbitrary values. Any attempt to set
values != the ipaUuidGenerate value by non DirMgr users will throw an
error.
This is useful to enforce UUIDs are always set by the server.
At this moment normal users a
These are a few minor fixes and cleanups I split in multiple patches
for easier review.
1. makes sure we reset the generate flag at every loop, so that we do
not risk a false positive if multiple UUIDs are generated on an entry.
2. makes unlocks safer by tracking when we need to unlock and doing
I had some unusued functions in the uuid and modrdn plugins, do to
copy&paste.
Remove unused functions.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From 60e4b0c7f096e4cfb8827f3127a794bc6f970bb0 Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Mon, 25 Oct 2010 17:12:18 -0400
Subject: [PATCH]
On Fri, Oct 22, 2010 at 05:38:35PM -0400, Simo Sorce wrote:
> This plugin intercepts a modrdn change so that when a user is renamed
> the krbprincipalname is changhed accordingly.
Changing the user's principal name usually breaks the client's ability
to get initial creds, as the default salt is de
Use kerberos password policy.
This lets the KDC count password failures and can lock out accounts for
a period of time. This only works for KDC >= 1.8.
There currently is no way to unlock a locked account across a replica.
MIT Kerberos 1.9 is adding support for doing so. Once that is availab
On 10/25/2010 1:10 PM, Adam Young wrote:
On 10/25/2010 11:26 AM, Adam Young wrote:
On 10/25/2010 10:52 AM, Rob Crittenden wrote:
Adam Young wrote:
Implementation of the UI for DNS records.
Search uses filters.
Much of the code has been cut and pasted from search.js and add.js, but
then signi
On 10/25/2010 03:53 PM, Endi Sukma Dewata wrote:
On 10/25/2010 1:10 PM, Adam Young wrote:
On 10/25/2010 11:26 AM, Adam Young wrote:
On 10/25/2010 10:52 AM, Rob Crittenden wrote:
Adam Young wrote:
Implementation of the UI for DNS records.
Search uses filters.
Much of the code has been cut an
On 10/25/2010 03:19 PM, Rob Crittenden wrote:
Adam Young wrote:
find_entries param
Fixes a bug where find_entries was not passed a parameter for filter.
Instead of fixing the call point, this patch adds a defaulty value for
the parameter,
ack
Pushed to master
___
Adam Young wrote:
find_entries param
Fixes a bug where find_entries was not passed a parameter for filter.
Instead of fixing the call point, this patch adds a defaulty value for
the parameter,
ack
___
Freeipa-devel mailing list
Freeipa-devel@redhat.
Add entitlement plugin for counting client entitlements. This just adds
the capability to tie to a candlepin server or manually import
entitlement certificates. The code to use these to count clients is
still under development.
rob
freeipa-585-entitle.patch
Description: application/mbox
find_entries param
Fixes a bug where find_entries was not passed a parameter for filter.
Instead of fixing the call point, this patch adds a defaulty value
for the parameter,
From c73e71be8a30ca1c3bd9a9738b8db5c0318b781b Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Mon, 25 Oct 201
On 10/25/2010 11:26 AM, Adam Young wrote:
On 10/25/2010 10:52 AM, Rob Crittenden wrote:
Adam Young wrote:
Implementation of the UI for DNS records.
Search uses filters.
Much of the code has been cut and pasted from search.js and add.js, but
then significantly modified. Moving forward, we'll h
pushed under the 1 line rule
From 476d1947a9625943ccc9241cfeceb84ff9590a39 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Mon, 25 Oct 2010 11:45:17 -0400
Subject: [PATCH] remove rule for inc files.
---
ipa.spec.in |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/ipa.spe
Pushed under the 1 line rule
From 476d1947a9625943ccc9241cfeceb84ff9590a39 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Mon, 25 Oct 2010 11:45:17 -0400
Subject: [PATCH] remove rule for inc files.
---
ipa.spec.in |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/ipa.spe
On Mon, Oct 25, 2010 at 11:45:45AM -0400, Simo Sorce wrote:
> On Mon, 25 Oct 2010 11:42:09 -0400
> Nalin Dahyabhai wrote:
>
> > On Mon, Oct 25, 2010 at 10:53:19AM -0400, Rob Crittenden wrote:
> > > Simo Sorce wrote:
> > > >Can you do a modrdn modification on a compat plugin entry ?
> > >
> > > W
On 10/25/2010 10:52 AM, Rob Crittenden wrote:
Adam Young wrote:
This fixes the file: URL for displaying DNS search page.
ack
Pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-d
On Mon, 25 Oct 2010 11:42:09 -0400
Nalin Dahyabhai wrote:
> On Mon, Oct 25, 2010 at 10:53:19AM -0400, Rob Crittenden wrote:
> > Simo Sorce wrote:
> > >Can you do a modrdn modification on a compat plugin entry ?
> >
> > Well, right, I don't know :-) And if not, what error would be
> > raised and
On Mon, Oct 25, 2010 at 10:53:19AM -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> >Can you do a modrdn modification on a compat plugin entry ?
>
> Well, right, I don't know :-) And if not, what error would be raised and
> do/should we catch it?
You should get an insufficient-access (0.17 and
On 10/25/2010 10:52 AM, Rob Crittenden wrote:
Adam Young wrote:
Implementation of the UI for DNS records.
Search uses filters.
Much of the code has been cut and pasted from search.js and add.js, but
then significantly modified. Moving forward, we'll have to determine if
it is worth the effort
Adam Young wrote:
Implementation of the UI for DNS records.
Search uses filters.
Much of the code has been cut and pasted from search.js and add.js, but
then significantly modified. Moving forward, we'll have to determine if
it is worth the effort to integrate.
ack
_
Simo Sorce wrote:
On Mon, 25 Oct 2010 10:39:06 -0400
Rob Crittenden wrote:
Simo Sorce wrote:
On Fri, 22 Oct 2010 17:46:55 -0400
Rob Crittenden wrote:
Simo Sorce wrote:
This plugin intercepts a modrdn change so that when a user is
renamed the krbprincipalname is changhed accordingly.
Th
Adam Young wrote:
This fixes the file: URL for displaying DNS search page.
ack
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Mon, 25 Oct 2010 10:39:06 -0400
Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Fri, 22 Oct 2010 17:46:55 -0400
> > Rob Crittenden wrote:
> >
> >> Simo Sorce wrote:
> >>>
> >>> This plugin intercepts a modrdn change so that when a user is
> >>> renamed the krbprincipalname is changhed accord
On 10/25/2010 10:42 AM, Rob Crittenden wrote:
Adam Young wrote:
On 10/25/2010 08:23 AM, Ben Dubrovsky wrote:
Hi,
I'm sympathetic to the argument that Nielsen makes about reset.
One thing to consider, however, is that he's arguing from a point of
view that differentiates applications from web
Adam Young wrote:
On 10/25/2010 08:23 AM, Ben Dubrovsky wrote:
Hi,
I'm sympathetic to the argument that Nielsen makes about reset.
One thing to consider, however, is that he's arguing from a point of
view that differentiates applications from web pages -- that when
people are using the web, th
Simo Sorce wrote:
On Fri, 22 Oct 2010 17:46:55 -0400
Rob Crittenden wrote:
Simo Sorce wrote:
This plugin intercepts a modrdn change so that when a user is
renamed the krbprincipalname is changhed accordingly.
The second patch activates the plugin.
Simo.
Should ipaModRDNscope be set to th
On 10/25/2010 08:23 AM, Ben Dubrovsky wrote:
Hi,
I'm sympathetic to the argument that Nielsen makes about reset.
One thing to consider, however, is that he's arguing from a point of view that differentiates
applications from web pages -- that when people are using the web, they are in a differ
Hi,
I'm sympathetic to the argument that Nielsen makes about reset.
One thing to consider, however, is that he's arguing from a point of view that
differentiates applications from web pages -- that when people are using the
web, they are in a different kind of environment from applications, a
34 matches
Mail list logo