Hello,
bind-dyndb-ldap currently leaves empty nodes in LDAP when the last
DNS resource record associated with the node was removed:
Before DDNS update:
dn: idnsName=test,idnsName=example.com,ou=dns,dc=example,dc=com
aRecord: 1.1.1.1
dNSTTL:
objectClass: idnsRecord
idnsName: test
After
This patch fixes 2 situations where a pointer to allocated error
string could be overwritten - which could have resulted in
a memory leak.
https://fedorahosted.org/freeipa/ticket/714
From f502f98b82ccd51c3fecc363435d661162b9 Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/12/2011 02:25 PM, Martin Kosek wrote:
This patch fixes 2 situations where a pointer to allocated error
string could be overwritten - which could have resulted in
a memory leak.
https://fedorahosted.org/freeipa/ticket/714
Ack
-BEGIN
Hello,
as written in https://bugzilla.redhat.com/show_bug.cgi?id=662930
some people use OpenLDAP BIND running on one machine. In this case
BIND is started before OpenLDAP so initial connection fails. This
patch allows BIND to run but admin must call rndc reload after
LDAP is started to fetch
Add an API version that is enforced both when the server is built (to
disallow unexpected API changes) and when clients talk to the server.
See the patch for further details.
ticket 584
rob
From 85bda3479f96fbea355664b9703a941634d2ad65 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
On 01/05/2011 04:34 AM, Pavel Zuna wrote:
Ticket #700
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK. Pushed to master
___
Jan Zelený wrote:
Recent change of DNS module to version caused that dns object type
was replaced by dnszone and dnsrecord. This patch corrects dns types
in permissions class.
https://fedorahosted.org/freeipa/ticket/646
Nack. These values need to be added as valid types to the aci plugin and
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/10/2011 04:37 PM, Jakub Hrozek wrote:
Sorry, there's one more thing I haven't noticed before - please check
the return value if strdup(); in the else branch.
This comment was applicable to the ipa-rmkeytab patch.
Ack
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/10/2011 04:54 PM, Martin Kosek wrote:
On Mon, 2011-01-10 at 16:41 +0100, Jakub Hrozek wrote:
Hopefully replying to the correct patch now..
There's one more thing I haven't noticed before - please check
the return value
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/11/2011 10:57 AM, Martin Kosek wrote:
On Tue, 2011-01-11 at 10:49 +0100, Martin Kosek wrote:
krb5_init_context return value was not checked. This could lead
to unhandled error issues.
This patch moves the Kerberos
Simo Sorce wrote:
On Tue, 11 Jan 2011 16:21:38 +0100
Martin Kosekmko...@redhat.com wrote:
This patch fixes a situation where an uninitialized pointer
is passed to free().
ACK
SImo.
pushed to master
___
Freeipa-devel mailing list
JR Aquino wrote:
Correction to patch.
The previous patch inherited a line for patch #13
This has been corrected in the attached patch.
ack, pushed to master.
On 1/10/11 3:11 PM, JR Aquinojr.aqu...@citrix.com wrote:
Attached is a patch to fix the sudo compat plugin.
Ticket# 742:
Simo Sorce wrote:
On Tue, 11 Jan 2011 16:39:57 +0100
Martin Kosekmko...@redhat.com wrote:
Omitting return value of calloc in ipa_pwd_extop.c could lead to
memory access issues when memory is full. This patch adds return
value check.
https://fedorahosted.org/freeipa/ticket/717
ACK,
Simo.
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/12/2011 10:41 AM, Martin Kosek wrote:
This patch increases robustness in PRE MOD password SLAPI module
by ensuring that an uninitialized pointer is not dereferenced.
https://fedorahosted.org/freeipa/ticket/719
Ack
On Wed, 12 Jan 2011 16:24:06 +0100
Adam Tkac at...@redhat.com wrote:
as written in https://bugzilla.redhat.com/show_bug.cgi?id=662930
some people use OpenLDAP BIND running on one machine. In this case
BIND is started before OpenLDAP so initial connection fails. This
patch allows BIND to run
On Wed, Jan 12, 2011 at 12:17:51PM -0500, Simo Sorce wrote:
On Wed, 12 Jan 2011 16:24:06 +0100
Adam Tkac at...@redhat.com wrote:
as written in https://bugzilla.redhat.com/show_bug.cgi?id=662930
some people use OpenLDAP BIND running on one machine. In this case
BIND is started before
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/12/2011 07:37 AM, Adam Tkac wrote:
Hello,
bind-dyndb-ldap currently leaves empty nodes in LDAP when the last
DNS resource record associated with the node was removed:
Before DDNS update:
dn:
On Wed, Jan 12, 2011 at 01:15:36PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/12/2011 07:37 AM, Adam Tkac wrote:
Hello,
bind-dyndb-ldap currently leaves empty nodes in LDAP when the last
DNS resource record associated with the node was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/12/2011 01:25 PM, Adam Tkac wrote:
On Wed, Jan 12, 2011 at 01:15:36PM -0500, Stephen Gallagher wrote:
Nack.
Your prototype for ldap_modify_do() includes 'isc_result_t delete_node',
but the actual implementation expects 'isc_boolean_t
On Wed, 12 Jan 2011 11:03:31 -0500
Rob Crittenden rcrit...@redhat.com wrote:
Add an API version that is enforced both when the server is built (to
disallow unexpected API changes) and when clients talk to the server.
See the patch for further details.
ticket 584
rob
Technical nack,
The exisitng code sets up replication agreements by recycling the
Directory Manager password for the Replication Manager user.
This causes 2 issues:
- If you change the DM password newer replicas will fail to access the
older masters as they will have a different passwor don their
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Managing DNS records when adding/deleting hosts with the host plugin was
broken because we used a wrong attribute name (ipaddr, should be ip_address)
Jakub
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG
On Wed, 12 Jan 2011 20:54:22 +0100
Jakub Hrozek jhro...@redhat.com wrote:
Add new PTR record for www.example.com
- ipa dns-add-rr 15.142.80.in-addr.arpa 2 PTR www.example.com.
+ ipa dnsrecord 15.142.80.in-addr.arpa 2 --ptr-rec www.example.com.
Shouldn't this be dnsrecord-add ?
Simo.
On Wed, 12 Jan 2011 20:54:22 +0100
Jakub Hrozek jhro...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Managing DNS records when adding/deleting hosts with the host plugin
was broken because we used a wrong attribute name (ipaddr, should be
ip_address)
ACK,
Simo.
--
We now build using just openldap so drop the build dependency on mozldap.
rob
From d7585e8b9d48d1c03d5cd625d6d82c9bc09e43e0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 12 Jan 2011 16:34:24 -0500
Subject: [PATCH] Drop dependency on mozldap
---
ipa.spec.in |6
On Wed, Jan 12, 2011 at 04:40:17PM -0500, Rob Crittenden wrote:
We now build using just openldap so drop the build dependency on mozldap.
rob
Related question: we have a couple of #ifdef WITH_MOZLDAP preprocessor
directives in the SLAPI plugin code, should we get rid of them and only
support
If pkinit is configured anonymous tickets can be obtained.
To avoid impacting badly written applications that consider successful
authentication also implicit authorization, by default restrict
anonymous ticket to only be able to the TGTs. This is sufficient to
make FAST working with pkinit but
Jakub Hrozek wrote:
On Wed, Jan 12, 2011 at 04:40:17PM -0500, Rob Crittenden wrote:
We now build using just openldap so drop the build dependency on mozldap.
rob
Related question: we have a couple of #ifdef WITH_MOZLDAP preprocessor
directives in the SLAPI plugin code, should we get rid of
Simo Sorce wrote:
If pkinit is configured anonymous tickets can be obtained.
To avoid impacting badly written applications that consider successful
authentication also implicit authorization, by default restrict
anonymous ticket to only be able to the TGTs. This is sufficient to
make FAST
On Wed, 12 Jan 2011 16:49:05 -0500
Rob Crittenden rcrit...@redhat.com wrote:
Jakub Hrozek wrote:
On Wed, Jan 12, 2011 at 04:40:17PM -0500, Rob Crittenden wrote:
We now build using just openldap so drop the build dependency on
mozldap.
rob
Related question: we have a couple of
On Wed, 12 Jan 2011 16:40:17 -0500
Rob Crittenden rcrit...@redhat.com wrote:
We now build using just openldap so drop the build dependency on
mozldap.
rob
Nack,
you forgot the configure.ac change
Simo.
--
Simo Sorce * Red Hat, Inc * New York
Simo Sorce wrote:
On Wed, 12 Jan 2011 16:40:17 -0500
Rob Crittendenrcrit...@redhat.com wrote:
We now build using just openldap so drop the build dependency on
mozldap.
rob
Nack,
you forgot the configure.ac change
Simo.
It was in patch 674. Redid both of them, updated patch attached.
With the patch titled '674 drop build dep on mozlap' freeipa v2 will no
longer build on Fedora 13.
Newer versions of 389-ds build against an NSS-based openldap rather than
mozldap. Supporting both libraries has been challenging so we are just
going to drop Fedora 13 support.
This is merely
On Wed, Jan 12, 2011 at 05:49:42PM -0500, Rob Crittenden wrote:
With the patch titled '674 drop build dep on mozlap' freeipa v2 will
no longer build on Fedora 13.
So just to be clear, we should stop trying to build git snapshot builds
on f13? If so, is this for everything, just the freeipa
Hi,
The attached patch should address issue #1 and #2 in this bug:
https://fedorahosted.org/freeipa/ticket/670
The labels for the following fields in Host details page have been
changed:
- fqdn: Fully Qualified Host Name
- serverhostname: Host Name
The ipa_details_field_create_input() and
Nalin Dahyabhai wrote:
On Wed, Jan 12, 2011 at 05:49:42PM -0500, Rob Crittenden wrote:
With the patch titled '674 drop build dep on mozlap' freeipa v2 will
no longer build on Fedora 13.
So just to be clear, we should stop trying to build git snapshot builds
on f13? If so, is this for
On 1/13/2011 9:11 AM, Endi Sukma Dewata wrote:
The attached patch should address issue #1 and #2 in this bug:
https://fedorahosted.org/freeipa/ticket/670
The labels for the following fields in Host details page have been
changed:
- fqdn: Fully Qualified Host Name
- serverhostname: Host Name
On 01/12/2011 05:17 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 12 Jan 2011 11:03:31 -0500
Rob Crittendenrcrit...@redhat.com wrote:
Add an API version that is enforced both when the server is built (to
disallow unexpected API changes) and when clients talk to
On 01/12/2011 10:07 PM, Endi Sukma Dewata wrote:
On 1/13/2011 9:11 AM, Endi Sukma Dewata wrote:
The attached patch should address issue #1 and #2 in this bug:
https://fedorahosted.org/freeipa/ticket/670
The labels for the following fields in Host details page have been
changed:
- fqdn: Fully
Hi Rich,
The version of 389-ds-base. I installed this package with fedora testing
repo which is documented in installation steps.
[root@agvdir ~]# rpm -qi 389-ds-base
Name: 389-ds-base Relocations: (not relocatable)
Version : 1.2.7.5 Vendor:
On 1/13/2011 11:12 AM, Adam Young wrote:
can you replace the huge if-else block in details.js line 282? You cna
leave the comment about class-specific implementation, but the code does
nothing of use as is. Other than that, ACK.
I removed the if-else block but kept the list of class names in
On Wed, 2011-01-12 at 11:32 -0500, Rob Crittenden wrote:
Jakub Hrozek wrote:
On Tue, Jan 11, 2011 at 12:46:29PM +0100, Martin Kosek wrote:
krb5_get_default_realm() and asprintf() return values were ignored.
This could lead to unhandled error issues or memory access
issues.
This patch
Hi,
The attached patch should fix item #3 of this bug:
https://fedorahosted.org/freeipa/ticket/670
The li tag used for status icon has been replaced with div
tag shaped like a circle. The size can be adjusted using CSS.
--
Endi S. Dewata
From 6be1584994d7480deda7e7d5b93ac4e81a697cd0 Mon Sep 17
43 matches
Mail list logo