On Mon, 2011-06-13 at 23:37 -0400, Simo Sorce wrote:
On Mon, 2011-06-13 at 23:28 -0400, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
On 6/13/2011 6:00 PM, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
On 6/13/2011 2:45 PM, Rob Crittenden wrote:
Indirect membership is calculated
On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.
Note the subtle change when comparing addresses. We have two object
types, IPNetwork and IPAddress. We
On 14.6.2011 10:25, Martin Kosek wrote:
On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.
Note the subtle change when comparing addresses. We have two object
Martin Kosek wrote:
On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.
Note the subtle change when comparing addresses. We have two object
types, IPNetwork and
Jan Cholasta wrote:
On 6.6.2011 21:25, Rob Crittenden wrote:
Jan Cholasta wrote:
On 26.4.2011 22:52, Rob Crittenden wrote:
The goal is to not import foreign certificates.
This caused a bunch of tests to fail because we had a hardcoded server
certificate. Instead a developer will need to run
On Tue, 2011-06-14 at 08:56 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.
Note the subtle change
On Tue, 2011-06-14 at 08:46 +0200, Martin Kosek wrote:
IIRC the algorithms for circular groups processing are already
implemented in SSSD, so we don't have to reinvent the wheel and let us
get some inspiration there :-)
They are not very efficient and we have some ideas on how to improve the
On 6/13/2011 10:28 PM, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
NACK. If there's a circular membership the code will run into an
infinite loop. Here's a test scenario:
Group 1 has 2 members: group 2 and group 3.
Group 2 is a member of group 3.
Group 3 is a member of group 2.
Run ipa
Endi Sukma Dewata wrote:
On 6/13/2011 10:28 PM, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
NACK. If there's a circular membership the code will run into an
infinite loop. Here's a test scenario:
Group 1 has 2 members: group 2 and group 3.
Group 2 is a member of group 3.
Group 3 is a
Martin Kosek wrote:
On Tue, 2011-06-14 at 08:56 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.
Note the
This patch enables the user to specify netmasks in the --ip-address
option of host-add. They're used for proper DNS reverse zone and PTR
record creation. Also the IP addresses are more strictly checked (just
like in the install scripts).
https://fedorahosted.org/freeipa/ticket/1234
--
Jan
On 6/13/2011 7:48 PM, Adam Young wrote:
On 06/13/2011 07:28 PM, Endi Sukma Dewata wrote:
The buttons were previously skipped during tab navigation because
they do not have an href attribute. The IPA.button has been fixed
to always provide an href attribute.
Ticket #983
ACK.
Pushed to
https://fedorahosted.org/freeipa/ticket/1319
From 2b9b2fefaf250c7d58e35a9d0e9ca33bd865743e Mon Sep 17 00:00:00 2001
From: Adam Young ayo...@redhat.com
Date: Tue, 14 Jun 2011 12:34:56 -0400
Subject: [PATCH] dns multiple records show multiple records that share the
same dnsname
---
On 6/14/2011 8:46 AM, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
On 6/13/2011 10:28 PM, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
NACK. If there's a circular membership the code will run into an
infinite loop. Here's a test scenario:
Group 1 has 2 members: group 2 and group 3.
Group
This is a stab at fixing #1252 - teaching the RA to handle cases where
the local server isn't a CA.
When the RA is about to submit a signing request to a CA, it currently
assumes that the CA is colocated. This modifies its behavior so that
the first time it needs to submit a signing request, it:
Martin Kosek wrote:
On Thu, 2011-06-09 at 15:14 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
How to test:
1) Create a custom DS instance with for example 60radius.ldif schema
present (as in the original report in ticket #1266)
2) Populate DS with users/groups with custom unsupported object
Martin Kosek wrote:
This patch depends on my patch 078. A special patch for stable branch
attached.
---
Create DNS domain for IPA server hostname first so that it's forward
record can be added. This results in 2 forward DNS zones created
when server hostname doesn't equal server domain.
Simo Sorce wrote:
On Thu, 2011-06-09 at 11:31 +0200, Martin Kosek wrote:
When a new DNS zone is being created a local hostname is set as a
nameserver of the new zone. However, when the zone is created
during ipa-replica-prepare, the the current master/replica doesn't
have to be an IPA server
Martin Kosek wrote:
On Thu, 2011-06-09 at 14:10 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-05-23 at 14:38 -0400, Rob Crittenden wrote:
In an attempt to support multiple direct maps we always included the
automountinformation in the key dn. This makes showing keys impossible
JR Aquino wrote:
On Jun 10, 2011, at 3:11 PM, JR Aquino wrote:
On Jun 9, 2011, at 10:24 AM, Rob Crittenden wrote:
JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1277
Raise DuplicateEntry Error when adding a duplicate sudo option
nack, this will still fail if no ipasudoopt is
Martin Kosek wrote:
Enhance Host plugin to provide not only Managed By list but also
a list of managed hosts. The new list is generated only when --all
option is passed.
https://fedorahosted.org/freeipa/ticket/993
ack
___
Freeipa-devel mailing list
On Tue, 2011-06-14 at 14:26 -0400, Rob Crittenden wrote:
Jan Cholasta wrote:
This patch enables the user to specify netmasks in the --ip-address
option of host-add. They're used for proper DNS reverse zone and PTR
record creation. Also the IP addresses are more strictly checked (just
like
Adjustment to install/share/schema_compat.uldif to correctly assign
sudorunasuser for both a user and group object respectively.
The bug had to do with the compat plugin syntax needing to correctly identify
the difference behind intent with the 'runas' attributes.
The difference is handling
JR Aquino wrote:
On Jun 13, 2011, at 11:45 AM, wrote:
This small 2 line patch addresses 2 bugs:
https://fedorahosted.org/freeipa/ticket/1269 - (Remaining external hosts not
displayed while removing one from a sudorule.)
https://fedorahosted.org/freeipa/ticket/1270 - (Removed external host is
Nalin Dahyabhai wrote:
This is a stab at fixing #1252 - teaching the RA to handle cases where
the local server isn't a CA.
When the RA is about to submit a signing request to a CA, it currently
assumes that the CA is colocated. This modifies its behavior so that
the first time it needs to
Martin Kosek wrote:
On Mon, 2011-06-06 at 13:47 -0400, Rob Crittenden wrote:
Our translation files haven't been updated for a few months, this brings
things up to date. It is intended for master only.
All I did to generate this patch was to run make update-po in
install/po. It is otherwise
On 6/14/2011 10:47 AM, Kyle Baker wrote:
Endi,
Adjusted the spacing on the patch Endi merged.
Kyle Baker
Visual Designer
Desk - 978 392 3116
IRC - kylebaker
I pushed patch #16 and #17 to master with some minor adjustments.
You probably meant to remove the empty space between the page title
Don't let a JSON error get lost in cascading errors.
If a JSON decoding error was found we were still trying to call the
XML-RPC function, losing the original error.
https://fedorahosted.org/freeipa/ticket/1322
rob
From a7636a4b455329ef6c6bbb3382c7ae6797d6414e Mon Sep 17 00:00:00 2001
From:
On 6/14/2011 4:41 PM, Endi Sukma Dewata wrote:
On 6/14/2011 10:47 AM, Kyle Baker wrote:
Endi,
Adjusted the spacing on the patch Endi merged.
Kyle Baker
Visual Designer
Desk - 978 392 3116
IRC - kylebaker
I pushed patch #16 and #17 to master with some minor adjustments.
You probably meant to
On Jun 14, 2011, at 11:06 AM, Rob Crittenden wrote:
JR Aquino wrote:
On Jun 10, 2011, at 3:11 PM, JR Aquino wrote:
On Jun 9, 2011, at 10:24 AM, Rob Crittenden wrote:
JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1277
Raise DuplicateEntry Error when adding a duplicate sudo
On 6/14/2011 11:41 AM, Adam Young wrote:
https://fedorahosted.org/freeipa/ticket/1319
ACK and pushed to master.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Some of the sudorule commands were missing a message summary.
ticket https://fedorahosted.org/freeipa/ticket/1255
rob
From 3fa78f5ec880974aae2caf35d7850e5a0d910375 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 14 Jun 2011 21:35:02 -0400
Subject: [PATCH] Add
Revocation reason 7 is undefined in the RFCs, disallow it.
https://fedorahosted.org/freeipa/ticket/1318
From 1fce43c2bb94bdaa7702a53d4524879857c83af6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 14 Jun 2011 22:03:02 -0400
Subject: [PATCH] Return an error message
33 matches
Mail list logo