On Thu, 2011-12-01 at 17:18 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-11-28 at 17:35 +0100, Martin Kosek wrote:
I have prepared a working prototype of the new structured DNS API. It
may still have rough edges (and unit tests are not ready), but it will
provide a base
Hi,
I'm working on ticket https://fedorahosted.org/freeipa/ticket/1837
which concerns portability of ipapython.dnsclient module.
ipapython.dnsclient module uses acutil module to perform 'res_send(3)'
call provided by libresolv. acutil implements bindings to two system
calls (res_send() and
Simo Sorce wrote:
On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
Comments? Suggestions?
Sorry for the late reply.
First of all, excellent write-up John, it is very comprehensive and lays
down things very clearly.
I agree that using ipa:ipa for memcached and wsgi would be a better
On 11/29/2011 08:43 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/29/2011 03:46 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2045
'ipa pwpolicy-find' output is now sorted by priority of the policies.
Lower position means lower priority. Global policy is then at the
On Fri, 2011-12-02 at 08:22 -0500, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
Comments? Suggestions?
Sorry for the late reply.
First of all, excellent write-up John, it is very comprehensive and lays
down things very clearly.
I
On Tue, 29 Nov 2011, Simo Sorce wrote:
Found a couple of memleaks while reviewing code.
Attached.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 70840691e48e1ac89002499c08a9dd4fdcae7c50 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Sun, 20 Nov 2011 20:50:11
On Fri, 2011-12-02 at 16:04 +0200, Alexander Bokovoy wrote:
On Tue, 29 Nov 2011, Simo Sorce wrote:
Found a couple of memleaks while reviewing code.
Attached.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 70840691e48e1ac89002499c08a9dd4fdcae7c50 Mon Sep 17 00:00:00
Simo Sorce wrote:
Hello all,
with this set of patches it is possible to allow constrained delegation
of credentials so that a service can impersonate a user when
communicating with another service w/o requiring the user to actually
forward their TGT. This makes for a much better method of
Martin Kosek wrote:
On Thu, 2011-12-01 at 17:18 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-11-28 at 17:35 +0100, Martin Kosek wrote:
I have prepared a working prototype of the new structured DNS API. It
may still have rough edges (and unit tests are not ready), but it will
On Fri, 02 Dec 2011, Simo Sorce wrote:
memset(pac_info, 0, sizeof(pac_info));
pac_info.logon_info.info = talloc_zero(tmpctx, struct
PAC_LOGON_INFO);
if (!tmpctx) {
Here is an issue -- you are allocating off tmpctx which is not empty
here (we checked it right above)
Simo Sorce wrote:
On Fri, 2011-12-02 at 08:22 -0500, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
Comments? Suggestions?
Sorry for the late reply.
First of all, excellent write-up John, it is very comprehensive and lays
down things very
Simo Sorce wrote:
I lost count of how many patches I handled, and to be honest I think
this naming convention sucks a bit.
I would be ok changing the number to match a ticket number perhaps, when
there is a ticket attached to it, but for patches like this one all you
really-need it to append a
Hi,
We currently use this hashbang line in IPA scripts:
#! /usr/bin/python -E
IMHO this should be changed to point to Python 2 binary specifically:
#! /usr/bin/python2 -E
for the sake of distros, which symlink /usr/bin/python to Python 3
binary by default (Fedora 17?).
Honza
--
On Fri, 2011-12-02 at 16:39 +0200, Alexander Bokovoy wrote:
On Fri, 02 Dec 2011, Simo Sorce wrote:
memset(pac_info, 0, sizeof(pac_info));
pac_info.logon_info.info = talloc_zero(tmpctx, struct
PAC_LOGON_INFO);
if (!tmpctx) {
Here is an issue -- you are allocating
Jan Cholasta wrote:
Dne 14.10.2011 10:19, Alexander Bokovoy napsal(a):
On Fri, 14 Oct 2011, Jan Cholasta wrote:
Perform an HTTP request.
- if self.ca_host == None:
- self.ca_host = self._select_ca()
+ if self.ca_host is None:
+ object.__setattr__(self, 'ca_host', self._select_ca())
return
Dne 2.12.2011 15:56, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 14.10.2011 10:19, Alexander Bokovoy napsal(a):
On Fri, 14 Oct 2011, Jan Cholasta wrote:
Perform an HTTP request.
- if self.ca_host == None:
- self.ca_host = self._select_ca()
+ if self.ca_host is None:
+
On Fri, 2011-12-02 at 09:46 -0500, Rob Crittenden wrote:
Simo Sorce wrote:
On Fri, 2011-12-02 at 08:22 -0500, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
Comments? Suggestions?
Sorry for the late reply.
First of all, excellent
On Fri, 2011-12-02 at 09:27 -0500, Rob Crittenden wrote:
Simo Sorce wrote:
Hello all,
with this set of patches it is possible to allow constrained delegation
of credentials so that a service can impersonate a user when
[..]
In the third patch in ipadb_get_delegation_acl() you can just
Ondrej Hamada wrote:
On 11/29/2011 10:33 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/11/2011 02:55 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into
On 12/02/2011 07:58 AM, Alexander Bokovoy wrote:
Hi,
I'm working on ticket https://fedorahosted.org/freeipa/ticket/1837
which concerns portability of ipapython.dnsclient module.
ipapython.dnsclient module uses acutil module to perform 'res_send(3)'
call provided by libresolv. acutil implements
On 12/01/2011 10:04 PM, Simo Sorce wrote:
Hi Adam,
I haven't replied to this summary so far for 2 reasons.
I had little time to ponder it (and Java is not my forte) and it is
still a bit up in the air.
I am a bit concerned about the relatively unstable/young support for
some of the tech that
Alexander Bokovoy wrote:
Hi,
FreeIPA SUDO rules use --usercat/--groupcat to specify that rule
applies to all users or groups. Thus, sudorule-add-runasuser and
sudorule-add-runasgroup accept specific groups and users and do not
accept ALL reserved word.
The patch validates user and group passed
Alexander Bokovoy wrote:
Hi,
This is patch proposal, I haven't checked it with multiple servers
setup yet.
When discovering IPA LDAP servers through DNS records, look through all
servers found until first success. A master might be not available or
denied access due to anonymous binds
On 12/02/2011 03:33 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-12-01 at 17:18 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-11-28 at 17:35 +0100, Martin Kosek wrote:
3) The commands are in format dnsrecordRRTYPE-cmd, for example
dnsrecordmx-add. I think
On Fri, 2011-12-02 at 15:50 +0100, Jan Cholasta wrote:
Hi,
We currently use this hashbang line in IPA scripts:
#! /usr/bin/python -E
IMHO this should be changed to point to Python 2 binary specifically:
#! /usr/bin/python2 -E
for the sake of distros, which symlink
On Fri, 2011-12-02 at 08:17 +0200, Alexander Bokovoy wrote:
On Thu, 01 Dec 2011, Simo Sorce wrote:
Very simple patch to remove unused stuff, could have been a onelliner I
guess, but here we go :)
ACK.
Pushed to master.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
John Dennis wrote:
Add option to run the unit tests under PDB, but enter
PDB before anything executes so you can set breakpoints etc.
Add option to disable nosetest from capturing stdout, handy for
adding print statements when debugging.
Note: the old --pdb arg behavior is now --pdb-errors,
Ondrej Hamada wrote:
On 11/29/2011 08:43 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/29/2011 03:46 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2045
'ipa pwpolicy-find' output is now sorted by priority of the policies.
Lower position means lower priority. Global
On Thu, Dec 01, 2011 at 09:00:18AM -0500, Jiri Kuncar wrote:
I've added an attribute idnsAllowSyncPTR to idnsZone to enable or disable
synchronization of PTR records. However the bind-dyndb-ldap plugin option
sync_ptr has to be included in /etc/named.conf to run synchronization
feature.
The UI seems to be working like before, so patches #32-47 are ACKed. But
I'd rather wait until the unit tests are completely fixed before pushing.
I'm going to rebase the HBAC Test patches on top of these.
I have some comments below, but they can be addressed separately.
On 11/30/2011 10:37
On 12/1/2011 3:58 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/2151
Note: I didn't add browser.js to jsl.conf because there is a jsl error -
shortcut for checking NaN and I'm not sure if modifying it into standard
isNaN call would be OK.
I don't have an environment to test
On 12/1/2011 10:45 AM, Adam Young wrote:
On 12/01/2011 10:02 AM, Petr Vobornik wrote:
1) Should widget expect that array of values like ['value'] will be
always passed to update(values) method or the update method should
also work with simple values like 'value'?
The widget tests are higly
The CLI wasn't showing HBAC and Sudo rule membership because it lacked a
label. These already show in the UI.
rob
From 3906a11f64c4e54d66ed48734431a906e73b5ffc Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 2 Dec 2011 14:27:47 -0500
Subject: [PATCH] Add labels so
On Fri, 02 Dec 2011, Jan Cholasta wrote:
I don't like the idea of introducing a new class every time we need a
ReadOnly attribute to be writable. There's quite a few places in the
code where we do object.__setattr__ on ReadOnly objects. IMO the right
thing to do would be to add means of
Endi Sukma Dewata wrote:
On 11/28/2011 12:09 PM, Rob Crittenden wrote:
Some attributes in the framework were not marked as required even though
they are in the schema. These are typically computed values and I think
the intention was to not prompt for them. This has the side-effect of
them
On 12/01/2011 09:55 PM, Simo Sorce wrote:
On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
Comments? Suggestions?
Sorry for the late reply.
First of all, excellent write-up John, it is very comprehensive and lays
down things very clearly.
Thank you.
I agree that using ipa:ipa for
36 matches
Mail list logo
