On Wed, 22 Feb 2012, Rob Crittenden wrote:
The python-ldap in F-17 added uniqueness checking in its schema
parser. This breaks the updater where we purposely re-create the
schema from a dictionary to see if anything has changed. We need to
pass in a flag to tell it to not check uniqueness.
An easy way to check if master-replica UDP port check actually works is
to simply configure few iptables rules to drop packets for tested UDP or
TCP ports:
A INPUT -m udp -p udp --dport 88 -j DROP
-A INPUT -m tcp -p tcp --dport 88 -j DROP
UDP port checks in ipa-replica-conncheck always
Do not accept invalid GID values in IPA user/group plugins.
https://fedorahosted.org/freeipa/ticket/2335
From 56862b45aa20e8035d0eac7c8f4a16fc18bf2009 Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Thu, 23 Feb 2012 10:25:22 +0100
Subject: [PATCH] Add gidnumber minvalue
Do
On Tue, 2012-02-21 at 10:25 -0500, Rob Crittenden wrote:
Don't let the permission Modify Group membership manage the admins
group. We don't want someone on the helpdesk managing admins membership.
rob
Yup, this fixed the problem.
ACK. Pushed to master, ipa-2-2.
Martin
On Wed, 2012-02-22 at 23:22 -0500, Rob Crittenden wrote:
Add -v to the two calls to sslget. In case of an error we'll get more
than just the returnval.
I also fixed a couple of old references to sslget. It used to be our SSL
client before python-nss.
rob
ACK. Pushed to master, ipa-2-2.
On Wed, 2012-02-22 at 17:47 -0500, Rob Crittenden wrote:
Don't allow a host that is a master or its IPA services to be deleted.
I'm taking a pretty limited view of services, preventing deletion of
just the IPA services I could think of. I don't want to prevent someone
from deleting an nfs
Redirection in 'Add and edit' in automember hostgroup now navigates to
correct facet.
https://fedorahosted.org/freeipa/ticket/2422
--
Petr Vobornik
From 5b898f7a63f92c2caf36f4c2a280ceb6d0ccb092 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Voborn=C3=ADk?= pvobo...@redhat.com
Date: Thu, 23 Feb
On 01/20/2012 05:10 PM, Rob Crittenden wrote:
We again need to prevent mod_ssl from being installed since we proxy
for dogtag now. mod_proxy provides a single API for doing SSL proxying
and if mod_ssl is merely loaded in Apache it grabs the interface for
doing this from mod_nss.
rob
https://fedorahosted.org/freeipa/ticket/2227 (Unable to add certain sudo
commands to groups). What an interesting bug to get :)
One problem with our CSV splitting is that it's not idempotent
(baskslashes are eaten when there are escaped commas), but when we
forward a call it gets done on
On Wed, 2012-02-22 at 16:06 -0500, Rob Crittenden wrote:
Similar to my patch 921, fix replication agreements that were created
without memberof in the exclusion list. This patch is for ipa-2-2 and
master and does it as part of the upgrade process as a plugin.
rob
Yup, this is pretty much
On 23.2.2012 15:29, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/2227 (Unable to add certain sudo
commands to groups). What an interesting bug to get :)
One problem with our CSV splitting is that it's not idempotent
(baskslashes are eaten when there are escaped commas), but
On Thu, 2012-02-23 at 16:08 +0100, Jan Cholasta wrote:
On 23.2.2012 15:29, Petr Viktorin wrote:
...
If we only keep one of those, the fix for #2227 should be quite easy.
If not (backwards compatibility), we need to document this properly,
test all the corner cases, and fix the UI to handle
Hello,
this patch is performance optimization of yesterday's fix
https://fedorahosted.org/bind-dyndb-ldap/ticket/43 - hold bind and
plugin global settings in LDAP.
--
Petr^2 Spacek
From 61c4da9c39d3b42594dab39779da2495970d34f4 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Patch description:
When editable combobox had only one option and input field was cleared,
the option couldn't be selected if it was selected before.
This patch adds click handler to option elements. The handler calls
select_on_change.
When different option is selected select_on_change is
Attaching patch
On 02/23/2012 04:34 PM, Petr Vobornik wrote:
Patch description:
When editable combobox had only one option and input field was cleared,
the option couldn't be selected if it was selected before.
This patch adds click handler to option elements. The handler calls
Alexander Bokovoy wrote:
On Wed, 22 Feb 2012, Rob Crittenden wrote:
The python-ldap in F-17 added uniqueness checking in its schema
parser. This breaks the updater where we purposely re-create the
schema from a dictionary to see if anything has changed. We need to
pass in a flag to tell it to
Martin Kosek wrote:
On Wed, 2012-02-22 at 17:47 -0500, Rob Crittenden wrote:
Don't allow a host that is a master or its IPA services to be deleted.
I'm taking a pretty limited view of services, preventing deletion of
just the IPA services I could think of. I don't want to prevent someone
from
Option '--noac' was added. If set, the ipa-client-install will not call
authconfig for setting nsswitch.conf and PAM configuration. In
fact no configuration of nsswitch.conf or PAM would be done at
all.
https://fedorahosted.org/freeipa/ticket/2369
--
Regards,
Ondrej Hamada
FreeIPA team
jabber:
Ondrej Hamada wrote:
On 01/20/2012 05:10 PM, Rob Crittenden wrote:
We again need to prevent mod_ssl from being installed since we proxy
for dogtag now. mod_proxy provides a single API for doing SSL proxying
and if mod_ssl is merely loaded in Apache it grabs the interface for
doing this from
On Thu, 2012-02-23 at 11:33 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2012-02-22 at 17:47 -0500, Rob Crittenden wrote:
Don't allow a host that is a master or its IPA services to be deleted.
I'm taking a pretty limited view of services, preventing deletion of
just the IPA
Martin Kosek wrote:
On Thu, 2012-02-23 at 11:33 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2012-02-22 at 17:47 -0500, Rob Crittenden wrote:
Don't allow a host that is a master or its IPA services to be deleted.
I'm taking a pretty limited view of services, preventing deletion
On Thu, 2012-02-23 at 13:49 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2012-02-23 at 11:33 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2012-02-22 at 17:47 -0500, Rob Crittenden wrote:
Don't allow a host that is a master or its IPA services to be deleted.
I'm
Martin Kosek wrote:
On Mon, 2012-02-20 at 12:46 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2012-02-14 at 09:10 -0500, Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 2012-02-14 at 12:09 +0100, Martin Kosek wrote:
A new version of bind-dyndb-ldap has been released, sending
John Dennis wrote:
This works great, particularly with patch 63. The only thing I wasn't
able to test at all is logout. Is there a way to test that as-is or will
the UI guys need to make some changes too?
rob
___
Freeipa-devel mailing list
The call to create_connection in the backend was outside a try/except so
we would miss public ACI errors. This will catch them.
To test this you can delete the S4U2Proxy delegation:
$ ldapmodify -x -D 'cn=directory manager' -W
LDAP Password:
dn:
ipa-server-install has a method for validating forward and reverse via
ipaserver/install/installutils.py
ipa-client-install does not currently have an equivalent
This patch adds valid_dns to ipapython/ipautil.py to validate foward and
reverse DNS
This patch adds the valid_dns test in
On Thu, 2012-02-23 at 22:05 -0500, Rob Crittenden wrote:
We noticed that older client machines couldn't join FreeIPA 2.1.90
servers running KDC 1.90. It was failing to return a ticket for DES so
the whole keytab request was failing.
I changed it so failures are acceptable as long as one
27 matches
Mail list logo