On 02/28/2012 09:50 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/28/2012 04:45 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/28/2012 04:02 AM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/27/2012 05:10 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 2012-02-28 at 14:19 -0500, Dmitri Pal wrote:
On 02/28/2012 08:46 AM, Adam Tkac wrote:
On 02/28/2012 02:44 PM, Petr Spacek wrote:
On 02/24/2012 01:42 PM, Petr Spacek wrote:
Hello,
this patch is documentation improvement configuration check for
situations, where persistent
On Tue, 2012-02-28 at 16:36 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Sat, 2012-02-25 at 17:43 -0500, Rob Crittenden wrote:
This patch does two things:
1. Prompts when deleting a master to make clear that this is irreversible
2. Does not allow a deleted master to be
On 28.2.2012 18:58, Rob Crittenden wrote:
Jan Cholasta wrote:
On 28.2.2012 18:02, Petr Viktorin wrote:
On 02/28/2012 04:45 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/28/2012 04:02 AM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/27/2012 05:10 PM, Rob Crittenden wrote:
Rob
On 28.2.2012 23:42, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
this patch configures the new SSH features of SSSD in ipa-client-install.
To test it, you need to have SSSD 1.8.0 installed.
Honza
Is there a better name for 'GlobalKnownHostsFile2'?
What do you mean? The option name or
On 02/15/2012 12:57 PM, Martin Kosek wrote:
On Wed, 2012-02-15 at 11:20 +0100, Petr Viktorin wrote:
This fixes https://fedorahosted.org/freeipa/ticket/2379 by using
inet_pton instead of inet_aton.
Yeah, this would fix the stricter checking. I planed to improve A/
validation in a scope of
On Wed, 2012-02-29 at 10:56 +0100, Petr Viktorin wrote:
On 02/15/2012 12:57 PM, Martin Kosek wrote:
On Wed, 2012-02-15 at 11:20 +0100, Petr Viktorin wrote:
This fixes https://fedorahosted.org/freeipa/ticket/2379 by using
inet_pton instead of inet_aton.
Yeah, this would fix the
On 02/28/2012 03:19 PM, Jan Cholasta wrote:
On 28.2.2012 11:54, Petr Viktorin wrote:
On 02/27/2012 10:44 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/20/2012 08:51 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/2159 says various config
options
On 29.2.2012 11:09, Petr Viktorin wrote:
On 02/28/2012 03:19 PM, Jan Cholasta wrote:
On 28.2.2012 11:54, Petr Viktorin wrote:
On 02/27/2012 10:44 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/20/2012 08:51 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/27/2012 06:31 PM, Martin Kosek wrote:
4) Minor change:
-except Exception:
+except:
Don't do that. It would for example disable Ctrl+C by trapping
KeyboardInterrupt.
PEP8 has a paragraph on this, search for 'except Exception:'
--
PetrĀ³
On 02/24/2012 11:00 PM, Endi Sukma Dewata wrote:
ACK. Feel free to push once the required server piece is ready.
Patches 80,81,82-1,83,84,85,90,91,92,93 pushed to master and ipa-2-2
On 2/23/2012 7:06 AM, Petr Vobornik wrote:
3. When adding an A/ record and checking the 'create reverse'
On 02/28/2012 09:57 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 02/27/2012 03:22 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
When adding or modifying permission with both type and attributes
specified, check whether the attributes are allowed for specified
type.
In case of
On 02/29/2012 11:14 AM, Jan Cholasta wrote:
On 29.2.2012 11:09, Petr Viktorin wrote:
On 02/28/2012 03:19 PM, Jan Cholasta wrote:
On 28.2.2012 11:54, Petr Viktorin wrote:
On 02/27/2012 10:44 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/20/2012 08:51 PM, Rob Crittenden wrote:
Petr
On Wed, 2012-02-29 at 11:20 +0100, Petr Viktorin wrote:
On 02/27/2012 06:31 PM, Martin Kosek wrote:
4) Minor change:
-except Exception:
+except:
Don't do that. It would for example disable Ctrl+C by trapping
KeyboardInterrupt.
PEP8 has a paragraph
On 02/28/2012 03:18 PM, Endi Sukma Dewata wrote:
ACK. Some comments:
Pushed to master, ipa-2-2
When adding attributes for filter permission it will show undo buttons.
For consistency it might be better to use Delete links instead of undo
buttons. However, instead of crossing out the values
On 02/28/2012 03:18 PM, Endi Sukma Dewata wrote:
On 2/23/2012 7:42 AM, Petr Vobornik wrote:
Redirection in 'Add and edit' in automember hostgroup now navigates to
correct facet.
https://fedorahosted.org/freeipa/ticket/2422
ACK.
Pushed to master, ipa-2-2.
--
Petr Vobornik
On 02/28/2012 03:19 PM, Endi Sukma Dewata wrote:
On 2/23/2012 9:39 AM, Petr Vobornik wrote:
Attaching patch
On 02/23/2012 04:34 PM, Petr Vobornik wrote:
Patch description:
When editable combobox had only one option and input field was cleared,
the option couldn't be selected if it was
On 02/27/2012 11:03 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Patch 16 defers validation conversion until after {add,del,set}attr is
processed, so that we don't search for an integer in a list of strings
(this caused ticket #2405), and so that the end result of these
operations is
On Wed, 2012-02-29 at 10:52 +0100, Jan Cholasta wrote:
On 28.2.2012 23:42, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
this patch configures the new SSH features of SSSD in ipa-client-install.
To test it, you need to have SSSD 1.8.0 installed.
Honza
Is there a better
On 17.1.2012 04:55, Rob Crittenden wrote:
Jan Cholasta wrote:
Dne 13.1.2012 17:39, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 14.12.2011 16:21, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 14.12.2011 15:23, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 14.12.2011 05:20,
On 02/29/2012 10:04 AM, Martin Kosek wrote:
On Tue, 2012-02-28 at 14:19 -0500, Dmitri Pal wrote:
On 02/28/2012 08:46 AM, Adam Tkac wrote:
On 02/28/2012 02:44 PM, Petr Spacek wrote:
On 02/24/2012 01:42 PM, Petr Spacek wrote:
Hello,
this patch is documentation improvement configuration check
On 29.2.2012 14:24, Martin Kosek wrote:
On Wed, 2012-02-29 at 10:52 +0100, Jan Cholasta wrote:
On 28.2.2012 23:42, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
this patch configures the new SSH features of SSSD in ipa-client-install.
To test it, you need to have SSSD 1.8.0 installed.
On Wed, 2012-02-29 at 14:44 +0100, Jan Cholasta wrote:
On 29.2.2012 14:24, Martin Kosek wrote:
On Wed, 2012-02-29 at 10:52 +0100, Jan Cholasta wrote:
On 28.2.2012 23:42, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
this patch configures the new SSH features of SSSD in
Hello,
this patch fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/49 ,
but I want to discuss one (unimplemented) change:
I propose a change in (currently very strange) forwarders syntax.
Current syntax:
IP[.port]
examples:
1.2.3.4 (without optional port)
1.2.3.4.5553 (optional port
Martin Kosek wrote:
On Tue, 2012-02-28 at 16:36 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Sat, 2012-02-25 at 17:43 -0500, Rob Crittenden wrote:
This patch does two things:
1. Prompts when deleting a master to make clear that this is irreversible
2. Does not allow a deleted master
And there is the patch, sorry.
Petr^2
On 02/29/2012 03:10 PM, Petr Spacek wrote:
Hello,
this patch fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/49 ,
but I want to discuss one (unimplemented) change:
I propose a change in (currently very strange) forwarders syntax.
Current syntax:
On Tue, 2012-02-28 at 17:36 -0500, Rob Crittenden wrote:
We were setting the GID of migrated users to that of the default user's
group (ipausers) when it should have been the same as the UID unless UPG
was disabled.
This does the right thing and fixes migration which was broken when we
On Mon, 2012-01-30 at 17:16 -0500, Rob Crittenden wrote:
Add support for defaultNamingContext which is available in 389-ds
1.2.10-0.9.a8. If the attribute isn't returned continue to use
namingContexts to determine the basedn.
While I was in poking at this I added support to the migration
Jan Cholasta wrote:
On 28.2.2012 18:58, Rob Crittenden wrote:
Jan Cholasta wrote:
On 28.2.2012 18:02, Petr Viktorin wrote:
On 02/28/2012 04:45 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/28/2012 04:02 AM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/27/2012 05:10 PM, Rob
Petr Viktorin wrote:
On 02/27/2012 11:03 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Patch 16 defers validation conversion until after {add,del,set}attr is
processed, so that we don't search for an integer in a list of strings
(this caused ticket #2405), and so that the end result of these
Petr Viktorin wrote:
On 02/29/2012 11:14 AM, Jan Cholasta wrote:
On 29.2.2012 11:09, Petr Viktorin wrote:
On 02/28/2012 03:19 PM, Jan Cholasta wrote:
On 28.2.2012 11:54, Petr Viktorin wrote:
On 02/27/2012 10:44 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/20/2012 08:51 PM, Rob
On 02/28/2012 10:52 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 02/27/2012 09:47 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 02/21/2012 02:32 PM, Ondrej Hamada wrote:
On 02/20/2012 06:53 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2274
login_password is expecting that request content_type will be
'application/x-www-form-urlencoded'.
Current check is an equality check of content_type http header.
RFC 3875 defines that content type can contain parameters separated by
';'. For example: when firefox is doing ajax call it sets
On Tue, 2012-02-28 at 22:13 -0500, Rob Crittenden wrote:
The wrong attribute was being used to handle nested netgroup membership
in slapi-nis. Nalin worked this out for us (thanks).
This patch should fix both new installs and upgrades.
See the ticket and bug for testing information.
Logout button was added to Web UI.
A click on logout button executes session_logout command. If command
succeeds or xhr stutus is 401 (unauthorized - already logged out) page
is redirected to logout.html.
logout.html is a simple page with You have been logged out text and a
link to return
Support for forms based authentication was added to UI.
It consist of:
1) new login page
Page url is [ipa server]/ipa/ui/login.html
Page contains a login form. For authentication it sends ajax request at
[ipa server]/session/json/login_password. If authentication is
successfull page is
On 02/29/2012 03:53 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/29/2012 11:14 AM, Jan Cholasta wrote:
On 29.2.2012 11:09, Petr Viktorin wrote:
On 02/28/2012 03:19 PM, Jan Cholasta wrote:
On 28.2.2012 11:54, Petr Viktorin wrote:
On 02/27/2012 10:44 PM, Rob Crittenden wrote:
Petr
Hi everyone,
I'm currently working on my thesis. It's objective is $SUBJ and we
already have ticket for that: #194
https://fedorahosted.org/freeipa/ticket/194. The task is to create two
more replica types - the HUB and Consumer. In 389-DS both the HUB and
Consumer are read-only. Additionally
On Wed, 2012-02-29 at 09:13 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2012-02-28 at 16:36 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Sat, 2012-02-25 at 17:43 -0500, Rob Crittenden wrote:
This patch does two things:
1. Prompts when deleting a master to make
On Tue, 2012-02-28 at 23:45 +0200, Alexander Bokovoy wrote:
On Tue, 28 Feb 2012, Krzysztof Klimonda wrote:
- __setup_autoconfig modifies files in /usr/share/ and that seems to be
non-compliant with FHS. It may slip through checks at first but I'd
expect people reporting bugs at some point.
Either way looks ok to me.
I agree that using a space may be less confusing if this syntax never
allows to specify multiple addresses.
If multiple address can be specified than it may be less ideal to use
spaces.
Simo.
On Wed, 2012-02-29 at 15:14 +0100, Petr Spacek wrote:
And there is the
Martin Kosek wrote:
On Tue, 2012-02-28 at 17:36 -0500, Rob Crittenden wrote:
We were setting the GID of migrated users to that of the default user's
group (ipausers) when it should have been the same as the UID unless UPG
was disabled.
This does the right thing and fixes migration which was
On 02/29/2012 03:50 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/27/2012 11:03 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Patch 16 defers validation conversion until after
{add,del,set}attr is
processed, so that we don't search for an integer in a list of strings
(this caused
On Wed, 2012-02-29 at 16:19 +0100, Ondrej Hamada wrote:
Hi everyone,
I'm currently working on my thesis. It's objective is $SUBJ and we
already have ticket for that: #194. The task is to create two more
replica types - the HUB and Consumer. In 389-DS both the HUB and
Consumer are read-only.
On 20.2.2012 22:56, Rob Crittenden wrote:
Rob Crittenden wrote:
The variable name rdnattr can be misleading. It is only used to give the
name of hte RDN in something that can be renamed. Compare this to
something like netgroups where the DN has no visible relationship to the
content of the
On 02/29/2012 04:30 PM, Simo Sorce wrote:
Either way looks ok to me.
I agree that using a space may be less confusing if this syntax never
allows to specify multiple addresses.
If multiple address can be specified than it may be less ideal to use
spaces.
Simo.
idnsForwarders is multi-value
Ondrej Hamada wrote:
On 02/28/2012 10:52 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 02/27/2012 09:47 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 02/21/2012 02:32 PM, Ondrej Hamada wrote:
On 02/20/2012 06:53 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
Ondrej Hamada wrote:
On 02/28/2012 09:57 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 02/27/2012 03:22 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
When adding or modifying permission with both type and attributes
specified, check whether the attributes are allowed for specified
type.
I agree that we should keep the BIND syntax and separate port and IP
address with a space. We will at least avoid possible issues with IP
address decoding in the future.
Since this is a new attribute we have a good chance to do changes now so
that it is used correctly. I created an upstream
On Wed, 2012-02-29 at 10:31 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2012-02-28 at 17:36 -0500, Rob Crittenden wrote:
We were setting the GID of migrated users to that of the default user's
group (ipausers) when it should have been the same as the UID unless UPG
was
On Mon, 2012-02-27 at 17:51 +0100, Petr Viktorin wrote:
On 02/22/2012 10:41 AM, Petr Viktorin wrote:
This fixes https://fedorahosted.org/freeipa/ticket/2071 (Add final debug
message in installers). The try/except blocks at the end of
installers/management scripts are replaced by a call to a
Martin Kosek wrote:
On Mon, 2012-02-27 at 15:15 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2012-02-21 at 17:27 +0100, Martin Kosek wrote:
This set of 3 DNS patches fixes 2 minor issues found during DNS test day
(217, 218) and there is slightly longer patch (219) which improves
On Tue, 2012-02-28 at 23:07 -0500, Rob Crittenden wrote:
Don't call userdel during uninstall to delete any system users we
create. If they are deleted and the system adds another user for some
reason (package install, for example) then file ownership can get hosed.
rob
NACK
There is
Creating CSV values in UI is unnecessary and error-prone because server
converts them back to list. Possible problems with values containing
commas may occur. All occurrences of CSV joining were therefore removed.
https://fedorahosted.org/freeipa/ticket/2227
--
Petr Vobornik
From
On 02/27/2012 02:01 PM, Petr Viktorin wrote:
It seems I didn't communicate the problem and my solution clearly
enough, so let me try again. (Also, I learned from the discussions!)
Currently, both the client and the server parse CSV options. The client
does *not* re-encode the CSV before
On Wed, 2012-02-29 at 12:39 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2012-02-27 at 15:15 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2012-02-21 at 17:27 +0100, Martin Kosek wrote:
This set of 3 DNS patches fixes 2 minor issues found during DNS test day
(217,
Jan Cholasta wrote:
On 20.2.2012 22:56, Rob Crittenden wrote:
Rob Crittenden wrote:
The variable name rdnattr can be misleading. It is only used to give the
name of hte RDN in something that can be renamed. Compare this to
something like netgroups where the DN has no visible relationship to
Martin Kosek wrote:
On Mon, 2012-02-27 at 17:51 +0100, Petr Viktorin wrote:
On 02/22/2012 10:41 AM, Petr Viktorin wrote:
This fixes https://fedorahosted.org/freeipa/ticket/2071 (Add final debug
message in installers). The try/except blocks at the end of
installers/management scripts are
Martin Kosek wrote:
On Tue, 2012-02-28 at 23:07 -0500, Rob Crittenden wrote:
Don't call userdel during uninstall to delete any system users we
create. If they are deleted and the system adds another user for some
reason (package install, for example) then file ownership can get hosed.
rob
The tests for not_found were broken, this fixes it and adds tests for
the other statuses.
I changed the parent class of HTTP_Status because it calls self.info
which is provided by Plugable. This wasn't a problem at runtime because
Backend provides self.log.
rob
From
John Dennis wrote:
The routines used to return a non-success HTTP result from
WSGI failed to log the aberrant event, this corrects that omission.
ACK, pushed to master and ipa-2-2
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Petr Vobornik wrote:
login_password is expecting that request content_type will be
'application/x-www-form-urlencoded'.
Current check is an equality check of content_type http header.
RFC 3875 defines that content type can contain parameters separated by
';'. For example: when firefox is doing
On Wed, 2012-02-29 at 15:51 -0500, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2012-02-28 at 23:07 -0500, Rob Crittenden wrote:
Don't call userdel during uninstall to delete any system users we
create. If they are deleted and the system adds another user for
Petr Vobornik wrote:
Logout button was added to Web UI.
A click on logout button executes session_logout command. If command
succeeds or xhr stutus is 401 (unauthorized - already logged out) page
is redirected to logout.html.
logout.html is a simple page with You have been logged out text and
On Wed, 29 Feb 2012, Simo Sorce wrote:
On Tue, 2012-02-28 at 23:45 +0200, Alexander Bokovoy wrote:
On Tue, 28 Feb 2012, Krzysztof Klimonda wrote:
- __setup_autoconfig modifies files in /usr/share/ and that seems to be
non-compliant with FHS. It may slip through checks at first but I'd
JR Aquino wrote:
When making adjustments to increase the bind security settings of a FreeIPA
server, it is best practice to inherit those settings when installing a new
replica server.
Inherit the following bind security settings when performing a replica install:
66 matches
Mail list logo
