Re: [Freeipa-devel] [PATCH] 376-377 Use tkey-gssapi-keytab in named.conf

On 03/08/2013 09:49 AM, Petr Spacek wrote: On 8.3.2013 00:14, Rob Crittenden wrote: Martin Kosek wrote: Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential and tkey-domain and replace them with tkey-gssapi-keytab which avoids unnecessary Kerberos checks on BIND startup and

Re: [Freeipa-devel] [PATCH] 376-377 Use tkey-gssapi-keytab in named.conf

On 11.3.2013 09:09, Martin Kosek wrote: On 03/08/2013 09:49 AM, Petr Spacek wrote: On 8.3.2013 00:14, Rob Crittenden wrote: Martin Kosek wrote: Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential and tkey-domain and replace them with tkey-gssapi-keytab which avoids

Re: [Freeipa-devel] [PATCH] 378-380 Improved CNAME and DNAME validation

On 03/06/2013 01:07 PM, Petr Spacek wrote: On 6.3.2013 09:32, Martin Kosek wrote: +error=u'CNAME record is not allowed to coexist with any other record'), Sorry for nitpicking again, but I would add note '(RFC 1034, section 3.6.2)'. Thank you! Fixed. Martin From

Re: [Freeipa-devel] [PATCH] 381 Preserve order of servers in ipa-client-install

On 03/07/2013 03:07 PM, Petr Viktorin wrote: On 03/07/2013 02:00 PM, Martin Kosek wrote: When multiple servers are passed via --server option, ipadiscovery module changed its order. Make sure that we preserve it. Also make sure that user is always warned when a tested server is not available

Re: [Freeipa-devel] [PATCH] 0006 Remove check for alphabetic only characters from domain name validation

On 02/27/2013 10:58 AM, Martin Kosek wrote: On 02/22/2013 04:02 PM, Ana Krivokapic wrote: On 02/22/2013 10:19 AM, Petr Spacek wrote: On 20.2.2013 11:03, Ana Krivokapic wrote: On 02/18/2013 01:08 PM, Martin Kosek wrote: On 02/18/2013 12:47 PM, Sumit Bose wrote: On Mon, Feb 18, 2013 at

Re: [Freeipa-devel] [PATCHES] 0191-0195 Use ipaldap in the client installer password migration

On 8.3.2013 14:14, Petr Viktorin wrote: On 03/07/2013 05:42 PM, Jan Cholasta wrote: Patch 191: The patch is missing the ipapython/ipaldap.py file. On 7.3.2013 18:29, Petr Viktorin wrote: It's there, it's just copied from ipaserver/ipaldap.py with a small change at the bottom. There is no

Re: [Freeipa-devel] [PATCHES] 0191-0195 Use ipaldap in the client installer password migration

On 11.3.2013 13:43, Petr Viktorin wrote: On 03/11/2013 01:13 PM, Jan Cholasta wrote: On 8.3.2013 14:14, Petr Viktorin wrote: On 03/07/2013 05:42 PM, Jan Cholasta wrote: Patch 191: The patch is missing the ipapython/ipaldap.py file. On 7.3.2013 18:29, Petr Viktorin wrote: It's there, it's

Re: [Freeipa-devel] [PATCH 0038] Perform secondary rid range overlap check for local ranges

On 03/08/2013 04:41 PM, Tomas Babej wrote: On 03/08/2013 12:10 PM, Martin Kosek wrote: On 03/05/2013 12:59 PM, Tomas Babej wrote: Hi, Any of the following checks: - overlap between primary RID range and secondary RID range - overlap between secondary RID range and secondary RID range

[Freeipa-devel] [PATCH] 266 Fixed Web UI build error caused by rhino changes in F19

rhino-1.7R4-2.fc19.noarch dropped -main flag which made the build fail in rawhide (F19). We can't use the same command for rhino-1.7R3-6 (F18) and rhino-1.7R4-2 (F19). This patch adds check if rhino supports '-require' option. If so it calls rhino with it if not it calls rhino with -main

Re: [Freeipa-devel] Failed push to github

Petr Viktorin wrote: On 03/08/2013 12:38 AM, Nathaniel McCallum wrote: I tried to push my branch of FreeIPA to github and it failed with the following message. I don't know if anything can be done to fix it, but I figured I'd mention it. error: object

Re: [Freeipa-devel] [PATCHES] 0191-0195 Use ipaldap in the client installer password migration

On 03/11/2013 01:48 PM, Jan Cholasta wrote: On 11.3.2013 13:43, Petr Viktorin wrote: On 03/11/2013 01:13 PM, Jan Cholasta wrote: On 8.3.2013 14:14, Petr Viktorin wrote: On 03/07/2013 05:42 PM, Jan Cholasta wrote: Patch 191: The patch is missing the ipapython/ipaldap.py file. On 7.3.2013

[Freeipa-devel] [PATCH 118] [WIP] Add 389 DS plugin for special idnsSOASerial attribute handling

Hello list! My first patch for FreeIPA is attached :-) I managed to add new 389 DS plugin to build system, but the LDAP magic in installer and updater is too much for my brain. Could somebody show me how installer and updater should add new object to cn=config ? Plugin configuration is

Re: [Freeipa-devel] [PATCH] 1088 Recover DNA ranges when deleting a master

Petr Viktorin wrote: On 03/07/2013 08:27 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 03/06/2013 09:52 PM, Rob Crittenden wrote: Petr Viktorin wrote: [...] On new installs, the ACI on cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config is added before the entry

Re: [Freeipa-devel] [PATCH] 0186 Change DNA magic value to -1 to make UID 999 usable

On 02/22/2013 12:16 PM, Petr Viktorin wrote: On 02/22/2013 11:16 AM, Petr Viktorin wrote: https://fedorahosted.org/freeipa/ticket/2886 This changes the DNA magic value to -1, and the corresponding IPA's parameters (gidnumber, uidnumber) to be optional (instead of autofill). Since the old

[Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

Fixed a number of issues applying password policy against LDAP binds. See patch for details. rob From 27b19a5fbf7ea999dd9e69732c61ac58668c29b0 Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Fri, 15 Feb 2013 11:51:59 -0500 Subject: [PATCH] Fix lockout of LDAP bind.