Re: [Freeipa-devel] [PATCH] 543 Trust domains Web UI

On 20.1.2014 18:01, Alexander Bokovoy wrote: On Fri, 17 Jan 2014, Petr Vobornik wrote: Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of the domains associated with the trust *

Re: [Freeipa-devel] [PATCH] 543 Trust domains Web UI

On Tue, 21 Jan 2014, Petr Vobornik wrote: On 20.1.2014 18:01, Alexander Bokovoy wrote: On Fri, 17 Jan 2014, Petr Vobornik wrote: Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of

Re: [Freeipa-devel] [PATCH] 0137 ipasam: remove child domains before removing trust

On Mon, Jan 20, 2014 at 04:49:21PM +0200, Alexander Bokovoy wrote: Hi! Make sure we delete child domains before removing the trust itself as LDAP protocol does not allow removing non-leaf objects. This has non-obvious effect -- old code did remove cross-realm principals and then removed

Re: [Freeipa-devel] [PATCH] 0137 ipasam: remove child domains before removing trust

On Tue, 21 Jan 2014, Sumit Bose wrote: On Mon, Jan 20, 2014 at 04:49:21PM +0200, Alexander Bokovoy wrote: Hi! Make sure we delete child domains before removing the trust itself as LDAP protocol does not allow removing non-leaf objects. This has non-obvious effect -- old code did remove

Re: [Freeipa-devel] [PATCH] 0137 ipasam: remove child domains before removing trust

On Tue, 21 Jan 2014, Alexander Bokovoy wrote: On Tue, 21 Jan 2014, Sumit Bose wrote: On Mon, Jan 20, 2014 at 04:49:21PM +0200, Alexander Bokovoy wrote: Hi! Make sure we delete child domains before removing the trust itself as LDAP protocol does not allow removing non-leaf objects. This has

Re: [Freeipa-devel] [PATCH] 0137 ipasam: remove child domains before removing trust

On Tue, Jan 21, 2014 at 12:39:32PM +0200, Alexander Bokovoy wrote: On Tue, 21 Jan 2014, Alexander Bokovoy wrote: On Tue, 21 Jan 2014, Sumit Bose wrote: On Mon, Jan 20, 2014 at 04:49:21PM +0200, Alexander Bokovoy wrote: Hi! Make sure we delete child domains before removing the trust itself

Re: [Freeipa-devel] [PATCH] 543 Trust domains Web UI

On 01/21/2014 10:43 AM, Alexander Bokovoy wrote: On Tue, 21 Jan 2014, Petr Vobornik wrote: On 20.1.2014 18:01, Alexander Bokovoy wrote: On Fri, 17 Jan 2014, Petr Vobornik wrote: Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following

Re: [Freeipa-devel] [PATCH] 543 Trust domains Web UI

On 21.1.2014 10:43, Alexander Bokovoy wrote: On Tue, 21 Jan 2014, Petr Vobornik wrote: On 20.1.2014 18:01, Alexander Bokovoy wrote: On Fri, 17 Jan 2014, Petr Vobornik wrote: Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following CLI

Re: [Freeipa-devel] [PATCH] 0137 ipasam: remove child domains before removing trust

On 01/21/2014 12:06 PM, Sumit Bose wrote: On Tue, Jan 21, 2014 at 12:39:32PM +0200, Alexander Bokovoy wrote: On Tue, 21 Jan 2014, Alexander Bokovoy wrote: On Tue, 21 Jan 2014, Sumit Bose wrote: On Mon, Jan 20, 2014 at 04:49:21PM +0200, Alexander Bokovoy wrote: Hi! Make sure we delete child

[Freeipa-devel] [PATCH] 0452 permission plugin: Do not assume attribute-level rights for new attributes are present

With the --all --raw options, the code assumed attribute-level rights were set on ipaPermissionV2 attributes, even on permissions that did not have the objectclass. Check that the data is present before using it. https://fedorahosted.org/freeipa/ticket/4121 -- Petr³ From

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

On 20.1.2014 18:35, Simo Sorce wrote: On Mon, 2014-01-20 at 17:49 +0100, Jan Cholasta wrote: On 20.1.2014 16:36, Simo Sorce wrote: On Mon, 2014-01-20 at 11:07 +0100, Jan Cholasta wrote: On 17.1.2014 11:39, Jan Cholasta wrote: On 10.1.2014 13:34, Martin Kosek wrote: On 01/09/2014 04:49 PM,

Re: [Freeipa-devel] [PATCH] 448-449 Switch httpd to use default CCACHE

On 01/16/2014 02:16 PM, Martin Kosek wrote: [freeipa-mkosek-448-add-runas-option-to-run-function.patch]: Run function can now run the specified command as different user by setting the EUID and EGID for executed process. Please add the new argument to the docstring, otherwise ACK

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

On Tue, 2014-01-21 at 14:02 +0100, Jan Cholasta wrote: +request = None +try: +request = pkcs10.load_certificate_request(csr) +subject = pkcs10.get_subject(request) +subjectaltname = pkcs10.get_subjectaltname(request) Will this make the

Re: [Freeipa-devel] [PATCH] 448-449 Switch httpd to use default CCACHE

On 01/21/2014 03:07 PM, Petr Viktorin wrote: On 01/16/2014 02:16 PM, Martin Kosek wrote: [freeipa-mkosek-448-add-runas-option-to-run-function.patch]: Run function can now run the specified command as different user by setting the EUID and EGID for executed process. Please add the new

[Freeipa-devel] ANNOUNCE: kdcproxy 0.1.1 released

kdcproxy contains a WSGI module for proxying KDC requests over HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with minimal configuration. https://pypi.python.org/pypi/kdcproxy https://github.com/npmccallum/kdcproxy One of the reasons I am announcing this on the