On 19.9.2014 18:33, Simo Sorce wrote:
On Fri, 19 Sep 2014 17:50:16 +0200
Martin Kosek mko...@redhat.com wrote:
On 09/19/2014 05:23 PM, Rob Crittenden wrote:
Martin Basti wrote:
Hello list,
I need to use systemd mask/unmask in ipa service.
But as Honza wrote:
IMO masking/unmasking should be
On 09/19/2014 06:33 PM, Simo Sorce wrote:
On Fri, 19 Sep 2014 17:50:16 +0200
Martin Kosek mko...@redhat.com wrote:
On 09/19/2014 05:23 PM, Rob Crittenden wrote:
Martin Basti wrote:
Hello list,
I need to use systemd mask/unmask in ipa service.
But as Honza wrote:
IMO masking/unmasking
On 09/20/2014 10:22 PM, Nathaniel McCallum wrote:
On Wed, 2014-09-17 at 12:31 +0200, Martin Kosek wrote:
On 09/17/2014 08:51 AM, Jan Cholasta wrote:
Hi,
Dne 16.9.2014 v 19:32 Nathaniel McCallum napsal(a):
We perform this enforcement at the API level since:
* DS level enforcement would be
Hello Nathaniel,
Just a remark, in is_token if the entry is objectclass=ipaToken it
returns without freeing the 'objectclass' char array.
thanks
thierry
On 09/21/2014 09:07 PM, Nathaniel McCallum wrote:
Users that can rename the token (such as admins) can also create
non-UUID
Dne 19.9.2014 v 17:23 Rob Crittenden napsal(a):
Martin Basti wrote:
Hello list,
I need to use systemd mask/unmask in ipa service.
But as Honza wrote:
IMO masking/unmasking should be part of disabling/enabling a service in
systemd. AFAIK in most other init systems when you disable a service,
On 09/19/2014 07:29 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/4551
See ticket commit message for details.
Shouldn't we add a 1 sec sleep between tries? Wouldn't current version just
hammer DNS server with as many DNS queries as it can send?
Martin
On 22.9.2014 10:14, Martin Kosek wrote:
On 09/19/2014 07:29 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/4551
See ticket commit message for details.
Shouldn't we add a 1 sec sleep between tries? Wouldn't current version just
hammer DNS server with as many DNS queries as
On 09/22/2014 09:33 AM, thierry bordaz wrote:
Hello Nathaniel,
Just a remark, in is_token if the entry is objectclass=ipaToken it
returns without freeing the 'objectclass' char array.
thanks
thierry
On 09/21/2014 09:07 PM, Nathaniel McCallum wrote:
Users that can rename
On 09/22/2014 10:31 AM, Petr Spacek wrote:
On 22.9.2014 10:14, Martin Kosek wrote:
On 09/19/2014 07:29 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/4551
See ticket commit message for details.
Shouldn't we add a 1 sec sleep between tries? Wouldn't current version just
On 09/20/2014 09:39 PM, Nathaniel McCallum wrote:
On Sat, 2014-09-20 at 00:25 +0200, thierry bordaz wrote:
Hello Nathaniel,
sanitize_input translates MOD/REPLACE into MOD/DEL+MOD/ADD. It
looks good but difficult to think to all possible cases.
I think to the
On 09/17/2014 01:33 PM, Petr Spacek wrote:
Hello,
Add log message about initial LDAP synchronization.
ACK.
Regards,
--
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience
PGP: 1D9F3C2D
Red Hat Inc. http://cz.redhat.com
On 09/12/2014 04:46 PM, Martin Basti wrote:
On 12/09/14 16:38, Martin Kosek wrote:
On 09/12/2014 04:14 PM, Martin Basti wrote:
On 12/09/14 16:02, Martin Basti wrote:
I always forgot to install dogtag 10.2, so here is updated specfile.
COPR: http://copr.fedoraproject.org/coprs/vakwetu/dogtag/
On 22.9.2014 10:38, Martin Kosek wrote:
On 09/22/2014 10:31 AM, Petr Spacek wrote:
On 22.9.2014 10:14, Martin Kosek wrote:
On 09/19/2014 07:29 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/4551
See ticket commit message for details.
Shouldn't we add a 1 sec sleep
On 22.9.2014 11:52, Tomas Hozza wrote:
On 09/17/2014 01:33 PM, Petr Spacek wrote:
Hello,
Add log message about initial LDAP synchronization.
ACK.
Thanks!
Pushed to
master: ce1b8f400d236d0da5b76c90ddc93adbf6980691
v4: f03ff4d877240f13db419fde28e51d216277b87c
--
Petr^2 Spacek
On 19/09/14 15:46, Petr Spacek wrote:
Hello,
This patch set fixes
https://fedorahosted.org/bind-dyndb-ldap/ticket/127
https://bugzilla.redhat.com/show_bug.cgi?id=1138317
Please review it ASAP, it targets IPA 4.1/Fedora 21.
Tomas and Martin, please communicate who is going to review what :-)
On 09/01/2014 04:31 PM, Martin Basti wrote:
On 24/07/14 09:06, Martin Basti wrote:
On 23/07/14 15:17, Martin Basti wrote:
This patch fixes ordering problem of schema updates
Martin should it be in IPA 4.0.x ? It requires rebased ldap_python
(will be in Fedora 21)
Patch attached
I found a
On 09/22/2014 01:48 PM, Petr Spacek wrote:
On 22.9.2014 10:38, Martin Kosek wrote:
On 09/22/2014 10:31 AM, Petr Spacek wrote:
On 22.9.2014 10:14, Martin Kosek wrote:
On 09/19/2014 07:29 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/4551
See ticket commit message for
Hi,
the attached patches fix various bugs and shortcomings in the CA
management and renewal code. Related tickets:
https://fedorahosted.org/freeipa/ticket/4416,
https://fedorahosted.org/freeipa/ticket/4460.
(Patch 319 was originally posted at
On 09/22/2014 02:01 PM, Martin Basti wrote:
On 19/09/14 15:46, Petr Spacek wrote:
Hello,
This patch set fixes
https://fedorahosted.org/bind-dyndb-ldap/ticket/127
https://bugzilla.redhat.com/show_bug.cgi?id=1138317
Please review it ASAP, it targets IPA 4.1/Fedora 21.
Tomas and Martin, please
On Mon, 2014-09-22 at 11:22 +0200, thierry bordaz wrote:
On 09/20/2014 09:39 PM, Nathaniel McCallum wrote:
On Sat, 2014-09-20 at 00:25 +0200, thierry bordaz wrote:
Hello Nathaniel,
sanitize_input translates MOD/REPLACE into MOD/DEL+MOD/ADD. It
looks good but difficult
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/19/2014 03:46 PM, Petr Spacek wrote:
Hello,
This patch set fixes
https://fedorahosted.org/bind-dyndb-ldap/ticket/127
https://bugzilla.redhat.com/show_bug.cgi?id=1138317
Please review it ASAP, it targets IPA 4.1/Fedora 21.
Tomas and
On Sun, 21 Sep 2014 22:33:47 -0400
Nathaniel McCallum npmccal...@redhat.com wrote:
Comments inline.
+
+#define ch_malloc(type) \
+(type*) slapi_ch_malloc(sizeof(type))
+#define ch_calloc(count, type) \
+(type*) slapi_ch_calloc(count, sizeof(type))
+#define ch_free(p) \
+
On 09/18/2014 09:42 PM, Martin Kosek wrote:
On 09/18/2014 09:11 PM, Simo Sorce wrote:
On Thu, 18 Sep 2014 14:57:45 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Martin Kosek wrote:
On 09/18/2014 04:06 PM, David Kupka wrote:
On 09/18/2014 03:44 PM, Rob Crittenden wrote:
David Kupka wrote:
Hello Nathaniel,
I have a separated remark about updating the mods.
modifications of the entry occurs in two phases:
* call BE_PREOP plugins then apply the mods on the entry
* call BE_TXN_PREOP plugin then apply *only* extra mods on the entry
The plugin (BE_TXN_PREOP)
On Mon, 22 Sep 2014 10:34:54 +0200
Martin Kosek mko...@redhat.com wrote:
On 09/22/2014 09:33 AM, thierry bordaz wrote:
Hello Nathaniel,
Just a remark, in is_token if the entry is objectclass=ipaToken
it returns without freeing the 'objectclass' char array.
thanks
thierry
On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:34:54 +0200
Martin Kosek mko...@redhat.com wrote:
On 09/22/2014 09:33 AM, thierry bordaz wrote:
Hello Nathaniel,
Just a remark, in is_token if the entry is objectclass=ipaToken
it returns without
On Mon, 22 Sep 2014 15:36:01 +0200
David Kupka dku...@redhat.com wrote:
On 09/18/2014 09:42 PM, Martin Kosek wrote:
On 09/18/2014 09:11 PM, Simo Sorce wrote:
On Thu, 18 Sep 2014 14:57:45 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Martin Kosek wrote:
On 09/18/2014 04:06 PM, David
On 19.9.2014 14:29, Petr Vobornik wrote:
Hello,
attached patches implements Web UI part of ID Views. Backend is
currently on review as well - thread [PATCHES 247-259] ID views -
management part.
https://fedorahosted.org/freeipa/ticket/4535
I expect that backed can change and that the UI might
[PATCH] webui-ci: case-insensitive record check
Indirect association are no longer lower cased, which caused a issue in CI.
--
Petr Vobornik
From 78ec25f05eabfd61b89d497fa72e3f997dc3ef99 Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Mon, 22 Sep 2014 12:01:47 +0200
Association facet specs use 'add_method' instead of 'add_command'
origin: https://fedorahosted.org/freeipa/ticket/4507
--
Petr Vobornik
From ba765690eb3189381fecf1f6e071419e3f4530d6 Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Fri, 19 Sep 2014 18:27:35 +0200
Subject:
On Mon, 22 Sep 2014 10:02:01 -0400
Nathaniel McCallum npmccal...@redhat.com wrote:
On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:34:54 +0200
Martin Kosek mko...@redhat.com wrote:
On 09/22/2014 09:33 AM, thierry bordaz wrote:
Hello Nathaniel,
On Mon, 22 Sep 2014, Simo Sorce wrote:
On Mon, 22 Sep 2014 15:36:01 +0200
David Kupka dku...@redhat.com wrote:
On 09/18/2014 09:42 PM, Martin Kosek wrote:
On 09/18/2014 09:11 PM, Simo Sorce wrote:
On Thu, 18 Sep 2014 14:57:45 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Martin Kosek
On 22/09/14 08:53, Martin Kosek wrote:
On 09/19/2014 06:33 PM, Simo Sorce wrote:
On Fri, 19 Sep 2014 17:50:16 +0200
Martin Kosekmko...@redhat.com wrote:
On 09/19/2014 05:23 PM, Rob Crittenden wrote:
Martin Basti wrote:
Hello list,
I need to use systemd mask/unmask in ipa service.
But as
On Mon, 2014-09-22 at 10:55 -0400, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:02:01 -0400
Nathaniel McCallum npmccal...@redhat.com wrote:
On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:34:54 +0200
Martin Kosek mko...@redhat.com wrote:
On 09/22/2014
On 09/22/2014 04:16 PM, Simo Sorce wrote:
On Mon, 22 Sep 2014 15:36:01 +0200
David Kupka dku...@redhat.com wrote:
On 09/18/2014 09:42 PM, Martin Kosek wrote:
On 09/18/2014 09:11 PM, Simo Sorce wrote:
On Thu, 18 Sep 2014 14:57:45 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Martin
On Mon, 22 Sep 2014 17:05:15 +0200
Martin Basti mba...@redhat.com wrote:
On 22/09/14 08:53, Martin Kosek wrote:
On 09/19/2014 06:33 PM, Simo Sorce wrote:
On Fri, 19 Sep 2014 17:50:16 +0200
Martin Kosekmko...@redhat.com wrote:
On 09/19/2014 05:23 PM, Rob Crittenden wrote:
Martin
On 22/09/14 17:29, Simo Sorce wrote:
On Mon, 22 Sep 2014 17:05:15 +0200
Martin Basti mba...@redhat.com wrote:
On 22/09/14 08:53, Martin Kosek wrote:
On 09/19/2014 06:33 PM, Simo Sorce wrote:
On Fri, 19 Sep 2014 17:50:16 +0200
Martin Kosekmko...@redhat.com wrote:
On 09/19/2014 05:23 PM,
On 09/20/2014 10:22 PM, Nathaniel McCallum wrote:
On Wed, 2014-09-17 at 12:31 +0200, Martin Kosek wrote:
On 09/17/2014 08:51 AM, Jan Cholasta wrote:
Hi,
Dne 16.9.2014 v 19:32 Nathaniel McCallum napsal(a):
We perform this enforcement at the API level since:
* DS level enforcement would be
Simo Sorce wrote:
On Mon, 22 Sep 2014 17:05:15 +0200
Martin Basti mba...@redhat.com wrote:
On 22/09/14 08:53, Martin Kosek wrote:
On 09/19/2014 06:33 PM, Simo Sorce wrote:
On Fri, 19 Sep 2014 17:50:16 +0200
Martin Kosekmko...@redhat.com wrote:
On 09/19/2014 05:23 PM, Rob Crittenden
On 09/22/2014 05:37 PM, Martin Kosek wrote:
On 09/20/2014 10:22 PM, Nathaniel McCallum wrote:
On Wed, 2014-09-17 at 12:31 +0200, Martin Kosek wrote:
On 09/17/2014 08:51 AM, Jan Cholasta wrote:
Hi,
Dne 16.9.2014 v 19:32 Nathaniel McCallum napsal(a):
We perform this enforcement at the API
Hello,
Related ticket: https://fedorahosted.org/freeipa/ticket/3644
1) API
The ipaKrb5DelegationACL objectclass requires targets which are stored
in extra objectclass.
A) we allow users to create groups of principals and then associate them
as targets -- user can use same group for
On 09/22/2014 09:14 AM, Nathaniel McCallum wrote:
On Mon, 2014-09-22 at 10:55 -0400, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:02:01 -0400
Nathaniel McCallum npmccal...@redhat.com wrote:
On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:34:54 +0200
Martin Kosek
On Mon, 22 Sep 2014 17:25:27 +0200
Martin Kosek mko...@redhat.com wrote:
On 09/22/2014 04:16 PM, Simo Sorce wrote:
On Mon, 22 Sep 2014 15:36:01 +0200
David Kupka dku...@redhat.com wrote:
On 09/18/2014 09:42 PM, Martin Kosek wrote:
On 09/18/2014 09:11 PM, Simo Sorce wrote:
On Thu, 18
On Mon, 22 Sep 2014 17:36:01 +0200
Martin Basti mba...@redhat.com wrote:
On 22/09/14 17:29, Simo Sorce wrote:
On Mon, 22 Sep 2014 17:05:15 +0200
Martin Basti mba...@redhat.com wrote:
On 22/09/14 08:53, Martin Kosek wrote:
On 09/19/2014 06:33 PM, Simo Sorce wrote:
On Fri, 19 Sep 2014
On Mon, 22 Sep 2014 17:42:39 +0200
thierry bordaz tbor...@redhat.com wrote:
RFC 4527
Thanks a lot Thierry, this is exactly the control I had in mind last
week. If we could implement it then we could solve any issue where the
RDN needs to be modified by the ADD operation.
Simo.
--
Simo Sorce
On 19/09/14 13:54, Martin Kosek wrote:
I did not review, just found something that hit me in the eyes:
On 09/19/2014 01:25 PM, Martin Basti wrote:
+class OptionDeprecatedWarning(PublicMessage):
+
+**13004** Used when user uses a deprecated option
+
+
+errno = 13004
+type =
On 22/09/14 13:17, Petr Vobornik wrote:
On 19.9.2014 16:15, Martin Basti wrote:
Ticket: https://fedorahosted.org/freeipa/ticket/3414
Patch attached.
Patch 126:
1. I think that just
DeprecatedParam('dnsclass?'),
should be enough.
Sorry I forgot to reply, I was getting error without
On 19/09/14 14:47, Jan Cholasta wrote:
Dne 19.9.2014 v 13:33 Martin Basti napsal(a):
On 02/09/14 11:59, Martin Basti wrote:
On 02/09/14 09:10, Jan Cholasta wrote:
Hi,
Dne 1.9.2014 v 16:57 Martin Basti napsal(a):
This patch allows to disable service in LDAP to prevents service
to be
started
On Mon, 22 Sep 2014 12:58:58 -0400
Simo Sorce s...@redhat.com wrote:
On Mon, 22 Sep 2014 17:42:39 +0200
thierry bordaz tbor...@redhat.com wrote:
RFC 4527
Thanks a lot Thierry, this is exactly the control I had in mind last
week. If we could implement it then we could solve any issue
On 09/22/2014 04:55 PM, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:02:01 -0400
Nathaniel McCallum npmccal...@redhat.com wrote:
On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:34:54 +0200
Martin Kosek mko...@redhat.com wrote:
On 09/22/2014 09:33 AM, thierry bordaz
On 09/22/2014 06:58 PM, Simo Sorce wrote:
On Mon, 22 Sep 2014 17:42:39 +0200
thierry bordaz tbor...@redhat.com wrote:
RFC 4527
Thanks a lot Thierry, this is exactly the control I had in mind last
week. If we could implement it then we could solve any issue where the
RDN needs to be modified
On Mon, 22 Sep 2014 21:21:04 +0200
Martin Kosek mko...@redhat.com wrote:
On 09/22/2014 04:55 PM, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:02:01 -0400
Nathaniel McCallum npmccal...@redhat.com wrote:
On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote:
On Mon, 22 Sep 2014 10:34:54 +0200
On Mon, 22 Sep 2014, Martin Basti wrote:
Hello,
Related ticket: https://fedorahosted.org/freeipa/ticket/3644
1) API
The ipaKrb5DelegationACL objectclass requires targets which are stored
in extra objectclass.
A) we allow users to create groups of principals and then associate
them as
On 09/22/2014 01:28 PM, Martin Kosek wrote:
On 09/22/2014 06:58 PM, Simo Sorce wrote:
On Mon, 22 Sep 2014 17:42:39 +0200
thierry bordaz tbor...@redhat.com wrote:
RFC 4527
Thanks a lot Thierry, this is exactly the control I had in mind last
week. If we could implement it then we could solve
On Mon, 22 Sep 2014 17:45:55 +0200
Martin Basti mba...@redhat.com wrote:
Hello,
Related ticket: https://fedorahosted.org/freeipa/ticket/3644
1) API
The ipaKrb5DelegationACL objectclass requires targets which are
stored in extra objectclass.
A) we allow users to create groups of
55 matches
Mail list logo