https://fedorahosted.org/freeipa/ticket/4620
--
David Kupka
From b6aba1531af03ca3511690548de109d585828486 Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Wed, 19 Nov 2014 09:57:59 -0500
Subject: [PATCH] Fix --{user,group}-ignore-attribute in migration plugin.
Ignore case in
On 11/20/2014 09:51 AM, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4620
This should work fine, the change was also already tested by the reporter. Do
we also normalize the user blacklist option so that it works if user passes for
example a CamelCase'd attributes?
Martin
Dne 20.11.2014 v 09:51 David Kupka napsal(a):
https://fedorahosted.org/freeipa/ticket/4620
IMO changing the loop to:
for attr in attr_blacklist:
entry_attrs.pop(attr, None)
would be better, because LDAPEntry already handles case insensitivity in
attribute names.
--
Jan Cholasta
On 19.11.2014 15:57, Simo Sorce wrote:
On Wed, 19 Nov 2014 10:17:03 +0100
Martin Basti mba...@redhat.com wrote:
Given the obstacles, I am inclining for
- pushing B as a safe fix for Fedora 21 Final
- fixing issues in A and pushing it for minor release after that to
avoid the nasty warning and
On Wed, 19 Nov 2014, Simo Sorce wrote:
- Original Message -
From: Alexander Bokovoy aboko...@redhat.com
[...]
Regarding the patchset itself:
Patch 0001: fix 'wuld' in the commit message. The rest is fine.
Fixed.
Patch 0002:
- ticket number is missing in the commit message
On 11/20/2014 10:03 AM, Jan Cholasta wrote:
Dne 20.11.2014 v 09:51 David Kupka napsal(a):
https://fedorahosted.org/freeipa/ticket/4620
IMO changing the loop to:
for attr in attr_blacklist:
entry_attrs.pop(attr, None)
would be better, because LDAPEntry already handles case
On 10/08/2014 04:41 PM, Petr Viktorin wrote:
This adds basic checks that PAM, DNS, and Kerberos are working before
after the backuprestore (in addition to DS, CA IPA CLI that were
there before).
Ping, can someone review this patch?
--
PetrĀ³
___
On 20/11/14 11:54, Petr Viktorin wrote:
On 10/08/2014 04:41 PM, Petr Viktorin wrote:
This adds basic checks that PAM, DNS, and Kerberos are working before
after the backuprestore (in addition to DS, CA IPA CLI that were
there before).
Ping, can someone review this patch?
I will review
On Wed, 19 Nov 2014, Jan Cholasta wrote:
Dne 19.11.2014 v 14:07 Petr Vobornik napsal(a):
On 19.11.2014 13:59, Jan Cholasta wrote:
Dne 19.11.2014 v 13:55 Petr Vobornik napsal(a):
On 18.11.2014 23:29, Nathaniel McCallum wrote:
On Tue, 2014-11-18 at 19:56 +0100, Jan Cholasta wrote:
Hi,
the
Hello,
We seem to have enough content to release 4.1.2 that will be required to fix
some of the Fedora 21 blockers:
https://bugzilla.redhat.com/show_bug.cgi?id=1165856
https://bugzilla.redhat.com/show_bug.cgi?id=1165261
and Freeze exception:
https://bugzilla.redhat.com/show_bug.cgi?id=1165674
On 20/11/14 11:53, David Kupka wrote:
On 11/20/2014 10:03 AM, Jan Cholasta wrote:
Dne 20.11.2014 v 09:51 David Kupka napsal(a):
https://fedorahosted.org/freeipa/ticket/4620
IMO changing the loop to:
for attr in attr_blacklist:
entry_attrs.pop(attr, None)
would be better,
On Thu, 20 Nov 2014 12:36:45 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Wed, 19 Nov 2014, Simo Sorce wrote:
- Original Message -
From: Alexander Bokovoy aboko...@redhat.com
[...]
Regarding the patchset itself:
Patch 0001: fix 'wuld' in the commit message. The rest
so that httpd ccache won't contain old credentials which would make ipa
CLI fail with error:
Insufficient access: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information
(Decrypt integrity check failed)
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4727.
Honza
--
Jan Cholasta
From 2cf85ec35cf4618279af81ba16d4a4805e8c590e Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 20 Nov 2014 13:57:46 +
Subject: [PATCH] Stop tracking certificates
On Thu, 2014-11-20 at 09:12 -0500, Simo Sorce wrote:
On Thu, 20 Nov 2014 12:36:45 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Wed, 19 Nov 2014, Simo Sorce wrote:
- Original Message -
From: Alexander Bokovoy aboko...@redhat.com
[...]
Regarding the patchset
Dne 20.11.2014 v 14:51 Martin Basti napsal(a):
On 20/11/14 11:53, David Kupka wrote:
On 11/20/2014 10:03 AM, Jan Cholasta wrote:
Dne 20.11.2014 v 09:51 David Kupka napsal(a):
https://fedorahosted.org/freeipa/ticket/4620
IMO changing the loop to:
for attr in attr_blacklist:
On 20/11/14 15:25, Jan Cholasta wrote:
Dne 20.11.2014 v 14:51 Martin Basti napsal(a):
On 20/11/14 11:53, David Kupka wrote:
On 11/20/2014 10:03 AM, Jan Cholasta wrote:
Dne 20.11.2014 v 09:51 David Kupka napsal(a):
https://fedorahosted.org/freeipa/ticket/4620
IMO changing the loop to:
On 11/19/2014 06:51 PM, Petr Vobornik wrote:
Escape user defined text to prevent XSS attacks. Extra precaution was
taken to escape also parts which are unlikely to contain user-defined
text.
https://fedorahosted.org/freeipa/ticket/4742
resolves CVE-2014-7850
f21 blocker candidate,
On Thu, 20 Nov 2014, Nathaniel McCallum wrote:
On Thu, 2014-11-20 at 09:12 -0500, Simo Sorce wrote:
On Thu, 20 Nov 2014 12:36:45 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Wed, 19 Nov 2014, Simo Sorce wrote:
- Original Message -
From: Alexander Bokovoy
Dne 19.11.2014 v 15:12 Tomas Babej napsal(a):
On 11/19/2014 02:03 PM, Jan Cholasta wrote:
Dne 19.11.2014 v 13:44 Tomas Babej napsal(a):
On 11/19/2014 12:51 PM, Martin Kosek wrote:
On 11/19/2014 12:41 PM, Tomas Babej wrote:
On 11/19/2014 12:24 PM, Martin Kosek wrote:
On 11/19/2014 12:03
On 11/13/2014 09:59 AM, Martin Basti wrote:
On 12/11/14 15:55, Martin Basti wrote:
Part of ticket: https://fedorahosted.org/freeipa/ticket/4657
And here is the patch, sorry :-)
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 11/20/2014 02:11 PM, Jan Cholasta wrote:
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4712.
Honza
Thank you!
ACK, pushed to:
master: 3d1e9813e641db59b7dff52f809949bff6c90ce0
ipa-4-1: 215f5451b284c627e9c298ebbc4ee786ced43720
--
PetrĀ³
On 11/20/2014 03:15 PM, Petr Vobornik wrote:
so that httpd ccache won't contain old credentials which would make ipa
CLI fail with error:
Insufficient access: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information
(Decrypt integrity check
On 11/20/2014 04:31 PM, David Kupka wrote:
On 11/13/2014 09:59 AM, Martin Basti wrote:
On 12/11/14 15:55, Martin Basti wrote:
Part of ticket: https://fedorahosted.org/freeipa/ticket/4657
And here is the patch, sorry :-)
Works for me, thanks, ACK.
Pushed to:
master:
On Thu, 20 Nov 2014 16:47:29 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Thu, 20 Nov 2014, Nathaniel McCallum wrote:
On Thu, 2014-11-20 at 09:12 -0500, Simo Sorce wrote:
On Thu, 20 Nov 2014 12:36:45 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Wed, 19 Nov 2014, Simo
On Thu, 2014-11-20 at 10:47 -0500, Simo Sorce wrote:
On Thu, 20 Nov 2014 16:47:29 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Thu, 20 Nov 2014, Nathaniel McCallum wrote:
On Thu, 2014-11-20 at 09:12 -0500, Simo Sorce wrote:
On Thu, 20 Nov 2014 12:36:45 +0200
Alexander
On 11/20/2014 03:35 PM, Martin Basti wrote:
On 20/11/14 15:25, Jan Cholasta wrote:
Dne 20.11.2014 v 14:51 Martin Basti napsal(a):
On 20/11/14 11:53, David Kupka wrote:
On 11/20/2014 10:03 AM, Jan Cholasta wrote:
Dne 20.11.2014 v 09:51 David Kupka napsal(a):
On Thu, 20 Nov 2014 10:47:35 -0500
Simo Sorce s...@redhat.com wrote:
On Thu, 20 Nov 2014 16:47:29 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Thu, 20 Nov 2014, Nathaniel McCallum wrote:
On Thu, 2014-11-20 at 09:12 -0500, Simo Sorce wrote:
On Thu, 20 Nov 2014 12:36:45 +0200
This tests the general workflow for OTP including most possible
token combinations. This includes 5872 tests. Further optimization
is possible to reduce the number of duplicate tests run.
Things not yet tested:
* ipa-kdb
* ipa-otpd
* otptoken-sync
* RADIUS proxy
* token self-management
* type
On 11/20/2014 05:13 PM, Nathaniel McCallum wrote:
This tests the general workflow for OTP including most possible
token combinations. This includes 5872 tests. Further optimization
is possible to reduce the number of duplicate tests run.
Things not yet tested:
* ipa-kdb
* ipa-otpd
*
Ticket: https://fedorahosted.org/freeipa/ticket/4747
Patch attached:
--
Martin Basti
From 98ce62ec68a406fa30c4a9ed4249ebb1b1330e4e Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Thu, 20 Nov 2014 17:45:46 +0100
Subject: [PATCH] Fix: read_ip_addresses should return ipaddr
On Thu, 2014-11-20 at 17:32 +0100, Petr Viktorin wrote:
On 11/20/2014 05:13 PM, Nathaniel McCallum wrote:
This tests the general workflow for OTP including most possible
token combinations. This includes 5872 tests. Further optimization
is possible to reduce the number of duplicate tests
Use new capability in python-nss-0.16 to use the NSS protocol range
setter. This lets us enable TLSv1.1 and TLSv1.2 for client connections.
I made this configurable via tls_protocol_range in case somebody wants
to override it.
There isn't a whole ton of error handling on bad input but there is
On Thu, 2014-11-20 at 13:03 -0500, Nathaniel McCallum wrote:
On Thu, 2014-11-20 at 17:32 +0100, Petr Viktorin wrote:
On 11/20/2014 05:13 PM, Nathaniel McCallum wrote:
This tests the general workflow for OTP including most possible
token combinations. This includes 5872 tests. Further
On 11/20/2014 05:13 PM, Nathaniel McCallum wrote:
This tests the general workflow for OTP including most possible
token combinations. This includes 5872 tests. Further optimization
is possible to reduce the number of duplicate tests run.
Good job! Yup, heavy optimization will be needed later.
35 matches
Mail list logo