On 10/15/2015 9:54 AM, Simo Sorce wrote:
3) ipa-ca-install fails with:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 445, in start_creation
run_step(full_msg, method)
File
On 10/5/2015 9:33 AM, Endi Sukma Dewata wrote:
On 10/5/2015 8:47 AM, Simo Sorce wrote:
2. The second attempt after re-enrolling client resulted in the error of
CA installation:
This is due to the known bug with authentication in Dogtag. Endy fixed
it upstream.
Endy,
do you know when the bug
On 10/5/2015 8:47 AM, Simo Sorce wrote:
2. The second attempt after re-enrolling client resulted in the error of
CA installation:
Starting replication, please wait until this has completed.
Update in progress, 7 seconds elapsed
Update succeeded
[4/24]: creating installation admin user
On 9/4/2015 6:35 AM, Martin Basti wrote:
On 09/02/2015 06:42 AM, Endi Sukma Dewata wrote:
On 9/1/2015 1:52 AM, Martin Basti wrote:
The CA and KRA installation code has been modified to use LDAPI
to create the CA and KRA agents directly in the CA and KRA
database. This way it's no longer
On 9/1/2015 1:52 AM, Martin Basti wrote:
The CA and KRA installation code has been modified to use LDAPI
to create the CA and KRA agents directly in the CA and KRA
database. This way it's no longer necessary to use the Directory
Manager password or CA and KRA admin certificate.
On 9/1/2015 10:22 AM, Simo Sorce wrote:
On Tue, 2015-09-01 at 17:15 +0200, Petr Vobornik wrote:
On 09/01/2015 04:39 PM, Jan Cholasta wrote:
On 1.9.2015 16:26, Jan Cholasta wrote:
On 26.8.2015 13:22, Petr Vobornik wrote:
On 08/25/2015 08:04 PM, Petr Vobornik wrote:
adds commands:
*
On 8/31/2015 6:18 AM, Martin Basti wrote:
On 08/27/2015 09:41 PM, Endi Sukma Dewata wrote:
The CA and KRA installation code has been modified to use LDAPI
to create the CA and KRA agents directly in the CA and KRA
database. This way it's no longer necessary to use the Directory
Manager
The CA and KRA installation code has been modified to use LDAPI
to create the CA and KRA agents directly in the CA and KRA
database. This way it's no longer necessary to use the Directory
Manager password or CA and KRA admin certificate.
https://fedorahosted.org/freeipa/ticket/5257
--
Endi S.
On 8/20/2015 2:08 AM, Endi Sukma Dewata wrote:
On 8/19/2015 4:20 AM, Martin Basti wrote:
On 08/16/2015 05:29 PM, Endi Sukma Dewata wrote:
The vault-add and vault-archive commands have been modified to
optionally retrieve a secret from a source vault, then re-archive
the secret into the new
Hi,
Recently I posted the following patches which are still pending review:
* 371-2: Added support for changing vault encryption.
* 375-1: Added mechanism to copy vault secrets.
Here are the tickets:
* https://fedorahosted.org/freeipa/ticket/5176
* https://fedorahosted.org/freeipa/ticket/5223
On 8/19/2015 4:20 AM, Martin Basti wrote:
On 08/16/2015 05:29 PM, Endi Sukma Dewata wrote:
The vault-add and vault-archive commands have been modified to
optionally retrieve a secret from a source vault, then re-archive
the secret into the new/existing target vault.
https://fedorahosted.org
On 8/19/2015 4:58 AM, Martin Basti wrote:
On 08/13/2015 07:11 PM, Endi Sukma Dewata wrote:
On 8/13/2015 8:06 AM, Martin Basti wrote:
The vault-mod command has been modified to support changing vault
encryption attributes (i.e. type, password, public/private keys)
in addition to normal
On 8/13/2015 9:18 AM, Martin Basti wrote:
The vault-add command has been fixed such that if the user/service
private vault container does not exist yet it will be created and
owned by the user/service instead of the vault creator.
https://fedorahosted.org/freeipa/ticket/5194
I cannot apply
On 8/13/2015 8:06 AM, Martin Basti wrote:
The vault-mod command has been modified to support changing vault
encryption attributes (i.e. type, password, public/private keys)
in addition to normal attributes (i.e. description). Changing the
encryption requires retrieving the stored secret with the
On 8/13/2015 6:00 AM, Petr Vobornik wrote:
On 08/11/2015 08:42 AM, Jan Cholasta wrote:
On 10.8.2015 21:12, Endi Sukma Dewata wrote:
On 8/4/2015 10:32 AM, Endi Sukma Dewata wrote:
Martin, I do not think going on with business as usual is the right
thing to do here. We know this is going
A new vault API has been added to rename the 'service' option to
'servicename' to avoid conflicts with 'service' member in a future
patch. The old API is retained for backward compatibility, but the
implementation has been changed to invoke the new API.
A new attribute has been added to the HasParams class to allow a
command to specify a different CLI name if necessary. By default
the command's CLI name is the same as the class name.
https://fedorahosted.org/freeipa/ticket/5189
--
Endi S. Dewata
From 6808e44b97148db8700e47d1d436dd0a30a0c9f9
On 8/4/2015 10:32 AM, Endi Sukma Dewata wrote:
Martin, I do not think going on with business as usual is the right
thing to do here. We know this is going to bite.
I suggest Endy adds a *new* API if making it backwards compatible is not
possible. The era of bumping whole API version must stop
Hi,
Just FYI, the recent IPA installation issue on F23 has been fixed:
https://bugzilla.redhat.com/show_bug.cgi?id=1250724
by installing a new TomcatJSS package:
https://admin.fedoraproject.org/updates/tomcatjss-7.1.3-1.fc23
The PKI dependency on TomcatJSS will be updated in the following
On 8/4/2015 8:51 AM, Martin Kosek wrote:
Please also note that my next patch that adds the ability to change vault type,
password, and keys will also require a client upgrade because the functionality
is mainly implemented on the client side. In this case API URL versioning will
be necessary.
On 8/3/2015 2:31 AM, Martin Kosek wrote:
On 07/31/2015 05:07 PM, Endi Sukma Dewata wrote:
The CLIs to manage vault owners and members have been modified
to accept services with a new parameter. Due to name conflict,
the existing 'service' parameter has been renamed to
'servicename'.
A new ACL
The vault-mod command has been modified to support changing vault
encryption attributes (i.e. type, password, public/private keys)
in addition to normal attributes (i.e. description). Changing the
encryption requires retrieving the stored secret with the old
attributes and rearchieving it with
On 8/3/2015 2:47 PM, Martin Kosek wrote:
On 08/03/2015 05:36 PM, Endi Sukma Dewata wrote:
On 8/3/2015 2:31 AM, Martin Kosek wrote:
On 07/31/2015 05:07 PM, Endi Sukma Dewata wrote:
The CLIs to manage vault owners and members have been modified
to accept services with a new parameter. Due
The code that exports the KRA agent certificate has been moved
such that it will be executed both on master and replica.
https://fedorahosted.org/freeipa/ticket/5174
--
Endi S. Dewata
From 04abaf7354d5c140d2bb88c7a58e54f0691fcbe4 Mon Sep 17 00:00:00 2001
From: Endi S. Dewata edew...@redhat.com
- Original Message -
On 07/07/2015 10:51 AM, Jan Cholasta wrote:
Dne 3.7.2015 v 15:44 Endi Sukma Dewata napsal(a):
Here is the rebased patch for vault access control.
LGTM, except:
@@ -356,6 +386,13 @@ class vault(LDAPObject
On 7/1/2015 1:53 AM, Jan Cholasta wrote:
I think it would be better to use a new attribute type which
inherits
from ipaPublicKey (ipaVaultPublicKey?) rather than ipaPublicKey
directly
for assymetric vault public keys, so that assymetric public key and
escrow public key are on the same level and
Here is the rebased patch for vault access control.
--
Endi S. Dewata
From 6bec99d51552a6415c45d655f95627e341fae44b Mon Sep 17 00:00:00 2001
From: Endi S. Dewata edew...@redhat.com
Date: Fri, 17 Oct 2014 12:05:34 -0400
Subject: [PATCH] Added vault access control.
New LDAP ACIs have been added
On 6/25/2015 12:35 AM, Jan Cholasta wrote:
I think it would be better to use a new attribute type which inherits
from ipaPublicKey (ipaVaultPublicKey?) rather than ipaPublicKey
directly
for assymetric vault public keys, so that assymetric public key and
escrow public key are on the same level
Please take a look at the new patch.
On 6/17/2015 1:32 AM, Jan Cholasta wrote:
I think it would be better to use a new attribute type which inherits
from ipaPublicKey (ipaVaultPublicKey?) rather than ipaPublicKey directly
for assymetric vault public keys, so that assymetric public key and
On 6/18/2015 8:19 PM, Fraser Tweedale wrote:
In order for IPA to use some new functionality in Profile Management and
Sub CAs, we need to add some additional schema to the Dogtag LDAP
instance.
Fraser has written a Dogtag upgrade script to do this upgrade, but this
script expects the DM
On 6/15/2015 2:22 AM, Jan Cholasta wrote:
I think it would be better to use a new attribute type which inherits
from ipaPublicKey (ipaVaultPublicKey?) rather than ipaPublicKey directly
for assymetric vault public keys, so that assymetric public key and
escrow public key are on the same level and
On 6/5/2015 7:13 AM, Jan Cholasta wrote:
If KRA is not installed, vault-archive and vault-retrieve fail with
internal error.
Added a code to check KRA installation in all vault commands. If you
know a way not to load the vault plugin if the KRA is not installed
please let me know, that's
On 6/3/2015 8:52 AM, Alexander Bokovoy wrote:
Having to use the same plugins for client and server is a framework
limitation/poor design. Having to use conditional imports to work
around the limitation is a bad programming practice. The fact that
trust plugin has to implement a similar
On 6/3/2015 1:41 AM, Martin Kosek wrote:
On 06/02/2015 11:22 PM, Alexander Bokovoy wrote:
On Tue, 02 Jun 2015, Endi Sukma Dewata wrote:
I think ideally the
client and server code should be in separate files (so they can be deployed
separately too), but the framework doesn't seem to allow
On 6/2/2015 1:34 PM, Simo Sorce wrote:
On Tue, 2015-06-02 at 12:04 +0200, Jan Cholasta wrote:
Dne 2.6.2015 v 02:02 Endi Sukma Dewata napsal(a):
On 5/28/2015 12:46 AM, Jan Cholasta wrote:
On a related note, since KRA is optional, can we move the vaults
container to cn=kra,cn=vaults
Please take a look at the new patch.
On 6/2/2015 10:05 AM, Martin Kosek wrote:
4) In the vault-archive forward method, you use pki module. However,
this module will be only available on FreeIPA PKI-powered servers and
not on FreeIPA clients - so this will not work unless freeipa-client
gets a
On 6/2/2015 1:10 AM, Martin Kosek wrote:
Hi Endi,
Quickly skimming through your patches raised couple questions on my side:
1) Will it be possible to also store plain text password via Vault? It
talks about taking in the binary data or the text file, but will it also
work with plain user
Please take a look at the updated patch.
On 5/27/2015 12:39 AM, Jan Cholasta wrote:
21) vault_archive is not a retrieve operation, it should be based on
LDAPUpdate instead of LDAPRetrieve. Or Command actually, since it
does
not do anything with LDAP. The same applies to vault_retrieve.
The
On 5/28/2015 12:46 AM, Jan Cholasta wrote:
On a related note, since KRA is optional, can we move the vaults
container to cn=kra,cn=vaults? This is the convetion used by the other
optional components (DNS and recently CA).
I mean cn=vaults,cn=kra of course.
If you are talking about the
Please take a look at the attached patch to add vault-archive/retrieve
commands.
On 4/20/2015 1:12 AM, Jan Cholasta wrote:
16) You do way too much stuff in vault_add.forward(). Only code that
must be done on the client needs to be there, i.e. handling of the
data, text and in options.
The
Before I send another patch I have some questions below.
On 5/19/2015 3:27 AM, Jan Cholasta wrote:
I changed the 'host vaults' to become 'service vaults'. The interface
will look like this:
$ ipa vault-find --service HTTP/server.example.com
$ ipa vault-add test --service
Please take a look at the attached new patch which includes some of your
changes you proposed.
On 5/14/2015 7:17 PM, Endi Sukma Dewata wrote:
On 5/14/2015 1:42 PM, Jan Cholasta wrote:
Question: Services in IPA are identified by Kerberos principal. Why are
service vaults identified by hostname
On 5/14/2015 1:42 PM, Jan Cholasta wrote:
Question: Services in IPA are identified by Kerberos principal. Why are
service vaults identified by hostname alone?
The service vaults are actually identified by the hostname and service
name assuming the principal is in this format: name/host@realm.
On 5/13/2015 4:09 AM, Jan Cholasta wrote:
Dne 12.5.2015 v 12:52 Endi Sukma Dewata napsal(a):
Please take a look at the attached patch (#353-9). It obsoletes all
previous patches. See comments below.
On 4/20/2015 1:12 AM, Jan Cholasta wrote:
I'm planning to merge the vault and vault container
Please take a look at the attached patch (#353-9). It obsoletes all
previous patches. See comments below.
On 4/20/2015 1:12 AM, Jan Cholasta wrote:
I'm planning to merge the vault and vault container object and use the
vault type attribute to distinguish between the two. See more discussion
On 3/13/2015 2:27 AM, Endi Sukma Dewata wrote:
On 3/11/2015 9:12 PM, Endi Sukma Dewata wrote:
Thanks for the review. New patch attached to be applied on top of all
previous patches. Please see comments below.
New patch #362-1 attached replacing #362. It fixed some issues in
handle_not_found
Thanks for the review. New patch attached to be applied on top of all
previous patches. Please see comments below.
On 3/6/2015 3:53 PM, Jan Cholasta wrote:
Patch 353:
1) Please follow PEP8 in new code.
The pep8 tool reports these errors in existing files:
./ipalib/constants.py:98:80: E501
On 3/11/2015 9:12 PM, Endi Sukma Dewata wrote:
Thanks for the review. New patch attached to be applied on top of all
previous patches. Please see comments below.
New patch #362-1 attached replacing #362. It fixed some issues in
handle_not_found().
--
Endi S. Dewata
From
Sorry for the long delay. Attached is an updated patch addressing most
of the concerns. I think the rest can be addressed in subsequent patches.
On 11/5/2014 4:06 AM, Petr Viktorin wrote:
ipapython/dn.py: This change is not needed. If you have a sequence of
RNDs you can do `DN(*seq)`.
This
On 11/4/2014 12:29 AM, Endi Sukma Dewata wrote:
On 10/28/2014 6:26 PM, Endi Sukma Dewata wrote:
On 10/23/2014 6:18 AM, Jan Cholasta wrote:
Hi,
Dne 22.10.2014 v 22:06 Endi Sukma Dewata napsal(a):
A new command has been added to retrieve the vault transport
certificate and optionally save
On 11/4/2014 12:28 AM, Endi Sukma Dewata wrote:
On 10/28/2014 5:35 PM, Endi Sukma Dewata wrote:
On 10/22/2014 3:04 PM, Endi Sukma Dewata wrote:
New LDAP ACIs have been added to allow users to create their own
private vault container, to allow owners to manage vaults and
containers
On 12/10/2014 9:59 PM, Petr Spacek wrote:
Alternatively we can use Vault for TSIG key storage and use Vault's capability
to share keys among many users. In that case we don't have problem with key
distribution nor authorization.
I am not convinced we should grow Vault dependency for this
Thanks for the review. I have some questions below. I'll post a new
patch after the issues are addressed.
On 11/4/2014 11:36 AM, Petr Viktorin wrote:
The new schema can go to 60basev3.ldif, no need for a new file.
Fixed. Also removed nsContainer as suggested by Simo.
On 10/28/2014 5:35 PM, Endi Sukma Dewata wrote:
On 10/22/2014 3:04 PM, Endi Sukma Dewata wrote:
New LDAP ACIs have been added to allow users to create their own
private vault container, to allow owners to manage vaults and
containers, and to allow members to use the vaults. New CLIs have
been
On 10/28/2014 6:26 PM, Endi Sukma Dewata wrote:
On 10/23/2014 6:18 AM, Jan Cholasta wrote:
Hi,
Dne 22.10.2014 v 22:06 Endi Sukma Dewata napsal(a):
A new command has been added to retrieve the vault transport
certificate and optionally save it into a file. The vault archive
and retrieve
The IPA vault has been modified to support symmetric and asymmetric
vaults to allow client to pre-encrypt the data. Due to the status
of the crypto library the actual encryption will be added separately
later.
New LDAP attribute types have been added to store vault type, salt
and public key.
New patch attached.
On 10/29/2014 7:58 AM, Petr Viktorin wrote:
Dependency is bumped to 10.2.1-0.1 which is available from my
COPR repo:
dnf copr enable edewata/pki
OK. We should get that to an IPA COPR before merging this.
How do we do that? Here is the SRPM:
Thanks for the review. New patch attached.
On 10/23/2014 3:59 AM, Petr Viktorin wrote:
In IPA we usually include the full ticket URL, not just the number.
Fixed.
The build fails with a lint message:
* Module ipaserver.plugins.dogtag
ipaserver/plugins/dogtag.py:1903:
On 10/22/2014 9:15 AM, Endi Sukma Dewata wrote:
The NSSConnection class has been modified not to shutdown the
existing NSS database if the database is already opened to
establish an SSL connection, or is already opened by another
code that uses an NSS database without establishing an SSL
On 10/22/2014 3:04 PM, Endi Sukma Dewata wrote:
On 10/16/2014 4:12 PM, Endi Sukma Dewata wrote:
On 10/15/2014 10:59 PM, Endi Sukma Dewata wrote:
The NSSConnection class has to be modified not to shutdown existing
database because some of the vault clients (e.g. vault-archive and
vault-retrieve
On 10/22/2014 3:04 PM, Endi Sukma Dewata wrote:
New LDAP ACIs have been added to allow users to create their own
private vault container, to allow owners to manage vaults and
containers, and to allow members to use the vaults. New CLIs have
been added to manage the owner and member list
On 10/23/2014 6:18 AM, Jan Cholasta wrote:
Hi,
Dne 22.10.2014 v 22:06 Endi Sukma Dewata napsal(a):
A new command has been added to retrieve the vault transport
certificate and optionally save it into a file. The vault archive
and retrieve command has been modified to retrieve the transport
The NSSConnection class has been modified not to shutdown the
existing NSS database if the database is already opened to
establish an SSL connection, or is already opened by another
code that uses an NSS database without establishing an SSL
connection such as vault CLIs.
Ticket #4638
--
Endi S.
On 10/15/2014 10:59 PM, Endi Sukma Dewata wrote:
The KRA backend has been simplified since most of the tasks have
been moved somewhere else. The transport certificate will be
installed on the client, and it is not needed by KRA backend. The
KRA agent's PEM certificate is now generated during
New LDAP ACIs have been added to allow users to create their own
private vault container, to allow owners to manage vaults and
containers, and to allow members to use the vaults. New CLIs have
been added to manage the owner and member list. For archive and
retrieve operations the access control
On 10/16/2014 4:12 PM, Endi Sukma Dewata wrote:
On 10/15/2014 10:59 PM, Endi Sukma Dewata wrote:
The NSSConnection class has to be modified not to shutdown existing
database because some of the vault clients (e.g. vault-archive and
vault-retrieve) also use a database to encrypt/decrypt
A new command has been added to retrieve the vault transport
certificate and optionally save it into a file. The vault archive
and retrieve command has been modified to retrieve the transport
certificate and store it locally for subsequent usage. This way
it's no longer necessary to manually
On 10/20/2014 12:22 PM, Petr Vobornik wrote:
Fixes issues when dialog is not removed from `IPA.opened_dialogs`
registry when dialog.close() is called while the dialog is not shown,
i.e., while other dialog is shown. Without it, the dialog is could be
incorrectly displayed.
New dialog's property
On 10/19/2014 8:22 AM, Petr Vobornik wrote:
On 17.10.2014 22:51, Endi Sukma Dewata wrote:
On 10/10/2014 6:45 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/4616
This patch does not apply. Does it depend on another patch?
rebased version attached. Should be applicable
On 10/17/2014 4:55 PM, Petr Vobornik wrote:
On 17.10.2014 22:51, Endi Sukma Dewata wrote:
On 10/10/2014 6:44 AM, Petr Vobornik wrote:
Web UI part of:
https://fedorahosted.org/freeipa/ticket/4615
Patch 767 is a little refactoring needed for $pre_op(as plain object)
work as intended even
On 10/17/2014 8:36 AM, Petr Vobornik wrote:
Server part has been pushed. Version which matches its API attached.
ACK.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 10/3/2014 11:48 AM, Petr Vobornik wrote:
Allow to use --force when changing authoritative nameserver address in
DNS zone.
Same for dnsrecord-add for NS record.
https://fedorahosted.org/freeipa/ticket/4573
ACK, just some minor issues:
1. The 'Check DNS' button might be interpreted as
On 10/10/2014 6:44 AM, Petr Vobornik wrote:
Web UI part of:
https://fedorahosted.org/freeipa/ticket/4615
Patch 767 is a little refactoring needed for $pre_op(as plain object)
work as intended even with instantiated objects + fixes a bug where
Evented objects were not considered a framework
On 10/10/2014 6:45 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/4616
This patch does not apply. Does it depend on another patch?
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 10/15/2014 10:59 PM, Endi Sukma Dewata wrote:
The NSSConnection class has to be modified not to shutdown existing
database because some of the vault clients (e.g. vault-archive and
vault-retrieve) also use a database to encrypt/decrypt the secret.
The problem is described in more detail
This patch provides the initial vault implementation which allows
the admin to create a vault, archive a secret, and retrieve the
secret using a standard vault.
It currently has limitations including:
- The vault only supports the standard vault type.
- The vault can only be used by the admin
The KRA backend has been simplified since most of the tasks have
been moved somewhere else. The transport certificate will be
installed on the client, and it is not needed by KRA backend. The
KRA agent's PEM certificate is now generated during installation
due to permission issue. The kra_host()
On 9/29/2014 2:40 AM, Petr Vobornik wrote:
On 24.9.2014 12:17, Petr Vobornik wrote:
webui: do not offer ipa-ad-winsync and ipa-ipa-trust range types
They are not supported by API.
Forgot to attach patch...
ACK.
--
Endi S. Dewata
___
On 9/26/2014 10:25 AM, Petr Vobornik wrote:
On 25.9.2014 19:07, Petr Vobornik wrote:
All issues will be done separately as already stated in other
sub-thread. I've removed issues which are discussed in the other
sub-thread.
2. The tab titles in the ID view details page are quite long, and the
On 9/25/2014 2:25 AM, Alexander Bokovoy wrote:
On Wed, 24 Sep 2014, Endi Sukma Dewata wrote:
4. If I understand correctly the description field for the User ID
Overrides and Group ID Overrides should be optional too because it's
also used to optionally override the description attribute
On 9/24/2014 8:26 AM, Petr Vobornik wrote:
On 24.9.2014 04:43, Endi Sukma Dewata wrote:
On 9/22/2014 9:49 AM, Petr Vobornik wrote:
[PATCH] webui-ci: case-insensitive record check
Indirect association are no longer lower cased, which caused a issue
in CI.
Is the use of |= operator
On 9/19/2014 7:29 AM, Petr Vobornik wrote:
Hello,
attached patches implements Web UI part of ID Views. Backend is
currently on review as well - thread [PATCHES 247-259] ID views -
management part.
https://fedorahosted.org/freeipa/ticket/4535
I expect that backed can change and that the UI
On 9/24/2014 9:43 AM, Petr Vobornik wrote:
On 24.9.2014 16:30, Endi Sukma Dewata wrote:
On 9/19/2014 7:29 AM, Petr Vobornik wrote:
Hello,
attached patches implements Web UI part of ID Views. Backend is
currently on review as well - thread [PATCHES 247-259] ID views -
management part.
https
On 9/22/2014 9:49 AM, Petr Vobornik wrote:
[PATCH] webui-ci: case-insensitive record check
Indirect association are no longer lower cased, which caused a issue in CI.
Is the use of |= operator intentional? I don't see the has variable
defined anywhere else in this method.
has |=
On 9/22/2014 9:50 AM, Petr Vobornik wrote:
Association facet specs use 'add_method' instead of 'add_command'
origin: https://fedorahosted.org/freeipa/ticket/4507
ACK.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 9/9/2014 10:48 AM, Petr Vobornik wrote:
[PATCH] 727 webui: hide empty fields and sections
Will the counter field strictly have a
value with HOTP only and clock offset interval fields strictly have
value with TOTP only? Do these fields contain the configured values or
the effective values?
On 9/10/2014 9:59 AM, Petr Vobornik wrote:
On 4.9.2014 21:26, Endi Sukma Dewata wrote:
On 8/29/2014 11:00 AM, Petr Vobornik wrote:
[PATCH] 746 webui: append network.negotiate-auth.trusted-uris
https://fedorahosted.org/freeipa/ticket/4478
Some comments/questions:
1. If I'm reading
On 8/22/2014 11:29 AM, Petr Vobornik wrote:
Ticket: https://fedorahosted.org/freeipa/ticket/4507
Support for delegating RBAC roles to service principals added new
attribute members. [1][2] Most of Web UI was automatically extended but
the defaults chose wrong associator for service's
On 8/29/2014 3:40 AM, Petr Vobornik wrote:
Password change initiated from header menu notified success twice.
First one in `dialogs.password.dialog` and second one in a success
callback. The second notification was removed.
Caused by:
On 8/29/2014 11:00 AM, Petr Vobornik wrote:
[PATCH] 746 webui: append network.negotiate-auth.trusted-uris
https://fedorahosted.org/freeipa/ticket/4478
Some comments/questions:
1. If I'm reading this correctly, if the preference is currently empty,
the method will just return without setting
On 8/22/2014 3:31 AM, Petr Vobornik wrote:
On 12.8.2014 17:59, Endi Sukma Dewata wrote:
On 8/5/2014 6:31 AM, Petr Vobornik wrote:
ticket: https://fedorahosted.org/freeipa/ticket/4402
snip (ACK of 720, 721) but patch 720 was replaced by a new version
ACK.
[PATCH] 724 webui: display fields
On 9/2/2014 10:15 AM, Petr Vobornik wrote:
DNS zone 'Add and Edit' failed because of new DNS name encoding.
This patch makes sure that keys are extracted properly.
https://fedorahosted.org/freeipa/ticket/4520
ACK.
--
Endi S. Dewata
___
On 8/21/2014 11:06 AM, Petr Vobornik wrote:
based on:
http://www.redhat.com/archives/freeipa-devel/2014-August/msg00073.html
- bounce url param was renamed from 'redirect' to 'url'
- support for 'delay' param added
Behavior:
- Continue to next page link is shown if 'url' is present
- page is
On 8/22/2014 6:51 AM, Petr Vobornik wrote:
Errors should reflect only a result of last operation.
https://fedorahosted.org/freeipa/ticket/4470
Fixes issue found by Endi:
Try logging in with an incorrect password/OTP. After you get a login
error click Sync OTP Token. Once the sync is
On 8/21/2014 7:18 AM, Simo Sorce wrote:
On Thu, 2014-08-21 at 14:11 +0200, Petr Vobornik wrote:
On 13.8.2014 17:20, Endi Sukma Dewata wrote:
2. Can the UI parse the new key and display it the same way as other
keys that are already saved? That will make it more seamless.
Would be nice
On 8/22/2014 12:18 PM, Petr Vobornik wrote:
On 22.8.2014 17:51, Simo Sorce wrote:
On Fri, 2014-08-22 at 09:52 -0500, Endi Sukma Dewata wrote:
On 8/21/2014 7:18 AM, Simo Sorce wrote:
On Thu, 2014-08-21 at 14:11 +0200, Petr Vobornik wrote:
On 13.8.2014 17:20, Endi Sukma Dewata wrote:
2. Can
On 8/5/2014 6:38 AM, Petr Vobornik wrote:
[PATCH] 733 webui: rename tooltip to title
- use title for input's elements 'title' attribute
- tooltip for Bootstrap's tooltip component
https://fedorahosted.org/freeipa/ticket/4471
ACK.
[PATCH] 734 webui: tooltip support
Allow to set 'tooltip'
On 8/5/2014 6:43 AM, Petr Vobornik wrote:
[PATCH] 736 webui: convert widget.less indentation to spaces
ACK.
[PATCH] 737 webui: improve rule table css
- category radio line has line-height large enough to contain
undo button - content doesn't move several pixels on change
- remove vertical
On 8/5/2014 10:11 AM, Petr Vobornik wrote:
- display info message which points user to FreeOTP project page
- the link or the text can be easily changed by a plugin if needed
https://fedorahosted.org/freeipa/ticket/4469
Notes:
- the design can be a subject of discussion.
- the FreeOTP project
On 7/29/2014 5:53 AM, Petr Vobornik wrote:
Just one thing, there is no pause between clicking the Reset button
and the redirection, so the Password reset was successful.
confirmation message might only appear very briefly. A possible
alternative is to show a confirmation page/message, but the
1 - 100 of 972 matches
Mail list logo