set.
Keep in mind that overlap checking is ensured by ipa-range-check
DS plugin.
https://fedorahosted.org/freeipa/ticket/3498
Tomas
From fd62902846b9cb8d81d0eb0dd19f9f33fa60feca Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 13 May 2013 13:19:12 +0200
Subject: [PATCH
Hi,
this patcheset deals with https://fedorahosted.org/freeipa/ticket/3602
See commit messages for details.
Tomas
From 9f29d3b89f24d39dafe067d7eda136614dd3ee1e Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 9 May 2013 14:47:29 +0200
Subject: [PATCH 55/55] Prompt
On 04/16/2013 10:40 AM, Petr Spacek wrote:
Hello,
Disallow all dynamic updates if update policy configuration failed.
Without this patch the old update policy stays in effect
when re-configuration failed.
___
Freeipa-devel mailing list
On 04/16/2013 12:44 PM, Petr Spacek wrote:
Hello,
Improve error logging for zones with idnsAllowDynUpdate == FALSE.
Zones with dynamic updates disabled are re-configured with empty
update policy string, so the update is refused by BIND and
an error is logged.
On 05/06/2013 02:03 PM, Petr Spacek wrote:
On 18.4.2013 11:04, Petr Spacek wrote:
Hello,
Clean up PTR record synchronization code and make it more robust.
PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.
On 04/30/2013 03:45 PM, Petr Spacek wrote:
Hello,
Replace TTL values 2^31-1 with 0.
The rule comes from RFC 2181 section 8.
https://fedorahosted.org/bind-dyndb-ldap/ticket/117
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 05/03/2013 02:55 PM, Petr Spacek wrote:
On 3.5.2013 14:35, Tomas Babej wrote:
On 04/30/2013 03:45 PM, Petr Spacek wrote:
Hello,
Replace TTL values 2^31-1 with 0.
The rule comes from RFC 2181 section 8.
https://fedorahosted.org/bind-dyndb-ldap/ticket/117
On 04/16/2013 12:45 PM, Petr Spacek wrote:
Hello,
Explicitly return SERVFAIL if PTR synchronization is misconfigured.
SERVFAIL will be returned if PTR synchronization is enabled
in forward zone but reverse zone has dynamic updates disabled.
___
On 04/30/2013 05:24 PM, Petr Viktorin wrote:
On 04/30/2013 02:32 PM, Tomas Babej wrote:
On 04/11/2013 09:57 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
In ipa-replica-manage commands, we enforce that hostnames we work
with are resolvable. However, this caused errors while deleting
On 04/11/2013 09:57 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
In ipa-replica-manage commands, we enforce that hostnames we work
with are resolvable. However, this caused errors while deleting
or disconnecting a ipa / winsync replica, if that replica was down
and authoritative server
Cholasta wrote:
Hi,
On 23.4.2013 12:28, Tomas Babej wrote:
Hi,
We should respect already configured options present in
/etc/openldap/ldap.conf when generating our own configuration.
With this patch, we only rewrite URI, BASE and TLS_CACERT
options.
https://fedorahosted.org/freeipa/ticket/3582
On 04/29/2013 08:13 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 04/25/2013 12:42 PM, Martin Kosek wrote:
On 04/25/2013 12:29 PM, Jan Cholasta wrote:
On 25.4.2013 08:51, Martin Kosek wrote:
On 04/24/2013 08:02 PM, Rob Crittenden wrote:
Jan Cholasta wrote:
On 24.4.2013 14:54, Martin
Hi,
This patch exposes user entry gecos field in Web UI.
https://fedorahosted.org/freeipa/ticket/3569
Tomas
From e98b134ea55fb9155c7d2556f8c6c6f1b168445c Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 24 Apr 2013 14:12:50 +0200
Subject: [PATCH] Make gecos field
On 04/22/2013 10:26 PM, Ana Krivokapic wrote:
The 'Host Administrators' privilege was missing two permissions
('Retrieve Certificates from the CA' and 'Revoke Certificate'), causing
the inability to remove a host with a certificate.
https://fedorahosted.org/freeipa/ticket/3585
e8b9c4757a9e8f575e037c3293644d06af74eccc Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 22 Apr 2013 11:37:33 +0200
Subject: [PATCH] Avoid removing sss from nssswitch.conf during client
uninstall
This patch makes sure that sss is not removed from nsswitch.conf
which causes probles with later uses
00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 22 Apr 2013 12:02:45 +0200
Subject: [PATCH] Add hint message about --force-join option when enrollment
fails
When client enrollment fails due to the fact that host entry
already exists on the server, display an message informing the
user
17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 22 Apr 2013 12:55:38 +0200
Subject: [PATCH] Preserve already configured options in openldap conf
We should respect already configured options present in
/etc/openldap/ldap.conf when generating our own configuration.
With this patch
On 04/11/2013 04:35 PM, Petr Viktorin wrote:
On 04/11/2013 03:59 PM, Simo Sorce wrote:
On Thu, 2013-04-11 at 14:52 +0200, Petr Viktorin wrote:
On 04/11/2013 02:43 PM, Simo Sorce wrote:
On Thu, 2013-04-11 at 14:24 +0200, Petr Viktorin wrote:
On 04/11/2013 12:05 PM, Tomas Babej wrote:
Hi
On 04/23/2013 01:23 PM, Petr Viktorin wrote:
On 04/23/2013 12:25 PM, Tomas Babej wrote:
Hi,
This patch makes sure that sss is not removed from nsswitch.conf
which causes probles with later uses of sssd. Makes sure that
authconfig with --disablesssd option is not executed during
ipa client
On 04/15/2013 11:58 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 04/09/2013 11:47 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Trying to insert nsDS5ReplicatedAttributeListTotal and
nsds5ReplicaStripAttrs to winsync agreements caused upgrade errors.
With this patch, these attributes
On 04/12/2013 04:52 PM, Petr Viktorin wrote:
On 04/12/2013 04:10 PM, Tomas Babej wrote:
Hi,
We need to add nfs:NONE as a default PAC type only if there's no
other default PAC type for nfs. Adds a update plugin which
determines whether default PAC type for nfs is set and adds
nfs:NONE PAC type
On 04/08/2013 03:55 PM, Martin Kosek wrote:
On 04/01/2013 09:52 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 02/12/2013 06:23 PM, Simo Sorce wrote:
On Tue, 2013-02-12 at 18:03 +0100, Tomas Babej wrote:
On 02/12/2013 05:50 PM, Tomas Babej wrote:
Hi,
This patch adds a check
99b2c505226eba7aad3f4b55cfc362082f9d035a Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 11 Apr 2013 16:59:41 +0200
Subject: [PATCH] Add nfs:NONE to default PAC types only when needed
We need to add nfs:NONE as a default PAC type only if there's no
other default PAC type for nfs. Adds a update
Hi,
Makes DNAME target validation less strict and allows underscore.
This is requirement for IPA sites.
https://fedorahosted.org/freeipa/ticket/3550
Tomas
From 2027f5d27ad061d21f163fd9f667d42392a2bd0b Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 11 Apr 2013 11:18:17
On 04/09/2013 11:47 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Trying to insert nsDS5ReplicatedAttributeListTotal and
nsds5ReplicaStripAttrs to winsync agreements caused upgrade errors.
With this patch, these attributes are skipped for winsync agreements.
Made
On 04/08/2013 12:28 PM, Tomas Babej wrote:
On 04/05/2013 07:43 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 04/04/2013 04:25 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On Tue 02 Apr 2013 10:05:06 AM CEST, Tomas Babej wrote:
On Mon 01 Apr 2013 10:01:14 PM CEST, Rob Crittenden wrote
On 04/09/2013 01:54 PM, Tomas Babej wrote:
Hi,
In ipa-replica-manage commands, we enforce that hostnames we work
with are resolvable. However, this caused errors while deleting
or disconnecting a ipa / winsync replica, if that replica was down
and authoritative server for itself.
https
f4024fa1d4a68a478572580ac3abde09fd1556df Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Tue, 9 Apr 2013 13:45:34 +0200
Subject: [PATCH] Enforce host existence only where needed in
ipa-replica-manage
In ipa-replica-manage commands, we enforce that hostnames we work
On 04/05/2013 07:43 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 04/04/2013 04:25 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On Tue 02 Apr 2013 10:05:06 AM CEST, Tomas Babej wrote:
On Mon 01 Apr 2013 10:01:14 PM CEST, Rob Crittenden wrote:
Tomas Babej wrote:
On Tue 19 Feb 2013 08:37
to find_replication_agreements. It returns list of
entries instead of unicode strings now.
https://fedorahosted.org/freeipa/ticket/3522
Tomas
From 9fb51e0167fe99186d5404490770ed5b8f3cfe2b Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 8 Apr 2013 14:09:16 +0200
Subject: [PATCH] Update only
On 04/04/2013 04:25 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On Tue 02 Apr 2013 10:05:06 AM CEST, Tomas Babej wrote:
On Mon 01 Apr 2013 10:01:14 PM CEST, Rob Crittenden wrote:
Tomas Babej wrote:
On Tue 19 Feb 2013 08:37:26 PM CET, Rob Crittenden wrote:
Tomas Babej wrote:
On 02/04/2013
On 03/22/2013 03:03 PM, Martin Kosek wrote:
On 03/21/2013 06:10 PM, Petr Vobornik wrote:
On 03/21/2013 05:10 PM, Martin Kosek wrote:
On 03/16/2013 03:32 AM, Endi Sukma Dewata wrote:
On 3/12/2013 11:28 AM, Petr Vobornik wrote:
Here's a patch for filtering groups by type.
Design page:
On Tue 02 Apr 2013 08:14:12 PM CEST, Ana Krivokapic wrote:
Hello,
The CA cert (/etc/ipa/ca.crt) was not being removed on client uninstall,
causing failure on subsequent client installation in some cases.
https://fedorahosted.org/freeipa/ticket/3537
On Tue 02 Apr 2013 10:05:06 AM CEST, Tomas Babej wrote:
On Mon 01 Apr 2013 10:01:14 PM CEST, Rob Crittenden wrote:
Tomas Babej wrote:
On Tue 19 Feb 2013 08:37:26 PM CET, Rob Crittenden wrote:
Tomas Babej wrote:
On 02/04/2013 04:21 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 01/30/2013
On Mon 01 Apr 2013 10:01:14 PM CEST, Rob Crittenden wrote:
Tomas Babej wrote:
On Tue 19 Feb 2013 08:37:26 PM CET, Rob Crittenden wrote:
Tomas Babej wrote:
On 02/04/2013 04:21 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,
The checks make sure
On Fri 08 Mar 2013 02:16:26 PM CET, Alexander Bokovoy wrote:
Hi,
http://www.freeipa.org/page/V3/MultipleTrustServers covers RFE to have
multiple domain controllers exposed to trusted domains.
Attached patch also implements needed changes for ipa-adtrust-install
part. Global trust configuration
On 03/28/2013 03:04 PM, Martin Kosek wrote:
On 03/28/2013 10:20 AM, Martin Kosek wrote:
On 03/27/2013 10:42 AM, Tomas Babej wrote:
On Tue 26 Mar 2013 06:49:59 PM CET, Martin Kosek wrote:
On 03/26/2013 06:32 PM, Tomas Babej wrote:
On 03/26/2013 05:38 PM, Martin Kosek wrote:
On 03/21/2013 11
On 03/29/2013 02:15 PM, Ana Krivokapic wrote:
On 03/26/2013 04:59 PM, Tomas Babej wrote:
Hi,
The ipa-replica-install script tries to add replica's A and PTR
records to the master DNS, if master does manage DNS. However,
master need not to manage replica's zone. Properly handle this use
case
On 03/29/2013 03:48 PM, Ana Krivokapic wrote:
On 03/29/2013 03:11 PM, Tomas Babej wrote:
On 03/29/2013 02:15 PM, Ana Krivokapic wrote:
On 03/26/2013 04:59 PM, Tomas Babej wrote:
Hi,
The ipa-replica-install script tries to add replica's A and PTR
records to the master DNS, if master does
On Tue 26 Mar 2013 06:49:59 PM CET, Martin Kosek wrote:
On 03/26/2013 06:32 PM, Tomas Babej wrote:
On 03/26/2013 05:38 PM, Martin Kosek wrote:
On 03/21/2013 11:59 AM, Martin Kosek wrote:
This set of patches (details in commit messages) allow build and
installation
of FreeIPA in Fedora 19. I
On Wed 27 Mar 2013 01:54:49 PM CET, Ana Krivokapic wrote:
On 03/27/2013 12:15 PM, Tomas Babej wrote:
On 03/26/2013 07:45 PM, Ana Krivokapic wrote:
Add the option to create home directories for users on their first login
to ipa-server-install and ipa-replica-install.
https://fedorahosted.org
On 03/26/2013 05:38 PM, Martin Kosek wrote:
On 03/21/2013 11:59 AM, Martin Kosek wrote:
This set of patches (details in commit messages) allow build and installation
of FreeIPA in Fedora 19. I tested server and replica install (master on f18,
replica on f19) and both worked fine.
The patches
On 03/22/2013 04:51 PM, Petr Viktorin wrote:
On 03/13/2013 03:05 PM, Tomas Babej wrote:
Hi,
The following is mentioned in the server log now:
- existence of host entry (if it already does exist)
- missing krbprincipalname and its new value (if there was no
principal name set)
https
On 03/22/2013 05:10 PM, Tomas Babej wrote:
On 03/22/2013 04:51 PM, Petr Viktorin wrote:
On 03/13/2013 03:05 PM, Tomas Babej wrote:
Hi,
The following is mentioned in the server log now:
- existence of host entry (if it already does exist)
- missing krbprincipalname and its new value
On Fri 22 Mar 2013 05:54:12 PM CET, Rob Crittenden wrote:
Petr Viktorin wrote:
On 03/18/2013 02:49 PM, Tomas Babej wrote:
On 03/18/2013 02:46 PM, Tomas Babej wrote:
Hi,
A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists
On 03/14/2013 02:41 PM, Martin Kosek wrote:
[freeipa-mkosek-388-use-temporary-ccache-in-ipa-client-install.patch]:
ipa-client-install failed if user had set his own KRB5CCNAME in his
environment. Use a temporary CCACHE for the installer to avoid these
kind of errors.
Hi,
A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists.
Old certificate is revoked, new certificate and ssh key pair
generated. See the relevant design for the re-enrollment part:
On 03/18/2013 02:46 PM, Tomas Babej wrote:
Hi,
A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists.
Old certificate is revoked, new certificate and ssh key pair
generated. See the relevant design for the re-enrollment part
Hi,
SID validation in idrange.py now enforces exact match on SIDs, thus
one can no longer use SID of an object in a trusted domain as a
trusted domain SID.
https://fedorahosted.org/freeipa/ticket/3432
Tomas
From 8a8eca8a2113802273036386b46a96ce0f292671 Mon Sep 17 00:00:00 2001
From: Tomas
On Wed 13 Mar 2013 09:47:09 AM CET, Tomas Babej wrote:
Hi,
SID validation in idrange.py now enforces exact match on SIDs, thus
one can no longer use SID of an object in a trusted domain as a
trusted domain SID.
https://fedorahosted.org/freeipa/ticket/3432
Tomas
On 02/27/2013 10:28 AM, Martin Kosek wrote:
On 02/20/2013 12:31 PM, Tomas Babej wrote:
On 02/19/2013 10:33 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 02/06/2013 07:57 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
this pair of patches improves HBAC rule handling in selinuxusermap
.
https://fedorahosted.org/freeipa/ticket/3462
Tomas
From 465e5c01a760fb99c43658a0aa97abdec169882c Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 13 Mar 2013 12:53:24 +0100
Subject: [PATCH] Make sure uninstall script prompts for reboot as last
Parts of client uninstall logic
Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 13 Mar 2013 14:47:03 +0100
Subject: [PATCH] Add logging to join command
The following is mentioned in the log now:
- existence of host entry (if it already does exist)
- missing krbprincipalname and its new value
On Thu 07 Mar 2013 11:01:33 PM CET, Rob Crittenden wrote:
Petr Viktorin wrote:
On 03/07/2013 04:27 PM, Tomas Babej wrote:
On 03/07/2013 04:12 PM, Petr Viktorin wrote:
Thanks! I just have two more very minor nitpicks.
On 03/06/2013 01:04 PM, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr
On 03/07/2013 11:48 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Any of the following checks:
- overlap between primary RID range and secondary RID range
- overlap between secondary RID range and secondary RID range
is performed now only if both of the ranges involved are local
On 03/08/2013 12:10 PM, Martin Kosek wrote:
On 03/05/2013 12:59 PM, Tomas Babej wrote:
Hi,
Any of the following checks:
- overlap between primary RID range and secondary RID range
- overlap between secondary RID range and secondary RID range
is performed now only if both of the ranges
On 03/06/2013 01:30 PM, Petr Spacek wrote:
On 6.3.2013 13:04, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr Viktorin wrote:
Thanks! The mechanism works, but see below.
This is a RFE so it needs a design document.
http://freeipa.org/page/V3/Client_install_using_keytab
I added Security
On 03/07/2013 04:12 PM, Petr Viktorin wrote:
Thanks! I just have two more very minor nitpicks.
On 03/06/2013 01:04 PM, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr Viktorin wrote:
Thanks! The mechanism works, but see below.
This is a RFE so it needs a design document.
http://freeipa.org
On Thu 07 Mar 2013 04:54:02 PM CET, Petr Viktorin wrote:
On 03/07/2013 04:27 PM, Tomas Babej wrote:
On 03/07/2013 04:12 PM, Petr Viktorin wrote:
Thanks! I just have two more very minor nitpicks.
On 03/06/2013 01:04 PM, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr Viktorin wrote:
Thanks
: Tomas Babej tba...@redhat.com
Date: Tue, 26 Feb 2013 13:20:13 +0100
Subject: [PATCH] Add support for re-enrolling hosts using keytab
A host that has been recreated and does not have its
host entry disabled or removed, can be re-enrolled using
a previously backed up keytab file.
A new option
1a18bc43b561a1bbcfa1f5da3c2f1d6482571d18 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Tue, 5 Mar 2013 09:17:20 +0100
Subject: [PATCH] Perform secondary rid range overlap check for local ranges
only
Any of the following checks:
- overlap between primary RID range
(enrolled using principal and reenrolled using keytab).
Tomas
From e576009bb7a93daec1cbc4ef94785017f80b2756 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Tue, 26 Feb 2013 13:20:13 +0100
Subject: [PATCH] Add support for re-enrolling hosts using keytab
A host that has been previously
On Fri 22 Feb 2013 04:34:55 PM CET, Martin Kosek wrote:
On 02/22/2013 03:01 PM, Tomas Babej wrote:
On 02/21/2013 02:22 PM, Martin Kosek wrote:
On 02/20/2013 03:19 PM, Tomas Babej wrote:
On Wed 20 Feb 2013 02:24:03 PM CET, Alexander Bokovoy wrote:
On Wed, 20 Feb 2013, Tomas Babej wrote
On 02/21/2013 02:22 PM, Martin Kosek wrote:
On 02/20/2013 03:19 PM, Tomas Babej wrote:
On Wed 20 Feb 2013 02:24:03 PM CET, Alexander Bokovoy wrote:
On Wed, 20 Feb 2013, Tomas Babej wrote:
On 12/21/2012 12:15 PM, Tomas Babej wrote:
Hi,
Sending updated and rebased versions of patches 0024
Hi,
The make-test script now exits with code 1 in case that
any of the test cases that were run failed.
Can we push this without a ticket under one-liner rule?
Tomas
From f4c6cad856be076d1c367edf2e9ced1b3c15b15a Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Sat, 23 Feb
On 02/21/2013 01:50 PM, Martin Kosek wrote:
On 02/21/2013 01:29 PM, Tomas Babej wrote:
On 02/21/2013 12:47 PM, Martin Kosek wrote:
On 02/20/2013 10:31 AM, Tomas Babej wrote:
Hi,
When installing / uninstalling IPA client, the checks that
determine whether IPA client is installed now take
will not install if something is backed up or
default.conf file does exist (unless it's installation on master).
https://fedorahosted.org/freeipa/ticket/3331
Tomas
From 6a81800dedab33881a4c3573efa80cac50c84d40 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Tue, 19 Feb 2013 17:59
On 12/21/2012 12:15 PM, Tomas Babej wrote:
Hi,
Sending updated and rebased versions of patches 0024 and 0025.
Tomas
Sending rebased version, these got quite rotten.
Tomas
From f21b135d546678544ccf05efd587b46bba88e07a Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Fri
On Tue 19 Feb 2013 08:37:26 PM CET, Rob Crittenden wrote:
Tomas Babej wrote:
On 02/04/2013 04:21 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed
On 02/19/2013 10:33 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 02/06/2013 07:57 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
this pair of patches improves HBAC rule handling in selinuxusermap
commands.
Patch 0031 deals with:
https://fedorahosted.org/freeipa/ticket/3349
Patch 0032
On Wed 20 Feb 2013 02:24:03 PM CET, Alexander Bokovoy wrote:
On Wed, 20 Feb 2013, Tomas Babej wrote:
On 12/21/2012 12:15 PM, Tomas Babej wrote:
Hi,
Sending updated and rebased versions of patches 0024 and 0025.
Tomas
Sending rebased version, these got quite rotten.
Thanks for updating
On 02/18/2013 12:36 PM, Alexander Bokovoy wrote:
On Fri, 15 Feb 2013, Tomas Babej wrote:
On 02/14/2013 05:37 PM, Alexander Bokovoy wrote:
On Thu, 14 Feb 2013, Tomas Babej wrote:
+ Str('ipanttrusteddomainname?',
+ cli_name='dom_name',
+ flags=('no_search', 'virtual_attribute'),
+ label=_('Name
On 02/14/2013 05:37 PM, Alexander Bokovoy wrote:
On Thu, 14 Feb 2013, Tomas Babej wrote:
+ Str('ipanttrusteddomainname?',
+ cli_name='dom_name',
+ flags=('no_search', 'virtual_attribute'),
+ label=_('Name of the trusted domain'),
+ ),
New options is added but API.txt wasn't changed. As result
On 02/12/2013 06:58 PM, Petr Vobornik wrote:
On 02/04/2013 05:23 PM, Tomas Babej wrote:
Hi,
When adding/modifying an ID range for a trusted domain, the newly
added option --dom-name can be used. This looks up SID of the
trusted domain in LDAP and therefore the user is not required
to write
On 02/12/2013 06:00 PM, Alexander Bokovoy wrote:
On Fri, 08 Feb 2013, Tomas Babej wrote:
On 02/08/2013 03:25 PM, Alexander Bokovoy wrote:
On Mon, 04 Feb 2013, Tomas Babej wrote:
Hi,
When adding/modifying an ID range for a trusted domain, the newly
added option --dom-name can be used
On 02/12/2013 06:23 PM, Simo Sorce wrote:
On Tue, 2013-02-12 at 18:03 +0100, Tomas Babej wrote:
On 02/12/2013 05:50 PM, Tomas Babej wrote:
Hi,
This patch adds a check for krbprincipalexpiration attribute to
pre_bind operation
in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth
for detailed info.
Tomas
From aa171a4e3bc5295cdf332215e1b2477c7512180a Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 6 Feb 2013 07:04:03 -0500
Subject: [PATCH 31/32] Improve HBAC rule handling in
selinuxusermap-add/mod/find
Pre-patch handling of HBAC rules in selinuxusermap
manually is shown.
https://fedorahosted.org/freeipa/ticket/3133
Tomas
From 72f8802953edaaf5b9f7c34a38601fbccd681c8e Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 4 Feb 2013 08:33:53 -0500
Subject: [PATCH] Add option to specify SID using domain name to
idrange-add/mod
When
On 02/04/2013 04:21 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed and enabled OR not installed (on client install)
Please note that client installs
On Fri 01 Feb 2013 08:03:37 PM CET, Rob Crittenden wrote:
Martin Kosek wrote:
On 01/31/2013 12:05 PM, Tomas Babej wrote:
On 01/31/2013 12:03 PM, Tomas Babej wrote:
Hi,
This was a regression due to change from DatabaseError to NetworkError
when LDAP server is down.
https://fedorahosted.org
Hi,
This was a regression due to change from DatabaseError to NetworkError
when LDAP server is down.
https://fedorahosted.org/freeipa/ticket/2939
Tomas
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 01/31/2013 12:03 PM, Tomas Babej wrote:
Hi,
This was a regression due to change from DatabaseError to NetworkError
when LDAP server is down.
https://fedorahosted.org/freeipa/ticket/2939
Tomas
___
Freeipa-devel mailing list
Freeipa-devel
Hi,
this is a fix for a benign typo in ipa-adtrust-install --help description.
Tomas
From 785cd2df77874c524a36eab24257cdaff14a374b Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 31 Jan 2013 07:58:48 -0500
Subject: [PATCH] Fix a typo in ipa-adtrust-install help
Add SIDs
On 01/30/2013 05:58 PM, Tomas Babej wrote:
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed and enabled OR not installed (on client install)
Please note that client installs with SELinux
f038bb7b79d5a048e9c9ae7fd7391edabb6ac3ac Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 24 Jan 2013 15:37:21 -0500
Subject: [PATCH] Add checks for SElinux in install scripts
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed and enabled
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed and enabled OR not installed (on client install)
Please note that client installs with SELinux not installed are
allowed since freeipa-client package
On 01/22/2013 07:39 PM, Dmitri Pal wrote:
On 01/22/2013 10:57 AM, Simo Sorce wrote:
On Tue, 2013-01-22 at 15:50 +0100, Tomas Babej wrote:
Here I bring the updated version of the patch. Please note, that I
*added* a flag attribute to ipadb_ldap_attr_to_krb5_timestamp
function, that controls
On 01/17/2013 05:18 PM, Simo Sorce wrote:
On Thu, 2013-01-17 at 15:29 +0100, Tomas Babej wrote:
On 01/17/2013 01:56 AM, Dmitri Pal wrote:
On 01/16/2013 12:32 PM, Tomas Babej wrote:
On 01/16/2013 06:01 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 17:57 +0100, Tomas Babej wrote:
On 01/16/2013
On 01/17/2013 01:56 AM, Dmitri Pal wrote:
On 01/16/2013 12:32 PM, Tomas Babej wrote:
On 01/16/2013 06:01 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 17:57 +0100, Tomas Babej wrote:
On 01/16/2013 02:47 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 12:52 +0100, Tomas Babej wrote:
On 01/15/2013
, Tomas Babej wrote:
Hi,
Since in Kerberos V5 are used 32-bit unix timestamps, setting
maxlife in pwpolicy to values such as days would cause
integer overflow in krbPasswordExpiration attribute.
This would result into unpredictable behaviour such as users
not being able to log in after password
On 01/16/2013 02:47 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 12:52 +0100, Tomas Babej wrote:
On 01/15/2013 11:55 PM, Simo Sorce wrote:
On Tue, 2013-01-15 at 17:36 -0500, Dmitri Pal wrote:
On 01/15/2013 03:59 PM, Simo Sorce wrote:
On Tue, 2013-01-15 at 15:53 -0500, Rob Crittenden wrote
On 01/16/2013 06:01 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 17:57 +0100, Tomas Babej wrote:
On 01/16/2013 02:47 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 12:52 +0100, Tomas Babej wrote:
On 01/15/2013 11:55 PM, Simo Sorce wrote:
On Tue, 2013-01-15 at 17:36 -0500, Dmitri Pal wrote
On 01/16/2013 06:57 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 18:32 +0100, Tomas Babej wrote:
They all use ipadb_ldap_attr_to_time_t() to get their values,
so the following addition to the patch should be sufficient.
It will break dates for other users of the function that do not need
if password
policy was changed (#3114) or new users not being able to log
in at all (#3312).
https://fedorahosted.org/freeipa/ticket/3312
https://fedorahosted.org/freeipa/ticket/3114
Tomas
From 58e10e269b2cf1b789094d09207844cbc4f56f99 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date
Hi,
Sending updated and rebased versions of patches 0024 and 0025.
Tomas
From 6d4903a1c5e255929cdbce2a67d79c6e44b1 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Fri, 21 Dec 2012 05:34:37 -0500
Subject: [PATCH] Make options checks in idrange-add/mod consistent
Both
On 12/13/2012 02:48 PM, Martin Kosek wrote:
On 12/13/2012 11:52 AM, Tomas Babej wrote:
On 12/12/2012 04:32 PM, Martin Kosek wrote:
On 10/26/2012 03:43 PM, Tomas Babej wrote:
Hi,
creating an id range with overlapping primary and secondary
rid range using idrange-add or idrange-mod command now
On 12/14/2012 01:59 PM, Alexander Bokovoy wrote:
On Fri, 14 Dec 2012, Tomas Babej wrote:
On 12/13/2012 02:48 PM, Martin Kosek wrote:
On 12/13/2012 11:52 AM, Tomas Babej wrote:
On 12/12/2012 04:32 PM, Martin Kosek wrote:
On 10/26/2012 03:43 PM, Tomas Babej wrote:
Hi,
creating an id range
and rid_base must be used together
if dom_rid is not set
cat
Unit test for third check has been added.
http://fedorahosted.org/freeipa/ticket/3170
Tomas
From 980ecec7721b53f50318d602dce146e5efc29815 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 5 Dec 2012 08:29:55
objectclass ipatrustedaddomainrange being
added. This patch fixes the issue.
Tomas
From 9e72a92e942d0fe357ae82cf65a1a94ab03fa0e5 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 5 Dec 2012 11:19:57 -0500
Subject: [PATCH] Add trusted domain range objectclass to idrange-mod
When
On 11/15/2012 12:41 PM, Petr Vobornik wrote:
On 11/15/2012 11:54 AM, Tomas Babej wrote:
Hi,
This is server part of #3252.
When user from other realm than FreeIPA's tries to use Web UI
(login via forms-based auth or with valid trusted realm ticket),
the 401 Unauthorized error with X-Ipa
801 - 900 of 961 matches
Mail list logo