Re: [Freeipa-devel] [PATCH] 552 handle setattr/addattr better

On 09/29/2010 11:03 PM, Rob Crittenden wrote: When doing an addattr check to see if we are creating a multi-value attribute and see if that is allowed by the Param and/or the attribute in the schema (SINGLE-VALUE). Pavel, check my fix in the exception callback. It was passing attrs_list but that

Re: [Freeipa-devel] [PATCH] Check if attribute is single-value before trying to add values to it.

On 10/14/2010 12:01 AM, Rob Crittenden wrote: Pavel Zuna wrote: This patch adds a check in ldap2 for single-value attributes. DS doesn't seem to care much about attributes being defined as SINGLE-VALUE except for things like uidNumber and gidNumber (I suspect this is handled by the DNA plugin).

[Freeipa-devel] [PATCH] Add fail-safe defaults to time and size limits in ldap2 searches.

There was no default value set even though we were using config.get and it was throwing exceptions if someone deleted one of the related config values. Pavel >From 5dfda61f3995f4d5ae5813b7f70f2d2658a687f0 Mon Sep 17 00:00:00 2001 From: Pavel Zuna Date: Thu, 14 Oct 2010 10:54:24 -0400 Subject: [

Re: [Freeipa-devel] [PATCH] Add fail-safe defaults to time and size limits in ldap2 searches.

Pavel Zuna wrote: There was no default value set even though we were using config.get and it was throwing exceptions if someone deleted one of the related config values. Pavel Is this needed since get_ipa_config() will always return something for time and search limits? rob ___

Re: [Freeipa-devel] [PATCH] Add fail-safe defaults to time and size limits in ldap2 searches.

On 10/14/2010 09:25 AM, Pavel Zuna wrote: There was no default value set even though we were using config.get and it was throwing exceptions if someone deleted one of the related config values. Pavel ___ Freeipa-devel mailing list Freeipa-devel@red

Re: [Freeipa-devel] [PATCH] Check if attribute is single-value before trying to add values to it.

Pavel Zuna wrote: On 10/14/2010 12:01 AM, Rob Crittenden wrote: Pavel Zuna wrote: This patch adds a check in ldap2 for single-value attributes. DS doesn't seem to care much about attributes being defined as SINGLE-VALUE except for things like uidNumber and gidNumber (I suspect this is handled

Re: [Freeipa-devel] [PATCH] #316 Avoid installing files in /usr

Simo Sorce wrote: The default setup-ds.pl configuration installs ds scripts in /usr With this patch the customized scripts are kep in /var/lib/dirsrv/scripts- instead of /usr/lib/dirsrv/slapd- Simo. ack ___ Freeipa-devel mailing list Freeipa-devel

Re: [Freeipa-devel] [PATCH] 576 change password doc string

On Wed, 13 Oct 2010 18:05:52 -0400 Rob Crittenden wrote: > Change the password doc string to indicate that the user will be > prompted for the password. > > ticket 182 > > rob ACK (doesn't this fall under the oneline rule ?) Simo. -- Simo Sorce * Red Hat, Inc * New York __

Re: [Freeipa-devel] [PATCH] #318 Use openldap's ldappasswd

Simo Sorce wrote: The following patch makes the ldappasswd operation use the openldap's ldappasswd command, as well as avoiding to put passwords in the command line (visible through a ps) and instead using secure temporary files that are deleted immediately after the operation. Simo. ack ___

Re: [Freeipa-devel] [PATCH] Check if attribute is single-value before trying to add values to it.

Pavel Zuna wrote: On 10/14/2010 12:01 AM, Rob Crittenden wrote: Pavel Zuna wrote: This patch adds a check in ldap2 for single-value attributes. DS doesn't seem to care much about attributes being defined as SINGLE-VALUE except for things like uidNumber and gidNumber (I suspect this is handled b

Re: [Freeipa-devel] [PATCH] Add fail-safe defaults to time and size limits in ldap2 searches.

I have noticed a change in behavior with this ... BEFORE: --sizelimit=0 returned 0 entries now , it is returning all the entries ... obviously 0 now assumes default ... what is the default ?? Thanks Jenny Adam Young wrote: On 10/14/2010 09:25 AM, Pavel Zuna wrote: There was no default value

Re: [Freeipa-devel] [PATCH] #316 Avoid installing files in /usr

On Thu, 14 Oct 2010 13:28:14 -0400 Rob Crittenden wrote: > Simo Sorce wrote: > > The default setup-ds.pl configuration installs ds scripts in /usr > > > > With this patch the customized scripts are kep > > in /var/lib/dirsrv/scripts- instead of > > /usr/lib/dirsrv/slapd- > > > > Simo. > > ack

Re: [Freeipa-devel] [PATCH] #318 Use openldap's ldappasswd

On Thu, 14 Oct 2010 13:30:33 -0400 Rob Crittenden wrote: > Simo Sorce wrote: > > > > The following patch makes the ldappasswd operation use the > > openldap's ldappasswd command, as well as avoiding to put passwords > > in the command line (visible through a ps) and instead using secure > > tempo

Re: [Freeipa-devel] [PATCH] 575 compare resolver and dns reverse lookups

On Wed, 13 Oct 2010 09:31:08 -0400 Rob Crittenden wrote: > We check the resolver against the resolver and DNS against DNS but > not the resolver against DNS so if something is wrong in /etc/hosts > we don't catch it and nasty connection messages occur. > > Also fix a problem where a bogus error

[Freeipa-devel] [PATCH] 578 remove ldapi socket on uninstall

Remove the directory server ldapi socket on uninstall. ticket 350 rob freeipa-578-uninstall.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 577 Grant /usr/sbin/ipa_kpasswd "name_bind" access.

Fix an SELinux problem by granting /usr/sbin/ipa_kpasswd "name_bind" access. This requires selinux-policy-3.6.32-123 on F12 and I took an educated guess and set the minimum on F13 to selinux-policy-3.7.19-40. ticket 73 rob freeipa-577-selinux.patch Description: application/mbox ___

Re: [Freeipa-devel] [PATCH] 578 remove ldapi socket on uninstall

On Thu, 14 Oct 2010 14:50:18 -0400 Rob Crittenden wrote: > Remove the directory server ldapi socket on uninstall. > > ticket 350 > ACK Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://w

[Freeipa-devel] [PATCH] #319 better cope with ntp config files

Instead of replacing the files altogether parse them and add only the options we care about. For ntp.conf those are the server related options. For sysconfig/ntpd we care of adding just -x and -g if missing Simo. -- Simo Sorce * Red Hat, Inc * New York >From d388c26474d69873f390a550570298e13ca

Re: [Freeipa-devel] [PATCH] Add flag to group-find to only search on private groups.

Pavel Zuna wrote: On 10/01/2010 02:47 PM, Pavel Zuna wrote: Ticket #251 Pavel New version of patch attached. This time it should work. :) I renamed the flag from --privateonly to --private. Normal searches do not return private groups at all, while searches with this flag only return privat

Re: [Freeipa-devel] [PATCH] Check if attribute is single-value before trying to add values to it.

On 2010-10-14 19:20, Rob Crittenden wrote: Pavel Zuna wrote: On 10/14/2010 12:01 AM, Rob Crittenden wrote: Pavel Zuna wrote: This patch adds a check in ldap2 for single-value attributes. DS doesn't seem to care much about attributes being defined as SINGLE-VALUE except for things like uidNumbe

[Freeipa-devel] [PATCH] 579 catch socket errors in client

Catch socket errors in the client. I ran into this playing around with the ipa command-line on an unconfigured machine. ticket 382 rob freeipa-579-socket.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com htt

[Freeipa-devel] [PATCH] Service certificate UI.

Hi, Please review the following patch. It might still need to be rebased against Adam's Multivalue Fixes patch which is still being reviewed. Thanks! https://fedorahosted.org/reviewboard/r/92/ The service.py has been modified to include certificate info in the service-show result if the service