Re: [Freeipa-devel] [PATCH] Fix crash in modrdn plugin
On Mon, Nov 22, 2010 at 03:55:52PM -0500, Simo Sorce wrote: I was stupidly assigning a const string to a variable that would be freed later. Fixes bug #529 Simo. -- Simo Sorce * Red Hat, Inc * New York This patch is obviously correct and gets rid of the segfault (also fixes one other potential double-free crasher), so I'd like to ACK this one. I still wasn't able to install a replica, but that seems to be another bug.. Jakub ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Add new version of DNS plugin: complete rework with baseldap + unit tests.
Finally managed to rewrite the DNS plugin again. Sorry, it took so long, we had training in the office and I also had a nasty bug in baseldap.py I couldn't find. Anyway, this version has it all: - changes we agreed on meeting, the resource abstraction is gone and we now only have zones and records = adding new record automatically updates and existing entry or creates it if it wasn't there and deleting the last record deletes the whole entry - all of it transparent to the user - unit tests - ipa help documentation Fixes tickets: #36 #450 I also closed bug #654412. It has a new patch sequence number, because it depends on another patch with a higher number and didn't want to create forward dependencies. Depends on my patches number: 35 (will repost if needed) 38 (posted a while ago on freeipa-devel) Pavel From 9ff886618623abb7253956dc92e652361fe4076e Mon Sep 17 00:00:00 2001 From: Pavel Zuna pz...@redhat.com Date: Mon, 8 Nov 2010 22:34:14 -0500 Subject: [PATCH 2/3] Add new version of DNS plugin: complete rework with baseldap + unit tests. Ticket #36 Ticket #450 --- ipa.spec.in |1 + ipalib/plugins/dns2.py | 584 ++ tests/test_xmlrpc/test_dns_plugin.py | 341 3 files changed, 926 insertions(+), 0 deletions(-) create mode 100644 ipalib/plugins/dns2.py create mode 100644 tests/test_xmlrpc/test_dns_plugin.py diff --git a/ipa.spec.in b/ipa.spec.in index 5a3ea2b..1225bb0 100644 --- a/ipa.spec.in +++ b/ipa.spec.in @@ -178,6 +178,7 @@ Requires: gnupg Requires: pyOpenSSL Requires: python-nss = 0.9-8 Requires: python-lxml +Requires: python-netaddr %description python IPA is an integrated solution to provide centrally managed Identity (machine, diff --git a/ipalib/plugins/dns2.py b/ipalib/plugins/dns2.py new file mode 100644 index 000..2f72fec --- /dev/null +++ b/ipalib/plugins/dns2.py @@ -0,0 +1,584 @@ +# Authors: +# Pavel Zuna pz...@redhat.com +# +# Copyright (C) 2010 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +Domain Name System (DNS) + +Manage DNS zone and resource records. + +EXAMPLES: + + Add new zone: + ipa dnszone-add example.com --name_server nameserver.example.com + --admin_email ad...@example.com + + edd second nameserver for example.com: + ipa dnsrecord-add example.com @ --ns-rec nameserver2.example.com + + Delete previously added nameserver from example.com: + ipa dnsrecord-del example.com @ --ns-rec nameserver2.example.com + + Add new A record for www.example.com: (random IP) + ipa dnsrecord-add example.com www --a-rec 80.142.15.2 + + Add new PTR record for www.example.com + ipa dnsrecord 15.142.80.in-addr.arpa 2 --ptr-rec www.example.com. + + Show zone example.com: + ipa dnszone-show example.com + + Find zone with example in it's domain name: + ipa dnszone-find example + + Find records for resources with www in their name in zone example.com: + ipa dnsrecord-find example.com www + + Find A records with value 10.10.0.1 in zone example.com + ipa dnsrecord-find example.com --a-rec 10.10.0.1 + + Show records for resource www in zone example.com + ipa dnsrecord-show example.com www + + Delete zone example.com with all resource records: + ipa dnszone-del example.com + + Resolve a host name to see if it exists (will add default IPA domain + if one is not included): + ipa dns-resolve www.example.com + ipa dns-resolve www + + + +import netaddr +import time + +from ipalib import api, errors, output +from ipalib import Command +from ipalib import Flag, Int, List, Str, StrEnum +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext +from ipapython import dnsclient + +# supported resource record types +_record_types = ( +u'A', u'', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', +u'DNAME', u'DNSKEY', u'DS', u'HINFO', u'HIP', u'IPSECKEY', u'KEY', u'KX', +u'LOC', u'MD', u'MINFO', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', +u'NSEC3PARAM', u'NXT', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', +u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT', +) + +# attributes derived from record types +_record_attributes = [str('%srecord' % t.lower()) for t in _record_types] + +# supported DNS classes, IN = internet, rest is almost never
Re: [Freeipa-devel] [PATCH] 0100-top-nav-index
On 11/23/2010 02:15 PM, Endi Sukma Dewata wrote: On 11/22/2010 10:41 AM, Adam Young wrote: Without reordering things now, I propose we allow for a three level structure in the tab_set. Top level will not be an entity. Second level will be an entity. third level will be a nested entity. Nested entities are not related in any way to the entity that they are nested under except by convention. Thus, sudocmd and sudocmdgrps may get nested under sudorules, but they could easily be placed as peers. Contrast these with DNS records, that require the the DNS Zone value. For 3 level deep nesting, we will need a naming scheme to make these work. something like #subtab=sudoruleentity=sudocmd contrast this with #entity=sudorule Thus, the entity value always points to the object, not necessarily at the leaf node of the navigation tree. I agree that the navigation should be decoupled from entity make it more flexible. This is a more detailed proposal, I don't know if we can fully implement this within the schedule, but at least we can go toward this direction. Currently the navigation tree always points to entities. This should be replaced by pages (you're calling it subtab). We can pick another name if this is confusing, but for now let's use these terms: the first level tabs are sections, the second level tabs are pages. A page defines anything you see below the tabs, including client area and action panel. Each page can have one entity (e.g. users), multiple entities (e.g. hbac), or special cases (e.g. krbtpolicy, config). We can have a base class (e.g. ipa_page) that defines the basic layout where the UI components are located (e.g. the action panel, client area, title, buttons), this way all pages will be consistent. Then we can create subclasses that will customize each component depending on the entity, facet, or entry being selected. Each page is responsible to read the parameters it needs from the URL. We might also need a tree-like navigation for the action panel, but that's for another discussion. If I understand this correctly, it is pretty much in line what I am thinking. For a first round, and to get this patch submitted, I think I am going to add entires to the tab set under HBAC and sudo that will be used for navigating to those entities, even though it won't be used for populating the action panel. The action panel work can follow on. For now, and through this release, we will only have one layout, what you are calling ipa_page. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Where we are with SUDO?
On Mon, Nov 22, 2010 at 07:18:42PM +, JR Aquino wrote: On 11/18/10 3:11 PM, Dmitri Pal d...@redhat.com wrote: JR Aquino wrote: The IPA SudoRule Structure has largely been based off of what we are doing today with HBAC. HBAC does not distinguish between memberGroup or memberNetgroup... Its simply, memberHost and memberUser for both HBAC and IPASudoRules. Also, when HBAC or IPASudoRules add a member, there is no resulting 'memberOf' or (hbacMemberOf/sudoMemberOf) inserted into the usergroup, hostgroup, command group, etc... Whereas, if you add a host to a hostgroup, the host ends up with a pointer referring back to the hostgroup. I believe this was done to provide referential integrity. No problem. References to memberOf were there before mainly to try to cover unusual cases, but they can be dropped so long as people aren't going to go around adding memberOf values just for kicks. Nalin is working on a solution to this. We do not need to modify schema. Instead he is adding code to make checks on the object type and have a way to transform the value in different ways based on this check. Excellent! I'll retest as soon as the new patch is available! Attached. You'll need the current snapshot of slapi-nis in order to get functionality that the new configuration patch depends on. Cheers, Nalin From 96e6467b20c69051147ed1dc9d7023169cce7c7e Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai na...@redhat.com Date: Tue, 23 Nov 2010 15:38:40 -0500 Subject: [PATCH] - fix quoting of netgroup entries - use newer slapi-nis functionality to produce cn=sudoers - drop the real cn=sudoers container --- install/share/bootstrap-template.ldif |6 - install/share/schema_compat.uldif | 35 ++-- ipa.spec.in |2 +- 3 files changed, 33 insertions(+), 10 deletions(-) diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 7946526..283d226 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -64,12 +64,6 @@ objectClass: top objectClass: nsContainer cn: sudorules -dn: cn=SUDOers,$SUFFIX -changetype: add -objectClass: nsContainer -objectClass: top -cn: SUDOers - dn: cn=etc,$SUFFIX changetype: add objectClass: nsContainer diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index 22e3141..d74a9c0 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -56,14 +56,43 @@ add:cn: ng add:schema-compat-container-group: 'cn=compat, $SUFFIX' add:schema-compat-container-rdn: cn=ng add:schema-compat-check-access: yes -add:schema-compat-search-base: 'cn=ng,cn=alt,$SUFFIX' -add:schema-compat-search-filter: !(cn=ng) +add:schema-compat-search-base: 'cn=ng, cn=alt, $SUFFIX' +add:schema-compat-search-filter: (objectclass=ipaNisNetgroup) add:schema-compat-entry-rdn: cn=%{cn} add:schema-compat-entry-attribute: objectclass=nisNetgroup add:schema-compat-entry-attribute: 'memberNisNetgroup=%deref_r(member,cn)' add:schema-compat-entry-attribute: 'memberNisNetgroup=%referred_r(cn=ng,memberOf,cn)' -add:schema-compat-entry-attribute: nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),-,,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),-),%{nisDomainName:-}) +add:schema-compat-entry-attribute: 'nisNetgroupTriple=(%link(%ifeq(\hostCategory\,\all\,\\,\%collect(\\\%{externalHost}\\\,\\\%deref(\\\memberHost\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\member\\\,\\\fqdn\\\)\\\,\\\%deref_r(\\\memberHost\\\,\\\member\\\,\\\fqdn\\\)\\\)\),-,,,%ifeq(\userCategory\,\all\,\\,\%collect(\\\%deref(\\\memberUser\\\,\\\uid\\\)\\\,\\\%deref_r(\\\member\\\,\\\uid\\\)\\\,\\\%deref_r(\\\memberUser\\\,\\\member\\\,\\\uid\\\)\\\)\),-),%{nisDomainName:-})' + +dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config +add:objectClass: top +add:objectClass: extensibleObject +add:cn: sudoers +add:schema-compat-container-group: 'cn=sudoers, $SUFFIX' +add:schema-compat-search-base: 'cn=sudorules, $SUFFIX' +add:schema-compat-search-filter: ((objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) +add:schema-compat-entry-rdn: cn=%{cn} +add:schema-compat-entry-attribute: objectclass=sudoRole +add:schema-compat-entry-attribute: 'sudoUser=%ifeq(userCategory,all,ALL,%{externalUser})' +add:schema-compat-entry-attribute:
Re: [Freeipa-devel] Other issues with HBAC calendar
On Tue, 23 Nov 2010 16:07:47 -0500 Rob Crittenden rcrit...@redhat.com wrote: I don't want to throw a wrench in, but what if you have multiple replicas in various distant locations, WHICH server is the time relative to? By server I think Steve meant the machine currently evaluation the access control decision. Host would have been a happier term. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0022 Enable EntryUSN plugin by default
This patch enables the entryUSN plugin by default at install time. EntryUSN numbers are ususful fro clients that want to track newest objects w/o having to care about timestamps dated in the past and replicated by other masters. EntrUSN numbers are valid only in the context of a single server, as each master in the domain keeps its own entryUSN numbers. Fixes 526 Simo. -- Simo Sorce * Red Hat, Inc * New York From f9b8b428833febea1b71de7fb751eff7d86ed82e Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Tue, 23 Nov 2010 10:35:49 -0500 Subject: [PATCH] Enable EntryUSN plugin by default, with global scope This will allow clients to use entryusn values to track what changed in the directory regardles of replication delays. Fixes: https://fedorahosted.org/freeipa/ticket/526 --- install/share/Makefile.am|1 + install/share/entryusn.ldif | 10 ++ ipaserver/install/dsinstance.py |4 ipaserver/install/replication.py |2 +- 4 files changed, 16 insertions(+), 1 deletions(-) create mode 100644 install/share/entryusn.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 1e71ae804fe2fde659c69c4341768a8230c2f487..c7e1c5c5a25d42cb1a0fb8cc9aac99e36856700a 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -45,6 +45,7 @@ app_DATA =\ user_private_groups.ldif \ uuid-ipauniqueid.ldif \ modrdn-krbprinc.ldif \ + entryusn.ldif \ $(NULL) EXTRA_DIST =\ diff --git a/install/share/entryusn.ldif b/install/share/entryusn.ldif new file mode 100644 index ..51f9fc6eb5fb7dc070f3e91fe432410d654c8fe1 --- /dev/null +++ b/install/share/entryusn.ldif @@ -0,0 +1,10 @@ +dn: cn=config +changetype: modify +replace: nsslapd-entryusn-global +nsslapd-entryusn-global: on + +dn: cn=USN,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 15847625771630782de23d654dc742d54f564265..600f0dd5d44a3827bdbdc619a28c4e690f6dc5cb 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -220,6 +220,7 @@ class DsInstance(service.Service): self.step(configuring uniqueness plugin, self.__set_unique_attrs) self.step(configuring uuid plugin, self.__config_uuid_module) self.step(configuring modrdn plugin, self.__config_modrdn_module) +self.step(enabling entryUSN plugin, self.__enable_entryusn) self.step(creating indices, self.__create_indices) self.step(configuring ssl for ds instance, self.__enable_ssl) self.step(configuring certmap.conf, self.__certmap_conf) @@ -357,6 +358,9 @@ class DsInstance(service.Service): # TODO: roll back here? logging.critical(Failed to restart the directory server. See the installation log for details.) +def __enable_entryusn(self): +self._ldap_mod(entryusn.ldif) + def __add_memberof_module(self): self._ldap_mod(memberof-conf.ldif) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 7b4e903b40d0217f4dfebcb6a2a505f57d9a45ff..340a82ef33f471b92d780d258d09d6a634c9ad25 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -341,7 +341,7 @@ class ReplicationManager: port = kargs.get(port, PORT) # List of attributes that need to be excluded from replication. -excludes = ('memberof', +excludes = ('memberof', 'entryusn', 'krblastsuccessfulauth', 'krblastfailedauth', 'krbloginfailedcount') -- 1.7.3.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 583 update DNS when adding/removing host
Rob Crittenden wrote: Simo Sorce wrote: On Wed, 20 Oct 2010 10:26:08 -0400 Rob Crittendenrcrit...@redhat.com wrote: Add ability to add/remove DNS records when adding/removing a host entry. A host in DNS must have an IP address so a valid IP address is required when adding a host. The --force flag will be needed too since you are adding a host that isn't in DNS. For IPv4 it will create an A and a PTR DNS record. IPv6 isn't quite supported yet. Some basic work in the DNS installer is needed to get this working. Once the get_reverse_zone() returns the right value then this should start working and create an record and the appropriate reverse entry. When deleting a host with the --updatedns flag it will try to remove all records it can find in the zone for this host. ticket 238 rob NACK, this patch introduces a bug when trying to add the same host multiple time with different ip address. The second time the ipa host-ad will correctly return an error that the host already exist yet the A record with the new address is added in DNS. Adding records to the DNS should happen only after the host has been successfully created. Simo. Ok, moved the dns_add into the post operation. It still does some amount of validation in the preop. I added a failsafe so that if the host add is successful but the dns add fails it raises an error to that effect, it doesn't roll back all the changes. rob Re-based patch. rob From 9523f9fbdab84abef2566a35bcd6562f7908598f Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Tue, 23 Nov 2010 17:47:29 -0500 Subject: [PATCH] Add ability to add/remove DNS records when adding/removing a host entry. A host in DNS must have an IP address so a valid IP address is required when adding a host. The --force flag will be needed too since you are adding a host that isn't in DNS. For IPv4 it will create an A and a PTR DNS record. IPv6 isn't quite supported yet. Some basic work in the DNS installer is needed to get this working. Once the get_reverse_zone() returns the right value then this should start working and create an record and the appropriate reverse entry. When deleting a host with the --updatedns flag it will try to remove all records it can find in the zone for this host. ticket 238 --- ipalib/errors.py | 17 +++ ipalib/plugins/dns.py | 13 + ipalib/plugins/host.py | 121 +++- ipalib/util.py | 15 ++ 4 files changed, 165 insertions(+), 1 deletions(-) diff --git a/ipalib/errors.py b/ipalib/errors.py index 22138ab..86cd60d 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1310,6 +1310,23 @@ class MutuallyExclusiveError(ExecutionError): format = _('%(reason)s') +class NonFatalError(ExecutionError): + +**4303** Raised when part of an operation succeeds and the part that failed isn't critical. + +For example: + + raise NonFatalError(reason=u'The host was added but the DNS update failed') +Traceback (most recent call last): + ... +NonFatalError: The host was added but the DNS update failed + + + +errno = 4303 +format = _('%(reason)s') + + ## # 5000 - 5999: Generic errors diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index a3e6c1e..6f3959b 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -90,6 +90,18 @@ _record_types = ( u'SRV', u'TXT', ) +# mapping from attribute to resource record type +_attribute_types = dict( +arecord=u'A', record=u'', a6record=u'A6', +afsdbrecord=u'AFSDB', certrecord=u'CERT', cnamerecord=u'CNAME', +dnamerecord=u'DNAME', dsrecord=u'DS', hinforecord=u'HINFO', +keyrecord=u'KEY', kxrecord=u'KX', locrecord='LOC', +mdrecord=u'MD', minforecord=u'MINFO', mxrecord=u'MX', +naptrrecord=u'NAPTR', nsrecord=u'NS', nsecrecord=u'NSEC', +ntxtrecord=u'NTXT', ptrrecord=u'PTR', rrsigrecord=u'RRSIG', +sshfprecord=u'SSHFP', srvrecord=u'SRV', txtrecord=u'TXT', +) + # supported DNS classes, IN = internet, rest is almost never used _record_classes = (u'IN', u'CS', u'CH', u'HS') @@ -137,6 +149,7 @@ def dns_container_exists(ldap): except errors.NotFound: raise errors.NotFound(reason=_('DNS is not configured')) +return True class dns(Object): DNS zone/SOA record object. diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 2e77dd5..9d3a2a9 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -81,10 +81,12 @@ from ipalib.plugins.service import split_principal from ipalib.plugins.service import validate_certificate from ipalib.plugins.service import normalize_certificate from ipalib.plugins.service import set_certificate_attrs +from ipalib.plugins.dns import dns_container_exists, _attribute_types from ipalib import _, ngettext from ipalib import x509 from ipapython.ipautil import
Re: [Freeipa-devel] [PATCH] Add new version of DNS plugin: complete rework with baseldap + unit tests.
On 11/23/2010 09:37 AM, Pavel Zuna wrote: Finally managed to rewrite the DNS plugin again. Sorry, it took so long, we had training in the office and I also had a nasty bug in baseldap.py I couldn't find. Anyway, this version has it all: - changes we agreed on meeting, the resource abstraction is gone and we now only have zones and records = adding new record automatically updates and existing entry or creates it if it wasn't there and deleting the last record deletes the whole entry - all of it transparent to the user - unit tests - ipa help documentation Fixes tickets: #36 #450 I also closed bug #654412. It has a new patch sequence number, because it depends on another patch with a higher number and didn't want to create forward dependencies. Depends on my patches number: 35 (will repost if needed) 38 (posted a while ago on freeipa-devel) Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel I keep getting an error when doing simple things like install and ipa help: [ayo...@ipa freeipa]$ ./ipa help dns2 ipa: ERROR: AttributeError: cannot override NameSpace.idnsname value Str('idnsname', cli_name='name', doc=Gettext('Zone name (FQDN)', domain='ipa', localedir=None), label=Gettext('Zone name', domain='ipa', localedir=None), multivalue=False, normalizer=lambda, primary_key=True, query=True, required=True) with Str('idnsname', attribute=True, cli_name='name', doc=Gettext('Record name', domain='ipa', localedir=None), label=Gettext('Record name', domain='ipa', localedir=None), multivalue=False, primary_key=True, query=True, required=True) Traceback (most recent call last): File /home/ayoung/devel/freeipa/ipalib/cli.py, line 962, in run api.finalize() File /home/ayoung/devel/freeipa/ipalib/plugable.py, line 615, in finalize p.instance.finalize() File /home/ayoung/devel/freeipa/ipalib/frontend.py, line 724, in finalize self._create_param_namespace('args') File /home/ayoung/devel/freeipa/ipalib/frontend.py, line 350, in _create_param_namespace sort=False File /home/ayoung/devel/freeipa/ipalib/base.py, line 407, in __init__ (self.__class__.__name__, name, self.__map[name], member) AttributeError: cannot override NameSpace.idnsname value Str('idnsname', cli_name='name', doc=Gettext('Zone name (FQDN)', domain='ipa', localedir=None), label=Gettext('Zone name', domain='ipa', localedir=None), multivalue=False, normalizer=lambda, primary_key=True, query=True, required=True) with Str('idnsname', attribute=True, cli_name='name', doc=Gettext('Record name', domain='ipa', localedir=None), label=Gettext('Record name', domain='ipa', localedir=None), multivalue=False, primary_key=True, query=True, required=True) ipa: ERROR: an internal error has occurred ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Generate better DuplicateEntry error message in LDAPCreate.
On 11/23/2010 09:39 AM, Pavel Zuna wrote: DuplicateEntry error messages generated by LDAPCreate are now detailed like this: ipa: ERROR: user with name testuser already exists Solves ticket #530. It works for everything, not just the objects described in this ticket. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK and pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Change signature of LDAPSearch.pre_callback.
Pavel Zuna wrote: Add the opportunity to change base DN and scope in the callback. This makes the callback a lot more powerful, because it enables the plugin author to broaden or completely change the search location. Pavel Ack. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel