So far it was possible to rename any object using LDAPUpdate to a name
with empty primary key. Since this can cause nasty problems, this patch
disables empty string in --rename argument.
https://fedorahosted.org/freeipa/ticket/827
Jan
From 5d2eb85af1df7c20049e7fdc05e6a529a2b2839b Mon Sep 17
On Mon, 24 Jan 2011 09:38:45 +0100
Jan Zelený jzel...@redhat.com wrote:
So far it was possible to rename any object using LDAPUpdate to a name
with empty primary key. Since this can cause nasty problems, this
patch disables empty string in --rename argument.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/22/2011 02:28 AM, Adam Young wrote:
Does any of this imply that we shopuld change the WebUI handling of Zone
or Record deletes?
Sorry, I don't know enough about the WebUI to give an authoritative
answer. I'll try to summarize the changes I
Jan Zelený wrote:
Rob Crittendenrcrit...@redhat.com wrote:
Jan Zeleny wrote:
Either one of type, filter, subtree, targetgroup, attrs or memberof is
required.
https://fedorahosted.org/freeipa/ticket/819
Jan
Do you think the prompt should be annotated somehow to indicate that the
optional
On 01/24/2011 09:51 AM, Jakub Hrozek wrote:
Sorry, I don't know enough about the WebUI to give an authoritative
answer. I'll try to summarize the changes I did, if it doesn't answer
your question, please catch me on IRC:-)
The only change to the API is a new option del_all that specifies that
I'm not sure if this is a user error or a bug. I didn't see a way to
tell OpenSSL to not require that Country be in the CSR.
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName :PRINTABLE:'MYREALM.COM'
commonName
Jeff B wrote:
I'm not sure if this is a user error or a bug. I didn't see a way to
tell OpenSSL to not require that Country be in the CSR.
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName :PRINTABLE:'MYREALM.COM'
On Mon, Jan 24, 2011 at 10:38 AM, Jeff B jeffb.l...@gmail.com wrote:
You are right. I changed:
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
I pushed this under the 1-liner rule, it fixes a doctest failure.
rob
From 76cbd48896bc8953fdd7abf4afd797ffb6cbfc92 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Mon, 24 Jan 2011 10:41:20 -0500
Subject: [PATCH] Fix exception doctest failure
---
ipalib/errors.py |4
It looks like python 2.7 changed the API of time.utcoffset(), this
should fix the tests.
We have recently relaxed what input a Str will take, the tests need to
be updated to accomodate.
rob
From 459b204be01bd57ba2420a269b3a9702dfc22a3c Mon Sep 17 00:00:00 2001
From: Rob Crittenden
In the host plugin we modify the default set of objectclasses depending
on what kind of host we're creating. This was actually updating the
objectclass of the object itself so that the objectclass variable was
storing duplicate objectclasses (because we sometimes append values).
Make a
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/24/2011 04:50 PM, Rob Crittenden wrote:
In the host plugin we modify the default set of objectclasses depending
on what kind of host we're creating. This was actually updating the
objectclass of the object itself so that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/24/2011 04:46 PM, Rob Crittenden wrote:
It looks like python 2.7 changed the API of time.utcoffset(), this
should fix the tests.
We have recently relaxed what input a Str will take, the tests need to
be updated to accomodate.
rob
Ack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/24/2011 04:58 PM, Rob Crittenden wrote:
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/24/2011 04:50 PM, Rob Crittenden wrote:
In the host plugin we modify the default set of objectclasses depending
on what kind
Hello,
Here are some issues that I came across during my testing of the latest
IPA version on Friday.
Please take a look and file tickets as appropriate.
1) Can't bail out from the install
Start IPA install without any command line parameters. It any prompt try
to stop installation by pressing
I'm trying to do an ipa-server-install with an --external-ca but after
it generates the .csr and I sign a .crt I can't run the followup
ips-server-install to import the certificate.
I don't think I'm supposed to run an --uninstall between the
--external-ca and the --external_cert_file
See ticket #833 for a detailed explanation.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From f74f30aa01a7b3cc669ebf0275ad7e3768ede787 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Mon, 24 Jan 2011 11:42:53 -0500
Subject: [PATCH] Create DNS records as early as possible
Dmitri Pal wrote:
Hello,
Here are some issues that I came across during my testing of the latest
IPA version on Friday.
Please take a look and file tickets as appropriate.
1) Can't bail out from the install
Start IPA install without any command line parameters. It any prompt try
to stop
Jan Zelený jzel...@redhat.com wrote:
The original one was misleading, giving the value exactly opposite
meaning than it actually was.
https://fedorahosted.org/freeipa/ticket/741
Jan
Just a reminder that this patch still needs a review.
Jan
___
Jan Zeleny jzel...@redhat.com wrote:
Jan Zelený jzel...@redhat.com wrote:
The original one was misleading, giving the value exactly opposite
meaning than it actually was.
https://fedorahosted.org/freeipa/ticket/741
Jan
Just a reminder that this patch still needs a review.
Jan
Jan Zelený jzel...@redhat.com wrote:
Rob Crittenden rcrit...@redhat.com wrote:
Jan Zelený wrote:
Recent change of DNS module to version caused that dns object type
was replaced by dnszone and dnsrecord. This patch corrects dns types
in permissions class.
On 01/22/2011 07:49 PM, Endi Sukma Dewata wrote:
This should fix this bug:
https://fedorahosted.org/freeipa/ticket/660
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
NACK: Too many
On 01/22/2011 07:46 PM, Endi Sukma Dewata wrote:
This is required by the latest spec. May need further revision.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK. As follow on, we
On 01/22/2011 07:45 PM, Endi Sukma Dewata wrote:
This is required by the latest spec.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
___
On 01/24/2011 01:29 PM, Adam Young wrote:
On 01/22/2011 07:46 PM, Endi Sukma Dewata wrote:
This is required by the latest spec. May need further revision.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 01/24/2011 01:29 PM, Adam Young wrote:
On 01/22/2011 07:45 PM, Endi Sukma Dewata wrote:
This is required by the latest spec.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
On 01/24/2011 01:31 PM, Adam Young wrote:
On 01/22/2011 07:46 PM, Endi Sukma Dewata wrote:
This is required by the latest spec.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
Jeff B wrote:
I'm trying to do an ipa-server-install with an --external-ca but after
it generates the .csr and I sign a .crt I can't run the followup
ips-server-install to import the certificate.
I don't think I'm supposed to run an --uninstall between the
--external-ca and the
JR Aquino wrote:
On 1/20/11 10:05 AM, Rob Crittendenrcrit...@redhat.com wrote:
Simo Sorce wrote:
On Wed, 19 Jan 2011 17:51:56 -0500
Rob Crittendenrcrit...@redhat.com wrote:
+aci: (targetattr = member || memberOf || memberHost ||
memberUser)(version 3.0; acl No anonymous access to member
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/24/2011 04:46 PM, Rob Crittenden wrote:
It looks like python 2.7 changed the API of time.utcoffset(), this
should fix the tests.
We have recently relaxed what input a Str will take, the tests need to
be updated to
Rob Crittenden wrote:
Dmitri Pal wrote:
Rob Crittenden wrote:
Dmitri Pal wrote:
Hello,
Here are some issues that I came across during my testing of the
latest
IPA version on Friday.
Please take a look and file tickets as appropriate.
1) Can't bail out from the install
Start IPA install
I don't want to start filing tickets since I'm not that familiar with
the project but here is another similar one where the checks aren't
necessarily doing what they are intended to be doing.
Steps:
1. ran install with --external-ca
2. tried running with --external_cert_file but hit error in #835
We have a default user name, which is also the recommended one, it made
no sense to force users to specify it at the command line for
unattended installations. Just use the default if none is provided.
Ticket #836
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From
On 01/24/2011 09:27 PM, Simo Sorce wrote:
We have a default user name, which is also the recommended one, it made
no sense to force users to specify it at the command line for
unattended installations. Just use the default if none is provided.
Ticket #836
Simo.
Ack
On 01/20/2011 01:43 AM, Simo Sorce wrote:
See ticket #817
Simo.
Ack
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Mon, 24 Jan 2011 22:00:37 +0100
Jakub Hrozek jhro...@redhat.com wrote:
On 01/24/2011 09:27 PM, Simo Sorce wrote:
We have a default user name, which is also the recommended one, it
made no sense to force users to specify it at the command line for
unattended installations. Just use the
On Mon, 24 Jan 2011 22:28:57 +0100
Jakub Hrozek jhro...@redhat.com wrote:
On 01/20/2011 01:43 AM, Simo Sorce wrote:
See ticket #817
Simo.
Ack
Pushed to master
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing
Rob Crittenden wrote:
Let the installer override the detected hostname value with the
--hostname flag. This is likely to lead to a non-working installation
so let the buyer beware.
ticket 834
I do not think this is enough. There is a part of the ipa-client-install
other than ipa-join that
Dmitri Pal wrote:
Rob Crittenden wrote:
Let the installer override the detected hostname value with the
--hostname flag. This is likely to lead to a non-working installation
so let the buyer beware.
ticket 834
I do not think this is enough. There is a part of the ipa-client-install
other
From b4313a5605bdd9de95d4bb245196d13aa54a7e46 Mon Sep 17 00:00:00 2001
From: Adam Young ayo...@redhat.com
Date: Mon, 24 Jan 2011 22:00:38 -0500
Subject: [PATCH] remove icons from association buttons
---
install/ui/widget.js |2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff
From 27660b175d90b1d7b96958aa537a96ff46b498b8 Mon Sep 17 00:00:00 2001
From: Adam Young ayo...@redhat.com
Date: Mon, 24 Jan 2011 22:30:28 -0500
Subject: [PATCH] action buttons for dns
---
install/ui/policy.js |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git
41 matches
Mail list logo