Re: [Freeipa-devel] [PATCH] 026 HBAC plugin inconsistent output

[Jan Zelený]

Martin Kosek mko...@redhat.com wrote:
 This patch adds a proper summary text to HBAC command which is
 then printed out in CLI. Now, HBAC plugin output is consistent
 with other plugins.
 
 https://fedorahosted.org/freeipa/ticket/596

I believe API.txt should be updated (you change hbacrule_enable and 
hbacrule_disable return values), so NACK for now.

Jan

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Fixed type of argument in class help

[Jakub Hrozek]

On Wed, Feb 02, 2011 at 08:54:47AM +0100, Jan Zelený wrote:
 At Rob's suggestion I changed the argument type in class help, this is only 
 oneliner, I think it can be pushed directly.
 
 Jan

 -takes_args = (Bytes('command?'),)
 +takes_args = (Str('command?'),)

Nack, you also need to import Str from parameters.

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Fix of a small typo

[Jakub Hrozek]

On Fri, Feb 04, 2011 at 06:41:41PM +0100, Jan Zeleny wrote:
 Trivial fix, can be pushed directly
 
 Jan

Ack

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Fixed command delegation-show

[Jakub Hrozek]

On Fri, Feb 04, 2011 at 06:40:54PM +0100, Jan Zeleny wrote:
 Recent changes in permission prefixes influenced also delegations. The
 plugin has been updated accordingly, but this one line has been
 forgotten.
 
 Jan

I think it is not needed, the only command preceding return from the
function is is_delegation() that has the value of aciprefix hardcoded.

Jakub

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 72 Set minimum for Kerberos policy max life and max renew

[Pavel Zuna]

Fix #847

Pavel


freeipa-pzuna-72-krbtpmin.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Fixed command delegation-show

[Jan Zelený]

Jakub Hrozek jhro...@redhat.com wrote:
 On Fri, Feb 04, 2011 at 06:40:54PM +0100, Jan Zeleny wrote:
  Recent changes in permission prefixes influenced also delegations. The
  plugin has been updated accordingly, but this one line has been
  forgotten.
  
  Jan
 
 I think it is not needed, the only command preceding return from the
 function is is_delegation() that has the value of aciprefix hardcoded.
 
 Jakub

Sorry, withdrawing the patch. I originally made it because delegation-show 
didn't work for me, but it was probably only typo on the command line or 
something. The code is indeed ok. Thanks for catching that.

Jan

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 027 Support of user default email domain

[Jakub Hrozek]

On Fri, Feb 04, 2011 at 03:20:55PM +0100, Martin Kosek wrote:
 This patch fixes the default domain functionality for user email(s).
 This setting may be configured via:
 
 ipa config-mod --emaildomain=example.com
 
 Then, when user is added/modified and --mail option is passed,
 the default domain is appended if the passed attribute does not
 contain another domain already.
 
 https://fedorahosted.org/freeipa/ticket/598
 

Ack

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 73 Update config doc to reflect that 0 is not allowed for search time limit.

[Pavel Zuna]

Fix #837

Pavel


freeipa-pzuna-73-configdoc.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 72 Set minimum for Kerberos policy max life and max renew

[Jakub Hrozek]

On Mon, Feb 07, 2011 at 11:13:56AM +0100, Pavel Zuna wrote:
 Fix #847
 
 Pavel


 ___
 Freeipa-devel mailing list
 Freeipa-devel@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-devel

Nack, please update API.txt

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 76 Fallback to default locale (en_US) if env. setting is corrupt.

[Pavel Zuna]

This is a follow-up to my patches 69 and 71 (70 is garbage).

It prevents a crash when user misconfigures his locale settings.

Pavel


freeipa-pzuna-76-deflocale.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 77 Update krbtpolicy doc to inform that restarting krb5kdc might be needed.

[Pavel Zuna]

It seems that restarting krb5kdc is only needed when changes to the global 
policy are made. Per-user policies take effect immediately for newly requested 
tickets. Can someone please confirm?


Fix #844

Pavel


freeipa-pzuna-77-krbtpdoc.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 77 Update krbtpolicy doc to inform that restarting krb5kdc might be needed.

[Jenny Galipeau]

Pavel Zuna wrote:
It seems that restarting krb5kdc is only needed when changes to the 
global policy are made. Per-user policies take effect immediately for 
newly requested tickets. Can someone please confirm?
Yes, in testing this is the behavior.  If the help could specify that a 
ipactl restart is required after global policy change, that would be great.

Thanks
Jenny



Fix #844

Pavel


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel



--
Jenny Galipeau jgali...@redhat.com
Principal Software QA Engineer
Red Hat, Inc. Security Engineering

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/ 


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Removed unused code.

[Endi Sukma Dewata]

This depends on freeipa-edewata-0094-Restructuring-details-page.patch.

--
Endi S. Dewata

From 14fbaabf3c283f43113d4ee87b4db87a88102a95 Mon Sep 17 00:00:00 2001
From: Endi S. Dewata edew...@redhat.com
Date: Fri, 4 Feb 2011 11:48:09 -0600
Subject: [PATCH] Removed unused code.

---
 install/ui/details.js|  385 +++---
 install/ui/test/details_tests.js |   45 -
 2 files changed, 25 insertions(+), 405 deletions(-)

diff --git a/install/ui/details.js b/install/ui/details.js
index 7eb7c038ec561ec1f9f61058b3137f7c615c8ad7..6445c5a8700551a1b6d9675e10bb808a5f3ddeea 100644
--- a/install/ui/details.js
+++ b/install/ui/details.js
@@ -29,269 +29,7 @@
 IPA.expand_icon = 'ui-icon-minus';
 IPA.collapse_icon = 'ui-icon-plus';
 
-IPA.is_field_writable = function(rights){
-if (!rights){
-alert('no right');
-}
-return rights.indexOf('w')  -1;
-};
-
-IPA.details_field =  function (spec) {
-
-spec = spec || {};
-
-var that = IPA.widget(spec);
-
-that.load = spec.load || load;
-that.save = spec.save || save;
-
-function load(record) {
-that.record = record;
-that.values = record[that.name];
-that.reset();
-
-var param_info = IPA.get_param_info(that.entity_name, that.name);
-if (param_info) {
-if (param_info['primary_key']) {
-that.read_only = true;
-}
-if ('no_update' in param_info['flags']) {
-that.read_only = true;
-}
-}
-}
-
-that.update = function() {
-
-if (!that.record) return;
-
-/* remove all dd tags i.e. all attribute values */
-$('dd', that.container).remove();
-
-var multivalue = false;
-var hint_span = null;
-var dd;
-
-var param_info = IPA.get_param_info(that.entity_name, that.name);
-if (param_info) {
-if (param_info['multivalue'] || param_info['class'] == 'List')
-multivalue = true;
-var hint = param_info['doc'];
-if (hint){
-hint_span = $('span /',{
-'class': 'attrhint',
-'html': 'Hint: ' + hint});
-}
-}
-
-var rights = 'rsc';
-
-if (that.record.attributelevelrights){
-rights = that.record.attributelevelrights[this.name] || rights ;
-}
-
-if (that.values) {
-/*
-  Too much logic currently assumes an array.
-  This is true everywhere but ACIs. */
-
-if (!(that.values instanceof Array)){
-that.values = [that.values];
-}
-
-dd = IPA.create_first_dd(that.name);
-dd.append(that.create_value(that.values[0], hint_span, rights, 0));
-dd.appendTo(that.container);
-
-for (var i = 1; i  that.values.length; ++i) {
-dd = IPA.create_other_dd(that.name);
-dd.append(that.create_value(that.values[i], hint_span, rights, i));
-dd.appendTo(that.container);
-}
-
-if (multivalue  IPA.is_field_writable(rights) ) {
-dd = IPA.create_other_dd(that.name);
-dd.append(IPA.details_field_create_add_link.call(that, that.name, rights, that.values.length));
-dd.appendTo(that.container);
-}
-
-} else {
-if (multivalue   IPA.is_field_writable(rights)) {
-dd = IPA.create_first_dd(that.name);
-dd.append(IPA.details_field_create_add_link.call(that, that.name, rights, 0));
-dd.appendTo(that.container);
-
-} else {
-dd = IPA.create_first_dd(that.name);
-dd.append(that.create_value('', hint_span, rights, 0));
-dd.appendTo(that.container);
-}
-}
-};
-
-
-/* creates a Remove link for deleting attribute values */
-function create_remove_link(attr, param_info){
-function remove_on_click(obj){
-var jobj = $(obj);
-var attr = jobj.attr('title');
-var par = jobj.parent();
-var input = par.find('input');
-if (input.is('.strikethrough')){
-input.removeClass('strikethrough');
-jobj.text(Remove);
-}else{
-input.addClass('strikethrough');
-jobj.text(Undo);
-}
-return (false);
-}
-
-if (param_info){
-/* check if the param is required or of the Password type
- * if it is, then we don't want people to be able to remove it */
-if ((param_info['required']) ||
-(param_info['class'] == 'Password')){
-return ('');
-}
-}
-return $('a/',{
-href:jslink,
-click: function (){return (remove_on_click(this));},
-

Re: [Freeipa-devel] [PATCH] Removed unused code.

[Adam Young]

On 02/07/2011 10:27 AM, Endi Sukma Dewata wrote:

This depends on freeipa-edewata-0094-Restructuring-details-page.patch.

--
Endi S. Dewata



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

ACK:  pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Hide initial status.

[Endi Sukma Dewata]

Previously all certificate  Kerberos key statuses (valid, missing
and revoked) will appear briefly at the same time during page load.
This has been fixed by setting the initial style to hidden.

--
Endi S. Dewata

From afaa735fe055190809de1fcae17ed2d7bc64f47c Mon Sep 17 00:00:00 2001
From: Endi S. Dewata edew...@redhat.com
Date: Mon, 7 Feb 2011 11:38:06 -0600
Subject: [PATCH] Hide initial status.

Previously all certificate  Kerberos key statuses (valid, missing
and revoked) will appear briefly at the same time during page load.
This has been fixed by setting the initial style to hidden.
---
 install/ui/certificate.js |9 ++---
 install/ui/host.js|6 --
 install/ui/service.js |6 --
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/install/ui/certificate.js b/install/ui/certificate.js
index 6b100ed1c5beeb071f7d226900464cc6473490b4..3158d04883af8cb7eb1f9a0f02e936801f0ea358 100755
--- a/install/ui/certificate.js
+++ b/install/ui/certificate.js
@@ -414,7 +414,8 @@ function certificate_status_widget(spec) {
 that.widget_create(container);
 
 var div = $('div/', {
-name: 'certificate-valid'
+name: 'certificate-valid',
+style: 'display: none;'
 }).appendTo(container);
 
 $('img/', {
@@ -465,7 +466,8 @@ function certificate_status_widget(spec) {
 
 if (!that.is_selfsign()) {
 div = $('div/', {
-name: 'certificate-revoked'
+name: 'certificate-revoked',
+style: 'display: none;'
 }).appendTo(container);
 
 $('img/', {
@@ -504,7 +506,8 @@ function certificate_status_widget(spec) {
 }
 
 div = $('div/', {
-name: 'certificate-missing'
+name: 'certificate-missing',
+style: 'display: none;'
 }).appendTo(container);
 
 $('img/', {
diff --git a/install/ui/host.js b/install/ui/host.js
index cc60fb51190462ea05fe273e3a8231c1fab0ab5d..f6af82cb15397cb2b19c69a56f0d9617c07ef3a0 100644
--- a/install/ui/host.js
+++ b/install/ui/host.js
@@ -226,7 +226,8 @@ function host_provisioning_status_widget(spec) {
 that.widget_create(container);
 
 var div = $('div/', {
-name: 'kerberos-key-valid'
+name: 'kerberos-key-valid',
+style: 'display: none;'
 }).appendTo(container);
 
 $('img/', {
@@ -250,7 +251,8 @@ function host_provisioning_status_widget(spec) {
 }).appendTo(content_div);
 
 div = $('div/', {
-name: 'kerberos-key-missing'
+name: 'kerberos-key-missing',
+style: 'display: none;'
 }).appendTo(container);
 
 $('img/', {
diff --git a/install/ui/service.js b/install/ui/service.js
index 53a01d890574cd8fc321b2c0bd3e5f869bee..360386a1380ab6383e82942b746ceefa4d1e14da 100644
--- a/install/ui/service.js
+++ b/install/ui/service.js
@@ -223,7 +223,8 @@ function service_provisioning_status_widget(spec) {
 that.widget_create(container);
 
 var div = $('div/', {
-'class': 'kerberos-key-valid'
+name: 'kerberos-key-valid',
+style: 'display: none;'
 }).appendTo(container);
 
 $('img/', {
@@ -247,7 +248,8 @@ function service_provisioning_status_widget(spec) {
 }).appendTo(content_div);
 
 div = $('div/', {
-name: 'kerberos-key-missing'
+name: 'kerberos-key-missing',
+style: 'display: none;'
 }).appendTo(container);
 
 $('img/', {
-- 
1.6.6.1

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 701 fix uninstallation

[Rob Crittenden]

The state file is read early on in the uninstall and then each service 
manages its own uninstallation, resetting state as it goes along. 
Finally we remove the shared 389-ds user but the state is still the 
original state at the start of the uninstall so everything basically 
gets reset. Re-read the state again fixes it.


ticket 916

rob


freeipa-rcrit-701-uninstall.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 702 add entitlement API

[Rob Crittenden]

The entitlement plugin was being skipped completely if the python-rhsm 
package wasn't installed. We want to let it limp through if the package 
isn't installed but we're doing API validation.


ticket 919

rob


freeipa-rcrit-702-entitle.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Hide initial status.

[Adam Young]

On 02/07/2011 12:58 PM, Endi Sukma Dewata wrote:

Previously all certificate  Kerberos key statuses (valid, missing
and revoked) will appear briefly at the same time during page load.
This has been fixed by setting the initial style to hidden.

--
Endi S. Dewata



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

ACK and pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 701 fix uninstallation

[Adam Young]

On 02/07/2011 01:35 PM, Rob Crittenden wrote:
The state file is read early on in the uninstall and then each service 
manages its own uninstallation, resetting state as it goes along. 
Finally we remove the shared 389-ds user but the state is still the 
original state at the start of the uninstall so everything basically 
gets reset. Re-read the state again fixes it.


ticket 916

rob


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

ACK . pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 026 HBAC plugin inconsistent output

[Adam Young]

On 02/07/2011 04:38 AM, Jan Zelený wrote:

Martin Kosekmko...@redhat.com  wrote:

This patch adds a proper summary text to HBAC command which is
then printed out in CLI. Now, HBAC plugin output is consistent
with other plugins.

https://fedorahosted.org/freeipa/ticket/596

I believe API.txt should be updated (you change hbacrule_enable and
hbacrule_disable return values), so NACK for now.

Jan

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Can we Mark these as :  ACK, needs API.txt update?  There are going to 
be conflicts as different people modify the API.  The ones that require 
API.txt updates just need to have the update done prior to check-in.


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Read-only text widget's save() should return null.

[Endi Sukma Dewata]

Pushed under one-liner rule.

--
Endi S. Dewata

From 2d84ab075cb418139afe0697de67eea82eecc15a Mon Sep 17 00:00:00 2001
From: Endi S. Dewata edew...@redhat.com
Date: Mon, 7 Feb 2011 13:12:30 -0600
Subject: [PATCH] Read-only text widget's save() should return null.

---
 install/ui/widget.js |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/install/ui/widget.js b/install/ui/widget.js
index beb09a9d4511929a5dfe32da199b975466ef7525..eb2f70cfc0407d36fa6dd04ef7a4e9acb2f82853 100644
--- a/install/ui/widget.js
+++ b/install/ui/widget.js
@@ -352,7 +352,8 @@ IPA.text_widget = function(spec) {
 
 that.save = function() {
 if (that.read_only || !that.writable) {
-return that.values;
+return null;
+
 } else {
 var input = $('input[name='+that.name+']', that.container);
 var value = $.trim(input.val());
-- 
1.6.6.1

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 73 Update config doc to reflect that 0 is not allowed for search time limit.

[David O'Brien]

Pavel Zuna wrote:

Fix #837

Pavel


/me hesitantly asks...
Doesn't this mean that 1 is illegal?

doc=_('Max. amount of time (sec.) for a search ( 1 or -1 for unlimited)'),

Neither is there any mention of zero being illegal. It may be implicit 
or self-evident, but I don't rely on that in doc. I'd be inclined to 
change it to ( 0, or -1 for unlimited) but remember, I'm not a coder :)


cheers

--

David O'Brien
Red Hat Asia Pacific Pty Ltd
+61 7 3514 8189


He who asks is a fool for five minutes, but he who does not ask remains 
a fool forever.

 ~ Chinese proverb

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 77 Update krbtpolicy doc to inform that restarting krb5kdc might be needed.

[David O'Brien]

Dmitri Pal wrote:

On 02/07/2011 06:46 PM, David O'Brien wrote:

Jenny Galipeau wrote:

Pavel Zuna wrote:

It seems that restarting krb5kdc is only needed when changes to the
global policy are made. Per-user policies take effect immediately
for newly requested tickets. Can someone please confirm?

Yes, in testing this is the behavior.  If the help could specify that
a ipactl restart is required after global policy change, that would
be great.
Thanks
Jenny


Please raise a suitable bugzilla to get this included in the user doc.
So far I only have doc about restarting IPA services after ipa
krbtpolicy-reset.


Isn't it the same thing?


I took changes to mean using krbtpolicy-mod and any others, not just 
-reset, which is the info I received last time.



thanks

Fix #844

Pavel



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel










--

David O'Brien
Red Hat Asia Pacific Pty Ltd
+61 7 3514 8189


He who asks is a fool for five minutes, but he who does not ask remains 
a fool forever.

 ~ Chinese proverb

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel