Dne 11.10.2011 15:19, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Don't allow ipa pwpolicy-del global_policy.
https://fedorahosted.org/freeipa/ticket/1936
Can you add a unit test case for this? Then ack.
Questions:
Is it possible to disallow deletion of specific objects on LDAP level
How to test:
1) Add some nested membership relationships:
$ ipa group-add --desc=foo group1
$ ipa group-add --desc=foo group2
$ ipa user-add --first=Foo --last=Bar foobar
$ ipa role-add-member helpdesk --groups=group2
$ ipa group-add-member group2 --groups=group1
$ ipa group-add-member group1
Dne 28.6.2011 22:19, Rob Crittenden napsal(a):
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/1358
Honza
ack, pushed to master and ipa-2-0
Don't configure [appdefaults], as per Nalin's suggestion
(https://fedorahosted.org/freeipa/ticket/1358#comment:5)
Honza
--
Jan
On Wed, 2011-10-12 at 09:28 +0200, Jan Cholasta wrote:
Dne 11.10.2011 15:19, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Don't allow ipa pwpolicy-del global_policy.
https://fedorahosted.org/freeipa/ticket/1936
Can you add a unit test case for this? Then ack.
Questions:
Is
For starters I added a 15 second timeout and 2 tries. These numbers are
arbitrary, I am open to suggestions.
Martin
---
Add a timeout to the wget call to cover a case when autodiscovered
server does not response to our attempt to download ca.crt. Let
user specify a different IPA server in that
Hi,
attached is a small refactoring that is pursuing two goals:
- fix https://fedorahosted.org/freeipa/ticket/1871
and
- prepare grounds for systemd integration
As ticket 1871 is about cases when HOSTNAME is missing from
/etc/sysconfig/network, this patch adds support to append
Martin Kosek wrote:
For starters I added a 15 second timeout and 2 tries. These numbers are
arbitrary, I am open to suggestions.
Martin
---
Add a timeout to the wget call to cover a case when autodiscovered
server does not response to our attempt to download ca.crt. Let
user specify a
Dne 10.10.2011 16:21, Rob Crittenden napsal(a):
Upgrading an installation that was installed with selfsign CA will fail
in ipa-upgradeconfig because it doesn't handle the case where dogtag
isn't installed.
rob
ACK.
Honza
--
Jan Cholasta
___
On Wed, 2011-10-12 at 08:52 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
For starters I added a 15 second timeout and 2 tries. These numbers are
arbitrary, I am open to suggestions.
Martin
---
Add a timeout to the wget call to cover a case when autodiscovered
server does not
This patch depends on my patch 140 (attached just to be sure).
Do I understand it correctly that new proposed bind-dyndb-ldap option
ldap_hostname won't be needed?
Martin
From 21b8bea688b03e6c4d13da2dbcdebed8ff0fa09d Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Wed, 12 Oct
On Wed, 2011-10-12 at 15:03 +0200, Martin Kosek wrote:
On Wed, 2011-10-12 at 08:52 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
For starters I added a 15 second timeout and 2 tries. These numbers are
arbitrary, I am open to suggestions.
Martin
---
Add a timeout to the
Alexander Bokovoy wrote:
Hi,
attached is a small refactoring that is pursuing two goals:
- fix https://fedorahosted.org/freeipa/ticket/1871
and
- prepare grounds for systemd integration
As ticket 1871 is about cases when HOSTNAME is missing from
/etc/sysconfig/network, this patch adds
On Wed, 12 Oct 2011, Rob Crittenden wrote:
Also, all keys totally missing from the config will be added. Values
from replacevars and appendvars are merged before doing it so there is
only single key=value pair afterwards. Obviously, it is the caller
responsibility to not allow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is there a reason that ipa-client-install does not configure nsswitch
for ldap sudoers and automount by default? I would see such a
modification as a feature for this, rather than a negative.
Alternately, this could be added as a module to ipa
William Brown wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is there a reason that ipa-client-install does not configure nsswitch
for ldap sudoers and automount by default? I would see such a
modification as a feature for this, rather than a negative.
Alternately, this could be added as
Jan Cholasta wrote:
Dne 10.10.2011 16:21, Rob Crittenden napsal(a):
Upgrading an installation that was installed with selfsign CA will fail
in ipa-upgradeconfig because it doesn't handle the case where dogtag
isn't installed.
rob
ACK.
Honza
pushed to master and ipa-2-1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
These are both on our roadmap, we just haven't gotten to them yet:
https://fedorahosted.org/freeipa/ticket/1233
http://freeipa.org/page/SUDO_integration_plans
Okay, I did not find these two pages while searching. It appears to be
what I have
On Tue, 2011-10-11 at 17:40 -0400, Rob Crittenden wrote:
Fix OTP client enrollment when anonymous searches are disabled in 389-ds.
This is fixed mostly by passing in the basedn to ipa-join so we don't
have to hunt for it. I did modify that routine so it will look through
all naming
Martin Kosek wrote:
On Tue, 2011-10-11 at 17:40 -0400, Rob Crittenden wrote:
Fix OTP client enrollment when anonymous searches are disabled in 389-ds.
This is fixed mostly by passing in the basedn to ipa-join so we don't
have to hunt for it. I did modify that routine so it will look through
Alexander Bokovoy wrote:
On Wed, 12 Oct 2011, Rob Crittenden wrote:
Also, all keys totally missing from the config will be added. Values
from replacevars and appendvars are merged before doing it so there is
only single key=value pair afterwards. Obviously, it is the caller
responsibility to
William Brown wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
These are both on our roadmap, we just haven't gotten to them yet:
https://fedorahosted.org/freeipa/ticket/1233
http://freeipa.org/page/SUDO_integration_plans
Okay, I did not find these two pages while searching. It
On 10/11/2011 06:06 PM, Rob Crittenden wrote:
John Dennis wrote:
There were quite errors in es.po, it was difficult or impossible to
track down where they came from, Transifex does not have good revision
history.
I fixed about 20% of the msgstr's in the file that had obvious
problems which
John Dennis wrote:
On 10/11/2011 06:06 PM, Rob Crittenden wrote:
John Dennis wrote:
There were quite errors in es.po, it was difficult or impossible to
track down where they came from, Transifex does not have good revision
history.
I fixed about 20% of the msgstr's in the file that had
On 10/12/2011 11:57 AM, Rob Crittenden wrote:
#: ipalib/plugins/config.py:76
msgid searchtimelimit must be -1 or 1.
-msgstr searchtimelimit debe ser -1 ogt; 1.
+msgstr
Why? This isn't where things are formatted for HTML. This string might
be output on the command line. None of the other
On Tue, 13 Sep 2011, Stephen Gallagher wrote:
On Tue, 2011-09-13 at 16:33 +0300, Alexander Bokovoy wrote:
On Tue, 13 Sep 2011, Stephen Gallagher wrote:
File /usr/lib/python2.7/site-packages/SSSDConfig.py, line 1207,
in import_config
fd = open(configfile, 'r')
On Wed, 2011-10-12 at 11:42 -0400, Rob Crittenden wrote:
Has any work started on the SSSD sudo provider?
Yes, I believe it has. I don't know the full state of it, maybe one
of
the sssd dev lurkers will chime in :-)
In progress,
see sssd-devel@ or join #sssd on Freenode and ask there :)
On Wed, Oct 12, 2011 at 12:25:58PM -0400, Simo Sorce wrote:
On Wed, 2011-10-12 at 11:42 -0400, Rob Crittenden wrote:
Has any work started on the SSSD sudo provider?
Yes, I believe it has. I don't know the full state of it, maybe one
of
the sssd dev lurkers will chime in :-)
The work
Adam Tkac wrote:
Hello all,
please see attached patch for bind-dyndb-ldap, it should solve (at least
from bind-dyndb-ldap side) ticket #1931. It adds new ldap_hostname
option and ipa-server-install utility should set this option when
/bin/hostname is different from --hostname parameter.
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/1948
Honza
Very nice, ACK,
Rebased patch pushed to master, pushed to ipa-2-1
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Jan Cholasta wrote:
Dne 28.6.2011 22:19, Rob Crittenden napsal(a):
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/1358
Honza
ack, pushed to master and ipa-2-0
Don't configure [appdefaults], as per Nalin's suggestion
(https://fedorahosted.org/freeipa/ticket/1358#comment:5)
Alexander Bokovoy wrote:
On Tue, 13 Sep 2011, Stephen Gallagher wrote:
On Tue, 2011-09-13 at 16:33 +0300, Alexander Bokovoy wrote:
On Tue, 13 Sep 2011, Stephen Gallagher wrote:
File /usr/lib/python2.7/site-packages/SSSDConfig.py, line 1207, in
import_config
fd = open(configfile,
On Wed, 12 Oct 2011, Rob Crittenden wrote:
2) Be restrictive on ParseError and throw an error telling them to fix
their config file. Pros: we don't break an existing setup. Cons: FreeIPA
installation has been broken.
3) Default to one of the above but provide a command-line flag to behave
John Dennis wrote:
On 10/12/2011 12:11 PM, John Dennis wrote:
I thought what I had done was replace thegt; with but I obviously
didn't read the diff as closely as you did, good catch Rob , let me go
back and check to make sure I didn't another similar mistake. Also I
forgot to update the
Martin Kosek wrote:
On Thu, 2011-10-06 at 21:31 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-10-05 at 13:44 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
Since IPA v2 server already contain predefined groups that may collide
with groups in migrated (IPA v1) server (for
Martin Kosek wrote:
On Wed, 2011-10-12 at 09:31 -0400, Simo Sorce wrote:
On Wed, 2011-10-12 at 15:03 +0200, Martin Kosek wrote:
On Wed, 2011-10-12 at 08:52 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
For starters I added a 15 second timeout and 2 tries. These numbers are
arbitrary, I am
Martin Kosek wrote:
This patch depends on my patch 140 (attached just to be sure).
Do I understand it correctly that new proposed bind-dyndb-ldap option
ldap_hostname won't be needed?
Martin
I think it would be a good idea to add it when it becomes available in
bind-dyndb-ldap.
NACK on
Martin Kosek wrote:
How to test:
1) Add some nested membership relationships:
$ ipa group-add --desc=foo group1
$ ipa group-add --desc=foo group2
$ ipa user-add --first=Foo --last=Bar foobar
$ ipa role-add-member helpdesk --groups=group2
$ ipa group-add-member group2 --groups=group1
$ ipa
The has_upg() check was created during a transition period for 389-ds.
It is no longer needed and is actually breaking things. The location of
UPG template moved so it thinks the feature is not available. This is
making the primary user's group ipausers instead of the UPG.
rob
From
38 matches
Mail list logo