Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On 8.3.2013 20:09, Rob Crittenden wrote: Petr Spacek wrote: On 8.3.2013 16:45, Rob Crittenden wrote: One would need to pass in the object type they are dealing with: ipa krbflags --type=user --ok-as-delegate=false sbose ipa krbflags --type=service --ok-as-delegate=true HTTP/ipa.example.com

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On 8.3.2013 14:41, Simo Sorce wrote: On Fri, 2013-03-08 at 10:31 +0100, Jan Cholasta wrote: Hi, On 7.3.2013 21:15, Rob Crittenden wrote: Based on a comment from Sumit in ticket https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of how one might do it:

Re: [Freeipa-devel] [PATCH 118] [WIP] Add 389 DS plugin for special idnsSOASerial attribute handling

On 03/11/2013 04:58 PM, Petr Spacek wrote: Hello list! My first patch for FreeIPA is attached :-) I managed to add new 389 DS plugin to build system, but the LDAP magic in installer and updater is too much for my brain. Could somebody show me how installer and updater should add new

Re: [Freeipa-devel] [PATCH] 1088 Recover DNA ranges when deleting a master

On 03/11/2013 05:00 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 03/07/2013 08:27 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 03/06/2013 09:52 PM, Rob Crittenden wrote: Petr Viktorin wrote: [...] On new installs, the ACI on cn=Posix IDs,cn=Distributed Numeric Assignment

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

Jan Cholasta wrote: On 8.3.2013 20:09, Rob Crittenden wrote: Petr Spacek wrote: On 8.3.2013 16:45, Rob Crittenden wrote: One would need to pass in the object type they are dealing with: ipa krbflags --type=user --ok-as-delegate=false sbose ipa krbflags --type=service --ok-as-delegate=true

Re: [Freeipa-devel] [PATCHES] 0191-0195 Use ipaldap in the client installer password migration

On 03/12/2013 10:10 AM, Petr Viktorin wrote: On 03/11/2013 02:56 PM, Martin Kosek wrote: On 03/11/2013 01:48 PM, Jan Cholasta wrote: On 11.3.2013 13:43, Petr Viktorin wrote: On 03/11/2013 01:13 PM, Jan Cholasta wrote: On 8.3.2013 14:14, Petr Viktorin wrote: On 03/07/2013 05:42 PM, Jan

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On Tue, 2013-03-12 at 10:23 +0100, Jan Cholasta wrote: On 8.3.2013 14:41, Simo Sorce wrote: On Fri, 2013-03-08 at 10:31 +0100, Jan Cholasta wrote: Hi, On 7.3.2013 21:15, Rob Crittenden wrote: Based on a comment from Sumit in ticket https://fedorahosted.org/freeipa/ticket/3329 here is

Re: [Freeipa-devel] [PATCH 0037] Add support for re-enrolling hosts using keytab

On 03/08/2013 03:01 PM, Tomas Babej wrote: On Thu 07 Mar 2013 11:01:33 PM CET, Rob Crittenden wrote: Petr Viktorin wrote: On 03/07/2013 04:27 PM, Tomas Babej wrote: On 03/07/2013 04:12 PM, Petr Viktorin wrote: Thanks! I just have two more very minor nitpicks. On 03/06/2013 01:04 PM, Tomas

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On 12.3.2013 13:34, Simo Sorce wrote: We might, but how do you check for the global value ? An additional search for every KDC operation is simply not going to happen. Can we do that extra search only when the KDC is initialized and when configuration is refreshed? I don't think the default

Re: [Freeipa-devel] [PATCH 118] [WIP] Add 389 DS plugin for special idnsSOASerial attribute handling

On 12.3.2013 10:40, Martin Kosek wrote: On 03/11/2013 04:58 PM, Petr Spacek wrote: Hello list! My first patch for FreeIPA is attached :-) I managed to add new 389 DS plugin to build system, but the LDAP magic in installer and updater is too much for my brain. Could somebody show me how

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

Petr Spacek wrote: On 12.3.2013 13:34, Simo Sorce wrote: We might, but how do you check for the global value ? An additional search for every KDC operation is simply not going to happen. Can we do that extra search only when the KDC is initialized and when configuration is refreshed? I

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On 12.3.2013 15:39, Rob Crittenden wrote: Petr Spacek wrote: On 12.3.2013 13:34, Simo Sorce wrote: We might, but how do you check for the global value ? An additional search for every KDC operation is simply not going to happen. Can we do that extra search only when the KDC is initialized

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

Petr Spacek wrote: On 12.3.2013 15:39, Rob Crittenden wrote: Petr Spacek wrote: On 12.3.2013 13:34, Simo Sorce wrote: We might, but how do you check for the global value ? An additional search for every KDC operation is simply not going to happen. Can we do that extra search only when

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On Tue, Mar 12, 2013 at 08:34:33AM -0400, Simo Sorce wrote: On Tue, 2013-03-12 at 10:23 +0100, Jan Cholasta wrote: On 8.3.2013 14:41, Simo Sorce wrote: On Fri, 2013-03-08 at 10:31 +0100, Jan Cholasta wrote: Hi, On 7.3.2013 21:15, Rob Crittenden wrote: Based on a comment from

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On 12.3.2013 16:00, Rob Crittenden wrote: Petr Spacek wrote: On 12.3.2013 15:39, Rob Crittenden wrote: Petr Spacek wrote: On 12.3.2013 13:34, Simo Sorce wrote: We might, but how do you check for the global value ? An additional search for every KDC operation is simply not going to happen.

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On Tue, 2013-03-12 at 15:31 +0100, Petr Spacek wrote: On 12.3.2013 13:34, Simo Sorce wrote: We might, but how do you check for the global value ? An additional search for every KDC operation is simply not going to happen. Can we do that extra search only when the KDC is initialized

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote: On 12.3.2013 16:00, Rob Crittenden wrote: Petr Spacek wrote: On 12.3.2013 15:39, Rob Crittenden wrote: Petr Spacek wrote: On 12.3.2013 13:34, Simo Sorce wrote: We might, but how do you check for the global value ? An additional

[Freeipa-devel] [PATCH] 267 Filter groups by type (normal, posix, external)

Here's a patch for filtering groups by type. Design page: http://www.freeipa.org/page/V3/Filtering_groups_by_type The interface is: StrEnum('type?', cli_name='type', label=_('Type'), doc=_('Group type'), values=(u'posix', u'normal', u'external'), ), I have two design

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On 12.3.2013 17:24, Simo Sorce wrote: On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote: Why can't we set the bitfield (krbTicketFlags) directly? (There is an ACI preventing that, I'm just wondering what is the reason for this.) If you tell me who 'we' is (as in what user would set it) I

Re: [Freeipa-devel] [PATCH] 260-262 Global trust configuration page

On 03/06/2013 01:42 PM, Petr Vobornik wrote: On 03/02/2013 08:40 PM, Endi Sukma Dewata wrote: - Original Message - First two patches are bug fixes which are required for third patch. Depends on my patch #259 (Combobox keyboard support) 1) [PATCH] Fix dirty state update of editable

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On 12.3.2013 18:01, Simo Sorce wrote: On Tue, 2013-03-12 at 17:31 +0100, Jan Cholasta wrote: On 12.3.2013 17:24, Simo Sorce wrote: On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote: Why can't we set the bitfield (krbTicketFlags) directly? (There is an ACI preventing that, I'm just

Re: [Freeipa-devel] [PATCH] 1088 Recover DNA ranges when deleting a master

Petr Viktorin wrote: On 03/11/2013 05:00 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 03/07/2013 08:27 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 03/06/2013 09:52 PM, Rob Crittenden wrote: Petr Viktorin wrote: [...] On new installs, the ACI on cn=Posix IDs,cn=Distributed

Re: [Freeipa-devel] [PROPOSAL] Kerberos flags

On Tue, 2013-03-12 at 18:31 +0100, Jan Cholasta wrote: On 12.3.2013 18:01, Simo Sorce wrote: On Tue, 2013-03-12 at 17:31 +0100, Jan Cholasta wrote: On 12.3.2013 17:24, Simo Sorce wrote: On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote: Why can't we set the bitfield (krbTicketFlags)