On 18.6.2014 16:49, Martin Basti wrote:
Due to compability with older versions, only IDNA domains should be
checked
Patch attached.
I'm not particularly happy about the u'\xdf' special case. Isn't there a
better way to do this check?
(BTW I really think this should be a warning, not an
On Fri, 2014-06-20 at 10:32 +0200, Jan Cholasta wrote:
On 18.6.2014 16:49, Martin Basti wrote:
Due to compability with older versions, only IDNA domains should be
checked
Patch attached.
I'm not particularly happy about the u'\xdf' special case. Isn't there a
better way to do this
Hi,
On 19.6.2014 22:30, Nathaniel McCallum wrote:
This command behaves almost exactly like otptoken-add except:
1. The new token data is written directly to a YubiKey
2. The vendor/model/serial fields are populated from the YubiKey
=== NOTE ===
1. This patch depends on the new Fedora package:
On Wed, 2014-06-18 at 17:36 +0200, Petr Spacek wrote:
Hello,
Clarify LDAPClient docstrings about get_entry, get_entries and find_entries.
BTW what is the purpose of size_limit in LDAPClient.get_entry()?
def get_entry(self, dn, attrs_list=None, time_limit=None,
On 06/20/2014 11:06 AM, Martin Basti wrote:
On Wed, 2014-06-18 at 17:36 +0200, Petr Spacek wrote:
Hello,
Clarify LDAPClient docstrings about get_entry, get_entries and find_entries.
BTW what is the purpose of size_limit in LDAPClient.get_entry()?
def get_entry(self, dn, attrs_list=None,
On 06/20/2014 11:06 AM, Martin Basti wrote:
On Wed, 2014-06-18 at 17:36 +0200, Petr Spacek wrote:
Hello,
Clarify LDAPClient docstrings about get_entry, get_entries and find_entries.
BTW what is the purpose of size_limit in LDAPClient.get_entry()?
def get_entry(self, dn, attrs_list=None,
Patch attached
--
Martin^2 Basti
From a28ead1232de4cf84c31e942ed2be1ed4ab4a3b3 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Fri, 20 Jun 2014 12:53:06 +0200
Subject: [PATCH] Fix handle python-dns UnicodeError
---
ipapython/dnsutil.py | 9 +
1 file changed, 5
On 19.6.2014 16:55, Martin Basti wrote:
On Thu, 2014-06-19 at 15:16 +0200, Petr Vobornik wrote:
On 18.6.2014 13:42, Martin Basti wrote:
Rebased patches with pep8 fixes attached
git diff HEAD~4 -U0 | pep8 --diff --ignore=E501,E126,E128,E124
./ipalib/plugins/dns.py:1754:9: E265 block comment
On 20.6.2014 13:06, Martin Basti wrote:
Patch attached
ACK.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 06/20/2014 01:28 PM, Jan Cholasta wrote:
On 20.6.2014 13:06, Martin Basti wrote:
Patch attached
ACK.
Pushed to master: 9f5e77f686a974b837da6eb92cec741fcbb33603
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
My patch 0580 was wrong; non-POSIX groups obviously lack the posixgroup
objectclass. Actually the only objectclasses that all groups share are
top and ipaobject.
This makes permission plugin updater join multiple
permission_filter_objectclasses filters with OR, and changes the --type
group
On Thu, 2014-06-19 at 18:37 +0200, Martin Basti wrote:
On Fri, 2014-06-13 at 09:55 +0200, Martin Basti wrote:
On Thu, 2014-06-12 at 16:20 +0200, Martin Basti wrote:
On Thu, 2014-06-12 at 13:17 +0200, Petr Vobornik wrote:
On 9.6.2014 17:28, Martin Basti wrote:
Ticket:
Patches attached
Petr please review WebUI patch.
--
Martin^2 Basti
From 5492f997702d8b773cd1675a320a79371f5e5b19 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Tue, 17 Jun 2014 17:04:46 +0200
Subject: [PATCH 1/4] DNSSEC: DLVRecord type added
Ticket:
Patch attached.
Ticket:https://fedorahosted.org/freeipa/ticket/4383
--
Martin^2 Basti
From a01f6f623e7cf9261fa0029f271f8a310812f895 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Fri, 20 Jun 2014 13:52:12 +0200
Subject: [PATCH] Fix incompatible DNS permission
On 20.6.2014 14:35, Martin Basti wrote:
On Thu, 2014-06-19 at 18:37 +0200, Martin Basti wrote:
On Fri, 2014-06-13 at 09:55 +0200, Martin Basti wrote:
On Thu, 2014-06-12 at 16:20 +0200, Martin Basti wrote:
On Thu, 2014-06-12 at 13:17 +0200, Petr Vobornik wrote:
On 9.6.2014 17:28, Martin Basti
Required patches: mbasti-0060, mbasti-0073
Patch attached.
--
Martin^2 Basti
From 749807eef26245caec535d1da2ffb48cd69e30a0 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Fri, 20 Jun 2014 15:11:57 +0200
Subject: [PATCH] Fix: add dnssecinlinesigning attribute to ACI
---
On 20.6.2014 15:30, Petr Vobornik wrote:
On 20.6.2014 14:35, Martin Basti wrote:
On Thu, 2014-06-19 at 18:37 +0200, Martin Basti wrote:
On Fri, 2014-06-13 at 09:55 +0200, Martin Basti wrote:
On Thu, 2014-06-12 at 16:20 +0200, Martin Basti wrote:
On Thu, 2014-06-12 at 13:17 +0200, Petr
Hello all,
I would like to discuss what should we do with the latest issue we found in
SSSD-DS communication which is broken after the ACI refactoring.
I was working with Ludwig, there is a problem in the way how deref plugin
checks the access to the referenced entry. Instead of checking the
On Fri, Jun 20, 2014 at 04:06:16PM +0200, Martin Kosek wrote:
Hello all,
I would like to discuss what should we do with the latest issue we found in
SSSD-DS communication which is broken after the ACI refactoring.
It's not just SSSD-DS communication, any client, including ldapsearch
On 06/20/2014 04:24 PM, Jakub Hrozek wrote:
On Fri, Jun 20, 2014 at 04:06:16PM +0200, Martin Kosek wrote:
Hello all,
I would like to discuss what should we do with the latest issue we found in
SSSD-DS communication which is broken after the ACI refactoring.
It's not just SSSD-DS
On 20.6.2014 15:23, Martin Basti wrote:
Patches attached
Petr please review WebUI patch.
Patch 72: ACK
Patch 73: ACK
Patch 74: ACK
Patch 75: ACK
pushed to master:
* 7cdc4178b0fb0972a7aed3e0604a835fc45ac7a8 DNSSEC: DLVRecord type added
* ee6e634c28b7261930c8cee556c8ebef9a01603e DNSSEC: Test:
On 06/20/2014 04:24 PM, Jakub Hrozek wrote:
On Fri, Jun 20, 2014 at 04:06:16PM +0200, Martin Kosek wrote:
Hello all,
I would like to discuss what should we do with the latest issue we found in
SSSD-DS communication which is broken after the ACI refactoring.
It's not just SSSD-DS
On 06/19/2014 02:13 PM, Martin Kosek wrote:
On 06/19/2014 12:52 PM, Petr Viktorin wrote:
I'll address the other issues separately.
On 06/18/2014 05:46 PM, Martin Kosek wrote:
3) I hit one issue when I open the Web UI host tab, I get Insufficient access:
No such virtual command error triggered
On 06/20/2014 04:45 PM, Martin Kosek wrote:
On 06/20/2014 04:24 PM, Jakub Hrozek wrote:
On Fri, Jun 20, 2014 at 04:06:16PM +0200, Martin Kosek wrote:
Hello all,
I would like to discuss what should we do with the latest issue we found in
SSSD-DS communication which is broken after the ACI
On Fri, 2014-06-20 at 16:45 +0200, Martin Kosek wrote:
There is no impact on clients connected to the fixed DS. This is the
scenario
I am concerned about:
User has RHEL/CentOS 6.x IPA server and wants to try the new nice and
shiny FreeIPA 4.0. He installs the FreeIPA 4.0 replica (with fixed
Design at:
http://pki.fedoraproject.org/wiki/Top-Level_Tree
This is a feature to change the tree structure of the Dogtag internal
database so that a new top level baseDN is available. This will
simplify the replication topology by allowing one to replicate all
subsystems in a tomcat instance
On 11.6.2014 15:19, Petr Vobornik wrote:
Patch set contains both API/server and Web UI parts.
[PATCH] 659 ldap2: add otp support to modify_password
[PATCH] 660 rpcserver: add otp support to change_password handler
[PATCH] 661 ipa-passwd: add OTP support
[PATCH] 662 webui: support password
On Thu, 2014-06-19 at 16:30 -0400, Nathaniel McCallum wrote:
This command behaves almost exactly like otptoken-add except:
1. The new token data is written directly to a YubiKey
2. The vendor/model/serial fields are populated from the YubiKey
=== NOTE ===
1. This patch depends on the new
On Fri, Jun 20, 2014 at 04:45:45PM +0200, Martin Kosek wrote:
On 06/20/2014 04:24 PM, Jakub Hrozek wrote:
On Fri, Jun 20, 2014 at 04:06:16PM +0200, Martin Kosek wrote:
Hello all,
I would like to discuss what should we do with the latest issue we found in
SSSD-DS communication which is
On Thu, 2014-06-19 at 12:43 -0400, Simo Sorce wrote:
On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote:
This also fixes an error where the default value was not respecting
the KEY_LENGTH variable.
(NOTE: the os.urandom() change should not change the security properties
of the
On Fri, 2014-06-20 at 11:56 -0400, Nathaniel McCallum wrote:
On Thu, 2014-06-19 at 12:43 -0400, Simo Sorce wrote:
On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote:
This also fixes an error where the default value was not respecting
the KEY_LENGTH variable.
(NOTE: the
On 6/18/2014 6:11 AM, Petr Vobornik wrote:
1. As discussed on IRC, the plugin is causing an error due to missing
extend.js. This needs to be fixed.
Fixed
4. I agree that the facet shouldn't define the hash. The hash should be
part of the plugin declaration.
Ideally, facet should be router
On 12.6.2014 16:23, Petr Spacek wrote:
On 30.4.2014 18:19, Petr Spacek wrote:
following text summarizes schema DIT layout for DNSSEC key storage in LDAP.
I have added object classes and default values for attributes I consider
important. This is final proposal for implementation. Please
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
I'm a bit confused about the behavior of enctypes in the Request.
A list of
On Fri, 2014-06-20 at 14:05 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
I'm a bit
On Fri, 2014-06-20 at 20:04 +0200, Petr Spacek wrote:
ipk11Private;privatekey: TRUE
ipk11Private;publickey: FALSE
can these two ever hold a different value ?
ie a privatekey be FALSE and a publickey be TRUE ?
If not I suggest you do not add this attribute at all and assume their
value ?
(btw I
On Fri, 2014-06-20 at 14:10 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:05 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
On Fri, 2014-06-20 at 14:30 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 14:10 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:05 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a
On Fri, 2014-06-20 at 14:38 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:30 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 14:10 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:05 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
On 06/20/2014 05:51 PM, Jakub Hrozek wrote:
On Fri, Jun 20, 2014 at 04:45:45PM +0200, Martin Kosek wrote:
On 06/20/2014 04:24 PM, Jakub Hrozek wrote:
On Fri, Jun 20, 2014 at 04:06:16PM +0200, Martin Kosek wrote:
...
I think we should just make a note to self to allow users to fix the
ACIs
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
Is there any need to create different permissions for password
generation vs
On Fri, 2014-06-20 at 15:50 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
Is there
On Fri, 2014-06-20 at 15:50 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
Is there
On Fri, 2014-06-20 at 15:55 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 15:50 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been
On 06/20/2014 04:49 PM, Petr Viktorin wrote:
On 06/19/2014 02:13 PM, Martin Kosek wrote:
On 06/19/2014 12:52 PM, Petr Viktorin wrote:
I'll address the other issues separately.
On 06/18/2014 05:46 PM, Martin Kosek wrote:
3) I hit one issue when I open the Web UI host tab, I get Insufficient
On 06/19/2014 01:41 PM, Petr Viktorin wrote:
On 06/18/2014 05:46 PM, Martin Kosek wrote:
On 06/11/2014 06:39 PM, Petr Viktorin wrote:
Patch 0578 does the conversion
Patch 0579 fixes https://fedorahosted.org/freeipa/ticket/4252 and provides
permissions needed for automatic enrollment (from
On Fri, 2014-06-20 at 16:05 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:47 -0400, Nathaniel McCallum wrote:
This change would have very small impact on your patch set, but would
be
much clearer for the future consumers of this protocol. Code can be
changed; protocols can't.
Ok
On 06/20/2014 05:06 PM, Petr Viktorin wrote:
All these should be independent, except for conflicts in ACI.txt that are
easily solved by running makeaci.
Umh, now the fun begins as I see :) There will probably need to be some rebase,
it clashed with some other ACI patches in my tree (namely
On Fri, 2014-06-20 at 16:50 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 16:05 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:47 -0400, Nathaniel McCallum wrote:
This change would have very small impact on your patch set, but would
be
much clearer for the future consumers
49 matches
Mail list logo