On 06/17/2014 04:22 PM, Martin Basti wrote:
Patch attached.
Ticket: https://fedorahosted.org/freeipa/ticket/4243
Works fine.
ACK, pushed to master, ipa-3-3.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 24.6.2014 22:46, Lukas Slebodnik wrote:
On (24/06/14 21:34), Martin Kosek wrote:
On 06/24/2014 05:37 PM, Petr Spacek wrote:
On 23.6.2014 17:12, Petr Spacek wrote:
Bump NVR to 4.4.
Update NEWS for upcoming 4.4 release.
Pushed to master:
2cd574e90a9fdebdbeaab45ef335e7d63e85dfd7
On 06/19/2014 03:52 PM, Tomas Babej wrote:
On 06/19/2014 12:52 PM, Tomas Babej wrote:
On 06/18/2014 10:52 AM, Petr Viktorin wrote:
On 06/17/2014 02:15 PM, Tomas Babej wrote:
On 06/17/2014 12:03 PM, Timo Aaltonen wrote:
On 17.06.2014 11:16, Martin Kosek wrote:
Attached is a new version of
On 06/24/2014 06:31 PM, thierry bordaz wrote:
Hello,
User life cycle assigns a status to user entries depending where
they are in the DIT.
'Active' user will be under 'cn=accounts,SUFFIX' while 'Stage' and
'Delete' users are somewhere under 'cn=provisioning,SUFFIX'.
Only
On 06/25/2014 10:52 AM, Martin Kosek wrote:
On 06/24/2014 06:31 PM, thierry bordaz wrote:
Hello,
User life cycle assigns a status to user entries depending where
they are in the DIT.
'Active' user will be under 'cn=accounts,SUFFIX' while 'Stage' and
'Delete' users are somewhere
On 06/24/2014 08:15 PM, Tomas Babej wrote:
Attaching patch 234, which resolves another ACI issue related to trusts.
On 06/24/2014 02:50 PM, Tomas Babej wrote:
Hi,
this is a follow up patch for 232. Read access to additional attributes
is required for the trust objects.
First patch looks
On 06/20/2014 03:32 PM, Martin Basti wrote:
Required patches: mbasti-0060, mbasti-0073
Patch attached.
Hi,
For the raw ACI in dns.ldif, there are some more hoops to jump through.
Remove the ACI from /install/share/dns.ldif entirely (except for schema,
we're slowly replacing the .ldif
On Tue, 24 Jun 2014, Nathaniel McCallum wrote:
On Tue, 2014-06-03 at 09:18 -0400, Nathaniel McCallum wrote:
On Tue, 2014-06-03 at 10:27 +0200, Petr Vobornik wrote:
On 3.6.2014 05:08, Nathaniel McCallum wrote:
This command calls the token sync HTTP POST call in the server providing
the CLI
On Tue, 24 Jun 2014, Nathaniel McCallum wrote:
On Mon, 2014-06-02 at 23:07 -0400, Nathaniel McCallum wrote:
This HTTP call takes the following parameters:
* user
* password
* first_code
* second_code
* token (optional)
Using this information, the server will perform token synchronization.
On Mon, 23 Jun 2014, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 10:29 +0300, Alexander Bokovoy wrote:
On Fri, 20 Jun 2014, Nathaniel McCallum wrote:
On Thu, 2014-06-19 at 16:30 -0400, Nathaniel McCallum wrote:
This command behaves almost exactly like otptoken-add except:
1. The new token
On Wed, 18 Jun 2014, Nathaniel McCallum wrote:
On Wed, 2014-06-18 at 17:48 -0400, Simo Sorce wrote:
On Wed, 2014-06-18 at 17:34 -0400, Nathaniel McCallum wrote:
On Tue, 2014-05-13 at 12:38 -0400, Nathaniel McCallum wrote:
This patch adds support for importing tokens using RFC 6030 key
On 06/25/2014 12:40 PM, Alexander Bokovoy wrote:
On Wed, 18 Jun 2014, Nathaniel McCallum wrote:
On Wed, 2014-06-18 at 17:48 -0400, Simo Sorce wrote:
On Wed, 2014-06-18 at 17:34 -0400, Nathaniel McCallum wrote:
On Tue, 2014-05-13 at 12:38 -0400, Nathaniel McCallum wrote:
This patch adds
On Tue, 27 May 2014, Nathaniel McCallum wrote:
This change has two motivations:
1. Clients don't have to parse the string.
2. Future token types may have new formats.
ACK, works for me.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
On 16.6.2014 22:36, Rob Crittenden wrote:
Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
the attached patches implement
https://fedorahosted.org/freeipa/ticket/3259 and
https://fedorahosted.org/freeipa/ticket/3520.
This work depends on my patches 241-253 and 262-266
On 06/25/2014 11:45 AM, Petr Viktorin wrote:
On 06/24/2014 08:15 PM, Tomas Babej wrote:
Attaching patch 234, which resolves another ACI issue related to trusts.
On 06/24/2014 02:50 PM, Tomas Babej wrote:
Hi,
this is a follow up patch for 232. Read access to additional attributes
is
On Wed, 25 Jun 2014, Tomas Babej wrote:
On 06/25/2014 11:45 AM, Petr Viktorin wrote:
On 06/24/2014 08:15 PM, Tomas Babej wrote:
Attaching patch 234, which resolves another ACI issue related to trusts.
On 06/24/2014 02:50 PM, Tomas Babej wrote:
Hi,
this is a follow up patch for 232. Read
On Tue, 2014-06-24 at 17:04 +0200, Petr Spacek wrote:
Hello,
Add TLSA and DLV RR types to LDAP schema.
Those RR types will be handy for DNSSEC users.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Ticket https://fedorahosted.org/freeipa/ticket/4328#comment:12
Patches attached.
Note: ACI will be updated in another patch which fix ACIs in DNS plugin
--
Martin^2 Basti
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On Wed, 2014-06-25 at 14:31 +0200, Martin Basti wrote:
Ticket https://fedorahosted.org/freeipa/ticket/4328#comment:12
Patches attached.
Note: ACI will be updated in another patch which fix ACIs in DNS plugin
Patches are here
--
Martin^2 Basti
From f429d90eadaa7da6719665dc1f9c5fcdf02dcee5
On 06/24/2014 04:52 PM, Martin Basti wrote:
On Tue, 2014-06-24 at 16:36 +0200, Martin Kosek wrote:
On 06/18/2014 01:46 PM, Martin Basti wrote:
On Wed, 2014-06-18 at 13:44 +0200, Martin Basti wrote:
On Fri, 2014-06-13 at 10:28 +0200, Martin Basti wrote:
Patches attached, require patches mbasti
On 06/25/2014 01:54 PM, Alexander Bokovoy wrote:
On Wed, 25 Jun 2014, Tomas Babej wrote:
On 06/25/2014 11:45 AM, Petr Viktorin wrote:
On 06/24/2014 08:15 PM, Tomas Babej wrote:
Attaching patch 234, which resolves another ACI issue related to
trusts.
On 06/24/2014 02:50 PM, Tomas Babej
On 6/18/2014 6:22 AM, Petr Vobornik wrote:
All DNS Zone names must be fully qualified.
Assuming test works, ACK.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 6/18/2014 6:22 AM, Petr Vobornik wrote:
Fields with default value, such as DNS Zone's idnsforwardpolicy, were
marked as dirty when no value was loaded and when default value of
input control was other than empty.
Fixes regression in DNS Zone details facet - facet is always dirty.
ACK.
--
On 6/23/2014 11:09 AM, Petr Vobornik wrote:
Search for privileges was limited to bindruletype==permission. There
was no reason to do that.
This patch removes the restriction.
Related to:
https://fedorahosted.org/freeipa/ticket/4079
ACK.
--
Endi S. Dewata
ticket: https://fedorahosted.org/freeipa/ticket/4394
== [PATCH] 678 webui: send API version in RPC requests ==
Currently there is an incorrect behavior that server doesn't send datetime
and dnsname data in new format.
This patch adds the version to each RPC request making the UI look as the
On Wed, 2014-06-25 at 13:35 +0300, Alexander Bokovoy wrote:
On Mon, 23 Jun 2014, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 10:29 +0300, Alexander Bokovoy wrote:
On Fri, 20 Jun 2014, Nathaniel McCallum wrote:
On Thu, 2014-06-19 at 16:30 -0400, Nathaniel McCallum wrote:
This command
On 06/20/2014 03:28 PM, Martin Basti wrote:
Patch attached.
Ticket:https://fedorahosted.org/freeipa/ticket/4383
This works, just two comments:
To check if an entry exists, instead of calling
api.Command['permission_show'](permission_name_rel)
you should call the more light-weight
On 06/25/2014 04:01 PM, Tomas Babej wrote:
On 06/25/2014 10:48 AM, Petr Viktorin wrote:
On 06/19/2014 03:52 PM, Tomas Babej wrote:
On 06/19/2014 12:52 PM, Tomas Babej wrote:
On 06/18/2014 10:52 AM, Petr Viktorin wrote:
On 06/17/2014 02:15 PM, Tomas Babej wrote:
On 06/17/2014 12:03 PM,
On 25.6.2014 15:30, Endi Sukma Dewata wrote:
On 6/18/2014 6:22 AM, Petr Vobornik wrote:
All DNS Zone names must be fully qualified.
Assuming test works, ACK.
pushed to master:
15374cf58fe26396be7bc70d7133b501b11dad6d webui-ci: adjust tests to dns
changes
--
Petr Vobornik
On 25.6.2014 15:30, Endi Sukma Dewata wrote:
On 6/18/2014 6:22 AM, Petr Vobornik wrote:
Fields with default value, such as DNS Zone's idnsforwardpolicy, were
marked as dirty when no value was loaded and when default value of
input control was other than empty.
Fixes regression in DNS Zone
On 25.6.2014 15:31, Endi Sukma Dewata wrote:
On 6/23/2014 11:09 AM, Petr Vobornik wrote:
Search for privileges was limited to bindruletype==permission. There
was no reason to do that.
This patch removes the restriction.
Related to:
https://fedorahosted.org/freeipa/ticket/4079
ACK.
pushed
On 06/25/2014 04:13 PM, Tomas Babej wrote:
On 06/25/2014 04:01 PM, Tomas Babej wrote:
On 06/25/2014 10:48 AM, Petr Viktorin wrote:
On 06/19/2014 03:52 PM, Tomas Babej wrote:
On 06/19/2014 12:52 PM, Tomas Babej wrote:
On 06/18/2014 10:52 AM, Petr Viktorin wrote:
On 06/17/2014 02:15 PM,
On Wed, 2014-06-25 at 15:54 +0200, Petr Viktorin wrote:
On 06/20/2014 03:28 PM, Martin Basti wrote:
Patch attached.
Ticket:https://fedorahosted.org/freeipa/ticket/4383
This works, just two comments:
To check if an entry exists, instead of calling
On Wed, 2014-06-25 at 14:36 +0200, Martin Kosek wrote:
On 06/24/2014 04:52 PM, Martin Basti wrote:
On Tue, 2014-06-24 at 16:36 +0200, Martin Kosek wrote:
On 06/18/2014 01:46 PM, Martin Basti wrote:
On Wed, 2014-06-18 at 13:44 +0200, Martin Basti wrote:
On Fri, 2014-06-13 at 10:28 +0200,
Hi,
Our datetime conversion does not support full LDAP Generalized
time syntax. In the unsupported cases, we should fall back
to string representation of the attribute.
In particular, '0' is used to denote no value of LDAP generalized
time attribute.
https://fedorahosted.org/freeipa/ticket/4350
Hi,
On 25.6.2014 17:17, Tomas Babej wrote:
Hi,
Our datetime conversion does not support full LDAP Generalized
time syntax. In the unsupported cases, we should fall back
to string representation of the attribute.
In particular, '0' is used to denote no value of LDAP generalized
time attribute.
Hi,
On 24.6.2014 16:02, Petr Vobornik wrote:
login_password did not work properly in timezones other than +0h because
local time was compared with utc time.
ACK.
Bug introduced in:
https://fedorahosted.org/freeipa/ticket/4339
We should review other code for invalid usage of datetime.now()
On 06/25/2014 04:28 PM, Tomas Babej wrote:
On 06/18/2014 09:54 AM, Petr Viktorin wrote:
On 06/17/2014 12:25 PM, Tomas Babej wrote:
On 05/26/2014 06:20 PM, Petr Viktorin wrote:
On 05/20/2014 06:15 PM, Tomas Babej wrote:
Hi,
the following set of patches fixes:
On 06/25/2014 05:29 PM, Jan Cholasta wrote:
Hi,
On 25.6.2014 17:17, Tomas Babej wrote:
Hi,
Our datetime conversion does not support full LDAP Generalized
time syntax. In the unsupported cases, we should fall back
to string representation of the attribute.
In particular, '0' is used to denote
On 06/25/2014 05:03 PM, Martin Basti wrote:
On Wed, 2014-06-25 at 15:54 +0200, Petr Viktorin wrote:
On 06/20/2014 03:28 PM, Martin Basti wrote:
Patch attached.
Ticket:https://fedorahosted.org/freeipa/ticket/4383
This works, just two comments:
To check if an entry exists, instead of calling
On Wed, 2014-06-25 at 12:13 +0200, Petr Viktorin wrote:
On 06/20/2014 03:32 PM, Martin Basti wrote:
Required patches: mbasti-0060, mbasti-0073
Patch attached.
Hi,
For the raw ACI in dns.ldif, there are some more hoops to jump through.
Remove the ACI from /install/share/dns.ldif
On Wed, 2014-06-25 at 18:47 +0200, Martin Basti wrote:
On Wed, 2014-06-25 at 12:13 +0200, Petr Viktorin wrote:
On 06/20/2014 03:32 PM, Martin Basti wrote:
Required patches: mbasti-0060, mbasti-0073
Patch attached.
Hi,
For the raw ACI in dns.ldif, there are some more hoops
Patch 618 fixes a bug.
Patches 680 and 681 were implemented along with it. They address
pspacek's usability rant :).
[PATCH] 680 webui: show notification instead of modal dialog on
validation error
[PATCH] 681 webui: fix required error notification in multivalued widget
[PATCH] 682 webui:
On 06/25/2014 04:59 PM, Tomas Babej wrote:
On 06/25/2014 04:13 PM, Tomas Babej wrote:
On 06/25/2014 04:01 PM, Tomas Babej wrote:
On 06/25/2014 10:48 AM, Petr Viktorin wrote:
On 06/19/2014 03:52 PM, Tomas Babej wrote:
On 06/19/2014 12:52 PM, Tomas Babej wrote:
On 06/18/2014 10:52 AM,
On 6/20/2014 10:18 AM, Petr Vobornik wrote:
On 11.6.2014 15:19, Petr Vobornik wrote:
Patch set contains both API/server and Web UI parts.
[PATCH] 659 ldap2: add otp support to modify_password
[PATCH] 660 rpcserver: add otp support to change_password handler
[PATCH] 661 ipa-passwd: add OTP
On 06/25/2014 06:23 PM, Tomas Babej wrote:
On 06/25/2014 05:46 PM, Petr Viktorin wrote:
On 06/25/2014 04:28 PM, Tomas Babej wrote:
On 06/18/2014 09:54 AM, Petr Viktorin wrote:
On 06/17/2014 12:25 PM, Tomas Babej wrote:
On 05/26/2014 06:20 PM, Petr Viktorin wrote:
On 05/20/2014 06:15 PM,
On 06/25/2014 07:16 PM, Tomas Babej wrote:
On 06/25/2014 04:59 PM, Tomas Babej wrote:
On 06/25/2014 04:13 PM, Tomas Babej wrote:
On 06/25/2014 04:01 PM, Tomas Babej wrote:
On 06/25/2014 10:48 AM, Petr Viktorin wrote:
On 06/19/2014 03:52 PM, Tomas Babej wrote:
On 06/19/2014 12:52 PM,
On Wed, 2014-06-25 at 09:53 -0400, Nathaniel McCallum wrote:
On Wed, 2014-06-25 at 13:35 +0300, Alexander Bokovoy wrote:
On Mon, 23 Jun 2014, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 10:29 +0300, Alexander Bokovoy wrote:
On Fri, 20 Jun 2014, Nathaniel McCallum wrote:
On Thu,
On Wed, 2014-06-25 at 13:21 +0300, Alexander Bokovoy wrote:
On Tue, 24 Jun 2014, Nathaniel McCallum wrote:
On Mon, 2014-06-02 at 23:07 -0400, Nathaniel McCallum wrote:
This HTTP call takes the following parameters:
* user
* password
* first_code
* second_code
* token (optional)
On Wed, 2014-06-25 at 13:18 +0300, Alexander Bokovoy wrote:
On Tue, 24 Jun 2014, Nathaniel McCallum wrote:
On Tue, 2014-06-03 at 09:18 -0400, Nathaniel McCallum wrote:
On Tue, 2014-06-03 at 10:27 +0200, Petr Vobornik wrote:
On 3.6.2014 05:08, Nathaniel McCallum wrote:
This command calls
On Mon, 2014-06-23 at 17:24 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 14:35 -0400, Simo Sorce wrote:
- Original Message -
- Original Message -
Can you check if ipaProtectedOperation is in the aci attribute in the
base tree object ?
It should be
I think it's kind of funny that the cert for: https://www.freeipa.org/
is invalid, particularly since this is a security product.
In any case, feel free to forward to whoever maintains this in case
someone thinks it matters.
Cheers,
James
___
52 matches
Mail list logo