JR Aquino wrote:
> I have encountered and troubleshot several instances recently where a user
> was present in more than 1 sudo rule. One that permitted the user, the host,
> and commands, and another that permited the user, and host, but no commands.
>
> It was discovered that:
> * Sudo is a s
Adam Young wrote:
Rob,
You indicated that there was a way to get the params we needed to
produce meta-data. I'm working on the phonenumber issues right now, and
right now have no way of telling that it is a multi value attribute.
There is logic in the code, but it relies on the metadata. v Can y
I have encountered and troubleshot several instances recently where a user was
present in more than 1 sudo rule. One that permitted the user, the host, and
commands, and another that permited the user, and host, but no commands.
It was discovered that:
* Sudo is a stop on first match...
* When
- "Adam Young" wrote:
> Should have remembered this approach, standard JS way to deal with
> undefined values.
admiyo-freeipa-0048-3-Item-Level-Undo.patch
A few notes:
1. You're replying to the wrong thread :)
2. The undo button will only appear when the input field loses focus. Ideally
On 09/29/2010 09:41 PM, Adam Young wrote:
On 09/29/2010 08:34 PM, Endi Sukma Dewata wrote:
- "Endi Sukma Dewata" wrote:
Some errors (e.g. server down) are reported as AJAX success with
empty data and/or HTTP error code != 200. The ipa_cmd() has been
modified so that it will detect suc
Rob,
You indicated that there was a way to get the params we needed to
produce meta-data. I'm working on the phonenumber issues right now, and
right now have no way of telling that it is a multi value attribute.
There is logic in the code, but it relies on the metadata. v Can you
point me i
On 09/29/2010 08:34 PM, Endi Sukma Dewata wrote:
- "Endi Sukma Dewata" wrote:
Some errors (e.g. server down) are reported as AJAX success with
empty data and/or HTTP error code != 200. The ipa_cmd() has been
modified so that it will detect such errors and invoke the error
handler.
default search
Populate the entity search pages with the results of a search with
a blank filter even if no filter has been specified
From e52e755599082c01c35f14ecaf12c25258665eb2 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Wed, 29 Sep 2010 20:55:58 -0400
Subject: [PATCH] default searc
- "Endi Sukma Dewata" wrote:
> Some errors (e.g. server down) are reported as AJAX success with
> empty data and/or HTTP error code != 200. The ipa_cmd() has been
> modified so that it will detect such errors and invoke the error
> handler.
It turns out that pulling local JSON files will res
On 09/28/2010 11:06 AM, ad...@transifex.net wrote:
Hello freeipa, this is Transifex at http://www.transifex.net.
The following attached files were submitted to FreeIPA | master by
yurchor
Please, visit Transifex at
http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the
com
JR Aquino wrote:
> I believe we have made an oversight in the way that sudo processes 'deny' or
> negations via ldap...
>
> Currently our IPA sudo Schema has ipasudorule objects set to contain an
> attribute: accessRuleType
>
> Unfortunately, sudo does not have a means to do a 'deny' in this way.
On 09/29/2010 05:05 PM, Adam Young wrote:
On 09/29/2010 04:53 PM, Adam Young wrote:
On 09/29/2010 03:17 PM, Endi Sukma Dewata wrote:
- "Adam Young" wrote:
Endi, can you add in a Unit test for this? If need be, extend the
ipa_cmd so that it looks for an optional command line param that ma
On 09/29/2010 06:19 PM, Endi Sukma Dewata wrote:
- "Adam Young" wrote:
Item Level Undo
Also adding some unit tests for details.
Using JQuery UI buttons for update and reset
This has the added benefit of letting the user know when the screen
has been submitted, as the "undo" buttons g
Hi,
Please review the attached patch. Thanks!
Some errors (e.g. server down) are reported as AJAX success with
empty data and/or HTTP error code != 200. The ipa_cmd() has been
modified so that it will detect such errors and invoke the error
handler.
--
Endi S. Dewata
>From 6b04c0f28cfd369f77c8f4
- "Adam Young" wrote:
> Item Level Undo
>
> Also adding some unit tests for details.
> Using JQuery UI buttons for update and reset
>
> This has the added benefit of letting the user know when the screen
> has been submitted, as the "undo" buttons go away.
> Rebased on top
> of Endi's last
On 09/29/2010 04:53 PM, Adam Young wrote:
On 09/29/2010 03:17 PM, Endi Sukma Dewata wrote:
- "Adam Young" wrote:
Endi, can you add in a Unit test for this? If need be, extend the
ipa_cmd so that it looks for an optional command line param that makes
it try to fetch a .json file that doesn
On 09/29/2010 03:41 PM, Adam Young wrote:
Item Level Undo
Also adding some unit tests for details.
Using JQuery UI buttons for update and reset
This has the added benefit of letting the user know when the screen
has been submitted, as the "undo" buttons go away.
___
When doing an addattr check to see if we are creating a multi-value
attribute and see if that is allowed by the Param and/or the attribute
in the schema (SINGLE-VALUE).
Pavel, check my fix in the exception callback. It was passing attrs_list
but that isn't set until later. I decided to send an
On 09/29/2010 03:17 PM, Endi Sukma Dewata wrote:
- "Adam Young" wrote:
Endi, can you add in a Unit test for this? If need be, extend the
ipa_cmd so that it looks for an optional command line param that makes
it try to fetch a .json file that doesn't exist:
Something like
var suffix =
Item Level Undo
Also adding some unit tests for details.
Using JQuery UI buttons for update and reset
This has the added benefit of letting the user know when the screen has
been submitted, as the "undo" buttons go away.
From d6e723dcba77e1da9d67b01a397b6e9f863503f9 Mon Sep 17 00:00:00
- "Adam Young" wrote:
> Endi, can you add in a Unit test for this? If need be, extend the
> ipa_cmd so that it looks for an optional command line param that makes
> it try to fetch a .json file that doesn't exist:
>
>
> Something like
> var suffix = $.bbq.get("cmd_suffix");
> if (suffix){
>
On 09/29/2010 01:55 PM, Rob Crittenden wrote:
Change the finals aci so that the login admin is no longer special.
The group admins is now controls the "super-user" group.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat
Detect if DNS is already configured in IPA, or if IPA is not yet installed.
ipa-dns-manage could fail in very odd ways depending on the current
configuration of the server. Handle things a bit better.
ticket 210
rob
freeipa-551-dns.patch
Description: application/mbox
___
Add estimated install times to the installation. I also log a duration
for each step in /var/log/ipaserver-install.log if anyone wants to
compare their times to mine.
ticket 139
rob
freeipa-550-install.patch
Description: application/mbox
___
Freeip
Change the finals aci so that the login admin is no longer special. The
group admins is now controls the "super-user" group.
rob
freeipa-549-admin.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www
I believe we have made an oversight in the way that sudo processes 'deny' or
negations via ldap...
Currently our IPA sudo Schema has ipasudorule objects set to contain an
attribute: accessRuleType
Unfortunately, sudo does not have a means to do a 'deny' in this way...
For a command, user, or h
On 09/28/2010 11:11 PM, Rob Crittenden wrote:
Use consistent, specific nickname for the IPA CA certificate.
Also fix some imports for sha. We have a compat module for it, use it.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://ww
On 09/29/2010 12:44 AM, Endi Sukma Dewata wrote:
- "Adam Young" wrote:
tab objects
Convert the tab lists to arrays of objects with four potential fields:
tab[0] -> tab.name
tab[1] -> tab.label
tab[2] -> tab.setup or tab.children
Added unit tests
ACK, but could you
On 09/29/2010 12:44 AM, Endi Sukma Dewata wrote:
- "Adam Young" wrote:
tab objects
Convert the tab lists to arrays of objects with four potential fields:
tab[0] -> tab.name
tab[1] -> tab.label
tab[2] -> tab.setup or tab.children
Added unit tests
ACK, but could you
On Tue, Sep 28, 2010 at 11:17 AM, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> First, a little overview on netgroups. Netgroups in LDAP can contain two
> attributes:
> 1) nistNetgroupTriple - Contains a literal triple of (host, username,
> domain)
> 2) memberNis
30 matches
Mail list logo
