To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the
Release Candidate 1 release of freeIPA 2.0 server [1].
* Binaries are available for F-14 and F-15 [2].
* Please do not hesitate to share feedback, critic
Pushed under a liberal view of the 1-liner rule.
ipa-replica-prepare was failing due to a unicode problem creating the
DNS entries. This is the first one-liner.
The second related to pre-generating the server certificates for dogtag.
It was failing in python-nss when trying to shut down the N
Jakub Hrozek wrote:
On 02/12/2011 12:13 AM, Rob Crittenden wrote:
The --out option wasn't working at all with cert-show.
Also fix some related problems in write_certificate(), handle either a
DER or base64-formatted incoming certificate and don't explode if the
filename is None.
ticket 954
ro
host.py was missing an import for netaddr. Pushed under the 1-liner rule.
ticket 964
rob
freeipa-rcrit-722-netaddr.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/fre
On 02/12/2011 12:13 AM, Rob Crittenden wrote:
The --out option wasn't working at all with cert-show.
Also fix some related problems in write_certificate(), handle either a
DER or base64-formatted incoming certificate and don't explode if the
filename is None.
ticket 954
rob
--out now works f
JR Aquino wrote:
Patch 16-1 submitted to exit if no password is given.
On 2/14/11 12:06 PM, "Rob Crittenden" wrote:
JR Aquino wrote:
During the ipa-client-install, when prompted for the principal
password, it is possible to start typing and have the password echoed
back.
This patch corrects
Patch 16-1 submitted to exit if no password is given.
On 2/14/11 12:06 PM, "Rob Crittenden" wrote:
>JR Aquino wrote:
>> During the ipa-client-install, when prompted for the principal
>>password, it is possible to start typing and have the password echoed
>>back.
>>
>> This patch corrects this be
JR Aquino wrote:
During the ipa-client-install, when prompted for the principal password, it is
possible to start typing and have the password echoed back.
This patch corrects this behavior and addresses bug #959
https://fedorahosted.org/freeipa/ticket/959
It works well if you provide a pass
Martin Kosek wrote:
On Mon, 2011-02-14 at 12:00 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-02-04 at 09:05 +0100, Jan Zelený wrote:
Martin Kosek wrote:
When v2 IPA client is trying to join an IPA v1 server
a strange exception is printed out to the user. This patch
detects
Jakub Hrozek wrote:
> https://fedorahosted.org/freeipa/ticket/932
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Zelený wrote:
Jakub Hrozek wrote:
https://fedorahosted.org/freeipa/ticket/923
Patch looks good. I'm running some test. Unless they fail, ACK
Jan
pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/
Jan Zeleny wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
Jan Zelený wrote:
Jan Zelený wrote:
Rob Crittenden wrote:
Yi found a tricky way to remove required attributes that aren't
required
in the schema. The problem was we weren't enforcing parameter.required
in mods (because it was e
Jakub Hrozek wrote:
Simo did a nice writeup of the changes in
https://fedorahosted.org/freeipa/ticket/931
ack.
Simo also acked this in irc.
pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/list
Rob Crittenden wrote:
> Rob Crittenden wrote:
> > Jan Zelený wrote:
> >> Jan Zelený wrote:
> >>> Rob Crittenden wrote:
> Yi found a tricky way to remove required attributes that aren't
> required
> in the schema. The problem was we weren't enforcing parameter.required
> in mods
On Mon, 2011-02-14 at 12:00 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Fri, 2011-02-04 at 09:05 +0100, Jan Zelený wrote:
> >> Martin Kosek wrote:
> >>> When v2 IPA client is trying to join an IPA v1 server
> >>> a strange exception is printed out to the user. This patch
> >>> detect
Jakub Hrozek wrote:
On Thu, Feb 10, 2011 at 10:27:43PM -0500, Rob Crittenden wrote:
Rob Crittenden wrote:
Jakub Hrozek wrote:
On Tue, Feb 08, 2011 at 10:12:27AM -0500, Rob Crittenden wrote:
If /etc/krb5.conf doesn't exist or contains no default kerberos
realm then 389-ds won't start at all. T
Jakub Hrozek wrote:
On Fri, Feb 11, 2011 at 01:34:39PM -0500, Rob Crittenden wrote:
Add a replace verb to ipa-ldap-updater so an existing value can be
replaced, but only if the value matches the old value in the update.
This would be used for us to replace default values that the
end-user hasn'
Simo Sorce wrote:
We weren't setting the kerberos metadata when modifying userPassword
for a kerberos enabled record.
Fixes #949
Simo.
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/lis
On Fri, Feb 11, 2011 at 01:34:39PM -0500, Rob Crittenden wrote:
> Add a replace verb to ipa-ldap-updater so an existing value can be
> replaced, but only if the value matches the old value in the update.
>
> This would be used for us to replace default values that the
> end-user hasn't already upd
Simo Sorce wrote:
Fixes ticket #937
Simo.
ack, pushed to master
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 2/11/2011 8:21 PM, Adam Young wrote:
ACK and pushed to master.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Thu, Feb 10, 2011 at 10:27:43PM -0500, Rob Crittenden wrote:
> Rob Crittenden wrote:
> >Jakub Hrozek wrote:
> >>On Tue, Feb 08, 2011 at 10:12:27AM -0500, Rob Crittenden wrote:
> >>>If /etc/krb5.conf doesn't exist or contains no default kerberos
> >>>realm then 389-ds won't start at all. This is
Martin Kosek wrote:
On Fri, 2011-02-04 at 09:05 +0100, Jan Zelený wrote:
Martin Kosek wrote:
When v2 IPA client is trying to join an IPA v1 server
a strange exception is printed out to the user. This patch
detects this by catching an XML-RPC error reported by ipa-join
binary called in the proc
Nalin Dahyabhai wrote:
The group.upg NIS map was an experiment in providing UPG groups
dynamically, and is not one of the maps that I'd ever expect a NIS
client to "know" to search. We should probably just drop it.
---
install/share/nis.uldif | 12
1 files changed, 0 insertion
Jan Zelený wrote:
Rob Crittenden wrote:
Jan Zelený wrote:
Jan Zelený wrote:
Rob Crittenden wrote:
Jan Zelený wrote:
Rob Crittendenwrote:
Jan Zelený wrote:
Recent change of DNS module to version caused that dns object type
was replaced by dnszone and dnsrecord. This patch corrects
Pavel Zuna wrote:
On 02/01/2011 11:36 PM, Rob Crittenden wrote:
Pavel mentioned this morning that translations didn't seem to be
working. I remembered that I did some things on the cli so I re-tested.
Turned out that exceptions aren't being translated.
I'm not at all sure this patch does the ri
On 2/10/11 2:42 AM, "Pavel Zuna" wrote:
>On 02/08/2011 01:06 PM, Pavel Zuna wrote:
>> The patch also corrects exception handling in some of the tools.
>>
>> Fix #874
>>
>> Pavel
>>
>
>Updated patch attached. Forgot to rename an identifier in exception
>handling.
>
>Pavel
>
Pavel Zuna wrote:
On 02/08/2011 01:06 PM, Pavel Zuna wrote:
The patch also corrects exception handling in some of the tools.
Fix #874
Pavel
Updated patch attached. Forgot to rename an identifier in exception
handling.
Pavel
This isn't applying cleanly to master, can you rebase it?
rob
Jan Zelený wrote:
Rob Crittenden wrote:
Remove certificate as service a search option. There is no point on
searching on binary objects.
ticket 912
rob
ack
Jan
I pushed this to master last week.
___
Freeipa-devel mailing list
Freeipa-devel@red
Jakub Hrozek wrote:
https://fedorahosted.org/freeipa/ticket/957
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jakub Hrozek wrote:
On Wed, Feb 09, 2011 at 01:53:00PM -0500, Rob Crittenden wrote:
At least in my xterm the prompt for "Do you want to proceed and
configure the system with fixed values with no DNS discovery?" wraps
around over itself.
This patch shortens the message.
ticket 940
rob
Ack
Endi Sukma Dewata wrote:
The realm name is necessary to create the correct service.
This was fixed by ticket 941, right?
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Zelený wrote:
Martin Kosek wrote:
On Mon, 2011-02-07 at 10:38 +0100, Jan Zelený wrote:
Martin Kosek wrote:
This patch adds a proper summary text to HBAC command which is
then printed out in CLI. Now, HBAC plugin output is consistent
with other plugins.
https://fedorahosted.org/freeipa/t
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/07/2011 10:54 AM, Jan Zelený wrote:
Jakub Hrozek wrote:
On Wed, Feb 02, 2011 at 08:54:47AM +0100, Jan Zelený wrote:
At Rob's suggestion I changed the argument type in class help, this is
only oneliner, I think it can be
Jakub Hrozek wrote:
On Fri, Feb 04, 2011 at 03:20:55PM +0100, Martin Kosek wrote:
This patch fixes the default domain functionality for user email(s).
This setting may be configured via:
ipa config-mod --emaildomain=example.com
Then, when user is added/modified and --mail option is passed,
the
JR Aquino wrote:
On 2/11/11 2:26 PM, "Rob Crittenden" wrote:
If neither verbose nor debug were set (and they aren't by default) then
we logged absolutely nothing about framework requests. This adds a
default of who, what, result in the Apache error log.
This is a first-step for ticket 873 jus
Jan Zelený wrote:
Martin Kosek wrote:
On Mon, 2011-02-14 at 14:37 +0100, Jan Zelený wrote:
Rob Crittenden wrote:
Add permission and privilege for updating the IPA configuration in
cn=ipaconfig.
ticket 950
rob
I'm not quite sure how does the patch work. In particular, I wonder about
these
Jan Zelený wrote:
Rob Crittenden wrote:
Move a bunch of utilities that really only make sense to be run on the
server from the admintools package to the server package.
ticket 947
rob
ack
Jan
pushed to master
___
Freeipa-devel mailing list
Fre
Jan Zelený wrote:
Rob Crittenden wrote:
Ignore case when removing members from a group.
ticket 944
rob
ack
Jan
pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rob Crittenden wrote:
Jan Zelený wrote:
Jan Zelený wrote:
Rob Crittenden wrote:
Yi found a tricky way to remove required attributes that aren't
required
in the schema. The problem was we weren't enforcing parameter.required
in mods (because it was enforcing that every variable with required be
On 02/12/2011 03:45 PM, Jakub Hrozek wrote:
I couldn't reproduce the traceback, but the code shows where the error
most probably is.
http://fedorahosted.org/freeipa/ticket/956
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat
Jan Zelený wrote:
Rob Crittenden wrote:
Handle bad DM password in ipa-host-net-manage& ipa-copmat-manage.
This was resulting in a traceback because while conn was not None it
wasn't connected either.
ticket 920
rob
ack
jan
pushed to master
_
Jan Zelený wrote:
Jan Zelený wrote:
Rob Crittenden wrote:
Yi found a tricky way to remove required attributes that aren't required
in the schema. The problem was we weren't enforcing parameter.required
in mods (because it was enforcing that every variable with required be
provided).
I added
During the ipa-client-install, when prompted for the principal password, it is
possible to start typing and have the password echoed back.
This patch corrects this behavior and addresses bug #959
https://fedorahosted.org/freeipa/ticket/959
binegPaWpIOK0.bin
Description: freeipa-jraquino-0016-Bu
Jan Zelený wrote:
Rob Crittenden wrote:
Add permission and privilege for updating the IPA configuration in
cn=ipaconfig.
ticket 950
rob
I'm not quite sure how does the patch work. In particular, I wonder about
these two blocks:
+dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
Adam Young wrote:
On 02/11/2011 10:37 AM, Rob Crittenden wrote:
Jakub Hrozek wrote:
On Thu, Feb 10, 2011 at 01:39:40PM -0500, Rob Crittenden wrote:
The kw could contain another exception which was blowing up the
marshalling. It doesn't seem to be used anywhere and contains
information we've al
Martin Kosek wrote:
> On Mon, 2011-02-14 at 14:37 +0100, Jan Zelený wrote:
> > Rob Crittenden wrote:
> > > Add permission and privilege for updating the IPA configuration in
> > > cn=ipaconfig.
> > >
> > > ticket 950
> > >
> > > rob
> >
> > I'm not quite sure how does the patch work. In partic
On Mon, 2011-02-14 at 14:37 +0100, Jan Zelený wrote:
> Rob Crittenden wrote:
> > Add permission and privilege for updating the IPA configuration in
> > cn=ipaconfig.
> >
> > ticket 950
> >
> > rob
>
> I'm not quite sure how does the patch work. In particular, I wonder about
> these two blocks:
Rob Crittenden wrote:
> Ignore case when removing members from a group.
>
> ticket 944
>
> rob
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rob Crittenden wrote:
> Add permission and privilege for updating the IPA configuration in
> cn=ipaconfig.
>
> ticket 950
>
> rob
I'm not quite sure how does the patch work. In particular, I wonder about
these two blocks:
+dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
+default:
Rob Crittenden wrote:
> Move a bunch of utilities that really only make sense to be run on the
> server from the admintools package to the server package.
>
> ticket 947
>
> rob
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https:/
Jakub Hrozek wrote:
> https://fedorahosted.org/freeipa/ticket/923
Patch looks good. I'm running some test. Unless they fail, ACK
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Zelený wrote:
> Rob Crittenden wrote:
> > Yi found a tricky way to remove required attributes that aren't required
> > in the schema. The problem was we weren't enforcing parameter.required
> > in mods (because it was enforcing that every variable with required be
> > provided).
> >
> > I ad
Rob Crittenden wrote:
> Yi found a tricky way to remove required attributes that aren't required
> in the schema. The problem was we weren't enforcing parameter.required
> in mods (because it was enforcing that every variable with required be
> provided).
>
> I added a new check routine that is e
Hi,
I'd like to propose this cleanup patch. I just noticed that the code in these
two files is most likely not used any more (at least I didn't find a place
where
it is used).
What do you think? Is it safe to throw it out? Or are there some places which
are still using it? I'd be more than ha
Rob Crittenden wrote:
> Handle bad DM password in ipa-host-net-manage & ipa-copmat-manage.
>
> This was resulting in a traceback because while conn was not None it
> wasn't connected either.
>
> ticket 920
>
> rob
ack
jan
___
Freeipa-devel mailing
56 matches
Mail list logo