[Freeipa-devel] [PATCH] 084 Multi-process build problems
Fix a problem when a target missed a version-update requirement. This caused build problems, especially in a parallel build environment. https://fedorahosted.org/freeipa/ticket/1215 From 0ba58ecbacb9896e3130a1fc2307cbbe8ddcd9e7 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 17 Jun 2011 10:58:01 +0200 Subject: [PATCH] Multi-process build problems Fix a problem when a target missed a version-update requirement. This caused build problems, especially in a parallel build environment. https://fedorahosted.org/freeipa/ticket/1215 --- Makefile|2 +- freeipa.spec.in |4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index d12bb4381887b03d3dfb22de9cde93779c3fa9db..adcc1e53a49eb71a37b31b87c7971c6b0b07ffa4 100644 --- a/Makefile +++ b/Makefile @@ -112,7 +112,7 @@ version-update: release-update ./makeapi --validate; \ fi -server: +server: version-update python setup.py build server-install: server diff --git a/freeipa.spec.in b/freeipa.spec.in index cc674e1ad6c4fbee969637691ca6f82feb260516..c49ca2b56dea5a544706e6b7306329aea1a059d8 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -218,12 +218,12 @@ cd install; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localst %endif %if ! %{ONLY_CLIENT} -make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} version-update all +make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} all cd selinux # This isn't multi-process make capable yet make all %else -make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} version-update client +make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} client %endif %install -- 1.7.5.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 085 Fix doc for sudorule runasuser commands
https://fedorahosted.org/freeipa/ticket/1324 From 88fde0840536810debb26cf657f5706e7b5163ba Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 17 Jun 2011 12:48:38 +0200 Subject: [PATCH] Fix doc for sudorule runasuser commands https://fedorahosted.org/freeipa/ticket/1324 --- ipalib/plugins/sudorule.py |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index d38db3a6b13e4fa99f8932ca1e3342fdf9865b1e..2759534e0fe2f0e4dc849002182cf640f7a279f5 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -456,7 +456,7 @@ api.register(sudorule_remove_host) class sudorule_add_runasuser(LDAPAddMember): -Add user for Sudo to execute as. +Add users and groups for Sudo to execute as. member_attributes = ['ipasudorunas'] member_count_out = ('%i object added.', '%i objects added.') @@ -492,7 +492,7 @@ api.register(sudorule_add_runasuser) class sudorule_remove_runasuser(LDAPRemoveMember): -Remove user for Sudo to execute as. +Remove users and groups for Sudo to execute as. member_attributes = ['ipasudorunas'] member_count_out = ('%i object removed.', '%i objects removed.') -- 1.7.5.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 086 Fix IPA install for secure umask
Make sure that IPA can be installed with root umask set to secure value 077. ipa-server-install was failing in DS configuration phase when dirsrv tried to read boot.ldif created during installation. https://fedorahosted.org/freeipa/ticket/1282 From 34f509c968195aaad0088d302374066ba56ce391 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 17 Jun 2011 14:19:45 +0200 Subject: [PATCH] Fix IPA install for secure umask Make sure that IPA can be installed with root umask set to secure value 077. ipa-server-install was failing in DS configuration phase when dirsrv tried to read boot.ldif created during installation. https://fedorahosted.org/freeipa/ticket/1282 --- ipaserver/install/dsinstance.py | 11 +++ 1 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 845e1e253503ff660ef3976078bc1e0f5439b52a..11078f628fcf52c235c8b71080532e8d20324557 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -358,10 +358,13 @@ class DsInstance(service.Service): self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) logging.debug(base_txt) -base_fd = file(/var/lib/dirsrv/boot.ldif, w) -base_fd.write(base_txt) -base_fd.flush() -base_fd.close() +old_umask = os.umask(022) # must be readable for dirsrv +try: +base_fd = open(/var/lib/dirsrv/boot.ldif, w) +base_fd.write(base_txt) +base_fd.close() +finally: +os.umask(old_umask) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) logging.debug(writing inf template) -- 1.7.5.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 085 Fix doc for sudorule runasuser commands
Martin Kosek wrote: https://fedorahosted.org/freeipa/ticket/1324 ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 086 Fix IPA install for secure umask
On Fri, 2011-06-17 at 14:44 +0200, Martin Kosek wrote: Make sure that IPA can be installed with root umask set to secure value 077. ipa-server-install was failing in DS configuration phase when dirsrv tried to read boot.ldif created during installation. https://fedorahosted.org/freeipa/ticket/1282 Self-Nack. Even though install didn't fail, I didn't notice there are still issues with other files. For example dirsrv schema ldifs. This needs to be fixed. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] UX: Settings to the left
Disagree. The ordering seems to make sense to people with the settings in the middle. THe settings are not the most important facet for most entities, it is the collections of things they maintain that is most important. Remember, we origianlly went with this ordering to solve that issue. The alternative is to put the settings to the left, but to open a different tab by default, but that will be just as confusing. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 085 Fix doc for sudorule runasuser commands
On Fri, 2011-06-17 at 09:33 -0400, Rob Crittenden wrote: Martin Kosek wrote: https://fedorahosted.org/freeipa/ticket/1324 ack Pushed to master, ipa-2-0. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 29 Raise DuplicateEntry Error when adding a duplicate sudo option
JR Aquino wrote: On Jun 16, 2011, at 8:01 AM, Rob Crittenden wrote: JR Aquino wrote: On Jun 15, 2011, at 8:03 AM, Rob Crittenden wrote: A minor issue and a question. The minor issue is you changed a couple of options from optional to mandatory, which is fine, but we need to bump up the minor version in VERSION (older clients otherwise could not send the string and blow things up). Is there a rule of thumb or document that details when this is appropriate? The question is, should we raise EmptyModList() when removing an option that doesn't exist or NotFound(reason=_())? I think the second might be more explanatory but might be harder for handle in scripts (how would you distinguish between entry not found and option not found)? rob As per IRC conversation: Added new Exception: AttrValueNotFound Incremented minor version in VERSION Adjusted API 1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule) 1277 (Raise DuplicateEntry Error when adding a duplicate sudo option) 1308 (Make sudooption a required option for sudorule_remove_option) This is very close, found a couple more issues: I don't think I was very clear in what to update in VERSION, you want it to look like this: diff --git a/VERSION b/VERSION index 6cbf732..e31f0d0 100644 --- a/VERSION +++ b/VERSION @@ -79,4 +79,4 @@ IPA_DATA_VERSION=2010061412 # # IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=5 +IPA_API_VERSION_MINOR=6 Two tests are failing. One is failing because externalhost is returned as a tuple (rather than not at all). The second because sudorule_remove_option has changed the type of data being returned. rob Ok, the VERSION issue is resolved, and the ipasudoopt test issue is solved. I have created: https://fedorahosted.org/freeipa/ticket/1339 to address the externalhost tuple as it is separate from the sudo options effort. ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] 32 Don't add empty tuple to entry_attrs['externalhost']
JR Aquino wrote: https://fedorahosted.org/freeipa/ticket/1339 ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 079 DNS installation fails when domain and host domain mismatch
Martin Kosek wrote: On Tue, 2011-06-14 at 13:53 -0400, Rob Crittenden wrote: Martin Kosek wrote: This patch depends on my patch 078. A special patch for stable branch attached. --- Create DNS domain for IPA server hostname first so that it's forward record can be added. This results in 2 forward DNS zones created when server hostname doesn't equal server domain. https://fedorahosted.org/freeipa/ticket/1194 This look ok, just a style question. by definition fqdn is fully-qualified so is this necessary? +if '.' in self.fqdn: +self.host_domain = '.'.join(fqdn.split(.)[1:]) +else: +self.host_domain = self.domain The test will always be true, right? rob It should be. Maybe I was overcautious in this place. Attaching updated patches. Martin ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 183 Storing page number in URL.
The association facet has been modified to store the current page number in the browser's URL. This way page changes are stored in browser's history allowing the back button to work properly. Ticket #1264 -- Endi S. Dewata From 5f4c75eaa3012d97bbeec9c8dd576a8cfdcc6d81 Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Thu, 16 Jun 2011 11:00:01 -0500 Subject: [PATCH] Storing page number in URL. The association facet has been modified to store the current page number in the browser's URL. This way page changes are stored in browser's history allowing the back button to work properly. Ticket #1264 --- install/ui/association.js | 72 +++- install/ui/entity.js | 19 +--- install/ui/widget.js | 51 --- 3 files changed, 85 insertions(+), 57 deletions(-) diff --git a/install/ui/association.js b/install/ui/association.js index 3c847c59c7b1050b0f4fa59dad4b89a19ac64650..883bb2b42f936c043b685b1beb597ef55100cf98 100644 --- a/install/ui/association.js +++ b/install/ui/association.js @@ -671,7 +671,7 @@ IPA.association_facet = function (spec) { spec = spec || {}; -var that = IPA.facet(spec); +var that = IPA.table_facet(spec); that.attribute_member = spec.attribute_member; that.indirect_attribute_member = spec.indirect_attribute_member; @@ -688,49 +688,34 @@ IPA.association_facet = function (spec) { that.add_method = spec.add_method || 'add_member'; that.remove_method = spec.remove_method || 'remove_member'; -that.columns = $.ordered_map(); that.adder_columns = $.ordered_map(); that.page_length = spec.page_length === undefined ? 20 : spec.page_length; -that.get_column = function(name) { -return that.columns.get(name); -}; - -that.add_column = function(column) { -that.columns.put(column.name, column); -}; - -that.create_column = function(spec) { -var column = IPA.column(spec); -that.add_column(column); -return column; -}; - that.get_adder_column = function(name) { return that.adder_columns.get(name); }; that.add_adder_column = function(column) { +column.entity_name = that.managed_entity_name; that.adder_columns.put(column.name, column); }; that.create_adder_column = function(spec) { -var column = IPA.column(spec); +var column; +if (spec instanceof Object) { +var factory = spec.factory || IPA.column; +column = factory(spec); +} else { +column = IPA.column({ name: spec }); +} that.add_adder_column(column); return column; }; -var i; -if (spec.columns){ -for (i = 0; i spec.columns.length; i+= 1){ -that.create_column(spec.columns[i]); -} -} -if (spec.adder_columns){ -for (i = 0; i spec.adder_columns.length; i+= 1){ -that.create_adder_column(spec.adder_columns[i]); -} +var adder_columns = spec.adder_columns || []; +for (var i=0; iadder_columns.length; i++) { +that.create_adder_column(adder_columns[i]); } that.init = function() { @@ -785,7 +770,38 @@ IPA.association_facet = function (spec) { column.entity_name = that.other_entity; } +that.table.prev_page = function() { +if (that.table.current_page 1) { +IPA.nav.push_state({ page: that.table.current_page-1 }); +} +}; + +that.table.next_page = function() { +if (that.table.current_page that.table.total_pages) { +IPA.nav.push_state({ page: that.table.current_page+1 }); +} +}; + +that.table.set_page = function(page) { +if (page 1) { +page = 1; +} else if (page that.total_pages) { +page = that.total_pages; +} +IPA.nav.push_state({ page: page }); +}; + that.table.refresh = function() { +var page = parseInt(IPA.nav.get_state('page'), 10) || 1; +if (page 1) { +IPA.nav.push_state({ page: 1 }); +return; +} else if (page that.table.total_pages) { +IPA.nav.push_state({ page: that.table.total_pages }); +return; +} +that.table.current_page = page; +that.table.current_page_input.val(page); that.refresh_table(); }; @@ -1095,7 +,7 @@ IPA.association_facet = function (spec) { that.table.total_pages = 1; } -that.refresh_table(); +that.table.refresh(); } var pkey = IPA.get_entity(that.entity_name).get_primary_key(); diff --git a/install/ui/entity.js b/install/ui/entity.js index
Re: [Freeipa-devel] [PATCH] 0237-no-redirect-on-unknown-error
On 06/15/2011 09:23 PM, Endi Sukma Dewata wrote: On 6/15/2011 6:44 PM, Adam Young wrote: On 06/15/2011 02:37 PM, Adam Young wrote: Part 2 https://fedorahosted.org/freeipa/ticket/1281 Now iterates through a list of known error types. If the server is down (service ipa stop) it throws an error with name 'NS_ERROR_NOT_AVAILABLE' which is not in the list, so it still does a redirection. There is another problem too, if the error name matches the list it doesn't call report_error(). Maybe this should be done the other way around. Instead of listing the errors not to redirect, we should list the errors which require redirection, i.e. IPA Error 4001 (entry not found). This is optional, in ipa.js:337 we could add the IPA error code into the error_thrown object. This way the error can be checked more reliably using error code rather than error name. This version does the whitelist approach From b07476f92e2ad6f1f3844348127967166bb51d02 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 15 Jun 2011 14:34:54 -0400 Subject: [PATCH] no redirect on unknown error If the error name is indicates a server wide error, do not attempt to redirect. this variation has a whitelist of errors on which to redirect. https://fedorahosted.org/freeipa/ticket/1281 --- install/ui/entity.js | 31 ++- 1 files changed, 22 insertions(+), 9 deletions(-) diff --git a/install/ui/entity.js b/install/ui/entity.js index 8ccdb8ea26820f3ec48ab73c5c5b3fb202ba157d..afe1e24b2c0f775a0bc3d17104a09d26d943b00b 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -136,20 +136,33 @@ IPA.facet = function (spec) { details.append('p'+error_thrown.message+'/p'); }; +that.redirect_on_error = function(){ +var current_entity = that.entity; +while (current_entity.containing_entity){ +current_entity = current_entity.containing_entity; +} +IPA.nav.show_page( +current_entity.name, +that.entity.redirect_facet); +}; + +var redirect_errors = +[IPA Error 4001]; + that.on_error = function(xhr, text_status, error_thrown) { + +/*If the error is in talking to the server, don't attempt to redirect, + as there is nothing any other facet can do either. */ if (that.entity.redirect_facet ) { -var current_entity = that.entity; -while (current_entity.containing_entity){ -current_entity = current_entity.containing_entity; +for (var i =0; i redirect_errors.length; i += 1){ +if (error_thrown.name === redirect_errors[i]){ +that.redirect_on_error(); +return; +} } -IPA.nav.show_page( -current_entity.name, -that.entity.redirect_facet); -return; -}else{ -that.report_error(error_thrown); } +that.report_error(error_thrown); }; -- 1.7.5.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 183 Storing page number in URL.
On 06/17/2011 03:12 PM, Endi Sukma Dewata wrote: The association facet has been modified to store the current page number in the browser's URL. This way page changes are stored in browser's history allowing the back button to work properly. Ticket #1264 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK. Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] 0241-enforce-proper-capitalization-with-stylesheet.
From 6716c71f4627aba77ae86316b8a38076baa310b1 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Fri, 17 Jun 2011 16:59:48 -0400 Subject: [PATCH] enforce proper capitalization with stylesheet. --- install/ui/ipa.css | 13 + 1 files changed, 9 insertions(+), 4 deletions(-) diff --git a/install/ui/ipa.css b/install/ui/ipa.css index 45a17865fd007949137217b94c3a23c90390..2118579e1cc336ffb541896b755432daefcc0a29 100644 --- a/install/ui/ipa.css +++ b/install/ui/ipa.css @@ -246,13 +246,13 @@ div.tabs { .tabs1 .ui-tabs-nav li { -moz-border-radius: 0 !important; --webkit-border-radius: 0 !important; +-webkit-border-radius: 0 !important; background-image: url(Mainnav-offtab.png); margin: 0 0.4em 0 0; border-width: 0; text-align: center; vertical-align:baseline; -border: 1px solid #A0A0A0; +border: 1px solid #A0A0A0; } .tabs1 .ui-tabs-nav li.ui-tabs-selected { @@ -261,9 +261,13 @@ div.tabs { text-align: center; } +.tabs .ui-tabs-nav li a { + text-transform: capitalize; +} + .tabs1 .ui-tabs-nav li a { -moz-border-radius: 0 !important; --webkit-border-radius: 0 !important; +-webkit-border-radius: 0 !important; font-family: Overpass Bold,Liberation Sans, Arial, sans-serif; width: 5em; height: 20px; @@ -271,7 +275,7 @@ div.tabs { margin: 0 auto; text-align:center; font-size:1.5em; -text-shadow: 1px 1px 0 #FF; +text-shadow: 1px 1px 0 #FF; } .tabs1 .ui-tabs-nav li a:link, span.main-nav-off a:visited{ @@ -758,6 +762,7 @@ dl.entryattrs dt { text-align: right; width: 16em; margin: 0.5em -0.5em 0 -6em; +text-transform: capitalize; } dl.entryattrs dd { -- 1.7.5.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 805 make dogtag optionally installable on replicas
A dogtag replica file is created as usual. When the replica is installed dogtag is optional and not installed by default. Adding the --setup-ca option will configure it when the replica is installed. A new tool ipa-ca-install will configure dogtag if it wasn't configured when the replica was initially installed. https://fedorahosted.org/freeipa/ticket/1251 See the ticket for testing suggestions. rob From b8f0a609557f1d15ab8b83ef7db350cac6693b59 Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Fri, 17 Jun 2011 16:47:39 -0400 Subject: [PATCH] Make dogtag an optional (and default un-) installed component in a replica. A dogtag replica file is created as usual. When the replica is installed dogtag is optional and not installed by default. Adding the --setup-ca option will configure it when the replica is installed. A new tool ipa-ca-install will configure dogtag if it wasn't configured when the replica was initially installed. https://fedorahosted.org/freeipa/ticket/1251 --- freeipa.spec.in|4 + install/tools/Makefile.am |1 + install/tools/ipa-ca-install | 276 install/tools/ipa-replica-install | 47 ++ install/tools/man/ipa-ca-install.1 | 49 +++ ipaserver/install/cainstance.py|4 +- ipaserver/install/certs.py |3 +- ipaserver/install/replication.py | 33 + 8 files changed, 384 insertions(+), 33 deletions(-) create mode 100755 install/tools/ipa-ca-install create mode 100644 install/tools/man/ipa-ca-install.1 diff --git a/freeipa.spec.in b/freeipa.spec.in index 36281f8..3451589 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -356,6 +356,7 @@ fi %files server %defattr(-,root,root,-) %doc COPYING README Contributors.txt +%{_sbindir}/ipa-ca-install %{_sbindir}/ipa-dns-install %{_sbindir}/ipa-server-install %{_sbindir}/ipa-replica-conncheck @@ -498,6 +499,9 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf %changelog +* Fri Jun 17 2011 Rob Crittenden rcrit...@redhat.com - 2.0.90-4 +- Ship ipa-ca-install utility + * Thu May 12 2011 Rob Crittenden rcrit...@redhat.com - 2.0.90-3 - Set min nvr of selinux-policy to 3.9.16-18 on F-15+ - Set min nvr of pki-ca to 9.0.7 on F-15+ diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am index 9004bb2..c6ecd92 100644 --- a/install/tools/Makefile.am +++ b/install/tools/Makefile.am @@ -5,6 +5,7 @@ SUBDIRS = \ $(NULL) sbin_SCRIPTS = \ + ipa-ca-install \ ipa-dns-install \ ipa-server-install \ ipa-replica-conncheck \ diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install new file mode 100755 index 000..5f02d37 --- /dev/null +++ b/install/tools/ipa-ca-install @@ -0,0 +1,276 @@ +#! /usr/bin/python -E +# Authors: Rob Crittenden rcrit...@redhat.com +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +import sys +import socket + +import tempfile, os, traceback, logging, shutil +from ConfigParser import SafeConfigParser + +from ipapython import ipautil + +from ipaserver.install import installutils, service +from ipaserver.install import certs +from ipaserver.install.installutils import HostnameLocalhost +from ipaserver.install import dsinstance, cainstance +from ipaserver.install.replication import replica_conn_check +from ipapython import version +from ipalib import api, util +from ipapython.config import IPAOptionParser +from ipapython import sysrestore + +CACERT=/etc/ipa/ca.crt +REPLICA_INFO_TOP_DIR=None + +class ReplicaConfig: +def __init__(self): +self.realm_name = +self.domain_name = +self.master_host_name = +self.dirman_password = +self.host_name = +self.dir = +self.subject_base = + +def parse_options(): +usage = %prog [options] REPLICA_FILE +parser = IPAOptionParser(usage=usage, version=version.VERSION) +parser.add_option(-d, --debug, dest=debug, action=store_true, + default=False, help=gather extra debugging information) +parser.add_option(-p, --password, dest=password, sensitive=True, + help=Directory Manager (existing master) password) +parser.add_option(-w, --admin-password, dest=admin_password,
Re: [Freeipa-devel] 0241-enforce-proper-capitalization-with-stylesheet.
On 6/17/2011 4:00 PM, Adam Young wrote: Please take a look at the following capitalization. If these are considered OK feel free to push. Host-group = Host-group (the g is not capitalized) Max lifetime (days) = Max Lifetime (Days) (unit is capitalized) Min lifetime (hours) = Min Lifetime (Hours) (unit is capitalized) Usually the term time to live is hyphenated. Currently in our code it's not, so the capitalization will look like this: SOA time to live = SOA Time To Live But suppose it's changed later, it will look like this: SOA time-to-live = SOA Time-to-live (to-live is not capitalized) The fields in HBAC Rule and SUDO Rule details page are not capitalized because it's using a table instead of dl/dt/dd. This can be addressed in a separate patch. We might want to define a 'field-label' CSS class. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] Management of the CS instances.
Hi, Before we went too far with implementing the CS decoupling here is a stupid idea I have. We can proceed with the plans described in tickets: https://fedorahosted.org/freeipa/ticket/1250 https://fedorahosted.org/freeipa/ticket/1251 https://fedorahosted.org/freeipa/ticket/1252 However what we can do is store the CS instance DM password encrypted in the main instance. Then the management utility (ticket 1250) would first have to fetch this encrypted attribute from the main instance. We would be able to define ACIs on it and use the kerberos authentication against the main instance instead of prompting user for the DM password. It is a little bit more work but much better and consistent user experience and administrative model. What do you think? -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] 0241-enforce-proper-capitalization-with-stylesheet.
THis is how hyphenation is supposed to work. We should remove the hyphenation in the cases that you have enumerated below. The capitailzationg of Days and Hours units is fine. Agreed on the field label class. On 06/17/2011 06:03 PM, Endi Sukma Dewata wrote: On 6/17/2011 4:00 PM, Adam Young wrote: Please take a look at the following capitalization. If these are considered OK feel free to push. Host-group = Host-group (the g is not capitalized) Max lifetime (days) = Max Lifetime (Days) (unit is capitalized) Min lifetime (hours) = Min Lifetime (Hours) (unit is capitalized) Usually the term time to live is hyphenated. Currently in our code it's not, so the capitalization will look like this: SOA time to live = SOA Time To Live But suppose it's changed later, it will look like this: SOA time-to-live = SOA Time-to-live (to-live is not capitalized) The fields in HBAC Rule and SUDO Rule details page are not capitalized because it's using a table instead of dl/dt/dd. This can be addressed in a separate patch. We might want to define a 'field-label' CSS class. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Management of the CS instances.
On 06/17/2011 06:59 PM, Dmitri Pal wrote: Hi, Before we went too far with implementing the CS decoupling here is a stupid idea I have. We can proceed with the plans described in tickets: https://fedorahosted.org/freeipa/ticket/1250 https://fedorahosted.org/freeipa/ticket/1251 https://fedorahosted.org/freeipa/ticket/1252 However what we can do is store the CS instance DM password encrypted in the main instance. Then the management utility (ticket 1250) would first have to fetch this encrypted attribute from the main instance. We would be able to define ACIs on it and use the kerberos authentication against the main instance instead of prompting user for the DM password. It is a little bit more work but much better and consistent user experience and administrative model. Makes sense at a first pass. I haven't worked that deeply with the CS stuff to say for sure, but treting the IPA DS as cannonical and thus giving it the keys to the kingdom seems to be the right call.It all depends on which (CS or IPA) you want to treat as the most critical to lock down. I see nothing wrong with keeping IPA in that role. What do you think? ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0242-hide-automount-tabs
From 0f254711921ac95fe4faa00f97fc97f97d74f5a2 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Fri, 17 Jun 2011 20:09:03 -0400 Subject: [PATCH] hide automount tabs. the tabs are required for natigation, but they should not be visible, as the breadcrub provides the navigation for them instead. --- install/ui/navigation.js |6 +- install/ui/webui.js |4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/install/ui/navigation.js b/install/ui/navigation.js index 8e332cf6720efbcb6e00d4bd7af9750329ad8ba1..308f21154e09e79af572a2b2b39320b85db506af 100644 --- a/install/ui/navigation.js +++ b/install/ui/navigation.js @@ -174,12 +174,16 @@ IPA.navigation = function(spec) { } } -$('li/').append($('a/', { +var tab_li =$('li/').append($('a/', { href: '#'+tab_id, title: tab.label, html: tab.label })).appendTo(ul); +if (tab.hidden){ +tab_li.css('display','none'); +} + tab.container = $('div/', { id: tab_id, name: tab.name diff --git a/install/ui/webui.js b/install/ui/webui.js index c014cea727c7cd60eec8e66e29ee7381bbedd347..bb615506a975296421fbfad0490873d2112e66df 100644 --- a/install/ui/webui.js +++ b/install/ui/webui.js @@ -54,8 +54,8 @@ IPA.admin_navigation = function(spec) { {entity: 'sudocmdgroup'} ]}, {name: 'automount', label: IPA.messages.tabs.automount, children: [ -{entity: 'automountlocation'}, -{entity: 'automountmap'} +{entity: 'automountlocation',hidden:true}, +{entity: 'automountmap',hidden:true} ]}, {entity: 'pwpolicy'}, {entity: 'krbtpolicy'} -- 1.7.5.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel