On 10/04/2011 11:59 PM, Adam Young wrote:
On 10/04/2011 12:43 PM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1922
gidNumber is not an allowed attribute for a non-posix group. When
adding a non-posix group from the UI, unchecking the "Is this a POSIX
group?:" box should disable
I started reading this page, and the description for --pkinit_pin looked
wrong. While in there, I figured it might be useful to note that the
PKCS#12 files also contain the private keys.
Nalin
>From 8fe270e43d7790dbd4210be9ff212ce410e3da69 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai
Date: Tue
On 10/04/2011 12:43 PM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1922
gidNumber is not an allowed attribute for a non-posix group. When
adding a non-posix group from the UI, unchecking the "Is this a POSIX
group?:" box should disable the "GID:" field.
_
On Tue, 04 Oct 2011, Jan Cholasta wrote:
> Now ipa-client-install --uninstall fails with:
>
> Traceback (most recent call last):
> File "/usr/sbin/ipa-client-install", line 1165, in
> sys.exit(main())
> File "/usr/sbin/ipa-client-install", line 1147, in main
> return uninstall(options
On 4.10.2011 20:53, Alexander Bokovoy wrote:
On Tue, 04 Oct 2011, Jan Cholasta wrote:
On 4.10.2011 13:00, Alexander Bokovoy wrote:
client
Reply-To:
Hi,
attached patch addresses ticket #1770.
ipa-client-install fails with:
Traceback (most recent call last):
File "/usr/sbin/ipa-client-in
On Tue, 04 Oct 2011, Jan Cholasta wrote:
> On 4.10.2011 13:00, Alexander Bokovoy wrote:
> >client
> >Reply-To:
> >
> >Hi,
> >
> >attached patch addresses ticket #1770.
> >
>
> ipa-client-install fails with:
>
> Traceback (most recent call last):
> File "/usr/sbin/ipa-client-install", line 1165,
Jan Cholasta wrote:
Work around pkisilent bugs.
Check directory manager password for invalid characters.
(https://bugzilla.redhat.com/show_bug.cgi?id=658641)
Shell-escape pkisilent command-line arguments.
(https://bugzilla.redhat.com/show_bug.cgi?id=741180)
Once the bugs are fixed, the workaro
https://fedorahosted.org/freeipa/ticket/1922
gidNumber is not an allowed attribute for a non-posix group. When
adding a non-posix group from the UI, unchecking the "Is this a POSIX
group?:" box should disable the "GID:" field.
--
Petr Vobornik
From 3e329f7f6e26cf839681c95d163625223fb2c546 Mo
On 10/04/2011 04:07 AM, Jan Cholasta wrote:
Looks good Jan, thank you. ACK
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/f
> Jan Zeleny notes that users who are members of groups which are
> themselves members of groups don't show up in the compat entries of the
> the containing groups.
>
> Nalin
Ack
Jan
signature.asc
Description: This is a digitally signed message part.
___
Jan Zeleny notes that users who are members of groups which are
themselves members of groups don't show up in the compat entries of the
the containing groups.
Nalin
>From 8a096c0a284b4e70ba2f479293299900712b3936 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai
Date: Tue, 4 Oct 2011 11:46:59 -0400
S
On 4.10.2011 13:00, Alexander Bokovoy wrote:
client
Reply-To:
Hi,
attached patch addresses ticket #1770.
ipa-client-install fails with:
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1165, in
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 1
On Tue, 2011-10-04 at 16:37 +0200, Jan Cholasta wrote:
> On 4.10.2011 13:36, Alexander Bokovoy wrote:
> > Hi,
> >
> > attached patch fixes https://fedorahosted.org/freeipa/ticket/1775
> >
>
> ACK.
>
> Honza
>
Pushed to master, ipa-2-1.
Martin
___
Fr
On 4.10.2011 13:36, Alexander Bokovoy wrote:
Hi,
attached patch fixes https://fedorahosted.org/freeipa/ticket/1775
ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-
On Tue, 2011-10-04 at 09:26 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Tue, 2011-10-04 at 08:53 -0400, Rob Crittenden wrote:
> >> Martin Kosek wrote:
> >>> On Mon, 2011-10-03 at 16:44 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2011-09-26 at 22:24 -0400, R
Alexander Bokovoy wrote:
Hi,
when help is displayed, for options that require values we show their
type. With string enumerations this does not really help to the user
as it is unclear what are the values of the enumeration.
Attached patch fixes it by providing nicer list of possible values.
h
On 10/04/2011 09:32 AM, Rob Crittenden wrote:
Adam Young wrote:
It is possible to generate a Certificate signing request from the
browser, if we use Mozilla specific code. I've mildly hacked the Mozilla
sample code to work with JQuery and to display the CSR to the screen,
instead of sending it r
Adam Young wrote:
It is possible to generate a Certificate signing request from the
browser, if we use Mozilla specific code. I've mildly hacked the Mozilla
sample code to work with JQuery and to display the CSR to the screen,
instead of sending it right to the server.
I'd see this working somet
Martin Kosek wrote:
On Tue, 2011-10-04 at 08:53 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-10-03 at 16:44 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-09-26 at 22:24 -0400, Rob Crittenden wrote:
We can't assume that there will be only one naming context. L
On Tue, 2011-10-04 at 08:59 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2011-10-03 at 15:16 -0400, Rob Crittenden wrote:
> >> Martin Kosek wrote:
> >>> On Mon, 2011-09-19 at 09:03 -0400, Rob Crittenden wrote:
> Jan Cholasta wrote:
> > On 16.9.2011 21:16, Rob Crittenden w
On Tue, 2011-10-04 at 08:03 -0400, Stephen Gallagher wrote:
> On Fri, 2011-09-30 at 16:15 -0400, Simo Sorce wrote:
> > On Fri, 2011-09-30 at 16:02 -0400, Stephen Gallagher wrote:
> > > On Thu, 2011-09-29 at 15:20 +0200, Martin Kosek wrote:
> > > > How to test:
> > > > 1) Add new naming context (suf
Martin Kosek wrote:
On Mon, 2011-10-03 at 15:16 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-09-19 at 09:03 -0400, Rob Crittenden wrote:
Jan Cholasta wrote:
On 16.9.2011 21:16, Rob Crittenden wrote:
Prompt for the current password when changing your own password using
ipa pa
On Tue, 2011-10-04 at 08:53 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2011-10-03 at 16:44 -0400, Rob Crittenden wrote:
> >> Martin Kosek wrote:
> >>> On Mon, 2011-09-26 at 22:24 -0400, Rob Crittenden wrote:
> We can't assume that there will be only one naming context. Look
Martin Kosek wrote:
On Mon, 2011-10-03 at 16:44 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-09-26 at 22:24 -0400, Rob Crittenden wrote:
We can't assume that there will be only one naming context. Look at each
one until we find an IPA one.
Add logging so you can know that a m
Currently, verify_fqdn() function raises RuntimeError for every
problem with the hostname. This makes it difficult for tools
like ipa-replica-prepare to behave differently for a subset of
raised errors (for example to be able to create a DNS record for
new replica when verify_fqdn() reports a looku
Hi,
when help is displayed, for options that require values we show their
type. With string enumerations this does not really help to the user
as it is unclear what are the values of the enumeration.
Attached patch fixes it by providing nicer list of possible values.
https://fedorahosted.org/f
On 26.9.2011 21:52, John Dennis wrote:
The IPAdmin class in ipaserver/ipaldap.py has methods with anonymous
undefined parameter lists.
For example:
def getList(self,*args):
In Python syntax this means you can call getList with any positional
parameter list you want.
This is bad because:
On Fri, 2011-09-30 at 16:15 -0400, Simo Sorce wrote:
> On Fri, 2011-09-30 at 16:02 -0400, Stephen Gallagher wrote:
> > On Thu, 2011-09-29 at 15:20 +0200, Martin Kosek wrote:
> > > How to test:
> > > 1) Add new naming context (suffix) to your LDAP database with installed
> > > IPA (see attached LDIF
Hi,
attached patch fixes https://fedorahosted.org/freeipa/ticket/1775
--
/ Alexander Bokovoy
>From e956fb4cb1738cb98d006973db0016868204c10c Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 4 Oct 2011 14:33:36 +0300
Subject: [PATCH] Configure pam_krb5 on the client only if sssd is not
client
Reply-To:
Hi,
attached patch addresses ticket #1770.
--
/ Alexander Bokovoy
>From 6bb9520e2398a22c0264276171714ea5d201f83a Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 4 Oct 2011 13:56:12 +0300
Subject: [PATCH] Setup and restore ntp configuration on the client side
prop
On Tue, 2011-10-04 at 10:34 +0200, Jan Cholasta wrote:
> On 3.10.2011 12:36, Martin Kosek wrote:
> > Installing IPA server --selfsign option is currently a one-way ticket
> > to server with limited certificate capabilities. Make sure that user
> > really want to install it by implementing the follo
On 27.9.2011 10:15, Sumit Bose wrote:
Hi,
currently the change password plugin does not check if the connection is
coming from a local LDAPI socket and denies password change requests via
LDAPI. This patch changes the check to just look at the overall SSF of
the connection which covers all types
https://fedorahosted.org/freeipa/ticket/1913
>From 5485ef8811c1e97dcbc7e462a8c814bb80f8de17 Mon Sep 17 00:00:00 2001
From: Martin Kosek
Date: Tue, 4 Oct 2011 10:52:47 +0200
Subject: [PATCH] Fix ipa-managed-entries password option long form
https://fedorahosted.org/freeipa/ticket/1913
---
instal
When getpass.getpass() function is interrupted via CTRL+D, EOFError
exception is thrown. Most of the install tools are not prepared for
this event and crash with this exception. Make sure that it is
handled properly and nice error message is printed.
https://fedorahosted.org/freeipa/ticket/1916
>
On 3.10.2011 12:36, Martin Kosek wrote:
Installing IPA server --selfsign option is currently a one-way ticket
to server with limited certificate capabilities. Make sure that user
really want to install it by implementing the following steps:
- moving the option to the bottom of certificate optio
Add a function for formatting network locations of the form host:port
for use in URLs.
If the host part is a literal IPv6 address, it must be enclosed in
square brackets (RFC 2732).
https://fedorahosted.org/freeipa/ticket/1869
In the ticket it is suggested to create a host name and network a
On Mon, 2011-10-03 at 15:16 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2011-09-19 at 09:03 -0400, Rob Crittenden wrote:
> >> Jan Cholasta wrote:
> >>> On 16.9.2011 21:16, Rob Crittenden wrote:
> Prompt for the current password when changing your own password using
> ip
37 matches
Mail list logo
