John Dennis wrote:
There were quite errors in es.po, it was difficult or impossible to
track down where they came from, Transifex does not have good revision
history.
I fixed about 20% of the msgstr's in the file that had obvious
problems which could be spotted by a non-Spanish speaking person.
Fix OTP client enrollment when anonymous searches are disabled in 389-ds.
This is fixed mostly by passing in the basedn to ipa-join so we don't
have to hunt for it. I did modify that routine so it will look through
all naming contexts to find the IPA one but this will fail if anonymous
searche
https://fedorahosted.org/freeipa/ticket/1948
Honza
--
Jan Cholasta
>From aa87082562cfa6482bfc30c2f937e3adf947855a Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Tue, 11 Oct 2011 18:44:33 +0200
Subject: [PATCH] Don't leak passwords through kdb5_ldap_util command line
arguments.
ticket 1948
On 10/11/2011 01:30 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1944
(2.1.3 Release)
No editable fields exist for "maxfail", "failinterval" "lockouttime"
and "priority" in password policy page.
Thanks!
Yi
___
Freeipa-devel m
Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1944
(2.1.3 Release)
No editable fields exist for "maxfail", "failinterval" "lockouttime" and
"priority" in password policy page.
Ack. Pushed to master and ipa-2-1.
___
Freeipa-devel mail
On Fri, 2011-10-07 at 09:18 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> >>
> >> Yes but the entry is added /etc/hosts at the very END of installation,
> >> apparently too late for some things. We can alternately add this prior
> >> to configuring anything else.
> >
> > But we add the entry
Alexander Bokovoy wrote:
Hi,
two improvements for hbactest command:
1. Include indirect membership for users and hosts
2. Append FreeIPA default domain to hosts in hbactest request if they
are not fully qualified ones.
Fixes
https://fedorahosted.org/freeipa/ticket/1862
https://fedorahosted.
Alexander Bokovoy wrote:
Hi,
there seems to be something new with python-2.7.2 on Fedora 16 and
'make lint' complains about
dom_name = config.default_realm.lower()
as config.default_realm is of type _Chainmap during static analysis.
We get config.default_realm out of krbV.default_context().d
Jan Cholasta wrote:
Don't allow "ipa pwpolicy-del global_policy".
https://fedorahosted.org/freeipa/ticket/1936
Can you add a unit test case for this? Then ack.
Questions:
Is it possible to disallow deletion of specific objects on LDAP level
instead?
Well, that would be ideal in some case
On Tue, 2011-10-11 at 09:10 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Tue, 2011-10-11 at 11:03 +0200, Martin Kosek wrote:
> >> Based mainly on Rob's fix proposed in Trac.
> >> ---
> >> Ticket 1627 contained a (temporary hack-ish) fix for dnszone-add
> >> name_from_ip validation whic
Don't allow "ipa pwpolicy-del global_policy".
https://fedorahosted.org/freeipa/ticket/1936
Questions:
Is it possible to disallow deletion of specific objects on LDAP level
instead?
The default HBAC rule, allow_all, can also be deleted - should it be
disallowed too?
Honza
--
Jan Cholasta
Martin Kosek wrote:
On Tue, 2011-10-11 at 11:03 +0200, Martin Kosek wrote:
Based mainly on Rob's fix proposed in Trac.
---
Ticket 1627 contained a (temporary hack-ish) fix for dnszone-add
name_from_ip validation which works fine for CLI. However, when
the command is not proceeded via CLI and sen
On Tue, 2011-10-11 at 14:56 +0300, Alexander Bokovoy wrote:
> On Tue, 11 Oct 2011, Martin Kosek wrote:
> > When user/group default object class is being modified via
> > ipa config-mod, no validation check is run. Check at least
> > the following:
> >
> > - all object classes are known to LDAP
> >
On Tue, 2011-10-11 at 11:03 +0200, Martin Kosek wrote:
> Based mainly on Rob's fix proposed in Trac.
> ---
> Ticket 1627 contained a (temporary hack-ish) fix for dnszone-add
> name_from_ip validation which works fine for CLI. However, when
> the command is not proceeded via CLI and sent directly to
On Tue, 11 Oct 2011, Martin Kosek wrote:
> When user/group default object class is being modified via
> ipa config-mod, no validation check is run. Check at least
> the following:
>
> - all object classes are known to LDAP
> - all default user/group attributes are allowed under the new
> set of
On Tue, 2011-10-11 at 13:57 +0300, Alexander Bokovoy wrote:
> On Tue, 11 Oct 2011, Martin Kosek wrote:
> > This was done on purpose. When you combine 2 lists in Python using +
> > operator, a new list is created without modifying the old one. Check the
> > following example:
> >
> > >>> a = [1,2,3
On Tue, 11 Oct 2011, Martin Kosek wrote:
> This was done on purpose. When you combine 2 lists in Python using +
> operator, a new list is created without modifying the old one. Check the
> following example:
>
> >>> a = [1,2,3]
> >>> b = [4]
> >>> c = a+b
> >>> print c
> [1, 2, 3, 4]
> >>> print a
On Tue, 2011-10-11 at 13:16 +0300, Alexander Bokovoy wrote:
> On Tue, 11 Oct 2011, Martin Kosek wrote:
> > On Tue, 2011-10-11 at 12:01 +0300, Alexander Bokovoy wrote:
> > > On Tue, 11 Oct 2011, Martin Kosek wrote:
> > > > @@ -212,6 +216,24 @@ class config_mod(LDAPUpdate):
> > > >
On Tue, 11 Oct 2011, Martin Kosek wrote:
> On Tue, 2011-10-11 at 12:01 +0300, Alexander Bokovoy wrote:
> > On Tue, 11 Oct 2011, Martin Kosek wrote:
> > > @@ -212,6 +216,24 @@ class config_mod(LDAPUpdate):
> > > raise errors.ValidationError(
> > >
On Tue, 2011-10-11 at 12:01 +0300, Alexander Bokovoy wrote:
> On Tue, 11 Oct 2011, Martin Kosek wrote:
> > @@ -212,6 +216,24 @@ class config_mod(LDAPUpdate):
> > raise errors.ValidationError(
> > name=k, error='attribute "%s" not allowed' % a
>
Hello all,
please see attached patch for bind-dyndb-ldap, it should solve (at least
from bind-dyndb-ldap side) ticket #1931. It adds new "ldap_hostname"
option and ipa-server-install utility should set this option when
/bin/hostname is different from --hostname parameter.
Comments are welcomed.
Hi,
there seems to be something new with python-2.7.2 on Fedora 16 and
'make lint' complains about
dom_name = config.default_realm.lower()
as config.default_realm is of type _Chainmap during static analysis.
We get config.default_realm out of krbV.default_context().default_realm.
The code c
Based mainly on Rob's fix proposed in Trac.
---
Ticket 1627 contained a (temporary hack-ish) fix for dnszone-add
name_from_ip validation which works fine for CLI. However, when
the command is not proceeded via CLI and sent directly to the
RPC server, the server throws Internal Server Error.
Make s
On Tue, 11 Oct 2011, Martin Kosek wrote:
> @@ -212,6 +216,24 @@ class config_mod(LDAPUpdate):
> raise errors.ValidationError(
> name=k, error='attribute "%s" not allowed' % a
> )
Could you please also (in a separate patc
On Tue, 2011-10-11 at 10:25 +0300, Alexander Bokovoy wrote:
> Hi,
>
> https://fedorahosted.org/freeipa/ticket/1774
>
ACK. Pushed to master, ipa-2-1.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinf
Hi,
two improvements for hbactest command:
1. Include indirect membership for users and hosts
2. Append FreeIPA default domain to hosts in hbactest request if they
are not fully qualified ones.
Fixes
https://fedorahosted.org/freeipa/ticket/1862
https://fedorahosted.org/freeipa/ticket/1949
Tw
https://fedorahosted.org/freeipa/ticket/1944
(2.1.3 Release)
No editable fields exist for "maxfail", "failinterval" "lockouttime" and
"priority" in password policy page.
--
Petr Vobornik
From 9ae5eca65de34c02fe0c3baae6eb27e2fa8fe346 Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Tue, 11
When user/group default object class is being modified via
ipa config-mod, no validation check is run. Check at least
the following:
- all object classes are known to LDAP
- all default user/group attributes are allowed under the new
set of default object classes
https://fedorahosted.org/freeip
Hi,
https://fedorahosted.org/freeipa/ticket/1774
--
/ Alexander Bokovoy
>From 6603e5af84c03dbabdd3de8a681a8d9d9b89013d Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 11 Oct 2011 10:22:16 +0300
Subject: [PATCH] Increase number of 'getent passwd attempts' to 10
During ipa-client-ins
29 matches
Mail list logo