This fixes https://fedorahosted.org/freeipa/ticket/2071 (Add final debug
message in installers). The try/except blocks at the end of
installers/management scripts are replaced by a call to a common
function, which includes the final message.
Obviously the installers still need some more love.
Hi guys,
during next days I'm going to put more effort on my FreeIPA project, so I
would appreciate to test (and report problems/bugs, of course) with other
alpha versions of FreeIPA 2.2.
Have you got any plan to release other alpha versions shortly?
Just to know, thanks a lot as usual.
Marco
On 02/21/2012 02:32 PM, Ondrej Hamada wrote:
On 02/20/2012 06:53 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2274
Added check into migration plugin to warn user when compat is enabled.
If compat is enabled, the migration fails and user is warned that
On Tue, 2012-02-21 at 17:27 +0100, Martin Kosek wrote:
This set of 3 DNS patches fixes 2 minor issues found during DNS test day
(217, 218) and there is slightly longer patch (219) which improves and
consolidates hostname/domain name validation.
The testing should be pretty straightforward in
Attribute values passed by --{set,add,del}attr parameters were
normalized and validated using appropriate parameter, but were
never encoded for the backend. This make prevents manipulation
with dirsvr BOOL attributes where framework tries to pass
boolean value instead of encoded TRUE/FALSE values.
If not set, it causes the script to fail with traceback on some machines (for
example when resolve_host() couple lines below threw an exception).
Jan
From b312e4210866a11266d12b56e2be4ca08dc94379 Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Wed, 22 Feb 2012 16:01:37 +0100
On Wed, 22 Feb 2012, Jan Zelený wrote:
If not set, it causes the script to fail with traceback on some machines (for
example when resolve_host() couple lines below threw an exception).
ACK.
Please commit as oneliner, I had same in my local copy for long time,
slated to come with trusts.
For the most part IPA runs its services using whatever the default unix
user is for that service, e.g. Apache as httpd, ntpd as ntp, etc.
389-ds doesn't have a system user. We create one named dirsrv in
ipa-server-install and use that. We also remove this user when uninstalling.
This can
On Wed, 22 Feb 2012, Alexander Bokovoy wrote:
when trying to get FreeIPA master running on F17, after applying
python-ldap upstream fix for FreeIPA ticket #2383, I'm still getting
issues with non-uniqueness of memberPrincipal attribute.
Unexpected error - see ipaserver-install.log for
We include memberof when doing a total sync so there is no need to
re-run the memberOf task in ipa-replica-manage re-initialize unless the
agreement doesn't set nsDS5ReplicatedAttributeListTotal.
rob
From 05118681594cf78a073ca2273cfa0a6ee3bdf378 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
The python-ldap in F-17 added uniqueness checking in its schema parser.
This breaks the updater where we purposely re-create the schema from a
dictionary to see if anything has changed. We need to pass in a flag to
tell it to not check uniqueness.
This flag is new to the API so to support all
Similar to my patch 921, fix replication agreements that were created
without memberof in the exclusion list. This patch is for ipa-2-2 and
master and does it as part of the upgrade process as a plugin.
rob
From 20ad4e00211cf738b3566958d7c3d60313b1d996 Mon Sep 17 00:00:00 2001
From: Rob
These files are deprecated by new ipa-kdb backend, remove them if they
exist.
rob
From 1f7477db4c41eb13c9de5bf00262a4a1308c2065 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 22 Feb 2012 16:40:29 -0500
Subject: [PATCH] Remove unused kpasswd.keytab and ldappwd files
Don't allow a host that is a master or its IPA services to be deleted.
I'm taking a pretty limited view of services, preventing deletion of
just the IPA services I could think of. I don't want to prevent someone
from deleting an nfs service they set up, for example.
I'm raising a
Alexander Bokovoy wrote:
On Wed, 22 Feb 2012, Alexander Bokovoy wrote:
when trying to get FreeIPA master running on F17, after applying
python-ldap upstream fix for FreeIPA ticket #2383, I'm still getting
issues with non-uniqueness of memberPrincipal attribute.
Unexpected error - see
On 02/22/2012 11:30 AM, Rob Crittenden wrote:
For the most part IPA runs its services using whatever the default unix
user is for that service, e.g. Apache as httpd, ntpd as ntp, etc.
389-ds doesn't have a system user. We create one named dirsrv in
ipa-server-install and use that. We also
On Feb 22, 2012, at 11:26 AM, Rob Crittenden wrote:
We include memberof when doing a total sync so there is no need to re-run the
memberOf task in ipa-replica-manage re-initialize unless the agreement
doesn't set nsDS5ReplicatedAttributeListTotal.
rob
I had originally envisioned a tool to re-create configure.jar so that
network.negotiate-auth.delegation-uris is no longer set.
After some consideration it seems better to just document this. It isn't
like this is ever going to get run more than once.
I documented the procedure in ticket
JR Aquino wrote:
On Feb 22, 2012, at 11:26 AM, Rob Crittenden wrote:
We include memberof when doing a total sync so there is no need to re-run the
memberOf task in ipa-replica-manage re-initialize unless the agreement doesn't
set nsDS5ReplicatedAttributeListTotal.
rob
Does anyone have a BNF for or know the legal characters in a netgroup name?
All I could find was an ancient SunOS document saying only lower-case
characters and digits were allowed. This doesn't sound right.
thanks
rob
___
Freeipa-devel mailing
Check to see if SELinux is enabled and restorecon exists before trying
to run it. This will prevent client install failures if SELinux isn't
enabled.
rob
From 0c3bec796234f02fe0ee4ffb68e1a9b7bec26438 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 22 Feb 2012
On Feb 22, 2012, at 7:10 PM, Rob Crittenden wrote:
JR Aquino wrote:
On Feb 22, 2012, at 11:26 AM, Rob Crittenden wrote:
We include memberof when doing a total sync so there is no need to re-run
the memberOf task in ipa-replica-manage re-initialize unless the agreement
doesn't set
Add -v to the two calls to sslget. In case of an error we'll get more
than just the returnval.
I also fixed a couple of old references to sslget. It used to be our SSL
client before python-nss.
rob
From 985152235cd18bffafeb07121a0eca86a80da08c Mon Sep 17 00:00:00 2001
From: Rob Crittenden
23 matches
Mail list logo