Hello,
this patch fixes annoying bug from ticket #55: BIND cannot be shutdown
correctly, if psearch is enabled and LDAP connect fails
Upstream ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/55
It's trivial three line patch, so Adam ACKed it on IRC.
Patch is already in master:
Patch 25 fixes errors I found by running pylint on the testsuite. They
were in code that was unused, either by error or because it only runs on
errors.
Patch 26 adds a test for the batch plugin.
--
PetrĀ³
From ac65557938bcfe21032e04b30db9c8d65224b844 Mon Sep 17 00:00:00 2001
From: Petr
On Thu, 2012-03-08 at 16:57 +0100, Petr Viktorin wrote:
Since sudo commands are case-sensitive, we can't use the CN as the RDN.
With this patch, the UUID is used instead.
It seems like a too easy fix. What am I missing?
As far as I understand, the fact that the DN has a different structure
On 03/12/2012 08:15 AM, Petr Spacek wrote:
Hello,
this patch fixes annoying bug from ticket #55: BIND cannot be shutdown
correctly, if psearch is enabled and LDAP connect fails
Upstream ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/55
It's trivial three line patch, so Adam ACKed
On Tue, 2012-03-06 at 13:55 +0100, Petr Viktorin wrote:
On 03/05/2012 04:10 PM, Petr Viktorin wrote:
This patch fixes DN handling when removing LDAP entries from groups.
Because they deal with commas and backslashes in a CSV param, the tests
here rely on my patch 0015.
On Mon, 2012-03-12 at 08:46 -0400, Dmitri Pal wrote:
On 03/12/2012 08:15 AM, Petr Spacek wrote:
Hello,
this patch fixes annoying bug from ticket #55: BIND cannot be
shutdown correctly, if psearch is enabled and LDAP connect fails
Upstream ticket:
On 03/12/2012 01:26 PM, Martin Kosek wrote:
On Thu, 2012-03-08 at 16:57 +0100, Petr Viktorin wrote:
Since sudo commands are case-sensitive, we can't use the CN as the RDN.
With this patch, the UUID is used instead.
It seems like a too easy fix. What am I missing?
As far as I understand, the
On Mon, 2012-03-12 at 14:38 +0100, Petr Viktorin wrote:
On 03/12/2012 01:26 PM, Martin Kosek wrote:
On Thu, 2012-03-08 at 16:57 +0100, Petr Viktorin wrote:
Since sudo commands are case-sensitive, we can't use the CN as the RDN.
With this patch, the UUID is used instead.
It seems like a
On Mon, 2012-03-12 at 14:05 +0100, Martin Kosek wrote:
On Tue, 2012-03-06 at 13:55 +0100, Petr Viktorin wrote:
On 03/05/2012 04:10 PM, Petr Viktorin wrote:
This patch fixes DN handling when removing LDAP entries from groups.
Because they deal with commas and backslashes in a CSV param,
Alexander Bokovoy wrote:
On Wed, 07 Mar 2012, Rob Crittenden wrote:
Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in
enforcing mode.
This is being done in the HTTP instance so we can set both booleans
in one step and save a bit of time (it is still slow).
I would prefer all
On Mon, 12 Mar 2012, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Wed, 07 Mar 2012, Rob Crittenden wrote:
Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in
enforcing mode.
This is being done in the HTTP instance so we can set both booleans
in one step and save a bit
Martin Kosek wrote:
On Fri, 2012-03-09 at 14:18 +0100, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2415
https://fedorahosted.org/freeipa/ticket/1995
Added exception handler to certutil operation of adding CA to the
default NSS database. If operation fails, installation is
On Mon, 2012-03-12 at 11:17 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2012-03-09 at 14:18 +0100, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2415
https://fedorahosted.org/freeipa/ticket/1995
Added exception handler to certutil operation of adding CA to
On Mon, 2012-03-12 at 16:01 +0100, Martin Kosek wrote:
On Mon, 2012-03-12 at 14:38 +0100, Petr Viktorin wrote:
On 03/12/2012 01:26 PM, Martin Kosek wrote:
On Thu, 2012-03-08 at 16:57 +0100, Petr Viktorin wrote:
Since sudo commands are case-sensitive, we can't use the CN as the RDN.
On 03/12/2012 04:01 PM, Martin Kosek wrote:
On Mon, 2012-03-12 at 14:38 +0100, Petr Viktorin wrote:
On 03/12/2012 01:26 PM, Martin Kosek wrote:
On Thu, 2012-03-08 at 16:57 +0100, Petr Viktorin wrote:
Since sudo commands are case-sensitive, we can't use the CN as the RDN.
With this patch, the
On Fri, 2012-03-02 at 10:07 +0100, Petr Viktorin wrote:
On 02/29/2012 04:09 PM, Petr Viktorin wrote:
On 02/29/2012 03:53 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/29/2012 11:14 AM, Jan Cholasta wrote:
On 29.2.2012 11:09, Petr Viktorin wrote:
On 02/28/2012 03:19 PM, Jan
On Fri, Mar 09, 2012 at 04:06:33PM -0500, Dmitri Pal wrote:
As far as I understand underlying DS can also be configured to create
weak hashes needed for NIS but it is not recommended. But this is
something that gurus should confirm.
The NIS server will serve up password hashes which
On 03/12/2012 02:14 PM, Martin Kosek wrote:
On Mon, 2012-03-12 at 08:46 -0400, Dmitri Pal wrote:
On 03/12/2012 08:15 AM, Petr Spacek wrote:
Hello,
this patch fixes annoying bug from ticket #55: BIND cannot be
shutdown correctly, if psearch is enabled and LDAP connect fails
Upstream ticket:
On Mon, 2012-03-12 at 17:12 +0100, Petr Viktorin wrote:
On 03/12/2012 04:01 PM, Martin Kosek wrote:
On Mon, 2012-03-12 at 14:38 +0100, Petr Viktorin wrote:
On 03/12/2012 01:26 PM, Martin Kosek wrote:
On Thu, 2012-03-08 at 16:57 +0100, Petr Viktorin wrote:
Since sudo commands are
Martin Kosek wrote:
On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote:
These 2 patches changes the DNS API to support the last missing bits in
new bind-dyndb-ldap:
1) Both global and per-zone forwarders now support a conditional custom
port (with format IP_ADDRESS PORT)
2) Missing global
Alexander Bokovoy wrote:
On Mon, 12 Mar 2012, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Wed, 07 Mar 2012, Rob Crittenden wrote:
Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in
enforcing mode.
This is being done in the HTTP instance so we can set both booleans
in
Martin Kosek wrote:
The testing instructions are attached to the ticket.
---
Server framework calls acutil.res_send() to send DNS queries used
for various DNS tests. However, once acutil is imported it does
not change its list of configured resolvers even when
/etc/resolv.conf is changed. This
On 03/08/2012 04:54 PM, Dmitri Pal wrote:
On 03/06/2012 01:30 PM, Ondrej Hamada wrote:
On 03/06/2012 05:47 PM, Dmitri Pal wrote:
On 03/06/2012 10:59 AM, Simo Sorce wrote:
On Tue, 2012-03-06 at 10:56 -0500, Dmitri Pal wrote:
[...]
For a read-only KDC we need to investigate what's the better
Martin Kosek wrote:
On Tue, 2012-03-06 at 16:18 -0500, Rob Crittenden wrote:
Rob Crittenden wrote:
Update the minimum selinux-policy for F-17. This will enable
ipa_memcached to run in Enforcing mode. Still waiting on this to be
backported to at least F-16.
You have to manually enable the
On 03/12/2012 03:38 PM, Ondrej Hamada wrote:
On 03/08/2012 04:54 PM, Dmitri Pal wrote:
On 03/06/2012 01:30 PM, Ondrej Hamada wrote:
On 03/06/2012 05:47 PM, Dmitri Pal wrote:
On 03/06/2012 10:59 AM, Simo Sorce wrote:
On Tue, 2012-03-06 at 10:56 -0500, Dmitri Pal wrote:
[...]
For a read-only
On 03/12/2012 01:51 PM, Dmitri Pal wrote:
On 03/12/2012 03:38 PM, Ondrej Hamada wrote:
On 03/08/2012 04:54 PM, Dmitri Pal wrote:
On 03/06/2012 01:30 PM, Ondrej Hamada wrote:
On 03/06/2012 05:47 PM, Dmitri Pal wrote:
On 03/06/2012 10:59 AM, Simo Sorce wrote:
On Tue, 2012-03-06 at 10:56
On Mon, 2012-03-12 at 20:38 +0100, Ondrej Hamada wrote:
USER'S operations when connection is OK:
---
read data - local
write data - forwarding to master
authentication:
-credentials cached -- authenticate against credentials in local cache
Petr Viktorin wrote:
Most of the tests we have check if the server does the right thing with
XML-RPC calls. How the commandline is converted to command arguments,
including interactive prompting, is untested.
This patch adds some tests in this area. To do that I had to break up
cli.run into more
Martin Kosek wrote:
Ticket #2274 implements a check for compat plugin and warns user if
it is enabled. However, there are 2 issues connected with the plugin:
1) The check is performed against the remote (migrated) LDAP server
and not the local LDAP server, which does not make much sense
2)
Martin Kosek wrote:
On Mon, 2012-03-12 at 11:17 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2012-03-09 at 14:18 +0100, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2415
https://fedorahosted.org/freeipa/ticket/1995
Added exception handler to certutil operation of
On 03/12/2012 04:16 PM, Simo Sorce wrote:
On Mon, 2012-03-12 at 20:38 +0100, Ondrej Hamada wrote:
USER'S operations when connection is OK:
---
read data - local
write data - forwarding to master
authentication:
-credentials cached --
Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Mon, 12 Mar 2012, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Wed, 07 Mar 2012, Rob Crittenden wrote:
Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in
enforcing mode.
This is being done in the HTTP instance so we can
Martin Kosek wrote:
On Wed, 2012-03-07 at 18:02 -0500, Rob Crittenden wrote:
The value of nsslapd-anonlimitsdn wasn't being set properly because it
wasn't quoted. This will fix it, replacing whatever is there with a
correct value.
rob
The IPA anonlimits DN is now set correctly. However
On Mon, 12 Mar 2012, Rob Crittenden wrote:
Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Mon, 12 Mar 2012, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Wed, 07 Mar 2012, Rob Crittenden wrote:
Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in
enforcing mode.
On Mon, 2012-03-12 at 17:40 -0400, Dmitri Pal wrote:
On 03/12/2012 04:16 PM, Simo Sorce wrote:
On Mon, 2012-03-12 at 20:38 +0100, Ondrej Hamada wrote:
USER'S operations when connection is OK:
---
read data - local
write data -
On 03/12/2012 06:10 PM, Simo Sorce wrote:
On Mon, 2012-03-12 at 17:40 -0400, Dmitri Pal wrote:
On 03/12/2012 04:16 PM, Simo Sorce wrote:
On Mon, 2012-03-12 at 20:38 +0100, Ondrej Hamada wrote:
USER'S operations when connection is OK:
---
36 matches
Mail list logo