On Tue, 2012-05-29 at 16:44 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Wed, 2012-05-23 at 13:55 -0400, Rob Crittenden wrote:
> >> Rob Crittenden wrote:
> >>> Martin Kosek wrote:
> On Fri, 2012-05-18 at 10:17 -0400, Rob Crittenden wrote:
> > Rob Crittenden wrote:
> >> Mar
On Tue, 2012-05-29 at 17:21 +0200, Jan Cholasta wrote:
> On 25.5.2012 18:09, Martin Kosek wrote:
> > On Wed, 2012-05-23 at 11:16 +0200, Jan Cholasta wrote:
> >> Hi,
> >>
> >> this fixes https://fedorahosted.org/freeipa/ticket/2769 as well as some
> >> other issues with SSH configuration in ipa-clie
When permission-find post callback detected a --pkey-only option,
it just terminated. However, this way the results that could have
been added from aci_find matches were not included.
Fix the post callback to go through the entire matching process.
Also make sure that DNS permissions have a correc
Hey,
I pushed the attached oneliner.
--
Simo Sorce * Red Hat, Inc * New York
>From 43701d273525b01fd7a0f3611166653218daf11d Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Tue, 29 May 2012 17:41:38 -0400
Subject: [PATCH] Fix setting domain_sid
'sid' is a stack variable, by assigning its address
Petr Viktorin wrote:
This fixes "misleading/invalid" error messages given when using
--delattr to delete values from an attribute that doesn't exist on the
entry.
Please see the trac comment for details.
https://fedorahosted.org/freeipa/ticket/2699
ACK, pushed to master
rob
_
Petr Vobornik wrote:
IPA web UI isn't functional when browser doesn't send http headers.
This patch adds a functionality which sets Firefox
network.http.sendRefererHeader configuration option to value '2' which
enables it.
Possible values: http://kb.mozillazine.org/Network.http.sendRefererHeade
Martin Kosek wrote:
On Fri, 2012-05-18 at 11:53 -0400, Rob Crittenden wrote:
We don't have an explicit requires on the policycoreutils package in the
client because SELinux is not required (just recommended).
SELinux can be enabled without this package so check for that condition
and don't allo
Martin Kosek wrote:
On Wed, 2012-05-23 at 13:55 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2012-05-18 at 10:17 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2012-05-17 at 16:11 -0400, Rob Crittenden wrote:
We do two searc
On Fri, 2012-05-25 at 18:36 -0400, Simo Sorce wrote:
> The original ldap driver we used up to 2.2 had 2 options admins could
> set to limit the amount of writes to the database on certain auditing
> related operations.
> In particular disable_last_success is really important to reduce the
> load on
On Wed, 2012-05-30 at 01:28 +0930, William Brown wrote:
>
> The best benefit of this, would be that policies of "views" could be
> edited with the CLI tool or the web interface, rather than having to
> edit the named.conf file. This would again simplify administration of
> DNS services.
>
Well sa
On 25/05/12 11:40 PM, Simo Sorce wrote:
>> It do not require any change in bind-dyndb-ldap code. All merges/overrides
>> > will be done on Directory server.
> Given we do persistent searches and we also do some caching in
> bind-dyndb-ldap we almost certainly do not want to 'fool' it by
> returnin
On Tue, 2012-05-29 at 17:16 +0200, Petr Spacek wrote:
> Hello,
>
> for clarity: I'm not going to implement it (now). There are another features
> on the table.
>
> I'm trying to find simplest solution/workaround, because several people asked
> for this feature and I think it is quite important.
On 25.5.2012 18:09, Martin Kosek wrote:
On Wed, 2012-05-23 at 11:16 +0200, Jan Cholasta wrote:
Hi,
this fixes https://fedorahosted.org/freeipa/ticket/2769 as well as some
other issues with SSH configuration in ipa-client-install.
Honza
This fixed the basic functionality, but I discovered an
Hello,
for clarity: I'm not going to implement it (now). There are another features
on the table.
I'm trying to find simplest solution/workaround, because several people asked
for this feature and I think it is quite important. (Besides load-balancing
purpose it can be handy for environments
On Tue, 2012-05-29 at 16:40 +0200, Jan Cholasta wrote:
> On 29.5.2012 16:01, Martin Kosek wrote:
> > This option will make renaming DNS records much easier.
> > Add a unit test for this new functionality.
> >
> > https://fedorahosted.org/freeipa/ticket/2600
> >
>
> I wonder, how hard would it be t
On 29.5.2012 16:01, Martin Kosek wrote:
This option will make renaming DNS records much easier.
Add a unit test for this new functionality.
https://fedorahosted.org/freeipa/ticket/2600
I wonder, how hard would it be to modify the patch to allow --rename on
all objects, as requested in
Martin Kosek wrote:
On Thu, 2012-05-24 at 11:38 -0400, Rob Crittenden wrote:
Petr Viktorin wrote:
On 05/18/2012 10:03 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
A hardcoded timeout was used in ipactl for service restarts, set rather
low. A separate timeout was hardcoded into the installe
This option will make renaming DNS records much easier.
Add a unit test for this new functionality.
https://fedorahosted.org/freeipa/ticket/2600
>From d30b98c2fa4a2e4cb907d1727879cab616d166a6 Mon Sep 17 00:00:00 2001
From: Martin Kosek
Date: Tue, 29 May 2012 15:58:36 +0200
Subject: [PATCH] Add r
On Tue, 2012-05-29 at 09:47 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > Pushed to master under the one-liner rule.
> >
> > ---
> >
> > Kerberos ticket maximum life was being set to 1 hour which then
> > affected lifetime of Kerberos tickets returned by IPA server under
> > the test.
> >
Martin Kosek wrote:
Pushed to master under the one-liner rule.
---
Kerberos ticket maximum life was being set to 1 hour which then
affected lifetime of Kerberos tickets returned by IPA server under
the test.
Make sure that the policy is reset before and after the unit test to
keep the IPA serv
Precallback validator was failing when a zone-relative name was
used as a NS record (for example record "ns" in a zone "example.com").
However, this is valid in BIND and we should allow it as well.
Imports in dns module had to be switched to absolute imports
(available from Python 2.5) to deal wit
On Thu, 2012-05-24 at 11:38 -0400, Rob Crittenden wrote:
> Petr Viktorin wrote:
> > On 05/18/2012 10:03 PM, Rob Crittenden wrote:
> >> Rob Crittenden wrote:
> >>> A hardcoded timeout was used in ipactl for service restarts, set rather
> >>> low. A separate timeout was hardcoded into the installer.
On Tue, 2012-05-22 at 15:45 +0200, Petr Viktorin wrote:
> On 2012-04-23 17:05, John Dennis wrote:
> > On 04/23/2012 05:19 AM, Petr Viktorin wrote:
> >> This fixes https://fedorahosted.org/freeipa/ticket/2071 (Add final debug
> >> message in installers).
> >>
> >> I submitted an earlier version of t
On Fri, 2012-05-18 at 11:53 -0400, Rob Crittenden wrote:
> We don't have an explicit requires on the policycoreutils package in the
> client because SELinux is not required (just recommended).
>
> SELinux can be enabled without this package so check for that condition
> and don't allow installat
On Mon, 2012-05-21 at 13:58 +0200, Petr Viktorin wrote:
> Only use no_create/no_update for things we really don't want the user to
> change (even through setattr). This is stuff like ipacertificatesubjectbase.
> Make --{set,add,del}attr refuse to modify these params.
>
> For things we just don't
25 matches
Mail list logo