On Tue, May 27, 2014 at 05:57:40PM -0400, Ade Lee wrote:
> There have been a couple of changes in the Dogtag interface, that
> require some changes in the IPA patches. Also, I had to add back a
> function in order to rebase to the latest IPA code.
>
> Most are the patches are as before, attached
On 05/27/2014 08:18 PM, Simo Sorce wrote:
> On Tue, 2014-05-27 at 21:14 +0300, Alexander Bokovoy wrote:
>> On Tue, 27 May 2014, Simo Sorce wrote:
>>> On Tue, 2014-05-27 at 19:59 +0200, thierry bordaz wrote:
On 05/27/2014 06:56 PM, Simo Sorce wrote:
> On Tue, 2014-05-27 at 18:39 +0200, thie
On Tue, 2014-05-27 at 20:57 +0200, Jakub Hrozek wrote:
> On Tue, May 27, 2014 at 04:01:41PM +0200, Sumit Bose wrote:
> > On Tue, Apr 15, 2014 at 11:13:38AM +0200, Sumit Bose wrote:
> > > Hi,
> > >
> > > I have started to write a design page for 'Migrating existing
> > > environments to Trust'
> >
On Tue, 2014-05-27 at 16:01 +0200, Sumit Bose wrote:
> On Tue, Apr 15, 2014 at 11:13:38AM +0200, Sumit Bose wrote:
> > Hi,
> >
> > I have started to write a design page for 'Migrating existing
> > environments to Trust'
> > http://www.freeipa.org/page/V3/Migrating_existing_environments_to_Trust
>
This change has two motivations:
1. Clients don't have to parse the string.
2. Future token types may have new formats.
>From 41d2ca7ddc827bbac1907a9d97502d1d9a4d0faa Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum
Date: Fri, 23 May 2014 13:01:59 -0400
Subject: [PATCH] Change OTPSyncRequest
On Tue, May 27, 2014 at 04:01:41PM +0200, Sumit Bose wrote:
> On Tue, Apr 15, 2014 at 11:13:38AM +0200, Sumit Bose wrote:
> > Hi,
> >
> > I have started to write a design page for 'Migrating existing
> > environments to Trust'
> > http://www.freeipa.org/page/V3/Migrating_existing_environments_to_T
On Tue, May 27, 2014 at 12:20:46PM +0200, Martin Kosek wrote:
> On 05/27/2014 09:00 AM, Fraser Tweedale wrote:
> > Hi all,
> >
> > I've been working on a fix for a profile issue
> > (https://fedorahosted.org/freeipa/ticket/2915). Unfortunately I
> > find the scripts/compose_pki_core_packages -> y
On Tue, 27 May 2014, Simo Sorce wrote:
On Tue, 2014-05-27 at 19:59 +0200, thierry bordaz wrote:
On 05/27/2014 06:56 PM, Simo Sorce wrote:
> On Tue, 2014-05-27 at 18:39 +0200, thierry bordaz wrote:
>> On 05/27/2014 06:06 PM, Simo Sorce wrote:
>>> We just need to care about the 'uid' attribute in
On Tue, 2014-05-27 at 21:14 +0300, Alexander Bokovoy wrote:
> On Tue, 27 May 2014, Simo Sorce wrote:
> >On Tue, 2014-05-27 at 19:59 +0200, thierry bordaz wrote:
> >> On 05/27/2014 06:56 PM, Simo Sorce wrote:
> >> > On Tue, 2014-05-27 at 18:39 +0200, thierry bordaz wrote:
> >> >> On 05/27/2014 06:06
On Tue, 2014-05-27 at 19:59 +0200, thierry bordaz wrote:
> On 05/27/2014 06:56 PM, Simo Sorce wrote:
> > On Tue, 2014-05-27 at 18:39 +0200, thierry bordaz wrote:
> >> On 05/27/2014 06:06 PM, Simo Sorce wrote:
> >>> We just need to care about the 'uid' attribute in the staged entry, and
> >>> pick t
On 05/27/2014 06:56 PM, Simo Sorce wrote:
On Tue, 2014-05-27 at 18:39 +0200, thierry bordaz wrote:
On 05/27/2014 06:06 PM, Simo Sorce wrote:
We just need to care about the 'uid' attribute in the staged entry, and
pick that to generate the RDN of the user in the active tree. If there
are conflic
On Tue, 2014-05-27 at 18:39 +0200, thierry bordaz wrote:
> On 05/27/2014 06:06 PM, Simo Sorce wrote:
> > We just need to care about the 'uid' attribute in the staged entry, and
> > pick that to generate the RDN of the user in the active tree. If there
> > are conflicts the 'unstage' will fail clea
On 05/27/2014 06:06 PM, Simo Sorce wrote:
On Tue, 2014-05-27 at 17:55 +0200, thierry bordaz wrote:
On 05/27/2014 04:35 PM, Martin Kosek wrote:
On 05/27/2014 04:27 PM, Simo Sorce wrote:
On Tue, 2014-05-27 at 15:21 +0200, Martin Kosek wrote:
This topic was already discussed in the past, see fol
On Tue, 2014-05-27 at 17:55 +0200, thierry bordaz wrote:
> On 05/27/2014 04:35 PM, Martin Kosek wrote:
> > On 05/27/2014 04:27 PM, Simo Sorce wrote:
> >> On Tue, 2014-05-27 at 15:21 +0200, Martin Kosek wrote:
> >>> This topic was already discussed in the past, see following part of
> >>> the design
On 05/27/2014 04:35 PM, Martin Kosek wrote:
On 05/27/2014 04:27 PM, Simo Sorce wrote:
On Tue, 2014-05-27 at 15:21 +0200, Martin Kosek wrote:
This topic was already discussed in the past, see following part of
the design:
http://www.freeipa.org/page/V4/User_Life-Cycle_Management#Renaming_vs._Mo
On Tue, 2014-05-27 at 18:01 +0300, Alexander Bokovoy wrote:
> On Tue, 27 May 2014, Petr Viktorin wrote:
> >On 05/26/2014 12:13 PM, Petr Viktorin wrote:
> >[...]
> >>
> >>Thanks for the thorough review!
> >>Pushed to master: 63becae88c6c270b98f0432dc474b661b82f3119
> >
> >
> >Okay guys, we have anot
On Tue, 27 May 2014, Petr Viktorin wrote:
On 05/26/2014 12:13 PM, Petr Viktorin wrote:
[...]
Thanks for the thorough review!
Pushed to master: 63becae88c6c270b98f0432dc474b661b82f3119
Okay guys, we have another issue:
user-add (and the migration plugin) needs access to cn=UPG
Definition,cn=
On 05/26/2014 12:13 PM, Petr Viktorin wrote:
[...]
Thanks for the thorough review!
Pushed to master: 63becae88c6c270b98f0432dc474b661b82f3119
Okay guys, we have another issue:
user-add (and the migration plugin) needs access to cn=UPG
Definition,cn=Definitions,cn=Managed Entries,cn=etc,... t
On 05/27/2014 04:27 PM, Simo Sorce wrote:
> On Tue, 2014-05-27 at 15:21 +0200, Martin Kosek wrote:
>> This topic was already discussed in the past, see following part of
>> the design:
>>
>> http://www.freeipa.org/page/V4/User_Life-Cycle_Management#Renaming_vs._Moving_Users_in_LDAP
>>
>> One of the
On Tue, 2014-05-27 at 15:21 +0200, Martin Kosek wrote:
> This topic was already discussed in the past, see following part of
> the design:
>
> http://www.freeipa.org/page/V4/User_Life-Cycle_Management#Renaming_vs._Moving_Users_in_LDAP
>
> One of the biggest concern was that to allow operator unst
On 05/26/2014 04:44 PM, Petr Viktorin wrote:
> On 05/22/2014 03:07 PM, Petr Viktorin wrote:
>> Hello,
>> Here I start upgrading the existing default permissions to the new
>> Managed style.
>>
>> https://fedorahosted.org/freeipa/ticket/4346
>>
>> The patches rely on my patch 0551
>> (https://fedor
On 27.5.2014 14:28, Petr Vobornik wrote:
Recent removal of global read-only ACI affects current self-service page.
Now it displays error dialog with two errors:
* None: password policy not found
* an internal error has occurred
They are results of:
* pwpolicy-show --user=username
* krbtpolicy-s
On Tue, Apr 15, 2014 at 11:13:38AM +0200, Sumit Bose wrote:
> Hi,
>
> I have started to write a design page for 'Migrating existing
> environments to Trust'
> http://www.freeipa.org/page/V3/Migrating_existing_environments_to_Trust
> It shall cover https://fedorahosted.org/freeipa/ticket/3318 and
>
Hello,
Fix race condition during zone loading.
DNS zone has to be added to DNS view before dns_zone_load() is called.
It is necessary to prevent dns_zone_load() from racing with dns_zone_setview().
This race condition sometimes prevents zone from being signed.
Now the unsigned zone is visible u
On 27.5.2014 15:54, Petr Spacek wrote:
Fix race condition during zone loading.
DNS zone has to be added to DNS view before dns_zone_load() is called.
It is necessary to prevent dns_zone_load() from racing with dns_zone_setview().
This race condition sometimes prevents zone from being signed.
No
On 05/27/2014 03:08 PM, Simo Sorce wrote:
On Tue, 2014-05-27 at 14:40 +0200, thierry bordaz wrote:
On 05/27/2014 02:32 PM, Jan Cholasta wrote:
On 27.5.2014 14:22, Simo Sorce wrote:
On Tue, 2014-05-27 at 14:19 +0200, Martin Kosek wrote:
On 05/27/2014 02:16 PM, Simo Sorce wrote:
On Tue, 2014-0
On 05/27/2014 03:10 PM, Simo Sorce wrote:
On Tue, 2014-05-27 at 14:59 +0200, thierry bordaz wrote:
Now if an entry was not created by FreeIPA CLI ('ipa user-add
--stage') it could be impossible to update/unstage the entry with
FreeIPA CLI .
For example with those two entries. 'ipa user-mod TestU
On 26.5.2014 18:23, Nathaniel McCallum wrote:
On Mon, 2014-05-26 at 09:56 +0200, Jan Cholasta wrote:
On 23.5.2014 23:19, Nathaniel McCallum wrote:
On Wed, 2014-05-14 at 14:08 -0400, Nathaniel McCallum wrote:
Occasionally OTP tokens get out of sync with the server. When this
happens, the user o
On 05/27/2014 03:08 PM, Simo Sorce wrote:
> On Tue, 2014-05-27 at 14:40 +0200, thierry bordaz wrote:
>> On 05/27/2014 02:32 PM, Jan Cholasta wrote:
>>> On 27.5.2014 14:22, Simo Sorce wrote:
On Tue, 2014-05-27 at 14:19 +0200, Martin Kosek wrote:
> On 05/27/2014 02:16 PM, Simo Sorce wrote:
>
On Tue, 2014-05-27 at 14:59 +0200, thierry bordaz wrote:
> Now if an entry was not created by FreeIPA CLI ('ipa user-add
> --stage') it could be impossible to update/unstage the entry with
> FreeIPA CLI .
> For example with those two entries. 'ipa user-mod TestUser --stage' or
> 'ipa user-unstage T
On Tue, 2014-05-27 at 14:40 +0200, thierry bordaz wrote:
> On 05/27/2014 02:32 PM, Jan Cholasta wrote:
> > On 27.5.2014 14:22, Simo Sorce wrote:
> >> On Tue, 2014-05-27 at 14:19 +0200, Martin Kosek wrote:
> >>> On 05/27/2014 02:16 PM, Simo Sorce wrote:
> On Tue, 2014-05-27 at 13:01 +0200, Mart
On 05/27/2014 02:19 PM, Martin Kosek wrote:
On 05/27/2014 02:16 PM, Simo Sorce wrote:
On Tue, 2014-05-27 at 13:01 +0200, Martin Kosek wrote:
On 05/27/2014 11:53 AM, Jan Cholasta wrote:
On 27.5.2014 11:14, thierry bordaz wrote:
Hello,
Me again !!!
Thanks to all your inputs, the dis
On 05/27/2014 02:32 PM, Jan Cholasta wrote:
On 27.5.2014 14:22, Simo Sorce wrote:
On Tue, 2014-05-27 at 14:19 +0200, Martin Kosek wrote:
On 05/27/2014 02:16 PM, Simo Sorce wrote:
On Tue, 2014-05-27 at 13:01 +0200, Martin Kosek wrote:
On 05/27/2014 11:53 AM, Jan Cholasta wrote:
On 27.5.2014 1
On 27.5.2014 14:22, Simo Sorce wrote:
On Tue, 2014-05-27 at 14:19 +0200, Martin Kosek wrote:
On 05/27/2014 02:16 PM, Simo Sorce wrote:
On Tue, 2014-05-27 at 13:01 +0200, Martin Kosek wrote:
On 05/27/2014 11:53 AM, Jan Cholasta wrote:
On 27.5.2014 11:14, thierry bordaz wrote:
Hello,
Me
Recent removal of global read-only ACI affects current self-service page.
Now it displays error dialog with two errors:
* None: password policy not found
* an internal error has occurred
They are results of:
* pwpolicy-show --user=username
* krbtpolicy-show username
commands.
The second one is
On Tue, 2014-05-27 at 14:19 +0200, Martin Kosek wrote:
> On 05/27/2014 02:16 PM, Simo Sorce wrote:
> > On Tue, 2014-05-27 at 13:01 +0200, Martin Kosek wrote:
> >> On 05/27/2014 11:53 AM, Jan Cholasta wrote:
> >>> On 27.5.2014 11:14, thierry bordaz wrote:
> Hello,
>
> Me again !!!
On 05/27/2014 02:16 PM, Simo Sorce wrote:
> On Tue, 2014-05-27 at 13:01 +0200, Martin Kosek wrote:
>> On 05/27/2014 11:53 AM, Jan Cholasta wrote:
>>> On 27.5.2014 11:14, thierry bordaz wrote:
Hello,
Me again !!!
Thanks to all your inputs, the discussion about User_l
On Tue, 2014-05-27 at 13:01 +0200, Martin Kosek wrote:
> On 05/27/2014 11:53 AM, Jan Cholasta wrote:
> > On 27.5.2014 11:14, thierry bordaz wrote:
> >> Hello,
> >>
> >> Me again !!!
> >>
> >> Thanks to all your inputs, the discussion about User_life_cycle
> >> clarified a lot workflow/c
See the ticket & commit message.
https://fedorahosted.org/freeipa/ticket/4309
--
PetrĀ³
From 3e9f26a423af1db2fe15b326059f901f7bcca70e Mon Sep 17 00:00:00 2001
From: Petr Viktorin
Date: Tue, 27 May 2014 12:21:33 +0200
Subject: [PATCH] pwpolicy-mod: Fix crash when priority is changed
The exc_call
On 04/18/2014 04:01 PM, Misnyovszki Adam wrote:
> On Thu, 17 Apr 2014 16:21:19 +0200
> Martin Kosek wrote:
>
>> On 04/17/2014 04:10 PM, Rob Crittenden wrote:
>>> Misnyovszki Adam wrote:
Hi,
this patch modifies ipa-server-install to warn the user, if there
is a lack of entropy, also
This is just a first draft of implementation of
https://fedorahosted.org/freeipa/ticket/4345
It introduces a `freeipa/extend` module which should serve as a more
stable API for Web UI plugins. I think it requires further discussion -
what to have there, the level of abstraction...
Other patc
On 05/27/2014 11:53 AM, Jan Cholasta wrote:
> On 27.5.2014 11:14, thierry bordaz wrote:
>> Hello,
>>
>> Me again !!!
>>
>> Thanks to all your inputs, the discussion about User_life_cycle
>> clarified a lot workflow/command verbs.
>>
>> Now I have a doubt about what would be an entry
using browser history when unauthenticated causes transition to
the original and/or preceding facets. But nothing works since
all commands fail due to expired credentials in session.
These changes make sure that user stays on login screen if he misses
valid session credentials while he wants to s
Dialog instances no longer directly call IPA.opened_dialog methods. It's
handled through events (decoupled from dialog's POV). IPA.open_dialogs
with assistance of ApplicationController makes sure that there is only
one dialog opened at the same time.
It also makes sure to hide all dialogs, which
On 05/27/2014 09:00 AM, Fraser Tweedale wrote:
> Hi all,
>
> I've been working on a fix for a profile issue
> (https://fedorahosted.org/freeipa/ticket/2915). Unfortunately I
> find the scripts/compose_pki_core_packages -> yum install -> test
> cycle frustratingly slow on idm.lab.bos. Is there a
On 05/27/2014 11:16 AM, Alexander Bokovoy wrote:
On Tue, 27 May 2014, Petr Viktorin wrote:
Hello,
This fixes https://fedorahosted.org/freeipa/ticket/4219
AFAIK the "vendor version" (e.g. 4.0.0-0.fc20) was not available to
IPA, so I have it added to version.py when building packages. I wonder
i
On 26.5.2014 10:18, Martin Kosek wrote:
On 05/26/2014 09:33 AM, Jan Cholasta wrote:
On 26.5.2014 07:49, Martin Kosek wrote:
...
> 5) modifying
> (in active) ipa user-mod tuser ...
Ok.
> (in stage)ipa user-mod tuser --staged ...
Simo did not like this command, I would personally
On 27.5.2014 11:14, thierry bordaz wrote:
Hello,
Me again !!!
Thanks to all your inputs, the discussion about User_life_cycle
clarified a lot workflow/command verbs.
Now I have a doubt about what would be an entry in staging
(objectclass/attribute). Also I wonder if ipa CLI
On Tue, 27 May 2014, Petr Viktorin wrote:
Hello,
This fixes https://fedorahosted.org/freeipa/ticket/4219
AFAIK the "vendor version" (e.g. 4.0.0-0.fc20) was not available to IPA, so
I have it added to version.py when building packages. I wonder if there's an
easier way to do this.
The second
Hello,
Me again !!!
Thanks to all your inputs, the discussion about User_life_cycle
clarified a lot workflow/command verbs.
Now I have a doubt about what would be an entry in staging
(objectclass/attribute). Also I wonder if ipa CLI (ipa user-add
--stage), would be the only su
Hello,
This fixes https://fedorahosted.org/freeipa/ticket/4219
AFAIK the "vendor version" (e.g. 4.0.0-0.fc20) was not available to IPA,
so I have it added to version.py when building packages. I wonder if
there's an easier way to do this.
The second patch logs the version in all the installa
Hi all,
I've been working on a fix for a profile issue
(https://fedorahosted.org/freeipa/ticket/2915). Unfortunately I
find the scripts/compose_pki_core_packages -> yum install -> test
cycle frustratingly slow on idm.lab.bos. Is there a quicker way
to build and test the software - particularly a
52 matches
Mail list logo