On 07/22/2014 05:01 PM, Martin Kosek wrote:
Hello,
I was thinking more about the solution to fix migration in FreeIPA 4.0 as
proposed in
https://fedorahosted.org/freeipa/ticket/4450#comment:6
and I realized it will be more complicated.
Conditionally enabling nsslapd-allow-hashed-passwords in
On 23.7.2014 01:01, Gabe Alford wrote:
Forgot about --trust-secret. Here is an updated patch.
On Mon, Jul 21, 2014 at 2:31 AM, Jan Cholasta jchol...@redhat.com
mailto:jchol...@redhat.com wrote:
On 21.7.2014 10:28, Martin Kosek wrote:
On 07/21/2014 09:56 AM, Jan Cholasta wrote:
While solving ticket #4280 I noticed that we are messing with
certmonger's files right under its hands. That can lead to some
unpleasant race condition issues.
Is there any reason why not to call certmonger via DBus and ask it to
stop tracking the requests?
--
David Kupka
On 07/23/2014 09:56 AM, David Kupka wrote:
While solving ticket #4280 I noticed that we are messing with certmonger's
files right under its hands. That can lead to some unpleasant race condition
issues.
Is there any reason why not to call certmonger via DBus and ask it to stop
tracking the
On 23.7.2014 10:12, Martin Kosek wrote:
On 07/23/2014 09:56 AM, David Kupka wrote:
While solving ticket #4280 I noticed that we are messing with certmonger's
files right under its hands. That can lead to some unpleasant race condition
issues.
Is there any reason why not to call certmonger via
On Wed, 23 Jul 2014, Martin Kosek wrote:
On 07/23/2014 09:56 AM, David Kupka wrote:
While solving ticket #4280 I noticed that we are messing with certmonger's
files right under its hands. That can lead to some unpleasant race condition
issues.
Is there any reason why not to call certmonger via
On 07/23/2014 10:33 AM, Jan Cholasta wrote:
On 23.7.2014 10:12, Martin Kosek wrote:
On 07/23/2014 09:56 AM, David Kupka wrote:
While solving ticket #4280 I noticed that we are messing with certmonger's
files right under its hands. That can lead to some unpleasant race condition
issues.
Is
On 23.7.2014 10:38, Martin Kosek wrote:
On 07/23/2014 10:33 AM, Jan Cholasta wrote:
On 23.7.2014 10:12, Martin Kosek wrote:
On 07/23/2014 09:56 AM, David Kupka wrote:
While solving ticket #4280 I noticed that we are messing with certmonger's
files right under its hands. That can lead to some
Hello list,
I have noticed that Fedora is heavily using project FedOAuth:
Federated Open Authentication
FedOAuth is a provider for federated authentication mechanisms with a modular
authentication backend.
It sounds somewhat similar to our Ipsilon project and it is also written in
Python.
On 07/23/2014 10:49 AM, Jan Cholasta wrote:
On 23.7.2014 10:38, Martin Kosek wrote:
On 07/23/2014 10:33 AM, Jan Cholasta wrote:
On 23.7.2014 10:12, Martin Kosek wrote:
On 07/23/2014 09:56 AM, David Kupka wrote:
While solving ticket #4280 I noticed that we are messing with certmonger's
files
On 23.7.2014 12:23, Martin Kosek wrote:
On 07/23/2014 10:49 AM, Jan Cholasta wrote:
On 23.7.2014 10:38, Martin Kosek wrote:
On 07/23/2014 10:33 AM, Jan Cholasta wrote:
On 23.7.2014 10:12, Martin Kosek wrote:
On 07/23/2014 09:56 AM, David Kupka wrote:
While solving ticket #4280 I noticed
See related thread #4450: how to allow password migration? for more
information.
---
Without nsslapd-allow-hashed-passwords being turned on, user password
migration fails.
https://fedorahosted.org/freeipa/ticket/4450
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering -
Hello,
Add TLSARecord to idnsRecord object class.
--
Petr^2 Spacek
From 2d358ccbc323ea6d4339f22b16d419195054e017 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Fri, 27 Jun 2014 09:33:05 +0200
Subject: [PATCH] Add TLSARecord to idnsRecord object class.
Signed-off-by: Petr
Hello,
Fix crash during reconnection to LDAP.
--
Petr^2 Spacek
From fb979d2f07be16f8cf441d393612504235ab26d8 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Wed, 23 Jul 2014 14:18:41 +0200
Subject: [PATCH] Fix crash during reconnection to LDAP.
Signed-off-by: Petr Spacek
This should be applied in 4.0.x, 4.1, master
Patches attached
--
Martin Basti
From 89e7dd87c1fad90084cb8fab38e985f95de8347e Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Mon, 21 Jul 2014 16:54:12 +0200
Subject: [PATCH 1/2] Fix DNS upgrade plugin should check if DNS
On 07/23/2014 03:03 PM, Jan Cholasta wrote:
On 23.7.2014 14:40, Tomas Babej wrote:
Hi,
when poking in the depths of the baseldap, I found this seemingly
redundant search.
ACK. For the record, before commit f1f1b4e the result was used for
wait_for_memberof.
Pushed to master, ipa-4-1.
Disable automatic re-execution of command after pending authentication.
It's possible to enable it again globally by
'freeipa/config':`rpc_retry_auth`.
https://fedorahosted.org/freeipa/ticket/4374
# Additional info:
This ticket is in 4.0 stabilization milestone. I don't think it's the
best
This patch fixes ordering problem of schema updates
Martin should it be in IPA 4.0.x ? It requires rebased ldap_python (will
be in Fedora 21)
Patch attached
--
Martin Basti
From 25aaa9872bbc725648c066f1d253f64c5f84ffc1 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Wed,
Detach/attach facet nodes when switching facets instead of
hiding/showing.
Keeps dom-tree more simple.
This patch is not really needed. I implemented it while testing
something in IE. But it might have positive effect for poorly written
parts of Web UI(if there are any :) ) or plugins.
[PATCH] 713 webui: replace action_buttons with action_widget
Simplify code base by reuse of 'disable' feature of button_widget. All
occurrences of action-button which were disabled/enabled were replaced
by button-widget.
https://fedorahosted.org/freeipa/ticket/4258
[PATCH] 714 webui: remove
On Wed, Jul 23, 2014 at 11:32:52AM +0300, Alexander Bokovoy wrote:
Were there DBus Python bindings available in RHEL 5/6 at the time when the
code was written?
Yes, but the API itself wasn't all there, and large parts of the
internals needed to be rewritten around its 0.53 release. Before
On Wed, Jul 23, 2014 at 10:12:39AM +0200, Martin Kosek wrote:
Certmonger API looked complete enough to pull this off:
https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/api.txt
If I am wrong, please tell me.
No, it's meant to be complete -- the getcert command only uses the APIs
to
On 07/23/2014 03:17 PM, Martin Basti wrote:
This patch fixes ordering problem of schema updates
Martin should it be in IPA 4.0.x ? It requires rebased ldap_python (will be in
Fedora 21)
Patch attached
If current LDAP updater does not fail or crash on 4.0.x, I would personally
leave this
https://fedorahosted.org/freeipa/ticket/4244
--
David Kupka
From 513fd9b6cf7502ed08e31318dd9425bc12392720 Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Wed, 23 Jul 2014 15:32:18 +0200
Subject: [PATCH] Verify otptoken timespan is valid
When creating or modifying otptoken
https://fedorahosted.org/freeipa/ticket/4448
--
David Kupka
From 306fd94ae35f153bd7eabf80217219ec25b2189b Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Wed, 23 Jul 2014 16:02:17 +0200
Subject: [PATCH] Fix group-remove-member crash when group is removed from a
protected group
On 07/23/2014 04:08 PM, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4448
Alternatively, we could also update the if condition to avoid running this
section at all when options['user'] does not exist or is empty. This would save
us at least from api.Command.group_show call.
Martin
Martin Kosek wrote:
On 07/23/2014 04:08 PM, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4448
Alternatively, we could also update the if condition to avoid running this
section at all when options['user'] does not exist or is empty. This would
save
us at least from
Theme package is contains resources for PKI web interface. This interface
is not needed by FreeIPA as it rather utilizes it's API. As recommended in
https://bugzilla.redhat.com/show_bug.cgi?id=1068029#c5, remove this hard
dependency.
--
Martin Kosek mko...@redhat.com
Supervisor, Software
On 23/07/14 15:30, Rob Crittenden wrote:
Martin Basti wrote:
This patch fixes ordering problem of schema updates
Martin should it be in IPA 4.0.x ? It requires rebased ldap_python (will
be in Fedora 21)
Patch attached
It looks like the modlist is only generated during a live run which
would
reset_password.html now redirects browser to URL specified in 'redirect'
uri component (if present).
The component has to be URI encoded. ie (in browser console):
$
encodeURIComponent('http://pvoborni.fedorapeople.org/doc/#!/guide/Debugging')
--
Hi,
On 23.7.2014 15:46, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4244
1) Use isinstance(X, Y) instead of type(X) is Y.
2) When is type(not_before) is str or type(not_after) is str true?
The values coming from command options or LDAP should always be
datetime, never str.
On Wed, 23 Jul 2014, Martin Kosek wrote:
Theme package is contains resources for PKI web interface. This interface
is not needed by FreeIPA as it rather utilizes it's API. As recommended in
https://bugzilla.redhat.com/show_bug.cgi?id=1068029#c5, remove this hard
dependency.
I've seen several
On 07/23/2014 05:07 PM, Alexander Bokovoy wrote:
On Wed, 23 Jul 2014, Martin Kosek wrote:
Theme package is contains resources for PKI web interface. This interface
is not needed by FreeIPA as it rather utilizes it's API. As recommended in
https://bugzilla.redhat.com/show_bug.cgi?id=1068029#c5,
On Wed, 23 Jul 2014, Martin Kosek wrote:
On 07/23/2014 05:07 PM, Alexander Bokovoy wrote:
On Wed, 23 Jul 2014, Martin Kosek wrote:
Theme package is contains resources for PKI web interface. This interface
is not needed by FreeIPA as it rather utilizes it's API. As recommended in
On 07/23/2014 05:21 PM, Alexander Bokovoy wrote:
On Wed, 23 Jul 2014, Martin Kosek wrote:
On 07/23/2014 05:07 PM, Alexander Bokovoy wrote:
On Wed, 23 Jul 2014, Martin Kosek wrote:
Theme package is contains resources for PKI web interface. This interface
is not needed by FreeIPA as it rather
On Wed, 23 Jul 2014, Martin Kosek wrote:
On 07/23/2014 05:21 PM, Alexander Bokovoy wrote:
On Wed, 23 Jul 2014, Martin Kosek wrote:
On 07/23/2014 05:07 PM, Alexander Bokovoy wrote:
On Wed, 23 Jul 2014, Martin Kosek wrote:
Theme package is contains resources for PKI web interface. This
Nope. Somehow in my head it felt cleaner. Updated patched attached.
On Wed, Jul 23, 2014 at 1:18 AM, Jan Cholasta jchol...@redhat.com wrote:
On 23.7.2014 01:01, Gabe Alford wrote:
Forgot about --trust-secret. Here is an updated patch.
On Mon, Jul 21, 2014 at 2:31 AM, Jan Cholasta
Hello,
Fix for https://fedorahosted.org/freeipa/ticket/4451
Thanks,
Gabe
From e995aa908933b31509ce02ba6a57fc20fa4fc245 Mon Sep 17 00:00:00 2001
From: Gabe redhatri...@gmail.com
Date: Wed, 23 Jul 2014 16:19:18 -0600
Subject: [PATCH] Typo in upstream documentation
- Fix typo with --sudocmds
Hi devel,
It would be particularly useful if each FreeIPA entry (eg: user, host,
service, etc...) had creation and last modified timestamps. Do these
fields already exist, and if they do, how can I access them?
If they do not, I would like to propose these as a feature request.
One use case for
On Thu, 24 Jul 2014, James wrote:
Hi devel,
It would be particularly useful if each FreeIPA entry (eg: user, host,
service, etc...) had creation and last modified timestamps. Do these
fields already exist, and if they do, how can I access them?
If they do not, I would like to propose these as
40 matches
Mail list logo