On 3.9.2014 16:42, Martin Basti wrote:
On 02/09/14 17:16, Petr Spacek wrote:
On 20.8.2014 19:26, Martin Basti wrote:
Part of DNSSEC
Patches attached.
NACK
# ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'
ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS
record
On 09/01/2014 04:17 PM, Jan Cholasta wrote:
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4019.
Honza
ACK, pushed to:
master: 93346b1cf9ffae5afdd9bb71684f22922dbc8ea4
ipa-4-1: 451c2e2bc4da52900dbf6cd67ea62ccd70e8e421
ipa-4-0: b50528a7d92d811cfcc00bf0ecdecbab13fec5b1
On 09/03/2014 04:45 PM, Jan Cholasta wrote:
Dne 3.9.2014 v 16:25 David Kupka napsal(a):
On 09/03/2014 04:05 PM, Jan Cholasta wrote:
Dne 3.9.2014 v 12:37 David Kupka napsal(a):
On 09/02/2014 01:56 PM, Jan Cholasta wrote:
Dne 29.8.2014 v 14:34 David Kupka napsal(a):
Hope, I've addressed all
On 09/03/2014 04:53 PM, Petr Viktorin wrote:
On 09/03/2014 03:53 PM, Tomas Babej wrote:
Hi,
Makes sure that any new sources added are not already present
in the entry.
https://fedorahosted.org/freeipa/ticket/4508
It works fine, ACK.
I do have some comments, but 4.0.x is a stabilization
On 09/03/2014 05:09 PM, Jan Cholasta wrote:
Hi,
Dne 27.8.2014 v 13:56 David Kupka napsal(a):
Usually it isn't wise to allow something like this. But in environment
with broken DNS (described in ticket) there is probably not many
alternatives.
https://fedorahosted.org/freeipa/ticket/
1)
Also I made explicit conversion to list for default values upon Petr's
request.
On 09/04/2014 12:32 PM, Tomas Babej wrote:
On 09/03/2014 04:53 PM, Petr Viktorin wrote:
On 09/03/2014 03:53 PM, Tomas Babej wrote:
Hi,
Makes sure that any new sources added are not already present
in the entry.
Minor fix regarding default_value being None converted to list.
On 09/04/2014 12:45 PM, Tomas Babej wrote:
Also I made explicit conversion to list for default values upon Petr's
request.
On 09/04/2014 12:32 PM, Tomas Babej wrote:
On 09/03/2014 04:53 PM, Petr Viktorin wrote:
On 09/03/2014
On 04/09/14 11:46, Petr Spacek wrote:
On 3.9.2014 16:42, Martin Basti wrote:
On 02/09/14 17:16, Petr Spacek wrote:
On 20.8.2014 19:26, Martin Basti wrote:
Part of DNSSEC
Patches attached.
NACK
# ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'
ipa: ERROR: invalid 'dsrecord': DS record
On 4.9.2014 13:02, Martin Basti wrote:
On 04/09/14 11:46, Petr Spacek wrote:
On 3.9.2014 16:42, Martin Basti wrote:
On 02/09/14 17:16, Petr Spacek wrote:
On 20.8.2014 19:26, Martin Basti wrote:
Part of DNSSEC
Patches attached.
NACK
# ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'
On 3.9.2014 16:51, Martin Basti wrote:
On 03/09/14 12:30, Martin Kosek wrote:
On 09/02/2014 05:38 PM, Petr Spacek wrote:
On 21.8.2014 19:21, Martin Basti wrote:
During work on DNSSEC we found a wrong validation of NS records
Patch 0113 fixes an error in tests caused by bind-dyndb-ldap bug
Dne 4.9.2014 v 12:31 David Kupka napsal(a):
On 09/03/2014 04:45 PM, Jan Cholasta wrote:
Dne 3.9.2014 v 16:25 David Kupka napsal(a):
On 09/03/2014 04:05 PM, Jan Cholasta wrote:
Dne 3.9.2014 v 12:37 David Kupka napsal(a):
On 09/02/2014 01:56 PM, Jan Cholasta wrote:
Dne 29.8.2014 v 14:34 David
Dne 4.9.2014 v 12:42 David Kupka napsal(a):
On 09/03/2014 05:09 PM, Jan Cholasta wrote:
Hi,
Dne 27.8.2014 v 13:56 David Kupka napsal(a):
Usually it isn't wise to allow something like this. But in environment
with broken DNS (described in ticket) there is probably not many
alternatives.
On 09/04/2014 01:00 PM, Tomas Babej wrote:
Minor fix regarding default_value being None converted to list.
On 09/04/2014 12:45 PM, Tomas Babej wrote:
Also I made explicit conversion to list for default values upon Petr's
request.
ACK, pushed to:
master:
On 09/04/2014 01:19 PM, Jan Cholasta wrote:
Dne 4.9.2014 v 12:31 David Kupka napsal(a):
On 09/03/2014 04:45 PM, Jan Cholasta wrote:
Dne 3.9.2014 v 16:25 David Kupka napsal(a):
On 09/03/2014 04:05 PM, Jan Cholasta wrote:
Dne 3.9.2014 v 12:37 David Kupka napsal(a):
On 09/02/2014 01:56 PM, Jan
On Wed, 03 Sep 2014, Martin Kosek wrote:
On 09/03/2014 03:15 PM, Petr Viktorin wrote:
On 09/03/2014 02:27 PM, Petr Viktorin wrote:
On 09/03/2014 01:27 PM, Petr Viktorin wrote:
Hello,
This adds managed read permissions to the compat tree.
For users it grants anonymous access; authenticated
Hello,
Use master subdirectory for temporary files related to zones.
This allows us to separate zone and non-zone metadata and also to separate
master and (hypothetical) slave zones.
--
Petr^2 Spacek
From f942df399ded10399a1f5d378d5ca1cc959bb157 Mon Sep 17 00:00:00 2001
From: Petr Spacek
Dne 4.9.2014 v 13:40 Martin Kosek napsal(a):
On 09/04/2014 01:19 PM, Jan Cholasta wrote:
Dne 4.9.2014 v 12:31 David Kupka napsal(a):
On 09/03/2014 04:45 PM, Jan Cholasta wrote:
Dne 3.9.2014 v 16:25 David Kupka napsal(a):
On 09/03/2014 04:05 PM, Jan Cholasta wrote:
Dne 3.9.2014 v 12:37 David
Hello,
Escape directory names generated from zone names.
Previously root zone '.' and zone names with characters like '/' caused
scattering of temporary files all over dyndb-ldap working directory.
https://fedorahosted.org/bind-dyndb-ldap/ticket/122
--
Petr^2 Spacek
On 09/04/2014 02:40 PM, Alexander Bokovoy wrote:
On Wed, 03 Sep 2014, Martin Kosek wrote:
On 09/03/2014 03:15 PM, Petr Viktorin wrote:
On 09/03/2014 02:27 PM, Petr Viktorin wrote:
On 09/03/2014 01:27 PM, Petr Viktorin wrote:
Hello,
This adds managed read permissions to the compat tree.
For
On Thu, 04 Sep 2014, Martin Kosek wrote:
On 09/04/2014 02:40 PM, Alexander Bokovoy wrote:
On Wed, 03 Sep 2014, Martin Kosek wrote:
On 09/03/2014 03:15 PM, Petr Viktorin wrote:
On 09/03/2014 02:27 PM, Petr Viktorin wrote:
On 09/03/2014 01:27 PM, Petr Viktorin wrote:
Hello,
This adds managed
Regression is caused by different output types for dnsrecord-mod and
dnsrecord-del.
dnsrecord-mod internally calls remove record, if there is no more
records in owner name, which cause output validation error.
[root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec=
ipa: ERROR: an
On Thu, 2014-09-04 at 15:55 +0200, Martin Kosek wrote:
On 09/04/2014 02:40 PM, Alexander Bokovoy wrote:
On Wed, 03 Sep 2014, Martin Kosek wrote:
On 09/03/2014 03:15 PM, Petr Viktorin wrote:
On 09/03/2014 02:27 PM, Petr Viktorin wrote:
On 09/03/2014 01:27 PM, Petr Viktorin wrote:
Hello,
Hi,
Dne 4.9.2014 v 16:13 Martin Basti napsal(a):
Regression is caused by different output types for dnsrecord-mod and
dnsrecord-del.
dnsrecord-mod internally calls remove record, if there is no more
records in owner name, which cause output validation error.
[root@vm-035 git]# ipa
On 09/04/2014 04:10 PM, Alexander Bokovoy wrote:
...
createTimestamp is operational attribute and is synthesized by
slapi-nis, there is no problem allowing access to it. I think we can
allow following operational attributes:
createTimestamp, modifyTimestamp, entryUSN, creatorsName,
On 4.9.2014 16:32, Martin Basti wrote:
On 04/09/14 15:46, Petr Spacek wrote:
Hello,
Escape directory names generated from zone names.
Previously root zone '.' and zone names with characters like '/' caused
scattering of temporary files all over dyndb-ldap working directory.
On 09/04/2014 04:38 PM, Martin Kosek wrote:
On 09/04/2014 04:10 PM, Alexander Bokovoy wrote:
...
createTimestamp is operational attribute and is synthesized by
slapi-nis, there is no problem allowing access to it. I think we can
allow following operational attributes:
createTimestamp,
On 04/09/14 16:36, Jan Cholasta wrote:
Hi,
Dne 4.9.2014 v 16:13 Martin Basti napsal(a):
Regression is caused by different output types for dnsrecord-mod and
dnsrecord-del.
dnsrecord-mod internally calls remove record, if there is no more
records in owner name, which cause output validation
On Thu, Sep 04, 2014 at 10:30:11AM -0400, Simo Sorce wrote:
On Thu, 2014-09-04 at 15:55 +0200, Martin Kosek wrote:
On 09/04/2014 02:40 PM, Alexander Bokovoy wrote:
On Wed, 03 Sep 2014, Martin Kosek wrote:
On 09/03/2014 03:15 PM, Petr Viktorin wrote:
On 09/03/2014 02:27 PM, Petr
Hi,
Dne 3.9.2014 v 21:23 Rob Crittenden napsal(a):
No longer request and install a cert for the IPA client machine.
rob
The original plan was to keep generating the certificate, but in
/etc/ipa/nssdb instead of /etc/pki/nssdb (see the attached patch).
I'm fine with either approach.
--
On Thu, 04 Sep 2014, Simo Sorce wrote:
On Thu, 2014-09-04 at 15:55 +0200, Martin Kosek wrote:
On 09/04/2014 02:40 PM, Alexander Bokovoy wrote:
On Wed, 03 Sep 2014, Martin Kosek wrote:
On 09/03/2014 03:15 PM, Petr Viktorin wrote:
On 09/03/2014 02:27 PM, Petr Viktorin wrote:
On 09/03/2014
Dne 4.9.2014 v 16:45 Martin Basti napsal(a):
On 04/09/14 16:36, Jan Cholasta wrote:
Hi,
Dne 4.9.2014 v 16:13 Martin Basti napsal(a):
Regression is caused by different output types for dnsrecord-mod and
dnsrecord-del.
dnsrecord-mod internally calls remove record, if there is no more
records in
On Thu, 2014-09-04 at 18:10 +0300, Alexander Bokovoy wrote:
On Thu, 04 Sep 2014, Simo Sorce wrote:
On Thu, 2014-09-04 at 15:55 +0200, Martin Kosek wrote:
On 09/04/2014 02:40 PM, Alexander Bokovoy wrote:
On Wed, 03 Sep 2014, Martin Kosek wrote:
On 09/03/2014 03:15 PM, Petr Viktorin wrote:
Jan Cholasta wrote:
Hi,
Dne 3.9.2014 v 21:23 Rob Crittenden napsal(a):
No longer request and install a cert for the IPA client machine.
rob
The original plan was to keep generating the certificate, but in
/etc/ipa/nssdb instead of /etc/pki/nssdb (see the attached patch).
I'm fine
On 04/09/14 14:43, Petr Spacek wrote:
Hello,
Use master subdirectory for temporary files related to zones.
This allows us to separate zone and non-zone metadata and also to
separate
master and (hypothetical) slave zones.
Works fine. ACK
--
Martin Basti
On 04/09/14 16:41, Petr Spacek wrote:
On 4.9.2014 16:32, Martin Basti wrote:
On 04/09/14 15:46, Petr Spacek wrote:
Hello,
Escape directory names generated from zone names.
Previously root zone '.' and zone names with characters like '/' caused
scattering of temporary files all over
Hello,
Create temporary directories with ug=rwx,o= permissions.
Zero group permissions do not allow to use POSIX ACLs which is
undesirable.
--
Petr^2 Spacek
From d54a1e75411c1bf410e27befc1f7b1cfee45b9b8 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Thu, 4 Sep 2014
On 04/09/14 17:55, Petr Spacek wrote:
Hello,
Create temporary directories with ug=rwx,o= permissions.
Zero group permissions do not allow to use POSIX ACLs which is
undesirable.
NACK
It creates drwxr-x--- permissions (umask problem)
___
On 8/22/2014 11:29 AM, Petr Vobornik wrote:
Ticket: https://fedorahosted.org/freeipa/ticket/4507
Support for delegating RBAC roles to service principals added new
attribute members. [1][2] Most of Web UI was automatically extended but
the defaults chose wrong associator for service's
On 8/29/2014 3:40 AM, Petr Vobornik wrote:
Password change initiated from header menu notified success twice.
First one in `dialogs.password.dialog` and second one in a success
callback. The second notification was removed.
Caused by:
On 8/29/2014 11:00 AM, Petr Vobornik wrote:
[PATCH] 746 webui: append network.negotiate-auth.trusted-uris
https://fedorahosted.org/freeipa/ticket/4478
Some comments/questions:
1. If I'm reading this correctly, if the preference is currently empty,
the method will just return without setting
40 matches
Mail list logo