te a ticket?
I have created ticket 1764 to track this (in 3.0).
https://fedorahosted.org/freeipa/ticket/1764
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Wed, 07 Sep 2011, Stephen Gallagher wrote:
> On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
> > Hi!
> >
> > When modifying SSSD configuration, attempt to add new domain rather
> > than replacing whole configuration file.
> >
> > Only r
roject.org/koji/buildinfo?buildID=262773
>
> There are 2 version of the patch - master and ipa-2-1.
ACK for both.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
angelog section.
The following changes since commit d3c24bb0a65dae85e665ebc617ab4f084c2299fd:
Don't allow a OTP to be set on an enrolled host (2011-09-10 00:03:32 +)
are available in the git repository at:
git://fedorapeople.org/home/fedora/abbra/public_git/freeipa.git platform
n enrolled host (2011-09-10 00:03:19 +)
are available in the git repository at:
git://fedorapeople.org/home/fedora/abbra/public_git/freeipa.git
platform-master
Alexander Bokovoy (5):
Introduce platform-specific adaptation
Convert server install code to platform-independent access
On Mon, 12 Sep 2011, Jan Cholasta wrote:
> >We can't dictate which interface matches the hostname. At most we can
> >warn about this, but not fail to install.
> >
> >rob
>
> Changed to print a warning message instead of raising an e
hed to both
platform and platform-master branches on fedorapeople repo.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
https://fedorahosted.org/freeipa/ticket/1741
--
/ Alexander Bokovoy
>From 5391bfde89d890541a0274d39a909c08f09ab3ca Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Mon, 12 Sep 2011 14:06:55 +0300
Subject: [PATCH 6/8] Incorrect name in examples of ipa help hbactest
ht
https://fedorahosted.org/freeipa/ticket/1740
--
/ Alexander Bokovoy
>From a87317a404717882e35cdeb9a9bc5aa3445e5353 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Mon, 12 Sep 2011 17:23:56 +0300
Subject: [PATCH 7/8] Unroll groups when testing HBAC rules
Fixes https://fedorahosted.
ttern_errmsg='may only include letters, numbers, and -',
> +maxlength=255,
> cli_name='hostname',
> label=_('Host name'),
> primary_key=True,
What about IDN hosts? With this
On Mon, 12 Sep 2011, Rob Crittenden wrote:
> Remove the lower-case normalizer on roles, privileges and
> permissions. Mixed-case works fine.
ACK.
I suppose we don't need any unit-test for lift of restriction...
--
/ Alexander Bokovoy
On Mon, 12 Sep 2011, Rob Crittenden wrote:
> Alexander Bokovoy wrote:
> >On Mon, 12 Sep 2011, Rob Crittenden wrote:
> >
> >>Limit hostnames to letters, digits and - with a max length of 255
> >>
> >> takes_params = (
> >> Str(
make sure whatever we pass to external applications is
properly formatted as well -- all of them should be able to work with
xn- form.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
FreeIPA rules to PyHBAC objects.
--
/ Alexander Bokovoy
>From 27f44edb48fdcbf1f007282b17bbb5206f676c39 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 13 Sep 2011 11:49:27 +0300
Subject: [PATCH] When external host is specified in HBAC rule, allow its use
in simulation
ht
On Thu, 08 Sep 2011, Alexander Bokovoy wrote:
> On Wed, 07 Sep 2011, Stephen Gallagher wrote:
>
> > On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
> > > Hi!
> > >
> > > When modifying SSSD configuration, attempt to add new domain rather
&
r/lib/python2.7/site-packages/SSSDConfig.py", line 1207, in
> import_config
> fd = open(configfile, 'r')
> IOError: [Errno 2] No such file or directory: '/etc/sssd/sssd.conf'
Right, we need to fallback to new sssd.conf in case of any exception,
not only fo
.
What are other cases?
> Admittedly, it's a contrived example, but where contrived examples
> exist, so can real issues.
True.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
knows. I'm not even sure when this
> stopped working.
>
> I added an extra postun rule so that the server-selinux package is
> removed as a dependency when you do a yum erase freeipa-python.
ACK.
--
/ Alexander Bokovoy
___
Freeipa-
ion,cn=Definitions,cn=Managed
> Entries,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com' enable
This hurts. :)
Can't we have a shortcut that allows to specify only name of the
managed entry and we will expand it to full DN? Current approach is
way error-pro
On Fri, 16 Sep 2011, JR Aquino wrote:
> On Sep 16, 2011, at 4:41 AM, "Alexander Bokovoy" wrote:
> > Can't we have a shortcut that allows to specify only name of the
> > managed entry and we will expand it to full DN? Current approach is
> > way error-prone
forgot it. :)
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Tue, 20 Sep 2011, Martin Kosek wrote:
> Remove an invalid instance name passed to dirsrv service so that
> it is correctly stopped.
>
> https://fedorahosted.org/freeipa/ticket/1800
ACK.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing
On Tue, 20 Sep 2011, Martin Kosek wrote:
> > Pushed to master, ipa-2-1.
> >
> Alexander just noticed, that dirsrv stop in ipactl start fallback code
> was not right either. One-liner patch attached.
ACK as well.
--
/ Alexander Bokovoy
_
) already supported object class
argument, there is no API change as well.
For patch 132: ACK
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
current patch to introduce systemd/fedora16 support.
The patch is against ipa-2-1 branch, I have not checked how it applies
to master yet.
--
/ Alexander Bokovoy
diff --git a/Makefile b/Makefile
index 9d88025..3cd08e2 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ PRJ_PREFIX=freeipa
client
Reply-To:
Hi,
attached patch addresses ticket #1770.
--
/ Alexander Bokovoy
>From 6bb9520e2398a22c0264276171714ea5d201f83a Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 4 Oct 2011 13:56:12 +0300
Subject: [PATCH] Setup and restore ntp configuration on the client s
Hi,
attached patch fixes https://fedorahosted.org/freeipa/ticket/1775
--
/ Alexander Bokovoy
>From e956fb4cb1738cb98d006973db0016868204c10c Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 4 Oct 2011 14:33:36 +0300
Subject: [PATCH] Configure pam_krb5 on the client only if sssd
schema.
--setattr=STR Set an attribute to a name/value pair. Format is
attr=value. For multi-valued attributes, the command
replaces the values already present.
----
--
/ Alexander Bokovoy
>Fro
On Tue, 04 Oct 2011, Jan Cholasta wrote:
> On 4.10.2011 13:00, Alexander Bokovoy wrote:
> >client
> >Reply-To:
> >
> >Hi,
> >
> >attached patch addresses ticket #1770.
> >
>
> ipa-client-install fails with:
>
> Traceback (most recent call
we can't restore.
Attached patch should fix it -- as we can ignore absent backup.
--
/ Alexander Bokovoy
>From a37e9ff4a35c4c9784bf6a174ca8a4da37a43f51 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 4 Oct 2011 13:56:12 +0300
Subject: [PATCH] Setup and restore ntp configuratio
On Tue, 04 Oct 2011, Alexander Bokovoy wrote:
> Reproduced. This happens when the package freeipa-client is upgraded
> after client is enrolled with previous version -- in such case there
> is no backup state and therefore we can't restore.
Also add fstore to /etc/sysconfig/ntpd to
Hi,
https://fedorahosted.org/freeipa/ticket/1773
--
/ Alexander Bokovoy
>From 8b022ee7b1290cabd4e1a54971dc66420d73c1cc Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Wed, 5 Oct 2011 15:02:58 +0300
Subject: [PATCH] Before kinit, try to sync time with the NTP servers of the
domain
Hi,
in 1770 due to code moving from one part of the file to another,
restored variable didn't get a proper assignment.
One line patch.
--
/ Alexander Bokovoy
>From 8c46d269fb412887cf0eb70ec69bb6861933f56a Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Wed, 5 Oct 2011 15:11:
retries variable too.
Right.
I ended up not using raiseonerr=False as all I needed is a way to
break out of the loop on success so that will come sequentially if
there is no exception.
Patch attached.
--
/ Alexander Bokovoy
>From b80796995a550ff0411fe32b4e6dd1f9c04cbb2f Mon Sep 17 00:00:
client has to submit next key if clocks have drifted which implies you
cannot re-use the same OTP next time. To me this looks like in OTP
case clocks synchronization is very important. In our OTP case it does
not matter except for an artificial delay...
I've added the message.
--
/ Alexander
chance to use the same password again? If that's the case, it is
better to wait a second or three for time sync.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
sorted by
probability of encountering the container in real life, with users and
hosts to be at the beginning.
--
/ Alexander Bokovoy
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index b12403b..f9d1d14 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.p
rs
Swap: 2031612k total, 1012792k used, 1018820k free,18096k cached
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ons.unattended = True
> uninstall(options, env, quiet=True)
>
> +return rval
> +
> try:
> if __name__ == "__main__":
> sys.exit(main())
ACK.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hi,
rebased, updated package dependencies, and verified against
Fedora 16+updates-testing.
This patch is for ipa-2-1 branch. I need to do few cosmetic changes in
freeipa.spec.in to accomodate it to 3.0 (master branch) as ipa_kpasswd
is gone there.
--
/ Alexander Bokovoy
>F
On Mon, 10 Oct 2011, Alexander Bokovoy wrote:
> rebased, updated package dependencies, and verified against
> Fedora 16+updates-testing.
>
> This patch is for ipa-2-1 branch. I need to do few cosmetic changes in
> freeipa.spec.in to accomodate it to 3.0 (master branch) as ipa_kpa
Hi,
https://fedorahosted.org/freeipa/ticket/1774
--
/ Alexander Bokovoy
>From 6603e5af84c03dbabdd3de8a681a8d9d9b89013d Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 11 Oct 2011 10:22:16 +0300
Subject: [PATCH] Increase number of 'getent passwd attempts' to 10
Duri
Two patches in the same commit because they affect the same code and
otherwise would have created dependency between the patches anyway.
--
/ Alexander Bokovoy
>From 09ccb28ab1f6fb5c5d2ee41b583125e95bd23a62 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 11 Oct 2011 11:25:24 +0
ect[obj].uuid_attribute)
> + for obj_attr in self.api.Object[obj].default_attributes:
Shouldn't this be checked_attrs?
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
The code change works fine with Fedora 15 as well (tested).
--
/ Alexander Bokovoy
>From c25b21972fb3a93b7c2ff1ab15715ae0bd3369b5 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 11 Oct 2011 12:07:23 +0300
Subject: [PATCH 2/2] Force kerberos realm to be a string
Fixes issue with
On Tue, 11 Oct 2011, Martin Kosek wrote:
> On Tue, 2011-10-11 at 12:01 +0300, Alexander Bokovoy wrote:
> > On Tue, 11 Oct 2011, Martin Kosek wrote:
> > > @@ -212,6 +216,24 @@ class config_mod(LDAPUpdate):
> > > r
c = a+b
> >>> print c
> [1, 2, 3, 4]
> >>> print a
> [1, 2, 3]
> >>> print b
> [4]
> >>> c.append(5)
> >>> print c
> [1, 2, 3, 4, 5]
> >>> print a
> [1, 2, 3]
> >>> print b
>
the new
> set of default object classes
>
> https://fedorahosted.org/freeipa/ticket/1893
ACK.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Bokovoy
>From db1a37bbb58ddd1a99c5498940f2988477392a06 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Wed, 12 Oct 2011 14:15:01 +0300
Subject: [PATCH 1/2] Refactor backup_and_replace_hostname() into a flexible
config modification tool
backup_and_replace_hostname() was doing three things
x27;HOSTNAME']: ...
>
> should be
>
> if 'HOSTNAME' in old_values: ...
Updated patch attached.
--
/ Alexander Bokovoy
>From 6c01a86f232d10176372a9fbf7c8a4d40f8e928a Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Wed, 12 Oct 2011 16:42:09 +0300
Subject: [PATCH]
On Tue, 13 Sep 2011, Stephen Gallagher wrote:
> On Tue, 2011-09-13 at 16:33 +0300, Alexander Bokovoy wrote:
> > On Tue, 13 Sep 2011, Stephen Gallagher wrote:
> > > > > File "/usr/lib/python2.7/site-packages/SSSDConfig.py", line 1207,
> > > &
hat an error occurred when in fact there just was
> no sssd.conf to import.
>
> Otherwise the approach looks good.
Thanks, will do more testing tomorrow and make better phrases as well.
I can differentiate "file does not exist" and error parsing.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
o proper detect that we actually
changed hostname/archived /etc/sysconfig/network already -- either in
server or client installation context.
Unlike all other methods, this one gives you nondestructive peeking of
the file store state.
--
/ Alexander Bokovoy
__
;;' to
'#' for the existing correct sssd.conf, but that's how SSSDConfig
works.
--
/ Alexander Bokovoy
>From 51b6ac3c8f65f5686b87243dbeb9c33e3ac6ee58 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Wed, 12 Oct 2011 19:14:55 +0300
Subject: [PATCH] Refactor authconfig use in ipa-
t;
> https://fedorahosted.org/freeipa/ticket/1965
ACK, good change.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Thu, 13 Oct 2011, Rob Crittenden wrote:
> In backup_and_replace_hostname() the value of hostname wasn't being
> saved if it wasn't in /etc/sysconfig/network. This should save it in
> every case.
ACK
(yes, I need to go to bed)
--
dows.ad.example.com
> +
> +.TP
> +Remove a winsync replication agreement:
> + # ipa\-replica\-manage disconnect windows.ad.example.com
> .SH "EXIT STATUS"
> 0 if the command was successful
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Fri, 14 Oct 2011, Rob Crittenden wrote:
> Alexander Bokovoy wrote:
> >On Thu, 13 Oct 2011, Rob Crittenden wrote:
> >>Added more detailed information on creating a winsync replica to the
> >>ipa-replica-manage man page.
> >
> >>+Creating a Windows
Hi,
document new option --preserve-sssd introduced when fixing ticket
1750.
--
/ Alexander Bokovoy
>From bb98c30ddf8efad1a563529f1776ab1c8f097683 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Fri, 14 Oct 2011 10:27:59 +0300
Subject: [PATCH] Document --preserve-sssd option of
() and ask for
its properties later.
You can move those _select_ca(), _select_any_master(),
_host_has_service() to CaCache as they seem to not depend on anything
in class ca but rather use global api.env.
This way you will get is a fairly simple CaCache class reusable
On Fri, 14 Oct 2011, Rob Crittenden wrote:
> Handle an empty value in a name/value pair in config_replace_variables()
>
> This would blow up if you tried to append a value to an entry that
> looked like:
>
> NAME=
Yes. ACK.
--
/
Hi,
dictview is a new class in Python 2.7. We need to support older Python
versions and thus, use set instead.
--
/ Alexander Bokovoy
>From 169210f725d753d0707c0ee05c659747193fd6e5 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Fri, 14 Oct 2011 17:40:26 +0300
Subject: [PATCH] Use
domain_name, netbios_name,
> - smbd_user="samba"):
> + no_msdcs, smbd_user="samba"):
Maybe we could make no_msdcs defaulting to False here? I.e.
+no_msdcs=False, smbd_user="samba"):
On Fri, 14 Oct 2011, Sumit Bose wrote:
> Thank you for your comments, new version attached.
ACK from code reading. I'll try to test it once 2.1.3 is
released, if you don't mind.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
group
specified in the rule), as well as negative cases.
https://fedorahosted.org/freeipa/ticket/1988
--
/ Alexander Bokovoy
>From f3e1b4f3259e841e2bd54f649231b36e257a2559 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Mon, 17 Oct 2011 00:23:26 +0300
Subject: [PATCH] hbactest fails wh
ct 17 06:48:36 vm-114 ipactl[954]: Shutting down
Oct 17 06:48:36 vm-114 ipactl[954]: Starting Directory Service
After applying attached patch I now have fully working FreeIPA 2.1 git
on Fedora 16.
--
/ Alexander Bokovoy
>From cb5583ad8023d87fdbf863cd65032d0f11108bc0 Mon Sep 17 00:00:00 2001
nable to add external user for RunAs User for Sudo
> rules
>
> https://fedorahosted.org/freeipa/ticket/1987
>
> There is no way to add root or any external user as a RunAs User for a Sudo
> Rule.
ACK.
--
/ Alexander Bokovoy
___
F
://koji.fedoraproject.org/koji/taskinfo?taskID=3437275 is current
scratch build of 2.1 for F-16. It is 2.1.2+diff up to current ipa-2-1
git tree + systemd patch.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Tue, 18 Oct 2011, Alexander Bokovoy wrote:
> > ipa.init was removed from the git, but it was never moved to
> > init/SystemV/.
> It should have been moved (rm+new file). I'll check what's happening
> there, maybe Simo's patch omitted that one?
>
> http
en though they should be
> up (cert-show command worked):
This might be related as well -- I've seen multiple times when
ipa_kpasswd didn't start after ipa-server-install but works after
restart.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK. It took me a while but hostname is ensured to be FQDN by the
point we do that dangerous hostname[where is the dot+1:] operation. :)
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
https://fedorahosted.org/freeipa/ticket/2023
--
/ Alexander Bokovoy
>From 29eb102e9319eff837d71e4da6ad45796f3e7868 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 25 Oct 2011 18:41:32 +0300
Subject: [PATCH] Quote multiple workers option
https://fedorahosted.org/freeipa/ticket/2
Yes. I'm not sure we tried hard to keep 2.4 working but 2.6 is
definitely supported.
> I also assume that means any Python feature added in 2.7 cannot be
> used, correct?
Yes. I had to rewrite code recently from views to sets due to the fact
that dictionary views were
#x27;_ReadOnly__') and name != 'finalize_late':
> +self.finalize_late()
> +return object.__getattribute__(self, name)
Could you get faster than three string comparisons? As
__getattribute__ is fairly often called it would make sense to keep
these operatio
On Mon, 31 Oct 2011, Simo Sorce wrote:
> On Mon, 2011-10-31 at 14:19 +0200, Alexander Bokovoy wrote:
> > On Mon, 31 Oct 2011, Jan Cholasta wrote:
> > > Added finalization for __call__ and the check for CLI. Patch attached.
> > ACK from my side but see below.
> >
&
On Mon, 31 Oct 2011, Jan Cholasta wrote:
> Dne 31.10.2011 13:19, Alexander Bokovoy napsal(a):
> >On Mon, 31 Oct 2011, Jan Cholasta wrote:
> >>Added finalization for __call__ and the check for CLI. Patch attached.
> >ACK from my side but see below.
> >
> >&
ine 187, in
> runTest
> self.test(*self.arg)
> File "/home/mkosek/freeipa/tests/test_ipalib/test_frontend.py", line
> 304, in test_options
> assert self.cls().options is None
> AssertionError
>
>
>
> I found one more issue with our ./makeapi script.
d can be used for all other types of objects.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
eipa-2-1-speedup]# time ipa help >/dev/null
real0m0.624s
user0m0.479s
sys 0m0.133s
[root@vm-114 freeipa-2-1-speedup]# time ipa group >/dev/null
real0m0.612s
user0m0.475s
sys 0m0.126s
[root@vm-114 freeipa-2-1-speedup]# time ipa user >/dev/null
real0m0.61
(actual patch attached!)
On Wed, 02 Nov 2011, Alexander Bokovoy wrote:
> On Wed, 02 Nov 2011, Jan Cholasta wrote:
> > >Callable instances are a consequence of the above --
> > >Command.__call__() does use properties that are changed due to
> > >finalize() being r
ot; it works fine.
I suspected this. :)
Ok, that and I protected self.__finalized reassignment in case
Plugin#finalize() got called twice -- second time the class is locked
already so self.__finalized = True will blow exception. I made it
no-op for next passes.
New patch attached. Survived fresh
azy
> finalization, so that the behavior can be overriden (actually I have
> already done that - see attached patch - just use
> "api.env.plugins_on_demand" instead of "api.env.context == 'cli'").
Done.
--
/ Alexander Bokovoy
>From 44ebebc2fede6f001a826fa
On Thu, 03 Nov 2011, Simo Sorce wrote:
> As stated in the bug in order to attain better interoperability with
> Windows clients we need to change the way we generate the random salt.
ACK.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
F
P_OIDLIST,
> ipapwd_oid_list);
> if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_NAMELIST,
> ipapwd_name_list);
> -if (!ret) slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN, (void
> *)ipapwd_extop);
> +if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN,
;
ACK.
> https://fedorahosted.org/freeipa/ticket/2037
> ---
> daemons/ipa-kdb/ipa_kdb_pwdpolicy.c |2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
> b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
> index
> d439feb907eebda70b513ac9ca70f3e259ad3909..46a0513307c859ff2cfef7ad58442edb1b9cc78d
> 100644
> --- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
> +++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
> @@ -85,7 +85,7 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext,
> char *name,
> goto done;
> }
>
> -pentry = calloc(1, sizeof(osa_policy_ent_t));
> +pentry = calloc(1, sizeof(osa_policy_ent_rec));
> if (!pentry) {
> kerr = ENOMEM;
> goto done;
How this one has even worked? :)
ACK.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Tue, 08 Nov 2011, Rob Crittenden wrote:
> Don't allow one to set a blank list of default objectclasses in
> cn=ipaconfig.
>
ACK
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/ma
0m1.103s0m0.478s0m0.451s
> sys 0m0.161s0m0.126s0m0.133s
>
> $ time ipa user-find
> real0m1.897s0m1.253s0m1.235s
> user0m1.119s0m0.486s0m0.488s
> sys 0m0.160s0m0.160s0m0.136s
>
> $ time ipa help
> real0m1.299
e
> effectively. True/False to LDAP's "TRUE"/"FALSE" in this case. Encoding
> functions are executed in a server context only.
Ack.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ription. You only added it to the mail. When I am traversing FreeIPA
> git logs, I must be able to quickly read what this patch does.
>
> You would have seen all these conventions I wrote you about if you had
> read some patches in freeipa-devel or had read some in FreeIPA git lo
rather did a commonalization of detection instead of
duplicating the code. We can re-use result of detecting what exists
later in configure_{ldap,nslcd}_config().
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ba4.
Simo, do you remember details?
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
s aci_del(crud.Delete):
> """
> Execute the aci-delete operation.
>
> -:param aciname: The name of the ACI being added.
> +:param aciname: The name of the ACI being deleted.
> :param kw: unused
> ""&q
done via
kerberos and NSS module would give you users and groups with nss_ldap.
So pam_ldap + nss_ldap is one of possible configurations, but pam_krb5
+ nss_ldap is also possible to use, without pam_ldap.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
27;all', 'All', 'ALL', 'aLL', and so on are mistyping but there
are might be valid cases when group or user is called 'all'.
--
/ Alexander Bokovoy
>From 726dee0d53736f7ec42569e6f65e112f663a7fb8 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
, but
replica may succeed.
Ticket #1827
https://fedorahosted.org/freeipa/ticket/1827
--
/ Alexander Bokovoy
>From 3d4d893dc4631184824add70dfdef5dfd9f331c2 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Mon, 14 Nov 2011 12:39:50 +0200
Subject: [PATCH] Check through all LDAP servers in th
criptive name because
'attribute' and 'noattribute' are confusing, to say at least.
Or maybe we should document them better? Right now there is no
documentation for a majority of those flags.
--
/ Alexander Bokovoy
___
Freeipa-devel m
egarding label names changes which
force API break as well but as this patch shows, we'll get a lot of
trouble on compatibility without filtering the attributes that don't
really matter on the client side...
--
/ Alexander Bokovoy
_
lity with
older releases which I'll look at in ticket #2026.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
does crash when it receives
> > Gettext/NGettext object. Instead of throwing a type error, do the
> > translation to receive the required unicode text.
> >
> > https://fedorahosted.org/freeipa/ticket/2096
ACK now. :)
--
/ Alexander Bokovoy
_
py_default_encoding extension depends on Python.h and Python
development tools availability. Make sure they are installed.
https://fedorahosted.org/freeipa/ticket/1838
--
/ Alexander Bokovoy
>From b6b6112cb84f69c41a27bbab1c75fed97be4a61b Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
D
101 - 200 of 1673 matches
Mail list logo