Re: [Freeipa-devel] [PATCH] 118 Fix permissions in installers

te a ticket? I have created ticket 1764 to track this (in 3.0). https://fedorahosted.org/freeipa/ticket/1764 -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

On Wed, 07 Sep 2011, Stephen Gallagher wrote: > On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote: > > Hi! > > > > When modifying SSSD configuration, attempt to add new domain rather > > than replacing whole configuration file. > > > > Only r

Re: [Freeipa-devel] [PATCH] 121 Set bind and bind-dyndb-ldap min nvr

roject.org/koji/buildinfo?buildID=262773 > > There are 2 version of the patch - master and ipa-2-1. ACK for both. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PULL REQUEST, ipa-2-1] Platform-specific adaptation

angelog section. The following changes since commit d3c24bb0a65dae85e665ebc617ab4f084c2299fd: Don't allow a OTP to be set on an enrolled host (2011-09-10 00:03:32 +) are available in the git repository at: git://fedorapeople.org/home/fedora/abbra/public_git/freeipa.git platform

[Freeipa-devel] [PULL REQUEST, master] Platform-specific adaptation

n enrolled host (2011-09-10 00:03:19 +) are available in the git repository at: git://fedorapeople.org/home/fedora/abbra/public_git/freeipa.git platform-master Alexander Bokovoy (5): Introduce platform-specific adaptation Convert server install code to platform-independent access

Re: [Freeipa-devel] [PATCH] 45 Check that install hostname matches the server hostname

On Mon, 12 Sep 2011, Jan Cholasta wrote: > >We can't dictate which interface matches the hostname. At most we can > >warn about this, but not fail to install. > > > >rob > > Changed to print a warning message instead of raising an e

Re: [Freeipa-devel] [PULL REQUEST, master] Platform-specific adaptation

hed to both platform and platform-master branches on fedorapeople repo. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0013 Use proper HBAC service names in the documentation

https://fedorahosted.org/freeipa/ticket/1741 -- / Alexander Bokovoy >From 5391bfde89d890541a0274d39a909c08f09ab3ca Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 12 Sep 2011 14:06:55 +0300 Subject: [PATCH 6/8] Incorrect name in examples of ipa help hbactest ht

[Freeipa-devel] [PATCH] 0014 Unroll groups for users, hosts, and services when testing HBAC rules

https://fedorahosted.org/freeipa/ticket/1740 -- / Alexander Bokovoy >From a87317a404717882e35cdeb9a9bc5aa3445e5353 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 12 Sep 2011 17:23:56 +0300 Subject: [PATCH 7/8] Unroll groups when testing HBAC rules Fixes https://fedorahosted.

Re: [Freeipa-devel] [PATCH] 871 add hostname regex

ttern_errmsg='may only include letters, numbers, and -', > +maxlength=255, > cli_name='hostname', > label=_('Host name'), > primary_key=True, What about IDN hosts? With this

Re: [Freeipa-devel] [PATCH] 870 remove normalizer

On Mon, 12 Sep 2011, Rob Crittenden wrote: > Remove the lower-case normalizer on roles, privileges and > permissions. Mixed-case works fine. ACK. I suppose we don't need any unit-test for lift of restriction... -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH] 871 add hostname regex

On Mon, 12 Sep 2011, Rob Crittenden wrote: > Alexander Bokovoy wrote: > >On Mon, 12 Sep 2011, Rob Crittenden wrote: > > > >>Limit hostnames to letters, digits and - with a max length of 255 > >> > >> takes_params = ( > >> Str(

Re: [Freeipa-devel] [PATCH] 871 add hostname regex

make sure whatever we pass to external applications is properly formatted as well -- all of them should be able to work with xn- form. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Allow using external hosts in HBAC test

FreeIPA rules to PyHBAC objects. -- / Alexander Bokovoy >From 27f44edb48fdcbf1f007282b17bbb5206f676c39 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 13 Sep 2011 11:49:27 +0300 Subject: [PATCH] When external host is specified in HBAC rule, allow its use in simulation ht

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

On Thu, 08 Sep 2011, Alexander Bokovoy wrote: > On Wed, 07 Sep 2011, Stephen Gallagher wrote: > > > On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote: > > > Hi! > > > > > > When modifying SSSD configuration, attempt to add new domain rather &

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

r/lib/python2.7/site-packages/SSSDConfig.py", line 1207, in > import_config > fd = open(configfile, 'r') > IOError: [Errno 2] No such file or directory: '/etc/sssd/sssd.conf' Right, we need to fallback to new sssd.conf in case of any exception, not only fo

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

. What are other cases? > Admittedly, it's a contrived example, but where contrived examples > exist, so can real issues. True. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 875 fix rpm installation ordering

knows. I'm not even sure when this > stopped working. > > I added an extra postun rule so that the server-selinux package is > removed as a dependency when you do a yum erase freeipa-python. ACK. -- / Alexander Bokovoy ___ Freeipa-

Re: [Freeipa-devel] [PATCH] 25 Create Tool for Enabling Disabling Managed Entry

ion,cn=Definitions,cn=Managed > Entries,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com' enable This hurts. :) Can't we have a shortcut that allows to specify only name of the managed entry and we will expand it to full DN? Current approach is way error-pro

Re: [Freeipa-devel] [PATCH] 25 Create Tool for Enabling Disabling Managed Entry

On Fri, 16 Sep 2011, JR Aquino wrote: > On Sep 16, 2011, at 4:41 AM, "Alexander Bokovoy" wrote: > > Can't we have a shortcut that allows to specify only name of the > > managed entry and we will expand it to full DN? Current approach is > > way error-prone

Re: [Freeipa-devel] [PATCH] 878 ignore restorecon errors

forgot it. :) -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 124 ipactl does not stop dirsrv

On Tue, 20 Sep 2011, Martin Kosek wrote: > Remove an invalid instance name passed to dirsrv service so that > it is correctly stopped. > > https://fedorahosted.org/freeipa/ticket/1800 ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing

Re: [Freeipa-devel] [PATCH] 124 ipactl does not stop dirsrv

On Tue, 20 Sep 2011, Martin Kosek wrote: > > Pushed to master, ipa-2-1. > > > Alexander just noticed, that dirsrv stop in ipactl start fallback code > was not right either. One-liner patch attached. ACK as well. -- / Alexander Bokovoy _

Re: [Freeipa-devel] [PATCH] 131 Fix LDAPCreate search failure

) already supported object class argument, there is no API change as well. For patch 132: ACK -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] Fedora 16 support (systemd)

current patch to introduce systemd/fedora16 support. The patch is against ipa-2-1 branch, I have not checked how it applies to master yet. -- / Alexander Bokovoy diff --git a/Makefile b/Makefile index 9d88025..3cd08e2 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ PRJ_PREFIX=freeipa

[Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the

client Reply-To: Hi, attached patch addresses ticket #1770. -- / Alexander Bokovoy >From 6bb9520e2398a22c0264276171714ea5d201f83a Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 4 Oct 2011 13:56:12 +0300 Subject: [PATCH] Setup and restore ntp configuration on the client s

[Freeipa-devel] [PATCH] 0017 Configure pam_krb5 only when sssd is not in use

Hi, attached patch fixes https://fedorahosted.org/freeipa/ticket/1775 -- / Alexander Bokovoy >From e956fb4cb1738cb98d006973db0016868204c10c Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 4 Oct 2011 14:33:36 +0300 Subject: [PATCH] Configure pam_krb5 on the client only if sssd

[Freeipa-devel] [PATCH] 0018 Unroll StrEnum values when displaying help

schema. --setattr=STR Set an attribute to a name/value pair. Format is attr=value. For multi-valued attributes, the command replaces the values already present. ---- -- / Alexander Bokovoy >Fro

Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the

On Tue, 04 Oct 2011, Jan Cholasta wrote: > On 4.10.2011 13:00, Alexander Bokovoy wrote: > >client > >Reply-To: > > > >Hi, > > > >attached patch addresses ticket #1770. > > > > ipa-client-install fails with: > > Traceback (most recent call

Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the

we can't restore. Attached patch should fix it -- as we can ignore absent backup. -- / Alexander Bokovoy >From a37e9ff4a35c4c9784bf6a174ca8a4da37a43f51 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 4 Oct 2011 13:56:12 +0300 Subject: [PATCH] Setup and restore ntp configuratio

Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the

On Tue, 04 Oct 2011, Alexander Bokovoy wrote: > Reproduced. This happens when the package freeipa-client is upgraded > after client is enrolled with previous version -- in such case there > is no backup state and therefore we can't restore. Also add fstore to /etc/sysconfig/ntpd to

[Freeipa-devel] [PATCH] 0019 Sync time with NTP before joining the domain

Hi, https://fedorahosted.org/freeipa/ticket/1773 -- / Alexander Bokovoy >From 8b022ee7b1290cabd4e1a54971dc66420d73c1cc Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 5 Oct 2011 15:02:58 +0300 Subject: [PATCH] Before kinit, try to sync time with the NTP servers of the domain

[Freeipa-devel] [PATCH] 0020 fix 'referenced before assignment'

Hi, in 1770 due to code moving from one part of the file to another, restored variable didn't get a proper assignment. One line patch. -- / Alexander Bokovoy >From 8c46d269fb412887cf0eb70ec69bb6861933f56a Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 5 Oct 2011 15:11:

Re: [Freeipa-devel] [PATCH] 0019 Sync time with NTP before joining the domain

retries variable too. Right. I ended up not using raiseonerr=False as all I needed is a way to break out of the loop on success so that will come sequentially if there is no exception. Patch attached. -- / Alexander Bokovoy >From b80796995a550ff0411fe32b4e6dd1f9c04cbb2f Mon Sep 17 00:00:

Re: [Freeipa-devel] [PATCH] 0019 Sync time with NTP before joining the domain

client has to submit next key if clocks have drifted which implies you cannot re-use the same OTP next time. To me this looks like in OTP case clocks synchronization is very important. In our OTP case it does not matter except for an artificial delay... I've added the message. -- / Alexander

Re: [Freeipa-devel] [PATCH] 0019 Sync time with NTP before joining the domain

chance to use the same password again? If that's the case, it is better to wait a second or three for time sync. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 885 optimize indirect member calculation

sorted by probability of encountering the container in real life, with users and hosts to be at the beginning. -- / Alexander Bokovoy diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index b12403b..f9d1d14 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.p

Re: [Freeipa-devel] [PATCH] 885 optimize indirect member calculation

rs Swap: 2031612k total, 1012792k used, 1018820k free,18096k cached -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 141 Make sure ipa-client-install returns correct error code

ons.unattended = True > uninstall(options, env, quiet=True) > > +return rval > + > try: > if __name__ == "__main__": > sys.exit(main()) ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH, 2.1] 0021 Fedora 16 and systemd support

Hi, rebased, updated package dependencies, and verified against Fedora 16+updates-testing. This patch is for ipa-2-1 branch. I need to do few cosmetic changes in freeipa.spec.in to accomodate it to 3.0 (master branch) as ipa_kpasswd is gone there. -- / Alexander Bokovoy >F

Re: [Freeipa-devel] [PATCH, 2.1] 0021 Fedora 16 and systemd support

On Mon, 10 Oct 2011, Alexander Bokovoy wrote: > rebased, updated package dependencies, and verified against > Fedora 16+updates-testing. > > This patch is for ipa-2-1 branch. I need to do few cosmetic changes in > freeipa.spec.in to accomodate it to 3.0 (master branch) as ipa_kpa

[Freeipa-devel] [PATCH] 0021 Increase number of 'getent passwd attempts' to 10

Hi, https://fedorahosted.org/freeipa/ticket/1774 -- / Alexander Bokovoy >From 6603e5af84c03dbabdd3de8a681a8d9d9b89013d Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 11 Oct 2011 10:22:16 +0300 Subject: [PATCH] Increase number of 'getent passwd attempts' to 10 Duri

[Freeipa-devel] [PATCH] 0023 Improve hbactest

Two patches in the same commit because they affect the same code and otherwise would have created dependency between the patches anyway. -- / Alexander Bokovoy >From 09ccb28ab1f6fb5c5d2ee41b583125e95bd23a62 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 11 Oct 2011 11:25:24 +0

Re: [Freeipa-devel] [PATCH] 142 Improve default user/group object class validation

ect[obj].uuid_attribute) > + for obj_attr in self.api.Object[obj].default_attributes: Shouldn't this be checked_attrs? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0024 Force use of kerberos realm to be a string in config.py

The code change works fine with Fedora 15 as well (tested). -- / Alexander Bokovoy >From c25b21972fb3a93b7c2ff1ab15715ae0bd3369b5 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 11 Oct 2011 12:07:23 +0300 Subject: [PATCH 2/2] Force kerberos realm to be a string Fixes issue with

Re: [Freeipa-devel] [PATCH] 142 Improve default user/group object class validation

On Tue, 11 Oct 2011, Martin Kosek wrote: > On Tue, 2011-10-11 at 12:01 +0300, Alexander Bokovoy wrote: > > On Tue, 11 Oct 2011, Martin Kosek wrote: > > > @@ -212,6 +216,24 @@ class config_mod(LDAPUpdate): > > > r

Re: [Freeipa-devel] [PATCH] 142 Improve default user/group object class validation

c = a+b > >>> print c > [1, 2, 3, 4] > >>> print a > [1, 2, 3] > >>> print b > [4] > >>> c.append(5) > >>> print c > [1, 2, 3, 4, 5] > >>> print a > [1, 2, 3] > >>> print b >

Re: [Freeipa-devel] [PATCH] 142 Improve default user/group object class validation

the new > set of default object classes > > https://fedorahosted.org/freeipa/ticket/1893 ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0025/0026 ipa-client-install --hostname not setting HOSTNAME if it is missing from the configuration file

Bokovoy >From db1a37bbb58ddd1a99c5498940f2988477392a06 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 12 Oct 2011 14:15:01 +0300 Subject: [PATCH 1/2] Refactor backup_and_replace_hostname() into a flexible config modification tool backup_and_replace_hostname() was doing three things

Re: [Freeipa-devel] [PATCH] 0025/0026 ipa-client-install --hostname not setting HOSTNAME if it is missing from the configuration file

x27;HOSTNAME']: ... > > should be > > if 'HOSTNAME' in old_values: ... Updated patch attached. -- / Alexander Bokovoy >From 6c01a86f232d10176372a9fbf7c8a4d40f8e928a Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 12 Oct 2011 16:42:09 +0300 Subject: [PATCH]

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

On Tue, 13 Sep 2011, Stephen Gallagher wrote: > On Tue, 2011-09-13 at 16:33 +0300, Alexander Bokovoy wrote: > > On Tue, 13 Sep 2011, Stephen Gallagher wrote: > > > > > File "/usr/lib/python2.7/site-packages/SSSDConfig.py", line 1207, > > > &

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

hat an error occurred when in fact there just was > no sssd.conf to import. > > Otherwise the approach looks good. Thanks, will do more testing tomorrow and make better phrases as well. I can differentiate "file does not exist" and error parsing. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 140 + 148 + 147 Hostname fixes

o proper detect that we actually changed hostname/archived /etc/sysconfig/network already -- either in server or client installation context. Unlike all other methods, this one gives you nondestructive peeking of the file store state. -- / Alexander Bokovoy __

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

;;' to '#' for the existing correct sssd.conf, but that's how SSSDConfig works. -- / Alexander Bokovoy >From 51b6ac3c8f65f5686b87243dbeb9c33e3ac6ee58 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 12 Oct 2011 19:14:55 +0300 Subject: [PATCH] Refactor authconfig use in ipa-

Re: [Freeipa-devel] [PATCH] 149 Make IPv4 address parsing more strict

t; > https://fedorahosted.org/freeipa/ticket/1965 ACK, good change. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 893 always save value of hostname

On Thu, 13 Oct 2011, Rob Crittenden wrote: > In backup_and_replace_hostname() the value of hostname wasn't being > saved if it wasn't in /etc/sysconfig/network. This should save it in > every case. ACK (yes, I need to go to bed) --

Re: [Freeipa-devel] [PATCH] 894 add winsync info to ipa-replica-manage man page

dows.ad.example.com > + > +.TP > +Remove a winsync replication agreement: > + # ipa\-replica\-manage disconnect windows.ad.example.com > .SH "EXIT STATUS" > 0 if the command was successful -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 894 add winsync info to ipa-replica-manage man page

On Fri, 14 Oct 2011, Rob Crittenden wrote: > Alexander Bokovoy wrote: > >On Thu, 13 Oct 2011, Rob Crittenden wrote: > >>Added more detailed information on creating a winsync replica to the > >>ipa-replica-manage man page. > > > >>+Creating a Windows

[Freeipa-devel] [PATCH] 0027 Document --preserve-sssd option of ipa-client-install

Hi, document new option --preserve-sssd introduced when fixing ticket 1750. -- / Alexander Bokovoy >From bb98c30ddf8efad1a563529f1776ab1c8f097683 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 14 Oct 2011 10:27:59 +0300 Subject: [PATCH] Document --preserve-sssd option of

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

() and ask for its properties later. You can move those _select_ca(), _select_any_master(), _host_has_service() to CaCache as they seem to not depend on anything in class ca but rather use global api.env. This way you will get is a fairly simple CaCache class reusable

Re: [Freeipa-devel] [PATCH] 895 fix config_replace_variables()

On Fri, 14 Oct 2011, Rob Crittenden wrote: > Handle an empty value in a name/value pair in config_replace_variables() > > This would blow up if you tried to append a value to an entry that > looked like: > > NAME= Yes. ACK. -- /

[Freeipa-devel] [PATCH] 0028 replace dictview by set for better portability

Hi, dictview is a new class in Python 2.7. We need to support older Python versions and thus, use set instead. -- / Alexander Bokovoy >From 169210f725d753d0707c0ee05c659747193fd6e5 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 14 Oct 2011 17:40:26 +0300 Subject: [PATCH] Use

Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows

domain_name, netbios_name, > - smbd_user="samba"): > + no_msdcs, smbd_user="samba"): Maybe we could make no_msdcs defaulting to False here? I.e. +no_msdcs=False, smbd_user="samba"):

Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows

On Fri, 14 Oct 2011, Sumit Bose wrote: > Thank you for your comments, new version attached. ACK from code reading. I'll try to test it once 2.1.3 is released, if you don't mind. -- / Alexander Bokovoy ___ Freeipa-devel mailing list

[Freeipa-devel] [PATCH] 0029 hbactest fails while you have svcgroup in hbacrule

group specified in the rule), as well as negative cases. https://fedorahosted.org/freeipa/ticket/1988 -- / Alexander Bokovoy >From f3e1b4f3259e841e2bd54f649231b36e257a2559 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 17 Oct 2011 00:23:26 +0300 Subject: [PATCH] hbactest fails wh

Re: [Freeipa-devel] [PATCH, 2.1] 0021 Fedora 16 and systemd support

ct 17 06:48:36 vm-114 ipactl[954]: Shutting down Oct 17 06:48:36 vm-114 ipactl[954]: Starting Directory Service After applying attached patch I now have fully working FreeIPA 2.1 git on Fedora 16. -- / Alexander Bokovoy >From cb5583ad8023d87fdbf863cd65032d0f11108bc0 Mon Sep 17 00:00:00 2001

Re: [Freeipa-devel] [PATCH] 026 Fixed: Unable to add external user for RunAs User for Sudo

nable to add external user for RunAs User for Sudo > rules > > https://fedorahosted.org/freeipa/ticket/1987 > > There is no way to add root or any external user as a RunAs User for a Sudo > Rule. ACK. -- / Alexander Bokovoy ___ F

Re: [Freeipa-devel] [PATCH, 2.1] 0021 Fedora 16 and systemd support

://koji.fedoraproject.org/koji/taskinfo?taskID=3437275 is current scratch build of 2.1 for F-16. It is 2.1.2+diff up to current ipa-2-1 git tree + systemd patch. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH, 2.1] 0021 Fedora 16 and systemd support

On Tue, 18 Oct 2011, Alexander Bokovoy wrote: > > ipa.init was removed from the git, but it was never moved to > > init/SystemV/. > It should have been moved (rm+new file). I'll check what's happening > there, maybe Simo's patch omitted that one? > > http

Re: [Freeipa-devel] [PATCH, 2.1] 0021 Fedora 16 and systemd support

en though they should be > up (cert-show command worked): This might be related as well -- I've seen multiple times when ipa_kpasswd didn't start after ipa-server-install but works after restart. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Add kerberos mapping for clients outside the IPA domain

ACK. It took me a while but hostname is ensured to be FQDN by the point we do that dangerous hostname[where is the dot+1:] operation. :) -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0030 Quote worker option

https://fedorahosted.org/freeipa/ticket/2023 -- / Alexander Bokovoy >From 29eb102e9319eff837d71e4da6ad45796f3e7868 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 25 Oct 2011 18:41:32 +0300 Subject: [PATCH] Quote multiple workers option https://fedorahosted.org/freeipa/ticket/2

Re: [Freeipa-devel] minimum python?

Yes. I'm not sure we tried hard to keep 2.4 working but 2.6 is definitely supported. > I also assume that means any Python feature added in 2.7 cannot be > used, correct? Yes. I had to rewrite code recently from views to sets due to the fact that dictionary views were

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

#x27;_ReadOnly__') and name != 'finalize_late': > +self.finalize_late() > +return object.__getattribute__(self, name) Could you get faster than three string comparisons? As __getattribute__ is fairly often called it would make sense to keep these operatio

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

On Mon, 31 Oct 2011, Simo Sorce wrote: > On Mon, 2011-10-31 at 14:19 +0200, Alexander Bokovoy wrote: > > On Mon, 31 Oct 2011, Jan Cholasta wrote: > > > Added finalization for __call__ and the check for CLI. Patch attached. > > ACK from my side but see below. > > &

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

On Mon, 31 Oct 2011, Jan Cholasta wrote: > Dne 31.10.2011 13:19, Alexander Bokovoy napsal(a): > >On Mon, 31 Oct 2011, Jan Cholasta wrote: > >>Added finalization for __call__ and the check for CLI. Patch attached. > >ACK from my side but see below. > > > >&

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

ine 187, in > runTest > self.test(*self.arg) > File "/home/mkosek/freeipa/tests/test_ipalib/test_frontend.py", line > 304, in test_options > assert self.cls().options is None > AssertionError > > > > I found one more issue with our ./makeapi script.

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

d can be used for all other types of objects. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

eipa-2-1-speedup]# time ipa help >/dev/null real0m0.624s user0m0.479s sys 0m0.133s [root@vm-114 freeipa-2-1-speedup]# time ipa group >/dev/null real0m0.612s user0m0.475s sys 0m0.126s [root@vm-114 freeipa-2-1-speedup]# time ipa user >/dev/null real0m0.61

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

(actual patch attached!) On Wed, 02 Nov 2011, Alexander Bokovoy wrote: > On Wed, 02 Nov 2011, Jan Cholasta wrote: > > >Callable instances are a consequence of the above -- > > >Command.__call__() does use properties that are changed due to > > >finalize() being r

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

ot; it works fine. I suspected this. :) Ok, that and I protected self.__finalized reassignment in case Plugin#finalize() got called twice -- second time the class is locked already so self.__finalized = True will blow exception. I made it no-op for next passes. New patch attached. Survived fresh

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

azy > finalization, so that the behavior can be overriden (actually I have > already done that - see attached patch - just use > "api.env.plugins_on_demand" instead of "api.env.context == 'cli'"). Done. -- / Alexander Bokovoy >From 44ebebc2fede6f001a826fa

Re: [Freeipa-devel] [PATCH] #2038 modify salt creation

On Thu, 03 Nov 2011, Simo Sorce wrote: > As stated in the bug in order to attain better interoperability with > Windows clients we need to change the way we generate the random salt. ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list F

Re: [Freeipa-devel] [PATCHES] #2036 Fix coverity bugs

P_OIDLIST, > ipapwd_oid_list); > if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_NAMELIST, > ipapwd_name_list); > -if (!ret) slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN, (void > *)ipapwd_extop); > +if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN,

Re: [Freeipa-devel] [PATCHES] #2037 Coverity issues

; ACK. > https://fedorahosted.org/freeipa/ticket/2037 > --- > daemons/ipa-kdb/ipa_kdb_pwdpolicy.c |2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c > b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c > index > d439feb907eebda70b513ac9ca70f3e259ad3909..46a0513307c859ff2cfef7ad58442edb1b9cc78d > 100644 > --- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c > +++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c > @@ -85,7 +85,7 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, > char *name, > goto done; > } > > -pentry = calloc(1, sizeof(osa_policy_ent_t)); > +pentry = calloc(1, sizeof(osa_policy_ent_rec)); > if (!pentry) { > kerr = ENOMEM; > goto done; How this one has even worked? :) ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 902 Don't allow empty default object classes

On Tue, 08 Nov 2011, Rob Crittenden wrote: > Don't allow one to set a blank list of default objectclasses in > cn=ipaconfig. > ACK -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/ma

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

0m1.103s0m0.478s0m0.451s > sys 0m0.161s0m0.126s0m0.133s > > $ time ipa user-find > real0m1.897s0m1.253s0m1.235s > user0m1.119s0m0.486s0m0.488s > sys 0m0.160s0m0.160s0m0.136s > > $ time ipa help > real0m1.299

Re: [Freeipa-devel] [PATCH] 163+164 Fix DNS zone --allow-dynupdate option behavior

e > effectively. True/False to LDAP's "TRUE"/"FALSE" in this case. Encoding > functions are executed in a server context only. Ack. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] the 'Keytab:' field in "ipa user-show" output is misleading

ription. You only added it to the mail. When I am traversing FreeIPA > git logs, I must be able to quickly read what this patch does. > > You would have seen all these conventions I wrote you about if you had > read some patches in freeipa-devel or had read some in FreeIPA git lo

Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap

rather did a commonalization of detection instead of duplicating the code. We can re-use result of detecting what exists later in configure_{ldap,nslcd}_config(). -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 904 two more buildrequires

ba4. Simo, do you remember details? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] fix copy/paste

s aci_del(crud.Delete): > """ > Execute the aci-delete operation. > > -:param aciname: The name of the ACI being added. > +:param aciname: The name of the ACI being deleted. > :param kw: unused > ""&q

Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap

done via kerberos and NSS module would give you users and groups with nss_ldap. So pam_ldap + nss_ldap is one of possible configurations, but pam_krb5 + nss_ldap is also possible to use, without pam_ldap. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0032 Validate sudo RunAsUser/RunAsGroup arguments

27;all', 'All', 'ALL', 'aLL', and so on are mistyping but there are might be valid cases when group or user is called 'all'. -- / Alexander Bokovoy >From 726dee0d53736f7ec42569e6f65e112f663a7fb8 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy

[Freeipa-devel] [PATCH] 0033 Check all LDAP servers during IPA discovery

, but replica may succeed. Ticket #1827 https://fedorahosted.org/freeipa/ticket/1827 -- / Alexander Bokovoy >From 3d4d893dc4631184824add70dfdef5dfd9f331c2 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 14 Nov 2011 12:39:50 +0200 Subject: [PATCH] Check through all LDAP servers in th

Re: [Freeipa-devel] [PATCH] 169 Fix LDAP object parameter encoding

criptive name because 'attribute' and 'noattribute' are confusing, to say at least. Or maybe we should document them better? Right now there is no documentation for a majority of those flags. -- / Alexander Bokovoy ___ Freeipa-devel m

Re: [Freeipa-devel] [PATCH] 169 Fix LDAP object parameter encoding

egarding label names changes which force API break as well but as this patch shows, we'll get a lot of trouble on compatibility without filtering the attributes that don't really matter on the client side... -- / Alexander Bokovoy _

Re: [Freeipa-devel] [PATCH] 170 Remove redundant information from API.txt

lity with older releases which I'll look at in ticket #2026. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 171 Let PublicError accept Gettext objects

does crash when it receives > > Gettext/NGettext object. Instead of throwing a type error, do the > > translation to receive the required unicode text. > > > > https://fedorahosted.org/freeipa/ticket/2096 ACK now. :) -- / Alexander Bokovoy _

[Freeipa-devel] [PATCH] 0034 configure does not check for Python.h

py_default_encoding extension depends on Python.h and Python development tools availability. Make sure they are installed. https://fedorahosted.org/freeipa/ticket/1838 -- / Alexander Bokovoy >From b6b6112cb84f69c41a27bbab1c75fed97be4a61b Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy D

<    1   2   3   4   5   6   7   8   9   10   >