On Apr 13, 2011, at 6:15 PM, Simo Sorce wrote:
On Wed, 13 Apr 2011 17:05:02 -0400
Adam Young ayo...@redhat.com wrote:
FreeIPA is a centralized authentication and authorization management
framework, built on open standards, with a focus towards the needs of
Linux and Unix clients.
On Apr 13, 2011, at 6:40 PM, Adam Young wrote:
On 04/13/2011 09:26 PM, Adam Young wrote:
On 04/13/2011 09:15 PM, Simo Sorce wrote:
On Wed, 13 Apr 2011 17:05:02 -0400
Adam Youngayo...@redhat.com wrote:
FreeIPA is a centralized authentication and authorization management
framework, built
On Apr 20, 2011, at 10:32 AM, Rob Crittenden wrote:
...
Seems to work as advertised, I just have a couple of requests:
- Some of the comments are really long, can you limit to ~75 chars per line?
- In this code block:
for r in results:
direct.append(r[0])
handle the enabling / disabling of Compat and Managed Entry Plugins...
binmndZmK7OrG.bin
Description: freeipa-jraquino-0025-Create-Tool-for-Enabling-Disabling-Managed-Entries.patch
~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister
-0026-Delete-the-sudoers-entry-when-disabling-Schema-Compat.patch
~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1 805.690.3478
jr.aqu...@citrixonline.com
http://www.citrixonline.com
On Apr 21, 2011, at 4:03 PM, Simo Sorce
sso...@redhat.commailto:sso...@redhat.com wrote:
On Thu, 2011-04-21 at 15:30 -0400, Dmitri Pal wrote:
On 04/21/2011 03:17 PM, JR Aquino wrote:
This patch address ticket:
* https://fedorahosted.org/freeipa/ticket/1181
https://fedorahosted.org/freeipa
On Apr 22, 2011, at 12:53 PM, Rob Crittenden wrote:
JR Aquino wrote:
On Apr 12, 2011, at 9:45 AM, JR Aquino wrote:
Add HBAC Rule and Sudo Rule to users as indirect member attributes to
simplify the auditing of users for their indirect membership to their
authorization rights
On Apr 25, 2011, at 6:43 AM, Simo Sorce wrote:
On Thu, 2011-04-21 at 23:28 +, JR Aquino wrote:
Hmmm
Both Private Groups and the Hostgroup - Netgroup Managed Entries
create objects in the container:
cn=Managed Entries,cn=plugins,cn=config
Each Ldif contains 2 ldap objects. One
On Apr 22, 2011, at 12:53 PM, Rob Crittenden wrote:
JR Aquino wrote:
On Apr 12, 2011, at 9:45 AM, JR Aquino wrote:
Add HBAC Rule and Sudo Rule to users as indirect member attributes to
simplify the auditing of users for their indirect membership to their
authorization rights
Description: freeipa-jraquino-0027-Make-sure-ipa_config-is-read-only-when-caching.patch
~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1 805.690.3478
jr.aqu...@citrixonline.com
http
On May 13, 2011, at 5:48 AM, Jan Cholasta wrote:
Show help for plugin when the user runs 'ipa plugin', instead of printing
an error message about unknown command.
https://fedorahosted.org/freeipa/ticket/914
Honza
--
Jan Cholasta
On May 13, 2011, at 8:47 AM, Adam Young wrote:
One minor piece of Feedback I got from people at the Summit was surprise that
DNS was on the Policy tab and not on the Identity tab. Moving this is
trivial. Does anyone object to me making that change?
On May 10, 2011, at 8:14 PM, Adam Young wrote:
On 05/10/2011 11:07 PM, Adam Young wrote:
On 05/10/2011 04:38 PM, JR Aquino wrote:
On Apr 22, 2011, at 12:53 PM, Rob Crittenden wrote:
JR Aquino wrote:
On Apr 12, 2011, at 9:45 AM, JR Aquino wrote:
Add HBAC Rule and Sudo Rule to users
This effects Ticket 1222 and Rob's patch 786
binlDpwG7aVPN.bin
Description: freeipa-jraquino-0028-One-Liner-Typo-in-host_nis_groups-has-been-creating.patch
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On May 18, 2011, at 12:46 PM, JR Aquino wrote:
This effects Ticket 1222 and Rob's patch 786
Per IRC Conversation with Simo and Rob, take the path of least change.
The patch has been modified to correct the CN to match the DN rather than
changing both.
binSqyGhoZYFC.bin
Description
On May 18, 2011, at 2:52 PM, Rob Crittenden wrote:
JR Aquino wrote:
On May 18, 2011, at 12:46 PM, JR Aquino wrote:
This effects Ticket 1222 and Rob's patch 786
Per IRC Conversation with Simo and Rob, take the path of least change.
The patch has been modified to correct the CN to match
On May 18, 2011, at 2:52 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
The Managed Entries plugin configurations weren't being created on
replica installs. The templates were there but the cn=config portions
were not.
This patch adds them as updates. The template portion will be added in
On May 23, 2011, at 2:42 PM, Rob Crittenden rcrit...@redhat.com wrote:
JR Aquino wrote:
On May 19, 2011, at 6:16 AM, Rob Crittenden wrote:
JR Aquino wrote:
On May 18, 2011, at 2:52 PM, Rob Crittenden wrote:
JR Aquino wrote:
On May 18, 2011, at 12:46 PM, JR Aquino wrote:
This effects
On May 24, 2011, at 8:17 AM, Rob Crittenden wrote:
JR Aquino wrote:
On May 23, 2011, at 2:42 PM, Rob Crittendenrcrit...@redhat.com wrote:
JR Aquino wrote:
On May 19, 2011, at 6:16 AM, Rob Crittenden wrote:
JR Aquino wrote:
On May 18, 2011, at 2:52 PM, Rob Crittenden wrote:
JR Aquino
On May 24, 2011, at 8:17 AM, Rob Crittenden wrote:
JR Aquino wrote:
On May 23, 2011, at 2:42 PM, Rob Crittendenrcrit...@redhat.com wrote:
JR Aquino wrote:
On May 19, 2011, at 6:16 AM, Rob Crittenden wrote:
JR Aquino wrote:
On May 18, 2011, at 2:52 PM, Rob Crittenden wrote:
JR Aquino
On May 24, 2011, at 10:48 AM, Rob Crittenden wrote:
JR Aquino wrote:
On May 24, 2011, at 8:17 AM, Rob Crittenden wrote:
JR Aquino wrote:
On May 23, 2011, at 2:42 PM, Rob Crittendenrcrit...@redhat.com wrote:
JR Aquino wrote:
On May 19, 2011, at 6:16 AM, Rob Crittenden wrote:
JR
On May 20, 2011, at 7:14 AM, Rob Crittenden wrote:
JR Aquino wrote:
On May 18, 2011, at 2:52 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
The Managed Entries plugin configurations weren't being created on
replica installs. The templates were there but the cn=config portions
were
On May 20, 2011, at 8:32 AM, Rob Crittenden wrote:
JR Aquino wrote:
On May 10, 2011, at 8:14 PM, Adam Young wrote:
On 05/10/2011 11:07 PM, Adam Young wrote:
On 05/10/2011 04:38 PM, JR Aquino wrote:
On Apr 22, 2011, at 12:53 PM, Rob Crittenden wrote:
JR Aquino wrote:
On Apr 12, 2011
on the how the rules are
represented within the raw directory.
http://directory.fedoraproject.org/wiki/Auto_Membership_Design
~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1 805.690.3478
jr.aqu
https://fedorahosted.org/freeipa/ticket/1277
Raise DuplicateEntry Error when adding a duplicate sudo option
binJU77riy9dW.bin
Description: freeipa-jraquino-0029-Raise-DuplicateEntry-Error-when-adding-a-duplicate.patch
___
Freeipa-devel mailing list
On Jun 8, 2011, at 11:30 AM, Simo Sorce wrote:
On Wed, 2011-06-08 at 14:15 -0400, Dmitri Pal wrote:
Hi,
We have been through this some time before and the decision made then
still left me uneasy.
We said that LDAP is by nature something is a readable by an
authenticated used. Other than
On Jun 8, 2011, at 12:29 PM, Dmitri Pal wrote:
On 06/08/2011 03:15 PM, JR Aquino wrote:
1) Leave as is and not bother at all (i.e. it is what it is)
2) Leave as is and defer the solution till later (do not fix it in 2.1
defer to 2.2)
3) Leave as is but document how to do
On Jun 9, 2011, at 10:24 AM, Rob Crittenden wrote:
JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1277
Raise DuplicateEntry Error when adding a duplicate sudo option
nack, this will still fail if no ipasudoopt is passed in.
Also, is this case-sensitive?
Yes, it is case
On Jun 10, 2011, at 3:11 PM, JR Aquino wrote:
On Jun 9, 2011, at 10:24 AM, Rob Crittenden wrote:
JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1277
Raise DuplicateEntry Error when adding a duplicate sudo option
nack, this will still fail if no ipasudoopt is passed
This small 2 line patch addresses 2 bugs:
https://fedorahosted.org/freeipa/ticket/1269 - (Remaining external hosts not
displayed while removing one from a sudorule.)
https://fedorahosted.org/freeipa/ticket/1270 - (Removed external host is
displayed in the output when --all switch is used)
Adjustment to install/share/schema_compat.uldif to correctly assign
sudorunasuser for both a user and group object respectively.
The bug had to do with the compat plugin syntax needing to correctly identify
the difference behind intent with the 'runas' attributes.
The difference is handling
On Jun 14, 2011, at 11:06 AM, Rob Crittenden wrote:
JR Aquino wrote:
On Jun 10, 2011, at 3:11 PM, JR Aquino wrote:
On Jun 9, 2011, at 10:24 AM, Rob Crittenden wrote:
JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1277
Raise DuplicateEntry Error when adding a duplicate sudo
On Jun 14, 2011, at 6:36 PM, Rob Crittenden wrote:
Some of the sudorule commands were missing a message summary.
ticket https://fedorahosted.org/freeipa/ticket/1255
rob
freeipa-rcrit-802-sudo.patch___
Freeipa-devel mailing list
On Jun 15, 2011, at 8:03 AM, Rob Crittenden wrote:
A minor issue and a question.
The minor issue is you changed a couple of options from optional to
mandatory, which is fine, but we need to bump up the minor version in VERSION
(older clients otherwise could not send the string and blow
On Jun 16, 2011, at 8:01 AM, Rob Crittenden wrote:
JR Aquino wrote:
On Jun 15, 2011, at 8:03 AM, Rob Crittenden wrote:
A minor issue and a question.
The minor issue is you changed a couple of options from optional to
mandatory, which is fine, but we need to bump up the minor version
https://fedorahosted.org/freeipa/ticket/1339
binniSici8OHk.bin
Description: freeipa-jraquino-0032-Dont-add-empty-tuple-to-entry_attrs-externalhost.patch
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://fedorahosted.org/freeipa/ticket/1326
In case I haven't sent this out before.
~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1 805.690.3478
jr.aqu...@citrixonline.com
http
functionality
binfWm24aLDHv.bin
Description: freeipa-jraquino-0034-Create-FreeIPA-CLI-Plugin-for-the-389-Auto-Membershi.patch
~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1 805.690.3478
jr.aqu
On Jul 14, 2011, at 11:55 AM, wrote:
https://fedorahosted.org/freeipa/ticket/1272
* Added new container in etc to hold the automembership configs.
* Modified constants to point to the new container
* Modified dsinstance to create the container
* Modified hostgroup.py to add the new
On Jul 18, 2011, at 1:08 PM, wrote:
https://fedorahosted.org/freeipa/ticket/1472
Changeset 8e086fd7b8c1edd0ccfec527c0699d396a7954f9 introduced a bug with
ldapupdate resulting in incorrect handling of uldif files. Particularly the
schema_compat.uldif.
-the-cvs-parser-in-ldapupdate.patch
~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1 805.690.3478
jr.aqu...@citrixonline.com
http://www.citrixonline.com
https://fedorahosted.org/freeipa/ticket/1348
Corrected behavior for ipa sudorule-remove-runasgroup rule1 --groups=tgroup2
--all
binTRh8Wcv8ho.bin
Description: freeipa-jraquino-0036-Removed-RunAs-External-Group-is-removed-in-the-output.patch
___
https://fedorahosted.org/freeipa/ticket/1309
Added .update file to correct the sudo schema during freeipa updates on older
systems.
Modified Makefile.am to account for new .update file.
binuYzjiki10A.bin
Description: freeipa-jraquino-0037-Correct-sudo-runasuser-and-runasgroup-attributes.patch
On Jul 19, 2011, at 2:32 AM, Martin Kosek mko...@redhat.com wrote:
On Mon, 2011-07-18 at 23:43 +, JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1309
Added .update file to correct the sudo schema during freeipa updates on
older systems.
Modified Makefile.am to account
On Jul 15, 2011, at 7:55 AM, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-07-14 at 23:05 +, JR Aquino wrote:
On Jul 14, 2011, at 11:55 AM, wrote:
https://fedorahosted.org/freeipa/ticket/1272
* Added new container in etc to hold the automembership configs.
* Modified
On Jul 19, 2011, at 7:30 AM, Martin Kosek wrote:
On Tue, 2011-06-14 at 19:03 +, JR Aquino wrote:
Adjustment to install/share/schema_compat.uldif to correctly assign
sudorunasuser for both a user and group object respectively.
The bug had to do with the compat plugin syntax needing
On Jul 20, 2011, at 8:37 AM, Rob Crittenden wrote:
JR Aquino wrote:
On Jul 15, 2011, at 7:55 AM, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-07-14 at 23:05 +, JR Aquino wrote:
On Jul 14, 2011, at 11:55 AM, wrote:
https://fedorahosted.org/freeipa/ticket/1272
* Added
Rob, I'm afraid I believe that ldap lookup is necessary. The user inputs a
standard string to represent the possible host group… If i simply perform a
get_dn it will indeed provide a dn, however, it won't verify that the host
group actually exists… (you don't want to create an assignment
On Jul 21, 2011, at 7:31 AM, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-07-21 at 03:37 +, JR Aquino wrote:
Rob, I'm afraid I believe that ldap lookup is necessary. The user inputs
a standard string to represent the possible host group… If i simply
perform a get_dn
://fedorahosted.org/freeipa/ticket/1222 - Add Managed Entries during
Replica installation extended solution
bin4Vi5JD3D3Q.bin
Description: freeipa-jraquino-0038-Move-Managed-Entries-into-their-own-container.patch
~
Jr Aquino, GCIH | Information Security
On Apr 25, 2011, at 9:00 AM, Simo Sorce wrote:
On Mon, 2011-04-25 at 14:59 +, JR Aquino wrote:
On Apr 25, 2011, at 6:43 AM, Simo Sorce wrote:
On Thu, 2011-04-21 at 23:28 +, JR Aquino wrote:
Hmmm
Both Private Groups and the Hostgroup - Netgroup Managed Entries
create objects
On Jul 22, 2011, at 6:54 AM, Martin Kosek wrote:
On Thu, 2011-07-21 at 23:00 +, JR Aquino wrote:
Create: cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
Create method for migrating any
On Aug 1, 2011, at 5:56 AM, Rob Crittenden wrote:
Martin Kosek wrote:
On Sat, 2011-07-30 at 00:54 +, JR Aquino wrote:
On Jul 21, 2011, at 8:53 AM, JR Aquino wrote:
On Jul 21, 2011, at 7:31 AM, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-07-21 at 03:37 +, JR Aquino
On Aug 1, 2011, at 11:28 PM, Martin Kosek mko...@redhat.com wrote:
On Mon, 2011-08-01 at 19:11 +, JR Aquino wrote:
On Aug 1, 2011, at 5:56 AM, Rob Crittenden wrote:
Martin Kosek wrote:
On Sat, 2011-07-30 at 00:54 +, JR Aquino wrote:
On Jul 21, 2011, at 8:53 AM, JR Aquino wrote
On Aug 2, 2011, at 1:09 AM, Martin Kosek wrote:
On Tue, 2011-08-02 at 07:25 +, JR Aquino wrote:
On Aug 1, 2011, at 11:28 PM, Martin Kosek mko...@redhat.com wrote:
On Mon, 2011-08-01 at 19:11 +, JR Aquino wrote:
On Aug 1, 2011, at 5:56 AM, Rob Crittenden wrote:
Martin Kosek wrote
On Aug 2, 2011, at 5:55 AM, Rob Crittenden rcrit...@redhat.com wrote:
JR Aquino wrote:
I am fairly opposed to removing 'default' attrs which the rules are applied
to... I am happy to provide a means to override them.
While it may be second nature for all of us to know
On Aug 3, 2011, at 7:32 AM, Rob Crittenden wrote:
JR Aquino wrote:
On Aug 2, 2011, at 5:55 AM, Rob Crittendenrcrit...@redhat.com wrote:
JR Aquino wrote:
I am fairly opposed to removing 'default' attrs which the rules are
applied to... I am happy to provide a means to override them
https://fedorahosted.org/freeipa/ticket/1657
Added brief explanations for the various Sudo components in the top level doc.
Added doc entries for RunAs User and RunAs Group.
freeipa-jraquino-0039-Improve-sudorule-documentation.patch
Description:
On Jul 22, 2011, at 6:54 AM, Martin Kosek wrote:
On Thu, 2011-07-21 at 23:00 +, JR Aquino wrote:
Create: cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
Create method for migrating any
On Sep 8, 2011, at 4:38 AM, Martin Kosek wrote:
On Tue, 2011-09-06 at 22:33 +, JR Aquino wrote:
On Jul 22, 2011, at 6:54 AM, Martin Kosek wrote:
On Thu, 2011-07-21 at 23:00 +, JR Aquino wrote:
Create: cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Definitions,cn=Managed Entries,cn
On Sep 8, 2011, at 10:41 AM, JR Aquino wrote:
On Sep 8, 2011, at 10:06 AM, JR Aquino wrote:
On Sep 8, 2011, at 4:38 AM, Martin Kosek wrote:
On Tue, 2011-09-06 at 22:33 +, JR Aquino wrote:
On Jul 22, 2011, at 6:54 AM, Martin Kosek wrote:
On Thu, 2011-07-21 at 23:00 +, JR Aquino
On Jul 22, 2011, at 7:05 AM, Martin Kosek wrote:
On Thu, 2011-07-21 at 23:52 +, JR Aquino wrote:
On Apr 25, 2011, at 9:00 AM, Simo Sorce wrote:
On Mon, 2011-04-25 at 14:59 +, JR Aquino wrote:
On Apr 25, 2011, at 6:43 AM, Simo Sorce wrote:
On Thu, 2011-04-21 at 23:28 +, JR
On Sep 15, 2011, at 1:47 AM, Martin Kosek wrote:
On Thu, 2011-09-15 at 00:47 +, JR Aquino wrote:
On Jul 22, 2011, at 7:05 AM, Martin Kosek wrote:
5) I was thinking if there is a better solution to enabling/disabling of
the plugin. Likes setting something like managedEntryEnabled
On Sep 16, 2011, at 4:41 AM, Alexander Bokovoy aboko...@redhat.com wrote:
On Fri, 16 Sep 2011, Martin Kosek wrote:
Great, most bugs are fixed. I only saw these 2 minor bugs. If those are
fixed, I think we can ackpush.
1) Man pages: --list option is still not right, formating is wrong
On Sep 16, 2011, at 2:11 AM, Martin Kosek wrote:
On Thu, 2011-09-15 at 17:25 +, JR Aquino wrote:
On Sep 15, 2011, at 1:47 AM, Martin Kosek wrote:
On Thu, 2011-09-15 at 00:47 +, JR Aquino wrote:
On Jul 22, 2011, at 7:05 AM, Martin Kosek wrote:
5) I was thinking
are essentially dead in the water at this point.
Sent from my iPad
Begin forwarded message:
From: Brett Campbell
mailto:brett.campb...@citrix.combrett.campb...@citrix.commailto:brett.campb...@citrix.com
Date: September 19, 2011 6:48:55 PM PDT
To: JR Aquino
mailto:jr.aqu...@citrix.comjr.aqu
On Sep 19, 2011, at 10:16 PM, JR Aquino wrote:
We're having significant reproducible problems with rhel 5.7 + FreeIPA
master...
I'm not sure if it is localized to us or even which side is responsible for
the error...
Has anyone had success with rhel 5.7's repo included FreeIPA client
pam module would be very appreciated!
#!/usr/bin/env python
#
# pam_pyauth.py (Python LDAP RBAC)
#
# Requires Python 2.4 or Greater
#
# Copyright (c) 2010 Jr Aquino
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification
On Oct 3, 2011, at 3:17 PM, Simo Sorce wrote:
On Mon, 2011-10-03 at 16:20 -0400, Simo Sorce wrote:
Newer 389ds servers have a new option to have a different set of
filtered attributes from normal replication.
This has been added in order to allow DS to replicate memberof
attributes only
On Oct 7, 2011, at 11:14 AM, Simo Sorce wrote:
On Mon, 2011-10-03 at 18:17 -0400, Simo Sorce wrote:
On Mon, 2011-10-03 at 16:20 -0400, Simo Sorce wrote:
Newer 389ds servers have a new option to have a different set of
filtered attributes from normal replication.
This has been added in
On Dec 6, 2011, at 1:09 PM, Simo Sorce wrote:
Thanks Rob for all the great work!
I want to add just one warning that may escape users attention.
Due to the need to address the CSRF attack, our command line tools
(including ipa-client-install) will not work on newer servers until you
On Feb 17, 2012, at 3:18 PM, John Dennis wrote:
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
freeipa-jdennis-0062-Tweak-the-session-auth-to-reflect-developer-consensu.patch___
Freeipa-devel
On Feb 20, 2012, at 12:48 PM, John Dennis jden...@redhat.com wrote:
On 02/20/2012 01:49 PM, JR Aquino wrote:
On Feb 17, 2012, at 3:18 PM, John Dennis wrote:
--
John Dennisjden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
freeipa-jdennis-0062-Tweak
On Feb 20, 2012, at 1:12 PM, John Dennis wrote:
On 02/20/2012 04:00 PM, JR Aquino wrote:
On Feb 20, 2012, at 12:48 PM, John Dennisjden...@redhat.com wrote:
On 02/20/2012 01:49 PM, JR Aquino wrote:
On Feb 17, 2012, at 3:18 PM, John Dennis wrote:
--
John Dennisjden...@redhat.com
On Feb 22, 2012, at 11:26 AM, Rob Crittenden wrote:
We include memberof when doing a total sync so there is no need to re-run the
memberOf task in ipa-replica-manage re-initialize unless the agreement
doesn't set nsDS5ReplicatedAttributeListTotal.
rob
On Feb 22, 2012, at 7:10 PM, Rob Crittenden wrote:
JR Aquino wrote:
On Feb 22, 2012, at 11:26 AM, Rob Crittenden wrote:
We include memberof when doing a total sync so there is no need to re-run
the memberOf task in ipa-replica-manage re-initialize unless the agreement
doesn't set
/ipa-install/ipa-client-install
to validate the dns of the FreeIPA server
https://fedorahosted.org/freeipa/ticket/2438
~
Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408
On Feb 22, 2012, at 11:26 AM, Rob Crittenden wrote:
We include memberof when doing a total sync so there is no need to re-run the
memberOf task in ipa-replica-manage re-initialize unless the agreement
doesn't set nsDS5ReplicatedAttributeListTotal.
rob
ACK
Patch tested and clean
On Feb 24, 2012, at 3:22 PM, Simo Sorce wrote:
On Fri, 2012-02-24 at 23:09 +, JR Aquino wrote:
ipa-replica-manage del causes tombstone entries to remain in 389 DS. This has
proven to be problematic.
We can automatically perform the cleanup task at the deletion time to minimize
orphans
On Feb 24, 2012, at 3:09 PM, JR Aquino wrote:
ipa-replica-manage del causes tombstone entries to remain in 389 DS. This
has proven to be problematic.
We can automatically perform the cleanup task at the deletion time to
minimize orphans and ghosts in the directory.
This patch runs
On Feb 27, 2012, at 8:43 AM, Rob Crittenden wrote:
JR Aquino wrote:
ipa-server-install has a method for validating forward and reverse via
ipaserver/install/installutils.py
ipa-client-install does not currently have an equivalent
This patch adds valid_dns to ipapython/ipautil.py to validate
On Feb 27, 2012, at 1:29 PM, Rob Crittenden wrote:
JR Aquino wrote:
On Feb 27, 2012, at 8:43 AM, Rob Crittenden wrote:
JR Aquino wrote:
ipa-server-install has a method for validating forward and reverse via
ipaserver/install/installutils.py
ipa-client-install does not currently have
On Feb 23, 2012, at 3:56 PM, JR Aquino wrote:
ipa-server-install has a method for validating forward and reverse via
ipaserver/install/installutils.py
ipa-client-install does not currently have an equivalent
This patch adds valid_dns to ipapython/ipautil.py to validate foward and
reverse
On Feb 24, 2012, at 3:09 PM, JR Aquino wrote:
ipa-replica-manage del causes tombstone entries to remain in 389 DS. This
has proven to be problematic.
We can automatically perform the cleanup task at the deletion time to
minimize orphans and ghosts in the directory.
This patch runs
-require-secure-binds',
'nsslapd-allow-anonymous-access',
'nsslapd-minssf'
https://fedorahosted.org/freeipa/ticket/1930
~
Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408
On Feb 28, 2012, at 10:44 AM, JR Aquino wrote:
On Feb 24, 2012, at 3:09 PM, JR Aquino wrote:
ipa-replica-manage del causes tombstone entries to remain in 389 DS. This
has proven to be problematic.
We can automatically perform the cleanup task at the deletion time to
minimize orphans
On Feb 28, 2012, at 10:43 AM, JR Aquino wrote:
On Feb 23, 2012, at 3:56 PM, JR Aquino wrote:
ipa-server-install has a method for validating forward and reverse via
ipaserver/install/installutils.py
ipa-client-install does not currently have an equivalent
This patch adds valid_dns
This will be _very_ helpful for testing automember logic against potential
users / hosts.
This patch addes a new plugin to FreeIPA that tests automember logic decisions
https://fedorahosted.org/freeipa/ticket/2535
~
Jr Aquino | Sr. Information Security
On May 29, 2012, at 1:32 PM, Simo Sorce wrote:
On Fri, 2012-05-25 at 18:36 -0400, Simo Sorce wrote:
The original ldap driver we used up to 2.2 had 2 options admins could
set to limit the amount of writes to the database on certain auditing
related operations.
In particular
:
https://fedorahosted.org/389/ticket/542
Keeping your head in the cloud
~
JR Aquino
Senior Information Security Specialist, Technical Operations
T: +1 805 690 3478 | F: +1 805 879 3730 | M: +1 805 717 0365
GIAC Certified Exploit Researcher and Advanced
On Dec 19, 2012, at 2:32 PM, Simo Sorce wrote:
On Wed, 2012-12-19 at 20:52 +, JR Aquino wrote:
Due to a limitation with 389 DS, the nsslapd-maxbersize cannot be set
dynamically.
This causes an issue during IPA PKI-CA Replica installs, when the master has
a CRL that exceeds the default
On Aug 8, 2013, at 12:19 AM, Martin Kosek mko...@redhat.com wrote:
Hello all,
This is a follow up for upstream doc maintenance questions I had on
freeipa-users in June:
http://www.redhat.com/archives/freeipa-users/2013-June/msg00202.html
As Content Writer taking care of the User Guide
If you are seeing clock skew errors in /var/log/dirsrv/slapd-EXAMPLE-COM/errors that look like this, then you will need to verify the time/date of the server to make sure NTP isn't freaked out. If the system date is correct, it is possible that the change numbergenerator has
101 - 193 of 193 matches
Mail list logo