Re: [Freeipa-devel] [PATCH] 918, 919 update sudo schema

2012-03-02 Thread Jan Cholasta
On 2.3.2012 19:43, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2012-03-02 at 11:40 -0500, Rob Crittenden wrote: Jan Cholasta wrote: On 1.3.2012 20:57, Rob Crittenden wrote: Rob Crittenden wrote: Jan Cholasta wrote: On 17.1.2012 04:55, Rob Crittenden wrote: Jan Cholasta wrote: Dne

Re: [Freeipa-devel] [PATCH] 979 kinit before connect in client

2012-03-05 Thread Jan Cholasta
+return False Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 924 display both hex and decimal serial numbers

2012-03-08 Thread Jan Cholasta
On 7.3.2012 17:12, Rob Crittenden wrote: Petr Vobornik wrote: On 03/06/2012 09:56 PM, Rob Crittenden wrote: Rob Crittenden wrote: Jan Cholasta wrote: Dne 18.1.2012 00:04, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 16.1.2012 22:02, Rob Crittenden napsal(a): Rob Crittenden wrote

Re: [Freeipa-devel] [PATCH] 924 display both hex and decimal serial numbers

2012-03-14 Thread Jan Cholasta
On 13.3.2012 22:57, Rob Crittenden wrote: Jan Cholasta wrote: On 7.3.2012 17:12, Rob Crittenden wrote: Petr Vobornik wrote: On 03/06/2012 09:56 PM, Rob Crittenden wrote: Rob Crittenden wrote: Jan Cholasta wrote: Dne 18.1.2012 00:04, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne

[Freeipa-devel] [PATCHES] Improve framework parameter validation

2012-03-15 Thread Jan Cholasta
-- Jan Cholasta From c5e1f63ea3bcb15fce5c90aafe700a23565b2213 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Mon, 16 Jan 2012 09:21:50 -0500 Subject: [PATCH 2/2] Fix the procedure for getting default values of command parameters. The parameters used in default_from of other

Re: [Freeipa-devel] [PATCHES] Improve framework parameter validation

2012-03-15 Thread Jan Cholasta
On 15.3.2012 11:36, Jan Cholasta wrote: (this is a continuation of http://www.redhat.com/archives/freeipa-devel/2011-September/msg00327.html) Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/1847 and https://fedorahosted.org/freeipa/ticket/2245: [PATCH] Fix the procedure

Re: [Freeipa-devel] [PATCHES] Improve framework parameter validation

2012-03-15 Thread Jan Cholasta
On 15.3.2012 14:20, Petr Viktorin wrote: On 03/15/2012 12:05 PM, Jan Cholasta wrote: On 15.3.2012 11:36, Jan Cholasta wrote: (this is a continuation of http://www.redhat.com/archives/freeipa-devel/2011-September/msg00327.html) Hi, the attached patches fix https://fedorahosted.org/freeipa

Re: [Freeipa-devel] [PATCHES] 0016-17 Fixes for{add, set, del}attr with managed attributes

2012-03-16 Thread Jan Cholasta
schema is a bit of a nasty business right now. See 10-selinuxusermap.update for an example. rob Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES] 0016-17 Fixes for{add, set, del}attr with managed attributes

2012-03-16 Thread Jan Cholasta
On 16.3.2012 14:14, Petr Viktorin wrote: I may be taking things out of context, but I see this: On 03/16/2012 02:07 PM, Rob Crittenden wrote: Jan Cholasta wrote: On 29.2.2012 15:50, Rob Crittenden wrote: Petr Viktorin wrote: On 02/27/2012 11:03 PM, Rob Crittenden wrote: .. snip .. Patch

[Freeipa-devel] [PATCH] 70 Parse zone indices in IPv6 addresses in CheckedIPAddress

2012-03-19 Thread Jan Cholasta
https://fedorahosted.org/freeipa/ticket/2138 Honza -- Jan Cholasta From bfb4d16171de95adb6d6dc1b144f8d6ae3259aee Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Mon, 19 Mar 2012 08:52:11 -0400 Subject: [PATCH] Parse zone indices in IPv6 addresses in CheckedIPAddress

Re: [Freeipa-devel] [PATCH] 989 import plugins on context, not in_server

2012-03-19 Thread Jan Cholasta
On 16.3.2012 22:19, Rob Crittenden wrote: in_server controls how messages are dispatched. We should import on context. This prevents the error message session memcached servers not running in ipa-ldap-updater and ipa-replica-manage. rob ACK. Honza -- Jan Cholasta

[Freeipa-devel] [PATCH] 71 Propagate SIGINT to child process in ipautil.run

2012-03-20 Thread Jan Cholasta
Propagate SIGINT to child process in ipautil.run. Wait for the child process to terminate before continuing. Do cleanup on KeyboardInterrupt rather than in custom SIGINT handler in ipa-replica-conncheck. https://fedorahosted.org/freeipa/ticket/2127 Honza -- Jan Cholasta From

Re: [Freeipa-devel] [PATCH] 985 no longer shell escape for pkisilent

2012-03-21 Thread Jan Cholasta
On 20.3.2012 22:34, Rob Crittenden wrote: pkisilent now shell escapes its arguments so we no longer need to do so, and in fact, if we do it ends up with double-escaping breaking all installs of IPA with a dogtag CA. rob ACK. Honza -- Jan Cholasta

Re: [Freeipa-devel] [PATCH] 240 Fix LDAP effective rights control with python-ldap 2.4.x

2012-03-21 Thread Jan Cholasta
(True, dn: + binddn.encode('UTF-8'))] self.conn.set_option(_ldap.OPT_SERVER_CONTROLS, sctrl) (dn, attrs) = self.get_entry(dn, entry_attrs) # remove the control so subsequent operations don't include GER Honza -- Jan Cholasta

[Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-26 Thread Jan Cholasta
https://fedorahosted.org/freeipa/ticket/2521 Honza -- Jan Cholasta From 8c078285b4703f3ddb991665ec4a548b44a3e97d Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Mon, 26 Mar 2012 07:11:41 -0400 Subject: [PATCH] Fix uses of O=REALM instead of the configured certificate

Re: [Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-26 Thread Jan Cholasta
On 26.3.2012 16:15, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2521 Honza You can still set a custom subject base for selfsign installations so you need a special case in valid_issuer(). For selfsign installations, the issuer is always CN=REALM

Re: [Freeipa-devel] [PATCH] 70 Parse zone indices in IPv6 addresses in CheckedIPAddress

2012-03-27 Thread Jan Cholasta
On 27.3.2012 10:43, Martin Kosek wrote: On Mon, 2012-03-19 at 14:02 +0100, Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2138 Honza This will work, I just think that a documentation of this issue can be improved. 1) A short comment in the following part explaining why do we

Re: [Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-27 Thread Jan Cholasta
On 26.3.2012 22:17, Rob Crittenden wrote: Jan Cholasta wrote: On 26.3.2012 16:15, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2521 Honza You can still set a custom subject base for selfsign installations so you need a special case in valid_issuer

Re: [Freeipa-devel] [PATCHES] Improve framework parameter validation

2012-03-27 Thread Jan Cholasta
On 27.3.2012 16:00, Martin Kosek wrote: On Thu, 2012-03-15 at 14:57 +0100, Jan Cholasta wrote: On 15.3.2012 14:20, Petr Viktorin wrote: On 03/15/2012 12:05 PM, Jan Cholasta wrote: On 15.3.2012 11:36, Jan Cholasta wrote: (this is a continuation of http://www.redhat.com/archives/freeipa-devel

Re: [Freeipa-devel] [PATCHES] Improve framework parameter validation

2012-03-28 Thread Jan Cholasta
On 27.3.2012 17:41, Martin Kosek wrote: On Tue, 2012-03-27 at 16:42 +0200, Martin Kosek wrote: On Tue, 2012-03-27 at 16:30 +0200, Jan Cholasta wrote: On 27.3.2012 16:00, Martin Kosek wrote: On Thu, 2012-03-15 at 14:57 +0100, Jan Cholasta wrote: On 15.3.2012 14:20, Petr Viktorin wrote: On 03

Re: [Freeipa-devel] [PATCH] 971 detect binary LDAP data

2012-03-29 Thread Jan Cholasta
On 29.3.2012 00:20, Rob Crittenden wrote: Jan Cholasta wrote: On 29.2.2012 15:45, Rob Crittenden wrote: Jan Cholasta wrote: On 28.2.2012 18:58, Rob Crittenden wrote: Jan Cholasta wrote: On 28.2.2012 18:02, Petr Viktorin wrote: On 02/28/2012 04:45 PM, Rob Crittenden wrote: Petr Viktorin

[Freeipa-devel] [PATCH] 73 Check whether the default user group is POSIX when adding new user with --noprivate

2012-04-03 Thread Jan Cholasta
https://fedorahosted.org/freeipa/ticket/2572 Honza -- Jan Cholasta From 2fbfab66064d045c192d2cc8d747d30bca1ebdc6 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 29 Mar 2012 09:12:36 -0400 Subject: [PATCH] Check whether the default user group is POSIX when adding new

[Freeipa-devel] [PATCH] 74 Check configured maximum user login length on user rename

2012-04-03 Thread Jan Cholasta
https://fedorahosted.org/freeipa/ticket/2587 Honza -- Jan Cholasta From 595e012ae9b6a7f4f6eef7d534dcb9e7c7574144 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Tue, 3 Apr 2012 09:23:39 -0400 Subject: [PATCH] Check configured maximum user login length on user rename

Re: [Freeipa-devel] [PATCH] 73 Check whether the default user group is POSIX when adding new user with --noprivate

2012-04-04 Thread Jan Cholasta
On 3.4.2012 13:04, Martin Kosek wrote: On Tue, 2012-04-03 at 13:02 +0200, Martin Kosek wrote: On Tue, 2012-04-03 at 11:58 +0200, Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2572 Honza NACK. This creates a regression: # ipa group-show foogroup Group name: foogroup

Re: [Freeipa-devel] [PATCH] 1003 return consistent value in netgroup triple

2012-04-05 Thread Jan Cholasta
all be empty. This patch uses a new feature of slapi-nis-0.40 so we can use an expression in a pad. rob NACK, this does not work for new installs. Did you forget to include install/share/*.ldif files in the commit? Honza -- Jan Cholasta

Re: [Freeipa-devel] [PATCH] 1003 return consistent value in netgroup triple

2012-04-06 Thread Jan Cholasta
On 5.4.2012 20:55, Rob Crittenden wrote: Jan Cholasta wrote: On 5.4.2012 17:04, Rob Crittenden wrote: When constructing netgroup triples with hostcat or usercat set to all we weren't setting the user/host part of the triple correctly. The first entry would have '' as the host/user value

Re: [Freeipa-devel] [PATCH] 74 Check configured maximum user login length on user rename

2012-04-06 Thread Jan Cholasta
On 5.4.2012 23:38, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2587 Honza This looks ok, it would be nice to have a unit test. rob Test added. Honza -- Jan Cholasta From bdb9fa42a4bc892a97ffe5f3d6721b24ed1686a9 Mon Sep 17 00:00:00 2001 From: Jan

Re: [Freeipa-devel] [RANT] --setattr validation is a minefield.

2012-04-10 Thread Jan Cholasta
on known attributes. To be functionally complete, we should also add validated equivalents of --{add,del}attr to *-mod commands for all multivalue params (think --add-param and --del-param for each --param). Honza -- Jan Cholasta ___ Freeipa-devel

Re: [Freeipa-devel] [PATCH 72] Validate DN RDN parameters for migrate command

2012-04-10 Thread Jan Cholasta
, there are some related tickets: https://fedorahosted.org/freeipa/ticket/2033, https://fedorahosted.org/freeipa/ticket/2265. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-devel] [RANT] --setattr validation is a minefield.

2012-04-11 Thread Jan Cholasta
On 10.4.2012 19:56, Dmitri Pal wrote: On 04/10/2012 01:48 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 04/10/2012 07:07 PM, Martin Kosek wrote: On Tue, 2012-04-10 at 17:03 +0200, Jan Cholasta wrote: On 10.4.2012 16:00, Petr Viktorin wrote: I'm aware that we have backwards compatibility

Re: [Freeipa-devel] [RANT] --setattr validation is a minefield.

2012-04-11 Thread Jan Cholasta
On 11.4.2012 09:27, Martin Kosek wrote: On Wed, 2012-04-11 at 09:18 +0200, Jan Cholasta wrote: On 10.4.2012 19:56, Dmitri Pal wrote: On 04/10/2012 01:48 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 04/10/2012 07:07 PM, Martin Kosek wrote: On Tue, 2012-04-10 at 17:03 +0200, Jan Cholasta

[Freeipa-devel] [PATCH] 75 Fix internal error when renaming user with an empty string

2012-04-12 Thread Jan Cholasta
https://fedorahosted.org/freeipa/ticket/2629 Honza -- Jan Cholasta From da5f23b9d85a5b1725e2204758faa4bac90f0a58 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 12 Apr 2012 07:29:21 -0400 Subject: [PATCH] Fix internal error when renaming user with an empty string

Re: [Freeipa-devel] [PATCH] 249 Return correct record name in DNS plugin

2012-04-12 Thread Jan Cholasta
these commands are used. This patch fixes these 2 commands to return correct value when a root zone is modified. https://fedorahosted.org/freeipa/ticket/2627 https://fedorahosted.org/freeipa/ticket/2628 Works as advertised. ACK. Honza -- Jan Cholasta

Re: [Freeipa-devel] [PATCH] 248 Raise proper exception when LDAP limits are exceeded

2012-04-12 Thread Jan Cholasta
exists. This patch fixes the behavior in ldap2 plugin to return LimitsExceeded exception instead. This way, user would know that his time/size limits are set too low and can amend them to get correct results. https://fedorahosted.org/freeipa/ticket/2606 ACK. Honza -- Jan Cholasta

Re: [Freeipa-devel] [PATCH] 75 Fix internal error when renaming user with an empty string

2012-04-18 Thread Jan Cholasta
On 12.4.2012 14:12, Martin Kosek wrote: On Thu, 2012-04-12 at 13:34 +0200, Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2629 Honza ACK. I will wait with push until the ticket is triaged. Martin Push please :-) Honza -- Jan Cholasta

[Freeipa-devel] [PATCH] 76 Refactor exc_callback invocation

2012-04-23 Thread Jan Cholasta
. Honza -- Jan Cholasta From 8e070f571472ed5a27339bcc980b67ecca41b337 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 19 Apr 2012 08:06:32 -0400 Subject: [PATCH] Refactor exc_callback invocation. Replace _call_exc_callbacks with a function wrapper, which will automatically

Re: [Freeipa-devel] [PATCH] index fqdn and macAddress attributes

2012-04-23 Thread Jan Cholasta
On 16.4.2012 22:32, Nalin Dahyabhai wrote: When we implement ticket #2259, indexing fqdn and macAddress should help the Schema Compatibility and NIS Server plugins locate relevant computer entries more easily. Nalin Please add the indices to install/share/indices.ldif as well. Honza -- Jan

Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps

2012-04-23 Thread Jan Cholasta
if ypcat and ypmatch work as expected, I would prefer if someone with more LDAP/NIS knowledge took a look at the patches before pushing them. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman

Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps

2012-04-23 Thread Jan Cholasta
On 23.4.2012 17:21, Jan Cholasta wrote: On 16.4.2012 22:51, Nalin Dahyabhai wrote: The ethers.byname and ethers.byaddr NIS maps pair host names and hardware network addresses. This should close ticket #2259. Nalin Please add this to install/updates/50-nis.update as well. Besides that, ACK

Re: [Freeipa-devel] have you been running master?

2012-04-23 Thread Jan Cholasta
installs per day and I haven't noticed any issues. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] index fqdn and macAddress attributes

2012-04-24 Thread Jan Cholasta
On 23.4.2012 22:46, Nalin Dahyabhai wrote: On Mon, Apr 23, 2012 at 04:40:11PM +0200, Jan Cholasta wrote: On 16.4.2012 22:32, Nalin Dahyabhai wrote: When we implement ticket #2259, indexing fqdn and macAddress should help the Schema Compatibility and NIS Server plugins locate relevant computer

Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries

2012-04-24 Thread Jan Cholasta
On 23.4.2012 22:45, Nalin Dahyabhai wrote: On Mon, Apr 23, 2012 at 05:03:28PM +0200, Jan Cholasta wrote: On 16.4.2012 22:39, Nalin Dahyabhai wrote: This bit of configuration creates a cn=computers area under cn=compat which we populate with ieee802Device entries corresponding to any ipaHost

Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps

2012-04-24 Thread Jan Cholasta
On 23.4.2012 23:18, Nalin Dahyabhai wrote: On Mon, Apr 23, 2012 at 05:40:27PM +0200, Jan Cholasta wrote: On 23.4.2012 17:21, Jan Cholasta wrote: On 16.4.2012 22:51, Nalin Dahyabhai wrote: The ethers.byname and ethers.byaddr NIS maps pair host names and hardware network addresses. This should

Re: [Freeipa-devel] [PATCH] 76 Refactor exc_callback invocation

2012-04-24 Thread Jan Cholasta
On 23.4.2012 18:47, Petr Viktorin wrote: On 04/23/2012 04:33 PM, Jan Cholasta wrote: Hi, this patch replaces _call_exc_callbacks with a function wrapper, which will automatically call exception callbacks when an exception is raised from the function. This removes the need to specify

Re: [Freeipa-devel] [PATCH] compat ieee802Device entries for ipaHost entries

2012-04-24 Thread Jan Cholasta
On 24.4.2012 16:21, Nalin Dahyabhai wrote: On Tue, Apr 24, 2012 at 12:03:31PM +0200, Jan Cholasta wrote: I did some more testing and found out that this line: default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})' needs to be changed to: default:schema-compat-entry-rdn: cn=%first(%{fqdn

Re: [Freeipa-devel] [PATCH] add ethers.byname and ethers.byaddr NIS maps

2012-04-25 Thread Jan Cholasta
On 24.4.2012 16:57, Nalin Dahyabhai wrote: On Tue, Apr 24, 2012 at 01:02:44PM +0200, Jan Cholasta wrote: I'm just curious, why you do this: default:nis-keys-format: %mregsub(%{macAddress} %{fqdn},(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..) (.*),%1) and not simply this: default:nis

[Freeipa-devel] [PATCH] Set the KerberosAuthentication option in sshd_config to no instead of yes

2012-04-30 Thread Jan Cholasta
Setting the option to yes causes sshd to handle kinits itself, bypassing SSSD. https://fedorahosted.org/freeipa/ticket/2689 Honza -- Jan Cholasta From 9f69b7e77a989c5dbd84942de170a409ad52d22f Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Mon, 30 Apr 2012 11:58:55 -0400

[Freeipa-devel] [PATCH] 78 Redo boolean value encoding

2012-05-07 Thread Jan Cholasta
, as all LDAP encoding should be done in the Encoder class. Unit tests show no regressions and fixes for related tickets (https://fedorahosted.org/freeipa/ticket/2039 and https://fedorahosted.org/freeipa/ticket/2616) seem to be intact. Honza -- Jan Cholasta From

Re: [Freeipa-devel] [PATCH] 78 Redo boolean value encoding

2012-05-07 Thread Jan Cholasta
On 7.5.2012 17:59, Martin Kosek wrote: On Mon, 2012-05-07 at 14:48 +0200, Jan Cholasta wrote: Hi, this patch changes the way boolean values are encoded to LDAP boolean syntax. The code for encoding boolean values is moved from the Parameter class to the Encoder class, where the rest of LDAP

[Freeipa-devel] [PATCH] 79 SSH configuration fixes

2012-05-23 Thread Jan Cholasta
Hi, this fixes https://fedorahosted.org/freeipa/ticket/2769 as well as some other issues with SSH configuration in ipa-client-install. Honza -- Jan Cholasta From 6edf63e682ba2021ea6f0ffba76388c5ef232254 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Wed, 23 May 2012 05

Re: [Freeipa-devel] [PATCH] 268 Add rename option for DNS records

2012-05-29 Thread Jan Cholasta
://fedorahosted.org/freeipa/ticket/2466? Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 79 SSH configuration fixes

2012-05-29 Thread Jan Cholasta
On 25.5.2012 18:09, Martin Kosek wrote: On Wed, 2012-05-23 at 11:16 +0200, Jan Cholasta wrote: Hi, this fixes https://fedorahosted.org/freeipa/ticket/2769 as well as some other issues with SSH configuration in ipa-client-install. Honza This fixed the basic functionality, but I discovered

Re: [Freeipa-devel] [PATCH] 268 Add rename option for DNS records

2012-05-31 Thread Jan Cholasta
On 31.5.2012 11:10, Martin Kosek wrote: On Wed, 2012-05-30 at 18:01 +0200, Jan Cholasta wrote: On 29.5.2012 16:59, Martin Kosek wrote: On Tue, 2012-05-29 at 16:40 +0200, Jan Cholasta wrote: On 29.5.2012 16:01, Martin Kosek wrote: This option will make renaming DNS records much easier. Add

Re: [Freeipa-devel] [PATCH][WIP] LDAP encoding redone

2012-07-02 Thread Jan Cholasta
Dne 29.6.2012 21:07, Rob Crittenden napsal(a): Jan Cholasta wrote: Hi, this is the next patch in the input validation handling series https://fedorahosted.org/freeipa/ticket/2357. It changes the way entries are encoded and decoded in the LDAP backend. The patch consists of several changes

Re: [Freeipa-devel] [PATCH] 283 Improve address family handling in sockets

2012-07-13 Thread Jan Cholasta
. Current IPA version will produce bunch of tracebacks, patched IPA should work without any issue Martin ACK, both IPv4-only and IPv6-only installs work fine. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

Re: [Freeipa-devel] [PATCH] 281 Enable SOA serial autoincrement

2012-07-13 Thread Jan Cholasta
,) 3) In ipa-upgradeconfig: +else: +psearch = psearch.lower() if psearch is not None else None IMO it would be nicer to do: +elif psearch is not None: +psearch = psearch.lower() or: +else: +psearch = psearch and psearch.lower() instead. Honza -- Jan

Re: [Freeipa-devel] [PATCH] 1033 renew CA subsystem certificates

2012-07-25 Thread Jan Cholasta
: +class file read; +class file getattr; +class file open; (to be continued) Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 1033 renew CA subsystem certificates

2012-07-26 Thread Jan Cholasta
Dne 25.7.2012 22:58, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 25.7.2012 16:01, Rob Crittenden napsal(a): Petr Viktorin wrote: On 07/23/2012 10:03 PM, Rob Crittenden wrote: Rob Crittenden wrote: Andrew Wnuk wrote: On 07/16/2012 01:35 PM, Rob Crittenden wrote: Nalin Dahyabhai wrote

Re: [Freeipa-devel] [PATCH] 1033 renew CA subsystem certificates

2012-07-30 Thread Jan Cholasta
Dne 27.7.2012 22:50, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 25.7.2012 22:58, Rob Crittenden napsal(a): Jan Cholasta wrote: All these scripts could use more exception handling, but I guess potential bugs can be sorted out later. Well, they all run in the background so even

Re: [Freeipa-devel] [PATCH] 291 Avoid redundant info message during RPM update

2012-08-02 Thread Jan Cholasta
fixed to avoid print an empty line when an exception without an error message is raised. https://fedorahosted.org/freeipa/ticket/2892 I just noticed that the error message may not be printed at all in same cases. Sending a fixed version. Martin ACK. Honza -- Jan Cholasta

[Freeipa-devel] [PATCH] 80 Add --{set, add, del}attr options to commands which are missing them

2012-08-03 Thread Jan Cholasta
Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/2963. Honza -- Jan Cholasta From 047d3d579e863d46d93168befd502252cb692dc8 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Fri, 3 Aug 2012 03:04:58 -0400 Subject: [PATCH] Add --{set,add,del}attr options

[Freeipa-devel] [PATCH] 81 Make --{set,add,del}attr more robust

2012-08-03 Thread Jan Cholasta
Hi, this patch fixes --addattr on single value attributes in add commands and --delattr on non-unicode attributes in mod commands. https://fedorahosted.org/freeipa/ticket/2954 Honza -- Jan Cholasta From 5ebcb5a3c732121bcb70d6d06e75ec13993ff19e Mon Sep 17 00:00:00 2001 From: Jan Cholasta

[Freeipa-devel] Data source-agnostic parameters

2012-08-06 Thread Jan Cholasta
data (useful for --delattr on ugly raw binary values) - fd:num - read value from file descriptor num - env:var - read value from environment variable var - ask: - always prompt interactively for the value - default: - use default value, never prompt interactively Thoughts? Honza -- Jan

Re: [Freeipa-devel] Data source-agnostic parameters

2012-08-06 Thread Jan Cholasta
Dne 6.8.2012 15:20, Simo Sorce napsal(a): On Mon, 2012-08-06 at 10:55 +0200, Jan Cholasta wrote: Hi, while thinking about https://fedorahosted.org/freeipa/ticket/2933, I had an idea how to make loading data from files available for all parameters: I think we can use URI-like strings

Re: [Freeipa-devel] Data source-agnostic parameters

2012-08-06 Thread Jan Cholasta
Dne 6.8.2012 16:10, Alexander Bokovoy napsal(a): On Mon, 06 Aug 2012, Jan Cholasta wrote: Dne 6.8.2012 15:20, Simo Sorce napsal(a): On Mon, 2012-08-06 at 10:55 +0200, Jan Cholasta wrote: Hi, while thinking about https://fedorahosted.org/freeipa/ticket/2933, I had an idea how to make loading

Re: [Freeipa-devel] Data source-agnostic parameters

2012-08-06 Thread Jan Cholasta
Dne 6.8.2012 16:27, John Dennis napsal(a): On 08/06/2012 10:10 AM, Alexander Bokovoy wrote: On Mon, 06 Aug 2012, Jan Cholasta wrote: Dne 6.8.2012 15:20, Simo Sorce napsal(a): On Mon, 2012-08-06 at 10:55 +0200, Jan Cholasta wrote: Hi, while thinking about https://fedorahosted.org/freeipa

Re: [Freeipa-devel] Data source-agnostic parameters

2012-08-06 Thread Jan Cholasta
Dne 6.8.2012 17:29, Simo Sorce napsal(a): On Mon, 2012-08-06 at 16:27 +0200, Jan Cholasta wrote: Dne 6.8.2012 16:10, Alexander Bokovoy napsal(a): On Mon, 06 Aug 2012, Jan Cholasta wrote: Dne 6.8.2012 15:20, Simo Sorce napsal(a): On Mon, 2012-08-06 at 10:55 +0200, Jan Cholasta wrote: Hi

[Freeipa-devel] [PATCH] 82 Raise Base64DecodeError instead of ConversionError when base64 decoding fails in Bytes parameters

2012-08-06 Thread Jan Cholasta
Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/2962. Honza -- Jan Cholasta From 5bd5f6c62661548b7beca3e4d2db30a87e930a22 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Tue, 7 Aug 2012 07:30:41 +0200 Subject: [PATCH] Raise Base64DecodeError instead

[Freeipa-devel] [PATCH] 83 Use OpenSSH-style public keys as the preferred format of SSH public keys

2012-09-04 Thread Jan Cholasta
/sssd/changeset/f130a609a840d4548c795ce5e63afb5891358e20/ (SSSD 1.9.0beta7-to-be) in order to make OpenSSH integration actually work with OpenSSH-style public keys. https://fedorahosted.org/freeipa/ticket/2932 https://fedorahosted.org/freeipa/ticket/2935 Honza -- Jan Cholasta From

Re: [Freeipa-devel] [PATCH] 302 Stricter IP network validator in dnszone-add command

2012-09-05 Thread Jan Cholasta
Dne 5.9.2012 12:48, Martin Kosek napsal(a): On 09/05/2012 12:36 PM, Jan Cholasta wrote: Dne 5.9.2012 12:22, Petr Spacek napsal(a): On 09/05/2012 11:30 AM, Jan Cholasta wrote: Dne 5.9.2012 10:04, Martin Kosek napsal(a): We allowed IP addresses without network specification which lead

Re: [Freeipa-devel] [PATCH] 83 Use OpenSSH-style public keys as the preferred format of SSH public keys

2012-09-06 Thread Jan Cholasta
Dne 5.9.2012 22:57, Rob Crittenden napsal(a): Jan Cholasta wrote: Hi, this patch changes the format of the sshpubkey parameter to the format used by OpenSSH (see sshd(8)). Public keys in the old format (raw RFC 4253 blob) are automatically converted to OpenSSH-style public keys. OpenSSH-style

Re: [Freeipa-devel] [PATCH] 83 Use OpenSSH-style public keys as the preferred format of SSH public keys

2012-09-07 Thread Jan Cholasta
Dne 6.9.2012 17:47, Jan Cholasta napsal(a): Dne 5.9.2012 22:57, Rob Crittenden napsal(a): Jan Cholasta wrote: Hi, this patch changes the format of the sshpubkey parameter to the format used by OpenSSH (see sshd(8)). Public keys in the old format (raw RFC 4253 blob) are automatically

Re: [Freeipa-devel] [PATCH] 1048 update certificate renewal scripts

2012-09-07 Thread Jan Cholasta
renewal patch. Sorry :-) A cert was missing from our list of certs to translate into CS.cfg directives. rob ACK. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0078 ipa-client-install: Obtain host TGT from one specific KDC

2012-09-12 Thread Jan Cholasta
messed up and removed the kinit call entirely when installing on master. Attaching a fix. Works for me, ACK. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 84 Add the SSH service to SSSD config file before trying to activate it

2012-09-12 Thread Jan Cholasta
Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/3069. Users no longer have to configure SSH in sssd.conf manually if the file exists prior to running ipa-client-install. Honza -- Jan Cholasta From 38fd87c7b9d941b76753c3f11eca0058a83b8954 Mon Sep 17 00:00:00 2001 From: Jan

[Freeipa-devel] [PATCH] 85 Add --no-ssh option to ipa-client-install to disable OpenSSH client configuration

2012-09-12 Thread Jan Cholasta
Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/3070. If both --no-ssh and --no-sshd are specified, do not configure the SSH service in SSSD. Honza -- Jan Cholasta From 2a80c57305b099129b192e7ccf52b7f8cc982c41 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date

Re: [Freeipa-devel] [PATCH] 85 Add --no-ssh option to ipa-client-install to disable OpenSSH client configuration

2012-09-13 Thread Jan Cholasta
Dne 12.9.2012 15:53, Jan Cholasta napsal(a): Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/3070. If both --no-ssh and --no-sshd are specified, do not configure the SSH service in SSSD. Honza Note: This patch can be only applied on top of freeipa-jcholast-84-add-ssh-service

Re: [Freeipa-devel] [PATCH] 309 Fix addattr internal error

2012-09-14 Thread Jan Cholasta
more certain when Honza finishes his strict encoding patch he was working on in the summer. With his patch, the attributes should always be a list. Yes. Also, this was already fixed in my patch for https://fedorahosted.org/freeipa/ticket/2954, but it was reverted. Martin Honza -- Jan

[Freeipa-devel] [PATCH] SSHPublicKey.fingerprint_dns_sha1 should return unicode value

2012-09-20 Thread Jan Cholasta
Hi, this one-liner fixes updating DNS SSHFP records in host-mod. Honza -- Jan Cholasta From 132bd4011909589e0db50d71828aeccadb09 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 20 Sep 2012 03:43:30 -0400 Subject: [PATCH] SSHPublicKey.fingerprint_dns_sha1 should

Re: [Freeipa-devel] [PATCH] 1051 Fix CS replica management

2012-09-20 Thread Jan Cholasta
you posted the patch. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 317 Improve StrEnum validation error message

2012-10-01 Thread Jan Cholasta
Dne 1.10.2012 10:05, Martin Kosek napsal(a): On 10/01/2012 09:19 AM, Jan Cholasta wrote: Dne 27.9.2012 14:28, Martin Kosek napsal(a): Do not print list of possible values as %r but simply as a list of quoted values which should make it easier to read for users. Also add a special case when

Re: [Freeipa-devel] [PATCH] 1051 Fix CS replica management

2012-10-08 Thread Jan Cholasta
Hi, On 20.9.2012 19:38, Rob Crittenden wrote: Jan Cholasta wrote: Hi, Dne 31.8.2012 19:43, Rob Crittenden napsal(a): The naming in CS replication agreements is different from IPA agreements, we have to live with what the create. The master side should be on the local side, replica1

Re: [Freeipa-devel] [PATCH] 1051 Fix CS replica management

2012-10-10 Thread Jan Cholasta
On 9.10.2012 21:31, Rob Crittenden wrote: Martin Kosek wrote: On 10/08/2012 05:12 PM, Jan Cholasta wrote: Hi, On 20.9.2012 19:38, Rob Crittenden wrote: Jan Cholasta wrote: Hi, Dne 31.8.2012 19:43, Rob Crittenden napsal(a): The naming in CS replication agreements is different from IPA

[Freeipa-devel] [PATCH] 87 Do not show full SSH public keys in command output by default

2012-10-11 Thread Jan Cholasta
Hi, in my fix for https://fedorahosted.org/freeipa/ticket/2932 I have accidentally changed the behavior of user and host commands to always show full SSH public keys in their output. The attached patch fixes this. Honza -- Jan Cholasta From 9753731152c47fb82f83106dfe16a2b710957291 Mon Sep

Re: [Freeipa-devel] [PATCH] 0091 ipautil.run: Log the command line before running the command

2012-10-16 Thread Jan Cholasta
On 16.10.2012 16:27, Petr Viktorin wrote: On 10/16/2012 04:02 PM, Jan Cholasta wrote: Hi, On 15.10.2012 14:45, Petr Viktorin wrote: As I was debugging code that calls long-running or failing commands, I got tired of the invocation being logged after the command is done. This patch should

Re: [Freeipa-devel] [PATCH] 0091 ipautil.run: Log the command line before running the command

2012-10-16 Thread Jan Cholasta
On 16.10.2012 17:26, Petr Viktorin wrote: On 10/16/2012 04:53 PM, Jan Cholasta wrote: On 16.10.2012 16:27, Petr Viktorin wrote: On 10/16/2012 04:02 PM, Jan Cholasta wrote: Hi, On 15.10.2012 14:45, Petr Viktorin wrote: As I was debugging code that calls long-running or failing commands, I

Re: [Freeipa-devel] [PATCH] 326 Improve compatibility of LDAP rename_s call

2012-10-25 Thread Jan Cholasta
* rename_s operation. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [RFE] Warnings and client capabilities (Was: [PATCH] 0062 Don't crash when server returns extra output)

2012-10-25 Thread Jan Cholasta
: TEST The Web UI will display warnings in a modal message box. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] ipa-client-automount: Add the autofs service if it doesn't exist

2012-10-25 Thread Jan Cholasta
late, but you might want to take a look on how this is done for SSH in ipa-client-install, as it also checks if SSSD was built with support for the feature. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

Re: [Freeipa-devel] --setattr for attributes that are handled via command options

2012-10-26 Thread Jan Cholasta
, as opposed to tiresome checking for these corner use cases in every command. Tomas https://www.redhat.com/archives/freeipa-devel/2012-April/msg00102.html https://www.redhat.com/archives/freeipa-devel/2012-May/msg00068.html -- Jan Cholasta ___ Freeipa

Re: [Freeipa-devel] [RFE] Warnings and client capabilities (Was: [PATCH] 0062 Don't crash when server returns extra output)

2012-10-29 Thread Jan Cholasta
On 26.10.2012 16:35, Petr Viktorin wrote: On 10/25/2012 04:55 PM, Jan Cholasta wrote: Hi, On 23.10.2012 17:57, Petr Viktorin wrote: Here is a draft design document for ticket 2732. Please comment on both the feature itself, and on how to write design documents. PetrĀ¹, please add how the UI

Re: [Freeipa-devel] [PATCH] 1069 use lower-case value for SECURE_NFS

2012-10-29 Thread Jan Cholasta
Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 88 Reword description of the --passsync option of ipa-replica-manage

2012-10-29 Thread Jan Cholasta
Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/3208. Honza -- Jan Cholasta From 00bd0124504d5214e083da9669ba45f5543aa369 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Mon, 29 Oct 2012 05:13:39 -0400 Subject: [PATCH] Reword description of the --passsync

Re: [Freeipa-devel] [PATCH] 329 Use common encoding in modlist generation

2012-10-29 Thread Jan Cholasta
- this will encode the value to LDAP-formatted str and then convert it back to unicode. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 1067 clear out certmonger requests

2012-10-29 Thread Jan Cholasta
in the patch on line 75. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Switch %r specifiers to %s in Public errors

2012-10-30 Thread Jan Cholasta
the values, as that is probably the reason %r was used in the first place - i.e. use '%s' instead of plain %s. Congratulations on your first patch and welcome! Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

Re: [Freeipa-devel] [PATCH] 1069 use lower-case value for SECURE_NFS

2012-10-30 Thread Jan Cholasta
On 29.10.2012 20:31, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 26.10.2012 19:37, Rob Crittenden wrote: We enable SECURE_NFS in ipa-client-automount. Originally I used the string YES which worked fine on Fedora systems with systemd. sysV init systems look for a lower-case yes, so switch

Re: [Freeipa-devel] [PATCH] 1067 clear out certmonger requests

2012-10-30 Thread Jan Cholasta
On 29.10.2012 20:11, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 24.10.2012 21:22, Rob Crittenden wrote: If uninstall fails in certain ways it is possible that some certificates could still be tracked by certmonger (even if the NSS database is now gone). This will loop through

Re: [Freeipa-devel] [PATCH] 329 Use common encoding in modlist generation

2012-10-30 Thread Jan Cholasta
On 29.10.2012 18:51, Martin Kosek wrote: On 10/29/2012 02:17 PM, Jan Cholasta wrote: Hi, On 29.10.2012 10:44, Martin Kosek wrote: ldap2 server plugin generates a modlist for every IPA command entry modification. However, encoding of attributes entry_attrs generated by our framework still does

Re: [Freeipa-devel] [PATCH] 1069 use lower-case value for SECURE_NFS

2012-10-31 Thread Jan Cholasta
On 31.10.2012 15:49, Rob Crittenden wrote: Jan Cholasta wrote: On 29.10.2012 20:31, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 26.10.2012 19:37, Rob Crittenden wrote: We enable SECURE_NFS in ipa-client-automount. Originally I used the string YES which worked fine on Fedora systems

<    1   2   3   4   5   6   7   8   9   10   >