On 2.3.2012 19:43, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2012-03-02 at 11:40 -0500, Rob Crittenden wrote:
Jan Cholasta wrote:
On 1.3.2012 20:57, Rob Crittenden wrote:
Rob Crittenden wrote:
Jan Cholasta wrote:
On 17.1.2012 04:55, Rob Crittenden wrote:
Jan Cholasta wrote:
Dne
+return False
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 7.3.2012 17:12, Rob Crittenden wrote:
Petr Vobornik wrote:
On 03/06/2012 09:56 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Jan Cholasta wrote:
Dne 18.1.2012 00:04, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 16.1.2012 22:02, Rob Crittenden napsal(a):
Rob Crittenden wrote
On 13.3.2012 22:57, Rob Crittenden wrote:
Jan Cholasta wrote:
On 7.3.2012 17:12, Rob Crittenden wrote:
Petr Vobornik wrote:
On 03/06/2012 09:56 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Jan Cholasta wrote:
Dne 18.1.2012 00:04, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne
--
Jan Cholasta
From c5e1f63ea3bcb15fce5c90aafe700a23565b2213 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 16 Jan 2012 09:21:50 -0500
Subject: [PATCH 2/2] Fix the procedure for getting default values of command
parameters.
The parameters used in default_from of other
On 15.3.2012 11:36, Jan Cholasta wrote:
(this is a continuation of
http://www.redhat.com/archives/freeipa-devel/2011-September/msg00327.html)
Hi,
the attached patches fix https://fedorahosted.org/freeipa/ticket/1847
and https://fedorahosted.org/freeipa/ticket/2245:
[PATCH] Fix the procedure
On 15.3.2012 14:20, Petr Viktorin wrote:
On 03/15/2012 12:05 PM, Jan Cholasta wrote:
On 15.3.2012 11:36, Jan Cholasta wrote:
(this is a continuation of
http://www.redhat.com/archives/freeipa-devel/2011-September/msg00327.html)
Hi,
the attached patches fix https://fedorahosted.org/freeipa
schema is a bit of a nasty business right now. See
10-selinuxusermap.update for an example.
rob
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 16.3.2012 14:14, Petr Viktorin wrote:
I may be taking things out of context, but I see this:
On 03/16/2012 02:07 PM, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.2.2012 15:50, Rob Crittenden wrote:
Petr Viktorin wrote:
On 02/27/2012 11:03 PM, Rob Crittenden wrote:
.. snip ..
Patch
https://fedorahosted.org/freeipa/ticket/2138
Honza
--
Jan Cholasta
From bfb4d16171de95adb6d6dc1b144f8d6ae3259aee Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 19 Mar 2012 08:52:11 -0400
Subject: [PATCH] Parse zone indices in IPv6 addresses in CheckedIPAddress
On 16.3.2012 22:19, Rob Crittenden wrote:
in_server controls how messages are dispatched. We should import on
context.
This prevents the error message session memcached servers not running
in ipa-ldap-updater and ipa-replica-manage.
rob
ACK.
Honza
--
Jan Cholasta
Propagate SIGINT to child process in ipautil.run.
Wait for the child process to terminate before continuing.
Do cleanup on KeyboardInterrupt rather than in custom SIGINT handler in
ipa-replica-conncheck.
https://fedorahosted.org/freeipa/ticket/2127
Honza
--
Jan Cholasta
From
On 20.3.2012 22:34, Rob Crittenden wrote:
pkisilent now shell escapes its arguments so we no longer need to do so,
and in fact, if we do it ends up with double-escaping breaking all
installs of IPA with a dogtag CA.
rob
ACK.
Honza
--
Jan Cholasta
(True, dn: +
binddn.encode('UTF-8'))]
self.conn.set_option(_ldap.OPT_SERVER_CONTROLS, sctrl)
(dn, attrs) = self.get_entry(dn, entry_attrs)
# remove the control so subsequent operations don't include GER
Honza
--
Jan Cholasta
https://fedorahosted.org/freeipa/ticket/2521
Honza
--
Jan Cholasta
From 8c078285b4703f3ddb991665ec4a548b44a3e97d Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 26 Mar 2012 07:11:41 -0400
Subject: [PATCH] Fix uses of O=REALM instead of the configured certificate
On 26.3.2012 16:15, Rob Crittenden wrote:
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/2521
Honza
You can still set a custom subject base for selfsign installations so
you need a special case in valid_issuer().
For selfsign installations, the issuer is always CN=REALM
On 27.3.2012 10:43, Martin Kosek wrote:
On Mon, 2012-03-19 at 14:02 +0100, Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/2138
Honza
This will work, I just think that a documentation of this issue can be
improved.
1) A short comment in the following part explaining why do we
On 26.3.2012 22:17, Rob Crittenden wrote:
Jan Cholasta wrote:
On 26.3.2012 16:15, Rob Crittenden wrote:
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/2521
Honza
You can still set a custom subject base for selfsign installations so
you need a special case in valid_issuer
On 27.3.2012 16:00, Martin Kosek wrote:
On Thu, 2012-03-15 at 14:57 +0100, Jan Cholasta wrote:
On 15.3.2012 14:20, Petr Viktorin wrote:
On 03/15/2012 12:05 PM, Jan Cholasta wrote:
On 15.3.2012 11:36, Jan Cholasta wrote:
(this is a continuation of
http://www.redhat.com/archives/freeipa-devel
On 27.3.2012 17:41, Martin Kosek wrote:
On Tue, 2012-03-27 at 16:42 +0200, Martin Kosek wrote:
On Tue, 2012-03-27 at 16:30 +0200, Jan Cholasta wrote:
On 27.3.2012 16:00, Martin Kosek wrote:
On Thu, 2012-03-15 at 14:57 +0100, Jan Cholasta wrote:
On 15.3.2012 14:20, Petr Viktorin wrote:
On 03
On 29.3.2012 00:20, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.2.2012 15:45, Rob Crittenden wrote:
Jan Cholasta wrote:
On 28.2.2012 18:58, Rob Crittenden wrote:
Jan Cholasta wrote:
On 28.2.2012 18:02, Petr Viktorin wrote:
On 02/28/2012 04:45 PM, Rob Crittenden wrote:
Petr Viktorin
https://fedorahosted.org/freeipa/ticket/2572
Honza
--
Jan Cholasta
From 2fbfab66064d045c192d2cc8d747d30bca1ebdc6 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 29 Mar 2012 09:12:36 -0400
Subject: [PATCH] Check whether the default user group is POSIX when adding
new
https://fedorahosted.org/freeipa/ticket/2587
Honza
--
Jan Cholasta
From 595e012ae9b6a7f4f6eef7d534dcb9e7c7574144 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 3 Apr 2012 09:23:39 -0400
Subject: [PATCH] Check configured maximum user login length on user rename
On 3.4.2012 13:04, Martin Kosek wrote:
On Tue, 2012-04-03 at 13:02 +0200, Martin Kosek wrote:
On Tue, 2012-04-03 at 11:58 +0200, Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/2572
Honza
NACK.
This creates a regression:
# ipa group-show foogroup
Group name: foogroup
all be empty.
This patch uses a new feature of slapi-nis-0.40 so we can use an
expression in a pad.
rob
NACK, this does not work for new installs. Did you forget to include
install/share/*.ldif files in the commit?
Honza
--
Jan Cholasta
On 5.4.2012 20:55, Rob Crittenden wrote:
Jan Cholasta wrote:
On 5.4.2012 17:04, Rob Crittenden wrote:
When constructing netgroup triples with hostcat or usercat set to all we
weren't setting the user/host part of the triple correctly. The first
entry would have '' as the host/user value
On 5.4.2012 23:38, Rob Crittenden wrote:
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/2587
Honza
This looks ok, it would be nice to have a unit test.
rob
Test added.
Honza
--
Jan Cholasta
From bdb9fa42a4bc892a97ffe5f3d6721b24ed1686a9 Mon Sep 17 00:00:00 2001
From: Jan
on known attributes.
To be functionally complete, we should also add validated equivalents of
--{add,del}attr to *-mod commands for all multivalue params (think
--add-param and --del-param for each --param).
Honza
--
Jan Cholasta
___
Freeipa-devel
, there are some related tickets:
https://fedorahosted.org/freeipa/ticket/2033,
https://fedorahosted.org/freeipa/ticket/2265.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa
On 10.4.2012 19:56, Dmitri Pal wrote:
On 04/10/2012 01:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 04/10/2012 07:07 PM, Martin Kosek wrote:
On Tue, 2012-04-10 at 17:03 +0200, Jan Cholasta wrote:
On 10.4.2012 16:00, Petr Viktorin wrote:
I'm aware that we have backwards compatibility
On 11.4.2012 09:27, Martin Kosek wrote:
On Wed, 2012-04-11 at 09:18 +0200, Jan Cholasta wrote:
On 10.4.2012 19:56, Dmitri Pal wrote:
On 04/10/2012 01:48 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 04/10/2012 07:07 PM, Martin Kosek wrote:
On Tue, 2012-04-10 at 17:03 +0200, Jan Cholasta
https://fedorahosted.org/freeipa/ticket/2629
Honza
--
Jan Cholasta
From da5f23b9d85a5b1725e2204758faa4bac90f0a58 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 12 Apr 2012 07:29:21 -0400
Subject: [PATCH] Fix internal error when renaming user with an empty string
these commands are used.
This patch fixes these 2 commands to return correct value when
a root zone is modified.
https://fedorahosted.org/freeipa/ticket/2627
https://fedorahosted.org/freeipa/ticket/2628
Works as advertised. ACK.
Honza
--
Jan Cholasta
exists.
This patch fixes the behavior in ldap2 plugin to return
LimitsExceeded exception instead. This way, user would know
that his time/size limits are set too low and can amend them to
get correct results.
https://fedorahosted.org/freeipa/ticket/2606
ACK.
Honza
--
Jan Cholasta
On 12.4.2012 14:12, Martin Kosek wrote:
On Thu, 2012-04-12 at 13:34 +0200, Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/2629
Honza
ACK. I will wait with push until the ticket is triaged.
Martin
Push please :-)
Honza
--
Jan Cholasta
.
Honza
--
Jan Cholasta
From 8e070f571472ed5a27339bcc980b67ecca41b337 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 19 Apr 2012 08:06:32 -0400
Subject: [PATCH] Refactor exc_callback invocation.
Replace _call_exc_callbacks with a function wrapper, which will automatically
On 16.4.2012 22:32, Nalin Dahyabhai wrote:
When we implement ticket #2259, indexing fqdn and macAddress should help
the Schema Compatibility and NIS Server plugins locate relevant computer
entries more easily.
Nalin
Please add the indices to install/share/indices.ldif as well.
Honza
--
Jan
if ypcat and
ypmatch work as expected, I would prefer if someone with more LDAP/NIS
knowledge took a look at the patches before pushing them.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman
On 23.4.2012 17:21, Jan Cholasta wrote:
On 16.4.2012 22:51, Nalin Dahyabhai wrote:
The ethers.byname and ethers.byaddr NIS maps pair host names and
hardware network addresses. This should close ticket #2259.
Nalin
Please add this to install/updates/50-nis.update as well.
Besides that, ACK
installs per day and I haven't noticed any
issues.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 23.4.2012 22:46, Nalin Dahyabhai wrote:
On Mon, Apr 23, 2012 at 04:40:11PM +0200, Jan Cholasta wrote:
On 16.4.2012 22:32, Nalin Dahyabhai wrote:
When we implement ticket #2259, indexing fqdn and macAddress should help
the Schema Compatibility and NIS Server plugins locate relevant computer
On 23.4.2012 22:45, Nalin Dahyabhai wrote:
On Mon, Apr 23, 2012 at 05:03:28PM +0200, Jan Cholasta wrote:
On 16.4.2012 22:39, Nalin Dahyabhai wrote:
This bit of configuration creates a cn=computers area under cn=compat
which we populate with ieee802Device entries corresponding to any
ipaHost
On 23.4.2012 23:18, Nalin Dahyabhai wrote:
On Mon, Apr 23, 2012 at 05:40:27PM +0200, Jan Cholasta wrote:
On 23.4.2012 17:21, Jan Cholasta wrote:
On 16.4.2012 22:51, Nalin Dahyabhai wrote:
The ethers.byname and ethers.byaddr NIS maps pair host names and
hardware network addresses. This should
On 23.4.2012 18:47, Petr Viktorin wrote:
On 04/23/2012 04:33 PM, Jan Cholasta wrote:
Hi,
this patch replaces _call_exc_callbacks with a function wrapper, which
will automatically call exception callbacks when an exception is raised
from the function. This removes the need to specify
On 24.4.2012 16:21, Nalin Dahyabhai wrote:
On Tue, Apr 24, 2012 at 12:03:31PM +0200, Jan Cholasta wrote:
I did some more testing and found out that this line:
default:schema-compat-entry-rdn: 'cn=%first(%{fqdn})'
needs to be changed to:
default:schema-compat-entry-rdn: cn=%first(%{fqdn
On 24.4.2012 16:57, Nalin Dahyabhai wrote:
On Tue, Apr 24, 2012 at 01:02:44PM +0200, Jan Cholasta wrote:
I'm just curious, why you do this:
default:nis-keys-format: %mregsub(%{macAddress}
%{fqdn},(..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..[:\\\|-]..)
(.*),%1)
and not simply this:
default:nis
Setting the option to yes causes sshd to handle kinits itself,
bypassing SSSD.
https://fedorahosted.org/freeipa/ticket/2689
Honza
--
Jan Cholasta
From 9f69b7e77a989c5dbd84942de170a409ad52d22f Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 30 Apr 2012 11:58:55 -0400
, as
all LDAP encoding should be done in the Encoder class.
Unit tests show no regressions and fixes for related tickets
(https://fedorahosted.org/freeipa/ticket/2039 and
https://fedorahosted.org/freeipa/ticket/2616) seem to be intact.
Honza
--
Jan Cholasta
From
On 7.5.2012 17:59, Martin Kosek wrote:
On Mon, 2012-05-07 at 14:48 +0200, Jan Cholasta wrote:
Hi,
this patch changes the way boolean values are encoded to LDAP boolean
syntax. The code for encoding boolean values is moved from the Parameter
class to the Encoder class, where the rest of LDAP
Hi,
this fixes https://fedorahosted.org/freeipa/ticket/2769 as well as some
other issues with SSH configuration in ipa-client-install.
Honza
--
Jan Cholasta
From 6edf63e682ba2021ea6f0ffba76388c5ef232254 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 23 May 2012 05
://fedorahosted.org/freeipa/ticket/2466?
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 25.5.2012 18:09, Martin Kosek wrote:
On Wed, 2012-05-23 at 11:16 +0200, Jan Cholasta wrote:
Hi,
this fixes https://fedorahosted.org/freeipa/ticket/2769 as well as some
other issues with SSH configuration in ipa-client-install.
Honza
This fixed the basic functionality, but I discovered
On 31.5.2012 11:10, Martin Kosek wrote:
On Wed, 2012-05-30 at 18:01 +0200, Jan Cholasta wrote:
On 29.5.2012 16:59, Martin Kosek wrote:
On Tue, 2012-05-29 at 16:40 +0200, Jan Cholasta wrote:
On 29.5.2012 16:01, Martin Kosek wrote:
This option will make renaming DNS records much easier.
Add
Dne 29.6.2012 21:07, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Hi,
this is the next patch in the input validation handling series
https://fedorahosted.org/freeipa/ticket/2357. It changes the way
entries are encoded and decoded in the LDAP backend.
The patch consists of several changes
. Current IPA version will produce bunch of tracebacks,
patched IPA should work without any issue
Martin
ACK, both IPv4-only and IPv6-only installs work fine.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
,)
3) In ipa-upgradeconfig:
+else:
+psearch = psearch.lower() if psearch is not None else None
IMO it would be nicer to do:
+elif psearch is not None:
+psearch = psearch.lower()
or:
+else:
+psearch = psearch and psearch.lower()
instead.
Honza
--
Jan
:
+class file read;
+class file getattr;
+class file open;
(to be continued)
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Dne 25.7.2012 22:58, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 25.7.2012 16:01, Rob Crittenden napsal(a):
Petr Viktorin wrote:
On 07/23/2012 10:03 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Andrew Wnuk wrote:
On 07/16/2012 01:35 PM, Rob Crittenden wrote:
Nalin Dahyabhai wrote
Dne 27.7.2012 22:50, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 25.7.2012 22:58, Rob Crittenden napsal(a):
Jan Cholasta wrote:
All these scripts could use more exception handling, but I guess
potential bugs can be sorted out later.
Well, they all run in the background so even
fixed to
avoid print an empty line when an exception without an error message
is raised.
https://fedorahosted.org/freeipa/ticket/2892
I just noticed that the error message may not be printed at all in same cases.
Sending a fixed version.
Martin
ACK.
Honza
--
Jan Cholasta
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/2963.
Honza
--
Jan Cholasta
From 047d3d579e863d46d93168befd502252cb692dc8 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Fri, 3 Aug 2012 03:04:58 -0400
Subject: [PATCH] Add --{set,add,del}attr options
Hi,
this patch fixes --addattr on single value attributes in add commands
and --delattr on non-unicode attributes in mod commands.
https://fedorahosted.org/freeipa/ticket/2954
Honza
--
Jan Cholasta
From 5ebcb5a3c732121bcb70d6d06e75ec13993ff19e Mon Sep 17 00:00:00 2001
From: Jan Cholasta
data (useful for
--delattr on ugly raw binary values)
- fd:num - read value from file descriptor num
- env:var - read value from environment variable var
- ask: - always prompt interactively for the value
- default: - use default value, never prompt interactively
Thoughts?
Honza
--
Jan
Dne 6.8.2012 15:20, Simo Sorce napsal(a):
On Mon, 2012-08-06 at 10:55 +0200, Jan Cholasta wrote:
Hi,
while thinking about https://fedorahosted.org/freeipa/ticket/2933, I
had an idea how to make loading data from files available for all
parameters:
I think we can use URI-like strings
Dne 6.8.2012 16:10, Alexander Bokovoy napsal(a):
On Mon, 06 Aug 2012, Jan Cholasta wrote:
Dne 6.8.2012 15:20, Simo Sorce napsal(a):
On Mon, 2012-08-06 at 10:55 +0200, Jan Cholasta wrote:
Hi,
while thinking about https://fedorahosted.org/freeipa/ticket/2933, I
had an idea how to make loading
Dne 6.8.2012 16:27, John Dennis napsal(a):
On 08/06/2012 10:10 AM, Alexander Bokovoy wrote:
On Mon, 06 Aug 2012, Jan Cholasta wrote:
Dne 6.8.2012 15:20, Simo Sorce napsal(a):
On Mon, 2012-08-06 at 10:55 +0200, Jan Cholasta wrote:
Hi,
while thinking about https://fedorahosted.org/freeipa
Dne 6.8.2012 17:29, Simo Sorce napsal(a):
On Mon, 2012-08-06 at 16:27 +0200, Jan Cholasta wrote:
Dne 6.8.2012 16:10, Alexander Bokovoy napsal(a):
On Mon, 06 Aug 2012, Jan Cholasta wrote:
Dne 6.8.2012 15:20, Simo Sorce napsal(a):
On Mon, 2012-08-06 at 10:55 +0200, Jan Cholasta wrote:
Hi
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/2962.
Honza
--
Jan Cholasta
From 5bd5f6c62661548b7beca3e4d2db30a87e930a22 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 7 Aug 2012 07:30:41 +0200
Subject: [PATCH] Raise Base64DecodeError instead
/sssd/changeset/f130a609a840d4548c795ce5e63afb5891358e20/
(SSSD 1.9.0beta7-to-be) in order to make OpenSSH integration actually
work with OpenSSH-style public keys.
https://fedorahosted.org/freeipa/ticket/2932
https://fedorahosted.org/freeipa/ticket/2935
Honza
--
Jan Cholasta
From
Dne 5.9.2012 12:48, Martin Kosek napsal(a):
On 09/05/2012 12:36 PM, Jan Cholasta wrote:
Dne 5.9.2012 12:22, Petr Spacek napsal(a):
On 09/05/2012 11:30 AM, Jan Cholasta wrote:
Dne 5.9.2012 10:04, Martin Kosek napsal(a):
We allowed IP addresses without network specification which lead
Dne 5.9.2012 22:57, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Hi,
this patch changes the format of the sshpubkey parameter to the format
used by OpenSSH (see sshd(8)).
Public keys in the old format (raw RFC 4253 blob) are automatically
converted to OpenSSH-style public keys. OpenSSH-style
Dne 6.9.2012 17:47, Jan Cholasta napsal(a):
Dne 5.9.2012 22:57, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Hi,
this patch changes the format of the sshpubkey parameter to the format
used by OpenSSH (see sshd(8)).
Public keys in the old format (raw RFC 4253 blob) are automatically
renewal patch. Sorry :-)
A cert was missing from our list of certs to translate into CS.cfg
directives.
rob
ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
messed up and removed the kinit call entirely when installing on
master. Attaching a fix.
Works for me, ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3069.
Users no longer have to configure SSH in sssd.conf manually if the file
exists prior to running ipa-client-install.
Honza
--
Jan Cholasta
From 38fd87c7b9d941b76753c3f11eca0058a83b8954 Mon Sep 17 00:00:00 2001
From: Jan
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3070.
If both --no-ssh and --no-sshd are specified, do not configure the SSH
service in SSSD.
Honza
--
Jan Cholasta
From 2a80c57305b099129b192e7ccf52b7f8cc982c41 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date
Dne 12.9.2012 15:53, Jan Cholasta napsal(a):
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3070.
If both --no-ssh and --no-sshd are specified, do not configure the SSH
service in SSSD.
Honza
Note: This patch can be only applied on top of
freeipa-jcholast-84-add-ssh-service
more certain when Honza finishes his strict encoding
patch he was working on in the summer. With his patch, the attributes should
always be a list.
Yes.
Also, this was already fixed in my patch for
https://fedorahosted.org/freeipa/ticket/2954, but it was reverted.
Martin
Honza
--
Jan
Hi,
this one-liner fixes updating DNS SSHFP records in host-mod.
Honza
--
Jan Cholasta
From 132bd4011909589e0db50d71828aeccadb09 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 20 Sep 2012 03:43:30 -0400
Subject: [PATCH] SSHPublicKey.fingerprint_dns_sha1 should
you
posted the patch.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Dne 1.10.2012 10:05, Martin Kosek napsal(a):
On 10/01/2012 09:19 AM, Jan Cholasta wrote:
Dne 27.9.2012 14:28, Martin Kosek napsal(a):
Do not print list of possible values as %r but simply as a list
of quoted values which should make it easier to read for users.
Also add a special case when
Hi,
On 20.9.2012 19:38, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
Dne 31.8.2012 19:43, Rob Crittenden napsal(a):
The naming in CS replication agreements is different from IPA
agreements, we have to live with what the create. The master side should
be on the local side, replica1
On 9.10.2012 21:31, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/08/2012 05:12 PM, Jan Cholasta wrote:
Hi,
On 20.9.2012 19:38, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
Dne 31.8.2012 19:43, Rob Crittenden napsal(a):
The naming in CS replication agreements is different from IPA
Hi,
in my fix for https://fedorahosted.org/freeipa/ticket/2932 I have
accidentally changed the behavior of user and host commands to always
show full SSH public keys in their output. The attached patch fixes this.
Honza
--
Jan Cholasta
From 9753731152c47fb82f83106dfe16a2b710957291 Mon Sep
On 16.10.2012 16:27, Petr Viktorin wrote:
On 10/16/2012 04:02 PM, Jan Cholasta wrote:
Hi,
On 15.10.2012 14:45, Petr Viktorin wrote:
As I was debugging code that calls long-running or failing commands, I
got tired of the invocation being logged after the command is done.
This patch should
On 16.10.2012 17:26, Petr Viktorin wrote:
On 10/16/2012 04:53 PM, Jan Cholasta wrote:
On 16.10.2012 16:27, Petr Viktorin wrote:
On 10/16/2012 04:02 PM, Jan Cholasta wrote:
Hi,
On 15.10.2012 14:45, Petr Viktorin wrote:
As I was debugging code that calls long-running or failing commands, I
* rename_s operation.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
: TEST
The Web UI will display warnings in a modal message box.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
late, but you might want to take a look on how
this is done for SSH in ipa-client-install, as it also checks if SSSD
was built with support for the feature.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
, as opposed to tiresome checking for these corner use cases in
every
command.
Tomas
https://www.redhat.com/archives/freeipa-devel/2012-April/msg00102.html
https://www.redhat.com/archives/freeipa-devel/2012-May/msg00068.html
--
Jan Cholasta
___
Freeipa
On 26.10.2012 16:35, Petr Viktorin wrote:
On 10/25/2012 04:55 PM, Jan Cholasta wrote:
Hi,
On 23.10.2012 17:57, Petr Viktorin wrote:
Here is a draft design document for ticket 2732.
Please comment on both the feature itself, and on how to write design
documents.
PetrĀ¹, please add how the UI
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3208.
Honza
--
Jan Cholasta
From 00bd0124504d5214e083da9669ba45f5543aa369 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 29 Oct 2012 05:13:39 -0400
Subject: [PATCH] Reword description of the --passsync
- this
will encode the value to LDAP-formatted str and then convert it back to
unicode.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
in the patch on line 75.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
the values, as
that is probably the reason %r was used in the first place - i.e. use
'%s' instead of plain %s.
Congratulations on your first patch and welcome!
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
On 29.10.2012 20:31, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 26.10.2012 19:37, Rob Crittenden wrote:
We enable SECURE_NFS in ipa-client-automount. Originally I used the
string YES which worked fine on Fedora systems with systemd. sysV init
systems look for a lower-case yes, so switch
On 29.10.2012 20:11, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 24.10.2012 21:22, Rob Crittenden wrote:
If uninstall fails in certain ways it is possible that some certificates
could still be tracked by certmonger (even if the NSS database is now
gone). This will loop through
On 29.10.2012 18:51, Martin Kosek wrote:
On 10/29/2012 02:17 PM, Jan Cholasta wrote:
Hi,
On 29.10.2012 10:44, Martin Kosek wrote:
ldap2 server plugin generates a modlist for every IPA command entry
modification. However, encoding of attributes entry_attrs generated
by our framework still does
On 31.10.2012 15:49, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.10.2012 20:31, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 26.10.2012 19:37, Rob Crittenden wrote:
We enable SECURE_NFS in ipa-client-automount. Originally I used the
string YES which worked fine on Fedora systems
201 - 300 of 2029 matches
Mail list logo