On 31.10.2012 16:28, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.10.2012 20:11, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 24.10.2012 21:22, Rob Crittenden wrote:
If uninstall fails in certain ways it is possible that some
certificates
could still be tracked by certmonger (even
:
+except Exception, e:
+syslog.syslog(syslog.LOG_ERR, 'Updating renewal certificate
failed: %s' % e)
+time.sleep(30)
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
On 1.11.2012 16:32, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 24.10.2012 21:24, Rob Crittenden wrote:
All the certs are pretty critical in certificate renewal but the agent
cert has the distinction of having to be updated in multiple places. It
needs to exist in both LDAP servers
On 1.11.2012 16:54, Rob Crittenden wrote:
Jan Cholasta wrote:
On 1.11.2012 16:32, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 24.10.2012 21:24, Rob Crittenden wrote:
All the certs are pretty critical in certificate renewal but the agent
cert has the distinction of having to be updated
this is
resolved. (This should not affect diff in dns.py in any way).
Martin
This might be a stupid question, but why is NONE in upper case and the
rest of the values in lower case?
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel
On 1.11.2012 19:25, Rob Crittenden wrote:
Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3208.
There are two typos, PasSync with only 2 s's.
I think there should be a separate section on PassSync explaining what
the service
, it is actually fedorahosted that is slow. See how
fast it is on other sites, e.g. https://dev.openwrt.org or
http://bind10.isc.org.
The big win I see in patchwork is the automation, which is not in full
force yet and can be improved.
Simo.
Honza
--
Jan Cholasta
://fedorahosted.org/freeipa/ticket/2588
Lynn Root
Associate Software Engineer
Red Hat
- Original Message -
From: Martin Kosek mko...@redhat.com
To: Jan Cholasta jchol...@redhat.com
Cc: Lynn Root lr...@redhat.com, freeipa-devel@redhat.com
Sent: Tuesday, October 30, 2012 9:08:33 AM
Subject: Re
to display a traceback rather than a nice error
message IMO.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 7.11.2012 16:08, Lynn Root wrote:
Third time is a charm?
Lynn Root
Associate Software Engineer
Red Hat
- Original Message -
From: Jan Cholasta jchol...@redhat.com
To: Lynn Root lr...@redhat.com
Cc: freeipa-devel@redhat.com
Sent: Monday, November 5, 2012 10:25:32 AM
Subject: Re
to track this down.
Once again - thanks for your help!
Lynn Root
Associate Software Engineer
Red Hat
- Original Message -
From: Martin Kosek mko...@redhat.com
To: Jan Cholasta jchol...@redhat.com
Cc: Lynn Root lr...@redhat.com, freeipa-devel@redhat.com
Sent: Thursday, November 8, 2012 8:46
On 12.11.2012 12:50, Lynn Root wrote:
Lynn Root
Associate Software Engineer
Red Hat
- Original Message -
From: Jan Cholasta jchol...@redhat.com
To: Lynn Root lr...@redhat.com
Cc: freeipa-devel@redhat.com
Sent: Friday, November 9, 2012 3:25:20 PM
Subject: Re: [Freeipa-devel] [PATCH
On 12.11.2012 14:14, Lynn Root wrote:
- Original Message -
On 12.11.2012 12:50, Lynn Root wrote:
Lynn Root
Associate Software Engineer
Red Hat
- Original Message -
From: Jan Cholasta jchol...@redhat.com
To: Lynn Root lr...@redhat.com
Cc: freeipa-devel@redhat.com
Sent
On 9.11.2012 16:06, Jakub Hrozek wrote:
On Tue, Nov 06, 2012 at 08:57:06AM +0100, Jan Cholasta wrote:
On 29.10.2012 17:21, Jakub Hrozek wrote:
An improvement based on Honza's suggestion.
You might want to remove the try block around
sssdconfig.activate_service('autofs'). If it throws
ipasshuser/ipasshhost is).
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
configured on
Fedora 18.
Pass the real agent we will use later to the testing command to
avoid this error.
--
This patch should make it to the upcoming 3.1 release.
Note: this is not reproducible in RHEL-6 systems, so we are covered on this
front.
ACK.
Honza
--
Jan Cholasta
, XML-RPC sucks. This should have been done a long time ago.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
manually. Also make sure
that we stopdisable SSSD when we delete the configuration.
https://fedorahosted.org/freeipa/ticket/3307
ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
options and enablement =
Two new env variables, see Design.
= Replication =
N/A
= Updates and Upgrades =
N/A
= Dependencies =
N/A
= External Impact =
N/A
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
.
= Implementation =
N/A
= Feature Managment =
N/A
= Major configuration options and enablement =
N/A
= Replication =
N/A
= Updates and Upgrades =
N/A
= Dependencies =
N/A
= External Impact =
N/A
--
Jan Cholasta
___
Freeipa-devel mailing list
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3323.
Honza
--
Jan Cholasta
From 9c8a97f8b1ae843679b4deda8b19e6026e532b32 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 8 Jan 2013 16:32:41 +0100
Subject: [PATCH] Raise ValidationError on invalid CSV
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3334.
Honza
--
Jan Cholasta
From 43343dae9ed8cbac6806dd3f7f548b28c872c365 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 9 Jan 2013 18:09:10 +0100
Subject: [PATCH] Run interactive_prompt callbacks after
in
http://freeipa.org/page/V3/RFC_6594_SSHFP_DNS_records. Note that
https://fedorahosted.org/freeipa/ticket/2642#comment:7 still applies.
https://fedorahosted.org/freeipa/ticket/2642
Honza
--
Jan Cholasta
From ad6fb49b3e4ac1b5a66d15ee3c8c1075be322e5d Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol
On 10.1.2013 05:56, Jan Cholasta wrote:
Hi,
Patch 91 removes module ipapython.compat. The code that uses it doesn't
work with ancient Python versions anyway, so there's no need to keep it
around.
Patch 92 adds support for automatic generation of RFC 6594 SSHFP DNS
records to ipa-client-install
what we have in IPA.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
be methods of these classes, etc.).
I really would like to see this improve, but I'm not sure if it's
possible without rewriting the whole framework.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com
On 14.1.2013 18:50, Petr Viktorin wrote:
On 01/14/2013 06:31 PM, Alexander Bokovoy wrote:
On Mon, 14 Jan 2013, Jan Cholasta wrote:
On 14.1.2013 17:06, Petr Viktorin wrote:
IPA Command objects sometimes need to pass some data between their
various methods. Currently that's done using
) yields dn and
attribute dict), but it also must work as an argument to dict
constructor (i.e. iter(entry) yields attribute names). This class will
be removed once our code is converted to use LDAPEntry.
Honza
--
Jan Cholasta
From 55d14475f58fe8e631c0cec63afa929b63762c74 Mon Sep 17 00:00:00 2001
On 17.1.2013 12:46, Petr Viktorin wrote:
On 01/17/2013 09:07 AM, Jan Cholasta wrote:
While this works for dict, I'm not sure if it applies to *all* dict-like
classes that we use.
I don't think we have any classes where it doesn't apply.
Once we completely get rid of entry tuples, we can
Hi,
these patches remove the Entry and Entity classes and move instantiation
of LDAPEntry objects to LDAPConnection.make_entry factory method.
Apply on top of Petr Viktorin's LDAP code refactoring (part 1 2) patches.
Honza
--
Jan Cholasta
From 437ed20f7a1f483f3dd20e4d80731571acddaf06 Mon
of
LDAPConnection might be confusing to someone (connection in connection?).
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ldap-refactor:pviktori-ldap-refactor
I don't think patch 139 is necessary, I fixed this problem in patch 95
by not including 'dn' as attribute in _entry_to_entity.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
On 14.1.2013 12:56, Petr Viktorin wrote:
On 01/09/2013 06:11 PM, Jan Cholasta wrote:
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3323.
Honza
The patch works well, but could you also add a test to ensure we don't
regress in the future?
Test added.
--
Jan Cholasta
From
On 23.1.2013 23:45, Rob Crittenden wrote:
Jan Cholasta wrote:
On 10.1.2013 05:56, Jan Cholasta wrote:
Hi,
Patch 91 removes module ipapython.compat. The code that uses it doesn't
work with ancient Python versions anyway, so there's no need to keep it
around.
Patch 92 adds support
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3379.
Honza
--
Jan Cholasta
From 6d4539935cfa9712c5c7b4e6717b6e52ded8b61e Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 28 Jan 2013 14:55:20 +0100
Subject: [PATCH] Pylint cleanup.
Add more dynamic
On 28.1.2013 09:34, Jan Cholasta wrote:
On 25.1.2013 14:54, Petr Viktorin wrote:
On 01/24/2013 03:06 PM, Petr Viktorin wrote:
On 01/24/2013 10:43 AM, Petr Viktorin wrote:
On 01/22/2013 04:04 PM, Petr Viktorin wrote:
On 01/21/2013 06:38 PM, Petr Viktorin wrote:
On 01/17/2013 06:27 PM, Petr
On 22.1.2013 15:32, Jan Cholasta wrote:
Hi,
these patches remove the Entry and Entity classes and move instantiation
of LDAPEntry objects to LDAPConnection.make_entry factory method.
Apply on top of Petr Viktorin's LDAP code refactoring (part 1 2) patches.
Honza
Slightly changed patch 95
Hi,
these patches implement attribute name case preservation in LDAPEntry.
Apply on top of Petr Viktorin's LDAP code refactoring patchset (up to
part 5).
Honza
--
Jan Cholasta
From 8778f668591e28d78741df55dc2bca98917073e5 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date
On 31.1.2013 11:00, Petr Viktorin wrote:
On 01/30/2013 10:53 AM, Petr Viktorin wrote:
On 01/29/2013 04:39 PM, Petr Viktorin wrote:
On 01/28/2013 04:09 PM, Petr Viktorin wrote:
On 01/28/2013 09:34 AM, Jan Cholasta wrote:
On 25.1.2013 14:54, Petr Viktorin wrote:
On 01/24/2013 03:06 PM, Petr
On 31.1.2013 19:59, Rob Crittenden wrote:
Jan Cholasta wrote:
On 23.1.2013 23:45, Rob Crittenden wrote:
Jan Cholasta wrote:
On 10.1.2013 05:56, Jan Cholasta wrote:
Hi,
Patch 91 removes module ipapython.compat. The code that uses it
doesn't
work with ancient Python versions anyway, so
On 1.2.2013 09:47, Petr Viktorin wrote:
On 01/31/2013 07:01 PM, Jan Cholasta wrote:
On 31.1.2013 11:00, Petr Viktorin wrote:
On 01/30/2013 10:53 AM, Petr Viktorin wrote:
On 01/29/2013 04:39 PM, Petr Viktorin wrote:
On 01/28/2013 04:09 PM, Petr Viktorin wrote:
On 01/28/2013 09:34 AM, Jan
On 1.2.2013 16:34, Rob Crittenden wrote:
Jan Cholasta wrote:
On 22.1.2013 15:32, Jan Cholasta wrote:
Hi,
these patches remove the Entry and Entity classes and move instantiation
of LDAPEntry objects to LDAPConnection.make_entry factory method.
Apply on top of Petr Viktorin's LDAP code
On 1.2.2013 12:12, Petr Viktorin wrote:
On 01/31/2013 04:18 PM, Jan Cholasta wrote:
Hi,
these patches implement attribute name case preservation in LDAPEntry.
Apply on top of Petr Viktorin's LDAP code refactoring patchset (up to
part 5).
Honza
Patches 99 101 need some tests to make sure
Hi,
this patchset removes DN normalization code from the framework. Full DNs
including the configured suffix are used instead and must be used in new
code.
Honza
--
Jan Cholasta
From 27b613bd8b4e13a199d6e77d02a48e6bc0c3e050 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
On 4.2.2013 15:49, Petr Viktorin wrote:
On 02/04/2013 02:25 PM, Jan Cholasta wrote:
On 1.2.2013 12:12, Petr Viktorin wrote:
On 01/31/2013 04:18 PM, Jan Cholasta wrote:
Hi,
these patches implement attribute name case preservation in LDAPEntry.
Apply on top of Petr Viktorin's LDAP code
On 5.2.2013 15:45, Petr Viktorin wrote:
On 02/05/2013 01:38 PM, Jan Cholasta wrote:
On 4.2.2013 15:49, Petr Viktorin wrote:
[...]
I see one of the changes is using has_key instead of `in` for a CIDict.
Given that dict.has_key() is deprecated, I think a better solution would
be to add
not have to duplicate the Object
bits for certs and as a result, the code would be cleaner and consistent
with the rest of our plugins.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
and SchemaCache.
I'm posting them early so you can see where I'm going, and so you can
find out if your work will conflict with mine.
Patch 0120 grew a conflict with master, attaching a rebased version.
ACK part 2.
Honza
--
Jan Cholasta
___
Freeipa
in my queue for a while, I think now is a good time to submit them):
The first one moves some old tests from the main code tree to tests/.
(The adtrust_install test wasn't run before, this move makes nose notice
it).
The second converts CIDict's unittest-based suite to nose.
Honza
--
Jan Cholasta
On 14.2.2013 10:45, Petr Viktorin wrote:
This needs a test; here one I used to check it.
Otherwise it works well, ACK if the test is added.
Thank you, test added.
Honza
--
Jan Cholasta
From d845724362507c662e45f21396b46ce520f25a45 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol
On 29.1.2013 10:21, Jan Cholasta wrote:
A patch from this patchset (part 3) causes some of the dns plugin tests
to fail (idnsallowdynupdate is missing in dnszone_add output).
Honza
Patch 143:
+assert isinstance(entry_or_dn, DN)
+if normalize is None or normalize
to find mapping tree entry for %s, self.suffix)
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
in specially
formatted comments.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
returned by
ldap2.get_ipa_config is using the correct IPASimpleLDAPObject and
changed LDAPEntry.clone to be less fragile).
Updated (and rebased) patches attached.
Honza
--
Jan Cholasta
From 78d3da5cc8837ae2f3be9783df6d19af2683f8fe Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date
string.lowercase is locale-dependent, so it
might contain bad values, such as '\xed'. Please use
string.ascii_lowercase instead to prevent this.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
On 25.2.2013 16:29, Ana Krivokapic wrote:
On 02/25/2013 04:10 PM, Jan Cholasta wrote:
Hi,
On 12.2.2013 17:27, Ana Krivokapic wrote:
Add new LDAP container to store the list of domains associated with IPA
realm.
Add two new ipa commands (ipa realmdomains-show and ipa
realmdomains-mod) to allow
On 20.2.2013 13:03, Petr Viktorin wrote:
On 02/19/2013 03:10 PM, Jan Cholasta wrote:
On 1.2.2013 15:38, Petr Viktorin wrote:
Alright, I renamed get_single to single_value().
I also rebased to current master.
Patch 152:
+def single_value(self, name, default=_missing):
+values
On 19.2.2013 16:56, Petr Viktorin wrote:
On 02/19/2013 02:17 PM, Jan Cholasta wrote:
On 29.1.2013 10:21, Jan Cholasta wrote:
A patch from this patchset (part 3) causes some of the dns plugin tests
to fail (idnsallowdynupdate is missing in dnszone_add output).
Honza
Patch 143
On 26.2.2013 11:03, Petr Viktorin wrote:
Thanks. I think you should also add a tearDown method to test_LDAPEntry
which disconnects self.conn if it is connected (the same thing test_ldap
does).
Thanks for the catch, added.
ACK.
--
Jan Cholasta
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3464.
Honza
--
Jan Cholasta
From c40f1f123b905fdd0ee4d05d32f3d86e6ffdccc0 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 27 Feb 2013 14:14:33 +0100
Subject: [PATCH] Fix remove while iterating
)]
-)
+entry['originfilter'] = [disable_attr]
I think you forgot to call update_entry here.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
of changes to get into 3.2 now, I'm
posting these patches mainly so that you are aware that they exist.)
Honza
--
Jan Cholasta
From b365ef78e5f784661261cba1c51f24703d5a3437 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 26 Feb 2013 11:27:55 +0100
Subject: [PATCH 1/8] Make
was used it would still work.
it's the former, there is still code that uses 2-tuples.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 27.2.2013 18:14, John Dennis wrote:
On 02/27/2013 11:23 AM, Jan Cholasta wrote:
Hi,
On 27.2.2013 17:09, John Dennis wrote:
IPA plugins traditionally use (dn, entry_attrs) pairs to represent
entries. To make that work, iterating over an LDAPEntry will, for now,
yield the DN and the entry
On 5.3.2013 11:55, Petr Viktorin wrote:
On 03/05/2013 11:32 AM, Jan Cholasta wrote:
Hi,
On 26.2.2013 15:50, Petr Viktorin wrote:
This removes the --{dirsrv,http,pkinit}-{pkcs12,pin} options.
https://fedorahosted.org/freeipa/ticket/3151
The same options are in ipa-replica-prepare. I think
-server-install always gets stuck while doing LDAP
updates. I am not really sure how these two are connected. Can you
please check if that happens to you on IPA from current master as well?
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa
On 5.3.2013 16:12, Jan Cholasta wrote:
Hi,
On 4.3.2013 15:29, Petr Viktorin wrote:
I did not test the external CA case when we merged DS instances some
time ago, so it ended up broken. Here is a fix.
Our DsInstance class could only be initialized properly by calling
create_instance
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3437.
Honza
--
Jan Cholasta
From 4d9b3cd132981dbf51067adf3d35e5b6b70b673c Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 6 Mar 2013 10:07:13 +0100
Subject: [PATCH] Remove disabled entries from sudoers
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3489.
Honza
--
Jan Cholasta
From ee827fab8cb916ebf2d9b7d21ae4b6f93685e2b2 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 6 Mar 2013 10:20:18 +0100
Subject: [PATCH] Fix internal error in output_for_cli
Hi,
these patches add flags to LDAPClient and IPAdmin constructors which can
be used to disable schema retrieval and decoding of attributes. This
should make interacting with AD easier (see
http://www.redhat.com/archives/freeipa-devel/2013-March/msg00076.html).
Honza
--
Jan Cholasta
From
On 7.3.2013 14:53, Petr Viktorin wrote:
On 03/07/2013 01:43 PM, Jan Cholasta wrote:
Hi,
these patches add flags to LDAPClient and IPAdmin constructors which can
be used to disable schema retrieval and decoding of attributes. This
should make interacting with AD easier (see
http
filter here please?
+:param conn: Bound LDAPConnection that will be used for searching
LDAPClient
Patch 194:
-ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, True)
and
-lh.set_option(ldap.OPT_X_TLS_DEMAND, True)
Is removing these options safe?
Honza
--
Jan
On 7.3.2013 17:59, Petr Viktorin wrote:
On 03/07/2013 04:33 PM, Jan Cholasta wrote:
On 7.3.2013 14:53, Petr Viktorin wrote:
On 03/07/2013 01:43 PM, Jan Cholasta wrote:
Hi,
these patches add flags to LDAPClient and IPAdmin constructors which
can
be used to disable schema retrieval
since I'm not at all familiar with that code
but I don't expect it to be too big a deal.
I'm not necessarily volunteering to do this work, just trying to keep
the ball moving forward.
rob
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa
On 8.3.2013 14:14, Petr Viktorin wrote:
On 03/07/2013 05:42 PM, Jan Cholasta wrote:
Patch 191:
The patch is missing the ipapython/ipaldap.py file.
On 7.3.2013 18:29, Petr Viktorin wrote:
It's there, it's just copied from ipaserver/ipaldap.py with a small
change at the bottom
On 11.3.2013 13:43, Petr Viktorin wrote:
On 03/11/2013 01:13 PM, Jan Cholasta wrote:
On 8.3.2013 14:14, Petr Viktorin wrote:
On 03/07/2013 05:42 PM, Jan Cholasta wrote:
Patch 191:
The patch is missing the ipapython/ipaldap.py file.
On 7.3.2013 18:29, Petr Viktorin wrote:
It's there, it's
we better do this in
user/host/service plugins, as suggested originally. Setting PAC type is
done in the usual place in service plugin after all, even when it is
Kerberos-specific.
rob
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
On 8.3.2013 14:41, Simo Sorce wrote:
On Fri, 2013-03-08 at 10:31 +0100, Jan Cholasta wrote:
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it: http://freeipa.org/page
is the reason for this.)
kadmin.local changes things in LDAP because we use our own backend
driver. It doesn't speak LDAP natively.
rob
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
On 12.3.2013 17:24, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote:
Why can't we set the bitfield (krbTicketFlags) directly? (There is an
ACI preventing that, I'm just wondering what is the reason for this.)
If you tell me who 'we' is (as in what user would set it) I
On 12.3.2013 18:01, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:31 +0100, Jan Cholasta wrote:
On 12.3.2013 17:24, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote:
Why can't we set the bitfield (krbTicketFlags) directly? (There is an
ACI preventing that, I'm just
://fedorahosted.org/389/ticket/534 including the last patch,
which is not yet in git.
Honza
--
Jan Cholasta
From 2e16ca6a5c8c60f59bd8cb4e5eb75bb51ca0fa03 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Fri, 22 Mar 2013 11:15:51 +0100
Subject: [PATCH] Enable SASL mapping fallback
host/service related permission to avoid allowing
this sensitive attribute for lower level admins automatically. If someone wants
it, he can add and assign an appropriate permission.
Correct, this has been already decided.
Updated patch attached.
Honza
--
Jan Cholasta
From
fail when it's too late to fix
things.
Also, the RFE page states that the options to specify PKCS#12 files are
called --http_pkcs and --dirsrv_pkcs, but they are in fact called
--http_pkcs12 and --dirsrv_pkcs12.
Honza
--
Jan Cholasta
___
Freeipa
error when krbticketflags has more than one value
* fixed updates overwriting krbticketflags instead of updating it
* allow krbticketflags to be overwritten when it has non-integer value
* do not hide krbticketflags in command output
Honza
--
Jan Cholasta
From
. This is the message for --selfsign.
Patch 204:
+http_cert_name =check_pkcs12(http_pkcs12_info, ca_file, host_name)
Missing space after equal sign.
More to come tomorrow, when I'm finished with testing.
Honza
--
Jan Cholasta
___
Freeipa-devel
altogether
ldap.update_entry(dn, {'usercertificate': None})
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 29.3.2013 11:14, Jan Cholasta wrote:
On 28.3.2013 18:14, Petr Viktorin wrote:
And another update.
Patch 204: Fix default ID range in ipa-server-install
New patch 206: The host plugin assumed cert-* commands are always
available, and failed when removing/upddating a host because it could
with that).
If no, shouldn't we at least add means to set this flag in host-mod or
service-mod so that admins can set it? I.e. option like --requires-pre-auth=1
I assumed the default value is 0. I changed it to 0x0080.
Updated patch attached.
Honza
--
Jan Cholasta
From
On 29.3.2013 15:31, Petr Viktorin wrote:
On 03/29/2013 11:20 AM, Jan Cholasta wrote:
On 29.3.2013 11:14, Jan Cholasta wrote:
Also I was able to install IPA with revoked certificates, but it doesn't
seem to break anything - the CRL specified in the certificates' CRL
distribution point
Hi,
On 29.3.2013 17:23, Petr Vobornik wrote:
On 03/29/2013 05:10 PM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/3329
Attaching new rebased version.
It seems everything works fine, ACK.
Honza
--
Jan Cholasta
___
Freeipa
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3552.
Honza
--
Jan Cholasta
From 629ac8ce5471c9fb92403cfb8b2f1feceae91a0d Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 8 Apr 2013 10:20:00 +0200
Subject: [PATCH] Use http instead of https for OCSP
Hi,
On 8.4.2013 13:40, Ana Krivokapic wrote:
Hello,
This patch addresses https://fedorahosted.org/freeipa/ticket/3503. See
the commit message for details.
the patch seems OK, I will just run the test suite to make sure you
didn't miss anything.
Honza
--
Jan Cholasta
On 8.4.2013 15:41, Jan Cholasta wrote:
Hi,
On 8.4.2013 13:40, Ana Krivokapic wrote:
Hello,
This patch addresses https://fedorahosted.org/freeipa/ticket/3503. See
the commit message for details.
the patch seems OK, I will just run the test suite to make sure you
didn't miss anything.
Honza
/3291.
As for external user mapping, I'm going to need more input on that.
Alexander and Simo should know more, adding them to CC.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3554.
Honza
--
Jan Cholasta
From fca3caa0515e2ca37b9e04c3c960d59477ccd0a9 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 9 Apr 2013 15:49:15 +0200
Subject: [PATCH] Do actually stop pki_cad in stop_pkicad
:09 PM, Martin Kosek wrote:
On 04/08/2013 03:47 PM, Dmitri Pal wrote:
On 04/08/2013 08:42 AM, Martin Kosek wrote:
On 04/08/2013 10:48 AM, Jan Cholasta wrote:
On 8.4.2013 10:47, Jan Cholasta wrote:
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3552.
Honza
Re-sending
Hi,
the attached patches fix https://fedorahosted.org/freeipa/ticket/3547.
Honza
--
Jan Cholasta
From e5a6141d932bd5f9685a83ad9b039ea334363a00 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Fri, 12 Apr 2013 13:16:17 +0200
Subject: [PATCH 1/2] Use A/ records instead
On 12.4.2013 14:19, Petr Viktorin wrote:
On 04/12/2013 01:24 PM, Jan Cholasta wrote:
Hi,
the attached patches fix https://fedorahosted.org/freeipa/ticket/3547.
Honza
We used short names in the CNAMEs:
$ ipa dnsrecord-find idm.lab.eng.brq.redhat.com ipa-ca
Record name: ipa-ca
CNAME
301 - 400 of 2029 matches
Mail list logo