It turns out Nathaniel used a personal e-mail in one of the patches. Add
it to the .mailmap.
Pushed as one-liner to master: c4d00fdd15d043365e8473a1083723d574cb64b2
--
Petr³
From 5b21e95a7bf715ade2b7f7f5509aec7beb6b1ccd Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Mon
On 03/14/2014 07:58 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 03/12/2014 07:48 PM, Rob Crittenden wrote:
[...]
Here are a couple more enhancements I'm considering, this seems simpler
than inter-diff since it is so small.
Not really. Having a patch file with a sequence+revision
On 03/14/2014 06:47 PM, Petr Vobornik wrote:
Main ACI UI changes are in patch #557. The rest are prerequisites.
With this UI it is impossible to change from Type-based permissions to
General ones. This seems to be remaining from the old model where
permissions were
/freeipa/ticket/4257
For all the tests to pass, apply this on top of my patch 0475
--
Petr³
From 6f3c50f875ee9220269f2468825f42474157fe69 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Mon, 17 Mar 2014 15:53:06 +0100
Subject: [PATCH] permission plugin: Do not add
://fedorahosted.org/freeipa/ticket/4231
--
Petr³
From 57014e7d53a825be585159f16a8fe8f02238b4c7 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Tue, 18 Mar 2014 10:33:42 +0100
Subject: [PATCH] cli: Clean up imports
---
ipalib/cli.py | 9 +++--
1 file changed, 3 insertions
On 03/12/2014 11:37 AM, Jan Pazdziora wrote:
On Thu, Mar 06, 2014 at 12:03:23PM +0200, Alexander Bokovoy wrote:
Hi,
we had similar issue in past, in jsonserver_session() class, fixed by
0292ebd1 which Tomas did for ticket https://fedorahosted.org/freeipa/ticket/3252
This one is for
On 03/18/2014 01:09 PM, Petr Vobornik wrote:
New revision for patch patch #557 attached.
On 17.3.2014 15:22, Petr Viktorin wrote:
On 03/14/2014 06:47 PM, Petr Vobornik wrote:
Main ACI UI changes are in patch #557. The rest are prerequisites.
With this UI it is impossible to change from Type
AFAIK this patch was only posted to Trac, where it was kind of
forgotten. Let's move it to the mailing list.
It looks works fine, ACK for those aspects. But Dmitri had some
concerns about the validity of the ticket itself:
Unusual but not critical. In future this can be an OTP prompt
On 03/18/2014 03:50 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
AFAIK this patch was only posted to Trac, where it was kind of
forgotten. Let's move it to the mailing list.
It looks works fine, ACK for those aspects. But Dmitri had some
concerns about the validity of the ticket itself
On 03/18/2014 04:56 PM, Petr Vobornik wrote:
On 18.3.2014 15:07, Petr Viktorin wrote:
On 03/18/2014 01:09 PM, Petr Vobornik wrote:
New revision for patch patch #557 attached.
On 17.3.2014 15:22, Petr Viktorin wrote:
On 03/14/2014 06:47 PM, Petr Vobornik wrote:
Main ACI UI changes
On 03/18/2014 04:17 PM, Gabe Alford wrote:
Patch was posted for review on Feb 19th, but may have missed due to
volume, priorities, etc.
We (freeipa commiters) try to give priority to reviewing patches, but
this one fell through the cracks. Sorry for that!
Please feel free ask for status or
On 03/19/2014 01:43 PM, Martin Basti wrote:
On Tue, 2014-03-18 at 14:34 +0100, Petr Viktorin wrote:
On 09/26/2013 06:52 PM, Martin Basti wrote:
Patch for chapter 5
Contains patch for ticket
https://fedorahosted.org/freeipa/ticket/3842
Hello,
Thanks for the patches!
Next time, when you do
Hello,
This should fix a bug in integration tests. See commit message.
--
Petr³
From bef311329726c4625b61d003c3632538dbb15691 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Thu, 20 Mar 2014 11:45:13 +0100
Subject: [PATCH] test_integration.tasks: Do not fail cleanup
On 03/19/2014 02:33 PM, Jan Cholasta wrote:
On 13.3.2014 13:41, Jan Cholasta wrote:
On 12.3.2014 19:59, Petr Viktorin wrote:
Certmonger is not configured/started in CA-less installs.
That's expected.
I tested fresh installs and upgrades; renewals work fine for me.
161-184 look OK
185
On 03/20/2014 04:22 PM, Misnyovszki Adam wrote:
On Thu, 20 Mar 2014 14:19:51 +0100
Misnyovszki Adam amisn...@redhat.com wrote:
On Fri, 14 Mar 2014 13:26:15 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Misnyovszki Adam wrote:
Hi,
automember-rebuild uses asynchronous 389 task, and
On 03/21/2014 10:29 AM, Petr Viktorin wrote:
On 03/20/2014 04:22 PM, Misnyovszki Adam wrote:
On Thu, 20 Mar 2014 14:19:51 +0100
Misnyovszki Adam amisn...@redhat.com wrote:
On Fri, 14 Mar 2014 13:26:15 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Misnyovszki Adam wrote:
Hi,
automember
On 03/20/2014 07:20 PM, Misnyovszki Adam wrote:
On Tue, 18 Mar 2014 12:02:06 +0100
Petr Viktorin pvikt...@redhat.com wrote:
Hello,
This renames --permissions to --right. The old name is kept as a
deprecated alias.
FreeIPA didn't have a mechanism for doing this, so I added one.
Also, while I
On 03/21/2014 12:00 PM, Misnyovszki Adam wrote:
On Fri, 21 Mar 2014 10:33:00 +0100
Petr Viktorin pvikt...@redhat.com wrote:
On 03/21/2014 10:29 AM, Petr Viktorin wrote:
On 03/20/2014 04:22 PM, Misnyovszki Adam wrote:
On Thu, 20 Mar 2014 14:19:51 +0100
Misnyovszki Adam amisn...@redhat.com
On 03/21/2014 12:10 PM, Misnyovszki Adam wrote:
On Fri, 21 Mar 2014 11:14:43 +0100
Petr Viktorin pvikt...@redhat.com wrote:
On 03/20/2014 07:20 PM, Misnyovszki Adam wrote:
On Tue, 18 Mar 2014 12:02:06 +0100
Petr Viktorin pvikt...@redhat.com wrote:
Hello,
This renames --permissions
On 03/21/2014 12:55 PM, Martin Kosek wrote:
On 03/21/2014 10:29 AM, Misnyovszki Adam wrote:
On Tue, 18 Mar 2014 19:31:31 -0600
Gabe Alford redhatri...@gmail.com wrote:
All,
It looks like the only typos exist in the uk and fr .po files for this
ticket
On 01/28/2014 03:35 PM, Petr Viktorin wrote:
On 01/23/2014 01:54 PM, Petr Viktorin wrote:
[...]
Patch 454 changes the cert generation script for CA-less tests to use
sequential serial numbers rather than random ones, to prevent collisions.
This one is still useful though.
Ping, could
On 03/25/2014 01:42 PM, Tomas Babej wrote:
ACK, patch looks good code wise and resolves the issue.
Pushed to:
master: c885bc3e49b41490668ed8b62989d71ec1cadf34
ipa-3-3: 2ec7c50f3c475e5ffbf2f73968636c483c6503e7
Tomas
On 03/25/2014 11:47 AM, Sumit Bose wrote:
Hi,
since get{grg|pwu}id()
On 03/23/2014 10:35 PM, Alexander Bokovoy wrote:
On Thu, 20 Mar 2014, Martin Kosek wrote:
PKI change done in ticket https://fedorahosted.org/pki/ticket/816
requires the PKI Clone's SSL Server certificate to be issued by
it's associated PKI master.
Allow this call on IPA master.
On 03/24/2014 03:43 PM, Martin Kosek wrote:
On 03/14/2014 04:27 PM, Petr Viktorin wrote:
On 03/13/2014 02:01 PM, Petr Viktorin wrote:
On 03/07/2014 10:45 AM, Martin Kosek wrote:
On 03/05/2014 01:48 PM, Petr Viktorin wrote:
On 03/03/2014 04:10 PM, Petr Viktorin wrote:
On 02/28/2014 02:47 PM
On 03/25/2014 03:05 PM, Jan Cholasta wrote:
On 21.3.2014 09:46, Petr Viktorin wrote:
On 03/19/2014 02:33 PM, Jan Cholasta wrote:
[...]
Updated patches attached.
Note that I changed the path for CSR export to /var/lib/ipa/ca.csr to
make it more SELinux-friendly (not in the policy yet, see
On 03/25/2014 04:12 PM, Jan Cholasta wrote:
On 25.3.2014 16:07, Petr Viktorin wrote:
On 03/25/2014 03:05 PM, Jan Cholasta wrote:
On 21.3.2014 09:46, Petr Viktorin wrote:
On 03/19/2014 02:33 PM, Jan Cholasta wrote:
[...]
Updated patches attached.
Note that I changed the path for CSR export
On 03/25/2014 03:36 PM, Misnyovszki Adam wrote:
On Mon, 24 Mar 2014 17:06:41 +0100
Martin Kosek mko...@redhat.com wrote:
On 03/24/2014 11:42 AM, Misnyovszki Adam wrote:
On Fri, 21 Mar 2014 13:06:21 +0100
Petr Viktorin pvikt...@redhat.com wrote:
On 03/21/2014 12:58 PM, Martin Kosek wrote
On 03/26/2014 12:53 PM, Martin Kosek wrote:
python-pyasn1 and python-qrcode were imported by ipalib but not
required by python subpackage.
https://fedorahosted.org/freeipa/ticket/4275
Thanks, ACK, pushed to master: e04da74626dbaef9990833cf1def23da51981a93
--
Petr³
On 03/27/2014 09:42 AM, Petr Spacek wrote:
On 27.3.2014 00:40, Gabe Alford wrote:
All,
Please review patch for https://fedorahosted.org/freeipa/ticket/3085
Added note that 'nameserver 127.0.0.1' is added to resolv.conf, that
it is
recommended to add more replicas to resolv.conf, and the max
:11, Petr Spacek wrote:
On 18.2.2014 17:34, Nathaniel McCallum wrote:
On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote:
On 02/18/2014 04:45 PM, Petr Spacek wrote:
Hello,
Add wait_for_dns option to default.conf.
This option makes record changes in DNS tree synchronous.
IPA calls will wait
Hello,
I'm trying to add ACIs to allow read access to containers, and I need
some input.
The DS's access control system is not designed to allow access to a
single entry but not its descendants. The [ACI documentation] suggests
some ways to work around it.
This doesn't work that well for
On 04/02/2014 01:34 PM, Tomas Babej wrote:
Hi,
this adds basic trust and legacy client integration tests to our Jenkins
jobs repo.
Thanks!
Pushed to master at https://github.com/encukou/freeipa-ci
--
Petr³
___
Freeipa-devel mailing list
Hello,
This adds read permissions to read Sudo commands, command groups, rules.
Read access is given to all authenticated users.
--
Petr³
From bb9ff134db5427621b13f94e062ed24f725bc280 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 14:19:44 +0100
Subject
Hello,
This adds read permissions to read HBAC rules, services, and service groups.
Read access is given to all authenticated users.
--
Petr³
From e0aa9e6e22ecdb42c0f3b21d42d66e5b5945d80d Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 15:33:49 +0100
0e528f986b92ccb56b6000ae8f9a2d573b5ff44e Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 15:58:08 +0100
Subject: [PATCH] Add managed read permissions to host
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
ipalib/plugins/host.py | 22
On 04/03/2014 12:42 PM, Tomas Babej wrote:
Hi.
these fix the following:
* not properly removed PKI instance on IPA uninstall
* improper usage of external hostname of AD subdomain in the legacy
client tests
* relax regex checks in legacy client tests
* put 2 seconds of sleep after restart of
,
associatedDomain.
These are raw ACIs, not permission-based ones.
--
Petr³
From 6281a7159138d7c3bf024ed4ff370fe1193c5799 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Thu, 3 Apr 2014 12:40:48 +0200
Subject: [PATCH] Allow anonymous read access to containers
All
On 04/03/2014 02:53 PM, Simo Sorce wrote:
On Thu, 2014-04-03 at 13:34 +0200, Petr Viktorin wrote:
Hello,
This adds anonymous read access to containers, as discussed in this
thread:
https://www.redhat.com/archives/freeipa-devel/2014-March/msg00442.html
Additionally access is granted for $SUFFIX
On 04/03/2014 03:28 PM, Simo Sorce wrote:
On Thu, 2014-04-03 at 15:19 +0200, Petr Viktorin wrote:
On 04/03/2014 02:53 PM, Simo Sorce wrote:
On Thu, 2014-04-03 at 13:34 +0200, Petr Viktorin wrote:
Hello,
This adds anonymous read access to containers, as discussed in this
thread:
https
On 04/02/2014 02:38 PM, Petr Spacek wrote:
On 2.4.2014 14:36, Petr Spacek wrote:
Hello,
Add wait_for_dns option to default.conf.
This option makes record changes in DNS tree synchronous.
IPA calls will wait until new data are visible over DNS protocol
or until timeout.
It is intended only
On 04/03/2014 12:55 PM, Petr Viktorin wrote:
On 04/03/2014 12:42 PM, Tomas Babej wrote:
Hi.
these fix the following:
* not properly removed PKI instance on IPA uninstall
* improper usage of external hostname of AD subdomain in the legacy
client tests
* relax regex checks in legacy client
On 03/29/2014 12:22 AM, Gabe Alford wrote:
Changed 127.0.0.1 to 192.0.2.1
On Fri, Mar 28, 2014 at 1:38 AM, Petr Spacek pspa...@redhat.com
mailto:pspa...@redhat.com wrote:
On 28.3.2014 02:09, Gabe Alford wrote:
I believe that Martin is right about the server installer no
On 04/04/2014 01:50 PM, Martin Kosek wrote:
On 04/04/2014 11:57 AM, Petr Viktorin wrote:
On 04/02/2014 02:38 PM, Petr Spacek wrote:
On 2.4.2014 14:36, Petr Spacek wrote:
Hello,
Add wait_for_dns option to default.conf.
This option makes record changes in DNS tree synchronous.
IPA calls
On 03/27/2014 03:37 PM, Misnyovszki Adam wrote:
On Wed, 26 Mar 2014 13:15:55 +0100
Petr Viktorin pvikt...@redhat.com wrote:
[...]
Looks great! I'm just concerned about the error returned when the
task takes too long:
$ ipa automember-rebuild --type group
ipa: ERROR: LDAP timeout
I
On 04/07/2014 01:28 PM, Martin Kosek wrote:
On 04/03/2014 12:09 PM, Petr Viktorin wrote:
Hello,
This adds read permissions to read HBAC rules, services, and service groups.
Read access is given to all authenticated users.
So far looked OK in my tests. What about the ACIs like the following
On 04/07/2014 04:08 PM, Tomas Babej wrote:
Hi,
this patch fixes the issue with using freeipa specific rpms when
defining custom jobs.
Tomas
Thanks!
Pushed to https://github.com/encukou/freeipa-ci.git as
01778989306e19e53b98d4acc72772631a8bb9dd
--
Petr³
On 04/07/2014 05:00 PM, Simo Sorce wrote:
On Mon, 2014-04-07 at 16:43 +0200, Martin Kosek wrote:
On 04/03/2014 01:34 PM, Petr Viktorin wrote:
Hello,
This adds anonymous read access to containers, as discussed in this thread:
https://www.redhat.com/archives/freeipa-devel/2014-March/msg00442
On 04/07/2014 01:30 PM, Martin Kosek wrote:
On 04/03/2014 12:09 PM, Petr Viktorin wrote:
Hello,
This adds read permissions to read Sudo commands, command groups, rules.
Read access is given to all authenticated users.
Looks good. What about ou=sudoers? I think we should also allow
(Default read ACIs for Sudo objects) will add a
non-object permission for ou=sudoers.
--
Petr³
From aa98fbd527727a301737c365dcfeb3245d6a51b2 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Thu, 27 Mar 2014 12:17:37 +0100
Subject: [PATCH] Document the managed permission updater
On 04/08/2014 12:53 PM, Martin Kosek wrote:
On 04/08/2014 11:03 AM, Petr Viktorin wrote:
Patch 0508:
This documents the inputs for the permission updater in the module itself. This
is taken from the design page. I expect it'll need an addition now and then, so
I think it's better to have
: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 15:17:34 +0100
Subject: [PATCH] Add managed read permissions to group
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
ipalib/plugins/group.py | 20
1 file changed, 20 insertions(+)
diff --git
On 04/08/2014 04:39 PM, Martin Kosek wrote:
On 04/08/2014 01:14 PM, Petr Viktorin wrote:
On 04/08/2014 12:53 PM, Martin Kosek wrote:
On 04/08/2014 11:03 AM, Petr Viktorin wrote:
...
The patch is functional, but I am not really a big fan of placing it in the
plugin. I would prefer if the ACI
On 04/08/2014 12:46 PM, Martin Kosek wrote:
On 04/08/2014 11:03 AM, Petr Viktorin wrote:
On 04/07/2014 01:30 PM, Martin Kosek wrote:
On 04/03/2014 12:09 PM, Petr Viktorin wrote:
Hello,
This adds read permissions to read Sudo commands, command groups, rules.
Read access is given to all
On 04/08/2014 04:17 PM, Misnyovszki Adam wrote:
On Mon, 07 Apr 2014 09:43:10 +0200
Petr Viktorin pvikt...@redhat.com wrote:
On 03/27/2014 03:37 PM, Misnyovszki Adam wrote:
On Wed, 26 Mar 2014 13:15:55 +0100
Petr Viktorin pvikt...@redhat.com wrote:
[...]
Looks great! I'm just concerned
On 04/09/2014 12:07 PM, Tomas Babej wrote:
Hi,
the following batch deals with the following:
* cleans up apache's semaphores prior to installing IPA (CA install can
get stuck when IPA is reinstalled many times)
What happens if Apache is running for some reason? Should we also stop
it before
On 04/09/2014 10:59 AM, Martin Kosek wrote:
On 04/07/2014 01:34 PM, Petr Viktorin wrote:
On 04/07/2014 01:28 PM, Martin Kosek wrote:
On 04/03/2014 12:09 PM, Petr Viktorin wrote:
Hello,
This adds read permissions to read HBAC rules, services, and service groups.
Read access is given to all
On 04/09/2014 10:31 AM, Martin Kosek wrote:
On 04/08/2014 05:17 PM, Petr Viktorin wrote:
On 04/08/2014 04:39 PM, Martin Kosek wrote:
On 04/08/2014 01:14 PM, Petr Viktorin wrote:
On 04/08/2014 12:53 PM, Martin Kosek wrote:
On 04/08/2014 11:03 AM, Petr Viktorin wrote:
...
The patch
On 04/09/2014 01:43 PM, Misnyovszki Adam wrote:
On Tue, 08 Apr 2014 17:31:25 +0200
Petr Viktorin pvikt...@redhat.com wrote:
On 04/08/2014 04:17 PM, Misnyovszki Adam wrote:
On Mon, 07 Apr 2014 09:43:10 +0200
Petr Viktorin pvikt...@redhat.com wrote:
On 03/27/2014 03:37 PM, Misnyovszki Adam
On 04/09/2014 01:45 PM, Petr Viktorin wrote:
On 04/09/2014 01:43 PM, Misnyovszki Adam wrote:
On Tue, 08 Apr 2014 17:31:25 +0200
Petr Viktorin pvikt...@redhat.com wrote:
On 04/08/2014 04:17 PM, Misnyovszki Adam wrote:
On Mon, 07 Apr 2014 09:43:10 +0200
Petr Viktorin pvikt...@redhat.com wrote
On 04/09/2014 03:21 PM, Misnyovszki Adam wrote:
On Wed, 09 Apr 2014 14:53:34 +0200
Petr Viktorin pvikt...@redhat.com wrote:
On 04/09/2014 01:45 PM, Petr Viktorin wrote:
On 04/09/2014 01:43 PM, Misnyovszki Adam wrote:
On Tue, 08 Apr 2014 17:31:25 +0200
Petr Viktorin pvikt...@redhat.com wrote
On 04/09/2014 10:31 AM, Martin Kosek wrote:
On 04/08/2014 05:19 PM, Petr Viktorin wrote:
On 04/08/2014 12:46 PM, Martin Kosek wrote:
On 04/08/2014 11:03 AM, Petr Viktorin wrote:
On 04/07/2014 01:30 PM, Martin Kosek wrote:
On 04/03/2014 12:09 PM, Petr Viktorin wrote:
Hello,
This adds read
On 04/09/2014 03:26 PM, Martin Kosek wrote:
On 04/09/2014 03:04 PM, Simo Sorce wrote:
On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote:
On 04/08/2014 02:25 PM, Petr Viktorin wrote:
Hello,
These add read permissions to read user groups and hostgroups.
For most attributes, anonymous read
On 04/09/2014 04:02 PM, Martin Kosek wrote:
On 04/09/2014 03:56 PM, Petr Viktorin wrote:
On 04/09/2014 10:31 AM, Martin Kosek wrote:
On 04/08/2014 05:19 PM, Petr Viktorin wrote:
On 04/08/2014 12:46 PM, Martin Kosek wrote:
On 04/08/2014 11:03 AM, Petr Viktorin wrote:
On 04/07/2014 01:30 PM
On 04/09/2014 02:58 PM, Gabe Alford wrote:
I am good with it.
Gabe
Pushed to docs master: be130d05c2111d31465e57238c5390a5c4ab9de2
On Wed, Apr 9, 2014 at 4:20 AM, Petr Spacek pspa...@redhat.com
mailto:pspa...@redhat.com wrote:
On 9.4.2014 10:29, Martin Basti wrote:
On Tue,
ACIs containing permission:. (Since old-style permissions store
their information in ACIs, their ACIs need to be readable.)
--
Petr³
From cf65d4206ed2a7447dd4e1947b973d77f58ea3d3 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 17:11:23 +0100
Subject: [PATCH
On 04/09/2014 05:08 PM, Martin Kosek wrote:
On 04/09/2014 04:09 PM, Petr Viktorin wrote:
On 04/09/2014 03:26 PM, Martin Kosek wrote:
On 04/09/2014 03:04 PM, Simo Sorce wrote:
On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote:
On 04/08/2014 02:25 PM, Petr Viktorin wrote:
Hello,
These add
On 04/10/2014 11:58 AM, Misnyovszki Adam wrote:
On Tue, 25 Mar 2014 10:23:56 +0100
Petr Viktorin pvikt...@redhat.com wrote:
On 01/28/2014 03:35 PM, Petr Viktorin wrote:
On 01/23/2014 01:54 PM, Petr Viktorin wrote:
[...]
Patch 454 changes the cert generation script for CA-less tests to
use
From: Petr Viktorin pvikt...@redhat.com
Date: Thu, 10 Apr 2014 12:24:41 +0200
Subject: [PATCH] Add mechanism for adding default permissions to privileges
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
ipaserver/install/plugins/update_managed_permissions.py | 11 +++
1
On 04/09/2014 05:17 PM, Martin Kosek wrote:
On 04/09/2014 04:54 PM, Petr Viktorin wrote:
The meta-permissions.
:-)
Read access is given to all authenticated users. Reading membership info (i.e.
privileges) is split into a separate permission.
Another permission is added that allows read
On 04/09/2014 12:25 PM, Martin Kosek wrote:
On 04/03/2014 12:09 PM, Petr Viktorin wrote:
Hello,
This adds read permissions to read hosts.
Read access is given to all authenticated users.
For reading host membership info, there is a separate permission that also
defaults to all authenticated
On 04/10/2014 02:58 PM, Martin Kosek wrote:
On 04/10/2014 01:46 PM, Petr Viktorin wrote:
On 04/09/2014 05:17 PM, Martin Kosek wrote:
On 04/09/2014 04:54 PM, Petr Viktorin wrote:
The meta-permissions.
:-)
Read access is given to all authenticated users. Reading membership info (i.e
On 04/10/2014 03:07 PM, Martin Kosek wrote:
On 04/10/2014 03:02 PM, Petr Viktorin wrote:
On 04/10/2014 02:58 PM, Martin Kosek wrote:
On 04/10/2014 01:46 PM, Petr Viktorin wrote:
On 04/09/2014 05:17 PM, Martin Kosek wrote:
On 04/09/2014 04:54 PM, Petr Viktorin wrote:
The meta-permissions
Read access is given to all authenticated users.
--
Petr³
From 713b37bb023d7d895355a0cd8f8a4bb707d69d0f Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 17:52:28 +0100
Subject: [PATCH] Add managed read permission for SELinux user map
Part of the work
Read access is given to all authenticated users.
--
Petr³
From fe73d63509aba200d94e7d50c0143881965f8701 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 17:11:23 +0100
Subject: [PATCH] Add managed read permissions to realmdomains
Part of the work
On 04/10/2014 03:20 PM, Martin Kosek wrote:
On 04/10/2014 03:10 PM, Petr Viktorin wrote:
On 04/10/2014 03:07 PM, Martin Kosek wrote:
On 04/10/2014 03:02 PM, Petr Viktorin wrote:
On 04/10/2014 02:58 PM, Martin Kosek wrote:
On 04/10/2014 01:46 PM, Petr Viktorin wrote:
On 04/09/2014 05:17 PM
On 04/10/2014 03:04 PM, Martin Kosek wrote:
On 04/10/2014 02:52 PM, Simo Sorce wrote:
On Thu, 2014-04-10 at 13:56 +0200, Petr Viktorin wrote:
On 04/09/2014 12:25 PM, Martin Kosek wrote:
On 04/03/2014 12:09 PM, Petr Viktorin wrote:
Hello,
This adds read permissions to read hosts.
Read access
On 04/08/2014 02:26 PM, Martin Kosek wrote:
On 04/01/2014 10:52 AM, Tomas Babej wrote:
On 04/01/2014 10:40 AM, Alexander Bokovoy wrote:
On Tue, 01 Apr 2014, Tomas Babej wrote:
From 736b3f747188696fd4a46ca63d91a6cca942fd56 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date:
On 04/10/2014 03:55 PM, Petr Viktorin wrote:
Subject: [PATCH] 0516 Add managed read permissions to realmdomains
Read access is given to all authenticated users.
Jenkins tells me this breaks tests. Since realmdomains ACIs are set on a
single entry, not a container, realmdomains_show --all
-- e.g. an
attribute set by `entry.virtual[attr_name] = [x]` would be visible in
entry[attr_name] but would not be synced back to LDAP?
--
Petr³
From 2449c1e9a589001188fe4085c3d2dd219bdbc4e8 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Fri, 11 Apr 2014 12:09:32 +0200
Read access is given as a new privilege, 'Password Policy Readers', and
also to the existing privilege 'Password Policy Administrator'.
--
Petr³
From c61532cd5bbce02f073a94fdceff8169c4d4b52d Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 17:11:23 +0100
On 04/11/2014 02:36 PM, Simo Sorce wrote:
On Fri, 2014-04-11 at 09:48 +0200, Martin Kosek wrote:
On 04/10/2014 05:29 PM, Petr Viktorin wrote:
On 04/10/2014 03:04 PM, Martin Kosek wrote:
On 04/10/2014 02:52 PM, Simo Sorce wrote:
On Thu, 2014-04-10 at 13:56 +0200, Petr Viktorin wrote:
On 04
On 04/14/2014 10:54 AM, Martin Kosek wrote:
On 04/11/2014 02:53 PM, Petr Viktorin wrote:
On 04/11/2014 02:36 PM, Simo Sorce wrote:
On Fri, 2014-04-11 at 09:48 +0200, Martin Kosek wrote:
On 04/10/2014 05:29 PM, Petr Viktorin wrote:
On 04/10/2014 03:04 PM, Martin Kosek wrote:
On 04/10/2014 02
On 04/14/2014 12:03 PM, Martin Kosek wrote:
On 04/11/2014 02:39 PM, Simo Sorce wrote:
On Fri, 2014-04-11 at 14:26 +0200, Petr Viktorin wrote:
Read access is given as a new privilege, 'Password Policy Readers', and
also to the existing privilege 'Password Policy Administrator'.
LGTM
Simo
/archives/freeipa-devel/2014-April/msg00242.html
--
Petr³
From 1eadd2dbafd757abe6e2ac93316754f337da7ba6 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 17:11:23 +0100
Subject: [PATCH] Add managed read permission to service
Part of the work for: https
032c670a403953d3ef033f58c60299845e9ebe0b Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 17:11:23 +0100
Subject: [PATCH] Allow anonymous read access to Kerberos realm container name
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
install/updates/20-aci.update
It turns out the test failure caused by the realmdomains ACI was not a
single occurrence. Another one was caused by Read Group Password Policy.
--
Petr³
From 4eb4c1fe3a0fe22dd15b1f9c7ed10aa3d8098cb4 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Mon, 14 Apr 2014 20:51:29
Read access is given to all authenticated users.
--
Petr³
From 2b41456b18e4ac49b07c4cbd65add0c16c8f25c4 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 14:56:30 +0100
Subject: [PATCH] Add managed read permission to config
Part of the work for: https
On 04/15/2014 09:53 AM, Martin Kosek wrote:
On 04/14/2014 10:00 PM, Petr Viktorin wrote:
Read access is given to all authenticated users.
This only works when I added cn and objectclass attributes to the ACI. Is this
expected?
It would work when we add nsContainer ACI for cn=etc though
On 04/15/2014 12:41 PM, Misnyovszki Adam wrote:
Hi,
this patch fixes FreeIPA Jenkins CI test
freeipa-integration-forced_client_reenrollment-f19, by turning sshfp
records into a set, and sorting them before assertion.
https://fedorahosted.org/freeipa/ticket/4298
Greets
Adam
The list.sort()
On 04/15/2014 09:43 AM, Martin Kosek wrote:
On 04/15/2014 09:38 AM, Martin Kosek wrote:
On 04/14/2014 07:18 PM, Simo Sorce wrote:
On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote:
Hello,
The first patch adds default read permissions to krbtpolicy. Since the
plugin manages entries
Read access to both rules and definitions is given to a new privilege,
'Automember Readers', as well as the existing 'Automember Task
Administrator'.
--
Petr³
From d5d9ca67a3ac3219807efddad4670c71d54f5501 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014
Hello,
At Devconf, we decided what most of the default read permissions should
look like, but we did not get to user.
Here is a draft of 4 read permissions. Please comment.
Basic info (anonymous):
[top]
objectclass
[person]
cn, sn, description
[organizationalPerson]
title
On 04/16/2014 10:02 AM, Martin Kosek wrote:
I was looking into ticket
https://fedorahosted.org/freeipa/ticket/4054
and experimenting with ACIs allowing privileged users to manage only
their own LDAP objects.
As already proposed in the Bugzilla, I had success with following ACIs:
/2014 03:16 PM, Simo Sorce wrote:
On Tue, 2014-04-15 at 13:13 +0200, Petr Viktorin wrote:
On 04/15/2014 09:43 AM, Martin Kosek wrote:
On 04/15/2014 09:38 AM, Martin Kosek wrote:
On 04/14/2014 07:18 PM, Simo Sorce wrote:
On Mon, 2014-04-14 at 18:54 +0200, Petr Viktorin wrote:
Hello,
The first
On 04/16/2014 10:35 AM, Jan Cholasta wrote:
On 11.4.2014 13:31, Petr Viktorin wrote:
One of the default_attributes of permission is memberofindirect, a
virtual attribute manufactured by ldap2, which is set when a permission
is part of a role.
When update_entry is called on an entry
On 04/16/2014 12:07 PM, Petr Viktorin wrote:
On 04/16/2014 07:48 AM, Martin Kosek wrote:
On 04/15/2014 06:10 PM, Ludwig Krispenz wrote:
On 04/15/2014 05:45 PM, Ludwig Krispenz wrote:
On 04/15/2014 05:10 PM, Martin Kosek wrote:
On 04/15/2014 05:08 PM, Simo Sorce wrote:
On Tue, 2014-04-15
On 04/14/2014 04:00 PM, Simo Sorce wrote:
On Mon, 2014-04-14 at 12:55 +0200, Martin Kosek wrote:
When heading for a lunch today, I had a discussion with Petr3 about ACIs for
cn=etc,SUFFIX. On our initial meeting back at DevConf.cz time, we said we will
simply allow all attributes in cn=etc for
Read access is given to all authenticated users.
--
Petr³
From 1234bfbc321444365cdf7e7b263cf46e1eb25624 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 16:29:16 +0100
Subject: [PATCH] Add managed read permission to idrange
Part of the work for: https
A single permission granting anonymous read access covers
automountlocation, automountmap, and automountkey.
--
Petr³
From 76e983917332c2a8db89b944e2aab78ea14d5662 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 17:11:23 +0100
Subject: [PATCH] Add managed
On 04/16/2014 02:45 PM, Simo Sorce wrote:
On Wed, 2014-04-16 at 10:20 +0200, Petr Viktorin wrote:
On 04/16/2014 10:02 AM, Martin Kosek wrote:
I was looking into ticket
https://fedorahosted.org/freeipa/ticket/4054
and experimenting with ACIs allowing privileged users to manage only
their own
1101 - 1200 of 1752 matches
Mail list logo