[Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater

ful for ipa-client-install as well. First part of the work for: https://fedorahosted.org/freeipa/ticket/2652 -- Petr³ From d714df0d6c82081d50369471c6620b810bd15224 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 20 Apr 2012 04:39:59 -0400 Subject: [PATCH] Framework for admin/install tool

[Freeipa-devel] [PATCH] 0057 Skip the fix_replica_memberof update plugin for non-root users

: Petr Viktorin Date: Wed, 30 May 2012 08:08:24 -0400 Subject: [PATCH] Skip the fix_replica_memberof updater plugin for non-root users The plugin does a SASL EXTERNAL bind, for which it needs root privileges. Skip the plugin with a warning if run as a non-root user. https://fedorahosted.org

Re: [Freeipa-devel] [PATCH] 0057 Skip the fix_replica_memberof update plugin for non-root users

On 06/05/2012 10:06 AM, Martin Kosek wrote: On Mon, 2012-06-04 at 11:51 -0400, Simo Sorce wrote: On Mon, 2012-06-04 at 17:22 +0200, Petr Viktorin wrote: An update plugin needed root privileges, and aborted the update if an ordinary user user ran it. With this patch the plugin is skipped with a

[Freeipa-devel] [PATCH] 0058 Prevent deletion of the last admin

hort of adding a new attribute. https://fedorahosted.org/freeipa/ticket/2564 -- Petr³ From 8ae8bf5b0c05caa828eb342c0c24a16be38adae8 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 23 May 2012 05:44:53 -0400 Subject: [PATCH] Prevent deletion of the last admin Raise an error when trying to dele

Re: [Freeipa-devel] [PATCH] 0057 Skip the fix_replica_memberof update plugin for non-root users

On 06/05/2012 03:00 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/05/2012 10:06 AM, Martin Kosek wrote: On Mon, 2012-06-04 at 11:51 -0400, Simo Sorce wrote: On Mon, 2012-06-04 at 17:22 +0200, Petr Viktorin wrote: An update plugin needed root privileges, and aborted the update if an

Re: [Freeipa-devel] [PATCH] 0057 Skip the fix_replica_memberof update plugin for non-root users

On 06/05/2012 04:18 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/05/2012 03:00 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/05/2012 10:06 AM, Martin Kosek wrote: On Mon, 2012-06-04 at 11:51 -0400, Simo Sorce wrote: On Mon, 2012-06-04 at 17:22 +0200, Petr Viktorin wrote: An

[Freeipa-devel] [PATCH] 0057 Only allow root to run update plugins

On 06/05/2012 06:53 PM, Petr Viktorin wrote: On 06/05/2012 04:18 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/05/2012 03:00 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/05/2012 10:06 AM, Martin Kosek wrote: On Mon, 2012-06-04 at 11:51 -0400, Simo Sorce wrote: On Mon, 2012

[Freeipa-devel] [PATCH] 0059 Fix update plugin order

7 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 30 May 2012 08:03:49 -0400 Subject: [PATCH] Fix update plugin order Sort a filtered list in the update plugin ordering method. Unlike the previous algorithm, this always gives a correct order. It should also be faster and more readable.

Re: [Freeipa-devel] [PATCH] 0058 Prevent deletion of the last admin

On 06/05/2012 11:43 PM, Rob Crittenden wrote: Petr Viktorin wrote: Raise an error when trying to delete the last user from the 'admins' group The 'admin' group name seems like something that shouldn't be hardcoded, but that's how it's done in the webui an

[Freeipa-devel] FreeIPA test coverage

Hello, I've put some coverage reports, including some older data, here: http://fedorapeople.org/~pviktori/freeipa-htmlcov/ As you can see we're mostly slowly getting better in this regard. To see where tests are missing, click a report, then sort by the number of "missing" lines. Currently, the

Re: [Freeipa-devel] [PATCH] 0042-0048 AD trusts support (master)

ests in 358.194s FAILED (errors=2, failures=2) == FAILED under '/usr/bin/python2.7' ** FAIL ** It may have been an issue on my side. I will open a ticket if I hit a unit test error again. I did a next round of rev

[Freeipa-devel] [PATCH] 0060 Clean keytabs before installing new keys into them

³ From 693d60a9b9601ee12dc185c38bf68550b10e5d43 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 6 Jun 2012 10:44:06 -0400 Subject: [PATCH] Clean keytabs before installing new keys into them In ipa-client-install (which is also called from server/replica installation), call `ipa-rmkeytab -k

Re: [Freeipa-devel] [PATCH] 0059 Fix update plugin order

On 06/08/2012 04:39 AM, Rob Crittenden wrote: Petr Viktorin wrote: While messing with the ipa-ldap-updater, I found the order method was using an algorithm that could give incorrect results. I'm submitting a fix in an extra patch, as it's largely unrelated and shouldn't be s

Re: [Freeipa-devel] [PATCH] 0059 Fix update plugin order

On 06/08/2012 12:31 PM, Petr Viktorin wrote: On 06/08/2012 04:39 AM, Rob Crittenden wrote: Petr Viktorin wrote: While messing with the ipa-ldap-updater, I found the order method was using an algorithm that could give incorrect results. I'm submitting a fix in an extra patch, as it'

Re: [Freeipa-devel] [PATCH] 19-21 Use exop instead of kadmin.local

On 06/11/2012 09:41 AM, Martin Kosek wrote: On Mon, 2012-06-11 at 10:07 +0300, Alexander Bokovoy wrote: On Fri, 08 Jun 2012, Sumit Bose wrote: On Thu, Jun 07, 2012 at 12:09:32PM +0200, Sumit Bose wrote: now with patches :-) On Thu, Jun 07, 2012 at 12:07:13PM +0200, Sumit Bose wrote: Hi, this

[Freeipa-devel] [PATCH] 0062 Don't crash when server returns extra output

This will make older clients usable if new output items get added to commands. Since there might be important information in the extra output, it's not ignored as the ticket asks. Instead it's printed, but not formatted nicely as the client doesn't have enough info for that. https://fedoraho

Re: [Freeipa-devel] [PATCH] 0050 Fail on unknown Command options

On 06/07/2012 11:37 AM, Petr Vobornik wrote: On 05/28/2012 04:16 PM, Martin Kosek wrote: On Mon, 2012-05-28 at 15:46 +0200, Petr Vobornik wrote: On 05/25/2012 09:20 AM, Petr Vobornik wrote: On 05/16/2012 02:11 PM, Martin Kosek wrote: On Wed, 2012-05-16 at 10:37 +0200, Petr Viktorin wrote

Re: [Freeipa-devel] [PATCH] 0062 Don't crash when server returns extra output

On 06/12/2012 02:38 PM, Simo Sorce wrote: On Tue, 2012-06-12 at 13:12 +0200, Petr Viktorin wrote: This will make older clients usable if new output items get added to commands. Since there might be important information in the extra output, it's not ignored as the ticket asks. Instead

Re: [Freeipa-devel] [PATCH] 1024 add client session support

On 06/11/2012 06:49 PM, Martin Kosek wrote: On Thu, 2012-06-07 at 22:55 -0400, Rob Crittenden wrote: Rob Crittenden wrote: Rob Crittenden wrote: This adds client session support. The session key is stored in the kernel key ring. Your first request should go to /ipa/session/xml where it should

Re: [Freeipa-devel] [PATCH] 0062 Don't crash when server returns extra output

On 06/13/2012 11:40 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/12/2012 02:38 PM, Simo Sorce wrote: On Tue, 2012-06-12 at 13:12 +0200, Petr Viktorin wrote: This will make older clients usable if new output items get added to commands. Since there might be important information in

Re: [Freeipa-devel] [PATCH] 276 Remove trust work unit test failures

On 06/14/2012 11:07 AM, Martin Kosek wrote: Trust work that was pushed recently requires few changes in unit tests to prevent test failures. This patch also removes repetitive construction of group DN in group unit tests. Thanks, the tests pass now. ACK -- Petr³

Re: [Freeipa-devel] [PATCH] 1025 set fixed primary IPA server in client

On 06/11/2012 09:45 PM, Rob Crittenden wrote: Add --fixed-primary flag to control the order of ipa_server in sssd.conf. When set the discovered (or passed) server will be set first rather than _srv_. The default is to have _srv_ set first. rob Works as advertised, just two nitpicks: Applying

Re: [Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater

On 06/04/2012 04:56 PM, Petr Viktorin wrote: Currently, FreeIPA's install/admin scripts are long pieces of code that aren't very reusable, importable, or testable. They have been extended over time with features such as logging and error handling, but since each tool was extended in

Re: [Freeipa-devel] [PATCH] 1027 add logging to ipa-upgradeconfig

On 06/18/2012 10:43 PM, Rob Crittenden wrote: Add some additional logging to ipa-upgradeconfig and have it update /var/log/ipaupgrade.log so we can see what an upgrade has already done. rob I don't think the indentation works too well: 2012-06-19T12:52:47Z INFO Verifying that root certificat

Re: [Freeipa-devel] [PATCH] 277 Per-domain DNS record permissions

On 06/19/2012 08:30 AM, Martin Kosek wrote: On Mon, 2012-06-18 at 11:37 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2012-06-15 at 10:15 -0400, Simo Sorce wrote: On Fri, 2012-06-15 at 15:22 +0200, Martin Kosek wrote: Hello all, In a scope of ticket 2511 I would like to implement

[Freeipa-devel] [PATCH] 0064 Typo fixes

Fixing a typo in the ipa-rmkeytab man page. Over the past few months I also found a few typos in docstrings and comments. I'm including those in the patch. -- Petr³ From ccbd83e7dd07fb896994e8898515c271919efc63 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Tue, 5 Jun 2012 09:

Re: [Freeipa-devel] [PATCH] 0062 Don't crash when server returns extra output

On 06/12/2012 02:39 PM, Petr Viktorin wrote: On 06/12/2012 02:38 PM, Simo Sorce wrote: On Tue, 2012-06-12 at 13:12 +0200, Petr Viktorin wrote: This will make older clients usable if new output items get added to commands. Since there might be important information in the extra output, it&#

Re: [Freeipa-devel] [PATCH] 1027 add logging to ipa-upgradeconfig

On 06/20/2012 04:17 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/18/2012 10:43 PM, Rob Crittenden wrote: Add some additional logging to ipa-upgradeconfig and have it update /var/log/ipaupgrade.log so we can see what an upgrade has already done. rob I don't think the indent

[Freeipa-devel] [PATCH] 0065 Improve output validation

In my patch 62 I fixed output validation. Since that patch was rejected, I'm submitting the fix separately. https://fedorahosted.org/freeipa/ticket/2860 -- Petr³ From 0b4a8a1e4d827b6617bea747ea19be3ba0e636f4 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 15 Jun 2012 09:08:55

[Freeipa-devel] [PATCH] 0066 Arrange stripping .po files

cted by this patch. -- Petr³ From 16b20b737225908311f98e55db0938515e1abad6 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 20 Jun 2012 06:38:16 -0400 Subject: [PATCH] Arrange stripping .po files The .po files we use for translations have two shortcomings when used in Git: - They include fil

Re: [Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater

On 06/20/2012 06:15 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/04/2012 04:56 PM, Petr Viktorin wrote: Currently, FreeIPA's install/admin scripts are long pieces of code that aren't very reusable, importable, or testable. They have been extended over time with features such

Re: [Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater

On 06/25/2012 03:00 PM, Petr Viktorin wrote: On 06/20/2012 06:15 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/04/2012 04:56 PM, Petr Viktorin wrote: Currently, FreeIPA's install/admin scripts are long pieces of code that aren't very reusable, importable, or testable. They

Re: [Freeipa-devel] [PATCH] 26 Fix '--random' param behaviour for host plugin

On 06/20/2012 05:43 PM, Ondrej Hamada wrote: On 06/15/2012 07:36 AM, Martin Kosek wrote: On Thu, 2012-06-14 at 16:35 -0400, Rob Crittenden wrote: Ondrej Hamada wrote: Improved options checking so that host-mod operation is not changing password for enrolled host when '--random' option is used.

Re: [Freeipa-devel] [PATCH] 26 Fix '--random' param behaviour for host plugin

On 06/26/2012 04:27 PM, Ondrej Hamada wrote: On 06/25/2012 04:59 PM, Petr Viktorin wrote: On 06/20/2012 05:43 PM, Ondrej Hamada wrote: On 06/15/2012 07:36 AM, Martin Kosek wrote: On Thu, 2012-06-14 at 16:35 -0400, Rob Crittenden wrote: Ondrej Hamada wrote: Improved options checking so that

Re: [Freeipa-devel] [PATCH] External group membership for trusted domains

On 06/27/2012 12:36 PM, Sumit Bose wrote: On Wed, Jun 27, 2012 at 12:56:56PM +0300, Alexander Bokovoy wrote: On Mon, 25 Jun 2012, Alexander Bokovoy wrote: On Mon, 25 Jun 2012, Sumit Bose wrote: Hi Alexander, On Thu, Jun 21, 2012 at 06:26:02PM +0300, Alexander Bokovoy wrote: Hi! Attached is

Re: [Freeipa-devel] [DRAFT2] Per-domain DNS update permissions

On 06/27/2012 02:50 PM, Martin Kosek wrote: On 06/25/2012 08:50 PM, Rob Crittenden wrote: Simo Sorce wrote: On Fri, 2012-06-22 at 14:25 +0200, Martin Kosek wrote: On 06/22/2012 02:23 PM, Simo Sorce wrote: On Fri, 2012-06-22 at 12:20 +0200, Martin Kosek wrote: On 06/18/2012 05:37 PM, Rob Crit

Re: [Freeipa-devel] [DRAFT2] Per-domain DNS update permissions

On 06/27/2012 06:01 PM, Petr Viktorin wrote: On 06/27/2012 02:50 PM, Martin Kosek wrote: On 06/25/2012 08:50 PM, Rob Crittenden wrote: Simo Sorce wrote: On Fri, 2012-06-22 at 14:25 +0200, Martin Kosek wrote: On 06/22/2012 02:23 PM, Simo Sorce wrote: On Fri, 2012-06-22 at 12:20 +0200, Martin

Re: [Freeipa-devel] [PATCH] External group membership for trusted domains

On 06/28/2012 02:16 PM, Alexander Bokovoy wrote: On Wed, 27 Jun 2012, Alexander Bokovoy wrote: On Wed, 27 Jun 2012, Petr Viktorin wrote: On 06/27/2012 12:36 PM, Sumit Bose wrote: On Wed, Jun 27, 2012 at 12:56:56PM +0300, Alexander Bokovoy wrote: On Mon, 25 Jun 2012, Alexander Bokovoy wrote

Re: [Freeipa-devel] [PATCH] Per-domain DNS update permissions

On 06/28/2012 12:53 PM, Martin Kosek wrote: On 06/28/2012 11:20 AM, Petr Viktorin wrote: On 06/27/2012 06:01 PM, Petr Viktorin wrote: On 06/27/2012 02:50 PM, Martin Kosek wrote: On 06/25/2012 08:50 PM, Rob Crittenden wrote: Simo Sorce wrote: On Fri, 2012-06-22 at 14:25 +0200, Martin Kosek

Re: [Freeipa-devel] [PATCH] External group membership for trusted domains

On 06/28/2012 02:58 PM, Alexander Bokovoy wrote: On Thu, 28 Jun 2012, Petr Viktorin wrote: On 06/28/2012 02:16 PM, Alexander Bokovoy wrote: On Wed, 27 Jun 2012, Alexander Bokovoy wrote: On Wed, 27 Jun 2012, Petr Viktorin wrote: On 06/27/2012 12:36 PM, Sumit Bose wrote: On Wed, Jun 27, 2012

[Freeipa-devel] [PATCH] 0067 Explicitly filter options that permission-{add, mod} passes to aci-{add, mod}

. https://fedorahosted.org/freeipa/ticket/2885 -- Petr³ From e06fd2eaa47c7b06641c3eb85961b0d852e32839 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 29 Jun 2012 07:24:14 -0400 Subject: [PATCH] Explicitly filter options that permission-{add,mod} passes to aci-{add,mod} Make permission

Re: [Freeipa-devel] Announcing FreeIPA v3.0.0 beta 1 Release

On 07/03/2012 12:01 AM, Jérôme Fenal wrote: 2012/7/2 Rob Crittenden mailto:rcrit...@redhat.com>> The FreeIPA team is proud to announce version FreeIPA v3.0.0 beta 1. It can be downloaded from http://www.freeipa.org/page/__Downloads . A bui

Re: [Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater

On 06/29/2012 11:28 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/25/2012 03:00 PM, Petr Viktorin wrote: On 06/20/2012 06:15 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/04/2012 04:56 PM, Petr Viktorin wrote: Currently, FreeIPA's install/admin scripts are long pieces of

Re: [Freeipa-devel] DN patch and documentation

On 07/07/2012 08:45 PM, John Dennis wrote: The DN work I was doing on master is ready for review and testing. It's been a long haul and I've been working relentlessly to get this work completed. I am on PTO for a week starting today (I know bad timing) but I spent yesterday and my first day of PT

[Freeipa-devel] [PATCH] 0089 Fix batch command error reporting

r³ From 5c370adde14583d70bdb0e2b8a9f3e5101ad1648 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 4 Jul 2012 08:39:21 -0400 Subject: [PATCH] Fix batch command error reporting The Batch command did not report errors correctly: it reported the text of *all* errors, not just PublicError, used

Re: [Freeipa-devel] DN patch and documentation

On 07/07/2012 08:45 PM, John Dennis wrote: The DN work I was doing on master is ready for review and testing. It's been a long haul and I've been working relentlessly to get this work completed. I am on PTO for a week starting today (I know bad timing) but I spent yesterday and my first day of PT

[Freeipa-devel] [PATCH] [one-liner] 0069 Fix wrong option name in ipa-managed-entries man page

The page said `-y` but the actual option is `-p`. -- Petr³ From 594d0b4a905962c37fbc36242bab18529503 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 11 Jul 2012 09:19:31 -0400 Subject: [PATCH] Fix wrong option name in ipa-managed-entries man page The page said `-y` but the actual

Re: [Freeipa-devel] [PATCH] 0066 Arrange stripping .po files

On 06/25/2012 01:17 PM, Petr Viktorin wrote: The translation files we currently store in Git are full of redundant information: source strings for untranslated messages, and file locations. The first causes unnecessarily huge files. The second makes diffs unreadable: when code is edited and line

Re: [Freeipa-devel] DN patch and documentation

ipa-nis-manage uses unlocked global DNs. But it works! • ipa-managed-entries still uses strings for DNs (see line 97), so it can't find the entries it manages (again due to AssertionError). $ sudo ipa-managed-entries -l Directory Manager password: Unable to find managed entries at cn=Defini

Re: [Freeipa-devel] DN patch and documentation

On 07/11/2012 05:24 PM, Alexander Bokovoy wrote: On Wed, 11 Jul 2012, Petr Viktorin wrote: On 07/07/2012 08:45 PM, John Dennis wrote: The DN work I was doing on master is ready for review and testing. It's been a long haul and I've been working relentlessly to get this work complete

[Freeipa-devel] [PATCH] 0070 Fix updating minimum_connections in ipa-upgradeconfig

599eae67817d106a9541f72e7a0d77fdad013e15 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 18 Jul 2012 06:47:07 -0400 Subject: [PATCH] Fix updating minimum_connections in ipa-upgradeconfig The upgrade script set the "psearch" directive in some circumstances, but did not remember that it w

Re: [Freeipa-devel] DN patch and documentation

On 07/18/2012 12:47 AM, John Dennis wrote: On 07/10/2012 04:23 AM, Petr Viktorin wrote: I've read your summary (which you should summarize into a commit message before this is pushed), and gone through the patch. Here is what I found doing that; I didn't get to actual testing yet. I a

Re: [Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater

On 07/17/2012 10:41 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/29/2012 11:28 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/25/2012 03:00 PM, Petr Viktorin wrote: On 06/20/2012 06:15 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/04/2012 04:56 PM, Petr Viktorin wrote

Re: [Freeipa-devel] [PATCH] 0070 Fix updating minimum_connections in ipa-upgradeconfig

On 07/18/2012 09:45 PM, Rob Crittenden wrote: Petr Viktorin wrote: minimum_connections was sometimes not updated properly on install because the script set psearch on but assumed it was still off. Also, the number of connections was not set if the directive was missing. Fix of the patch for

Re: [Freeipa-devel] [PATCHES] 495 Fix ipa-replica-manage issues

On 07/18/2012 08:21 PM, Rob Crittenden wrote: Simo Sorce wrote: These 2 patches fix issues found with ipa-replica-manage and connect/disconnect commands. Fixes ticket #2925 Simo. ACK, pushed both to master. I slightly reformatted the commit messages. rob This fixed https://fedorahosted.

Re: [Freeipa-devel] [PATCH] 1034 more robust cli sessions

On 07/16/2012 07:54 PM, Rob Crittenden wrote: Rob Crittenden wrote: Make command-line sessions a bit more robust. This patch does two things. Firstly, it wraps all keyring activity in a try/except so if a keyring operation fails it isn't fatal. The user just won't benefit from sessions. The se

Re: [Freeipa-devel] [PATCH] 1035 case sensitivity when calculating indirect members

On 07/17/2012 08:52 PM, Rob Crittenden wrote: When determining whether a member is direct or indirect we were not doing a case-insensitive comparison which led to marking a member as both direct and indirect (in a test case no less). This patch fixes the comparison and the test. rob When com

Re: [Freeipa-devel] [PATCH] 1035 case sensitivity when calculating indirect members

On 07/19/2012 03:07 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 07/17/2012 08:52 PM, Rob Crittenden wrote: When determining whether a member is direct or indirect we were not doing a case-insensitive comparison which led to marking a member as both direct and indirect (in a test case no

Re: [Freeipa-devel] [PATCH] 0070 Fix updating minimum_connections in ipa-upgradeconfig

On 07/19/2012 03:04 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 07/18/2012 09:45 PM, Rob Crittenden wrote: Petr Viktorin wrote: minimum_connections was sometimes not updated properly on install because the script set psearch on but assumed it was still off. Also, the number of

Re: [Freeipa-devel] [PATCH] 0066 Arrange stripping .po files

On 07/19/2012 10:52 PM, John Dennis wrote: On 06/25/2012 07:17 AM, Petr Viktorin wrote: The translation files we currently store in Git are full of redundant information: source strings for untranslated messages, and file locations. The first causes unnecessarily huge files. The second makes

Re: [Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater

fragments that might not even translate in another language). Also, a quick glance suggests a number of the messages need i18n treatment. None of the tools are internationalized. Perhaps they need to be, but it should be a separate ticket. Overall though, I really love the approach, great wo

Re: [Freeipa-devel] [PATCH] 0066 Arrange stripping .po files

On 07/20/2012 05:39 PM, John Dennis wrote: Great I agree with everything you said. I'm happy to have the file list be derived from the directory contents. Are you planning on doing that in another patch? Yes, I want to do it in a new patch. It's a bit more complicated than it looks: creating a

Re: [Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater

On 07/20/2012 05:59 PM, John Dennis wrote: A fair amount of the code in the framework is doing this now, but the install code was never cleaned up. That was left for another day, I guess that day is here. Updated. I also added the necessary lint exception. I'm curious as to why it works that wa

Re: [Freeipa-devel] [PATCH] 0066 Arrange stripping .po files

On 07/20/2012 07:14 PM, John Dennis wrote: On 07/20/2012 12:28 PM, Petr Viktorin wrote: On 07/20/2012 05:39 PM, John Dennis wrote: Great I agree with everything you said. I'm happy to have the file list be derived from the directory contents. Are you planning on doing that in another

Re: [Freeipa-devel] [PATCH] 0066 Arrange stripping .po files

ed to depend on a rule that always runs so that they get merged. There's another alternative to achieve this: adding them to .PHONY. The attached version does that, perhaps it's cleaner. -- Petr³ From 87d94d673a7647ffe508a11c985e76f575180971 Mon Sep 17 00:00:00 2001 From: Petr Vikt

Re: [Freeipa-devel] [PATCH] 0066 Arrange stripping .po files

On 07/24/2012 01:12 AM, John Dennis wrote: On 07/23/2012 06:27 AM, Petr Viktorin wrote: As a translator (for another project), I don't like Transifex and prefer to send good old Git pull requests. I understand a "traditional" workflow is hard to coordinate with others that use

Re: [Freeipa-devel] [PATCH] 1033 renew CA subsystem certificates

nes add whitespace errors. -- Petr³ From 047a1f7dc78c632b7f9882ab21f1fe5dc82fb006 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Tue, 24 Jul 2012 04:43:28 -0400 Subject: [PATCH] fixes for rcrit-1033-03 --- freeipa.spec.in|2 +- install/share/default-aci.ld

Re: [Freeipa-devel] [PATCH] 0064 Rework task naming in LDAP updates to avoid conflicts

On 07/24/2012 12:01 PM, Alexander Bokovoy wrote: Hi, There are two problems in task naming in LDAP updates: 1. Randomness may be scarce in virtual machines 2. Random number is added to the time value rounded to a second The second issue leads to values that may repeat themselves as time only g

Re: [Freeipa-devel] [PATCH] 0064 Rework task naming in LDAP updates to avoid conflicts

On 07/24/2012 02:06 PM, Alexander Bokovoy wrote: On Tue, 24 Jul 2012, Petr Viktorin wrote: On 07/24/2012 12:01 PM, Alexander Bokovoy wrote: Hi, There are two problems in task naming in LDAP updates: 1. Randomness may be scarce in virtual machines 2. Random number is added to the time value

Re: [Freeipa-devel] [PATCH] 0064 Rework task naming in LDAP updates to avoid conflicts

On 07/24/2012 02:49 PM, Alexander Bokovoy wrote: On Tue, 24 Jul 2012, Petr Viktorin wrote: On 07/24/2012 02:06 PM, Alexander Bokovoy wrote: On Tue, 24 Jul 2012, Petr Viktorin wrote: On 07/24/2012 12:01 PM, Alexander Bokovoy wrote: Hi, There are two problems in task naming in LDAP updates

[Freeipa-devel] [PATCH] 0071 Create /etc/sysconfig/network if it doesn't exist

ep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 19 Jul 2012 09:07:23 -0400 Subject: [PATCH] Create /etc/sysconfig/network if it doesn't exist When the --hostname option is given to ipa-client-install, we write HOSTNAME to /etc/sysconfig/network. When that file didn't exist, the in

Re: [Freeipa-devel] [PATCH] 0064 Rework task naming in LDAP updates to avoid conflicts

On 07/24/2012 04:50 PM, Alexander Bokovoy wrote: On Tue, 24 Jul 2012, Rob Crittenden wrote: Petr Viktorin wrote: On 07/24/2012 02:49 PM, Alexander Bokovoy wrote: On Tue, 24 Jul 2012, Petr Viktorin wrote: On 07/24/2012 02:06 PM, Alexander Bokovoy wrote: On Tue, 24 Jul 2012, Petr Viktorin

Re: [Freeipa-devel] [PATCH] 0064 Rework task naming in LDAP updates to avoid conflicts

On 07/24/2012 08:36 PM, Alexander Bokovoy wrote: On Tue, 24 Jul 2012, Petr Viktorin wrote: On 07/24/2012 04:50 PM, Alexander Bokovoy wrote: On Tue, 24 Jul 2012, Rob Crittenden wrote: Petr Viktorin wrote: On 07/24/2012 02:49 PM, Alexander Bokovoy wrote: On Tue, 24 Jul 2012, Petr Viktorin

Re: [Freeipa-devel] [PATCH] 1039 fix selinux usermap config options

On 07/25/2012 05:03 AM, Rob Crittenden wrote: The configuration options for the default user and map order were a bit broken in several ways. I wasn't handling the case where one of the values was coming from LDAP so was a list vs as an option which was a string, so all sorts of bad interesting

[Freeipa-devel] [PATCH] 0073 Update translations

Update the pot to match current source, and pull translations from Transifex. Warning: when this patch is pushed, the source strings on Transifex will update. The old versions will be lost from the site. The patch is quite large (>5MB), so I haven't attached it here (should I?). Please dow

Re: [Freeipa-devel] [PATCH] 0073 Update translations

On 07/26/2012 10:17 AM, Petr Viktorin wrote: Update the pot to match current source, and pull translations from Transifex. Warning: when this patch is pushed, the source strings on Transifex will update. The old versions will be lost from the site. The patch is quite large (>5MB), s

Re: [Freeipa-devel] [PATCH] 0073 Update translations

On 07/26/2012 03:49 PM, Petr Viktorin wrote: On 07/26/2012 10:17 AM, Petr Viktorin wrote: Update the pot to match current source, and pull translations from Transifex. Warning: when this patch is pushed, the source strings on Transifex will update. The old versions will be lost from the site

Re: [Freeipa-devel] DN patch and documentation

On 07/26/2012 10:11 PM, John Dennis wrote: On 07/17/2012 06:47 PM, John Dennis wrote: ipapython/dn.py: in docstring: DN(arg0, ..., locked=False, first_key_match=True) followed by: def __init__(self, *args, **kwds): and: kwds.get('first_key_match', True) I don't see the r

Re: [Freeipa-devel] [Patch] 0001 Add check for existence of ipa-join in the tree in test_host_plugin.py

On 07/27/2012 01:13 PM, Tomas Babej wrote: Hi, this patch simply checks if ipa-join exists in ipa-client folder, if not, skips tests relying on it. Uses nose.plugin.skip. https://fedorahosted.org/freeipa/ticket/2905 Tomas Babej Hello, This would be better done in class setup, so you don't

Re: [Freeipa-devel] DN patch and documentation

On 07/26/2012 11:48 PM, John Dennis wrote: I have applied the suggested fixes, rebased against master, run all the unit tests successfully, built RPM's, did a full install without errors, and brought up the web UI successfully. The current code can be found here: git clone git://fedorapeople.or

Re: [Freeipa-devel] DN patch and documentation

On 07/26/2012 11:30 PM, John Dennis wrote: The DN patch has been reworked. The single largest change was to the DN implementation and it's unit test to refactor the AVA, RDN and DN classes into a base class that is immutable and a subclass that supports editing. This makes these classes fully con

Re: [Freeipa-devel] DN patch and documentation

ts). By the way, are you aware that the text in dn.py is not a docstring, because it's not the first statement in the file? +verses using a hash value for dict keys or sets is critical to s/verses/versus/ Good job on the DN tests! On 07/26/2012 09:59 PM, John Dennis wrote: On 07/11/2012 0

Re: [Freeipa-devel] [PATCH 78] Ticket #2979 - prevent last admin from being disabled

(Sorry if you're getting this twice; I didn't send it to the list) On 08/16/2012 08:38 PM, John Dennis wrote: -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ freeipa-jdennis-0078-Ticket-2979-prevent-last-admin-from-being-disabled.patch From c47109c63530e188db76

Re: [Freeipa-devel] [PATCH 80] Ticket #2850 - Ipactl exception not handled well

From fda504233ee46a494b7ed6b85593e7e586739425 Mon Sep 17 00:00:00 2001 From: John Dennis Date: Mon, 20 Aug 2012 16:47:52 -0400 Subject: [PATCH 80] Ticket #2850 - Ipactl exception not handled well Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Ticket #2850 - Ipactl excep

Re: [Freeipa-devel] [PATCH] 0070 Ask for admin password in ipa-adtrust-install

On 08/17/2012 11:04 AM, Alexander Bokovoy wrote: Hi, The credentials of the admin user will be used to obtain Kerberos ticket before configuring cross-realm trusts support and afterwards, to ensure that the ticket contains MS-PAC information required to actually add a trust with Active Direct

Re: [Freeipa-devel] [PATCHES] OTP Patches

On 02/20/2014 07:45 PM, Nathaniel McCallum wrote: On Wed, 2014-02-12 at 11:49 -0500, Nathaniel McCallum wrote: Through the review process, patches are getting shifted around, added, deleted, etc. So I'm now just going to be posting all the patches as an ordered set. The set attached is ordered a

Re: [Freeipa-devel] [PATCH] [WIP] 0469 - Remove the unused ipalib.frontend.Property class

On 02/21/2014 11:13 AM, Jan Cholasta wrote: Hi, On 20.2.2014 09:54, Petr Viktorin wrote: Hello, I had this patch sitting around for some time but didn't get around to polishing and submitting it lately. The ticket was now claimed by "rga" (I assume that's the person who

Re: [Freeipa-devel] [freeipa] #4185: Index plugin namespaces by classes

On 02/20/2014 08:00 PM, Dmitri Pal wrote: On 02/20/2014 12:57 PM, Petr Viktorin wrote: On 02/20/2014 06:47 PM, Dmitri Pal wrote: On 02/20/2014 12:39 PM, freeipa wrote: #4185: Index plugin namespaces by classes

Re: [Freeipa-devel] [PATCH 0016] Clarify error message about missing DNS component in ipa-replica-prepare

On 02/21/2014 02:57 PM, Petr Spacek wrote: Hello, Clarify error message about missing DNS component in ipa-replica-prepare. Use 'dane' on #freeipa channel have spent half an hour finding out what is wrong because the error message was misleading. I think that it is enough to justify this change

[Freeipa-devel] [PATCH] 0471 permission_add: Remove permission entry if adding the ACI fails

: Martin, you reviewed the other ACI patches so I think you should continue. If you don't agree, unset the field in the ticket. -- Petr³ From 5ad2066b71b09248d348a5c4c85ef2ace0c553a4 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 21 Feb 2014 13:58:15 +0100 Subject: [PATCH] permissio

Re: [Freeipa-devel] [PATCH 0040] Use super() properly to avoid an exception

On 02/21/2014 03:51 PM, Alexander Bokovoy wrote: On Fri, 21 Feb 2014, Nathaniel McCallum wrote: https://fedorahosted.org/freeipa/ticket/4099 From b77bf5c7fdacc7b0224033d608d387be282f98bc Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Thu, 20 Feb 2014 13:20:01 -0500 Subject: [PATCH]

Re: [Freeipa-devel] [PATCH 0016] Clarify error message about missing DNS component in ipa-replica-prepare

On 02/21/2014 03:25 PM, Petr Viktorin wrote: On 02/21/2014 02:57 PM, Petr Spacek wrote: Hello, Clarify error message about missing DNS component in ipa-replica-prepare. Use 'dane' on #freeipa channel have spent half an hour finding out what is wrong because the error message was mis

Re: [Freeipa-devel] [PATCH 0041] Make all ipatokenTOTP attributes mandatory

On 02/21/2014 04:05 PM, Jan Cholasta wrote: Hi, On 21.2.2014 15:41, Nathaniel McCallum wrote: Originally we made them all optional as a workaround for the lack of SELFDN support in 389DS. However, with the advent of SELFDN, this hack is no longer necessary. This patch updates TOTP to match HOTP

Re: [Freeipa-devel] [PATCH 0042] Rework how otptoken defaults are handled

On 02/21/2014 03:45 PM, Nathaniel McCallum wrote: [...] NOTE: this patch changes an existing API. VERSION says that we should bump the major version in this case. But we haven't actually released this API yet. Please advise. If I understand correctly, there were other VERSION bumps in master

Re: [Freeipa-devel] [PATCH 0042] Rework how otptoken defaults are handled

On 02/21/2014 04:13 PM, Petr Viktorin wrote: On 02/21/2014 03:45 PM, Nathaniel McCallum wrote: [...] NOTE: this patch changes an existing API. VERSION says that we should bump the major version in this case. But we haven't actually released this API yet. Please advise. If I under

Re: [Freeipa-devel] [PATCH] 240 Always use real entry DNs for memberOf in ldap2

On 02/24/2014 10:18 AM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza Thanks, ACK, pushed to master: 792c3f9c8c65e24953241247a242490c8fb32492 -- Petr³ ___ Freeipa-devel mailing list Freeipa

Re: [Freeipa-devel] [PATCH 0153] ipatests: Fix incorrect order of operations when restoring

On 02/25/2014 08:56 AM, Tomas Babej wrote: Given the fact that the patch has been ACKed, can we push the current iteration? On 02/20/2014 01:07 PM, Petr Viktorin wrote: On 02/20/2014 12:58 PM, Jan Pazdziora wrote: On Thu, Feb 20, 2014 at 12:20:12PM +0100, Petr Viktorin wrote: On 02/19/2014

Re: [Freeipa-devel] [PATCH] Certificate search max_serial_number problem fixed

On 02/25/2014 02:47 PM, Jan Cholasta wrote: On 21.2.2014 12:11, Adam Misnyovszki wrote: - Original Message - From: "Jan Cholasta" To: "Adam Misnyovszki" , freeipa-devel@redhat.com Sent: Friday, February 21, 2014 11:05:12 AM Subject: Re: [Freeipa-devel] [PATCH] Certificate search max_

Re: [Freeipa-devel] [PATCH 0043] Remove NULLS from constants.py

On 02/25/2014 03:07 PM, Jan Pazdziora wrote: On Fri, Feb 21, 2014 at 11:42:45AM -0500, Nathaniel McCallum wrote: In the parameters system, we have been checking for a positive list of values which get converted to None. The problem is that this method can in some cases throw warnings when type c

Re: [Freeipa-devel] [PATCH] Certificate search max_serial_number problem fixed

On 02/25/2014 04:01 PM, Petr Viktorin wrote: On 02/25/2014 02:47 PM, Jan Cholasta wrote: On 21.2.2014 12:11, Adam Misnyovszki wrote: - Original Message - From: "Jan Cholasta" To: "Adam Misnyovszki" , freeipa-devel@redhat.com Sent: Friday, February 21, 2014 11:

<    3   4   5   6   7   8   9   10   11   12   >