Jan Cholasta wrote:
On 14.6.2011 15:16, Rob Crittenden wrote:
Jan Cholasta wrote:
On 6.6.2011 21:25, Rob Crittenden wrote:
Jan Cholasta wrote:
On 26.4.2011 22:52, Rob Crittenden wrote:
The goal is to not import foreign certificates.
This caused a bunch of tests to fail because we had
Rob Crittenden wrote:
Jan Cholasta wrote:
On 14.6.2011 15:16, Rob Crittenden wrote:
Jan Cholasta wrote:
On 6.6.2011 21:25, Rob Crittenden wrote:
Jan Cholasta wrote:
On 26.4.2011 22:52, Rob Crittenden wrote:
The goal is to not import foreign certificates.
This caused a bunch of tests
JR Aquino wrote:
On Jun 15, 2011, at 8:03 AM, Rob Crittenden wrote:
A minor issue and a question.
The minor issue is you changed a couple of options from optional to mandatory,
which is fine, but we need to bump up the minor version in VERSION (older
clients otherwise could not send
This patch adds the production mode test to a few more places in the
code. The speed increase is slight, a few hundred ms in my tests, but
every little bit helps.
ticket 1023
rob
From 3eae1ef4f31a4ec5d1f9e16b2c9bc06f8ea41cf8 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Martin Kosek wrote:
https://fedorahosted.org/freeipa/ticket/1324
ack
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
JR Aquino wrote:
On Jun 16, 2011, at 8:01 AM, Rob Crittenden wrote:
JR Aquino wrote:
On Jun 15, 2011, at 8:03 AM, Rob Crittenden wrote:
A minor issue and a question.
The minor issue is you changed a couple of options from optional to mandatory,
which is fine, but we need to bump up
JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1339
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Martin Kosek wrote:
On Tue, 2011-06-14 at 13:53 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
This patch depends on my patch 078. A special patch for stable branch
attached.
---
Create DNS domain for IPA server hostname first so that it's forward
record can be added. This results in 2
was initially installed.
https://fedorahosted.org/freeipa/ticket/1251
See the ticket for testing suggestions.
rob
From b8f0a609557f1d15ab8b83ef7db350cac6693b59 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 17 Jun 2011 16:47:39 -0400
Subject: [PATCH] Make dogtag
John Dennis wrote:
This adds a new module and set of classes to ipalib for handling DN's.
Please see the module doc and class doc for full explanation.
Included is a very complete unit test for the module. At close to 900
lines of code the unit test exercises just about every conceivable way
Martin Kosek wrote:
Implements a way to pass match_local and parse_netmask parameters
to IP option checker.
Now, there is just one common option type ip with new optional
attributes ip_local and ip_netmask which can be used to
pass IP address validation parameters.
Martin Kosek wrote:
Fix a problem when a target missed a version-update requirement.
This caused build problems, especially in a parallel build
environment.
https://fedorahosted.org/freeipa/ticket/1215
ack, pushed to master and ipa-2-0
___
17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Mon, 20 Jun 2011 15:39:25 -0400
Subject: [PATCH] On a master configure sssd to only talk to the local master.
Otherwise it is possible for sssd to pick a different master to
communicate with via the DNS SRV records and if the remote
John Dennis wrote:
On 06/20/2011 10:01 AM, Rob Crittenden wrote:
Am I misreading the documentation on how one can create a DN?
print container
cn=users,cn=accounts
print basedn
dc=example,dc=com
str(DN(container, basedn))
'cn=users,cn=accounts=dc\\=example\\,dc\\=com'
uid='rcrit'
rdnattr
Martin Kosek wrote:
On Thu, 2011-06-16 at 09:07 -0400, Rob Crittenden wrote:
I think this is still not right. When you let match_local default to
False, --ip-address option in ipa-server-install is checked with
match_local=False and thus the check required by BZ isn't made.
Yes
been retrieved.
ticket https://fedorahosted.org/freeipa/ticket/1354
rob
From 50ed14e93fdc157100f4fbd3ca91725a8b95f987 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 21 Jun 2011 16:05:11 -0400
Subject: [PATCH] Do lazy LDAP schema retrieval in json handler
Adam Young wrote:
On 06/21/2011 04:10 PM, Rob Crittenden wrote:
If the first request the web server handles is for a bad ticket (e.g.
expired) then it is possible to get past the point where the lazy LDAP
schema retrieval would happen causing a backtrace in the json handler.
Add a call to get
Jan Cholasta wrote:
On 8.6.2011 16:56, Rob Crittenden wrote:
Jan Cholasta wrote:
On 18.5.2011 17:21, Rob Crittenden wrote:
Make data type of certificates more obvious/predictable internally.
For the most part certificates will be treated as being in DER format.
When we load a certificate we
Martin Kosek wrote:
On Tue, 2011-06-14 at 17:41 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-06-06 at 13:47 -0400, Rob Crittenden wrote:
Our translation files haven't been updated for a few months, this brings
things up to date. It is intended for master only.
All I did
Martin Kosek wrote:
On Fri, 2011-06-17 at 15:37 +0200, Martin Kosek wrote:
On Fri, 2011-06-17 at 14:44 +0200, Martin Kosek wrote:
Make sure that IPA can be installed with root umask set to secure
value 077. ipa-server-install was failing in DS configuration phase
when dirsrv tried to read
John Dennis wrote:
Revised patch attached.
Added copyright notice.
Added support for concatenation and in-place addition for a few more types.
Updated the unit test for the new functionality.
Correct import statement in unit test.
I can work with the updated patch you sent but it isn't
John Dennis wrote:
Revised patch attached.
Added copyright notice.
Added support for concatenation and in-place addition for a few more types.
Updated the unit test for the new functionality.
Correct import statement in unit test.
Ack, pushed to master and ipa-2-0
John Dennis wrote:
DN's may be encoded. If we're going to return the value from one of the
RDN's in the DN then we must decode the DN first, otherwise the returned
value won't be what we're expecting. Specifically the value getting
passed back through the RPC interface was not the value set
John Dennis wrote:
The csv reader is used to break comma separated lists into individual
items. However what if you want one of those items to have an embedded
comma? The answer is to escape it by preceding the comma with a
backslash. This patch adds support for escaping in the csv reader.
John Dennis wrote:
Update test_role_plugin test to include a comma in a privilege
Introduce a comma into a privilege name to assure we can handle
commas.
Commas must be escaped for some parameters, add escape_comma() utility
and invoke it for the necessary parameters.
Utilize a DN object to
Martin Kosek wrote:
On Wed, 2011-06-22 at 08:51 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Haven't had a chance to explore this one yet. It sure would be nice if
dogtag would tell us what the two differing base DNs are though...
This patch should resolve the remaining issues
Martin Kosek wrote:
On Fri, 2011-06-17 at 17:06 -0400, Rob Crittenden wrote:
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica is installed.
A new tool ipa-ca
Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-06-17 at 17:06 -0400, Rob Crittenden wrote:
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica
Martin Kosek wrote:
On Thu, 2011-06-23 at 09:26 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-06-22 at 08:51 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Haven't had a chance to explore this one yet. It sure would be nice if
dogtag would tell us what the two differing
Martin Kosek wrote:
On Thu, 2011-06-23 at 17:00 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-06-17 at 17:06 -0400, Rob Crittenden wrote:
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed
/1285
https://fedorahosted.org/freeipa/ticket/1286
https://fedorahosted.org/freeipa/ticket/1287
rob
From 799b187b9819730c12accd2c699a6f1d4eb89a43 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 24 Jun 2011 14:32:57 -0400
Subject: [PATCH] Enforce class rules when query=True
Martin Kosek wrote:
On Thu, 2011-06-16 at 11:34 -0400, Rob Crittenden wrote:
This patch adds the production mode test to a few more places in the
code. The speed increase is slight, a few hundred ms in my tests, but
every little bit helps.
ticket 1023
rob
I didn't notice much of a speed up
Rob Crittenden wrote:
This started as a problem in allowing leading/trailing whitespaces on
primary keys. In nearly every command other than add query is True so
all rules were ignored on the primary key. This meant that to enforce
whitespace we would need to define a validator for each one.
I
Jan Cholasta wrote:
On 23.6.2011 17:19, Martin Kosek wrote:
On Thu, 2011-06-23 at 16:33 +0200, Jan Cholasta wrote:
This patch makes ipactl fail if the hostname isn't fully-qualified. It
also fixes ipa-server-install to fail gracefully in such case, instead
of failing with unexpected error.
Rob Crittenden wrote:
Rob Crittenden wrote:
This started as a problem in allowing leading/trailing whitespaces on
primary keys. In nearly every command other than add query is True so
all rules were ignored on the primary key. This meant that to enforce
whitespace we would need to define
Adam Young wrote:
On 06/24/2011 05:27 PM, JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1326
In case I haven't sent this out before.
~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1
but
not python-rhsm.
I've filed an RFE to get this added but for now this is a way to not do
major surgery to the API and still be at least somewhat user-friendly.
https://fedorahosted.org/freeipa/ticket/1216
rob
From 088f447912f97601718711210651b9f694e314ff Mon Sep 17 00:00:00 2001
From: Rob
/freeipa/ticket/1357
rob
From ed4dc18cb67b1b512a00c82b72829c9f8accee9b Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 28 Jun 2011 13:09:18 -0400
Subject: [PATCH] Don't set krbLastPwdChange when setting a host OTP password.
We have no visibility into whether an entry has
Simo Sorce wrote:
On Mon, 2011-06-27 at 15:50 +0300, Alexander Bokovoy wrote:
Hi,
my first patch :) -- attempts to fix
https://fedorahosted.org/freeipa/ticket/1259
Minor difference for IPA is that IPA command line tools are now
reporting nsAccountLock in upper case (TRUE/FALSE instead of
Alexander Bokovoy wrote:
Hi,
while reading through the code and examples, few typos were identified
and fixed. Really minor patch.
ack, pushed to master and ipa-2-0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Jan Cholasta wrote:
On 21.6.2011 14:15, Jan Cholasta wrote:
This patch adds a new option name_from_ip to dnszone commands. Default
value of idnsname is created from this option.
Honza
Fixed the API version number, added usage example to dns plugin help.
Martin Kosek wrote:
I suggest adding the following doc to the end of chapter 5.6.
DNS (after the paragraphs about forwarders):
Any host is permitted to issue recursive queries against configured
forwarders by default. When required, this behavior can be changed
in /etc/named.conf in
Rich Megginson wrote:
ack, pushed to master and ipa-2-0
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rich Megginson wrote:
ack, pushed to master and ipa-2-0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rich Megginson wrote:
ack, pushed to master and ipa-2-0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/1358
Honza
ack, pushed to master and ipa-2-0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Cholasta wrote:
This patch effectively renames the netgroup-find option 'private' to
'managed'. 'private' is kept in to maintain API compatibility, but
hidden from the user.
https://fedorahosted.org/freeipa/ticket/1120
Very nice, I like the idea of hiding the old option. Tested with
in an existing socket.
https://fedorahosted.org/freeipa/ticket/1349
rob
From fce79bfe8db1e4b45cb688ebb257bdea333786ca Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 29 Jun 2011 15:01:18 -0400
Subject: [PATCH] Set the client auth callback after creating the SSL connection
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 29 Jun 2011 15:09:29 -0400
Subject: [PATCH] In sudo labels we should use RunAs and not Run As.
https://fedorahosted.org/freeipa/ticket/1328
---
API.txt| 12 ++--
ipalib/plugins/sudorule.py | 12 ++--
2
John Dennis wrote:
On 06/29/2011 03:08 PM, Rob Crittenden wrote:
If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket
Rob Crittenden wrote:
Don't set krbLastPwdChange when setting a host OTP password.
We have no visibility into whether an entry has a keytab or not so
krbLastPwdChange is used as a rough guide.
If this value exists during enrollment then it fails because the host is
considered already joined
Rob Crittenden wrote:
Rob Crittenden wrote:
Don't set krbLastPwdChange when setting a host OTP password.
We have no visibility into whether an entry has a keytab or not so
krbLastPwdChange is used as a rough guide.
If this value exists during enrollment then it fails because the host
enrolledBy represents the DN of the entry that enrolled a host. We don't
want an admin to manipulate this but an aci allowed it. This was a
regression.
ticket 302
rob
From c9525eeba3a423f3f376a2492fea5f2f89a1250d Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 1
- the case of boolean values in nsAccountLock
- a change in the updater code
rob
From a88cb937ee2d7acb996a0202a106f817c3a39f0d Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 1 Jul 2011 15:20:36 -0400
Subject: [PATCH 1/4] Fix error in AttrValueNotFound exception example
: Rob Crittenden rcrit...@redhat.com
Date: Fri, 1 Jul 2011 15:32:31 -0400
Subject: [PATCH 4/4] Optionally wait for 389-ds postop plugins to complete
Add a new command that lets you wait for an attribute to appear in
a value. Using this you can do things like wait for a managed entry
to be created
Endi Sukma Dewata wrote:
The following invalid associations have been removed:
- group's memberindirect netgroup and role
- hostgroup's memberofindirect host
Ticket #1366
Ticket #1367
Ack, pushed to master
___
Freeipa-devel mailing list
Rob Crittenden wrote:
389-ds postop plugins, such as the managed entry and memberof plugins,
add values after the data has been returned to the client. In the case
of the managed entry plugin this affects the parent entry as well (adds
an objectclass value).
This wreaks havoc on our tests
Rob Crittenden wrote:
Rob Crittenden wrote:
389-ds postop plugins, such as the managed entry and memberof plugins,
add values after the data has been returned to the client. In the case
of the managed entry plugin this affects the parent entry as well (adds
an objectclass value).
This wreaks
/freeipa/ticket/1388
rob
From f52e98e12f133ca45b57653c3d69c356e361fce3 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 5 Jul 2011 13:36:48 -0400
Subject: [PATCH] find_entry_by_attr() should fail if multiple entries are found
It will only ever return one entry so if more than
I pushed this as a one-liner.
https://fedorahosted.org/freeipa/ticket/1416
rob
From d9f1fb5c8cedf844d1110c91489f460635a101d9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 5 Jul 2011 15:03:19 -0400
Subject: [PATCH] Add pwd expiration notif (ipapwdexpadvnotify
Simo Sorce wrote:
On Fri, 2011-07-01 at 14:18 +0200, Jan Cholasta wrote:
On 1.7.2011 14:00, Alexander Bokovoy wrote:
Hi,
On 01.07.2011 14:54, Jan Cholasta wrote:
On 1.7.2011 11:44, Alexander Bokovoy wrote:
New version: forgot to import package_installed_name from ipautil.
Previous version
Alexander Bokovoy wrote:
Should we instead look to see if /usr/sbin/nscd exists before calling
chkconfig?
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Some client errors were rather generic or outright misleading. This
cleans up some return values and displays output from the ipa-enrollment
extended operation.
ticket https://fedorahosted.org/freeipa/ticket/1417
From 89cda040e7ae1f6b1aa97d2df8af25467c7ba410 Mon Sep 17 00:00:00 2001
From: Rob
Reset the login failed count to 0 when an admin (e.g. not the user)
resets the password. Otherwise a newly reset password could fail too.
ticket https://fedorahosted.org/freeipa/ticket/1441
rob
From 846ac49a4fffb53a1f8a544b0c695ae75e3cf98a Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit
--type=deny
works.
ticket https://fedorahosted.org/freeipa/ticket/1432
rob
From 58c3ba688696828c18ea51b689cb7dcca9413ffe Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 6 Jul 2011 17:45:53 -0400
Subject: [PATCH] Remove the ability to create new HBAC deny rules.
New
Martin Kosek wrote:
On Fri, 2011-06-24 at 16:37 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
This started as a problem in allowing leading/trailing whitespaces on
primary keys. In nearly every command other than add query is True so
all rules were ignored
Martin Kosek wrote:
On Mon, 2011-07-11 at 17:45 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-06-24 at 16:37 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
This started as a problem in allowing leading/trailing whitespaces on
primary keys. In nearly
Martin Kosek wrote:
On Tue, 2011-07-05 at 13:42 -0400, Rob Crittenden wrote:
It will only ever return one entry so if more than one are found then we
raise an exception. This is most easily seen in the host plugin where we
search on the server shortname which can be the same across sub-domains
Alexander Bokovoy wrote:
On 12.07.2011 14:51, Martin Kosek wrote:
On Fri, 2011-07-01 at 15:41 -0400, Rob Crittenden wrote:
I found a few test failures that have resulted from some recent commits.
These got lost in the mix of expected failures when I did initial
testing on them. This has
Martin Kosek wrote:
On Tue, 2011-07-12 at 09:52 -0400, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On 12.07.2011 14:51, Martin Kosek wrote:
On Fri, 2011-07-01 at 15:41 -0400, Rob Crittenden wrote:
I found a few test failures that have resulted from some recent commits.
These got lost
Martin Kosek wrote:
On Fri, 2011-07-01 at 11:41 -0400, Rob Crittenden wrote:
enrolledBy represents the DN of the entry that enrolled a host. We don't
want an admin to manipulate this but an aci allowed it. This was a
regression.
ticket 302
rob
Works fine with new IPA installation.
Still, I
From eebffc5a9718321ada78a5baddfc34743f001aed Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 14 Jul 2011 23:35:01 -0400
Subject: [PATCH] Create tool to manage dogtag replication agreements
For the most part the existing replication code worked with the
following
Martin Kosek wrote:
On Fri, 2011-07-15 at 14:43 +0200, Jan Cholasta wrote:
On 15.7.2011 05:42, Rob Crittenden wrote:
Add a separate tool for now to do dogtag replication agreement
management. The syntax is the same for IPA agreements with the exception
that the DM password is always required
Martin Kosek wrote:
On Tue, 2011-07-12 at 15:11 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-07-01 at 11:41 -0400, Rob Crittenden wrote:
enrolledBy represents the DN of the entry that enrolled a host. We don't
want an admin to manipulate this but an aci allowed
Martin Kosek wrote:
On Wed, 2011-06-22 at 18:03 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
Install tools may fail with unexpected error when IPA server is not
installed on a system. Improve user experience by implementing
a check to affected tools.
https://fedorahosted.org/freeipa
Jan Cholasta wrote:
On 27.6.2011 20:42, Rob Crittenden wrote:
Document registering to an entitlement server with a UUID as not
implemented.
It was my understanding that we would be able to pass in an existing
UUID when registering to connect to an existing registration (for the
case where IPA
Martin Kosek wrote:
On Thu, 2011-07-07 at 12:01 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Remove deny from the available type options and prevent new ones from
being created (either directly or via a mod).
Type now defaults to allow and will autofill so on the cli the user
won't
Martin Kosek wrote:
On Thu, 2011-07-14 at 23:05 +, JR Aquino wrote:
On Jul 14, 2011, at 11:55 AM, wrote:
https://fedorahosted.org/freeipa/ticket/1272
* Added new container in etc to hold the automembership configs.
* Modified constants to point to the new container
* Modified dsinstance
Martin Kosek wrote:
When DNS plugin is installed via ipa-dns-install and user has a valid
Kerberos ticket at the time, the DNS installation is corrupt and named
won't start, reporting Preauthentication error.
When the non-DM identity is used for authentication, krbprincipalkey
attribute in DNS
Rich Megginson wrote:
On 07/15/2011 08:01 AM, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-07-15 at 14:43 +0200, Jan Cholasta wrote:
On 15.7.2011 05:42, Rob Crittenden wrote:
Add a separate tool for now to do dogtag replication agreement
management. The syntax is the same for IPA
Martin Kosek wrote:
When a replica for self-signed server is being installed, the
installer crashes with Not a dogtag CA installation. Make sure
that installation is handled correctly for both dogtag and
self-signed replicas.
https://fedorahosted.org/freeipa/ticket/1479
ack, pushed to master
Martin Kosek wrote:
Implement a test for new dnszone-find option --forward-only.
Fix example for reverse zone (zone was not fully qualified and
DNS plugin would forbid adding PTR records).
https://fedorahosted.org/freeipa/ticket/1473
This looks ok, just one minor thing: can you add deleting
Rich Megginson wrote:
On 07/15/2011 10:57 AM, Rob Crittenden wrote:
Rich Megginson wrote:
On 07/15/2011 08:01 AM, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-07-15 at 14:43 +0200, Jan Cholasta wrote:
On 15.7.2011 05:42, Rob Crittenden wrote:
Add a separate tool for now to do
With the recent object_name/label changes some tests were failing that
were expecting the old value which contained a space. This fixes them.
rob
From fdfc6b4e7a6c65a00d72e23c33a7b9e9eb5927e3 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 15 Jul 2011 17:18:42 -0400
Jan Cholasta wrote:
On 28.6.2011 20:08, Rob Crittenden wrote:
Jan Cholasta wrote:
On 21.6.2011 14:15, Jan Cholasta wrote:
This patch adds a new option name_from_ip to dnszone commands. Default
value of idnsname is created from this option.
Honza
Fixed the API version number, added usage
Martin Kosek wrote:
Passing a number of long type to IPA Int parameter invokes
user-unfriendly error message about incompatible types. This patch
improves Int parameter with user understandable message along with
maximum value he can pass.
https://fedorahosted.org/freeipa/ticket/1346
nack. We
Martin Kosek wrote:
On Tue, 2011-07-05 at 13:41 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
389-ds postop plugins, such as the managed entry and memberof plugins,
add values after the data has been returned to the client. In the case
of the managed entry plugin
Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2011-07-05 at 13:41 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
389-ds postop plugins, such as the managed entry and memberof plugins,
add values after the data has been returned to the client. In the case
56fef3a2b2b8fcfe684915de220d88e5d6073f0e Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Sat, 16 Jul 2011 13:31:12 -0400
Subject: [PATCH] Set nickname of the RA to 'IPA RA' to avoid confusion with dogtag RA
The old nickname was 'RA Subsystem' and this may confuse some users
with the dogtag RA
From 4dcc6b97cbac28727c00516a0b60c070c18a4ec8 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Sun, 17 Jul 2011 12:55:54 -0400
Subject: [PATCH] Generate a database password by default in all cases.
If the password passed in when creating a NSS certificate database is None
Martin Kosek wrote:
On Fri, 2011-07-15 at 17:26 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
Passing a number of long type to IPA Int parameter invokes
user-unfriendly error message about incompatible types. This patch
improves Int parameter with user understandable message along
Jan Cholasta wrote:
On 15.7.2011 21:24, Rob Crittenden wrote:
Rich Megginson wrote:
On 07/15/2011 10:57 AM, Rob Crittenden wrote:
Rich Megginson wrote:
On 07/15/2011 08:01 AM, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-07-15 at 14:43 +0200, Jan Cholasta wrote:
On 15.7.2011 05
Martin Kosek wrote:
On Thu, 2011-07-07 at 12:02 -0400, Rob Crittenden wrote:
Use John's new DN class to verify that the subject base passed into
ipa-server-install is valid.
https://fedorahosted.org/freeipa/ticket/1176
rob
Works fine for basic errors. But what if the DN is syntactically
Martin Kosek wrote:
On Mon, 2011-07-18 at 12:08 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-07-07 at 12:02 -0400, Rob Crittenden wrote:
Use John's new DN class to verify that the subject base passed into
ipa-server-install is valid.
https://fedorahosted.org/freeipa/ticket
Jan Cholasta wrote:
On 11.7.2011 23:48, Rob Crittenden wrote:
When loading a chained CA from a PKCS#7 or PEM file we used to use very
generic nicknames, sometimes as bad as Imported CA in the case of
winsync. This will use the subject of the cert to get the nickname
instead.
I also extended
Jan Cholasta wrote:
On 15.7.2011 23:20, Rob Crittenden wrote:
With the recent object_name/label changes some tests were failing that
were expecting the old value which contained a space. This fixes them.
rob
ACK.
Honza
pushed to master
Rich Megginson wrote:
On 07/18/2011 09:34 AM, Rob Crittenden wrote:
Jan Cholasta wrote:
On 15.7.2011 21:24, Rob Crittenden wrote:
Rich Megginson wrote:
On 07/15/2011 10:57 AM, Rob Crittenden wrote:
Rich Megginson wrote:
On 07/15/2011 08:01 AM, Rob Crittenden wrote:
Martin Kosek wrote
Simo Sorce wrote:
On Sun, 2011-07-17 at 17:45 -0400, Rob Crittenden wrote:
Change the subject of the RA to not confuse dogtag users. We used 'RA
Subsystem' and this might confuse some to think we're using the dogtag
RA which we are not.
This won't affect existing installations, only new ones
Simo Sorce wrote:
On Sun, 2011-07-17 at 17:46 -0400, Rob Crittenden wrote:
The default precedence of slapi plugins is 50 and all of them (ours and
the 389-ds plugins) all have this level with the exception of one (Retro
changelog). The IPA modrdn plugin should run after all of these so I've
Simo Sorce wrote:
On Sun, 2011-07-17 at 17:47 -0400, Rob Crittenden wrote:
If the password passed in when creating a NSS certificate database is
None then a random password is generated. If it is empty ('') then an
empty password is set.
Because of this the HTTP instance on replicas were
1401 - 1500 of 3315 matches
Mail list logo