Martin Kosek wrote:
On Fri, 2011-10-07 at 08:52 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-10-06 at 17:06 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-10-06 at 14:05 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-10
Adam Young wrote:
On 10/06/2011 10:21 PM, Rob Crittenden wrote:
Adam Young wrote:
Not yet ready for prime time.
I've tested the changes to updateinstance by hand, so I know they work.
I'm having problems with the python import setup.
RPM build fails with:
install/tools/ipa-upgradeconfig:36
Adam Young wrote:
On 10/07/2011 02:42 PM, Rob Crittenden wrote:
Adam Young wrote:
On 10/06/2011 10:21 PM, Rob Crittenden wrote:
Adam Young wrote:
Not yet ready for prime time.
I've tested the changes to updateinstance by hand, so I know they
work.
I'm having problems with the python import
Adam Young wrote:
On 10/07/2011 11:55 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1933
based on ayoung-0286-split-metadata-call
Web UI init method was modified to get initialization data in 3 calls.
First call remains the same as before except that the json_metadata
Martin Kosek wrote:
On Tue, 2011-10-11 at 11:03 +0200, Martin Kosek wrote:
Based mainly on Rob's fix proposed in Trac.
---
Ticket 1627 contained a (temporary hack-ish) fix for dnszone-add
name_from_ip validation which works fine for CLI. However, when
the command is not proceeded via CLI and
Jan Cholasta wrote:
Don't allow ipa pwpolicy-del global_policy.
https://fedorahosted.org/freeipa/ticket/1936
Can you add a unit test case for this? Then ack.
Questions:
Is it possible to disallow deletion of specific objects on LDAP level
instead?
Well, that would be ideal in some
Alexander Bokovoy wrote:
Hi,
there seems to be something new with python-2.7.2 on Fedora 16 and
'make lint' complains about
dom_name = config.default_realm.lower()
as config.default_realm is of type _Chainmap during static analysis.
We get config.default_realm out of
Alexander Bokovoy wrote:
Hi,
two improvements for hbactest command:
1. Include indirect membership for users and hosts
2. Append FreeIPA default domain to hosts in hbactest request if they
are not fully qualified ones.
Fixes
https://fedorahosted.org/freeipa/ticket/1862
searches are not allowed.
I fixed a couple of minor memory leaks too (valgrind still reports
several but they are out of our control).
This should be tested both with a OTP host and using an authorized user.
rob
From a49df4b6e301591fe0bc2d35e331d969eb589c5a Mon Sep 17 00:00:00 2001
From: Rob
John Dennis wrote:
There were quite errors in es.po, it was difficult or impossible to
track down where they came from, Transifex does not have good revision
history.
I fixed about 20% of the msgstr's in the file that had obvious
problems which could be spotted by a non-Spanish speaking person.
Martin Kosek wrote:
For starters I added a 15 second timeout and 2 tries. These numbers are
arbitrary, I am open to suggestions.
Martin
---
Add a timeout to the wget call to cover a case when autodiscovered
server does not response to our attempt to download ca.crt. Let
user specify a
Alexander Bokovoy wrote:
Hi,
attached is a small refactoring that is pursuing two goals:
- fix https://fedorahosted.org/freeipa/ticket/1871
and
- prepare grounds for systemd integration
As ticket 1871 is about cases when HOSTNAME is missing from
/etc/sysconfig/network, this patch adds
William Brown wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is there a reason that ipa-client-install does not configure nsswitch
for ldap sudoers and automount by default? I would see such a
modification as a feature for this, rather than a negative.
Alternately, this could be added as
Jan Cholasta wrote:
Dne 10.10.2011 16:21, Rob Crittenden napsal(a):
Upgrading an installation that was installed with selfsign CA will fail
in ipa-upgradeconfig because it doesn't handle the case where dogtag
isn't installed.
rob
ACK.
Honza
pushed to master and ipa-2-1
Martin Kosek wrote:
On Tue, 2011-10-11 at 17:40 -0400, Rob Crittenden wrote:
Fix OTP client enrollment when anonymous searches are disabled in 389-ds.
This is fixed mostly by passing in the basedn to ipa-join so we don't
have to hunt for it. I did modify that routine so it will look through
Alexander Bokovoy wrote:
On Wed, 12 Oct 2011, Rob Crittenden wrote:
Also, all keys totally missing from the config will be added. Values
from replacevars and appendvars are merged before doing it so there is
only single key=value pair afterwards. Obviously, it is the caller
responsibility
William Brown wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
These are both on our roadmap, we just haven't gotten to them yet:
https://fedorahosted.org/freeipa/ticket/1233
http://freeipa.org/page/SUDO_integration_plans
Okay, I did not find these two pages while searching. It
John Dennis wrote:
On 10/11/2011 06:06 PM, Rob Crittenden wrote:
John Dennis wrote:
There were quite errors in es.po, it was difficult or impossible to
track down where they came from, Transifex does not have good revision
history.
I fixed about 20% of the msgstr's in the file that had
Adam Tkac wrote:
Hello all,
please see attached patch for bind-dyndb-ldap, it should solve (at least
from bind-dyndb-ldap side) ticket #1931. It adds new ldap_hostname
option and ipa-server-install utility should set this option when
/bin/hostname is different from --hostname parameter.
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/1948
Honza
Very nice, ACK,
Rebased patch pushed to master, pushed to ipa-2-1
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Jan Cholasta wrote:
Dne 28.6.2011 22:19, Rob Crittenden napsal(a):
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/1358
Honza
ack, pushed to master and ipa-2-0
Don't configure [appdefaults], as per Nalin's suggestion
(https://fedorahosted.org/freeipa/ticket/1358#comment:5
Alexander Bokovoy wrote:
On Tue, 13 Sep 2011, Stephen Gallagher wrote:
On Tue, 2011-09-13 at 16:33 +0300, Alexander Bokovoy wrote:
On Tue, 13 Sep 2011, Stephen Gallagher wrote:
File /usr/lib/python2.7/site-packages/SSSDConfig.py, line 1207, in
import_config
fd = open(configfile,
John Dennis wrote:
On 10/12/2011 12:11 PM, John Dennis wrote:
I thought what I had done was replace thegt; with but I obviously
didn't read the diff as closely as you did, good catch Rob , let me go
back and check to make sure I didn't another similar mistake. Also I
forgot to update the
Martin Kosek wrote:
On Thu, 2011-10-06 at 21:31 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-10-05 at 13:44 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
Since IPA v2 server already contain predefined groups that may collide
with groups in migrated (IPA v1) server
Martin Kosek wrote:
On Wed, 2011-10-12 at 09:31 -0400, Simo Sorce wrote:
On Wed, 2011-10-12 at 15:03 +0200, Martin Kosek wrote:
On Wed, 2011-10-12 at 08:52 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
For starters I added a 15 second timeout and 2 tries. These numbers are
arbitrary, I am
Martin Kosek wrote:
This patch depends on my patch 140 (attached just to be sure).
Do I understand it correctly that new proposed bind-dyndb-ldap option
ldap_hostname won't be needed?
Martin
I think it would be a good idea to add it when it becomes available in
bind-dyndb-ldap.
NACK on
Martin Kosek wrote:
How to test:
1) Add some nested membership relationships:
$ ipa group-add --desc=foo group1
$ ipa group-add --desc=foo group2
$ ipa user-add --first=Foo --last=Bar foobar
$ ipa role-add-member helpdesk --groups=group2
$ ipa group-add-member group2 --groups=group1
$ ipa
14f8ee5ab1a5074b9d55e3b7a3cdef001caba5cb Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 12 Oct 2011 17:00:50 -0400
Subject: [PATCH] Disable has_upg() check. This was breaking gid == uid when
adding users.
The location of the UPG template moved which caused has_upg() to return
Martin Kosek wrote:
On Wed, 2011-10-12 at 23:54 -0400, Rob Crittenden wrote:
The has_upg() check was created during a transition period for 389-ds.
It is no longer needed and is actually breaking things. The location of
UPG template moved so it thinks the feature is not available
Jan Cholasta wrote:
Also fixes a few issues in the unit tests. All of them now run
successfully.
https://fedorahosted.org/freeipa/ticket/1959
Honza
I think it would be better to use:
object.__setattr__(self, 'ca_host', self._select_ca())
This will cache the value of a known CA host.
rob
Martin Kosek wrote:
On Thu, 2011-10-13 at 11:01 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-10-12 at 23:54 -0400, Rob Crittenden wrote:
The has_upg() check was created during a transition period for 389-ds.
It is no longer needed and is actually breaking things. The location
Alexander Bokovoy wrote:
On Wed, 12 Oct 2011, Rob Crittenden wrote:
Well, in the generate new file option I think the output is a bit
misleading.
+print New SSSD config will be generated. The old one is
backed up and can be restored during uninstall
There could have been no existing
Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-10-13 at 11:01 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-10-12 at 23:54 -0400, Rob Crittenden wrote:
The has_upg() check was created during a transition period for 389-ds.
It is no longer needed and is actually
Martin Kosek wrote:
On Thu, 2011-10-13 at 15:09 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-10-13 at 11:01 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-10-12 at 23:54 -0400, Rob Crittenden wrote:
The has_upg() check was created
Ack, pushed to master and ipa-2-1
I modified the changelog a little bit before pushing.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
In backup_and_replace_hostname() the value of hostname wasn't being
saved if it wasn't in /etc/sysconfig/network. This should save it in
every case.
rob
From f1aae37ab5d7c6558ba16c2ed5832cda91072edd Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 13 Oct 2011 17:58
Alexander Bokovoy wrote:
On Thu, 13 Oct 2011, Martin Kosek wrote:
1. If an installation error occurs after the hostname has been changed
it isn't reverted and the uninstaller needs to be run. This should
rollback like the client.
I think this is quite different. Client runs a whole
Alexander Bokovoy wrote:
On Thu, 13 Oct 2011, Rob Crittenden wrote:
In backup_and_replace_hostname() the value of hostname wasn't being
saved if it wasn't in /etc/sysconfig/network. This should save it in
every case.
ACK
(yes, I need to go to bed)
Why bother, it's almost time to get up
Added more detailed information on creating a winsync replica to the
ipa-replica-manage man page.
rob
From a2f469f2d8f7b4f6f48de20dcd4839f45ab6356c Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 13 Oct 2011 18:34:23 -0400
Subject: [PATCH] Add explicit instructions
Alexander Bokovoy wrote:
On Thu, 13 Oct 2011, Rob Crittenden wrote:
Added more detailed information on creating a winsync replica to the
ipa-replica-manage man page.
+Creating a Windows AD Synchronization agreement is similar to creating an IPA
replication agreement, there are just a couple
Pushed this under the 1-liner rule. This is needed so we change the
search limits.
rob
From 21a30679c278e13f79e974af27fd370a2c2b8ecf Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 14 Oct 2011 08:36:38 -0400
Subject: [PATCH] Set min nvr of 389-ds-base to 1.2.10-0.4
:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 14 Oct 2011 11:29:35 -0400
Subject: [PATCH] Update all LDAP configuration files that we can.
LDAP can be configured in any number of places, we need to update everything
we find.
https://fedorahosted.org/freeipa/ticket/1369
---
ipa
Alexander Bokovoy wrote:
Hi,
dictview is a new class in Python 2.7. We need to support older Python
versions and thus, use set instead.
ACK, pushed to master and ipa-2-1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Simo Sorce wrote:
On Fri, 2011-10-14 at 11:32 -0400, Rob Crittenden wrote:
A client may configure ldap in any number of different places. If the
file exists we should update it.
You can test this by not installing nslcd on F-15 and install nss_ldap
instead. The resulting client install
Alexander Bokovoy wrote:
On Fri, 14 Oct 2011, Rob Crittenden wrote:
Handle an empty value in a name/value pair in config_replace_variables()
This would blow up if you tried to append a value to an entry that
looked like:
NAME=
Yes. ACK.
pushed to master and ipa-2-1
If the existing sssd.conf already has the domain configured we throw the
config away and start over.
rob
From 408505a67394ed4e61d6833c253d76516312214f Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 14 Oct 2011 14:05:07 -0400
Subject: [PATCH] If our domain
Martin Kosek wrote:
Do at least a basic validation of DNS zone manager mail address.
Do not require '@' to be in the mail address as it is not used
in common DNS zone configuration (in bind for example) and people
may be used to configure it that way. '@' is always removed by the
installer
Alexander Bokovoy wrote:
On Fri, 14 Oct 2011, Rob Crittenden wrote:
If the existing sssd.conf already has the domain configured we throw
the config away and start over.
ACK.
pushed to master and ipa-2-1
___
Freeipa-devel mailing list
Freeipa-devel
existing already_exists handler.
rob
From 775285f21016f792c374f5ef5cc8452ac7f6a098 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 14 Oct 2011 15:33:57 -0400
Subject: [PATCH] When adding a hostgroup check for current existence of
hostgroup and netgroup
The netgroup gets
Martin Kosek wrote:
On Mon, 2011-10-17 at 10:22 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
When the NGP plugin is enabled, a managed netgroup is created for
every hostgroup. We already check that netgroup with the same
name does not exist and provide a meaningful error message.
However
Forgive me for not having this in git format. This patch fixes a couple
of problems in the help system:
1. If all commands in an object are disabled the object is still visible
as a topic, see ipa help aci as an example
2. ipa help will show you that show-mappings help is broken
3. You
):
* Added missing fields to password policy page
* Fixed: Unable to add external user for RunAs User for Sudo rules
Rob Crittenden (12):
* Fix DNS permissions and membership in privileges
* Fix upgrades of selfsign server
* Make ipa-join work against an LDAP server that disallows anon binds
* Fix
Alexander Bokovoy wrote:
Hi,
attached patch should fix ticket 1988. This is currently last known
bug in hbactest and should be safe to add to 2.1.3 (even though it is
targetting 2.1.4 milestone).
Tested using rules similar to the ones in the ticket description and
also with --service=service
Martin Kosek wrote:
On Fri, 2011-10-14 at 14:11 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
Do at least a basic validation of DNS zone manager mail address.
Do not require '@' to be in the mail address as it is not used
in common DNS zone configuration (in bind for example) and people
Martin Kosek wrote:
On Tue, 2011-10-18 at 12:13 -0400, Rob Crittenden wrote:
Forgive me for not having this in git format. This patch fixes a couple
of problems in the help system:
1. If all commands in an object are disabled the object is still visible
as a topic, see ipa help aci
2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 21 Oct 2011 15:21:45 -0400
Subject: [PATCH] Be more consistent when returning the attribute in error
messages.
Use whatever context when have (attr vs cli_name) when returning
error messages. When --set/addattr are used try to return
Rob Crittenden wrote:
We don't need to prohibit existing 389-ds instances when installing IPA,
just that the ports we need are available. Remove this check.
For master only.
rob
Re-based patch against master.
rob
From 65556716d3a0cd63c4cfcb17dbd60100fb81f267 Mon Sep 17 00:00:00 2001
From
Martin Kosek wrote:
On Fri, 2011-10-21 at 11:31 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-10-14 at 14:11 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
Do at least a basic validation of DNS zone manager mail address.
Do not require '@' to be in the mail address
Adam Young wrote:
When setting up replication, it should not be necessary to cache any
passwords, anywhere, until the replication agreemsnts are set up, and
then, all caching should be using known secure mechanisms.
The two main repositories we care about are the Directory Server
instances
Martin Kosek wrote:
https://fedorahosted.org/freeipa/ticket/1913
ACK
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Martin Kosek wrote:
On Mon, 2011-10-24 at 17:08 +0200, Martin Kosek wrote:
On Mon, 2011-10-24 at 09:02 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-10-21 at 11:31 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-10-14 at 14:11 -0400, Rob Crittenden wrote
Ondrej Hamada wrote:
On 10/25/2011 04:01 PM, Martin Kosek wrote:
On Tue, 2011-10-25 at 15:29 +0200, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/1336
Lazy initialization of ipalib plugins is used under all contexts, not
only when context = cli. Every loaded plugin is
Endi Sukma Dewata wrote:
On 10/26/2011 4:29 AM, Martin Kosek wrote:
New option --pkey-only is available for all LDAPSearch based classes
with primary key visible in the output. This option makes LDAPSearch
commands search for primary attribute only.
This may be useful when manipulating large
Users weren't appearing in ypcat output in the netgroup map due to a
syntax error. This patch should fix new and existing installations.
rob
From f2e2f9481dc1d9188a6dbbd9c3f0593570ff90d6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 26 Oct 2011 17:42:59 -0400
Adam Young wrote:
On 10/25/2011 05:24 PM, John Dennis wrote:
Usually when I look at a source code directory layout it's fairly
obvious what belongs in each directory. I'll be honest, I've never
quite understood the role of ipapython vs. ipalib. From time to time I
have to do some code
John Dennis wrote:
So I looked in our freeipa spec file and I didn't see a minimum Python
version specified. Do we have a minimum version of Python we require to
run? Do we just make the assumption it's 2.6 since that's what's in RHEL?
I also assume that means any Python feature added in 2.7
Simo Sorce wrote:
On Wed, 2011-11-02 at 16:44 -0400, Ade Lee wrote:
On Wed, 2011-11-02 at 16:03 -0400, Adam Young wrote:
[...]
So, a user becomes an agent on the ca by having a certificate in the
user record and being a member of the relevant admin, agent or auditor
group.
I see this as
Ade Lee wrote:
On Wed, 2011-11-02 at 16:03 -0400, Adam Young wrote:
To clarify: there are two types of Data stored in the PKI CA DS
instances. One is Users and groups (IdM), and the other is
certificates and requests.
The CA currently administers its own users: creates, add deletes, add
Martin Kosek wrote:
Current Answer Cache storing mechanism is not ideal for storing
non-trivial Python types like arrays, custom classes, etc.
RawConfigParser just translates values to string, which
are not correctly decoded when the Answer Cache is parsed and
restored in the installer.
This
Martin Kosek wrote:
Add a --delattr option to round out multi-valued attribute manipulation.
The new option is be available for all LDAPUpdate based commands.
--delattr is evaluated last, it can remove any value present either
in --addattr/--setattr options or stored in LDAP.
Martin Kosek wrote:
On Wed, 2011-10-19 at 15:38 -0400, Adam Young wrote:
On 10/19/2011 08:15 AM, Martin Kosek wrote:
On Wed, 2011-09-07 at 15:18 +0200, Martin Kosek wrote:
On Wed, 2011-09-07 at 15:05 +0200, Martin Kosek wrote:
This is 3.0 Core Effort Backlog patch.
The changes to API may
Martin Kosek wrote:
automember functionality is depends on predefined data is in LDAP.
Since we add it for fresh installs only, automember cannot be used
for upgraded servers. Make sure that automember LDAP data is added
during upgrade too.
https://fedorahosted.org/freeipa/ticket/1992
I think
Jan Cholasta wrote:
Dne 24.10.2011 17:42, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 20.10.2011 13:20, Jan Cholasta napsal(a):
Parse comma-separated lists of values in all parameter types. This can
enabled for a specific parameter by setting the csvlist option to
True.
Remove List
Stephen Gallagher wrote:
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:
PKI
nsslapd-secureport: 7390
Why doesn IPA set up ldapson port 636?
I think you're confused. FreeIPA does
These functions are leftovers from when the managed entries plugin was
being developed and not widely available. They are no longer needed.
rob
From 3159ac686fa09b747d3908b8497254bce1b8f337 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 8 Nov 2011 11:33:46 -0500
Don't allow one to set a blank list of default objectclasses in
cn=ipaconfig.
rob
From 0d486f34eaf68384151a809da5d5d5749095f7d7 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 8 Nov 2011 17:04:26 -0500
Subject: [PATCH] Don't allow default objectclass list
both values to address this.
rob
From d4cd8ef04827f7b28df23f252d56b5965f89af16 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 8 Nov 2011 18:30:44 -0500
Subject: [PATCH] Use absolute paths when trying to find certmonger request
id.
The value stored in certmonger
Martin Kosek wrote:
On Tue, 2011-11-08 at 14:49 -0500, Rob Crittenden wrote:
These functions are leftovers from when the managed entries plugin was
being developed and not widely available. They are no longer needed.
rob
NACK.
has_upg() does not check if the managed entry plugin present
Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into ipa-client-install. Check
is base on existence of nss_ldap configuration files. This configuration
could be in
We need two more buildrequires, libtalloc-devel and libtevent-devel.
rob
From cf1c05582fd51c9ec1d582e3276d8c641bff1d4b Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 11 Nov 2011 10:08:53 -0500
Subject: [PATCH] Add libtalloc-devel and libtevent-devel as BuildRequires
Simo Sorce wrote:
On Fri, 2011-11-11 at 17:28 +0200, Alexander Bokovoy wrote:
On Fri, 11 Nov 2011, Rob Crittenden wrote:
We need two more buildrequires, libtalloc-devel and libtevent-devel.
ACK but do we need to specify versioning? Do we depend on specific
features? I remember there was issue
Martin Kosek wrote:
On Fri, 2011-11-04 at 16:53 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-10-19 at 15:38 -0400, Adam Young wrote:
On 10/19/2011 08:15 AM, Martin Kosek wrote:
On Wed, 2011-09-07 at 15:18 +0200, Martin Kosek wrote:
On Wed, 2011-09-07 at 15:05 +0200, Martin
Alexander Bokovoy wrote:
On Fri, 11 Nov 2011, Jérôme Fenal wrote:
A trivial patch found during French translation :
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py
index fc5582d..429ae6e 100644
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@@ -543,7 +543,7 @@ class
Martin Kosek wrote:
On Thu, 2011-11-10 at 14:01 +0100, Ondrej Hamada wrote:
On 11/10/2011 10:30 AM, Martin Kosek wrote:
On Tue, 2011-11-08 at 20:41 +0100, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/1961
The 'Keytab' filed in output of all 'user-*' commands was changed to
Martin Kosek wrote:
Remove config-mod options help from config module help to keep the
option doc on one place and without unnecessary redundancy. The new
format is more consistent with the rest of the plugins. Also fix
several inconsistencies in the labels/doc, including:
- using abbreviation
Martin Kosek wrote:
This patch fixes 2 coverity issues:
* ipa-client/config.c: CID 11090: Resource leak
* ipa-client/ipa-getkeytab.c: CID 11018: Unchecked return value
https://fedorahosted.org/freeipa/ticket/2035
You don't need to test a variable before you free it, so you can just
call
Martin Kosek wrote:
When an IPA server with unresolvable hostname is being installed,
a hostname record must be inserted to /etc/hosts or the
installation will fail. However, it is not inserted when IP
address is passed as an option (--ip-address) and not
interactively. This patch fixes this so
Jan Cholasta wrote:
Dne 4.11.2011 22:25, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 24.10.2011 17:42, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 20.10.2011 13:20, Jan Cholasta napsal(a):
Parse comma-separated lists of values in all parameter types. This
can
enabled
Martin Kosek wrote:
On Fri, 2011-10-21 at 15:29 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
We don't need to prohibit existing 389-ds instances when installing IPA,
just that the ports we need are available. Remove this check.
For master only.
rob
Re-based patch against master.
rob
JR Aquino wrote:
On Oct 7, 2011, at 11:14 AM, Simo Sorce wrote:
On Mon, 2011-10-03 at 18:17 -0400, Simo Sorce wrote:
On Mon, 2011-10-03 at 16:20 -0400, Simo Sorce wrote:
Newer 389ds servers have a new option to have a different set of
filtered attributes from normal replication.
This has
Martin Kosek wrote:
Make sure that when Directory Manager password is entered,
we directly do a simple bind instead of trying binding via GSSAPI.
Also capture ldap.INVALID_CREDENTIALS exception and provide nice
error message than crash.
https://fedorahosted.org/freeipa/ticket/1927
ACK
Martin Kosek wrote:
Make sure that PublicError does crash when it receives
Gettext/NGettext object. Instead of throwing a type error, do the
translation to receive the required unicode text.
https://fedorahosted.org/freeipa/ticket/2096
ACK
___
e8c632c0a17c5fad3792d4f741976161d245fec6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 16 Nov 2011 15:37:56 -0500
Subject: [PATCH] Add plugin framework to LDAP updates.
There are two reasons for the plugin framework:
1. To provide a way of doing manual/complex LDAP changes
Alexander Bokovoy wrote:
There are still distributions with external libintl for gettext
support. Thus, extend configure in ipa-client to make sure we don't
miss these cases.
Instead of using full libintl macro, I opted to a simpler one that
does not require anything added into the distribution
Jérôme Fenal wrote:
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index cd4a054..4bf77f8 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -28,8 +28,8 @@ Groups of users
Manage groups of users. By default, new groups are POSIX groups. You
can add the
Simo Sorce wrote:
I found out one of the files I was working on these days is missing a
proper header.
Patch attached.
Simo.
ACK
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Martin Kosek wrote:
On Thu, 2011-11-17 at 11:17 -0500, John Dennis wrote:
On 11/16/2011 07:35 AM, Martin Kosek wrote:
On Tue, 2011-11-15 at 14:41 -0500, John Dennis wrote:
--
John Dennisjden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
Hi John,
thanks for
Jan Cholasta wrote:
Dne 15.11.2011 20:10, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 9.11.2011 11:59, Alexander Bokovoy napsal(a):
On Wed, 09 Nov 2011, Jan Cholasta wrote:
would't suffer from a facelift - currently it is messy, hard to read
code, with bits nobody ever used or uses
Alexander Bokovoy wrote:
On Wed, 16 Nov 2011, Rob Crittenden wrote:
There are two reasons for the plugin framework:
1. To provide a way of doing manual/complex LDAP changes without having
to keep extending ldapupdate.py (like we did with managed entries).
2. Allows for better control
This will teach me to manually rebase some strings, I goofed them.
I pushed this patch as a one-liner.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
1701 - 1800 of 3315 matches
Mail list logo