Martin Kosek wrote:
On Tue, 2011-06-14 at 08:56 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.
Note the
Martin Kosek wrote:
On Thu, 2011-06-09 at 15:14 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
How to test:
1) Create a custom DS instance with for example 60radius.ldif schema
present (as in the original report in ticket #1266)
2) Populate DS with users/groups with custom unsupported object
Martin Kosek wrote:
This patch depends on my patch 078. A special patch for stable branch
attached.
---
Create DNS domain for IPA server hostname first so that it's forward
record can be added. This results in 2 forward DNS zones created
when server hostname doesn't equal server domain.
https:
Simo Sorce wrote:
On Thu, 2011-06-09 at 11:31 +0200, Martin Kosek wrote:
When a new DNS zone is being created a local hostname is set as a
nameserver of the new zone. However, when the zone is created
during ipa-replica-prepare, the the current master/replica doesn't
have to be an IPA server wit
Martin Kosek wrote:
On Thu, 2011-06-09 at 14:10 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-05-23 at 14:38 -0400, Rob Crittenden wrote:
In an attempt to support multiple direct maps we always included the
automountinformation in the key dn. This makes showing keys impossible
JR Aquino wrote:
On Jun 10, 2011, at 3:11 PM, JR Aquino wrote:
On Jun 9, 2011, at 10:24 AM, Rob Crittenden wrote:
JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1277
Raise DuplicateEntry Error when adding a duplicate sudo option
nack, this will still fail if no ipasudoopt is
Martin Kosek wrote:
Enhance Host plugin to provide not only "Managed By" list but also
a list of managed hosts. The new list is generated only when --all
option is passed.
https://fedorahosted.org/freeipa/ticket/993
ack
___
Freeipa-devel mailing lis
Jan Cholasta wrote:
This patch enables the user to specify netmasks in the --ip-address
option of host-add. They're used for proper DNS reverse zone and PTR
record creation. Also the IP addresses are more strictly checked (just
like in the install scripts).
https://fedorahosted.org/freeipa/ticke
Endi Sukma Dewata wrote:
On 6/14/2011 8:46 AM, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
On 6/13/2011 10:28 PM, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
NACK. If there's a circular membership the code will run into an
infinite loop. Here's a test scenario:
Group 1 has
JR Aquino wrote:
On Jun 13, 2011, at 11:45 AM, wrote:
This small 2 line patch addresses 2 bugs:
https://fedorahosted.org/freeipa/ticket/1269 - (Remaining external hosts not
displayed while removing one from a sudorule.)
https://fedorahosted.org/freeipa/ticket/1270 - (Removed external host is
Nalin Dahyabhai wrote:
This is a stab at fixing #1252 - teaching the RA to handle cases where
the local server isn't a CA.
When the RA is about to submit a signing request to a CA, it currently
assumes that the CA is colocated. This modifies its behavior so that
the first time it needs to submi
Martin Kosek wrote:
On Mon, 2011-06-06 at 13:47 -0400, Rob Crittenden wrote:
Our translation files haven't been updated for a few months, this brings
things up to date. It is intended for master only.
All I did to generate this patch was to run make update-po in
install/po. It is othe
001
From: Rob Crittenden
Date: Tue, 14 Jun 2011 17:51:12 -0400
Subject: [PATCH] Don't let a JSON error get lost in cascading errors.
If a JSON decoding error was found we were still trying to call the
XML-RPC function, losing the original error.
https://fedorahosted.org/freeipa/ticket/1322
-
Some of the sudorule commands were missing a message summary.
ticket https://fedorahosted.org/freeipa/ticket/1255
rob
>From 3fa78f5ec880974aae2caf35d7850e5a0d910375 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 14 Jun 2011 21:35:02 -0400
Subject: [PATCH] Add message output summ
Revocation reason 7 is undefined in the RFCs, disallow it.
https://fedorahosted.org/freeipa/ticket/1318
>From 1fce43c2bb94bdaa7702a53d4524879857c83af6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 14 Jun 2011 22:03:02 -0400
Subject: [PATCH] Return an error message when revocat
JR Aquino wrote:
On Jun 14, 2011, at 11:06 AM, Rob Crittenden wrote:
JR Aquino wrote:
On Jun 10, 2011, at 3:11 PM, JR Aquino wrote:
On Jun 9, 2011, at 10:24 AM, Rob Crittenden wrote:
JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1277
Raise DuplicateEntry Error when adding a
Martin Kosek wrote:
When user_add command is executed without uid parameter filled, user
account is created without 'krbprincipalname' attribute. This renders
the user account unusable.
https://fedorahosted.org/freeipa/ticket/1279
ack
___
Freeipa-de
Martin Kosek wrote:
Port 9443 (Agent secure port on PKI-CA) was missing. Additionaly,
checked port descriptions case consistency fixed.
https://fedorahosted.org/freeipa/ticket/1321
ack
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://
Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2011-06-14 at 08:56 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is
Jan Cholasta wrote:
On 15.6.2011 20:29, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2011-06-14 at 08:56 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
Compare the configured interfaces with the supplied
Martin Kosek wrote:
On Wed, 2011-06-15 at 14:29 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2011-06-14 at 08:56 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
Compare the configured interfaces
Jan Cholasta wrote:
On 14.6.2011 15:16, Rob Crittenden wrote:
Jan Cholasta wrote:
On 6.6.2011 21:25, Rob Crittenden wrote:
Jan Cholasta wrote:
On 26.4.2011 22:52, Rob Crittenden wrote:
The goal is to not import foreign certificates.
This caused a bunch of tests to fail because we had a
Rob Crittenden wrote:
Jan Cholasta wrote:
On 14.6.2011 15:16, Rob Crittenden wrote:
Jan Cholasta wrote:
On 6.6.2011 21:25, Rob Crittenden wrote:
Jan Cholasta wrote:
On 26.4.2011 22:52, Rob Crittenden wrote:
The goal is to not import foreign certificates.
This caused a bunch of tests to
JR Aquino wrote:
On Jun 15, 2011, at 8:03 AM, Rob Crittenden wrote:
A minor issue and a question.
The minor issue is you changed a couple of options from optional to mandatory,
which is fine, but we need to bump up the minor version in VERSION (older
clients otherwise could not send the
This patch adds the production mode test to a few more places in the
code. The speed increase is slight, a few hundred ms in my tests, but
every little bit helps.
ticket 1023
rob
>From 3eae1ef4f31a4ec5d1f9e16b2c9bc06f8ea41cf8 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Thu, 16
Martin Kosek wrote:
https://fedorahosted.org/freeipa/ticket/1324
ack
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
JR Aquino wrote:
On Jun 16, 2011, at 8:01 AM, Rob Crittenden wrote:
JR Aquino wrote:
On Jun 15, 2011, at 8:03 AM, Rob Crittenden wrote:
A minor issue and a question.
The minor issue is you changed a couple of options from optional to mandatory,
which is fine, but we need to bump up the
JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1339
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Cholasta wrote:
On 16.6.2011 15:12, Rob Crittenden wrote:
Rob Crittenden wrote:
Jan Cholasta wrote:
On 14.6.2011 15:16, Rob Crittenden wrote:
Jan Cholasta wrote:
On 6.6.2011 21:25, Rob Crittenden wrote:
Jan Cholasta wrote:
On 26.4.2011 22:52, Rob Crittenden wrote:
The goal is to not
Martin Kosek wrote:
On Tue, 2011-06-14 at 13:53 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
This patch depends on my patch 078. A special patch for stable branch
attached.
---
Create DNS domain for IPA server hostname first so that it's forward
record can be added. This results
a was initially installed.
https://fedorahosted.org/freeipa/ticket/1251
See the ticket for testing suggestions.
rob
>From b8f0a609557f1d15ab8b83ef7db350cac6693b59 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Fri, 17 Jun 2011 16:47:39 -0400
Subject: [PATCH] Make dogtag an optional (and
John Dennis wrote:
This adds a new module and set of classes to ipalib for handling DN's.
Please see the module doc and class doc for full explanation.
Included is a very complete unit test for the module. At close to 900
lines of code the unit test exercises just about every conceivable way
the
Martin Kosek wrote:
Implements a way to pass match_local and parse_netmask parameters
to IP option checker.
Now, there is just one common option type "ip" with new optional
attributes "ip_local" and "ip_netmask" which can be used to
pass IP address validation parameters.
https://fedorahosted.or
Martin Kosek wrote:
Fix a problem when a target missed a version-update requirement.
This caused build problems, especially in a parallel build
environment.
https://fedorahosted.org/freeipa/ticket/1215
ack, pushed to master and ipa-2-0
___
Freeipa-d
Jan Cholasta wrote:
On 16.6.2011 14:31, Jan Cholasta wrote:
On 14.6.2011 20:54, Simo Sorce wrote:
On Tue, 2011-06-14 at 14:26 -0400, Rob Crittenden wrote:
Jan Cholasta wrote:
This patch enables the user to specify netmasks in the --ip-address
option of host-add. They're used for prope
Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2011-06-14 at 13:53 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
This patch depends on my patch 078. A special patch for stable branch
attached.
---
Create DNS domain for IPA server hostname first so that it's forward
record can be
Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Mon, 20 Jun 2011 15:39:25 -0400
Subject: [PATCH] On a master configure sssd to only talk to the local master.
Otherwise it is possible for sssd to pick a different master to
communicate with via the DNS SRV records and if the remote master
goes down
John Dennis wrote:
On 06/20/2011 10:01 AM, Rob Crittenden wrote:
Am I misreading the documentation on how one can create a DN?
>>> print container
cn=users,cn=accounts
>>> print basedn
dc=example,dc=com
>>> str(DN(container, basedn))
'cn=users,cn=accounts=
Martin Kosek wrote:
On Thu, 2011-06-16 at 09:07 -0400, Rob Crittenden wrote:
I think this is still not right. When you let match_local default to
False, --ip-address option in ipa-server-install is checked with
match_local=False and thus the check required by BZ isn't made.
Yes but
been retrieved.
ticket https://fedorahosted.org/freeipa/ticket/1354
rob
>From 50ed14e93fdc157100f4fbd3ca91725a8b95f987 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 21 Jun 2011 16:05:11 -0400
Subject: [PATCH] Do lazy LDAP schema retrieval in json handler.
It was possible to get
Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-05-27 at 15:39 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-05-25 at 11:29 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-04-01 at 11:47 -0400, Rob Crittenden wrote:
The hostname is passed in during the
Adam Young wrote:
On 06/21/2011 04:10 PM, Rob Crittenden wrote:
If the first request the web server handles is for a bad ticket (e.g.
expired) then it is possible to get past the point where the lazy LDAP
schema retrieval would happen causing a backtrace in the json handler.
Add a call to get
Jan Cholasta wrote:
On 8.6.2011 16:56, Rob Crittenden wrote:
Jan Cholasta wrote:
On 18.5.2011 17:21, Rob Crittenden wrote:
Make data type of certificates more obvious/predictable internally.
For the most part certificates will be treated as being in DER format.
When we load a certificate we
Martin Kosek wrote:
On Tue, 2011-06-14 at 17:41 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-06-06 at 13:47 -0400, Rob Crittenden wrote:
Our translation files haven't been updated for a few months, this brings
things up to date. It is intended for master only.
All I d
Martin Kosek wrote:
On Fri, 2011-06-17 at 15:37 +0200, Martin Kosek wrote:
On Fri, 2011-06-17 at 14:44 +0200, Martin Kosek wrote:
Make sure that IPA can be installed with root umask set to secure
value 077. ipa-server-install was failing in DS configuration phase
when dirsrv tried to read boot.
John Dennis wrote:
Revised patch attached.
Added copyright notice.
Added support for concatenation and in-place addition for a few more types.
Updated the unit test for the new functionality.
Correct import statement in unit test.
I can work with the updated patch you sent but it isn't in
John Dennis wrote:
Revised patch attached.
Added copyright notice.
Added support for concatenation and in-place addition for a few more types.
Updated the unit test for the new functionality.
Correct import statement in unit test.
Ack, pushed to master and ipa-2-0
___
John Dennis wrote:
The unit test framework recursively checks for equality between the
"expected" and "got". When it finds a non-container object it checks for
equality between the expected and got objects. However sometimes a
simple equality test is insufficient. This can happen when two values
John Dennis wrote:
DN's may be encoded. If we're going to return the value from one of the
RDN's in the DN then we must decode the DN first, otherwise the returned
value won't be what we're expecting. Specifically the value getting
passed back through the RPC interface was not the value set becau
John Dennis wrote:
The csv reader is used to break comma separated lists into individual
items. However what if you want one of those items to have an embedded
comma? The answer is to escape it by preceding the comma with a
backslash. This patch adds support for escaping in the csv reader.
ack
John Dennis wrote:
Update test_role_plugin test to include a comma in a privilege
Introduce a comma into a privilege name to assure we can handle
commas.
Commas must be escaped for some parameters, add escape_comma() utility
and invoke it for the necessary parameters.
Utilize a DN object to pr
Martin Kosek wrote:
On Wed, 2011-06-22 at 08:51 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Haven't had a chance to explore this one yet. It sure would be nice if
dogtag would tell us what the two differing base DNs are though...
This patch should resolve the remaining issue
Martin Kosek wrote:
On Fri, 2011-06-17 at 17:06 -0400, Rob Crittenden wrote:
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica is installed.
A new tool ipa-ca
Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-06-17 at 17:06 -0400, Rob Crittenden wrote:
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica is
Martin Kosek wrote:
On Thu, 2011-06-23 at 09:26 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Wed, 2011-06-22 at 08:51 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Haven't had a chance to explore this one yet. It sure would be nice if
dogtag would tell us what the two diff
Martin Kosek wrote:
On Thu, 2011-06-23 at 17:00 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-06-17 at 17:06 -0400, Rob Crittenden wrote:
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by
icket/1285
https://fedorahosted.org/freeipa/ticket/1286
https://fedorahosted.org/freeipa/ticket/1287
rob
>From 799b187b9819730c12accd2c699a6f1d4eb89a43 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Fri, 24 Jun 2011 14:32:57 -0400
Subject: [PATCH] Enforce class rules when query=True, continu
Martin Kosek wrote:
On Thu, 2011-06-16 at 11:34 -0400, Rob Crittenden wrote:
This patch adds the production mode test to a few more places in the
code. The speed increase is slight, a few hundred ms in my tests, but
every little bit helps.
ticket 1023
rob
I didn't notice much of a spe
Rob Crittenden wrote:
This started as a problem in allowing leading/trailing whitespaces on
primary keys. In nearly every command other than add query is True so
all rules were ignored on the primary key. This meant that to enforce
whitespace we would need to define a validator for each one.
I
Jan Cholasta wrote:
On 23.6.2011 17:19, Martin Kosek wrote:
On Thu, 2011-06-23 at 16:33 +0200, Jan Cholasta wrote:
This patch makes ipactl fail if the hostname isn't fully-qualified. It
also fixes ipa-server-install to fail gracefully in such case, instead
of failing with unexpected error.
htt
Rob Crittenden wrote:
Rob Crittenden wrote:
This started as a problem in allowing leading/trailing whitespaces on
primary keys. In nearly every command other than add query is True so
all rules were ignored on the primary key. This meant that to enforce
whitespace we would need to define a
Adam Young wrote:
On 06/24/2011 05:27 PM, JR Aquino wrote:
https://fedorahosted.org/freeipa/ticket/1326
In case I haven't sent this out before.
~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1
python-rhsm.
I've filed an RFE to get this added but for now this is a way to not do
major surgery to the API and still be at least somewhat user-friendly.
https://fedorahosted.org/freeipa/ticket/1216
rob
>From 088f447912f97601718711210651b9f694e314ff Mon Sep 17 00:00:00 2001
F
d.org/freeipa/ticket/1357
rob
>From ed4dc18cb67b1b512a00c82b72829c9f8accee9b Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 28 Jun 2011 13:09:18 -0400
Subject: [PATCH] Don't set krbLastPwdChange when setting a host OTP password.
We have no visibility into whether an entry has a key
Simo Sorce wrote:
On Mon, 2011-06-27 at 15:50 +0300, Alexander Bokovoy wrote:
Hi,
my first patch :) -- attempts to fix
https://fedorahosted.org/freeipa/ticket/1259
Minor difference for IPA is that IPA command line tools are now
reporting nsAccountLock in upper case (TRUE/FALSE instead of
True/
Alexander Bokovoy wrote:
Hi,
while reading through the code and examples, few typos were identified
and fixed. Really minor patch.
ack, pushed to master and ipa-2-0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailm
Jan Cholasta wrote:
On 21.6.2011 14:15, Jan Cholasta wrote:
This patch adds a new option name_from_ip to dnszone commands. Default
value of idnsname is created from this option.
Honza
Fixed the API version number, added usage example to dns plugin help.
https://fedorahosted.org/freeipa/tick
Martin Kosek wrote:
I suggest adding the following doc to the end of chapter "5.6.
DNS" (after the paragraphs about forwarders):
Any host is permitted to issue recursive queries against configured
forwarders by default. When required, this behavior can be changed
in /etc/named.conf in "allow-rec
Rich Megginson wrote:
ack, pushed to master and ipa-2-0
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rich Megginson wrote:
ack, pushed to master and ipa-2-0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rich Megginson wrote:
ack, pushed to master and ipa-2-0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Cholasta wrote:
https://fedorahosted.org/freeipa/ticket/1358
Honza
ack, pushed to master and ipa-2-0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Cholasta wrote:
This patch effectively renames the netgroup-find option 'private' to
'managed'. 'private' is kept in to maintain API compatibility, but
hidden from the user.
https://fedorahosted.org/freeipa/ticket/1120
Very nice, I like the idea of hiding the old option. Tested with update
existing socket.
https://fedorahosted.org/freeipa/ticket/1349
rob
>From fce79bfe8db1e4b45cb688ebb257bdea333786ca Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Wed, 29 Jun 2011 15:01:18 -0400
Subject: [PATCH] Set the client auth callback after creating the SSL connection.
If we set
:00 2001
From: Rob Crittenden
Date: Wed, 29 Jun 2011 15:09:29 -0400
Subject: [PATCH] In sudo labels we should use RunAs and not Run As.
https://fedorahosted.org/freeipa/ticket/1328
---
API.txt| 12 ++--
ipalib/plugins/sudorule.py | 12 ++--
2 files cha
John Dennis wrote:
On 06/29/2011 03:08 PM, Rob Crittenden wrote:
If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket
Rob Crittenden wrote:
Don't set krbLastPwdChange when setting a host OTP password.
We have no visibility into whether an entry has a keytab or not so
krbLastPwdChange is used as a rough guide.
If this value exists during enrollment then it fails because the host is
considered already j
Rob Crittenden wrote:
Rob Crittenden wrote:
Don't set krbLastPwdChange when setting a host OTP password.
We have no visibility into whether an entry has a keytab or not so
krbLastPwdChange is used as a rough guide.
If this value exists during enrollment then it fails because the ho
enrolledBy represents the DN of the entry that enrolled a host. We don't
want an admin to manipulate this but an aci allowed it. This was a
regression.
ticket 302
rob
>From c9525eeba3a423f3f376a2492fea5f2f89a1250d Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Fri, 1 Jul 2011
mple
- the case of boolean values in nsAccountLock
- a change in the updater code
rob
>From a88cb937ee2d7acb996a0202a106f817c3a39f0d Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Fri, 1 Jul 2011 15:20:36 -0400
Subject: [PATCH 1/4] Fix error in AttrValueNotFound exception example
---
ipa
00:00:00 2001
From: Rob Crittenden
Date: Fri, 1 Jul 2011 15:32:31 -0400
Subject: [PATCH 4/4] Optionally wait for 389-ds postop plugins to complete
Add a new command that lets you wait for an attribute to appear in
a value. Using this you can do things like wait for a managed entry
to be cre
Endi Sukma Dewata wrote:
The following invalid associations have been removed:
- group's memberindirect netgroup and role
- hostgroup's memberofindirect host
Ticket #1366
Ticket #1367
Ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-deve
Rob Crittenden wrote:
389-ds postop plugins, such as the managed entry and memberof plugins,
add values after the data has been returned to the client. In the case
of the managed entry plugin this affects the parent entry as well (adds
an objectclass value).
This wreaks havoc on our tests as
Rob Crittenden wrote:
Rob Crittenden wrote:
389-ds postop plugins, such as the managed entry and memberof plugins,
add values after the data has been returned to the client. In the case
of the managed entry plugin this affects the parent entry as well (adds
an objectclass value).
This wreaks
.org/freeipa/ticket/1388
rob
>From f52e98e12f133ca45b57653c3d69c356e361fce3 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 5 Jul 2011 13:36:48 -0400
Subject: [PATCH] find_entry_by_attr() should fail if multiple entries are found
It will only ever return one entry so if more than one ar
I pushed this as a one-liner.
https://fedorahosted.org/freeipa/ticket/1416
rob
>From d9f1fb5c8cedf844d1110c91489f460635a101d9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 5 Jul 2011 15:03:19 -0400
Subject: [PATCH] Add pwd expiration notif (ipapwdexpadvnotify) to config plugin
Simo Sorce wrote:
On Fri, 2011-07-01 at 14:18 +0200, Jan Cholasta wrote:
On 1.7.2011 14:00, Alexander Bokovoy wrote:
Hi,
On 01.07.2011 14:54, Jan Cholasta wrote:
On 1.7.2011 11:44, Alexander Bokovoy wrote:
New version: forgot to import package_installed_name from ipautil.
Previous version ca
Alexander Bokovoy wrote:
Should we instead look to see if /usr/sbin/nscd exists before calling
chkconfig?
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Some client errors were rather generic or outright misleading. This
cleans up some return values and displays output from the ipa-enrollment
extended operation.
ticket https://fedorahosted.org/freeipa/ticket/1417
>From 89cda040e7ae1f6b1aa97d2df8af25467c7ba410 Mon Sep 17 00:00:00 2001
From:
Reset the login failed count to 0 when an admin (e.g. not the user)
resets the password. Otherwise a newly reset password could fail too.
ticket https://fedorahosted.org/freeipa/ticket/1441
rob
>From 846ac49a4fffb53a1f8a544b0c695ae75e3cf98a Mon Sep 17 00:00:00 2001
From: Rob Crittenden
D
-find --type=deny
works.
ticket https://fedorahosted.org/freeipa/ticket/1432
rob
>From 58c3ba688696828c18ea51b689cb7dcca9413ffe Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Wed, 6 Jul 2011 17:45:53 -0400
Subject: [PATCH] Remove the ability to create new HBAC deny rules.
New rules wil
Use John's new DN class to verify that the subject base passed into
ipa-server-install is valid.
https://fedorahosted.org/freeipa/ticket/1176
rob
>From e8e74f21f62a5ea6368900a03176d606845488b2 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Thu, 7 Jul 2011 11:55:20 -0400
Subject
Rob Crittenden wrote:
Remove deny from the available type options and prevent new ones from
being created (either directly or via a mod).
Type now defaults to allow and will autofill so on the cli the user
won't be prompted for it in interactive mode.
deny is still a valid type for sear
Ticket https://fedorahosted.org/freeipa/ticket/1370 suggests that we
check the plugin precedence for the IPA plugins. It notes that the
modrdn plugin needs to run last, in any case.
Here are the plugins we currently define:
ipa-enrollment
ipa-lockout
ipa-modrdn
ipa-pwd-extop
ipa-uuid
ipa-versi
Martin Kosek wrote:
On Fri, 2011-06-24 at 16:37 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
This started as a problem in allowing leading/trailing whitespaces on
primary keys. In nearly every command other than add query is True so
all rules were ignored on the
xternal CA, then install a replica
with a CA to be sure that works as well. Testing basic installs would be
handy as well.
rob
>From 9bca41c5de3761e5f5d70c4ffa16de120197bf06 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Mon, 11 Jul 2011 17:39:30 -0400
Subject: [PATCH] Use informa
Martin Kosek wrote:
On Mon, 2011-07-11 at 17:45 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-06-24 at 16:37 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
This started as a problem in allowing leading/trailing whitespaces on
primary keys. In nearly
Martin Kosek wrote:
On Tue, 2011-07-05 at 13:42 -0400, Rob Crittenden wrote:
It will only ever return one entry so if more than one are found then we
raise an exception. This is most easily seen in the host plugin where we
search on the server shortname which can be the same across sub-domains
Alexander Bokovoy wrote:
On 12.07.2011 14:51, Martin Kosek wrote:
On Fri, 2011-07-01 at 15:41 -0400, Rob Crittenden wrote:
I found a few test failures that have resulted from some recent commits.
These got lost in the mix of "expected" failures when I did initial
testing on them
Martin Kosek wrote:
On Tue, 2011-07-12 at 09:52 -0400, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On 12.07.2011 14:51, Martin Kosek wrote:
On Fri, 2011-07-01 at 15:41 -0400, Rob Crittenden wrote:
I found a few test failures that have resulted from some recent commits.
These got lost in
301 - 400 of 4169 matches
Mail list logo
