Nalin Dahyabhai wrote:
It looks like we missed the userCategory and hostCategory stuff when we
did the original pass at configuring the nis server and schema compat
plugins for netgroups. Here's a proposed change which should empty the
right fields when we have one or the other set to ALL.
The netgroup plugin was missing the usercategory and hostcategory
associations. This adds them and fixes displaying membership in
netgroup_show.
rob
From a0f98fb52922ec97947e7df9bc4dd32523e1a3a5 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 4 Nov 2010 15:19:14
=config, so it failed.
ticket https://fedorahosted.org/freeipa/ticket/414
rob
From 98c033712ec27c5692246cb6f2d1d91087b98fa5 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 4 Nov 2010 15:23:25 -0400
Subject: [PATCH] Fix NotFound exception in ipa-nis-manage.
The signature
There was a corner case where the value of --ip-address was never
verified if you were also setting up DNS.
Added this bit of information to the man page too.
ticket 399
rob
From a006ecb181c2ae88d3fa5d25c428e11d8b5c0590 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date
Adam Young wrote:
Renamed the plugin to 'batch' which is a better name than bulk. Added
the example to the docs, put a header on it, and removed the changes to
internal.py
This will blow up if args ends up being empty so we'll need to address
that at some point. This particular error I think
Adam Young wrote:
On 11/05/2010 02:29 PM, Adam Young wrote:
REbased, got the links for add and removed chacked as well, and set
defautl to 'rsc'
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
e1f262397353f37a525a0a3d7d2a8405da1d7db2 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 5 Nov 2010 15:16:53 -0400
Subject: [PATCH] Revoke a host's certificate (if any) when it is deleted or disabled.
Disable any services when its host is disabled.
This also adds
uninstall but stopping
them all first is cleaner. Its how I've been uninstalling for months now
anything (ipactl stop ipa-server-install --uninstall -U).
ticket https://fedorahosted.org/freeipa/ticket/349
rob
From a0a63a231f44570f2f7de09e69c0edd5b2f339d6 Mon Sep 17 00:00:00 2001
From: Rob
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/04/2010 08:21 PM, Rob Crittenden wrote:
The netgroup plugin was missing the usercategory and hostcategory
associations. This adds them and fixes displaying membership in
netgroup_show.
rob
The code looks OK and works
:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Mon, 8 Nov 2010 14:09:04 -0500
Subject: [PATCH] Use PATH in env when running commands to find binaries.
Fedora 14 moved the kerberos binaries from /usr/kerberos/[s]bin to
/usr/[s]bin. Pass PATH to the environment in ipautil.run() so we can
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/03/2010 06:52 PM, Rob Crittenden wrote:
This tool was designed to fix CVE-2008-3274. This configuration is
default now in V2 so this isn't needed now.
https://fedorahosted.org/freeipa/ticket/331
rob
Ack
pushed
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/03/2010 04:52 PM, Rob Crittenden wrote:
Add gdm, gdm-password and kdm as default hbac services.
ticket https://fedorahosted.org/freeipa/ticket/307
rob
Ack
pushed to master
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Uses a new subclass IPAOptionParser in scripts instead of OptionParser
from the standard python library. IPAOptionParser uses its own IPAOption
class to store options, which adds a new 'sensitive' attribute.
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(resending to the list, I accidentally replied to Rob only before..)
On 11/02/2010 04:24 AM, Rob Crittenden wrote:
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://fedorahosted.org/freeipa/ticket/154
Rob Crittenden wrote:
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(resending to the list, I accidentally replied to Rob only before..)
On 11/02/2010 04:24 AM, Rob Crittenden wrote:
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/04/2010 08:56 PM, Rob Crittenden wrote:
Rename 60sudo.ldif to 60ipasudo.ldif. We are overwriting a file of the
same name from the default 389-ds schema.
rob
Ack
pushed to master
This will let one host do things on behalf of another host (request a
keytab, certificate, etc).
ticket https://fedorahosted.org/freeipa/ticket/280
rob
From 9e9ae1b890c324f05af71540763631a6e91c2a06 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 9 Nov 2010 13:57:02
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Instead of print and return, use sys.exit() to quit scripts with an
error message and a non zero return code.
https://fedorahosted.org/freeipa/ticket/425
This isn't applying for me. Can you try to rebase it?
thanks
rob
Pavel Zůna wrote:
Ticket #452
Pavel
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rob Crittenden wrote:
Simo Sorce wrote:
This patch configures IPA to use the currently strongest available
enctype for the master key.
Fixes #456
Simo.
ack
pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
The pwpolicy plugin wasn't returning effective rights. I fixed that and
it will also return the rights for cospriority if showing a group.
rob
From 624ee8daeb26c420722d11e6f37af315e4922847 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 9 Nov 2010 16:05:54 -0500
9bb5fbc682bf290b81e5b86efcaf28d5970550b6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 10 Nov 2010 16:21:19 -0500
Subject: [PATCH] Reduce the number of attributes a host is allowed to write.
The list of attributes that a host bound as itself could write was
overly broad.
A host can now only
Don't include internal commands in `ipa help commands` output.
https://fedorahosted.org/freeipa/ticket/463
rob
From 149433420ef701e61ef0cc00be632370dc8e771f Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 10 Nov 2010 16:51:00 -0500
Subject: [PATCH] Don't include
Jan Zelený wrote:
Rob Crittendenrcrit...@redhat.com wrote:
Jan Zelený wrote:
I tried one other solution, but this approach was recommended to me by
Pavel. It seems to be working fine. If you don't agree with the concept
(detection per request), I can present you the original one.
Jan Zelený wrote:
Jan Zelenýjzel...@redhat.com wrote:
Now each plugin can define its topic as a 2-tuple, where the first
item is the name of topic it belongs to and the second item is
a description of such topic. Topic descriptions must be the same
for all modules belonging to the topic.
By
To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the
Alpha 5 release of freeIPA 2.0 server [1]. Binaries are available for
F-12, F-13 and F-14.
This alpha is a bug fix release over the previous alpha
Jakub Hrozek wrote:
On Wed, Nov 10, 2010 at 04:53:02PM -0500, Rob Crittenden wrote:
Don't include internal commands in `ipa help commands` output.
https://fedorahosted.org/freeipa/ticket/463
rob
With this patch, commands like cos* or batch don't show up with ipa
help commands
- ACK
Jakub Hrozek wrote:
On Wed, Nov 10, 2010 at 05:33:31PM -0500, Rob Crittenden wrote:
Increase default username length to 32 and max for users and groups to 255.
rob
Adding users with usernames longer than 8 characters works OK until the
limit of 32 at which point I got:
ipa: ERROR: invalid
Jakub Hrozek wrote:
On Wed, Nov 10, 2010 at 04:25:18PM -0500, Rob Crittenden wrote:
The list of attributes that a host bound as itself could write was
overly broad.
A host can now only update its description, information about itself
such as OS release, etc, its certificate, password
Password policy needs to update the class of service priority in another
entry. Include the CoS attribute when reporting rights.
rob
From 624ee8daeb26c420722d11e6f37af315e4922847 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 9 Nov 2010 16:05:54 -0500
Subject
Simo Sorce wrote:
The pwpolicy plugin was basically hardcoded to version 1.8 instead of
checking for= 1.8
This patch uses distutils.version to fix that.
Simo.
ack
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
baa4bbed69cf8092e0f215aa457b0d5c539f341e Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 5 Nov 2010 15:16:53 -0400
Subject: [PATCH 1/2] Revoke a host's certificate (if any) when it is deleted or disabled.
Disable any services when its host is disabled.
This also adds displaying the certificate
Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 09 Nov 2010 14:00:00 -0500
Rob Crittendenrcrit...@redhat.com wrote:
+
+ Add a host that can manage this host's keytab and certificate:
+ ipa host-add-host --hosts=test2 test
I do not want to nack, but looking at this command in isolation I
Rob Crittenden wrote:
Jakub Hrozek wrote:
On Mon, Nov 01, 2010 at 12:08:36PM -0400, Rob Crittenden wrote:
Make sure a detached group has the default list of objectclasses.
ipaUniqueId is handled by the new uuid plugin.
https://fedorahosted.org/freeipa/ticket/250
rob
I haven't fully tested
Adam Young wrote:
On 11/18/2010 11:22 AM, Rob Crittenden wrote:
Password policy needs to update the class of service priority in
another entry. Include the CoS attribute when reporting rights.
rob
___
Freeipa-devel mailing list
Freeipa-devel
Adam Young wrote:
On 11/18/2010 05:05 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 09 Nov 2010 14:00:00 -0500
Rob Crittendenrcrit...@redhat.com wrote:
+
+ Add a host that can manage this host's keytab and certificate:
+ ipa host-add-host --hosts=test2 test
I
The rename of index.xhtml to index.html was causing a build failure.
I've pushed the attached patch to fix it.
rob
From fa1cb7cd442b8b2c808fac2e377c641883ff648d Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 19 Nov 2010 09:30:56 -0500
Subject: [PATCH] Fix build
Adam Young wrote:
On 11/19/2010 09:15 AM, Adam Young wrote:
On 11/18/2010 10:04 PM, Rob Crittenden wrote:
Adam Young wrote:
On 11/18/2010 11:22 AM, Rob Crittenden wrote:
Password policy needs to update the class of service priority in
another entry. Include the CoS attribute when reporting
Simo Sorce wrote:
This patch automatically disables pkinit when installing with
dogatg until dogtag support is added to the pkinit install bits.
Simo.
nack
I think this should be just: if not options.selfsign: ...
external_cert_file and external_ca_file are used when you are setting up
Jakub Hrozek wrote:
On Thu, Nov 18, 2010 at 05:37:52PM -0500, Rob Crittenden wrote:
Rob Crittenden wrote:
Jakub Hrozek wrote:
On Mon, Nov 01, 2010 at 12:08:36PM -0400, Rob Crittenden wrote:
Make sure a detached group has the default list of objectclasses.
ipaUniqueId is handled by the new
Jakub Hrozek wrote:
https://fedorahosted.org/freeipa/ticket/245
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
If an empty member list was passed in we would crap out because we were
trying to iterate over None. Add a test for this.
ticket 486
rob
From 877d45f579b865d3f4ea3d17036c3a9e73e9f624 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 19 Nov 2010 14:56:25 -0500
Subject
does some amount
of validation in the preop.
I added a failsafe so that if the host add is successful but the dns add
fails it raises an error to that effect, it doesn't roll back all the
changes.
rob
From 35549f54af48df17a3c0a4d7ecc44035e1e03560 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
From 1bef93968eab8aa1d4f165ef5e7f55fee159eafa Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 19 Nov 2010 23:12:42 -0500
Subject: [PATCH] Handle wget failures trying to retrieve the CA during the client install
ticket 405
---
ipa-client/ipa-install/ipa-client-install
to
/usr/share/tomcat5/common/lib/xalan-j2-serializer.jar
rob
From fa9366fdc141083489736a3911d50236ca7c1801 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Mon, 22 Nov 2010 10:27:34 -0500
Subject: [PATCH] Catch when we fail to get a cert chain from the CA during installation
Jan Zelený wrote:
Rob Crittendenrcrit...@redhat.com wrote:
Jan Zelený wrote:
Jan Zelenýjzel...@redhat.com wrote:
Now each plugin can define its topic as a 2-tuple, where the first
item is the name of topic it belongs to and the second item is
a description of such topic. Topic descriptions
Simo Sorce wrote:
Fixes #527
Simo.
There is no selfsign option in ipa-replica-prepare. At best you can
detect whether it is selfsigned by calling certs.ipa_self_signed()
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Adam Young wrote:
On 11/19/2010 03:08 PM, Simo Sorce wrote:
On Thu, 11 Nov 2010 19:51:23 -0500
Simo Sorcesso...@redhat.com wrote:
With this patch 2 changes are introduced.
1. idranges are unified, the --uidstart and --gistart options are
removed and instead --idtsrat and --idmax are
I pushed this under the 1-liner rule.
Don't use full pathnames for kerberos binaries, let PATH find them.
Kerberos binaries may be in /usr/kerberos/*bin or /usr/*bin, let PATH
sort it out.
diff --git a/ipaserver/install/krbinstance.py
b/ipaserver/install/krbinstance.py
index
Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 20 Oct 2010 10:26:08 -0400
Rob Crittendenrcrit...@redhat.com wrote:
Add ability to add/remove DNS records when adding/removing a host
entry.
A host in DNS must have an IP address so a valid IP address is
required when adding a host. The --force
Pavel Zuna wrote:
Add the opportunity to change base DN and scope in the callback.
This makes the callback a lot more powerful, because it enables the
plugin author to broaden or completely change the search location.
Pavel
Ack.
___
Freeipa-devel
Simo Sorce wrote:
On Wed, 17 Nov 2010 15:07:03 -0500
Rob Crittendenrcrit...@redhat.com wrote:
aci: (targetattr != userPassword || krbPrincipalKey ||
sambaLMPassword || sambaNTPassword || passwordHistory ||
krbMKey)(version 3.0; acl Enable Anonymous access; allow (read,
search, compare)
Simo Sorce wrote:
On Wed, 17 Nov 2010 15:07:03 -0500
Rob Crittendenrcrit...@redhat.com wrote:
+aci: (targetattr != userPassword || krbPrincipalKey ||
sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey ||
krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey ||
I added some more documentation and examples to the aci plugin on targets.
ticket 310
rob
From f155f75ce44e53bb8e6122e0eea9c2e308c7ab36 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 24 Nov 2010 14:48:51 -0500
Subject: [PATCH] Add more information and examples
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/22/2010 04:21 PM, Jakub Hrozek wrote:
On 11/22/2010 04:16 PM, Jakub Hrozek wrote:
The code handles it (I just ran a quick test with --schema=RFC2307bis).
It just iterates through all members of a group -- be it user
David O'Brien wrote:
Rob Crittenden wrote:
Increase default username length to 32 and max for users and groups to
255.
rob
There doesn't appear to be a default max groupname length like there is
for usernames. Does that mean it defaults to 255?
/dob
It just isn't configurable like
Nalin Dahyabhai wrote:
The attached patch modifies autogen.sh so that it runs autoreconf with
the -f flag, too, so that a source rpm package built on an F14 system
will successfully build on a system which has older autotools versions.
It also tells automake to run in its 'foreign' mode and
Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Mon, 29 Nov 2010 17:09:35 -0500
Subject: [PATCH] Create user private groups with a uniqueid.
If we don't then we need to add it when a group is detached causing
aci issues.
I had to move where we create the UPG template until
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If encode_keys() failed, we would free the variable smods which is
unitilialized at the time.
Ok, seems simple enough. Ack, pushed to master.
btw I've seen encode_keys() fail on me during ber-encoding of the octet
part of
Pavel Zůna wrote:
LDAPSearch base class has now the ability to generate additional
options for objects with member attributes. These options are
used to filter search results - search only for objects without
the specified members.
Any class that extends LDAPSearch can benefit from this
Simo Sorce wrote:
On Mon, 29 Nov 2010 17:12:41 -0500
Rob Crittendenrcrit...@redhat.com wrote:
Add ipaUniqueId to user private groups. If we didn't then when the
group is detached we need to add it and this makes the acis more
problematic.
I had to move where we load the UPG ldif until after
Simo Sorce wrote:
On Wed, 17 Nov 2010 15:07:03 -0500
Rob Crittendenrcrit...@redhat.com wrote:
+aci: (targetattr != userPassword || krbPrincipalKey ||
sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey ||
krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey ||
Simo Sorce wrote:
On Wed, 24 Nov 2010 09:00:24 +0100
Jan Zelenýjzel...@redhat.com wrote:
Rob Crittendenrcrit...@redhat.com wrote:
This uses an enhanced memberof plugin that allows multiple
attributes to be configured to create memberOf attributes.
This patch requires a new 389-ds-base,
d72412ed1af20fa0ddf743a8e23b13bea05ae5c9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 30 Nov 2010 14:00:01 -0500
Subject: [PATCH] Drop outdated install/tools/README and add QuickStart link to top README
ticket 420
---
README |6
install/tools/README | 67
0fce432d1f94382cb5257955db0027263c17e45a Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 30 Nov 2010 15:07:26 -0500
Subject: [PATCH] Add labels for passwords, fix output of exceptions, fix passwd output.
Passwords didn't have internationalizable labels.
Exceptions that occured during required
Pavel Zuna wrote:
Required Password params were prompted for like any other non-Password
params, resulting in the password being displayed on the command line
and there was no confirmation.
Ticket #361
Pavel
Ack, pushed to master
rob
___
Simo Sorce wrote:
This patch enables the entryUSN plugin by default at install time.
EntryUSN numbers are ususful fro clients that want to track newest
objects w/o having to care about timestamps dated in the past and
replicated by other masters.
EntrUSN numbers are valid only in the context
Adam Young wrote:
On 12/01/2010 05:07 PM, Adam Young wrote:
The attached patch is required on top of the changes, as the admin
user no longer has any rolegroup, and thus would see the self service
api. It should be pushed with this patch.
posted the wrong version. THis one checks for presence
Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 2 Dec 2010 11:05:54 -0500
Subject: [PATCH] Provide list of available attributes for use in ACI UI.
Also include flag indicating whether the object is bindable. This will
be used to determine if the object can have
David O'Brien wrote:
Rob Crittenden wrote:
I added some more documentation and examples to the aci plugin on
targets.
ticket 310
rob
NACK
Running behind with reviews, sorry. Just a few minor fixes:
s/targetted/targeted/
s/This is primarily meant to be able to allow users to add/remove
Rob Crittenden wrote:
David O'Brien wrote:
Rob Crittenden wrote:
I added some more documentation and examples to the aci plugin on
targets.
ticket 310
rob
NACK
Running behind with reviews, sorry. Just a few minor fixes:
s/targetted/targeted/
s/This is primarily meant to be able to allow
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/02/2010 03:33 PM, Adam Young wrote:
This seems to make sense. Can you provide some context before I ACK?
We're discussing it with Rob in the ticket, too:
https://fedorahosted.org/freeipa/ticket/555
It works for me,
Jan Zelený wrote:
I'm posting two patches fixing some issues with the HBAC plugin:
https://fedorahosted.org/freeipa/ticket/487
https://fedorahosted.org/freeipa/ticket/494
https://fedorahosted.org/freeipa/ticket/495
Ack patch 0007, pushed to master.
rob
Simo Sorce wrote:
On Tue, 23 Nov 2010 15:14:27 -0500
Rob Crittendenrcrit...@redhat.com wrote:
Use better description for group names in help and always prompt for
members
When runningfoo-[add|remove]-member completely interactively it
didn't prompt for managing membership, it just reported
Jakub Hrozek wrote:
On Tue, Nov 30, 2010 at 02:02:00PM -0500, Rob Crittenden wrote:
The README in install/tools is really for v1 and contains almost
nothing useful for v2 so I'm proposing to drop it altogether.
I'm also adding a link to the QuickStart guide on the trac wiki. The
guide itself
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/30/2010 09:13 PM, Rob Crittenden wrote:
A couple of Password attributes had no label so prompting looked bad.
When printing exceptions we need to convert the label and error to
unicode so translations work.
Use standard
The global pwpolicy group by definition doesn't have a cos entry. Don't
look for one.
ticket 523
rob
From 7ab80f34013a21c6b7debd2e45c65eea16fa2973 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 3 Dec 2010 13:07:22 -0500
Subject: [PATCH] Don't look up the CoS entry
Simo Sorce wrote:
On Fri, 03 Dec 2010 13:25:53 -0500
Rob Crittendenrcrit...@redhat.com wrote:
The global pwpolicy group by definition doesn't have a cos entry.
Don't look for one.
ticket 523
rob
ack
Simo.
pushed to master
___
Freeipa-devel
Jan Zelený wrote:
Jan Zelenýjzel...@redhat.com wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=654117#c4
Sending corrected patch. A little modification of the doc formulation and
renaming the patch so it follows the guidelines.
Jan
Can't we do a group-show in the mod pre_callback to
Rather than shipping and maintaining our own kerberos schema file use
the one provided by MIT instead.
ticket 505
rob
From 59f4f9eb8a4abf867ac4b0f6643db1b563268f30 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 3 Dec 2010 16:48:25 -0500
Subject: [PATCH] Use
I've pushed this under the 1-liner rule.
We changed the continue-deleting-on-error from --continuous to
--continue. Looks like we missed one.
rob
From 1bcd4a389d90e6f95505c1589769c5ab809601d8 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 3 Dec 2010 17:32:38
Jan Zelený wrote:
Simo Sorcesso...@redhat.com wrote:
On Fri, 03 Dec 2010 17:25:20 -0700
Rich Megginsonrmegg...@redhat.com wrote:
On 12/03/2010 04:26 PM, Simo Sorce wrote:
In Fedora 14, 389-ds started linking against openldap libraries
instead of the old mozldap libraries.
This patch
Jan Zelený wrote:
Rob Crittendenrcrit...@redhat.com wrote:
Jan Zelený wrote:
Jan Zelenýjzel...@redhat.com wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=654117#c4
Sending corrected patch. A little modification of the doc formulation and
renaming the patch so it follows the
Jan Zelený wrote:
Rob Crittendenrcrit...@redhat.com wrote:
Ensure list of attrs to retrieve is unique, optimize getting indirect
members
This fixes search where we were asking for the member attribute 10 or
more times.
When retrieving indirect members make sure we always pass around the
David O'Brien wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
David O'Brien wrote:
Rob Crittenden wrote:
I added some more documentation and examples to the aci plugin on
targets.
ticket 310
rob
NACK
Running behind with reviews, sorry. Just a few minor fixes:
s/targetted/targeted/
s
From: Rob Crittenden rcrit...@redhat.com
Date: Mon, 6 Dec 2010 15:09:03 -0500
Subject: [PATCH] Add new parameter type IA5Str and use this to enforce the right charset.
ticket 496
---
install/share/60ipaconfig.ldif |2 +-
ipalib/__init__.py |2 +-
ipalib/errors.py
Jakub Hrozek wrote:
On Wed, Nov 24, 2010 at 04:54:19PM -0500, Rob Crittenden wrote:
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/22/2010 04:21 PM, Jakub Hrozek wrote:
On 11/22/2010 04:16 PM, Jakub Hrozek wrote:
The code handles it (I just ran a quick test
Jakub Hrozek wrote:
https://fedorahosted.org/freeipa/ticket/455
This patch depends on my patch 015 (in thread Make the migration plugin
more configurable)
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 7 Dec 2010 16:30:37 -0500
Subject: [PATCH] Add plugin for manage self-service ACIs
This is just a thin wrapper around the aci plugin, controlling what
types of ACIs can be added.
Right now only ACIs in the basedn can
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/07/2010 02:08 PM, Pavel Zuna wrote:
Fixes an attribute name mismatch in the config plugin.
Ticket #573
Pavel
Ack
pushed to master
___
Freeipa-devel mailing list
Jakub Hrozek wrote:
ipa automountlocation-add baltimore
ipa automountmap-add baltimore auto.share
ipa automountkey-add baltimore auto.master /share --info=auto.share
ipa automountkey-add baltimore auto.share man
- --info=-ro,soft,rsize=8192,wsize=8192 ipa.example.com:/shared/man
ipa
While testing Jakub's patch I discovered that the automount tests were
pretty badly broken (not related to his changes). This should fix things.
rob
From d24569e45cd51d70f704e5e9c911b82d7d8c9a01 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 7 Dec 2010 17:18:04
Adam Young wrote:
On 12/07/2010 04:33 PM, Rob Crittenden wrote:
Add plugin for manage self-service ACIs
This is just a thin wrapper around the aci plugin, controlling what
types of ACIs can be added.
Right now only ACIs in the basedn can be managed with this plugin.
I've got an e-mail
of lists so it was failing later in the process as well.
I've added some simple tests for setattr and addattr.
ticket 565
rob
From 7fcd53c685f981f7fd1343f1145476dd0dca1050 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 8 Dec 2010 13:26:27 -0500
Subject: [PATCH
Round out our trio of access control plugins. This adds group to group
delegation where you can grant group A the ability to write a set of
attributes of group B (v1-style delegation).
rob
From e374d8886280d515088c63cc4e0d707e97f0bf42 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/07/2010 11:19 PM, Rob Crittenden wrote:
While testing Jakub's patch I discovered that the automount tests were
pretty badly broken (not related to his changes). This should fix things.
rob
All tests pass now.
Ack
Jan Zelený wrote:
Rob Crittendenrcrit...@redhat.com wrote:
Give the memberof plugin time to work when adding/removing reverse members.
When we add/remove reverse members it looks like we're operating on
group A but we're really operating on group B. This adds/removes the
member attribute on
Jan Zelený wrote:
Rob Crittendenrcrit...@redhat.com wrote:
The problem was that the normalizer was returning each value as a tuple
which we were then appending to a list, so it looked like [(u'value1',),
(u'value2',),...]. If there was a single value we could end up adding a
tuple to a list
Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/07/2010 05:50 PM, Rob Crittenden wrote:
Add some documentation to the migrate-ds command.
rob
Ack
pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Jan Zelený wrote:
Rob Crittendenrcrit...@redhat.com wrote:
The alwaysask option for params was meant to prompt for things that are
needed but not strictly required, like when adding members to a group.
We don't need to prompt if something is provided on the command-line
though.
ticket 604
701 - 800 of 3315 matches
Mail list logo