Hi,
this patch should fix the reopend
https://fedorahosted.org/freeipa/ticket/3019 .
bye,
Sumit
From 4bd788af75f04371e6f8b974340433b41bd4f8e2 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 4 Oct 2012 12:40:33 +0200
Subject: [PATCH] ipa-adtrust-install: print list of needed
the restart of the KDC.
Comments are welcome.
bye
Sumit
From 5014831c66fa73bb25715725498c45e7d796 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 5 Oct 2012 12:06:24 +0200
Subject: [PATCH] ipadb: reload trust information if domain is not know
Currently the data about
On Fri, Oct 05, 2012 at 12:17:02PM +0200, Sumit Bose wrote:
Hi,
currently the KDC must be restarted if a new trust is added to make the
KDC aware of the new domain. With the attached patch the data is
reloaded automatically if a request from an unknown domain was received.
It works for me
On Fri, Oct 05, 2012 at 09:45:58AM -0400, Simo Sorce wrote:
On Fri, 2012-10-05 at 16:27 +0300, Alexander Bokovoy wrote:
On Tue, 02 Oct 2012, Simo Sorce wrote:
On Tue, 2012-10-02 at 21:29 +0200, Sumit Bose wrote:
Hi,
this patch should fix https://fedorahosted.org/freeipa/ticket/2955
On Fri, Oct 05, 2012 at 06:34:25PM +0200, Sumit Bose wrote:
On Fri, Oct 05, 2012 at 09:45:58AM -0400, Simo Sorce wrote:
On Fri, 2012-10-05 at 16:27 +0300, Alexander Bokovoy wrote:
On Tue, 02 Oct 2012, Simo Sorce wrote:
On Tue, 2012-10-02 at 21:29 +0200, Sumit Bose wrote:
Hi
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3147 by adding
the default fallback group with an LDIF file instead of using the
framework.
bye,
Sumit
From 2cd6a4e0f93c34df60a221ea7e96a5c2735ece4d Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 8 Oct 2012 10:44
On Fri, Oct 05, 2012 at 09:17:47PM +0300, Alexander Bokovoy wrote:
On Fri, 05 Oct 2012, Simo Sorce wrote:
A onliner but better to have it validated by a second pair of eyes.
Yep. Go ahead.
The origin of USES_RC4_ENCRYPTION comes from Samba 3 code in net utility
that Sumit implemented ~1.5
On Mon, Oct 08, 2012 at 09:11:59AM -0400, Simo Sorce wrote:
On Mon, 2012-10-08 at 13:29 +0200, Sumit Bose wrote:
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3147 by
adding
the default fallback group with an LDIF file instead of using the
framework.
bye,
Sumit
On Fri, Oct 05, 2012 at 08:44:41AM -0400, Simo Sorce wrote:
On Fri, 2012-10-05 at 13:32 +0200, Sumit Bose wrote:
From f8726fe1c4a2ab71ada1297003e3dbe6068e4207 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 5 Oct 2012 12:06:24 +0200
Subject: [PATCH] ipadb: reload
On Wed, Oct 10, 2012 at 10:52:18AM +0300, Alexander Bokovoy wrote:
Hi,
Domain Admins RID is -512, not -513. Fix the documentation text.
--
/ Alexander Bokovoy
ACK
bye,
Sumit
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On Wed, Oct 10, 2012 at 10:51:11AM +0300, Alexander Bokovoy wrote:
Warn about manual DNA plugin configuration when working with local ID ranges
since we currently do not support automatic pick up of the changed
settings for local ID ranges by the DNA plugin.
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make
is looked up.
FreeIPA ticket is https://fedorahosted.org/freeipa/ticket/3166 .
bye,
Sumit
From 014f92f1beda9788721282f54fae285f57f29f95 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 11 Oct 2012 12:13:53 +0200
Subject: [PATCH] extdom: handle INP_POSIX_UID and INP_POSIX_GID
On Mon, Oct 15, 2012 at 04:10:45PM +0300, Alexander Bokovoy wrote:
Hi!
We don't use smbpasswd in adtrustinstance anymore so the check is
bogus.
One-liner.
--
/ Alexander Bokovoy
ACK
bye,
Sumit
From 687f448a4b7d12ddb356f8e2a35a93fe9611b7cb Mon Sep 17 00:00:00 2001
From: Alexander
On Wed, Oct 10, 2012 at 12:59:53PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 10:51:11AM +0300, Alexander Bokovoy wrote:
Warn about manual DNA plugin configuration when working with local ID ranges
since we currently do not support
On Wed, Oct 10, 2012 at 06:05:02PM +0300, Alexander Bokovoy wrote:
Hi,
this patch originated from off-list discussion regarding multiple runs
of ipa trust-add against the same domain.
Since trust-add re-establishes the trust every time it is run and all
the other information fetched from
On Wed, Sep 26, 2012 at 06:36:40PM -0400, Simo Sorce wrote:
This patch allows Windows to send us TGTs using AES.
Simo.
--
Simo Sorce * Red Hat, Inc. * New York
(sorry for the long delay)
ACK, patch is working as expected with w2k8r2.
bye,
Sumit
On Wed, Oct 17, 2012 at 12:59:52PM +0200, Tomas Babej wrote:
On 10/17/2012 11:14 AM, Sumit Bose wrote:
On Tue, Oct 16, 2012 at 02:26:24PM +0200, Tomas Babej wrote:
Hi,
commands ipa idrange-add / idrange-mod no longer allows the user
to enter primary or secondary rid range such that has non
On Wed, Oct 17, 2012 at 03:29:11PM +0200, Tomas Babej wrote:
On 10/17/2012 02:34 PM, Sumit Bose wrote:
On Wed, Oct 17, 2012 at 12:59:52PM +0200, Tomas Babej wrote:
On 10/17/2012 11:14 AM, Sumit Bose wrote:
On Tue, Oct 16, 2012 at 02:26:24PM +0200, Tomas Babej wrote:
Hi,
commands ipa
On Thu, Oct 18, 2012 at 08:31:50AM +0200, Tomas Babej wrote:
On 10/17/2012 08:12 PM, Sumit Bose wrote:
On Wed, Oct 17, 2012 at 03:29:11PM +0200, Tomas Babej wrote:
On 10/17/2012 02:34 PM, Sumit Bose wrote:
On Wed, Oct 17, 2012 at 12:59:52PM +0200, Tomas Babej wrote:
On 10/17/2012 11:14 AM
On Thu, Oct 18, 2012 at 11:42:34PM +0300, Alexander Bokovoy wrote:
On Thu, 18 Oct 2012, Sumit Bose wrote:
On Thu, Oct 18, 2012 at 10:00:54PM +0300, Alexander Bokovoy wrote:
Hi,
this is work in progress, shared mostly to get comments.
Simo, Sumit, this is an attempt to resolve external
Hi,
this patches fixes https://fedorahosted.org/freeipa/ticket/3185 by
restarting httpd as one of the last steps of ipa-adtrust-install.
bye,
Sumit
From f5595145fa2c6732d393980462e9046ec1f24da7 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 24 Oct 2012 12:14:51 +0200
On Wed, Oct 24, 2012 at 12:31:57PM +0200, Martin Kosek wrote:
On 10/24/2012 12:19 PM, Sumit Bose wrote:
Hi,
this patches fixes https://fedorahosted.org/freeipa/ticket/3185 by
restarting httpd as one of the last steps of ipa-adtrust-install.
bye,
Sumit
This patch is targeted
On Wed, Oct 24, 2012 at 01:07:03PM +0200, Martin Kosek wrote:
On 10/24/2012 12:48 PM, Sumit Bose wrote:
On Wed, Oct 24, 2012 at 12:31:57PM +0200, Martin Kosek wrote:
On 10/24/2012 12:19 PM, Sumit Bose wrote:
Hi,
this patches fixes https://fedorahosted.org/freeipa/ticket/3185
Hi,
this patch allows ipa-adtrust-install to reset the NetBIOS domain name
and fixes https://fedorahosted.org/freeipa/ticket/3192 .
bye,
Sumit
From c535204b6e07a8a661f5f1e445ee655dc9f84440 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 29 Oct 2012 21:43:56 +0100
Subject
On Mon, Oct 29, 2012 at 05:11:27PM -0400, Rob Crittenden wrote:
Sumit Bose wrote:
On Wed, Oct 24, 2012 at 01:07:03PM +0200, Martin Kosek wrote:
On 10/24/2012 12:48 PM, Sumit Bose wrote:
On Wed, Oct 24, 2012 at 12:31:57PM +0200, Martin Kosek wrote:
On 10/24/2012 12:19 PM, Sumit Bose wrote:
Hi
On Tue, Oct 30, 2012 at 03:55:04PM +0100, Martin Kosek wrote:
On 10/30/2012 02:35 PM, Sumit Bose wrote:
On Mon, Oct 29, 2012 at 05:11:27PM -0400, Rob Crittenden wrote:
Sumit Bose wrote:
On Wed, Oct 24, 2012 at 01:07:03PM +0200, Martin Kosek wrote:
On 10/24/2012 12:48 PM, Sumit Bose wrote
On Wed, Oct 31, 2012 at 04:03:14PM +0100, Martin Kosek wrote:
On 10/30/2012 12:16 PM, Sumit Bose wrote:
Hi,
this patch allows ipa-adtrust-install to reset the NetBIOS domain name
and fixes https://fedorahosted.org/freeipa/ticket/3192 .
bye,
Sumit
Hello Sumit,
I found
On Fri, Nov 02, 2012 at 02:54:32PM +0100, Martin Kosek wrote:
On 11/02/2012 12:54 PM, Sumit Bose wrote:
On Wed, Oct 31, 2012 at 04:03:14PM +0100, Martin Kosek wrote:
On 10/30/2012 12:16 PM, Sumit Bose wrote:
Hi,
this patch allows ipa-adtrust-install to reset the NetBIOS domain name
On Mon, Nov 05, 2012 at 01:18:49PM +0100, Martin Kosek wrote:
On 11/02/2012 09:50 PM, Sumit Bose wrote:
On Fri, Nov 02, 2012 at 02:54:32PM +0100, Martin Kosek wrote:
On 11/02/2012 12:54 PM, Sumit Bose wrote:
On Wed, Oct 31, 2012 at 04:03:14PM +0100, Martin Kosek wrote:
On 10/30/2012 12:16
On Wed, Nov 07, 2012 at 07:23:52PM +0530, Steeve Goveas wrote:
On 11/07/2012 06:33 PM, Martin Kosek wrote:
On 11/07/2012 01:54 PM, Sumit Bose wrote:
On Mon, Nov 05, 2012 at 01:18:49PM +0100, Martin Kosek wrote:
On 11/02/2012 09:50 PM, Sumit Bose wrote:
On Fri, Nov 02, 2012 at 02:54:32PM +0100
On Thu, Nov 08, 2012 at 08:20:04AM +0100, Martin Kosek wrote:
On 11/07/2012 05:48 PM, Sumit Bose wrote:
On Wed, Nov 07, 2012 at 07:23:52PM +0530, Steeve Goveas wrote:
On 11/07/2012 06:33 PM, Martin Kosek wrote:
On 11/07/2012 01:54 PM, Sumit Bose wrote:
On Mon, Nov 05, 2012 at 01:18:49PM
From: Sumit Bose sb...@redhat.com
Date: Wed, 14 Nov 2012 14:22:15 +0100
Subject: [PATCH] Lookup the user SID in external group as well
Currently only the group SIDs from a PAC are used to find out about the
membership in local groups. This patch adds the user SID to the list.
Fixes https
On Wed, Nov 28, 2012 at 09:23:07AM +0100, Petr Spacek wrote:
Hello,
at the moment it is not possible to install FreeIPA 3.0 to Fedora 18.
With Fedora 18 + updates repos active it dies during dependency
solving. I used clean F18 template on vm-077.
# yum clean all
Cleaning repos: fedora
On Wed, Nov 28, 2012 at 12:44:27PM -0500, Simo Sorce wrote:
Fixes: https://fedorahosted.org/freeipa/ticket/3263
Details in the commit.
ACK
bye,
Sumit
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Hi,
this patch unconditionally restarts sssd after authconfig is run to fix
https://fedorahosted.org/freeipa/ticket/3267 .
bye,
Sumit
From 769e5858898eccc9084ce59b8a6eebee065b452d Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 3 Dec 2012 11:45:49 +0100
Subject: [PATCH
Hi,
this patch removes some specific recommendations from an error message
to fix https://fedorahosted.org/freeipa/ticket/3261
bye,
Sumit
From c90cd0c997daa789fb3e4f798c43988daf0eb66f Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 3 Dec 2012 12:16:56 +0100
Subject: [PATCH
On Fri, Dec 07, 2012 at 01:00:16PM +0100, Martin Kosek wrote:
On 12/07/2012 12:26 PM, Martin Kosek wrote:
Our code needs both Requires and BuildRequires set to 389-ds-base
which supports transactions.
--
This patch is for master branch only.
Martin
Attaching a patch with
On Wed, Dec 19, 2012 at 01:36:40PM -0500, John Dennis wrote:
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
Patch is working as expected and he code looks good to me. I just have a
minor comment. I think 'import time' can be removed from
.
= External Impact =
The changes will only touch the KDC IPA backend, no external impact is
expected.
= RFE Author =
[[User:Sbose|Sumit Bose]]
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Tue, Jan 29, 2013 at 10:13:12AM -0500, Simo Sorce wrote:
On Tue, 2013-01-29 at 14:10 +0100, Sumit Bose wrote:
= Implementation =
To avoid issues during upgrade I think all changes done to fix #3263
should be preserved, i.e. the NFS service will have a hardcoded
default
'NONE
On Thu, Jan 31, 2013 at 02:07:22PM +0100, Tomas Babej wrote:
Hi,
this is a fix for a benign typo in ipa-adtrust-install --help description.
Tomas
thanks for catching this. Usually I prefer to add the space at the end
truncated line instead at the beginning of the new line. Do we/the
python
On Tue, Jan 29, 2013 at 10:50:02PM +0200, Alexander Bokovoy wrote:
Hi!
I've been chasing few bugs in FreeIPA's trusted domains support and
found out some grave bugs in both SSSD and FreeIPA.
On FreeIPA server side we configure krb5.conf using following settings:
On Thu, Feb 07, 2013 at 10:55:28AM +0100, Petr Vobornik wrote:
On 02/06/2013 06:27 PM, Ana Krivokapic wrote:
Hello,
Below is a design page for ticket:
https://fedorahosted.org/freeipa/ticket/2945.
There are a couple of questions in the text.
Thoughts, comments welcome!
On Wed, Feb 06, 2013 at 06:27:26PM +0100, Ana Krivokapic wrote:
Hello,
Below is a design page for ticket:
https://fedorahosted.org/freeipa/ticket/2945.
There are a couple of questions in the text.
about 'Do we also need to check if the domain is accessible through
DNS?' I think it would
On Thu, Feb 07, 2013 at 01:57:18PM +0100, Petr Spacek wrote:
On 7.2.2013 13:38, Sumit Bose wrote:
On Wed, Feb 06, 2013 at 06:27:26PM +0100, Ana Krivokapic wrote:
Hello,
Below is a design page for ticket:
https://fedorahosted.org/freeipa/ticket/2945.
There are a couple of questions
Hi,
this patch should fix https://fedorahosted.org/freeipa/ticket/3410 . See
commit message for details.
bye,
Sumit
From 4892c10b273119e20c536285663f1ded6b6ff3fe Mon Sep 17 00:00:00 2001
From: sbose sbose@ipa18-devel.ipa18.devel
Date: Mon, 11 Feb 2013 15:39:22 +0100
Subject: [PATCH] ipa-kdb:
On Tue, Feb 12, 2013 at 12:24:48PM +0100, Martin Kosek wrote:
All known memory leaks caused by unfreed allocated memory or unfreed
LDAP results (which should be also done after unsuccessful searches)
are fixed.
One ipadb_need_retry result check was fixed as this function returns
trust in
On Tue, Feb 12, 2013 at 04:42:52PM +0100, Martin Kosek wrote:
On 02/12/2013 04:26 PM, Simo Sorce wrote:
On Tue, 2013-02-12 at 16:14 +0100, Martin Kosek wrote:
Explained in the commit description - this may not be super-critical, I
just
followed info in ldap_search_ext() man page:
...
On Fri, Feb 15, 2013 at 09:04:38AM +0100, Petr Spacek wrote:
On 14.2.2013 10:07, Sumit Bose wrote:
On Tue, Feb 12, 2013 at 04:42:52PM +0100, Martin Kosek wrote:
On 02/12/2013 04:26 PM, Simo Sorce wrote:
On Tue, 2013-02-12 at 16:14 +0100, Martin Kosek wrote:
Explained in the commit description
On Mon, Feb 18, 2013 at 12:27:35PM +0100, Petr Spacek wrote:
On 15.2.2013 15:22, Ana Krivokapic wrote:
Hello,
The .isalpha() check in validate_domain_name() was too strict,
causing some commands like ipa dnsrecord-add to fail.
https://fedorahosted.org/freeipa/ticket/3385
I would add
On Thu, Feb 14, 2013 at 09:56:44AM -0600, Endi Sukma Dewata wrote:
On 2/14/2013 6:30 AM, Petr Vobornik wrote:
If they are mutually exclusive, they probably should be separated using
radio buttons like this:
PAC: ( ) None
(o) Type:
[x] MS-PAC
[ ] PAD
On Tue, Feb 19, 2013 at 02:01:24PM +0100, Petr Vobornik wrote:
On 02/19/2013 01:40 PM, Sumit Bose wrote:
On Thu, Feb 14, 2013 at 09:56:44AM -0600, Endi Sukma Dewata wrote:
On 2/14/2013 6:30 AM, Petr Vobornik wrote:
If they are mutually exclusive, they probably should be separated using
radio
On Tue, Feb 19, 2013 at 02:12:24PM +0100, Petr Vobornik wrote:
On 02/19/2013 02:08 PM, Sumit Bose wrote:
On Tue, Feb 19, 2013 at 02:01:24PM +0100, Petr Vobornik wrote:
On 02/19/2013 01:40 PM, Sumit Bose wrote:
On Thu, Feb 14, 2013 at 09:56:44AM -0600, Endi Sukma Dewata wrote:
On 2/14/2013 6
On Mon, Feb 25, 2013 at 03:12:19PM +0100, Martin Kosek wrote:
On 02/25/2013 03:09 PM, Rob Crittenden wrote:
Martin Kosek wrote:
...
4) What does NOTE: We will need to be clear that this range has nothing
to do
with Trust ranges. actually mean? AFAIU, IPA should have all local ranges
On Mon, Feb 25, 2013 at 04:35:20PM +0100, Martin Kosek wrote:
On 02/21/2013 04:24 PM, Sumit Bose wrote:
Hi,
this series of patches fix https://fedorahosted.org/freeipa/ticket/2960
The related design page is
http://freeipa.org/page/V3/Read_and_use_per_service_pac_type
Hi,
the attached patches 102-107 fix issues found by Coverity which are
tracked by tickets #3422-#3427 and remove an unused variable
(patch 101).
bye,
Sumit
From 97b3b7dedac28704d51e2fa4b4dc975a20d17ada Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 19 Feb 2013 12:48:58
On Wed, Feb 27, 2013 at 09:50:21AM -0500, Rob Crittenden wrote:
Sumit Bose wrote:
On Mon, Feb 25, 2013 at 03:12:19PM +0100, Martin Kosek wrote:
On 02/25/2013 03:09 PM, Rob Crittenden wrote:
Martin Kosek wrote:
...
4) What does NOTE: We will need to be clear that this range has nothing
On Wed, Feb 27, 2013 at 06:48:27PM +0100, Sumit Bose wrote:
On Wed, Feb 27, 2013 at 08:37:18AM -0500, Simo Sorce wrote:
On Wed, 2013-02-27 at 11:58 +0100, Sumit Bose wrote:
On Mon, Feb 25, 2013 at 04:35:20PM +0100, Martin Kosek wrote:
On 02/21/2013 04:24 PM, Sumit Bose wrote:
Hi
On Wed, Feb 27, 2013 at 03:00:10PM -0500, Rob Crittenden wrote:
Sumit Bose wrote:
On Wed, Feb 27, 2013 at 02:03:24PM -0500, Rob Crittenden wrote:
Sumit Bose wrote:
But it looks like dnarange-set and dnanextrange-set can also be used to
not only move existing DNA ranges but to create new DNA
On Thu, Feb 28, 2013 at 08:44:35AM +0100, Martin Kosek wrote:
On 02/27/2013 06:48 PM, Sumit Bose wrote:
On Wed, Feb 27, 2013 at 08:37:18AM -0500, Simo Sorce wrote:
On Wed, 2013-02-27 at 11:58 +0100, Sumit Bose wrote:
On Mon, Feb 25, 2013 at 04:35:20PM +0100, Martin Kosek wrote:
On 02/21
On Fri, Mar 01, 2013 at 08:58:34AM -0500, Simo Sorce wrote:
On Fri, 2013-03-01 at 10:08 +0100, Martin Kosek wrote:
On 03/01/2013 09:20 AM, Sumit Bose wrote:
On Fri, Mar 01, 2013 at 08:33:51AM +0100, Martin Kosek wrote:
On 02/28/2013 03:28 PM, Simo Sorce wrote:
On Thu, 2013-02-28 at 13
On Tue, Mar 05, 2013 at 05:13:58PM +0100, Martin Kosek wrote:
On 03/04/2013 04:22 PM, Sumit Bose wrote:
On Fri, Mar 01, 2013 at 08:58:34AM -0500, Simo Sorce wrote:
On Fri, 2013-03-01 at 10:08 +0100, Martin Kosek wrote:
On 03/01/2013 09:20 AM, Sumit Bose wrote:
On Fri, Mar 01, 2013 at 08
On Wed, Mar 06, 2013 at 08:51:47AM -0500, Simo Sorce wrote:
On Wed, 2013-03-06 at 14:49 +0100, Martin Kosek wrote:
On 03/06/2013 10:41 AM, Sumit Bose wrote:
On Tue, Mar 05, 2013 at 05:13:58PM +0100, Martin Kosek wrote:
On 03/04/2013 04:22 PM, Sumit Bose wrote:
On Fri, Mar 01, 2013
On Wed, Mar 06, 2013 at 02:05:38PM +0100, Martin Kosek wrote:
On 03/06/2013 01:42 PM, Petr Vobornik wrote:
On 03/02/2013 08:40 PM, Endi Sukma Dewata wrote:
- Original Message -
First two patches are bug fixes which are required for third patch.
Depends on my patch #259 (Combobox
On Wed, Mar 06, 2013 at 05:33:43PM +0100, Sumit Bose wrote:
On Wed, Mar 06, 2013 at 08:51:47AM -0500, Simo Sorce wrote:
On Wed, 2013-03-06 at 14:49 +0100, Martin Kosek wrote:
On 03/06/2013 10:41 AM, Sumit Bose wrote:
On Tue, Mar 05, 2013 at 05:13:58PM +0100, Martin Kosek wrote:
On 03
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline
of how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
There is a bit of hand waving going on around how the
On Fri, Mar 08, 2013 at 10:31:58AM +0100, Jan Cholasta wrote:
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
Can we
On Fri, Mar 08, 2013 at 12:28:03PM -0500, Nathaniel McCallum wrote:
On Fri, 2013-03-08 at 10:27 +0100, Sumit Bose wrote:
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare
On Tue, Mar 12, 2013 at 08:34:33AM -0400, Simo Sorce wrote:
On Tue, 2013-03-12 at 10:23 +0100, Jan Cholasta wrote:
On 8.3.2013 14:41, Simo Sorce wrote:
On Fri, 2013-03-08 at 10:31 +0100, Jan Cholasta wrote:
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from
On Mon, Mar 25, 2013 at 08:07:44PM +0200, Alexander Bokovoy wrote:
Hi,
following patch allows to enumerate UPN suffixes associated with IPA
domain and make them available to AD domain we trust.
The patch relies on PASSDB API expansion I'm working on and as such
requires Samba built with
On Wed, Mar 27, 2013 at 12:53:18PM +0200, Alexander Bokovoy wrote:
Hi,
On Wed, 27 Mar 2013, Sumit Bose wrote:
Additionally, you can request Windows to update list of name suffixes
via UI. Here is how it looks in Windows 2012 Server:
http://abbra.fedorapeople.org/.paste/win2012-multiple
8fd76e4b6f911243aa17b73910348c2b4c4bcd7b Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 27 Mar 2013 18:00:29 +0100
Subject: [PATCH] Add support for cmocka C-Unit Test framework
cmocka is a more advanced unit test framework for C-code than the
currently used check framework
: Sumit Bose sb...@redhat.com
Date: Wed, 24 Apr 2013 14:44:54 +0200
Subject: [PATCH 111/113] Do not lookup up the domain too early if only the SID
is know
Request with a SID as input parameter do not contain the domain name,
hence is must be tried to resolve the SID first before the corresponding
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more
On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi
On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May
On Mon, May 06, 2013 at 11:05:40AM +0200, Petr Vobornik wrote:
On 05/06/2013 10:47 AM, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May
On Mon, May 06, 2013 at 05:55:35PM +0200, Martin Kosek wrote:
On 05/06/2013 01:28 PM, Martin Kosek wrote:
On 05/04/2013 07:13 AM, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches
On Tue, May 07, 2013 at 01:02:02PM +0200, Petr Viktorin wrote:
Hello,
The patch for resolving SIDs added a dependency on a package that
isn't available in Fedora 18. This makes the dependency optional.
Obviously the SID resolution won't work in f18, but IPA should be
installable.
ACK
bye,
On Wed, May 29, 2013 at 08:38:37AM +0300, Alexander Bokovoy wrote:
On Tue, 28 May 2013, Dmitri Pal wrote:
On 05/28/2013 04:29 PM, Alexander Bokovoy wrote:
On Tue, 28 May 2013, Dmitri Pal wrote:
On 05/28/2013 03:48 PM, Alexander Bokovoy wrote:
On Tue, 28 May 2013, Dmitri Pal wrote:
On
On Tue, May 28, 2013 at 02:50:59PM +0300, Alexander Bokovoy wrote:
Hi,
http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts
= Overview =
Since version 3.0 FreeIPA supports cross-realm trusts with Active
Directory. In order to allow AD users to utilize services on IPA
On Wed, May 29, 2013 at 09:53:14AM -0400, Dmitri Pal wrote:
On 05/29/2013 03:28 AM, Sumit Bose wrote:
On Wed, May 29, 2013 at 08:38:37AM +0300, Alexander Bokovoy wrote:
On Tue, 28 May 2013, Dmitri Pal wrote:
On 05/28/2013 04:29 PM, Alexander Bokovoy wrote:
On Tue, 28 May 2013, Dmitri Pal
On Wed, May 29, 2013 at 11:26:17PM -0700, Diane Trout wrote:
Hi,
I was trying to compile freeipa on debian and the compiler threw a minor
error.
Resolve a -Werror=format-security error.
ipa_extdom_extop.c: In function 'ipa_extdom_extop':
ipa_extdom_extop.c:144:9: error: format
On Tue, May 28, 2013 at 02:50:59PM +0300, Alexander Bokovoy wrote:
Hi,
http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts
=== CLI ===
The feature is not directly exposed in CLI.
IPA idrange management is expanded to specify idrange type (IPA local,
AD trust, AD with
Hi,
this patch just fixes a typo.
bye,
Sumit
From b4bf2704175de6ddf961e7447c57c5ced8cc0c5a Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 3 Jun 2013 14:05:03 +0200
Subject: [PATCH] Fix format string typo
---
daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_common.c | 2
On Mon, Jun 03, 2013 at 03:32:05PM +0200, Sumit Bose wrote:
On Tue, May 28, 2013 at 02:50:59PM +0300, Alexander Bokovoy wrote:
Hi,
http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts
=== CLI ===
The feature is not directly exposed in CLI.
IPA idrange
On Tue, Jun 04, 2013 at 10:49:45AM +0200, Petr Viktorin wrote:
On 06/03/2013 03:41 PM, Martin Kosek wrote:
On 06/03/2013 03:39 PM, Sumit Bose wrote:
Hi,
this patch just fixes a typo.
bye,
Sumit
Obvious ACK. Pushed to master, ipa-3-2.
Martin
Is the patch really right? It caused
On Tue, Jun 04, 2013 at 10:56:59AM +0200, Sumit Bose wrote:
On Tue, Jun 04, 2013 at 10:49:45AM +0200, Petr Viktorin wrote:
On 06/03/2013 03:41 PM, Martin Kosek wrote:
On 06/03/2013 03:39 PM, Sumit Bose wrote:
Hi,
this patch just fixes a typo.
bye,
Sumit
Obvious ACK
.
bye,
Sumit
From a707d8f9d771dfe4fb8487e051519dba0ef72449 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 1 Jul 2013 13:47:22 +0200
Subject: [PATCH] Add PAC to master host TGTs
For a proper SALS bind with GSSAPI against an AD LDAP server a PAC is
needed. To allow SSSD
On Wed, Jul 03, 2013 at 01:00:43PM +0300, Alexander Bokovoy wrote:
On Mon, 01 Jul 2013, Sumit Bose wrote:
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3651 but only
to allow SSSD running on a FreeIPA server to access the AD LDAP server.
In the ticket a more generic solution
, the
second patch removes the related configures checks.
I think for the time being we cannot remove winbind completely because
it might be needed for msbd to work properly in a trusted environment.
bye,
Sumit
From 14c5947a73a7c61de2b71b338ce1c7c1f6771f13 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
Hi,
this patch fixes an issue in the CLDAP plugin found by Coverity.
bye,
Sumit
From c993567c2c23857df361c527a4abd185b1f01a1e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 28 Aug 2013 10:10:52 +0200
Subject: [PATCH] CLDAP: make sure an empty reply is returned on any error
On Tue, Aug 27, 2013 at 02:27:08PM -0400, Simo Sorce wrote:
Tickets 3882, 3883, 3884
Minor coverity issues, but should all be pushed to master and current
release tree where appropriate.
The memory leak is particularly important to fix for the OTP case.
ACK to all three.
bye,
Sumit
On Mon, Aug 26, 2013 at 10:14:27AM +0200, Jakub Hrozek wrote:
Hi,
I found the problem when testing Sumit's PAC responder SSSD patches. It
seems that the domain name is always overwritten with input SID. I think
using the domain we parse out from output of getnamebysid can be safely
used,
On Tue, Sep 10, 2013 at 02:23:24PM +0400, Gorbachev Ivan wrote:
Hello! Can you help me, how to authenticate in ipa from code (C++) ?
It depends a bit on what you are looking for but typically applications
are using PAM
(http://en.wikipedia.org/wiki/Pluggable_authentication_module) for
On Thu, Sep 19, 2013 at 10:08:37PM +0300, Alexander Bokovoy wrote:
Hi!
Attached patch adds IPA CLI to manage trust subdomains.
ipa trust-domain-fetch trust -- fetch list of subdomains from AD side and
add new ones to IPA
ipa trust-domain-find trust-- show all available subdomains
Hi,
this patch fixes an issue in the CLDAP plugin if the IPA server comes
from a different DNS domain than the IPA domain. Trac ticket is
https://fedorahosted.org/freeipa/ticket/3941 .
bye,
Sumit
From 16c2193e92aea40316c39a2598ea4ce28a796905 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
On Mon, Sep 23, 2013 at 06:04:22PM +0300, Alexander Bokovoy wrote:
On Mon, 23 Sep 2013, Alexander Bokovoy wrote:
On Mon, 23 Sep 2013, Alexander Bokovoy wrote:
On Mon, 23 Sep 2013, Martin Kosek wrote:
However, we don't have trust type available so it needs to discovered
every time. This
101 - 200 of 377 matches
Mail list logo