On 08/23/2012 02:46 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 08/22/2012 05:15 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Both commands now produce the same output regarding
the attributelevelrights.
https://fedorahosted.org/freeipa/ticket/2875
I think some unit tests would be
Hi,
Command ipa host-del with --updatedns now can deal both with hosts
which zones are in FQDN form with or without a trailing dot.
https://fedorahosted.org/freeipa/ticket/2809
Tomas
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www
On 08/28/2012 02:11 PM, Tomas Babej wrote:
Hi,
Command ipa host-del with --updatedns now can deal both with hosts
which zones are in FQDN form with or without a trailing dot.
https://fedorahosted.org/freeipa/ticket/2809
Tomas
___
Freeipa-devel
0
Tomas
>From fac8d676d2e727977a8a52bdd2990eb2839b54c4 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Fri, 17 Aug 2012 08:56:45 -0400
Subject: [PATCH] Improves sssd.conf handling during ipa-client uninstall
The sssd.conf file is no longer left behind in case sssd was not
configured before the installation. However, the
Hi,
this is a fairly simple one-liner.
https://fedorahosted.org/freeipa/ticket/3039
Tomas
>From fd68588f8fbd28c942042fe8fb55bc3bef90e345 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Fri, 31 Aug 2012 05:29:32 -0400
Subject: [PATCH] Sort policies numerically in pwpolicy-find
ht
On 08/31/2012 07:08 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
this is a fairly simple one-liner.
https://fedorahosted.org/freeipa/ticket/3039
Tomas
Looks good. Can you add a unit test so we don't have a regression on
this?
thanks
rob
I tweaked one of the existing unit
>From 8cfde7e9fde521608557b6767ad91dee1901b45f Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Mon, 3 Sep 2012 10:49:53 -0400
Subject: [PATCH] Make sure selinuxusemap behaves consistently to HBAC rule
Both selinuxusermap-add and selinuxusermap-mod commands now behave
consistently in not allow
Hi,
https://fedorahosted.org/freeipa/ticket/2953
Tomas.
>From 37765df5653f1c2ef8d4c6382b28269d48ab112a Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Tue, 4 Sep 2012 09:20:10 -0400
Subject: [PATCH] Change slapi_mods_init in
ipa_winsync_pre_ad_mod_user_mods_cb
https://fedorahosted.
Hi,
User-unfriendly errors were caused by re-raising errors
from external python module netaddr.
https://fedorahosted.org/freeipa/ticket/2588
Tomas
>From 34f3da391a8e070b29640b0ecdfed6db81b86ce2 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Wed, 5 Sep 2012 09:03:18 -0400
Subject: [PA
On 09/05/2012 03:42 PM, Petr Viktorin wrote:
On 09/05/2012 03:19 PM, Tomas Babej wrote:
Hi,
User-unfriendly errors were caused by re-raising errors
from external python module netaddr.
https://fedorahosted.org/freeipa/ticket/2588
Tomas
On 09/05/2012 01:56 PM, Martin Kosek wrote:
On 09/03/2012 05:12 PM, Tomas Babej wrote:
Hi,
Both selinuxusermap-add and selinuxusermap-mod commands now behave
consistently in not allowing user/host category or user/host members
and HBAC rule being set at the same time. Also adds a bunch of unit
On 09/11/2012 01:14 PM, Martin Kosek wrote:
On 09/06/2012 01:13 PM, Tomas Babej wrote:
On 09/05/2012 01:56 PM, Martin Kosek wrote:
On 09/03/2012 05:12 PM, Tomas Babej wrote:
Hi,
Both selinuxusermap-add and selinuxusermap-mod commands now behave
consistently in not allowing user/host category
On 09/12/2012 05:29 PM, Martin Kosek wrote:
On 08/29/2012 02:54 PM, Tomas Babej wrote:
On 08/27/2012 04:55 PM, Martin Kosek wrote:
On 08/27/2012 03:37 PM, Jakub Hrozek wrote:
On Mon, Aug 27, 2012 at 02:57:44PM +0200, Martin Kosek wrote:
I think that the right behavior of SSSD conf uninstall
On 09/20/2012 02:42 PM, Martin Kosek wrote:
On 09/18/2012 11:21 AM, Tomas Babej wrote:
On 09/12/2012 05:29 PM, Martin Kosek wrote:
On 08/29/2012 02:54 PM, Tomas Babej wrote:
On 08/27/2012 04:55 PM, Martin Kosek wrote:
On 08/27/2012 03:37 PM, Jakub Hrozek wrote:
On Mon, Aug 27, 2012 at 02:57
cases.
https://fedorahosted.org/freeipa/ticket/3097
Tomas
>From 931d947b27c3e84c09f075c799e04f0ac723ab60 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Tue, 25 Sep 2012 06:20:49 -0400
Subject: [PATCH] Improve user addition to default group in host-add
On adding new user, host-add tries to make
Hi,
Group-mod command no longer allows --rename and/or --external
changes made to the admins group. In such cases, ProtectedEntryError
is being raised.
https://fedorahosted.org/freeipa/ticket/3098
Tomas
>From 667031a12f7c2bc0b95573afc0a7cf572d64cb43 Mon Sep 17 00:00:00 2001
From: Tomas Ba
On 09/25/2012 02:31 PM, Martin Kosek wrote:
On 09/25/2012 02:22 PM, Tomas Babej wrote:
Hi,
Group-mod command no longer allows --rename and/or --external
changes made to the admins group. In such cases, ProtectedEntryError
is being raised.
https://fedorahosted.org/freeipa/ticket/3098
Tomas
001
From: Tomas Babej
Date: Wed, 26 Sep 2012 08:52:50 -0400
Subject: [PATCH] Adds port to connection error message in ipa-client-install
Connection error message in ipa-client-install now warns the user
about the need of opening 389 port for directory server.
https://fedorahosted.org/freeipa/tic
On 09/25/2012 12:37 PM, Tomas Babej wrote:
Hi,
On adding new user, host-add tries to make it a member of default
user group. This, however, can raise AlreadyGroupMember when the
user is already member of this group due to automember rule or
default group configured. This patch makes sure
On 09/26/2012 04:12 PM, Martin Kosek wrote:
On 09/26/2012 03:23 PM, Tomas Babej wrote:
On 09/25/2012 12:37 PM, Tomas Babej wrote:
Hi,
On adding new user, host-add tries to make it a member of default
user group. This, however, can raise AlreadyGroupMember when the
user is already member of
On 09/26/2012 09:32 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Connection error message in ipa-client-install now warns the user
about the need of opening 389 port for directory server.
https://fedorahosted.org/freeipa/ticket/2816
I think this can be pushed as a one-liner.
I think we
On 09/26/2012 05:44 PM, Martin Kosek wrote:
On 09/25/2012 02:59 PM, Tomas Babej wrote:
On 09/25/2012 02:31 PM, Martin Kosek wrote:
On 09/25/2012 02:22 PM, Tomas Babej wrote:
Hi,
Group-mod command no longer allows --rename and/or --external
changes made to the admins group. In such cases
001
From: Tomas Babej
Date: Tue, 2 Oct 2012 09:15:33 -0400
Subject: [PATCH] Improve error message in ipa-replica-manage
When executing ipa-replica-manage connect to an unknown or irrelevant
master, we now print a sensible error message informing the user
about this possiblity as well.
ht
On 10/03/2012 09:18 AM, Martin Kosek wrote:
On 10/02/2012 02:33 PM, Tomas Babej wrote:
On 09/26/2012 05:44 PM, Martin Kosek wrote:
On 09/25/2012 02:59 PM, Tomas Babej wrote:
On 09/25/2012 02:31 PM, Martin Kosek wrote:
On 09/25/2012 02:22 PM, Tomas Babej wrote:
Hi,
Group-mod command no
On 10/02/2012 08:48 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 09/26/2012 09:32 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Connection error message in ipa-client-install now warns the user
about the need of opening 389 port for directory server.
https://fedorahosted.org/freeipa
On 10/03/2012 03:31 PM, Tomas Babej wrote:
On 10/02/2012 08:48 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 09/26/2012 09:32 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Connection error message in ipa-client-install now warns the user
about the need of opening 389 port for directory
On 10/03/2012 07:27 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 10/03/2012 03:31 PM, Tomas Babej wrote:
On 10/02/2012 08:48 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 09/26/2012 09:32 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Connection error message in ipa-client-install
On 10/02/2012 03:55 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
When executing ipa-replica-manage connect to an unknown or irrelevant
master, we now print a sensible error message informing the user
about this possiblity as well.
https://fedorahosted.org/freeipa/ticket/3105
Tomas
I
On 10/04/2012 11:06 AM, Tomas Babej wrote:
On 10/03/2012 07:27 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 10/03/2012 03:31 PM, Tomas Babej wrote:
On 10/02/2012 08:48 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 09/26/2012 09:32 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi
produced by this patch attached.
https://fedorahosted.org/freeipa/ticket/3059
Tomas
>From 8614544d08b1b2b4e85156bebbe629215fb14915 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Thu, 11 Oct 2012 03:32:17 -0400
Subject: [PATCH] Make service naming in ipa-server-install consistent
Forces m
On 10/11/2012 12:32 PM, Martin Kosek wrote:
On 10/11/2012 12:26 PM, Tomas Babej wrote:
Hi,
This patch forces more consistency into ipa-server-install output. All
descriptions of services that are not instances of
SimpleServiceInstance are now in the following format:
()
Furthermore
://fedorahosted.org/freeipa/ticket/3086
Tomas
>From a46a8d0aa4e64e105a53a177b6a12cf28e56620e Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Mon, 15 Oct 2012 06:28:16 -0400
Subject: [PATCH] Forbid overlapping primary and secondary rid ranges
Commands ipa idrange-add / idrange-mod no longer allows
On 10/17/2012 11:14 AM, Sumit Bose wrote:
On Tue, Oct 16, 2012 at 02:26:24PM +0200, Tomas Babej wrote:
Hi,
commands ipa idrange-add / idrange-mod no longer allows the user
to enter primary or secondary rid range such that has non-zero
intersection with primary or secondary rid range of another
On 10/17/2012 02:34 PM, Sumit Bose wrote:
On Wed, Oct 17, 2012 at 12:59:52PM +0200, Tomas Babej wrote:
On 10/17/2012 11:14 AM, Sumit Bose wrote:
On Tue, Oct 16, 2012 at 02:26:24PM +0200, Tomas Babej wrote:
Hi,
commands ipa idrange-add / idrange-mod no longer allows the user
to enter primary
ases execution time.
The rest of the patch is just sorting options lexicographically.
Tomas
>From 0ad81fd6cfca017631c705465f940a9b461a52ce Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Wed, 17 Oct 2012 08:27:26 -0400
Subject: [PATCH] Refactoring of default.conf man page
Description fo
On 10/17/2012 08:12 PM, Sumit Bose wrote:
On Wed, Oct 17, 2012 at 03:29:11PM +0200, Tomas Babej wrote:
On 10/17/2012 02:34 PM, Sumit Bose wrote:
On Wed, Oct 17, 2012 at 12:59:52PM +0200, Tomas Babej wrote:
On 10/17/2012 11:14 AM, Sumit Bose wrote:
On Tue, Oct 16, 2012 at 02:26:24PM +0200
On 10/18/2012 11:27 AM, Martin Kosek wrote:
On 10/11/2012 05:11 PM, Tomas Babej wrote:
On 10/11/2012 12:32 PM, Martin Kosek wrote:
On 10/11/2012 12:26 PM, Tomas Babej wrote:
Hi,
This patch forces more consistency into ipa-server-install output. All
descriptions of services that are not
On 10/19/2012 01:44 PM, Martin Kosek wrote:
On 10/19/2012 01:26 PM, Tomas Babej wrote:
On 10/18/2012 11:27 AM, Martin Kosek wrote:
On 10/11/2012 05:11 PM, Tomas Babej wrote:
On 10/11/2012 12:32 PM, Martin Kosek wrote:
On 10/11/2012 12:26 PM, Tomas Babej wrote:
Hi,
This patch forces more
On 10/18/2012 05:14 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Description for the 'server' and 'wait_for_attr' option has been
added. Option 'server' has been marked as deprecated, as it is not
used anywhere in IPA code. All the options have been sor
On 10/19/2012 09:55 AM, Petr Viktorin wrote:
On 10/18/2012 08:01 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 10/02/2012 03:55 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
When executing ipa-replica-manage connect to an unknown or irrelevant
master, we now print a sensible error
On 10/19/2012 03:16 PM, Martin Kosek wrote:
On 10/19/2012 02:49 PM, Tomas Babej wrote:
On 10/19/2012 01:44 PM, Martin Kosek wrote:
On 10/19/2012 01:26 PM, Tomas Babej wrote:
On 10/18/2012 11:27 AM, Martin Kosek wrote:
On 10/11/2012 05:11 PM, Tomas Babej wrote:
On 10/11/2012 12:32 PM, Martin
On 10/24/2012 04:40 AM, Rob Crittenden wrote:
Tomas Babej wrote:
On 10/19/2012 09:55 AM, Petr Viktorin wrote:
On 10/18/2012 08:01 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 10/02/2012 03:55 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
When executing ipa-replica-manage connect to
On 10/25/2012 12:40 PM, Tomas Babej wrote:
On 10/24/2012 04:40 AM, Rob Crittenden wrote:
Tomas Babej wrote:
On 10/19/2012 09:55 AM, Petr Viktorin wrote:
On 10/18/2012 08:01 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 10/02/2012 03:55 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi
In many ipa commands you are usually able to mess things up using
--setattr for attributes that are handled by command options.
using --setattr=attributename=:
- I am able to set the attribute to None
using --setattr=attributename=value:
- I am often able to bypass validation in pre_callbac
993 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Fri, 26 Oct 2012 07:43:05 -0400
Subject: [PATCH] Forbid overlapping rid ranges for the same id range
Creating an id range with overlapping primary and secondary
rid range using idrange-add or idrange-mod command now
raises ValidationError. Unit te
Hi,
All *-find commands now enable leading/trailing whitespaces in the
search phrase. Behaviour has been implemented directly into
crud.Search class.
https://fedorahosted.org/freeipa/ticket/2981
Tomas
>From 6b7f3d99a9592e2f8e1155e12d743a60453f7e83 Mon Sep 17 00:00:00 2001
From: Tomas Ba
On 10/31/2012 12:15 PM, Martin Kosek wrote:
On 10/31/2012 10:16 AM, Martin Kosek wrote:
On 10/30/2012 03:08 PM, Tomas Babej wrote:
Hi,
All *-find commands now enable leading/trailing whitespaces in the
search phrase. Behaviour has been implemented directly into
crud.Search class.
https
user@SERVER.REALM
or user@server.realm was added.
https://fedorahosted.org/freeipa/ticket/3252
Tomas
>From c7d1f0208be8a577bf4b6f5ea274829dcfdfbdf1 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Thu, 15 Nov 2012 05:21:16 -0500
Subject: [PATCH] Add detection for users from trusted/invalid realms
W
On 11/15/2012 12:41 PM, Petr Vobornik wrote:
On 11/15/2012 11:54 AM, Tomas Babej wrote:
Hi,
This is server part of #3252.
When user from other realm than FreeIPA's tries to use Web UI
(login via forms-based auth or with valid trusted realm ticket),
the 401 Unauthorized error with
On 11/15/2012 03:10 PM, Simo Sorce wrote:
On Thu, 2012-11-15 at 12:41 +0100, Petr Vobornik wrote:
On 11/15/2012 11:54 AM, Tomas Babej wrote:
Hi,
This is server part of #3252.
When user from other realm than FreeIPA's tries to use Web UI
(login via forms-based auth or with valid trusted
On 11/15/2012 04:14 PM, Simo Sorce wrote:
On Thu, 2012-11-15 at 15:51 +0100, Tomas Babej wrote:
On 11/15/2012 03:10 PM, Simo Sorce wrote:
On Thu, 2012-11-15 at 12:41 +0100, Petr Vobornik wrote:
On 11/15/2012 11:54 AM, Tomas Babej wrote:
Hi,
This is server part of #3252.
When user from
and rid_base must be used together
if dom_rid is not set
cat
Unit test for third check has been added.
http://fedorahosted.org/freeipa/ticket/3170
Tomas
>From 980ecec7721b53f50318d602dce146e5efc29815 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Wed, 5 Dec 2012 08:29:55 -0500
Subj
objectclass ipatrustedaddomainrange being
added. This patch fixes the issue.
Tomas
>From 9e72a92e942d0fe357ae82cf65a1a94ab03fa0e5 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Wed, 5 Dec 2012 11:19:57 -0500
Subject: [PATCH] Add trusted domain range objectclass to idrange-mod
When modifing the idra
On 12/12/2012 04:32 PM, Martin Kosek wrote:
On 10/26/2012 03:43 PM, Tomas Babej wrote:
Hi,
creating an id range with overlapping primary and secondary
rid range using idrange-add or idrange-mod command now
raises ValidationError. Unit tests have been added to
test_range_plugin.py.
https
On 12/13/2012 02:48 PM, Martin Kosek wrote:
On 12/13/2012 11:52 AM, Tomas Babej wrote:
On 12/12/2012 04:32 PM, Martin Kosek wrote:
On 10/26/2012 03:43 PM, Tomas Babej wrote:
Hi,
creating an id range with overlapping primary and secondary
rid range using idrange-add or idrange-mod command now
On 12/14/2012 01:59 PM, Alexander Bokovoy wrote:
On Fri, 14 Dec 2012, Tomas Babej wrote:
On 12/13/2012 02:48 PM, Martin Kosek wrote:
On 12/13/2012 11:52 AM, Tomas Babej wrote:
On 12/12/2012 04:32 PM, Martin Kosek wrote:
On 10/26/2012 03:43 PM, Tomas Babej wrote:
Hi,
creating an id range
Hi,
Sending updated and rebased versions of patches 0024 and 0025.
Tomas
>From 6d4903a1c5e255929cdbce2a67d79c6e44b1 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Fri, 21 Dec 2012 05:34:37 -0500
Subject: [PATCH] Make options checks in idrange-add/mod consistent
Both now enforce
password
policy was changed (#3114) or new users not being able to log
in at all (#3312).
https://fedorahosted.org/freeipa/ticket/3312
https://fedorahosted.org/freeipa/ticket/3114
Tomas
>From 58e10e269b2cf1b789094d09207844cbc4f56f99 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Mon, 14 Jan 2
, Tomas Babej wrote:
Hi,
Since in Kerberos V5 are used 32-bit unix timestamps, setting
maxlife in pwpolicy to values such as days would cause
integer overflow in krbPasswordExpiration attribute.
This would result into unpredictable behaviour such as users
not being able to log in after password
On 01/16/2013 02:47 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 12:52 +0100, Tomas Babej wrote:
On 01/15/2013 11:55 PM, Simo Sorce wrote:
On Tue, 2013-01-15 at 17:36 -0500, Dmitri Pal wrote:
On 01/15/2013 03:59 PM, Simo Sorce wrote:
On Tue, 2013-01-15 at 15:53 -0500, Rob Crittenden wrote
On 01/16/2013 06:01 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 17:57 +0100, Tomas Babej wrote:
On 01/16/2013 02:47 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 12:52 +0100, Tomas Babej wrote:
On 01/15/2013 11:55 PM, Simo Sorce wrote:
On Tue, 2013-01-15 at 17:36 -0500, Dmitri Pal wrote:
On
On 01/16/2013 06:57 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 18:32 +0100, Tomas Babej wrote:
They all use ipadb_ldap_attr_to_time_t() to get their values,
so the following addition to the patch should be sufficient.
It will break dates for other users of the function that do not need to
On 01/17/2013 01:56 AM, Dmitri Pal wrote:
On 01/16/2013 12:32 PM, Tomas Babej wrote:
On 01/16/2013 06:01 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 17:57 +0100, Tomas Babej wrote:
On 01/16/2013 02:47 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 12:52 +0100, Tomas Babej wrote:
On 01/15/2013
On 01/17/2013 05:18 PM, Simo Sorce wrote:
On Thu, 2013-01-17 at 15:29 +0100, Tomas Babej wrote:
On 01/17/2013 01:56 AM, Dmitri Pal wrote:
On 01/16/2013 12:32 PM, Tomas Babej wrote:
On 01/16/2013 06:01 PM, Simo Sorce wrote:
On Wed, 2013-01-16 at 17:57 +0100, Tomas Babej wrote:
On 01/16/2013
On 01/22/2013 07:39 PM, Dmitri Pal wrote:
On 01/22/2013 10:57 AM, Simo Sorce wrote:
On Tue, 2013-01-22 at 15:50 +0100, Tomas Babej wrote:
Here I bring the updated version of the patch. Please note, that I
*added* a flag attribute to ipadb_ldap_attr_to_krb5_timestamp
function, that controls
rom f038bb7b79d5a048e9c9ae7fd7391edabb6ac3ac Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Thu, 24 Jan 2013 15:37:21 -0500
Subject: [PATCH] Add checks for SElinux in install scripts
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed and enabled OR not installed (on cli
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed and enabled OR not installed (on client install)
Please note that client installs with SELinux not installed are
allowed since freeipa-client package
Hi,
This was a regression due to change from DatabaseError to NetworkError
when LDAP server is down.
https://fedorahosted.org/freeipa/ticket/2939
Tomas
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/fr
On 01/31/2013 12:03 PM, Tomas Babej wrote:
Hi,
This was a regression due to change from DatabaseError to NetworkError
when LDAP server is down.
https://fedorahosted.org/freeipa/ticket/2939
Tomas
___
Freeipa-devel mailing list
Freeipa-devel
Hi,
this is a fix for a benign typo in ipa-adtrust-install --help description.
Tomas
>From 785cd2df77874c524a36eab24257cdaff14a374b Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Thu, 31 Jan 2013 07:58:48 -0500
Subject: [PATCH] Fix a typo in ipa-adtrust-install help
"Add SIDs for
On 01/30/2013 05:58 PM, Tomas Babej wrote:
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed and enabled OR not installed (on client install)
Please note that client installs with SELinux not
On Fri 01 Feb 2013 08:03:37 PM CET, Rob Crittenden wrote:
Martin Kosek wrote:
On 01/31/2013 12:05 PM, Tomas Babej wrote:
On 01/31/2013 12:03 PM, Tomas Babej wrote:
Hi,
This was a regression due to change from DatabaseError to NetworkError
when LDAP server is down.
https://fedorahosted.org
manually is shown.
https://fedorahosted.org/freeipa/ticket/3133
Tomas
>From 72f8802953edaaf5b9f7c34a38601fbccd681c8e Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Mon, 4 Feb 2013 08:33:53 -0500
Subject: [PATCH] Add option to specify SID using domain name to
idrange-add/mod
When adding/modifying
On 02/04/2013 04:21 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed and enabled OR not installed (on client install)
Please note that client installs
detailed info.
Tomas
>From aa171a4e3bc5295cdf332215e1b2477c7512180a Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Wed, 6 Feb 2013 07:04:03 -0500
Subject: [PATCH 31/32] Improve HBAC rule handling in
selinuxusermap-add/mod/find
Pre-patch handling of HBAC rules in selinuxusermap commands tried
On 02/06/2013 07:57 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
this pair of patches improves HBAC rule handling in selinuxusermap
commands.
Patch 0031 deals with:
https://fedorahosted.org/freeipa/ticket/3349
Patch 0032 takes care of:
https://fedorahosted.org/freeipa/ticket/3348
and is
On 02/08/2013 03:25 PM, Alexander Bokovoy wrote:
On Mon, 04 Feb 2013, Tomas Babej wrote:
Hi,
When adding/modifying an ID range for a trusted domain, the newly
added option --dom-name can be used. This looks up SID of the
trusted domain in LDAP and therefore the user is not required
to write it
001
From: Tomas Babej
Date: Mon, 11 Feb 2013 10:19:53 +0100
Subject: [PATCH] Prevent changing protected group's name using --setattr
The name of any protected group now cannot be changed by modifing
the cn attribute using --setattr. Unit tests have been added to
make sure there is no regression
mandatory, if there is no value set, the check is passed.
https://fedorahosted.org/freeipa/ticket/3305
Tomas
>From a42f9a051d40b88ddbc72e0b16a2ac4128deaef7 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Mon, 11 Feb 2013 15:33:12 +0100
Subject: [PATCH] Deny LDAP binds for user accounts w
On 02/12/2013 05:50 PM, Tomas Babej wrote:
Hi,
This patch adds a check for krbprincipalexpiration attribute to
pre_bind operation
in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth is
denied and LDAP_INVALID_CREDENTIALS along with the error message is
sent back to the client
On 02/12/2013 06:23 PM, Simo Sorce wrote:
On Tue, 2013-02-12 at 18:03 +0100, Tomas Babej wrote:
On 02/12/2013 05:50 PM, Tomas Babej wrote:
Hi,
This patch adds a check for krbprincipalexpiration attribute to
pre_bind operation
in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth
On 02/12/2013 06:58 PM, Petr Vobornik wrote:
On 02/04/2013 05:23 PM, Tomas Babej wrote:
Hi,
When adding/modifying an ID range for a trusted domain, the newly
added option --dom-name can be used. This looks up SID of the
trusted domain in LDAP and therefore the user is not required
to write it
On 02/12/2013 06:00 PM, Alexander Bokovoy wrote:
On Fri, 08 Feb 2013, Tomas Babej wrote:
On 02/08/2013 03:25 PM, Alexander Bokovoy wrote:
On Mon, 04 Feb 2013, Tomas Babej wrote:
Hi,
When adding/modifying an ID range for a trusted domain, the newly
added option --dom-name can be used. This
On 02/14/2013 05:37 PM, Alexander Bokovoy wrote:
On Thu, 14 Feb 2013, Tomas Babej wrote:
+ Str('ipanttrusteddomainname?',
+ cli_name='dom_name',
+ flags=('no_search', 'virtual_attribute'),
+ label=_('Name of the trusted domain'),
+ ),
New opti
On 02/18/2013 12:36 PM, Alexander Bokovoy wrote:
On Fri, 15 Feb 2013, Tomas Babej wrote:
On 02/14/2013 05:37 PM, Alexander Bokovoy wrote:
On Thu, 14 Feb 2013, Tomas Babej wrote:
+ Str('ipanttrusteddomainname?',
+ cli_name='dom_name',
+ flags=('no_search', 'v
will not install if something is backed up or
default.conf file does exist (unless it's installation on master).
https://fedorahosted.org/freeipa/ticket/3331
Tomas
>From 6a81800dedab33881a4c3573efa80cac50c84d40 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Tue, 19 Feb 2013 17:59:
On 12/21/2012 12:15 PM, Tomas Babej wrote:
Hi,
Sending updated and rebased versions of patches 0024 and 0025.
Tomas
Sending rebased version, these got quite rotten.
Tomas
>From f21b135d546678544ccf05efd587b46bba88e07a Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Fri, 21 Dec 2012
On Tue 19 Feb 2013 08:37:26 PM CET, Rob Crittenden wrote:
Tomas Babej wrote:
On 02/04/2013 04:21 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 01/30/2013 05:12 PM, Tomas Babej wrote:
Hi,
The checks make sure that SELinux is:
- installed and enabled (on server install)
- installed and
On 02/19/2013 10:33 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 02/06/2013 07:57 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
this pair of patches improves HBAC rule handling in selinuxusermap
commands.
Patch 0031 deals with:
https://fedorahosted.org/freeipa/ticket/3349
Patch 0032
On Wed 20 Feb 2013 02:24:03 PM CET, Alexander Bokovoy wrote:
On Wed, 20 Feb 2013, Tomas Babej wrote:
On 12/21/2012 12:15 PM, Tomas Babej wrote:
Hi,
Sending updated and rebased versions of patches 0024 and 0025.
Tomas
Sending rebased version, these got quite rotten.
Thanks for updating
On 02/21/2013 12:47 PM, Martin Kosek wrote:
On 02/20/2013 10:31 AM, Tomas Babej wrote:
Hi,
When installing / uninstalling IPA client, the checks that
determine whether IPA client is installed now take the existence
of /etc/ipa/default.conf into consideration.
The client will not uninstall
On 02/21/2013 01:50 PM, Martin Kosek wrote:
On 02/21/2013 01:29 PM, Tomas Babej wrote:
On 02/21/2013 12:47 PM, Martin Kosek wrote:
On 02/20/2013 10:31 AM, Tomas Babej wrote:
Hi,
When installing / uninstalling IPA client, the checks that
determine whether IPA client is installed now take the
On 02/21/2013 02:22 PM, Martin Kosek wrote:
On 02/20/2013 03:19 PM, Tomas Babej wrote:
On Wed 20 Feb 2013 02:24:03 PM CET, Alexander Bokovoy wrote:
On Wed, 20 Feb 2013, Tomas Babej wrote:
On 12/21/2012 12:15 PM, Tomas Babej wrote:
Hi,
Sending updated and rebased versions of patches 0024 and
Hi,
The make-test script now exits with code 1 in case that
any of the test cases that were run failed.
Can we push this without a ticket under one-liner rule?
Tomas
>From f4c6cad856be076d1c367edf2e9ced1b3c15b15a Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Sat, 23 Feb 2013 00:41:58 +0
On Fri 22 Feb 2013 04:34:55 PM CET, Martin Kosek wrote:
On 02/22/2013 03:01 PM, Tomas Babej wrote:
On 02/21/2013 02:22 PM, Martin Kosek wrote:
On 02/20/2013 03:19 PM, Tomas Babej wrote:
On Wed 20 Feb 2013 02:24:03 PM CET, Alexander Bokovoy wrote:
On Wed, 20 Feb 2013, Tomas Babej wrote:
On
(enrolled using principal and reenrolled using keytab).
Tomas
>From e576009bb7a93daec1cbc4ef94785017f80b2756 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Tue, 26 Feb 2013 13:20:13 +0100
Subject: [PATCH] Add support for re-enrolling hosts using keytab
A host that has been previously unenrolled
rom 1a18bc43b561a1bbcfa1f5da3c2f1d6482571d18 Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Tue, 5 Mar 2013 09:17:20 +0100
Subject: [PATCH] Perform secondary rid range overlap check for local ranges
only
Any of the following checks:
- overlap between primary RID range and secondary RID ra
[...]
I'm not a C expert but the ipa-join changes look fine.
Thanks for the review, updated patches are attached.
Tomas
>From 56288351b8ab9dc8b3076a7f4b895601a047eecb Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Tue, 26 Feb 2013 13:20:13 +0100
Subject: [PATCH] Add support for re
On 03/06/2013 01:30 PM, Petr Spacek wrote:
On 6.3.2013 13:04, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr Viktorin wrote:
Thanks! The mechanism works, but see below.
This is a RFE so it needs a design document.
http://freeipa.org/page/V3/Client_install_using_keytab
I added "Sec
On 03/07/2013 04:12 PM, Petr Viktorin wrote:
Thanks! I just have two more very minor nitpicks.
On 03/06/2013 01:04 PM, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr Viktorin wrote:
Thanks! The mechanism works, but see below.
This is a RFE so it needs a design document.
http://freeipa.org
1 - 100 of 1039 matches
Mail list logo