[Freeipa-devel] [PATCH] Minor fix in ipa-adtrust-install

2012-02-22 Thread Jan Zelený
If not set, it causes the script to fail with traceback on some machines (for example when resolve_host() couple lines below threw an exception). Jan From b312e4210866a11266d12b56e2be4ca08dc94379 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Wed, 22 Feb 2012 16:01:37 +0100

[Freeipa-devel] OpenSSH integration - known_hosts

2011-11-08 Thread Jan Zelený
Hello everyone, there is a new effort in IPA and SSSD teams and that is SSH key integration in both parts of SSSD-IPA infrastructure. We've put together some basic plans and now we would like to know your opinion. Note that this is just shortened version to make it easier to read. It doesn't

[Freeipa-devel] OpenSSH integration - authorized_keys

2011-11-08 Thread Jan Zelený
Hello everyone, this is a follow-up on the email on OpenSSH integration - known_host. It describes another scenario we want to address in the process of integrating OpenSSH to SSSD-IPA infrastructure - user public keys and their central management. As in the previous email, we would also like

Re: [Freeipa-devel] [PATCH] Don't load the LDAP schema during startup

2011-02-24 Thread Jan Zelený
Jan Zeleny jzel...@redhat.com wrote: Jan Zelený jzel...@redhat.com wrote: Jan Zelený jzel...@redhat.com wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Loading of the schema is now performed

Re: [Freeipa-devel] [PATCH] Don't load the LDAP schema during startup

2011-02-23 Thread Jan Zelený
Jan Zelený jzel...@redhat.com wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Loading of the schema is now performed in the first request that requires it. https://fedorahosted.org/freeipa/ticket

Re: [Freeipa-devel] [PATCH] 737 move BuildRequires

2011-02-22 Thread Jan Zelený
Jakub Hrozek jhro...@redhat.com wrote: On Tue, Feb 22, 2011 at 11:21:41AM +0100, Jakub Hrozek wrote: Note the %else. Sorry, %endif. That separates BRs for !ONLY_CLIENT from those that are needed in both cases. Yes I noticed that and I understand that part. I meant the part after the

Re: [Freeipa-devel] [PATCH] 728 default roles

2011-02-22 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jakub Hrozek wrote: On Mon, Feb 21, 2011 at 10:11:38AM -0500, Rob Crittenden wrote: Rob Crittenden wrote: Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/17/2011 04:35 AM, Rob Crittenden wrote: Add default roles

Re: [Freeipa-devel] [PATCH] Don't load the LDAP schema during startup

2011-02-22 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Loading of the schema is now performed in the first request that requires it. https://fedorahosted.org/freeipa/ticket/583 Jan We still need to enforce that we get the schema, some low-level functions depend on it. Also

[Freeipa-devel] [PATCH] 48 Document the --rights output format

2011-02-17 Thread Jan Zelený
https://fedorahosted.org/freeipa/ticket/563 https://fedorahosted.org/freeipa/ticket/588 Jan From 5d23b3fad0dd8bc9633e5a69d069d9346f52 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Thu, 17 Feb 2011 03:55:14 -0500 Subject: [PATCH] Document the --rights output format

Re: [Freeipa-devel] [PATCH] 059 Use unicode parameters in the host plugin

2011-02-17 Thread Jan Zelený
Jakub Hrozek jhro...@redhat.com wrote: While reviewing Rob's latest patch I found out that we didn't convert to unicode on couple of places in the host plugin. ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 18 Use TLS for ipadiscovery during ipa client install

2011-02-17 Thread Jan Zelený
JR Aquino jr.aqu...@citrix.com wrote: This patch addresses the need to utilize TLS when using the ipa-client-install tool. It addresses ticket: https://fedorahosted.org/freeipa/ticket/974 Nack, running ipa-client-install returned this error: # ipa-client-install Retrieving CA from None

Re: [Freeipa-devel] [PATCH] 059 Use unicode parameters in the host plugin

2011-02-17 Thread Jan Zelený
Jan Zelený jzel...@redhat.com wrote: Jakub Hrozek jhro...@redhat.com wrote: While reviewing Rob's latest patch I found out that we didn't convert to unicode on couple of places in the host plugin. ack On a second thoughts - maybe the _get_unicode_reverse_zone isn't necessary at all

Re: [Freeipa-devel] [PATCH] 059 Use unicode parameters in the host plugin

2011-02-17 Thread Jan Zelený
Jakub Hrozek jhro...@redhat.com wrote: On Thu, Feb 17, 2011 at 11:06:35AM +0100, Jan Zelený wrote: Jan Zelený jzel...@redhat.com wrote: Jakub Hrozek jhro...@redhat.com wrote: While reviewing Rob's latest patch I found out that we didn't convert to unicode on couple of places

[Freeipa-devel] [PATCH] 49 Fixed user-add help

2011-02-17 Thread Jan Zelený
https://fedorahosted.org/freeipa/ticket/735 Jan From 52fa78ffe70d581125f54ca9138e8afba06aacc8 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Thu, 17 Feb 2011 07:25:57 -0500 Subject: [PATCH] Fixed user-add help https://fedorahosted.org/freeipa/ticket/735 ---

Re: [Freeipa-devel] [PATCH] 48 Document the --rights output format

2011-02-17 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: https://fedorahosted.org/freeipa/ticket/563 https://fedorahosted.org/freeipa/ticket/588 Jan This is a good start, I think we need to include some guidance on why this exists and why it exists where it does. It exists so

[Freeipa-devel] [PATCH] Reword help for the user module

2011-02-16 Thread Jan Zelený
The first part of the ticket has already been solved, hence it is not a part of this patch. https://fedorahosted.org/freeipa/ticket/351 Jan From 0d649884896d67759187a605526fefc31b4ad81c Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Wed, 16 Feb 2011 03:10:14 -0500 Subject:

[Freeipa-devel] [PATCH] Fixed in ipa-server-install help and man page

2011-02-16 Thread Jan Zelený
https://fedorahosted.org/freeipa/ticket/831 Jan From 4fc3a69901c893f7e3403378ddf2d3bfa435132f Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Wed, 16 Feb 2011 03:20:00 -0500 Subject: [PATCH] Fixed in ipa-server-install help and man page

Re: [Freeipa-devel] [PATCH] 057 Validate MX records

2011-02-16 Thread Jan Zelený
Jakub Hrozek jhro...@redhat.com wrote: https://fedorahosted.org/freeipa/ticket/967 I'm wondering whether to extend the patch - if the mail server name does not end with a dot, BIND treats it as relative to the zone. So if you do: ipa dnsrecord-add example.com @ --mx-rec=10

Re: [Freeipa-devel] [PATCH] Reword help for the user module

2011-02-16 Thread Jan Zelený
Martin Kosek mko...@redhat.com wrote: On Wed, 2011-02-16 at 09:13 +0100, Jan Zelený wrote: The first part of the ticket has already been solved, hence it is not a part of this patch. https://fedorahosted.org/freeipa/ticket/351 Jan NACK Just a minor issue - s/this modules

[Freeipa-devel] [PATCH] 47 Validate that the reverse DNS record is correct

2011-02-16 Thread Jan Zelený
This patch ensures that PTR records added by FreeIPA are compliant with RFC. https://fedorahosted.org/freeipa/ticket/839 Jan From 4d2b3200920c90884ddf5a2d5ae784bbe35b41d1 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Wed, 16 Feb 2011 04:47:36 -0500 Subject: [PATCH] Validate

Re: [Freeipa-devel] [PATCH] Fixed in ipa-server-install help and man page

2011-02-16 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: https://fedorahosted.org/freeipa/ticket/831 Jan I think I'd like David's take on this, but my initial reaction is I'd prefer the word maximum to maximal. rob The second patch is in attachment. Based on David's

[Freeipa-devel] [PATCH] 42 Add group members to default output of sudorule-show

2011-02-15 Thread Jan Zelený
https://fedorahosted.org/freeipa/ticket/915 Jan From d624fa6db9c652565ce2555abc0f5e915e7fac97 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Tue, 15 Feb 2011 05:03:41 -0500 Subject: [PATCH] Add group members to default output of sudorule-show

[Freeipa-devel] [PATCH] Fix a typo in ipa-client-install man page

2011-02-15 Thread Jan Zelený
https://fedorahosted.org/freeipa/ticket/782 Jan From 14581a1507d846d9147799809aad2d8075eb1cb8 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Tue, 15 Feb 2011 05:56:10 -0500 Subject: [PATCH] Fix a typo in ipa-client-install man page https://fedorahosted.org/freeipa/ticket/782

[Freeipa-devel] [PATCH] Don't load the LDAP schema during startup

2011-02-15 Thread Jan Zelený
Loading of the schema is now performed in the first request that requires it. https://fedorahosted.org/freeipa/ticket/583 Jan From 0b1368442254cb738a95e766539fa030fe2504c8 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Tue, 15 Feb 2011 09:37:58 +0100 Subject: [PATCH] Don't

[Freeipa-devel] [PATCH] 44 Fixes in ipa-join man page

2011-02-15 Thread Jan Zelený
https://fedorahosted.org/freeipa/ticket/784 https://fedorahosted.org/freeipa/ticket/786 https://fedorahosted.org/freeipa/ticket/787 Jan From d9fed7217b7cb599089f5d3e1d16820c080b2cd6 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Tue, 15 Feb 2011 08:22:13 -0500 Subject: [PATCH]

Re: [Freeipa-devel] [PATCH] 44 Fixes in ipa-join man page

2011-02-15 Thread Jan Zelený
David O'Brien dav...@redhat.com wrote: Jan Zelený wrote: https://fedorahosted.org/freeipa/ticket/784 https://fedorahosted.org/freeipa/ticket/786 https://fedorahosted.org/freeipa/ticket/787 Jan nack A few typos and style issues: - _(File were to store the keytab information

Re: [Freeipa-devel] [PATCH] Updated default Kerberos password policy

2011-02-15 Thread Jan Zelený
Jan Zeleny jzel...@redhat.com wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: https://fedorahosted.org/freeipa/ticket/930 I put there a value Dmitri suggested. Feel free to change it before pushing if you think there should be the originally suggested 10 login

Re: [Freeipa-devel] [PATCH] 713 handle failed passwords in tools

2011-02-14 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Handle bad DM password in ipa-host-net-manage ipa-copmat-manage. This was resulting in a traceback because while conn was not None it wasn't connected either. ticket 920 rob ack jan ___

[Freeipa-devel] [PATCH] Code cleanup

2011-02-14 Thread Jan Zelený
Hi, I'd like to propose this cleanup patch. I just noticed that the code in these two files is most likely not used any more (at least I didn't find a place where it is used). What do you think? Is it safe to throw it out? Or are there some places which are still using it? I'd be more than

Re: [Freeipa-devel] [PATCH] 715 ensure required variables are required

2011-02-14 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Yi found a tricky way to remove required attributes that aren't required in the schema. The problem was we weren't enforcing parameter.required in mods (because it was enforcing that every variable with required be provided). I added a new check

Re: [Freeipa-devel] [PATCH] 715 ensure required variables are required

2011-02-14 Thread Jan Zelený
Jan Zelený jzel...@redhat.com wrote: Rob Crittenden rcrit...@redhat.com wrote: Yi found a tricky way to remove required attributes that aren't required in the schema. The problem was we weren't enforcing parameter.required in mods (because it was enforcing that every variable with required

Re: [Freeipa-devel] [PATCH] 051 Remove obsolete record types from DNS

2011-02-14 Thread Jan Zelený
Jakub Hrozek jhro...@redhat.com wrote: https://fedorahosted.org/freeipa/ticket/923 Patch looks good. I'm running some test. Unless they fail, ACK Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 718 move files in packages

2011-02-14 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Move a bunch of utilities that really only make sense to be run on the server from the admintools package to the server package. ticket 947 rob ack Jan ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 719 permission for cn=ipaconfig

2011-02-14 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Add permission and privilege for updating the IPA configuration in cn=ipaconfig. ticket 950 rob I'm not quite sure how does the patch work. In particular, I wonder about these two blocks: +dn: cn=Write IPA

Re: [Freeipa-devel] [PATCH] 716 ignore case when removing members

2011-02-14 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Ignore case when removing members from a group. ticket 944 rob ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 719 permission for cn=ipaconfig

2011-02-14 Thread Jan Zelený
Martin Kosek mko...@redhat.com wrote: On Mon, 2011-02-14 at 14:37 +0100, Jan Zelený wrote: Rob Crittenden rcrit...@redhat.com wrote: Add permission and privilege for updating the IPA configuration in cn=ipaconfig. ticket 950 rob I'm not quite sure how does the patch

Re: [Freeipa-devel] [PATCH] 75 Display error messages for failed manageby in service-add/remove-host.

2011-02-10 Thread Jan Zelený
Pavel Zuna pz...@redhat.com wrote: Fix #830 Pavel ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 76 Fallback to default locale (en_US) if env. setting is corrupt.

2011-02-10 Thread Jan Zelený
Pavel Zuna pz...@redhat.com wrote: This is a follow-up to my patches 69 and 71 (70 is garbage). It prevents a crash when user misconfigures his locale settings. Pavel ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 78 Use ldapi: instead of unsecured ldap: in ipa core tools.

2011-02-10 Thread Jan Zelený
Pavel Zuna pz...@redhat.com wrote: On 02/08/2011 01:06 PM, Pavel Zuna wrote: The patch also corrects exception handling in some of the tools. Fix #874 Pavel Updated patch attached. Forgot to rename an identifier in exception handling. Pavel ack Jan

[Freeipa-devel] [PATCH] Updated default Kerberos password policy

2011-02-10 Thread Jan Zelený
https://fedorahosted.org/freeipa/ticket/930 I put there a value Dmitri suggested. Feel free to change it before pushing if you think there should be the originally suggested 10 login attempts. -- Thank you Jan Zeleny Red Hat Software Engineer Brno, Czech Republic From

Re: [Freeipa-devel] [PATCH] 049 Make nsslib IPv6 aware

2011-02-09 Thread Jan Zelený
Jakub Hrozek jhro...@redhat.com wrote: On Thu, Feb 03, 2011 at 02:23:11PM +0100, Jan Zelený wrote: Jakub Hrozek jhro...@redhat.com wrote: Hi, attached is a patch to nsslib.py that changes its semantics so it is able to work with different address families. It is the last piece

Re: [Freeipa-devel] [PATCH] 026 HBAC plugin inconsistent output

2011-02-09 Thread Jan Zelený
Martin Kosek mko...@redhat.com wrote: On Mon, 2011-02-07 at 10:38 +0100, Jan Zelený wrote: Martin Kosek mko...@redhat.com wrote: This patch adds a proper summary text to HBAC command which is then printed out in CLI. Now, HBAC plugin output is consistent with other plugins

Re: [Freeipa-devel] [PATCH] 74 Fix crash in DNS installer.

2011-02-09 Thread Jan Zelený
Pavel Zuna pz...@redhat.com wrote: Fix #927 Pavel Ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 705 make main selfservice aci visible

2011-02-09 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: The main aci that grants user's the ability to manage themselves wasn't visible to the selfservice plugin. Move the location of the aci and fix the description. ticket 934 rob ack Jan ___

Re: [Freeipa-devel] [PATCH] 702 add entitlement API

2011-02-08 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: The entitlement plugin was being skipped completely if the python-rhsm package wasn't installed. We want to let it limp through if the package isn't installed but we're doing API validation. ticket 919 rob Patch looks and applies ok, installation

Re: [Freeipa-devel] [PATCH] 026 HBAC plugin inconsistent output

2011-02-07 Thread Jan Zelený
Martin Kosek mko...@redhat.com wrote: This patch adds a proper summary text to HBAC command which is then printed out in CLI. Now, HBAC plugin output is consistent with other plugins. https://fedorahosted.org/freeipa/ticket/596 I believe API.txt should be updated (you change hbacrule_enable

Re: [Freeipa-devel] [PATCH] Fixed command delegation-show

2011-02-07 Thread Jan Zelený
Jakub Hrozek jhro...@redhat.com wrote: On Fri, Feb 04, 2011 at 06:40:54PM +0100, Jan Zeleny wrote: Recent changes in permission prefixes influenced also delegations. The plugin has been updated accordingly, but this one line has been forgotten. Jan I think it is not needed, the only

Re: [Freeipa-devel] [PATCH] 022 Inconsistent error message for ipa group-detach

2011-02-03 Thread Jan Zelený
Martin Kosek mko...@redhat.com wrote: When attempting to detach a private group that doesn't exist, the error message returned is not consistent with the error returned by the other topic commands. This patch adds a standard message. https://fedorahosted.org/freeipa/ticket/291 ack Jan

Re: [Freeipa-devel] [PATCH] 023 ipa-server-install inconsistent capitalization

2011-02-03 Thread Jan Zelený
Martin Kosek mko...@redhat.com wrote: A cosmetic patch to IPA server installation output aimed to make capitalization in installer output consistent. Several installation tasks started with a lowercase letter and several installation task steps started with an uppercase letter.

Re: [Freeipa-devel] [PATCH] 700 update some minimum versions

2011-02-03 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Update min version of 389-ds-base, mod_nss and selinux-policy. As of this writing the selinux-policy update hasn't actually gone out to updates-testing so I'm going to hold onto this even if I get an ack. The selinux-policy update is needed to fix

Re: [Freeipa-devel] [PATCH] 049 Make nsslib IPv6 aware

2011-02-03 Thread Jan Zelený
Jakub Hrozek jhro...@redhat.com wrote: Hi, attached is a patch to nsslib.py that changes its semantics so it is able to work with different address families. It is the last piece of IPv6 support. Aside from the hunks in the patch, I still need to set Requires: in the patch (don't know

Re: [Freeipa-devel] [PATCH] Fix crash in ipa help for NO_CLI plugins.

2011-02-02 Thread Jan Zelený
Pavel Zuna pz...@redhat.com wrote: Fix #854 Pavel ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Fix minor bug in host-add logic.

2011-02-02 Thread Jan Zelený
Pavel Zuna pz...@redhat.com wrote: Fix #798 Pavel ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Changed dns permission types

2011-02-01 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Jan Zelenýjzel...@redhat.com wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Recent change of DNS module to version caused that dns object type

Re: [Freeipa-devel] [PATCH] Provide a way to display CLI-LDAP attribute relation

2011-02-01 Thread Jan Zelený
Ok, I'm sending updated patch in attachment Should I change it in class help then? That's where I copied this from. I think so. Ok, I'll send another patch, so me don't mix it together with this patch. I'll do a review of the code in cli.py, maybe the same issue is elsewhere as well.

[Freeipa-devel] [PATCH] Fixed type of argument in class help

2011-02-01 Thread Jan Zelený
At Rob's suggestion I changed the argument type in class help, this is only oneliner, I think it can be pushed directly. Jan From f7ca20a79bf06832c20262582f5ca83ec48ff056 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Wed, 2 Feb 2011 02:49:57 -0500 Subject: [PATCH] Fixed type

Re: [Freeipa-devel] [PATCH] Provide a way to display CLI-LDAP attribute relation

2011-01-31 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Since some LDAP attributes have their cli_name value defined, so they can be more user friendly, it can be difficult for user to find out which attributes do the parameteres given to CLI really represent. This patch provides new

[Freeipa-devel] [PATCH] Allow pkinit functionality to be hidden in production version

2011-01-31 Thread Jan Zelený
This patch adds python config file ipaconfig.py, which can contain various configuration directives for ipalib and other python code. These directives can be detected at build time. The first config directive in use is enable_pkinit, which can be set by running (in 'install' subdirectory)

Re: [Freeipa-devel] [PATCH] Fixed permission lookup

2011-01-30 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: On Fri, 2011-01-28 at 09:21 +0100, Martin Kosek wrote: On Thu, 2011-01-27 at 15:41 +0100, Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Martin Kosekmko

Re: [Freeipa-devel] [PATCH] Add support for account unlocking

2011-01-28 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Jan Zelenyjzel...@redhat.com wrote: This patch adds command ipa user-unlock and some LDAP modifications which are required by Kerberos for unlocking to work. Ticket: https://fedorahosted.org/freeipa/ticket/344 Jan

Re: [Freeipa-devel] [PATCH] Fixed permission lookup

2011-01-28 Thread Jan Zelený
Martin Kosek mko...@redhat.com wrote: On Fri, 2011-01-28 at 09:21 +0100, Martin Kosek wrote: On Thu, 2011-01-27 at 15:41 +0100, Jan Zelený wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: On Thu, 2011-01-27 at 11:15 +0100

[Freeipa-devel] [PATCH] Fixed permission lookup

2011-01-27 Thread Jan Zelený
Lookup based on --filter wasn't implemented at all. It did't show until now, because of bug sitting on top of it which was resulting in internal error. This patch fixes the bug and adds the filtering functionality. https://fedorahosted.org/freeipa/ticket/818 -- Thank you Jan Zeleny Red Hat

Re: [Freeipa-devel] [PATCH] 0074 Add requires

2011-01-27 Thread Jan Zelený
Simo Sorce sso...@redhat.com wrote: First part of ticket #855 Add the requires we will need on F15, tested against jdennis ipa-devel repo, works as expected. Simo. The patch is obviously ok, so ack from this point of view. But I would just like to know if it is necessary. I just

Re: [Freeipa-devel] [PATCH] 0075 handle weird values in nolog

2011-01-27 Thread Jan Zelený
Simo Sorce sso...@redhat.com wrote: When using ipa-replica-manage re-initialize with GSSAPI credentials it turns out that the DN password may be set to None and this can end up in the nolog list. Add a check to skip any non-string object in the log substitution list, so that the code

Re: [Freeipa-devel] [PATCH] Changed dns permission types

2011-01-27 Thread Jan Zelený
Jan Zelený jzel...@redhat.com wrote: Jan Zelený jzel...@redhat.com wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Recent change of DNS module to version caused that dns object type was replaced

Re: [Freeipa-devel] [PATCH] Fixed permission lookup

2011-01-27 Thread Jan Zelený
Martin Kosek mko...@redhat.com wrote: On Thu, 2011-01-27 at 11:15 +0100, Jan Zelený wrote: Lookup based on --filter wasn't implemented at all. It did't show until now, because of bug sitting on top of it which was resulting in internal error. This patch fixes the bug and adds the filtering

Re: [Freeipa-devel] [PATCH] Fixed permission lookup

2011-01-27 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: On Thu, 2011-01-27 at 11:15 +0100, Jan Zelený wrote: Lookup based on --filter wasn't implemented at all. It did't show until now, because of bug sitting on top of it which was resulting

Re: [Freeipa-devel] [PATCH] 0074 Add requires

2011-01-27 Thread Jan Zelený
Dmitri Pal d...@redhat.com wrote: On 01/27/2011 05:27 AM, Jan Zelený wrote: Simo Sorcesso...@redhat.com wrote: First part of ticket #855 Add the requires we will need on F15, tested against jdennis ipa-devel repo, works as expected. Simo. The patch is obviously ok, so ack

Re: [Freeipa-devel] [PATCH] Raise ValidationError when adding unallowed attribute to search fields.

2011-01-26 Thread Jan Zelený
Pavel Zuna pz...@redhat.com wrote: Depends on my previous patch number 64 (posted on the list 2 minutes ago). Ticket #845 Pavel ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] Add ldap2 method to retrieve allowed attributes for specified objectClasses.

2011-01-26 Thread Jan Zelený
Pavel Zuna pz...@redhat.com wrote: ldap2.get_allowed_attributes(['posixuser']) returns a list of unicode all lower case attribute names allowed for the object class 'posixuser' You can enter as many object classes as you want. Pavel ack Jan

Re: [Freeipa-devel] [PATCH] Add support for account unlocking

2011-01-26 Thread Jan Zelený
Jan Zeleny jzel...@redhat.com wrote: This patch adds command ipa user-unlock and some LDAP modifications which are required by Kerberos for unlocking to work. Ticket: https://fedorahosted.org/freeipa/ticket/344 Jan Just a reminder that this patch needs a review. Thanks Jan

[Freeipa-devel] [PATCH] Provide a way to display CLI-LDAP attribute relation

2011-01-26 Thread Jan Zelený
Since some LDAP attributes have their cli_name value defined, so they can be more user friendly, it can be difficult for user to find out which attributes do the parameteres given to CLI really represent. This patch provides new command, which will take another IPA command as and argument and

Re: [Freeipa-devel] [PATCH] 041 Add example of DNS SRV record and a simple validator

2011-01-26 Thread Jan Zelený
Jakub Hrozek jhro...@redhat.com wrote: On 01/26/2011 03:38 PM, Jakub Hrozek wrote: https://fedorahosted.org/freeipa/ticket/846 This version contains a better example (consistent zone name). ack Jan ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 041 Add example of DNS SRV record and a simple validator

2011-01-26 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/26/2011 03:38 PM, Jakub Hrozek wrote: https://fedorahosted.org/freeipa/ticket/846 This version contains a better example (consistent zone name). This requires a

Re: [Freeipa-devel] [PATCH] Changed dns permission types

2011-01-25 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Recent change of DNS module to version caused that dns object type was replaced by dnszone and dnsrecord. This patch corrects dns types in permissions class

Re: [Freeipa-devel] [PATCH] Changed dns permission types

2011-01-25 Thread Jan Zelený
Jan Zelený jzel...@redhat.com wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Recent change of DNS module to version caused that dns object type was replaced by dnszone and dnsrecord. This patch corrects

Re: [Freeipa-devel] [PATCH] 690 add brackets around optional prompts

2011-01-25 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: When prompting for arguments in the cli there is no way to tell what is optional and what is required. This sticks brackets around optional arguments. Ticket 832 rob Ack Jan ___ Freeipa-devel mailing

[Freeipa-devel] [PATCH] Add flags to enforce asking for object attribute

2011-01-25 Thread Jan Zelený
So far the only way to enforce asking for parameter in interactive mode was the alwaysask attribute, which is not sufficient any more. This patch adds the ability to control during which actions the atrribute shall be asked for. Jan From 96a8b94e877f6f6bc2d5cbd274d46aa66df85b88 Mon Sep 17

Re: [Freeipa-devel] [PATCH] Add flags to enforce asking for object attribute

2011-01-25 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: So far the only way to enforce asking for parameter in interactive mode was the alwaysask attribute, which is not sufficient any more. This patch adds the ability to control during which actions the atrribute shall be asked

[Freeipa-devel] [PATCH] Disable renaming to empty string

2011-01-24 Thread Jan Zelený
So far it was possible to rename any object using LDAPUpdate to a name with empty primary key. Since this can cause nasty problems, this patch disables empty string in --rename argument. https://fedorahosted.org/freeipa/ticket/827 Jan From 5d2eb85af1df7c20049e7fdc05e6a529a2b2839b Mon Sep 17

Re: [Freeipa-devel] [PATCH] Make ipa permission-add ask for optional attributes

2011-01-23 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Jan Zeleny wrote: Either one of type, filter, subtree, targetgroup, attrs or memberof is required. https://fedorahosted.org/freeipa/ticket/819 Jan Do you think the prompt should be annotated somehow to indicate that the optional

Re: [Freeipa-devel] [PATCH] 680 ldap lockout

2011-01-19 Thread Jan Zelený
Rob Crittenden rcrit...@redhat.com wrote: Rob Crittenden wrote: Jan Zeleny wrote: Rob Crittendenrcrit...@redhat.com wrote: Update kerberos password policy values on LDAP binds. This is so locked-out accounts in kerberos don't try things using LDAP instead. On a failed bind this will

[Freeipa-devel] Mapping of CLI attributes to LDAP attributes

2011-01-19 Thread Jan Zelený
Hi, I've been thinking about the concept of mapping CLI attributes to LDAP attributes (ticket #447) and I'd like to get a second opinion. The most simple solution would be to add this functionality to existing help. For the sake of lucidity, it should be hidden by default. To achieve this a