-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/08/2015 09:34 AM, Petr Spacek wrote:
> Hello list,
>
> I'm in process of reviewing and fixing some of our docs and it
> seems that we do not have established term for The Domain user
> specified during ipa-server-install.
>
> Term "DNS domain"
On Thu, 2015-08-27 at 08:20 -0400, John Dennis wrote:
> On 08/27/2015 04:27 AM, Petr Spacek wrote:
> > On 15.7.2015 09:44, Jan Pazdziora wrote:
> > > On Tue, Jul 14, 2015 at 12:49:23PM -0400, John Dennis wrote:
> > > > On 07/14/2015 12:03 PM, Petr Spacek wrote:
> > > > > Hello,
> > > > >
> > > >
On Fri, 2015-02-20 at 09:34 -0500, Simo Sorce wrote:
During internal conversations it occurred to me we link to OpenSSL
but never provided the proper exception for downstreams.
Attached patch fixes the problem.
Simo.
+this exception statement from your version.i If you delete the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/15/2014 12:16 PM, Nathaniel McCallum wrote:
On Mon, 2014-09-15 at 17:26 +0200, Petr Viktorin wrote:
On 09/15/2014 04:45 PM, Nathaniel McCallum wrote:
FYI, for any Fedora testers out there, we have updated to 4.0.3
in Fedora 21 in part
analysis scans on Rawhide.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlP0jZoACgkQeiVVYja6o6OyNgCeL/x+CKnGMhuw8tGM/X3xi5Po
L+8AoKI14SRizGxPmBpjhuZkxk8uZlLU
=l8zE
-END PGP SIGNATURE-
From 19bdee103f9db004a3869cffd7ad516bc5661784 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/20/2014 07:59 AM, Stephen Gallagher wrote:
Requiring a specific version of Java leads to breakages, like the
one happening on nightly builds in Fedora Rawhide right now. We
should use the more generic 'java' BuildRequires instead
log levels
Stephen Gallagher (6):
* Bumping version to 1.9.0 beta 3
* Fix typo breaking DIR cache detection
* Make the client idle timeout configurable
* UTILS: Fix segfault due to sss_parse_name_for_domains
* BUILD: Change default unicode library to glib2
* Update translations for 1.9.0 beta
upstream) so anyone who wants to build beta 2
to try out the DIR cache support must apply this patch for it to work.
We decided not to reroll the beta for this one patch, since beta 3 is
being released on Friday anyway.
On Fri, 2012-06-15 at 15:22 -0400, Stephen Gallagher wrote:
The SSSD team
and full_name_format per domain options
Stephen Gallagher (27):
* Bumping version ton 1.8.92 for beta 2 development
* RPM: Allow running 'make rpms' on RHEL 5 machines
* NSS: Expire in-memory netgroup cache before the nowait timeout
* Always use positional arguments in translatable strings
* KRB5
On Fri, 2012-04-20 at 22:27 +0300, Alexander Bokovoy wrote:
:)
It failed to build due to koji issues, not the build issues.
We had also incompatible libldb in F16/F15 that prevented us going to
alpha18 instead of alpha16 in those distributions.
I hope Andreas (CC:) will be able to look
manipulation helper
* nsssrv: use sized_string in fill_pwent
* nsssrv: use sized_string in fill_grent
* util: add murmurhash3 hash function
* Add a random + identity test for murmurhash3
* util: Fix murmurhash3 on machines with old glibc
Stephen Gallagher (46):
* Bump version to 1.8.0
* Add
It's come up more than once that SSSD needs a Frequently Asked Questions
page to field some of our more common questions. I'm reaching out to the
SSSD and FreeIPA user and developer communities to help us flesh out
this page.
I've begun it with the two most common questions I've received lately,
On Wed, 2011-12-21 at 14:07 -0500, John Dennis wrote:
For your holiday reading pleasure :-) Happy holidays to all.
Ok, I want to try to restate the problem so that I'm sure I understand
it.
The way the session management is going to work is that the Apache
server/FreeIPA application is going
On Sat, 2011-12-03 at 14:06 -0500, Dmitri Pal wrote:
On 12/01/2011 08:48 PM, Simo Sorce wrote:
On Thu, 2011-12-01 at 19:31 -0500, John Dennis wrote:
On 12/01/2011 06:54 PM, Dmitri Pal wrote:
Seems reasonable. I agree with pros and cons and suggestions but I am
not the person to make the
On Mon, 2011-12-05 at 09:42 -0500, Dmitri Pal wrote:
On 12/05/2011 09:33 AM, Stephen Gallagher wrote:
On Sat, 2011-12-03 at 14:06 -0500, Dmitri Pal wrote:
On 12/01/2011 08:48 PM, Simo Sorce wrote:
On Thu, 2011-12-01 at 19:31 -0500, John Dennis wrote:
On 12/01/2011 06:54 PM, Dmitri
On Wed, 2011-11-30 at 14:40 +0100, Sumit Bose wrote:
Hi,
we recently changed the name of the samba packages in the ipa-devel
respository. The packages are now called samba4-* and libsmbclient4-*
instead of samba-4.0-* and libsmbclient-4.0-* .
The name was changed because the samba
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:
PKI
nsslapd-secureport: 7390
Why doesn IPA set up ldapson port 636?
I think you're confused. FreeIPA does indeed set up to listen on
On Fri, 2011-09-30 at 16:15 -0400, Simo Sorce wrote:
On Fri, 2011-09-30 at 16:02 -0400, Stephen Gallagher wrote:
On Thu, 2011-09-29 at 15:20 +0200, Martin Kosek wrote:
How to test:
1) Add new naming context (suffix) to your LDAP database with installed
IPA (see attached LDIF
On Thu, 2011-09-22 at 21:55 -0400, Dmitri Pal wrote:
On 09/21/2011 10:07 PM, Stephen Gallagher wrote:
I've ben working on the multiple search base feature in SSSD and I've had
some thoughts that might be relevant to the FreeIPA v3 core effort. The
idea behind multiple search bases
On Tue, 2011-09-13 at 15:08 +0200, Martin Kosek wrote:
On Tue, 2011-09-13 at 15:11 +0300, Alexander Bokovoy wrote:
On Thu, 08 Sep 2011, Alexander Bokovoy wrote:
On Wed, 07 Sep 2011, Stephen Gallagher wrote:
On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
Hi
On Tue, 2011-09-13 at 16:22 +0300, Alexander Bokovoy wrote:
On Tue, 13 Sep 2011, Martin Kosek wrote:
So this patch is unblocked. To solve delayed data initialization from
SSSD in NSS responder we might simply increase number of tries to 10
in case SSSD is in use.
That sounds good. I
On Tue, 2011-09-13 at 16:33 +0300, Alexander Bokovoy wrote:
On Tue, 13 Sep 2011, Stephen Gallagher wrote:
File /usr/lib/python2.7/site-packages/SSSDConfig.py, line 1207, in
import_config
fd = open(configfile, 'r')
IOError: [Errno 2] No such file or directory: '/etc/sssd
On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
Hi!
When modifying SSSD configuration, attempt to add new domain rather
than replacing whole configuration file.
Only replace file in case it is impossible to parse it by current SSSD
version.
We discussed today on the FreeIPA status meeting the possibility of
dropping support for DENY rules from the HBAC specification. I'm
submitting it for discussion. Specifically, I'm looking to hear whether
there any any FreeIPA admins out there that have a strong opinion on
whether the DENY rules
On Mon, 2011-06-20 at 15:42 -0400, Rob Crittenden wrote:
On masters configure sssd to only talk to the local master rather than
having _srv_ as well. If we use _srv_ and a remote master is down the
local master will have problems as well.
ticket https://fedorahosted.org/freeipa/ticket/1187
On Thu, 2011-05-05 at 15:09 +0200, Martin Kosek wrote:
https://fedorahosted.org/freeipa/ticket/1203
Ack
signature.asc
Description: This is a digitally signed message part
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/01/2011 06:14 PM, Rich Megginson wrote:
On 04/01/2011 02:17 PM, Rob Crittenden wrote:
Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/01/2011 03:55 PM, Rob Crittenden wrote:
Use fullname for gecos instead
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 09:58 AM, Stephen Gallagher wrote:
On 04/01/2011 06:14 PM, Rich Megginson wrote:
On 04/01/2011 02:17 PM, Rob Crittenden wrote:
Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/01/2011 03:55 PM, Rob
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 04:43 PM, Sigbjorn Lie wrote:
On 04/04/2011 10:28 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 04:20 PM, Sigbjorn Lie wrote:
On 04/04/2011 10:12 PM, Stephen Gallagher wrote:
-BEGIN
.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
= (memberof=%s) % search_group_dn
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/30/2011 04:22 PM, JR Aquino wrote:
On Mar 30, 2011, at 1:01 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/30/2011 03:53 PM, JR Aquino wrote:
On Mar 30, 2011, at 12:05 PM, JR Aquino wrote:
The FreeIPA
for a while yet. We do have users
playing with it there.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment
that by coincidence these typedefs are the same primitive type,
but I'd rather they both use isc_boolean_t which is more correct.
Otherwise it looks good to me.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/12/2011 01:25 PM, Adam Tkac wrote:
On Wed, Jan 12, 2011 at 01:15:36PM -0500, Stephen Gallagher wrote:
Nack.
Your prototype for ldap_modify_do() includes 'isc_result_t delete_node',
but the actual implementation expects 'isc_boolean_t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/05/2011 05:00 AM, Adam Tkac wrote:
On Tue, Jan 04, 2011 at 03:41:12PM -0500, Stephen Gallagher wrote:
Patch 0001: Fix missing varargs cleanup
The CHECK() macro may cause execution to skip down to the cleanup
tag. If this happens, it would
()
is always called.
Patch 0002: Fix potential out-of-bounds write
If there are exactly LD_MAX_SPLITS entries resulting from this
split, the mandatory trailing NULL entry will be written to one
entry past the end of the static arrayof LD_MAX_SPLITS size.
- --
Stephen Gallagher
RHCE 804006346421761
.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
Pericic zperi...@inet.hr
To: Stephen Gallagher sgall...@redhat.com
On 12/14/2010 08:26 PM, Stephen Gallagher wrote:
In the past, you have each requested commit privilege to the
bind-dyndb-ldap project. This project was mostly abandoned, and I have
taken it over in a sustaining capacity. If you
project that we maintain and include
in Fedora. This is the least controversial approach, as it will involve
no difficult political maneuvering to include. However, it also requires
an additional effort in setting up a new project and getting packages
approved in Fedora.
- --
Stephen Gallagher
RHCE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/14/2010 01:57 PM, Stephen Gallagher wrote:
1) Petition the Fedora Infrastructure team to turn over ownership of
this upstream project. This is likely to meet with resistance without
the input of the current owner (who is more or less
it).
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/07/2010 08:13 AM, Simo Sorce wrote:
On Tue, 07 Dec 2010 07:40:36 -0500
Stephen Gallagher sgall...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/06/2010 06:51 PM, Simo Sorce wrote:
This patch reduced the size
that the servers themselves are in the same timezone.
Given this, I think the only sane thing to do here is to always use UTC
(and state clearly that this is what is happening)
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software
store it in DDHHMM format and
display it in the WebUI as hours if we really want to.
To someone writing a rule by hand, the DDHHMM representation is going to
be far more useful.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/24/2010 11:15 AM, Dmitri Pal wrote:
Stephen Gallagher wrote:
On 11/23/2010 04:32 PM, Simo Sorce wrote:
On Tue, 23 Nov 2010 16:07:47 -0500
Rob Crittenden rcrit...@redhat.com wrote:
I don't want to throw a wrench in, but what if you have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/19/2010 04:09 PM, Endi Sukma Dewata wrote:
On 11/19/2010 2:56 PM, Stephen Gallagher wrote:
So we loose the possibility of saying: the last friday of the month ?
It's not impossible, it can still be done with this schema, though it's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/19/2010 04:09 PM, Dmitri Pal wrote:
Stephen Gallagher wrote:
Breaking the thread intentionally to bring back focus.
With Adam's recent input, I've modified the grammar to what I hope will
be it's final form.
The complete grammar
.
---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
- --
Stephen Gallagher
RHCE 804006346421761
sunday
I'm not sure that 'First Wednesday of the month' is possible with this
grammar, either. Yet, somehow, it has survived many years.
0 8 1-7 * 3 (read, 08:00 on the Wednesday that falls between the 1st
and 7th day of the 6th month)
- --
Stephen Gallagher
RHCE 804006346421761
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/2010 04:48 PM, Sumit Bose wrote:
On Wed, Nov 17, 2010 at 04:07:24PM -0500, Stephen Gallagher wrote:
After extended discussion, Simo, Ben and I discussed replacing this
week-of-the-month concept with a septet-of-the-month concept instead
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/18/2010 09:31 AM, Adam Young wrote:
On 11/18/2010 07:09 AM, Stephen Gallagher wrote:
On 11/17/2010 04:51 PM, Adam Young wrote:
On 11/17/2010 04:31 PM, Simo Sorce wrote:
On Wed, 17 Nov 2010 16:07:24 -0500
Stephen Gallaghersgall
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
Patch looks good to me. Ack.
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
On 05/27/2010 10:59 AM, Rob Crittenden wrote:
Add another default hbac service, su-l.
rob
Ack
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor
that this fixes some whitespace issues as well.
rob
Ack.
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
___
Freeipa-devel mailing list
Freeipa-devel
On 05/20/2010 01:54 PM, Rob Crittenden wrote:
Add the 'all' serviceCategory to the default allow_all HBAC rule and add
some standard services: ftp, login, sshd, su, sudo.
rob
Please add 'su-l' as well
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks
On 05/06/2010 10:15 PM, Rob Crittenden wrote:
Check to see if we are installed before doing an uninstall. Uses the
same mechanism as is used to see if we are already installed.
I also changed this so the --force flag will override on install and
uninstall.
rob
Ack.
--
Stephen Gallagher
what went wrong and resubmit it.
I suggest always sending translation patches as forced base-64 encoded
attachments. Sometimes the extended character set gets broken by mailman.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software
duplication.
Jakub
Looks fine to me.
Ack.
-
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
- --
Stephen
-
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
- --
Stephen Gallagher
RHCE 804006346421761
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9
mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Correction: the list is at sssd-de...@lists.fedorahosted.org (note the
plural lists)
You can subscribe here:
https://fedorahosted.org/mailman/listinfo/sssd-devel
- --
Stephen Gallagher
RHCE 804006346421761
.
-
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
- --
Stephen Gallagher
RHCE 804006346421761
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-BEGIN PGP SIGNATURE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/28/2009 10:21 AM, Stephen Gallagher wrote:
On 07/28/2009 08:58 AM, Jakub Hrozek wrote:
Jenny found several cases where our error messages were not very
descriptive. This patch adds a ERROR() call for those cases.
The error message
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/31/2009 11:55 AM, Stephen Gallagher wrote:
On 07/31/2009 06:02 AM, Jakub Hrozek wrote:
On 07/30/2009 08:45 PM, Stephen Gallagher wrote:
I'm going to nack the user notification patch. I think we need to think
some more about this. The sysdb
-
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
- --
Stephen Gallagher
RHCE 804006346421761
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/22/2009 08:59 AM, Sumit Bose wrote:
On Wed, Jul 22, 2009 at 07:46:53AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/22/2009 06:52 AM, Sumit Bose wrote:
Hi,
this patch should make pam_sss.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/22/2009 01:09 PM, Simo Sorce wrote:
On Wed, 2009-07-22 at 12:40 -0400, Stephen Gallagher wrote:
* Forgot to check for successful allocation
* Used the wrong mem_ctx when allocating a timer event.
ack
Simo
68 matches
Mail list logo