[Freeipa-devel] Re: [PATCHES] Migration wrap-up.

Pavel Zůna wrote: Okey, I think my migration patches are ready for submission. What's new? - No more forced password change after migration, unless the password doesn't meet IPA password policy. Expiration time sets correctly (hooray!). - Migration mode (adding entries with pre-hashed password

Re: [Freeipa-devel] [PATCH] Make ldap2.convert_attr_synonyms more robust against schema lookup fails.

On Fri, 2009-11-20 at 09:32 -0500, Rob Crittenden wrote: > Pavel Zuna wrote: > > Rob Crittenden wrote: > >> Pavel Zuna wrote: > >>> Rob Crittenden wrote: > Pavel Zuna wrote: > > Rob Crittenden wrote: > >> The user plugin is crapping out on line 317 of ldap2.py because > >> attr is

Re: [Freeipa-devel] [PATCH] Ask the user before overwriting /etc/named.conf

On Tue, 2009-12-01 at 15:31 -0500, Rob Crittenden wrote: > Martin Nagy wrote: > > On Tue, 2009-12-01 at 10:15 -0500, Rob Crittenden wrote: > >> Martin Nagy wrote: > >>> Martin > >>> > >> ack. > >> > >> As an aside, it might be nice if the actual package name(s) were used to > >> make it easier for

Re: [Freeipa-devel] [PATCH] Add idnsUpdatePolicy into the dns plug-in

On Tue, 2009-12-01 at 15:30 -0500, Rob Crittenden wrote: > Martin Nagy wrote: > > On Tue, 2009-12-01 at 10:17 -0500, Rob Crittenden wrote: > >> Martin Nagy wrote: > >>> Martin > >>> > >> Should there be a validator on idnsUpdatePolicy to ensure that each > >> policy is terminated by a ;? If one wa

Re: [Freeipa-devel] [PATCH] Remove unnecessary "error: " prefixes

On Tue, 2009-12-01 at 10:12 -0500, Rob Crittenden wrote: > Martin Nagy wrote: > > Martin > > ack Pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] Re: [PATCHES] Migration wrap-up.

Pavel Zůna wrote: Oups, I forgot to change the spec file. Patch attached. Pavel There was a missing * to handle .pyc/.pyo files. Updated patch attached. Pavel 0001-Add-password-migration-page-files-to-the-spec-file.patch Description: application/mbox _

[Freeipa-devel] Problem with ipa installation: certutil

Hi, I'm trying to install ipa and am getting a python traceback (attached). It seems that running certutil didn't succeed so I added a debugging print before it's execution and tried to run it manually. This is what I get: # /usr/bin/certutil -d /etc/httpd/alias -S -n 'CA certificate' -s 'cn=IPA T

Re: [Freeipa-devel] [PATCH] 322 set minimum level of python-pyasn1

Jason Gerard DeRose wrote: On Tue, 2009-12-01 at 14:04 -0500, Rob Crittenden wrote: Update the spec to set minimum version of python-pyasn1 to 0.0.9a so we can have the ASN.1 Any type needed by the PKCS#10 parser. rob nack. This introduces a bug in the spec: error: line 89: Unknown tag: pe

Re: [Freeipa-devel] Problem with ipa installation: certutil

Martin Nagy wrote: Hi, I'm trying to install ipa and am getting a python traceback (attached). It seems that running certutil didn't succeed so I added a debugging print before it's execution and tried to run it manually. This is what I get: # /usr/bin/certutil -d /etc/httpd/alias -S -n 'CA cert

Re: [Freeipa-devel] [PATCH] 325 test for cert plugin

On 12/01/2009 11:19 PM, Rob Crittenden wrote: An extremely basic test for the cert plugin. Only tests the cert-request command but it's a start. I think the test should also check for the correct return type. For instance shouldn't assert res['subject'] == 'CN=ipatestcert.greyoak.com' by fo

Re: [Freeipa-devel] [PATCH] 325 test for cert plugin

John Dennis wrote: On 12/01/2009 11:19 PM, Rob Crittenden wrote: An extremely basic test for the cert plugin. Only tests the cert-request command but it's a start. I think the test should also check for the correct return type. For instance shouldn't assert res['subject'] == 'CN=ipatestcert

[Freeipa-devel] multiple plugin loads?

I haven't had a chance to look at the source code for an explanation yet but I'm wondering if what I see in the debug logs is correct. I see loading all plugin modules in xxx/ipalib/plugins ... and loading all plugin modules in xxx/ipaserver/plugins ... 3 or 4 times when the server initialize

Re: [Freeipa-devel] multiple plugin loads?

John Dennis wrote: I haven't had a chance to look at the source code for an explanation yet but I'm wondering if what I see in the debug logs is correct. I see loading all plugin modules in xxx/ipalib/plugins ... and loading all plugin modules in xxx/ipaserver/plugins ... 3 or 4 times when t

Re: [Freeipa-devel] [PATCH] 322 set minimum level of python-pyasn1

On Wed, 2009-12-02 at 09:12 -0500, Rob Crittenden wrote: > Jason Gerard DeRose wrote: > > On Tue, 2009-12-01 at 14:04 -0500, Rob Crittenden wrote: > >> Update the spec to set minimum version of python-pyasn1 to 0.0.9a so we > >> can have the ASN.1 Any type needed by the PKCS#10 parser. > >> > >> r

[Freeipa-devel] [PATCH] 326 bump IPA install version

We store a rough version of IPA at install time in the base object, bump this up to V2.0 rob freeipa-326-version.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freei

[Freeipa-devel] service record conundrum

Here is sort of a tricky problem, need some advice (LONG). When we bootstrap an IPA server we create a number of principals for the server itself. We create a host/, HTTP/ and ldap/ principal using kadmin.local. By using kadmin.local this entry is put into cn=kerberos,dc=example,dc=com. This

[Freeipa-devel] [PATCH] jderose 028 Lossless datetime round-trip

As per John's request, this patch allows lossless round-tripping of Python datetime.datetime objects. Unfortunately, the xmlrpclib dumps() and loads() functions use funny wrapper objects like xmlrpclib.DateTime rather than directly serializing to/from standard Python types like datetime.datetime.