Accept an incoming certificate as either DER or base64 in the service
plugin.
The plugin required a base64-encoded certificate and always decoded it
before processing. This doesn't work with the UI because the json module
decodes binary values already.
Try to detect if the incoming value is
Adam Young wrote:
This patch hard codes the record limit for the UI to 100. Next step is
to make it configurable. This patch is necessary, as without it, some
customers with large records will have problems with default queries.
ack
___
Freeipa-deve
Simo Sorce wrote:
On Wed, 29 Sep 2010 14:54:05 -0400
Rob Crittenden wrote:
Detect if DNS is already configured in IPA, or if IPA is not yet
installed.
ipa-dns-manage could fail in very odd ways depending on the current
configuration of the server. Handle things a bit better.
ticket 210
ack
Simo Sorce wrote:
On Fri, 01 Oct 2010 14:57:23 -0400
Rob Crittenden wrote:
Return non-zero when group membership change fails.
There is no point (and it is confusing) to print an empty list when
modifying group membership fails, so suppress it.
tickets 271, 273, 274
ack
Simo.
pushed to
Simo Sorce wrote:
On Wed, 29 Sep 2010 13:58:39 -0400
Rob Crittenden wrote:
Add estimated install times to the installation. I also log a
duration for each step in /var/log/ipaserver-install.log if anyone
wants to compare their times to mine.
ticket 139
simple but useful
ack
Simo.
pushe
Simo Sorce wrote:
On Wed, 15 Sep 2010 09:24:39 -0400
Rob Crittenden wrote:
Using our tools the only available option is lower-case 'all':
$ ipa hbac-add test --usercat=ALL --type=allow
ipa: ERROR: invalid 'usercategory': must be one of (u'all',)
In any case, better to be robust. Updated patc
David O'Brien wrote:
Adam Young wrote:
On 10/06/2010 09:07 PM, David O'Brien wrote:
Rob Crittenden wrote:
David O'Brien wrote:
Rob Crittenden wrote:
Add some missing options to the ipa-getkeytab man page.
rob
Can you be consistent with "Kerberos" instead of adding "kerberos" to
the mix a
Simo Sorce wrote:
This is some very basic initial localization work for the C tools.
I do not have any translation yet, and creation and merging of .po
and binary files is not yet done. But the clients.pot file is regularly
updated when make is run in the main dir (or make gettext in the
ipa-cl
- "Rob Crittenden" wrote:
> Accept an incoming certificate as either DER or base64 in the service
> plugin.
>
> The plugin required a base64-encoded certificate and always decoded it
> before processing. This doesn't work with the UI because the json module
> decodes binary values already.
- "Rob Crittenden" wrote:
> Adam Young wrote:
> > This patch hard codes the record limit for the UI to 100. Next step is
> > to make it configurable. This patch is necessary, as without it, some
> > customers with large records will have problems with default queries.
>
> ack
Pushed to mas
Endi Sukma Dewata wrote:
- "Rob Crittenden" wrote:
Accept an incoming certificate as either DER or base64 in the service
plugin.
The plugin required a base64-encoded certificate and always decoded it
before processing. This doesn't work with the UI because the json module
decodes binary v
Disallow writes on serverHostName, enrolledBy and memberOf
Regular users already can't write these, it just affects admins.
serverHostName because this is tied to the FQDN so should only be
changed on a host rename (which we don't do).
enrolledBy because this should reflect relality.
memberO
Rob Crittenden wrote:
Disallow writes on serverHostName, enrolledBy and memberOf
Regular users already can't write these, it just affects admins.
serverHostName because this is tied to the FQDN so should only be
changed on a host rename (which we don't do).
enrolledBy because this should refle
Hello,
For some background see: http://www.freeipa.com/page/Access_Control
I took a look at the ACIs in DS. An ACI consists of 6 parts:
1) Name
2) Users and Groups that the permission is granted to
3) The right (read, write, add, delete etc)
4) Target - an object against which the operation is pe
Dmitri Pal wrote:
Hello,
For some background see: http://www.freeipa.com/page/Access_Control
I took a look at the ACIs in DS. An ACI consists of 6 parts:
1) Name
2) Users and Groups that the permission is granted to
3) The right (read, write, add, delete etc)
4) Target - an object against which
Rob Crittenden wrote:
Dmitri Pal wrote:
Hello,
For some background see: http://www.freeipa.com/page/Access_Control
I took a look at the ACIs in DS. An ACI consists of 6 parts:
1) Name
2) Users and Groups that the permission is granted to
3) The right (read, write, add, delete etc)
4) Target -
Group deletion was failing with an error about too many values.
rob
freeipa-567-group.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hi,
Please review the attached patch. Thanks!
This is an initial implementation of certificate management for
services. It addresses the mechanism required to view and update
certificates. The complete UI implementation will be addressed in
subsequent patches.
On the server side, the service.py
18 matches
Mail list logo
