Here is the final patch for sudorule external host and user support.
This patch also adds support for adding/removing IpaSudoOpt values. (We
some how missed this till the last hour)
This addresses item #6 in ticket 570:
(https://fedorahosted.org/freeipa/ticket/570)
(This ticket is remarked as crit
On 12/16/2010 08:06 PM, Simo Sorce wrote:
Obvious ACK,
I will put the change in myself unless you can send me a git formatted
patch I can git am into my tree.
Thunerbird converted tabs to spaces. I hope this is ok.
Best regards,
Zoran Pericic
diff --git a/src/krb5_helper.c b/src/krb5_helper.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2010 11:47 AM, Zoran Pericic wrote:
> On 12/16/2010 08:06 PM, Simo Sorce wrote:
>
>> Obvious ACK,
>> I will put the change in myself unless you can send me a git formatted
>> patch I can git am into my tree.
>
> Thunerbird converted tabs to
On 12/16/2010 08:25 PM, Simo Sorce wrote:
+(str_casecmp_char(ldap_inst->sasl_mech, "GSSAPI") == 0)) {
+if((ldap_inst->krb5_principal == NULL)&&
+(str_len(ldap_inst->krb5_principal) == 0)) {
+if((ldap_inst->sasl_user == NULL)&&
+(str_len(lda
On 12/13/2010 07:25 PM, Rob Crittenden wrote:
Move a bunch of objects created by the updater into the bootstrap ldif.
It is cleaner to do it this way (and probably a bit faster too).
rob
Ack.
with the patch applied on top of origin/master, the tree builds,
installs and the entries are added
On 12/17/2010 06:06 PM, Stephen Gallagher wrote:
Zoran, it is generally preferred to create the patch with the command:
git format-patch -M -C --patience --full-index -1
Then attach the file to the email, rather than copying it in. If you
have more than one patch in your tree that you want to s
Hi All,
Fixed typos in the man page of ipa-getkeytab and corrected my name in
Contributors.txt.
Regards
/Shanks
>From cda49322321455b495af7ab24e03ca1358321ad5 Mon Sep 17 00:00:00 2001
From: Gowrishankar Rajaiyan
Date: Sat, 18 Dec 2010 00:44:30 +0530
Subject: [PATCH 1/2] Fixing typos in man p
The change_password permission was too broad, limit it to users.
The DNS access controls rolled everything into a single ACI. I broke it
out into separate ACIs for add, delete and add. I also added a new dns
type for the permission plugin.
ticket 628
rob
>From bff0d00e44465d70f6a954cf8832940
We create the aci with the --test flag to test its validity but it
doesn't do the same level of tests that actually adding an aci to LDAP
does. Catch any syntax errors that get thrown and clean up as best we can.
ticket 621
rob
>From 97b79c2ec2cb5f939cfc5ef2a3d9de5dd99b3e9b Mon Sep 17 00:00:00
A couple of the doctests were failing because of minor bad formatting.
rob
>From 9f4fe9550b31c02a5f0bd6a8d68f9fd52dfbb492 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Fri, 17 Dec 2010 16:32:53 -0500
Subject: [PATCH] Fix some doctests
A few had bad formatting causing the doctests to fail.
Saw three things that I fixed with one line patches:
1. When browsing page unauthorized.html from firefox4, It showed a
blank screen, but with what looked like valid source. turns out, the
title open tag was closed with an h2, which didn't match. Rendered fine
on firefox3, but not on 4.
On 12/17/2010 04:43 PM, Adam Young wrote:
Saw three things that I fixed with one line patches:
1. When browsing page unauthorized.html from firefox4, It showed a
blank screen, but with what looked like valid source. turns out, the
title open tag was closed with an h2, which didn't match. R
On Tue, 30 Nov 2010 17:38:53 -0500
Rob Crittenden wrote:
> Properly quote passwords sent to pkisilent so special characters work.
>
> Also check for url-encoded passwords before logging them.
>
> ticket 324
ACK and pushed to master.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
On Thu, 9 Dec 2010 14:19:43 -0500
Nalin Dahyabhai wrote:
> On Mon, Dec 06, 2010 at 11:43:36AM -0500, Rob Crittenden wrote:
> > What if we do both? Use the one provided by the KDC if it exists
> > otherwise fall back to our own?
>
> Then you're basically depending on me getting the generated LDIF
On Tue, 7 Dec 2010 16:42:08 +0100
Jan Zelený wrote:
> Rob Crittenden wrote:
> > Jan Zelený wrote:
> > > Rob Crittenden wrote:
> > >> Some attributes we use are IA5Strings which have a very limited
> > >> character set. Add a parameter type for that so we can catch the
> > >> bad type up front a
Don't use camel-case LDAP attributes in ACI and don't clear enrolledBy
We keep LDAP attributes lower-case elsewhere in the API we should do the
same with all access controls.
There were two ACIs pointing at the manage_host_keytab permission. This
isn't allowed in general and we have decided s
On Thu, 09 Dec 2010 15:00:12 -0500
Rob Crittenden wrote:
> - Skip the DNS tests if DNS isn't configured
> - Add new attributes to user entries (displayname, cn and initials)
> - Make the nsaccountlock value consistent
> - Fix the cert subject for cert tests
>
> All but 2 tests pass for me now, b
On Sat, 11 Dec 2010 14:25:33 -0500
Adam Young wrote:
> On 12/11/2010 01:08 AM, Rob Crittenden wrote:
> > We don't want people willy-nilly changing principal names. The
> > proper way to do this is to rename the user entry, so remove the
> > option.
> >
> > rob
> ACK
Pushed to master
Simo.
--
On 12/17/2010 03:39 PM, Rob Crittenden wrote:
The change_password permission was too broad, limit it to users.
The DNS access controls rolled everything into a single ACI. I broke
it out into separate ACIs for add, delete and add. I also added a new
dns type for the permission plugin.
ticket
On Fri, 17 Dec 2010 18:20:18 +0100
Jakub Hrozek wrote:
> On 12/13/2010 07:25 PM, Rob Crittenden wrote:
> > Move a bunch of objects created by the updater into the bootstrap
> > ldif. It is cleaner to do it this way (and probably a bit faster
> > too).
> >
> > rob
> >
>
> Ack.
>
> with the patch
On Wed, 15 Dec 2010 09:36:41 +0100
Jan Zelený wrote:
> Rob Crittenden wrote:
> > Ensure that the replication plugin exists before creeating or
> > installing a replica.
> >
> > ticket 502
> >
> > rob
>
> ack, but I'm not a big fan of hardcoding the path of plugins in the
> code. It may be goo
On Fri, 17 Dec 2010 15:40:27 -0500
Rob Crittenden wrote:
> We create the aci with the --test flag to test its validity but it
> doesn't do the same level of tests that actually adding an aci to
> LDAP does. Catch any syntax errors that get thrown and clean up as
> best we can.
>
> ticket 621
A
On Fri, 17 Dec 2010 16:37:13 -0500
Rob Crittenden wrote:
> A couple of the doctests were failing because of minor bad formatting.
ACK and pushed to master.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@r
On Fri, 17 Dec 2010 17:03:06 -0500
Rob Crittenden wrote:
> Don't use camel-case LDAP attributes in ACI and don't clear enrolledBy
>
> We keep LDAP attributes lower-case elsewhere in the API we should do
> the same with all access controls.
>
> There were two ACIs pointing at the manage_host_key
24 matches
Mail list logo