Re: [Freeipa-devel] [PATCH] 23 Add ability to specify DNS reverse zone name by IP network address

2011-07-01 Thread Jan Cholasta
On 30.6.2011 22:54, Adam Young wrote: On 06/28/2011 02:08 PM, Rob Crittenden wrote: Jan Cholasta wrote: On 21.6.2011 14:15, Jan Cholasta wrote: This patch adds a new option name_from_ip to dnszone commands. Default value of idnsname is created from this option. Honza Fixed the API version

Re: [Freeipa-devel] [PATCH] 25 Update minimum required version of python-netaddr

2011-07-01 Thread Jan Cholasta
On 28.6.2011 16:14, Jakub Hrozek wrote: On 06/28/2011 08:52 AM, Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/1288 Honza I gather this is done in order to get rid of the try: except all hack in installer? This works fine with F15 and F16 in mind. However, if the specfile is

[Freeipa-devel] [PATCH] 3 ipa-client-install tries to start non-existing nscd

2011-07-01 Thread Alexander Bokovoy
-- / Alexander Bokovoy From a7cd88f5aa2db2c18fe76c612573ec28eb51fd40 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Fri, 1 Jul 2011 11:11:38 +0300 Subject: [PATCH] Rearrange logging for NSCD daemon. https://fedorahosted.org/freeipa/ticket/1373 When SSSD is in use,

[Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap

2011-07-01 Thread Alexander Bokovoy
New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. -- / Alexander Bokovoy From a78f8a4d18a9eae266215238dbaefe3b6cc6cd98 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Fri, 1 Jul 2011 12:41:45 +0300 Subject: [PATCH] Make

[Freeipa-devel] [PATCH] 4 ipa-client-install complains about non-existing nss_ldap

2011-07-01 Thread Alexander Bokovoy
-- / Alexander Bokovoy From d29143ce5f6364dfc93dd0228dc58199f956b0a6 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Fri, 1 Jul 2011 12:15:12 +0300 Subject: [PATCH] Make error reporting more 'local' for various configurations of nss_ldap packages

Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap

2011-07-01 Thread Jan Cholasta
On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as

Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap

2011-07-01 Thread Alexander Bokovoy
Hi, On 01.07.2011 14:54, Jan Cholasta wrote: On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see

Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap

2011-07-01 Thread Jan Cholasta
On 1.7.2011 14:00, Alexander Bokovoy wrote: Hi, On 01.07.2011 14:54, Jan Cholasta wrote: On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms

Re: [Freeipa-devel] Proposal: drop DENY rules from HBAC

2011-07-01 Thread Simo Sorce
On Wed, 2011-06-29 at 16:25 -0400, Jakub Hrozek wrote: By removing the deny rules, do we break compatibility with anything else than the IPA tech preview in RHEL and upstream FreeIPA 2.0? Ok we've had a somewhat heated discussion internally about how to deal with the transition phase for

Re: [Freeipa-devel] [PATCH] 25 Update minimum required version of python-netaddr

2011-07-01 Thread Jakub Hrozek
On 07/01/2011 06:35 AM, Jan Cholasta wrote: On 28.6.2011 16:14, Jakub Hrozek wrote: On 06/28/2011 08:52 AM, Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/1288 Honza I gather this is done in order to get rid of the try: except all hack in installer? This works fine with F15

Re: [Freeipa-devel] [PATCH] 810 fix re-enrolling a host with a OTP

2011-07-01 Thread Rob Crittenden
Rob Crittenden wrote: Rob Crittenden wrote: Don't set krbLastPwdChange when setting a host OTP password. We have no visibility into whether an entry has a keytab or not so krbLastPwdChange is used as a rough guide. If this value exists during enrollment then it fails because the host is

[Freeipa-devel] [PATCH] 813 fix enrolledBy regression

2011-07-01 Thread Rob Crittenden
enrolledBy represents the DN of the entry that enrolled a host. We don't want an admin to manipulate this but an aci allowed it. This was a regression. ticket 302 rob From c9525eeba3a423f3f376a2492fea5f2f89a1250d Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Fri, 1

Re: [Freeipa-devel] [PATCH] 0261-entity-link-for-password-policy

2011-07-01 Thread Adam Young
On 06/30/2011 08:46 PM, Endi Sukma Dewata wrote: On 6/30/2011 4:42 PM, Adam Young wrote: Some issues: 1. Suppose initially you open an entry that contains a value that matches no_link_value, it will hide the link and show the label. Then suppose you open another entry that has no value,

[Freeipa-devel] [PATCH] 197 Added arrow icons for details sections.

2011-07-01 Thread Endi Sukma Dewata
New arrow icons have been added to replace the plus/minus sign icons for expanding/collapsing details sections. Ticket #1422 -- Endi S. Dewata From b5901eddb5f77c2b06101815181e58bf344338ac Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Fri, 1 Jul 2011 13:37:43 -0500

Re: [Freeipa-devel] [PATCH] 25 Update minimum required version of python-netaddr

2011-07-01 Thread Jan Cholasta
On 1.7.2011 16:34, Jakub Hrozek wrote: On 07/01/2011 06:35 AM, Jan Cholasta wrote: On 28.6.2011 16:14, Jakub Hrozek wrote: On 06/28/2011 08:52 AM, Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/1288 Honza I gather this is done in order to get rid of the try: except all hack

Re: [Freeipa-devel] [PATCH] 0261-entity-link-for-password-policy

2011-07-01 Thread Endi Sukma Dewata
On 7/1/2011 1:08 PM, Adam Young wrote: ACK but there's a jslint warning. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCHES] 814, 815, 816 Fix test failures

2011-07-01 Thread Rob Crittenden
I found a few test failures that have resulted from some recent commits. These got lost in the mix of expected failures when I did initial testing on them. This has inspired me to try to fix all the test failures (see patch 817 too). This fixes: - an error in a new exception example - the

[Freeipa-devel] [PATCH] 817 Add option to wait for values

2011-07-01 Thread Rob Crittenden
389-ds postop plugins, such as the managed entry and memberof plugins, add values after the data has been returned to the client. In the case of the managed entry plugin this affects the parent entry as well (adds an objectclass value). This wreaks havoc on our tests as the values don't match

Re: [Freeipa-devel] [PATCH] 190 Removed invalid associations.

2011-07-01 Thread Rob Crittenden
Endi Sukma Dewata wrote: The following invalid associations have been removed: - group's memberindirect netgroup and role - hostgroup's memberofindirect host Ticket #1366 Ticket #1367 Ack, pushed to master ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 0261-entity-link-for-password-policy

2011-07-01 Thread Adam Young
On 07/01/2011 03:08 PM, Endi Sukma Dewata wrote: On 7/1/2011 1:08 PM, Adam Young wrote: ACK but there's a jslint warning. Fixed and pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 817 Add option to wait for values

2011-07-01 Thread Rob Crittenden
Rob Crittenden wrote: 389-ds postop plugins, such as the managed entry and memberof plugins, add values after the data has been returned to the client. In the case of the managed entry plugin this affects the parent entry as well (adds an objectclass value). This wreaks havoc on our tests as

Re: [Freeipa-devel] [PATCH] 197 Added arrow icons for details sections.

2011-07-01 Thread Adam Young
On 07/01/2011 02:45 PM, Endi Sukma Dewata wrote: New arrow icons have been added to replace the plus/minus sign icons for expanding/collapsing details sections. Ticket #1422 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 811 Set the client auth callback after creating the SSL connection.

2011-07-01 Thread Adam Young
On 06/30/2011 10:04 AM, John Dennis wrote: On 06/29/2011 04:58 PM, Rob Crittenden wrote: John Dennis wrote: On 06/29/2011 03:08 PM, Rob Crittenden wrote: If we set the callback before calling connect() then if the connection tries a network family type and fails, it will try other family