This patch works with assumption that user in self-service mode doesn't
have rights for enrolling/un-enrolling himself to/from group, role, hbac
rule, net group, sudo rule. He can only read the attributes. Therefore
in self service mode all user association facets are set read only.
Checking
On 12/12/2011 7:32 AM, Petr Vobornik wrote:
The first option is we could modify this page to use a table for each
type, similar to HBAC/sudo rule. For example:
SRV Records
x | Priority | Weight | Port | Target [Delete] [Add]
---
x | 0 | 100 |
Hi,
I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
management CLI and GUI. It is quite apparent that most of management
commands will be similar to all future trust types (AD, IPA, etc),
thus, it makes sense to develop a generalized `ipa trust' family of
commands that would
Facet tabs are now colored according to their group.
https://fedorahosted.org/freeipa/ticket/1976
--
Petr Vobornik
From bdb6e0137f2e22ebb4d7c45e471e716588d171fd Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Mon, 12 Dec 2011 19:16:46 +0100
Subject: [PATCH] Added facet
On Mon, 2011-12-12 at 19:49 +0200, Alexander Bokovoy wrote:
Hi,
I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
management CLI and GUI. It is quite apparent that most of management
commands will be similar to all future trust types (AD, IPA, etc),
thus, it makes sense to
Alexander Bokovoy wrote:
Hi,
I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
management CLI and GUI. It is quite apparent that most of management
commands will be similar to all future trust types (AD, IPA, etc),
thus, it makes sense to develop a generalized `ipa trust' family of
On Mon, Dec 12, 2011 at 07:49:04PM +0200, Alexander Bokovoy wrote:
Hi,
I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
management CLI and GUI. It is quite apparent that most of management
commands will be similar to all future trust types (AD, IPA, etc),
thus, it makes
On 12/12/2011 9:27 AM, Petr Vobornik wrote:
This patch works with assumption that user in self-service mode doesn't
have rights for enrolling/un-enrolling himself to/from group, role, hbac
rule, net group, sudo rule. He can only read the attributes. Therefore
in self service mode all user
On 12/12/2011 12:21 PM, Petr Vobornik wrote:
Facet tabs are now colored according to their group.
https://fedorahosted.org/freeipa/ticket/1976
This is how it looks:
http://edewata.fedorapeople.org/freeipa/install/ui/#identity=groupnavigation=identitygroup-facet=defaultgroup-pkey=editors
This patch adds support for s4u2proxy. This means that the Apache server
will obtain the ldap service ticket on behalf of the user rather than
the using having to send their TGT. The user's ticket still needs to be
forwardable, we just don't require it to be forwarded any more.
This patch has
On Mon, 12 Dec 2011, Simo Sorce wrote:
Creates a trust between FreeIPA realm and another realm of selected
type. Only 'ads' type is currently supported.
For 'ads' type running `ipa trust-add' would be equivalent to
following sequence:
* ipa-adtrust-install
* net rpc trust create
On Mon, 12 Dec 2011, Rob Crittenden wrote:
Alexander Bokovoy wrote:
Hi,
I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
management CLI and GUI. It is quite apparent that most of management
commands will be similar to all future trust types (AD, IPA, etc),
thus, it makes
On Mon, 12 Dec 2011, Sumit Bose wrote:
--password Value [type-specific parameters]
Creates a trust between FreeIPA realm and another realm of selected
type. Only 'ads' type is currently supported.
For 'ads' type running `ipa trust-add' would be equivalent to
following sequence:
This patch makes all categories and their equivalent members mutually
exclusive like in the HBAC plugin. So if you have usercat='all' you
can't add users.
Added test cases for these as well.
I also modified the default list of attributes to include the RunAs
attributes.
rob
From
Alexander Bokovoy wrote:
On Fri, 02 Dec 2011, Rob Crittenden wrote:
Alexander Bokovoy wrote:
Hi,
FreeIPA SUDO rules use --usercat/--groupcat to specify that rule
applies to all users or groups. Thus, sudorule-add-runasuser and
sudorule-add-runasgroup accept specific groups and users and do
Ondrej Hamada wrote:
On 12/09/2011 08:46 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/29/2011 10:31 AM, Martin Kosek wrote:
On Thu, 2011-11-24 at 17:51 +0100, Ondrej Hamada wrote:
On 11/24/2011 03:54 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/1979
I've used
On Mon, 12 Dec 2011, Rob Crittenden wrote:
actual members, it treats it as a no-op. We should probably be
consistent.
Don't understand. Did you mean 'to not provide any actual members'?
In case you did, attached patch removes remaining checks for
runas_{user,group) to be False.
It
On Mon, 2011-12-12 at 15:22 -0500, Rob Crittenden wrote:
This patch adds support for s4u2proxy. This means that the Apache
server
will obtain the ldap service ticket on behalf of the user rather than
the using having to send their TGT. The user's ticket still needs to
be
forwardable, we
On 12/12/2011 07:15 PM, Simo Sorce wrote:
On Mon, 2011-12-12 at 15:22 -0500, Rob Crittenden wrote:
This patch adds support for s4u2proxy. This means that the Apache
server
will obtain the ldap service ticket on behalf of the user rather than
the using having to send their TGT. The user's
Rather than manually adding users to the default ipa users group
configure automember to do it for us.
This was quite simple for new installs but a bit complex on upgrades so
I implemented it as an update plugin.
I also added a unit test for the config module. The majority of config
is
Rob Crittenden wrote:
Rather than manually adding users to the default ipa users group
configure automember to do it for us.
This was quite simple for new installs but a bit complex on upgrades so
I implemented it as an update plugin.
I also added a unit test for the config module. The
21 matches
Mail list logo
