Re: [Freeipa-devel] [RANT] --setattr validation is a minefield.

On Thu, 2012-05-10 at 15:19 +0200, Petr Viktorin wrote: On 04/10/2012 07:53 PM, Martin Kosek wrote: On Tue, 2012-04-10 at 19:25 +0200, Petr Viktorin wrote: On 04/10/2012 07:07 PM, Martin Kosek wrote: On Tue, 2012-04-10 at 17:03 +0200, Jan Cholasta wrote: On 10.4.2012 16:00, Petr Viktorin

Re: [Freeipa-devel] [PATCH] 0047 Do not use extra command options in ACI, permission, selfservice

On Thu, 2012-05-10 at 13:07 +0200, Petr Viktorin wrote: This is the second and likely the next-to-last part of disabling extra command options (after this it's just test fixes and turning the checking on). Part of the work for https://fedorahosted.org/freeipa/ticket/2509 This patch

Re: [Freeipa-devel] [PATCH] 1011 fix permission-find

On Fri, 2012-05-11 at 15:31 -0400, Rob Crittenden wrote: The permission-find command was failing for two reasons. The first was an overlap in the --name option and the primary key. The second was that aci's use a different attribute for name, aciname, so cn wasn't matching anything

Re: [Freeipa-devel] [RANT] --setattr validation is a minefield.

On Mon, 2012-05-14 at 09:36 +0200, Martin Kosek wrote: On Thu, 2012-05-10 at 15:19 +0200, Petr Viktorin wrote: On 04/10/2012 07:53 PM, Martin Kosek wrote: On Tue, 2012-04-10 at 19:25 +0200, Petr Viktorin wrote: On 04/10/2012 07:07 PM, Martin Kosek wrote: On Tue, 2012-04-10 at 17:03

Re: [Freeipa-devel] [PATCH] 1012 validate domain in installer

On Fri, 2012-05-11 at 16:03 -0400, Rob Crittenden wrote: Use our domain validator to validate the domain name we get in the installer. rob I found few issues with the patch: 1) The unexpected error is not very user friendly error message: # ipa-server-install ... Server host name

Re: [Freeipa-devel] [PATCH] 0047 Do not use extra command options in ACI, permission, selfservice

On Mon, 2012-05-14 at 10:00 +0200, Martin Kosek wrote: On Thu, 2012-05-10 at 13:07 +0200, Petr Viktorin wrote: This is the second and likely the next-to-last part of disabling extra command options (after this it's just test fixes and turning the checking on). Part of the work for

Re: [Freeipa-devel] [PATCH] 1013 implement permission/aci find by subtree

On Fri, 2012-05-11 at 16:34 -0400, Rob Crittenden wrote: permission-find --subtree wasn't implemented so always returned all entries (the option was ignored). rob I found the following 2 issues: 1) The following piece of code is over-complicated: +found = False +

[Freeipa-devel] Build problems with FreeIPA v2.2.0

Hi, when i try to build FreeIPA v2.2.0 rpm's on Scientific Linux v6.2, i get the following errors (during make-lint phase): ipaserver/plugins/ldap2.py:176: [E1121, IPASimpleLDAPObject.rename_s] Too many positional arguments for function call ipa-client/ipa-install/ipa-client-install:742: [E1101,

Re: [Freeipa-devel] Build problems with FreeIPA v2.2.0

On Mon, May 14, 2012 at 01:11:49PM +0300, Dan Airinen wrote: ipa-client/ipa-install/ipa-client-install:742: [E1101, configure_sssd_conf] Instance of 'SSSDConfig' has no 'activate_service' member What version of the SSSD are you running? The activate_service method was added into the SSSD

Re: [Freeipa-devel] Build problems with FreeIPA v2.2.0

Thanks Jakub!, manually updated sssd RPM's to 1.8.3 version. And that error was now fixed. Still problems with the other two errors tho. On ma, 2012-05-14 at 12:30 +0200, Jakub Hrozek wrote: On Mon, May 14, 2012 at 01:11:49PM +0300, Dan Airinen wrote:

[Freeipa-devel] [PATCH] 0050 Fail on unknown Command options

The final part of rejecting unknown Command arguments: enable the validation, add tests. Also fix up things that were changed since the previous patches. https://fedorahosted.org/freeipa/ticket/2509 -- Petr³ From 64496d35b5483b8b237282dd157388f10e72beda Mon Sep 17 00:00:00 2001 From: Petr

[Freeipa-devel] [PATCH] 0051 Check for empty/single value parameters before calling callbacks

Pre-callbacks were called before a few validation steps, leading to internal errors if the pre-callback relied on valid data. https://fedorahosted.org/freeipa/ticket/2701 Regression test included. -- Petr³ From f74699ea8e765f5aba197287a00bf2d0e0c83d03 Mon Sep 17 00:00:00 2001 From: Petr

Re: [Freeipa-devel] [RANT] --setattr validation is a minefield.

Martin Kosek wrote: On Thu, 2012-05-10 at 15:19 +0200, Petr Viktorin wrote: On 04/10/2012 07:53 PM, Martin Kosek wrote: On Tue, 2012-04-10 at 19:25 +0200, Petr Viktorin wrote: On 04/10/2012 07:07 PM, Martin Kosek wrote: On Tue, 2012-04-10 at 17:03 +0200, Jan Cholasta wrote: On 10.4.2012

Re: [Freeipa-devel] Build problems with FreeIPA v2.2.0

Dan Airinen wrote: Thanks Jakub!, manually updated sssd RPM's to 1.8.3 version. And that error was now fixed. Still problems with the other two errors tho. What version of python-nss and python-ldap do you have installed? rob ___ Freeipa-devel

Re: [Freeipa-devel] [PATCH 0020] Separate LDAP result from LDAP connection, fix deadlock.

On 05/11/2012 12:26 PM, Adam Tkac wrote: On Mon, May 07, 2012 at 02:49:07PM +0200, Petr Spacek wrote: Hello, this patch fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/66: Plugin deadlocks during new zone load when connections == 1. It fixes structural problem, when LDAP query result

Re: [Freeipa-devel] Build problems with FreeIPA v2.2.0

On 05/14/2012 06:11 AM, Dan Airinen wrote: Hi, when i try to build FreeIPA v2.2.0 rpm's on Scientific Linux v6.2, i get the following errors (during make-lint phase): ipaserver/plugins/ldap2.py:176: [E1121, IPASimpleLDAPObject.rename_s] Too many positional arguments for function call

Re: [Freeipa-devel] [PATCHES] 124-132 Inconsistent ways to show/change entry status

On 5/10/2012 7:19 AM, Petr Vobornik wrote: Updated patch attached. See comments below. On 05/08/2012 04:23 AM, Endi Sukma Dewata wrote: Try adding a very long DNS zone, then open the zone. Compare the breadcrumbs in the DNS Resource Records page and in the Settings page, in my case the second

Re: [Freeipa-devel] [PATCH] 136 Correction of nested search facets tab labels

On 5/10/2012 5:29 AM, Petr Vobornik wrote: Nested search facets were using 'search' tab label instead of their nested entity name. This patch is fixing that regression. https://fedorahosted.org/freeipa/ticket/2744 ACK. -- Endi S. Dewata ___

Re: [Freeipa-devel] [PATCH] 133 Action list for user password

On 5/3/2012 3:59 AM, Petr Vobornik wrote: Currently the user password is shown as follows in the details page: Password: Reset Password This is inconsistent with the rest of the page because the 'Reset Password' is an action, not the value of the password. Now password is shown as follows:

Re: [Freeipa-devel] [PATCH] 1012 validate domain in installer

Martin Kosek wrote: On Fri, 2012-05-11 at 16:03 -0400, Rob Crittenden wrote: Use our domain validator to validate the domain name we get in the installer. rob I found few issues with the patch: 1) The unexpected error is not very user friendly error message: # ipa-server-install ... Server

Re: [Freeipa-devel] [PATCH] 1013 implement permission/aci find by subtree

Martin Kosek wrote: On Fri, 2012-05-11 at 16:34 -0400, Rob Crittenden wrote: permission-find --subtree wasn't implemented so always returned all entries (the option was ignored). rob I found the following 2 issues: 1) The following piece of code is over-complicated: +found

[Freeipa-devel] Adding indices and permissions to FreeIPA

Hi, I am currently working on adding DHCP support, so that FreeIPA can control an ISC-DHCP server. As part of this, I need to add a number of indices to 389ds, as well as a number of permissions (ACIs) and groups to manage these. Is there a specific way to add these? Should they be added as

[Freeipa-devel] New beaker server in mountain view

At long last, a beaker server is now up and running here in Mountain View. The beaker server is able to control nearly all of the machines here at the mountain view location. Login to it here: http://hammer1.dsdev.sjc.redhat.com/bkr/ You should be able to login with your kerberos username and