Re: [Freeipa-devel] [PATCHES] 138-145 Action panel for user password reset

On 06/01/2012 02:40 AM, Endi Sukma Dewata wrote: ACK. Looks good. Pushed to master. Some comments: 1. I suppose the select_action will always be the first action in any header_actions, and the action doesn't actually do anything. You might want to consider the '-- select action --' as part

Re: [Freeipa-devel] [PATCH] 150 Text widget's dirty state is changed on various input methods

On 06/01/2012 02:46 AM, Endi Sukma Dewata wrote: On 5/28/2012 6:44 AM, Petr Vobornik wrote: on_value_changed event in textboxes and textareas was raised only on keyboard input. If user used different input method such as paste or browser undo and redo functions widget's on_value_changed event

Re: [Freeipa-devel] [PATCH] 149 Added links to netgroup member tables

On 06/01/2012 02:44 AM, Endi Sukma Dewata wrote: On 5/25/2012 11:23 AM, Petr Vobornik wrote: Tables with members in netgroup were missing links for navigation to associated details pages. This patch adds these links. https://fedorahosted.org/freeipa/ticket/2670 ACK. Pushed to master. --

Re: [Freeipa-devel] [PATCH] 148 Removal of illegal options in JSON-RPC calls

On 06/01/2012 02:44 AM, Endi Sukma Dewata wrote: On 5/25/2012 9:57 AM, Petr Vobornik wrote: Ticket https://fedorahosted.org/freeipa/ticket/2509 bans using non existent options. If such option is supplied command ends with error. It uncovered several cases in Web UI. This patch is fixing these

Re: [Freeipa-devel] [PATCH] 146 Added cancel button to service unprovision dialog

On 06/01/2012 02:40 AM, Endi Sukma Dewata wrote: On 5/24/2012 4:11 AM, Petr Vobornik wrote: Service unprovision dialog was missing a cancel button. The button was added. https://fedorahosted.org/freeipa/ticket/1811 ACK. Pushed to master. -- Petr Vobornik

Re: [Freeipa-devel] [PATCH] 147 Set network.http.sendRefererHeader to 2 on browser config

On 05/29/2012 11:29 PM, Rob Crittenden wrote: Petr Vobornik wrote: IPA web UI isn't functional when browser doesn't send http headers. This patch adds a functionality which sets Firefox network.http.sendRefererHeader configuration option to value '2' which enables it. Possible values:

Re: [Freeipa-devel] [PATCH] 0042-0048 AD trusts support (master)

On Thu, 2012-04-12 at 17:16 +0200, Martin Kosek wrote: On Thu, 2012-04-12 at 18:08 +0300, Alexander Bokovoy wrote: Hi Martin! On Thu, 12 Apr 2012, Martin Kosek wrote: ... 3) I would not try to import ipaserver.dcerpc every time the command is executed: +try: +

[Freeipa-devel] [PATCH] 0057 Skip the fix_replica_memberof update plugin for non-root users

An update plugin needed root privileges, and aborted the update if an ordinary user user ran it. With this patch the plugin is skipped with a warning in that case. https://fedorahosted.org/freeipa/ticket/2621 -- Petr³ From c525b9e90055ba01fee0a9402512c150cc2ced9d Mon Sep 17 00:00:00 2001 From:

Re: [Freeipa-devel] [PATCH] 0057 Skip the fix_replica_memberof update plugin for non-root users

On Mon, 2012-06-04 at 17:22 +0200, Petr Viktorin wrote: An update plugin needed root privileges, and aborted the update if an ordinary user user ran it. With this patch the plugin is skipped with a warning in that case. https://fedorahosted.org/freeipa/ticket/2621 Hi Petr, I am not sure I

[Freeipa-devel] [PATCH] 271 Fill new DNS zone update policy by default

For security reasons, dynamic updates are not enabled for new DNS zones. In order to enable the dynamic zone securely, user needs to allow dynamic updates and create a zone update policy. The policy is not easy to construct for regular users, we should rather fill it by default and let users just

Re: [Freeipa-devel] [PATCH] 271 Fill new DNS zone update policy by default

Martin Kosek wrote: For security reasons, dynamic updates are not enabled for new DNS zones. In order to enable the dynamic zone securely, user needs to allow dynamic updates and create a zone update policy. The policy is not easy to construct for regular users, we should rather fill it by

Re: [Freeipa-devel] [PATCH] 492 Add options to reduce writes from KDC

Simo Sorce wrote: The original ldap driver we used up to 2.2 had 2 options admins could set to limit the amount of writes to the database on certain auditing related operations. In particular disable_last_success is really important to reduce the load on database servers. I have implemented

Re: [Freeipa-devel] [PATCH] 147 Set network.http.sendRefererHeader to 2 on browser config

Petr Vobornik wrote: On 05/29/2012 11:29 PM, Rob Crittenden wrote: Petr Vobornik wrote: IPA web UI isn't functional when browser doesn't send http headers. This patch adds a functionality which sets Firefox network.http.sendRefererHeader configuration option to value '2' which enables it.

Re: [Freeipa-devel] [PATCH] 270 Improve migration NotFound error

Martin Kosek wrote: When no user/group was found, migration plugin reported an ambiguous error about invalid container. But the root cause may be for example in a wrong list of user/group objectclasses. Report both in the error message to avoid user confusion. User/group objectclass attribute

Re: [Freeipa-devel] [PATCH] 262-265 Enable psearch by default

Martin Kosek wrote: On Fri, 2012-05-25 at 17:14 +0200, Martin Kosek wrote: On Fri, 2012-05-25 at 09:25 -0400, Rob Crittenden wrote: Martin Kosek wrote: This set of patches handles enabling psearch both for new installations (patch 263) and upgraded IPA servers. For upgraded IPA servers I

Re: [Freeipa-devel] [PATCH] 271 Fill new DNS zone update policy by default

I think the example should be something like: Modify the zone to allow dynamic updates for hosts own records in realm EXAMPLE.COM: ipa dnszone-mod example.com --dynamic-update=TRUE This is the equivalent of: ipa dnszone-mod example.com --dynamic-update=TRUE \\