Re: [Freeipa-devel] test_changepw is failing on master

2012-06-29 Thread Martin Kosek
This is most likely caused by old SELinux policy for which I reported a bug and which should be resolved by now. You could confirm this in /var/log/audit/audit.log. What is a version of your selinux-policy package? I retested this issue with selinux-policy-3.10.0-132.fc17.noarch and it worked for

[Freeipa-devel] [PATCH] Use lower case names in LDAP to meet freeIPA convention

2012-06-29 Thread Sumit Bose
Hi, Alexander discovered that the sidgen plugin does not add the objectclasses with lower case as expected by other freeIPA components. The patch sets all LDAP names to lower case to be on the safe side. bye, Sumit From f8aca6c3516a34490a14c864c70f2b4bbaf58041 Mon Sep 17 00:00:00 2001 From:

Re: [Freeipa-devel] [PATCH] Use lower case names in LDAP to meet freeIPA convention

2012-06-29 Thread Alexander Bokovoy
On Fri, 29 Jun 2012, Sumit Bose wrote: Hi, Alexander discovered that the sidgen plugin does not add the objectclasses with lower case as expected by other freeIPA components. The patch sets all LDAP names to lower case to be on the safe side. ACK. -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH] Use lower case names in LDAP to meet freeIPA convention

2012-06-29 Thread Martin Kosek
On Fri, 2012-06-29 at 12:13 +0300, Alexander Bokovoy wrote: On Fri, 29 Jun 2012, Sumit Bose wrote: Hi, Alexander discovered that the sidgen plugin does not add the objectclasses with lower case as expected by other freeIPA components. The patch sets all LDAP names to lower case to be on the

Re: [Freeipa-devel] [PATCH] 164 Continuation of removing of not supported command options from Web UI

2012-06-29 Thread Petr Vobornik
On 06/28/2012 09:30 PM, Endi Sukma Dewata wrote: On 6/27/2012 11:22 AM, Petr Vobornik wrote: This patch removes following non-existing command options: * all,rights in host_disable * record_type in dns_record_add * all,rights in various xxx_remove_xxx commands used in

Re: [Freeipa-devel] [PATCH] 163 Refactored association facet to use facet buttons with actions

2012-06-29 Thread Petr Vobornik
On 06/28/2012 09:30 PM, Endi Sukma Dewata wrote: On 6/27/2012 11:19 AM, Petr Vobornik wrote: Association facet was refactored to use new concept of control buttons. It is the last facet type which don't use this concept. It fixes regression introduced by previous refactoring of table facet

Re: [Freeipa-devel] [PATCH] 162 Web UI password is going to expire in n days notification

2012-06-29 Thread Petr Vobornik
On 06/28/2012 10:35 PM, Endi Sukma Dewata wrote: ACK. I have some suggestions below. Pushed to master. The reset link probably should be blue to be consistent with the other links, but maybe it doesn't go well with dark background. Or you can make the link red (and the whole message

[Freeipa-devel] [PATCH] 0067 Explicitly filter options that permission-{add, mod} passes to aci-{add, mod}

2012-06-29 Thread Petr Viktorin
The permission commands were not filtering their options properly before passing them to the underlying ACI commands. This upset the new input validation when --addattr/--setattr was used. This patch adds a filter that only lets options listed in aci_attributes through to the ACI commands.

Re: [Freeipa-devel] [PATCHES] 22-24 Add initial support for ID ranges

2012-06-29 Thread Alexander Bokovoy
On Fri, 29 Jun 2012, Sumit Bose wrote: On Wed, Jun 27, 2012 at 09:19:36PM +0200, Sumit Bose wrote: On Tue, Jun 26, 2012 at 12:30:14PM +0200, Sumit Bose wrote: On Sun, Jun 17, 2012 at 09:47:20PM +0200, Sumit Bose wrote: On Thu, Jun 14, 2012 at 02:25:01PM +0200, Sumit Bose wrote: On Thu,

Re: [Freeipa-devel] [PATCH] 0067 Explicitly filter options that permission-{add, mod} passes to aci-{add, mod}

2012-06-29 Thread Alexander Bokovoy
On Fri, 29 Jun 2012, Petr Viktorin wrote: The permission commands were not filtering their options properly before passing them to the underlying ACI commands. This upset the new input validation when --addattr/--setattr was used. This patch adds a filter that only lets options listed in

Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility

2012-06-29 Thread Rob Crittenden
Martin Kosek wrote: On 06/27/2012 07:46 PM, Rob Crittenden wrote: I found a few minor issues when building and installing the master branch on Fedora 18. This patch should address it. rob 1) This will fail for on F17-F18 upgrades, we need to bump VERSION in ipa-rewrite.conf. Besides that,

Re: [Freeipa-devel] DHCP support - Request for review

2012-06-29 Thread Simo Sorce
On Wed, 2012-06-27 at 23:02 +0930, William Brown wrote: Hi, I have been working on adding support for FreeIPA to support configuration storage for ISC-DHCP 4.X servers. I have added the schema which is included at installation, added the template / empty files that will be filled in and

Re: [Freeipa-devel] [PATCH] [WIP] 281 Enable SOA serial autoincrement

2012-06-29 Thread Rob Crittenden
Martin Kosek wrote: This patch enables currently developed SOA serial autoincrement feature in bind-dyndb-ldap. The patch may be updated if any assumptions about this feature are changed (or somebody finds a bug). --- SOA serial autoincrement is a requirement for major DNS features, e.g. zone

Re: [Freeipa-devel] [PATCH][WIP] LDAP encoding redone

2012-06-29 Thread Rob Crittenden
Jan Cholasta wrote: Hi, this is the next patch in the input validation handling series https://fedorahosted.org/freeipa/ticket/2357. It changes the way entries are encoded and decoded in the LDAP backend. The patch consists of several changes: * Refactored the Encoder class to be more

Re: [Freeipa-devel] [PATCHES] 22-24 Add initial support for ID ranges

2012-06-29 Thread Rob Crittenden
Alexander Bokovoy wrote: On Fri, 29 Jun 2012, Sumit Bose wrote: On Wed, Jun 27, 2012 at 09:19:36PM +0200, Sumit Bose wrote: On Tue, Jun 26, 2012 at 12:30:14PM +0200, Sumit Bose wrote: On Sun, Jun 17, 2012 at 09:47:20PM +0200, Sumit Bose wrote: On Thu, Jun 14, 2012 at 02:25:01PM +0200, Sumit

Re: [Freeipa-devel] [PATCHES] 22-24 Add initial support for ID ranges

2012-06-29 Thread Rob Crittenden
Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 29 Jun 2012, Sumit Bose wrote: On Wed, Jun 27, 2012 at 09:19:36PM +0200, Sumit Bose wrote: On Tue, Jun 26, 2012 at 12:30:14PM +0200, Sumit Bose wrote: On Sun, Jun 17, 2012 at 09:47:20PM +0200, Sumit Bose wrote: On Thu, Jun 14, 2012 at

[Freeipa-devel] please use DN objects

2012-06-29 Thread John Dennis
I just saw a commit that had things like this in it: admin_conn.search_s(cn=ranges,cn=etc,+self.suffix, Please don't form DN's using string formatting! We've had DN objects in the code for a long time now, please use them, string formatting is not guaranteed to be correct with respect to

Re: [Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater

2012-06-29 Thread Rob Crittenden
Petr Viktorin wrote: On 06/25/2012 03:00 PM, Petr Viktorin wrote: On 06/20/2012 06:15 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 06/04/2012 04:56 PM, Petr Viktorin wrote: Currently, FreeIPA's install/admin scripts are long pieces of code that aren't very reusable, importable, or

Re: [Freeipa-devel] please use DN objects

2012-06-29 Thread Sumit Bose
On Fri, Jun 29, 2012 at 05:27:41PM -0400, John Dennis wrote: I just saw a commit that had things like this in it: admin_conn.search_s(cn=ranges,cn=etc,+self.suffix, Please don't form DN's using string formatting! We've had DN objects in the code for a long time now, please use them,

Re: [Freeipa-devel] [PATCHES] 22-24 Add initial support for ID ranges

2012-06-29 Thread Rob Crittenden
Rob Crittenden wrote: Rob Crittenden wrote: Alexander Bokovoy wrote: On Fri, 29 Jun 2012, Sumit Bose wrote: On Wed, Jun 27, 2012 at 09:19:36PM +0200, Sumit Bose wrote: On Tue, Jun 26, 2012 at 12:30:14PM +0200, Sumit Bose wrote: On Sun, Jun 17, 2012 at 09:47:20PM +0200, Sumit Bose wrote: