Re: [Freeipa-devel] [PATCH 0011] Make sure selinuxusemap behaves consistently to HBAC rule

2012-09-12 Thread Tomas Babej
On 09/11/2012 01:14 PM, Martin Kosek wrote: On 09/06/2012 01:13 PM, Tomas Babej wrote: On 09/05/2012 01:56 PM, Martin Kosek wrote: On 09/03/2012 05:12 PM, Tomas Babej wrote: Hi, Both selinuxusermap-add and selinuxusermap-mod commands now behave consistently in not allowing user/host category

[Freeipa-devel] [PATCH 0057] Fix LDAP operation selection logic in ldap_modify_do()

2012-09-12 Thread Petr Spacek
Hello, There is a fix for LDAP operation selection logic in ldap_modify_do(). Each operation code in LDAPMod structure can be ORed with LDAP_MOD_BVALUES. Petr^2 Spacek From ab11e62ec2496f2c7245c4d8d80c2fd189b68aa9 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date:

[Freeipa-devel] [PATCH 0058] Improve persistent search logging

2012-09-12 Thread Petr Spacek
Hello, this patch adds result codes to error messages in persistent search code. Petr^2 Spacek From f6cb53278d8f39ac6da4fb8e26820f6ee02ae6e3 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 12 Sep 2012 12:27:51 +0200 Subject: [PATCH] Improve persistent search logging.

Re: [Freeipa-devel] [PATCH] 0078 ipa-client-install: Obtain host TGT from one specific KDC

2012-09-12 Thread Petr Viktorin
On 09/11/2012 10:39 PM, Rob Crittenden wrote: Petr Viktorin wrote: When installing the client, we need to take extra case to only contact the one server we're installing against. Otherwise, in the real world, we might hit a server that hasn't replicated info about the client yet. This patch

Re: [Freeipa-devel] [PATCH] 0078 ipa-client-install: Obtain host TGT from one specific KDC

2012-09-12 Thread Petr Viktorin
On 09/12/2012 01:20 PM, Petr Viktorin wrote: On 09/11/2012 10:39 PM, Rob Crittenden wrote: Petr Viktorin wrote: When installing the client, we need to take extra case to only contact the one server we're installing against. Otherwise, in the real world, we might hit a server that hasn't

[Freeipa-devel] [PATCH] 305-308 Expand Referential Integrity checks

2012-09-12 Thread Martin Kosek
To test, add sudo commands, hosts or users to a sudo rule or hbac rule and then rename or delete the linked object. After the update, the links should be amended. - Many attributes in IPA (e.g. manager, memberuser, managedby, ...) are used to store DNs of linked objects in IPA (users,

Re: [Freeipa-devel] [PATCH] Patch to allow IPA to work with dogtag 10 on f18

2012-09-12 Thread Petr Viktorin
On 09/12/2012 04:42 AM, Ade Lee wrote: On Tue, 2012-09-11 at 14:45 -0400, Rob Crittenden wrote: Petr Viktorin wrote: On 09/11/2012 04:38 PM, Rob Crittenden wrote: Ade Lee wrote: On Tue, 2012-09-11 at 08:59 -0400, Rob Crittenden wrote: Petr Viktorin wrote: On 09/11/2012 04:04 AM, Ade Lee

Re: [Freeipa-devel] [PATCH] 0078 ipa-client-install: Obtain host TGT from one specific KDC

2012-09-12 Thread Jan Cholasta
Dne 12.9.2012 14:09, Petr Viktorin napsal(a): On 09/12/2012 01:20 PM, Petr Viktorin wrote: On 09/11/2012 10:39 PM, Rob Crittenden wrote: Petr Viktorin wrote: When installing the client, we need to take extra case to only contact the one server we're installing against. Otherwise, in the real

Re: [Freeipa-devel] [PATCH] 0078 ipa-client-install: Obtain host TGT from one specific KDC

2012-09-12 Thread Rob Crittenden
Jan Cholasta wrote: Dne 12.9.2012 14:09, Petr Viktorin napsal(a): On 09/12/2012 01:20 PM, Petr Viktorin wrote: On 09/11/2012 10:39 PM, Rob Crittenden wrote: Petr Viktorin wrote: When installing the client, we need to take extra case to only contact the one server we're installing against.

[Freeipa-devel] [PATCH] 84 Add the SSH service to SSSD config file before trying to activate it

2012-09-12 Thread Jan Cholasta
Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/3069. Users no longer have to configure SSH in sssd.conf manually if the file exists prior to running ipa-client-install. Honza -- Jan Cholasta From 38fd87c7b9d941b76753c3f11eca0058a83b8954 Mon Sep 17 00:00:00 2001 From: Jan

[Freeipa-devel] [PATCH] 85 Add --no-ssh option to ipa-client-install to disable OpenSSH client configuration

2012-09-12 Thread Jan Cholasta
Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/3070. If both --no-ssh and --no-sshd are specified, do not configure the SSH service in SSSD. Honza -- Jan Cholasta From 2a80c57305b099129b192e7ccf52b7f8cc982c41 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com

Re: [Freeipa-devel] [PATCH] 0078 ipa-client-install: Obtain host TGT from one specific KDC

2012-09-12 Thread Martin Kosek
On 09/12/2012 02:58 PM, Jan Cholasta wrote: Dne 12.9.2012 14:09, Petr Viktorin napsal(a): On 09/12/2012 01:20 PM, Petr Viktorin wrote: On 09/11/2012 10:39 PM, Rob Crittenden wrote: Petr Viktorin wrote: When installing the client, we need to take extra case to only contact the one server

Re: [Freeipa-devel] [PATCH 0011] Make sure selinuxusemap behaves consistently to HBAC rule

2012-09-12 Thread Martin Kosek
On 09/12/2012 10:24 AM, Tomas Babej wrote: On 09/11/2012 01:14 PM, Martin Kosek wrote: On 09/06/2012 01:13 PM, Tomas Babej wrote: On 09/05/2012 01:56 PM, Martin Kosek wrote: On 09/03/2012 05:12 PM, Tomas Babej wrote: Hi, Both selinuxusermap-add and selinuxusermap-mod commands now behave

Re: [Freeipa-devel] [PATCH] 0078 ipa-client-install: Obtain host TGT from one specific KDC

2012-09-12 Thread Simo Sorce
On Wed, 2012-09-12 at 16:04 +0200, Martin Kosek wrote: On 09/12/2012 02:58 PM, Jan Cholasta wrote: Dne 12.9.2012 14:09, Petr Viktorin napsal(a): On 09/12/2012 01:20 PM, Petr Viktorin wrote: On 09/11/2012 10:39 PM, Rob Crittenden wrote: Petr Viktorin wrote: When installing the client, we

Re: [Freeipa-devel] [PATCH] 0078 ipa-client-install: Obtain host TGT from one specific KDC

2012-09-12 Thread Martin Kosek
On 09/12/2012 04:29 PM, Simo Sorce wrote: On Wed, 2012-09-12 at 16:04 +0200, Martin Kosek wrote: On 09/12/2012 02:58 PM, Jan Cholasta wrote: Dne 12.9.2012 14:09, Petr Viktorin napsal(a): On 09/12/2012 01:20 PM, Petr Viktorin wrote: On 09/11/2012 10:39 PM, Rob Crittenden wrote: Petr Viktorin

Re: [Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall

2012-09-12 Thread Martin Kosek
On 08/29/2012 02:54 PM, Tomas Babej wrote: On 08/27/2012 04:55 PM, Martin Kosek wrote: On 08/27/2012 03:37 PM, Jakub Hrozek wrote: On Mon, Aug 27, 2012 at 02:57:44PM +0200, Martin Kosek wrote: I think that the right behavior of SSSD conf uninstall should be the following: * sssd.conf

Re: [Freeipa-devel] [PATCH] 0077 Check direct/reverse hostname/address resolution in ipa-replica-install

2012-09-12 Thread Petr Viktorin
On 09/11/2012 11:05 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 09/04/2012 07:44 PM, Rob Crittenden wrote: Petr Viktorin wrote: https://fedorahosted.org/freeipa/ticket/2845 Shouldn't this also call verify_fqdn() on the local hostname and not just the master? I think this would

Re: [Freeipa-devel] [PATCH] 0078 ipa-client-install: Obtain host TGT from one specific KDC

2012-09-12 Thread Petr Viktorin
On 09/12/2012 04:04 PM, Martin Kosek wrote: On 09/12/2012 02:58 PM, Jan Cholasta wrote: Dne 12.9.2012 14:09, Petr Viktorin napsal(a): On 09/12/2012 01:20 PM, Petr Viktorin wrote: On 09/11/2012 10:39 PM, Rob Crittenden wrote: Petr Viktorin wrote: When installing the client, we need to take

Re: [Freeipa-devel] [PATCH] Patch to allow IPA to work with dogtag 10 on f18

2012-09-12 Thread Petr Viktorin
On 09/11/2012 09:38 PM, Rob Crittenden wrote: Rob Crittenden wrote: Rob Crittenden wrote: Petr Viktorin wrote: On 09/11/2012 04:38 PM, Rob Crittenden wrote: Ade Lee wrote: On Tue, 2012-09-11 at 08:59 -0400, Rob Crittenden wrote: Petr Viktorin wrote: On 09/11/2012 04:04 AM, Ade Lee wrote:

Re: [Freeipa-devel] [PATCH] Patch to allow IPA to work with dogtag 10 on f18

2012-09-12 Thread Ade Lee
On Wed, 2012-09-12 at 18:43 +0200, Petr Viktorin wrote: On 09/11/2012 09:38 PM, Rob Crittenden wrote: Rob Crittenden wrote: Rob Crittenden wrote: Petr Viktorin wrote: On 09/11/2012 04:38 PM, Rob Crittenden wrote: Ade Lee wrote: On Tue, 2012-09-11 at 08:59 -0400, Rob Crittenden wrote: