On 10/08/2012 05:12 PM, Jan Cholasta wrote:
> Hi,
>
> On 20.9.2012 19:38, Rob Crittenden wrote:
>> Jan Cholasta wrote:
>>> Hi,
>>>
>>> Dne 31.8.2012 19:43, Rob Crittenden napsal(a):
The naming in CS replication agreements is different from IPA
agreements, we have to live with what the cr
On 10/08/2012 02:22 PM, Alexander Bokovoy wrote:
> On Mon, 08 Oct 2012, Petr Vobornik wrote:
>> On 10/05/2012 08:14 PM, Alexander Bokovoy wrote:
>>> On Fri, 05 Oct 2012, Petr Vobornik wrote:
On 10/05/2012 03:24 PM, Alexander Bokovoy wrote:
> On Fri, 05 Oct 2012, Petr Vobornik wrote:
>>
On 10/08/2012 07:50 PM, Simo Sorce wrote:
> On Mon, 2012-10-08 at 18:35 +0200, Sumit Bose wrote:
>>
>> Thank you for the review, both issues are fixed in the new version.
>>
> Ack,
> Simo.
>
Pushed to master, ipa-3-0.
Martin
___
Freeipa-devel mailing
On 10/08/2012 10:54 PM, Simo Sorce wrote:
> On Mon, 2012-10-08 at 22:40 +0200, Sumit Bose wrote:
>> On Fri, Oct 05, 2012 at 08:44:41AM -0400, Simo Sorce wrote:
>>> On Fri, 2012-10-05 at 13:32 +0200, Sumit Bose wrote:
>
>>> This part look fine, I wonder if we shouldn't make it even longer than 1
>
On 10/08/2012 06:32 PM, Sumit Bose wrote:
> On Fri, Oct 05, 2012 at 09:17:47PM +0300, Alexander Bokovoy wrote:
>> On Fri, 05 Oct 2012, Simo Sorce wrote:
>>> A onliner but better to have it validated by a second pair of eyes.
>> Yep. Go ahead.
>>
>> The origin of USES_RC4_ENCRYPTION comes from Samba
On 10/09/2012 10:23 AM, Martin Kosek wrote:
> On 10/08/2012 07:50 PM, Simo Sorce wrote:
>> On Mon, 2012-10-08 at 18:35 +0200, Sumit Bose wrote:
>>>
>>> Thank you for the review, both issues are fixed in the new version.
>>>
>> Ack,
>> Simo.
>>
>
> Pushed to master, ipa-3-0.
>
> Martin
>
I accid
On Fri, Oct 05, 2012 at 01:15:13PM +0200, Petr Spacek wrote:
> Hello,
>
> Fix zone removal in persistent search update_zone().
>
> Without this patch any zone removed through ipa dnszone-del will
> remain active and will return SERVFAILs.
Ack
> From e09eebf3c370ff4106013cdeda10a80782e26611 Mon
On Fri, Oct 05, 2012 at 01:45:42PM +0200, Petr Spacek wrote:
> Hello,
>
> Prevent misleading "partial match" error messages for disabled zones.
>
> Following message was printed if zone "e.test" was disabled and LDAP
> contained zones "test" and "e.test":
> update_zone (psearch) f
On Tue, Oct 02, 2012 at 03:21:08PM +0200, Petr Spacek wrote:
> Hello,
>
> Fix potential crash caused by failing zone_register allocation.
>
> Problematic call flow:
> new_ldap_instance -> zr_create (returns failure) ->
> destroy_ldap_instance -> zr_get_rbt (*crash*)
Ack
> From 9d96a9c4a4ac5b592
On Fri, Oct 05, 2012 at 05:00:14PM +0200, Petr Spacek wrote:
> Hello,
>
> Fix crashes on BIND reload caused by improper error handling
> during new zone addition.
>
> Crash can be triggered by invalid query/transfer/update ACLs
> or potentially by error in zr_get_zone_ptr().
>
>
On Mon, Oct 08, 2012 at 04:46:54PM +0200, Petr Spacek wrote:
> Hello,
>
> Use automatic connection management in LDAP modification code to
> prevent potential deadlock.
>
> Without this patch the plugin will deadlock when modify_ldap_common()
> is called with PTR synchronization e
While working on https://fedorahosted.org/freeipa/ticket/3150, I came
across this scenario:
I have a 2.2 master I don't want to upgrade. I want to create a 3.0
replica from it.
I found that when creating the replica file, the Signing-Cert (used to
sign the browser config .jar and, newly, .xp
On 10/08/2012 09:29 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> - Original Message -
>>> From: "Rob Crittenden"
>>> To: "Martin Kosek"
>>> Cc: freeipa-devel@redhat.com
>>> Sent: Monday, October 8, 2012 8:18:47 PM
>>> Subject: Re: [Freeipa-devel] [PATCH] 321 Move CRL publish directo
Some configuration doesn't give proper mime type to xpi files. This
patch explicitly sets it.
https://fedorahosted.org/freeipa/ticket/3094
--
Petr Vobornik
From f35fd8856fdb9e16361b977aba62266c71c9e76f Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Tue, 9 Oct 2012 10:17:16 +0200
Subject: [P
On Tue, 09 Oct 2012, Petr Viktorin wrote:
While working on https://fedorahosted.org/freeipa/ticket/3150, I came
across this scenario:
I have a 2.2 master I don't want to upgrade. I want to create a 3.0
replica from it.
I found that when creating the replica file, the Signing-Cert (used
to s
On Tue, 09 Oct 2012, Petr Vobornik wrote:
Some configuration doesn't give proper mime type to xpi files. This
patch explicitly sets it.
https://fedorahosted.org/freeipa/ticket/3094
--
Petr Vobornik
From f35fd8856fdb9e16361b977aba62266c71c9e76f Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Da
On 10/09/2012 01:25 PM, Petr Viktorin wrote:
While working on https://fedorahosted.org/freeipa/ticket/3150, I came
across this scenario:
I have a 2.2 master I don't want to upgrade. I want to create a 3.0
replica from it.
I found that when creating the replica file, the Signing-Cert (used to
si
On 10/09/2012 01:15 PM, Adam Tkac wrote:
On Fri, Oct 05, 2012 at 05:00:14PM +0200, Petr Spacek wrote:
Hello,
Fix crashes on BIND reload caused by improper error handling
during new zone addition.
Crash can be triggered by invalid query/transfer/update ACLs
or potentially by
On 10/09/2012 01:08 PM, Adam Tkac wrote:
On Fri, Oct 05, 2012 at 01:15:13PM +0200, Petr Spacek wrote:
Hello,
Fix zone removal in persistent search update_zone().
Without this patch any zone removed through ipa dnszone-del will
remain active and will return SERVFAILs.
Ack
Pushed to master:
On 10/09/2012 01:09 PM, Adam Tkac wrote:
On Fri, Oct 05, 2012 at 01:45:42PM +0200, Petr Spacek wrote:
Hello,
Prevent misleading "partial match" error messages for disabled zones.
Following message was printed if zone "e.test" was disabled and LDAP
contained zones "test" and "e.t
On 10/09/2012 01:12 PM, Adam Tkac wrote:
On Tue, Oct 02, 2012 at 03:21:08PM +0200, Petr Spacek wrote:
Hello,
Fix potential crash caused by failing zone_register allocation.
Problematic call flow:
new_ldap_instance -> zr_create (returns failure) ->
destroy_ldap_instance -> zr_get_rbt (*crash*)
On 10/09/2012 01:52 PM, Alexander Bokovoy wrote:
> On Tue, 09 Oct 2012, Petr Vobornik wrote:
>> Some configuration doesn't give proper mime type to xpi files. This patch
>> explicitly sets it.
>>
>> https://fedorahosted.org/freeipa/ticket/3094
>> --
>> Petr Vobornik
>
>> From f35fd8856fdb9e16361b
Martin Kosek wrote:
On 10/08/2012 09:29 PM, Rob Crittenden wrote:
Martin Kosek wrote:
- Original Message -
From: "Rob Crittenden"
To: "Martin Kosek"
Cc: freeipa-devel@redhat.com
Sent: Monday, October 8, 2012 8:18:47 PM
Subject: Re: [Freeipa-devel] [PATCH] 321 Move CRL publish directo
On 10/09/2012 01:21 PM, Adam Tkac wrote:
On Mon, Oct 08, 2012 at 04:46:54PM +0200, Petr Spacek wrote:
Hello,
Use automatic connection management in LDAP modification code to
prevent potential deadlock.
Without this patch the plugin will deadlock when modify_ldap_common()
is
On 10/09/2012 03:48 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 10/08/2012 09:29 PM, Rob Crittenden wrote:
>>> Martin Kosek wrote:
- Original Message -
> From: "Rob Crittenden"
> To: "Martin Kosek"
> Cc: freeipa-devel@redhat.com
> Sent: Monday, October 8, 20
On 09/21/2012 12:37 AM, yi zhang wrote:
> On 09/20/2012 02:58 PM, Rob Crittenden wrote:
>> Updated patch. The value of
>> policyset.caLogSigningSet.2.constraint.params.range needs to be bumped to 720
>> as well.
> I keep doing my test and let everyone know the test result.
>
> Yi
>
Hello Yi, any
Martin Kosek wrote:
On 10/04/2012 06:17 PM, Rob Crittenden wrote:
This changes the way IPA generates CRLs for new installs only.
The first master installed is configured as the CRL generator. An entry is
added to cn=masters that designates it.
When a replica is installed it queries this entry
--- Begin Message ---
The Dogtag team is proud to announce version Dogtag v10.0.0 beta 1.
A build is available for Fedora 18 in the updates-testing repo. Please
try it out and provide karma to move it to the F18 stable repo.
Daily developer builds for Fedora 17 and 18 are available at
http://nk
https://fedorahosted.org/freeipa/ticket/3150
Patch 0086:
I found an old unused function while working on this, the patch removes it.
Patch 0087:
Replica files generated on older masters don't contain the Firefox
extension files. Skip installing them in this case.
Patch 0088:
Servers upgraded
On 09/20/2012 11:58 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> The CA audit certificate is initially valid for two years but its
>> profile has it renewing at six months. This bumps the value up to two
>> years to match the other certificates.
>>
>> This relies on Petr's and Ade's dogtag
On 10/09/2012 05:16 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/3150
Patch 0086:
I found an old unused function while working on this, the patch removes it.
Patch 0087:
Replica files generated on older masters don't contain the Firefox
extension files. Skip installing them
Martin Kosek wrote:
On 09/20/2012 11:58 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
The CA audit certificate is initially valid for two years but its
profile has it renewing at six months. This bumps the value up to two
years to match the other certificates.
This relies on Petr's and Ade's
On 09/14/2012 05:13 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> A sudorule dn uses ipaUniqueId as the cn so we have to do a search to
>> ensure uniqueness. This leaves us vulnerable to a race. Configure the
>> uniqueness plugin to ensure no dups.
>>
>> rob
>
> Add missing attribute to the
Martin Kosek wrote:
On 09/14/2012 05:13 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
A sudorule dn uses ipaUniqueId as the cn so we have to do a search to
ensure uniqueness. This leaves us vulnerable to a race. Configure the
uniqueness plugin to ensure no dups.
rob
Add missing attribute t
On 10/09/2012 05:29 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 09/20/2012 11:58 PM, Rob Crittenden wrote:
>>> Rob Crittenden wrote:
The CA audit certificate is initially valid for two years but its
profile has it renewing at six months. This bumps the value up to two
years
On 10/09/2012 05:26 PM, Petr Viktorin wrote:
On 10/09/2012 05:16 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/3150
Patch 0086:
I found an old unused function while working on this, the patch
removes it.
Patch 0087:
Replica files generated on older masters don't contain the
On 10/09/2012 04:43 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 10/04/2012 06:17 PM, Rob Crittenden wrote:
>>> This changes the way IPA generates CRLs for new installs only.
>>>
>>> The first master installed is configured as the CRL generator. An entry is
>>> added to cn=masters that des
Martin Kosek wrote:
On 10/09/2012 04:43 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/04/2012 06:17 PM, Rob Crittenden wrote:
This changes the way IPA generates CRLs for new installs only.
The first master installed is configured as the CRL generator. An entry is
added to cn=masters tha
Martin Kosek wrote:
On 10/08/2012 05:12 PM, Jan Cholasta wrote:
Hi,
On 20.9.2012 19:38, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
Dne 31.8.2012 19:43, Rob Crittenden napsal(a):
The naming in CS replication agreements is different from IPA
agreements, we have to live with what the create
Rob Crittenden wrote:
Martin Kosek wrote:
On 10/09/2012 04:43 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/04/2012 06:17 PM, Rob Crittenden wrote:
This changes the way IPA generates CRLs for new installs only.
The first master installed is configured as the CRL generator. An
entry is
40 matches
Mail list logo
