On 02/11/2013 06:58 PM, Alexander Bokovoy wrote:
> On Mon, 11 Feb 2013, Martin Kosek wrote:
>> On 02/11/2013 03:34 PM, Alexander Bokovoy wrote:
>>> On Fri, 08 Feb 2013, Martin Kosek wrote:
On 02/08/2013 10:47 AM, Martin Kosek wrote:
> Sending patches according to RFE:
> http://www.free
On 11.2.2013 17:23, Simo Sorce wrote:
On Mon, 2013-02-11 at 15:37 +0100, Petr Spacek wrote:
Possible optimization
Increment serial value at most once per second.
Basic idea: Write current timestamp (no incrementation) and write
serial value
to the database with one second delay.
Problem: How
All known memory leaks caused by unfreed allocated memory or unfreed
LDAP results (which should be also done after unsuccessful searches)
are fixed.
One ipadb_need_retry result check was fixed as this function returns
trust in case of a need for retry and not a zero.
https://fedorahosted.org/free
Hello,
Automatically reload invalid zone after each change in zone data.
https://fedorahosted.org/bind-dyndb-ldap/ticket/102
How to test:
# create a invalid zone, e.g. zone without A records for names in NS records
ipa dnszone-add zone.test --admin-email=blah.nonsense
--name-server=
Hello,
Make log messages related to Kerberos more verbose.
This change should help people supporting bind-dyndb-ldap to figure out what
is happening under covers.
--
Petr^2 Spacek
From a7cae08cacad019852067dd7ecf86cefbe35c70e Mon Sep 17 00:00:00 2001
From: Petr Spacek
Date: Tue, 12 Feb 2
On Tue, Feb 12, 2013 at 12:24:48PM +0100, Martin Kosek wrote:
> All known memory leaks caused by unfreed allocated memory or unfreed
> LDAP results (which should be also done after unsuccessful searches)
> are fixed.
>
> One ipadb_need_retry result check was fixed as this function returns
> trust
On Mon, 2013-02-11 at 20:30 -0500, Dmitri Pal wrote:
> On 02/11/2013 03:21 PM, Simo Sorce wrote:
> > On Mon, 2013-02-11 at 21:03 +0100, Ondrej Hamada wrote:
> >> Dne 3.2.2013 02:51, Dmitri Pal napsal(a):
> >>> On 01/31/2013 06:09 PM, Ondrej Hamada wrote:
> Hello,
> I'm starting to work on
On Tue, 2013-02-12 at 12:24 +0100, Martin Kosek wrote:
Comments inline.
> --- a/daemons/ipa-kdb/ipa_kdb_common.c
> +++ b/daemons/ipa-kdb/ipa_kdb_common.c
> @@ -172,7 +172,7 @@ krb5_error_code ipadb_simple_search(struct
> ipadb_context *ipactx,
> /* first test if we need to retry to connect *
On Tue, 2013-02-12 at 10:57 +0100, Petr Spacek wrote:
> On 11.2.2013 17:23, Simo Sorce wrote:
> > On Mon, 2013-02-11 at 15:37 +0100, Petr Spacek wrote:
> >> Possible optimization
> >>
> >> Increment serial value at most once per second.
> >>
> >> Basic idea: Write current timestamp (no incrementati
On 02/12/2013 03:16 PM, Simo Sorce wrote:
> On Tue, 2013-02-12 at 12:24 +0100, Martin Kosek wrote:
>
> Comments inline.
>
>> --- a/daemons/ipa-kdb/ipa_kdb_common.c
>> +++ b/daemons/ipa-kdb/ipa_kdb_common.c
>> @@ -172,7 +172,7 @@ krb5_error_code ipadb_simple_search(struct
>> ipadb_context *ipactx,
On Tue, 2013-02-12 at 16:14 +0100, Martin Kosek wrote:
> Explained in the commit description - this may not be super-critical, I just
> followed info in ldap_search_ext() man page:
>
> ...
>
>Note that res parameter of ldap_search_ext_s() and ldap_search_s()
> should be freed with
On 02/12/2013 04:26 PM, Simo Sorce wrote:
> On Tue, 2013-02-12 at 16:14 +0100, Martin Kosek wrote:
>> Explained in the commit description - this may not be super-critical, I just
>> followed info in ldap_search_ext() man page:
>>
>> ...
>>
>>Note that res parameter of ldap_search_ext_s()
On Fri, 01 Feb 2013, Martin Kosek wrote:
On 01/31/2013 07:06 PM, Alexander Bokovoy wrote:
On Thu, 31 Jan 2013, Martin Kosek wrote:
On 01/31/2013 04:29 PM, Alexander Bokovoy wrote:
On Thu, 31 Jan 2013, Martin Kosek wrote:
When ipa-adtrust-install is run, check if there are any objects
that nee
On 2/8/2013 7:27 AM, Petr Vobornik wrote:
Checkbox for NONE option was added.
https://fedorahosted.org/freeipa/ticket/3404
Patches for master and 3.1 branch attached.
ACK.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
h
On 02/12/2013 04:48 PM, Alexander Bokovoy wrote:
> On Fri, 01 Feb 2013, Martin Kosek wrote:
>> On 01/31/2013 07:06 PM, Alexander Bokovoy wrote:
>>> On Thu, 31 Jan 2013, Martin Kosek wrote:
On 01/31/2013 04:29 PM, Alexander Bokovoy wrote:
> On Thu, 31 Jan 2013, Martin Kosek wrote:
>> Wh
Hi,
This patch adds a check for krbprincipalexpiration attribute to pre_bind
operation
in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth is
denied and LDAP_INVALID_CREDENTIALS along with the error message is
sent back to the client. Since krbprincipalexpiration attribute is not
On 02/12/2013 05:14 PM, Endi Sukma Dewata wrote:
On 2/8/2013 7:27 AM, Petr Vobornik wrote:
Checkbox for NONE option was added.
https://fedorahosted.org/freeipa/ticket/3404
Patches for master and 3.1 branch attached.
ACK.
We were discussing to NACK this approach.
The implementation should
On Fri, 08 Feb 2013, Tomas Babej wrote:
On 02/08/2013 03:25 PM, Alexander Bokovoy wrote:
On Mon, 04 Feb 2013, Tomas Babej wrote:
Hi,
When adding/modifying an ID range for a trusted domain, the newly
added option --dom-name can be used. This looks up SID of the
trusted domain in LDAP and theref
On 02/12/2013 05:50 PM, Tomas Babej wrote:
Hi,
This patch adds a check for krbprincipalexpiration attribute to
pre_bind operation
in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth is
denied and LDAP_INVALID_CREDENTIALS along with the error message is
sent back to the client. Si
On 02/12/2013 05:56 PM, Petr Vobornik wrote:
On 02/12/2013 05:14 PM, Endi Sukma Dewata wrote:
On 2/8/2013 7:27 AM, Petr Vobornik wrote:
Checkbox for NONE option was added.
https://fedorahosted.org/freeipa/ticket/3404
Patches for master and 3.1 branch attached.
ACK.
We were discussing to
On Tue, 2013-02-12 at 18:03 +0100, Tomas Babej wrote:
> On 02/12/2013 05:50 PM, Tomas Babej wrote:
> > Hi,
> >
> > This patch adds a check for krbprincipalexpiration attribute to
> > pre_bind operation
> > in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth is
> > denied and LDAP_INV
Add new LDAP container to store the list of domains associated with IPA
realm.
Add two new ipa commands (ipa realmdomains-show and ipa
realmdomains-mod) to allow manipulation of the list of realm domains.
Unit test file covering these new commands was added.
https://fedorahosted.org/freeipa/ticket
On 02/04/2013 05:23 PM, Tomas Babej wrote:
Hi,
When adding/modifying an ID range for a trusted domain, the newly
added option --dom-name can be used. This looks up SID of the
trusted domain in LDAP and therefore the user is not required
to write it down in CLI. If the lookup fails, error message
On 2/12/2013 10:56 AM, Petr Vobornik wrote:
We were discussing to NACK this approach.
The implementation should be improved because of the mutually exclusive
nature of NONE option with [MS-PAC, PAD] options.
I think we should add spec definition (to Web UI only, or into server
plugin as well) o
On 02/12/2013 08:20 AM, Simo Sorce wrote:
> On Mon, 2013-02-11 at 20:30 -0500, Dmitri Pal wrote:
>> On 02/11/2013 03:21 PM, Simo Sorce wrote:
>>> On Mon, 2013-02-11 at 21:03 +0100, Ondrej Hamada wrote:
Dne 3.2.2013 02:51, Dmitri Pal napsal(a):
> On 01/31/2013 06:09 PM, Ondrej Hamada wrote:
25 matches
Mail list logo