Re: [Freeipa-devel] [PATCHES] 106-113 Access raw LDAP values directly from LDAPEntry

2013-10-10 Thread Jan Cholasta
On 9.10.2013 13:57, Petr Viktorin wrote: On 09/26/2013 02:22 PM, Jan Cholasta wrote: On 24.9.2013 15:35, Jan Cholasta wrote: On 27.2.2013 16:31, Jan Cholasta wrote: Hi, these patches add the ability to access and manipulate raw attribute values as they are returned from python-ldap to the LDA

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-10-10 Thread Jan Cholasta
On 12.9.2013 22:47, Nathaniel McCallum wrote: On Thu, 2013-09-05 at 00:04 -0400, Nathaniel McCallum wrote: patch attached Update for ./makeapi attached. Is ipaUserAuthType relevant only to Kerberos or to user authentication in general? For example, if "password" is removed from ipaUserAuth

Re: [Freeipa-devel] [PATCH] 427 Remove --no-serial-autoincrement

2013-10-10 Thread Jan Cholasta
Hi, On 9.10.2013 16:21, Martin Kosek wrote: Deprecate this option and do not offer it in installation tools. Without this option enabled, advanced DNS features like DNSSEC would not work. https://fedorahosted.org/freeipa/ticket/3962 Is there a reason not to remove serial_autoincrement from b

Re: [Freeipa-devel] [PATCH] 427 Remove --no-serial-autoincrement

2013-10-10 Thread Martin Kosek
On 10/10/2013 01:47 PM, Jan Cholasta wrote: > Hi, > > On 9.10.2013 16:21, Martin Kosek wrote: >> Deprecate this option and do not offer it in installation tools. >> Without this option enabled, advanced DNS features like DNSSEC >> would not work. >> >> https://fedorahosted.org/freeipa/ticket/3962

Re: [Freeipa-devel] [PATCH] 427 Remove --no-serial-autoincrement

2013-10-10 Thread Jan Cholasta
On 10.10.2013 14:02, Martin Kosek wrote: On 10/10/2013 01:47 PM, Jan Cholasta wrote: Hi, On 9.10.2013 16:21, Martin Kosek wrote: Deprecate this option and do not offer it in installation tools. Without this option enabled, advanced DNS features like DNSSEC would not work. https://fedorahosted

Re: [Freeipa-devel] [PATCH] 428 PKI installation on replica failing due to missing proxy conf

2013-10-10 Thread Jan Cholasta
Hi, On 9.10.2013 22:38, Martin Kosek wrote: Proxy configuration was not detected correctly. Both ipa-pki-proxy.conf and ipa.conf need to be in place and httpd restarted to be able to check it's status. https://fedorahosted.org/freeipa/ticket/3964 I had to install and reinstall PKI a lot

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-10-10 Thread Nathaniel McCallum
On Thu, 2013-10-10 at 10:04 +0200, Jan Cholasta wrote: > On 12.9.2013 22:47, Nathaniel McCallum wrote: > > On Thu, 2013-09-05 at 00:04 -0400, Nathaniel McCallum wrote: > >> patch attached > > > > Update for ./makeapi attached. > > > > Is ipaUserAuthType relevant only to Kerberos or to user authent

[Freeipa-devel] [PATCH 0118] Do not create separate ranges for subdomains in case of POSIX trust

2013-10-10 Thread Tomas Babej
Hi, This is a fix for a bug I found related to the subdomains code while working on the AD Continuous Integration testing. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 42d3932ad10e4c5ca60c24d2f4da0e9d6bc3b348 Mon

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-10-10 Thread Jan Cholasta
On 10.10.2013 16:51, Nathaniel McCallum wrote: On Thu, 2013-10-10 at 10:04 +0200, Jan Cholasta wrote: On 12.9.2013 22:47, Nathaniel McCallum wrote: On Thu, 2013-09-05 at 00:04 -0400, Nathaniel McCallum wrote: patch attached Update for ./makeapi attached. Is ipaUserAuthType relevant only t

Re: [Freeipa-devel] [PATCH] 426 Winsync re-initialize should not run memberOf fixup task

2013-10-10 Thread Jan Cholasta
Hi, On 9.10.2013 13:31, Martin Kosek wrote: Change re-initialize command to consider memberOf fixup task only for non-winsync replication agreements. This patch also includes few fixes for DsInstance to properly set realm and fqdn properties needed when connecting to LDAP. https://fedorahosted.

[Freeipa-devel] [PATCH] 429 Administrative password change does not respect password policy

2013-10-10 Thread Martin Kosek
When Directory Manager or a PassSync agent is changing a password, it is not being expired, but standard expiration time should apply. However, default expiration time was always applied (90 days) even though administrator may have a custom policy for the user. https://fedorahosted.org/freeipa/tic

[Freeipa-devel] [PATCH] [DOC] Remove SELinux user paragraph replacement

2013-10-10 Thread Jérôme Fenal
Attached. Replaced the dodgy sentence with Martin's one. Regards, J. -- Jérôme Fenal freeipa-jfenal-0002-Remove-SELinux-user.patch Description: Binary data ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinf

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-10-10 Thread Dmitri Pal
On 10/10/2013 10:51 AM, Nathaniel McCallum wrote: > On Thu, 2013-10-10 at 10:04 +0200, Jan Cholasta wrote: >> On 12.9.2013 22:47, Nathaniel McCallum wrote: >>> On Thu, 2013-09-05 at 00:04 -0400, Nathaniel McCallum wrote: patch attached >>> Update for ./makeapi attached. >>> >> Is ipaUserAuthTy

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-10-10 Thread Dmitri Pal
On 10/10/2013 11:30 AM, Jan Cholasta wrote: > On 10.10.2013 16:51, Nathaniel McCallum wrote: >> On Thu, 2013-10-10 at 10:04 +0200, Jan Cholasta wrote: >>> On 12.9.2013 22:47, Nathaniel McCallum wrote: On Thu, 2013-09-05 at 00:04 -0400, Nathaniel McCallum wrote: > patch attached U

Re: [Freeipa-devel] [PATCH 0186-0191] Replace LDAP cache with RBTDB

2013-10-10 Thread Petr Spacek
On 8.10.2013 12:00, Tomas Hozza wrote: On 10/02/2013 12:57 PM, Petr Spacek wrote: On 13.9.2013 15:31, Petr Spacek wrote: On 14.8.2013 16:42, Petr Spacek wrote: On 14.8.2013 16:25, Petr Spacek wrote: On 1.8.2013 15:57, Petr Spacek wrote: Hello, attached monster patches replace our internal c

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-10-10 Thread Nathaniel McCallum
On Thu, 2013-10-10 at 12:44 -0400, Dmitri Pal wrote: > On 10/10/2013 10:51 AM, Nathaniel McCallum wrote: > > On Thu, 2013-10-10 at 10:04 +0200, Jan Cholasta wrote: > >> On 12.9.2013 22:47, Nathaniel McCallum wrote: > >>> On Thu, 2013-09-05 at 00:04 -0400, Nathaniel McCallum wrote: > patch atta

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-10-10 Thread Dmitri Pal
On 10/10/2013 03:13 PM, Nathaniel McCallum wrote: > On Thu, 2013-10-10 at 12:44 -0400, Dmitri Pal wrote: >> On 10/10/2013 10:51 AM, Nathaniel McCallum wrote: >>> On Thu, 2013-10-10 at 10:04 +0200, Jan Cholasta wrote: On 12.9.2013 22:47, Nathaniel McCallum wrote: > On Thu, 2013-09-05 at 00:

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-10-10 Thread Nathaniel McCallum
On Thu, 2013-10-10 at 15:53 -0400, Dmitri Pal wrote: > On 10/10/2013 03:13 PM, Nathaniel McCallum wrote: > > On Thu, 2013-10-10 at 12:44 -0400, Dmitri Pal wrote: > >> On 10/10/2013 10:51 AM, Nathaniel McCallum wrote: > >>> On Thu, 2013-10-10 at 10:04 +0200, Jan Cholasta wrote: > On 12.9.2013 2

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-10-10 Thread Dmitri Pal
On 10/10/2013 08:33 PM, Nathaniel McCallum wrote: > On Thu, 2013-10-10 at 15:53 -0400, Dmitri Pal wrote: >> On 10/10/2013 03:13 PM, Nathaniel McCallum wrote: >>> On Thu, 2013-10-10 at 12:44 -0400, Dmitri Pal wrote: On 10/10/2013 10:51 AM, Nathaniel McCallum wrote: > On Thu, 2013-10-10 at 1