On 20.12.2013 13:06, Petr Viktorin wrote:
I now have a failing test in test_permission_rollback. Let's think about
this case for a moment:
The permission system has "rollback": if an ACI update fails, the entry
is rolled back. Currently it works (for ipapermlocation changes) like this:
- The ol
Original patch for ticket #3803 implemented support to resolve SIDs
through SSSD. However, it also broke hbactest for external users. The
result of the updated external member group search must be local
non-external groups, not the external ones. Otherwise the rule is not
matched.
https://fedoraho
On Fri, 10 Jan 2014, Martin Kosek wrote:
Original patch for ticket #3803 implemented support to resolve SIDs
through SSSD. However, it also broke hbactest for external users. The
result of the updated external member group search must be local
non-external groups, not the external ones. Otherwise
On 01/10/2014 12:54 PM, Alexander Bokovoy wrote:
> On Fri, 10 Jan 2014, Martin Kosek wrote:
>> Original patch for ticket #3803 implemented support to resolve SIDs
>> through SSSD. However, it also broke hbactest for external users. The
>> result of the updated external member group search must be l
On 01/09/2014 10:25 PM, Nathaniel McCallum wrote:
On Thu, 2014-01-02 at 09:58 +0100, Petr Viktorin wrote:
On 12/23/2013 06:54 PM, Nathaniel McCallum wrote:
Attached.
config.in.h~ is a product of your specfific editor, right? You should
add it to your personal ignore list, e.g. with:
$ echo "
On 01/09/2014 03:37 PM, Simo Sorce wrote:
> On Thu, 2014-01-09 at 15:27 +0100, Martin Kosek wrote:
>> On 01/09/2014 03:12 PM, Simo Sorce wrote:
>>> On Thu, 2014-01-09 at 09:04 -0500, Simo Sorce wrote:
On Thu, 2014-01-09 at 09:51 +0100, Martin Kosek wrote:
> On 01/09/2014 12:26 AM, Simo Sor
On 01/09/2014 04:49 PM, Simo Sorce wrote:
> On Thu, 2014-01-09 at 10:44 -0500, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On 01/09/2014 03:12 PM, Simo Sorce wrote:
>
> Also maybe we should allow admins to bypass the need to have an actual
> object to represent the alt name ?
>>
>> I'
On 01/10/2014 12:43 PM, Jan Cholasta wrote:
On 20.12.2013 13:06, Petr Viktorin wrote:
I now have a failing test in test_permission_rollback. Let's think about
this case for a moment:
The permission system has "rollback": if an ACI update fails, the entry
is rolled back. Currently it works (for
Simo Sorce wrote:
On Thu, 2014-01-09 at 10:44 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On 01/09/2014 03:12 PM, Simo Sorce wrote:
Also maybe we should allow admins to bypass the need to have an actual
object to represent the alt name ?
I'd rather not. This would allow a rogue admin
On 01/07/2014 01:54 PM, Jan Cholasta wrote:
On 16.12.2013 14:45, Petr Viktorin wrote:
On 12/16/2013 10:22 AM, Jan Cholasta wrote:
On 13.12.2013 15:16, Petr Viktorin wrote:
On 12/10/2013 04:05 PM, Jan Cholasta wrote:
Hi,
I believe the time has come to drop support for the legacy (dn,
entry_at
On Fri, 2014-01-10 at 13:29 +0100, Martin Kosek wrote:
> On 01/09/2014 03:37 PM, Simo Sorce wrote:
> > On Thu, 2014-01-09 at 15:27 +0100, Martin Kosek wrote:
> >> On 01/09/2014 03:12 PM, Simo Sorce wrote:
> >>> On Thu, 2014-01-09 at 09:04 -0500, Simo Sorce wrote:
> On Thu, 2014-01-09 at 09:51
Another permission design page coming up:
http://www.freeipa.org/page/V3/Multivalued_target_filters_in_permissions
related thread:
http://www.redhat.com/archives/freeipa-devel/2013-December/msg00063.html
ticket: https://fedorahosted.org/freeipa/ticket/4074
Originally the ticket also included a
On Thu, 2014-01-09 at 21:30 -0800, Noriko Hosoi wrote:
> Simo Sorce wrote:
> > On Thu, 2014-01-09 at 15:15 -0800, Noriko Hosoi wrote:
> >> Simo Sorce wrote:
> >>> On Thu, 2014-01-09 at 16:32 -0500, Nathaniel McCallum wrote:
> This patch is independent from my patches 0028-0031 and can be merge
On Fri, 2014-01-10 at 12:15 -0500, Simo Sorce wrote:
> On Thu, 2014-01-09 at 21:30 -0800, Noriko Hosoi wrote:
> > Simo Sorce wrote:
> > > On Thu, 2014-01-09 at 15:15 -0800, Noriko Hosoi wrote:
> > >> Simo Sorce wrote:
> > >>> On Thu, 2014-01-09 at 16:32 -0500, Nathaniel McCallum wrote:
> > Thi
Hi Simo,
Simo Sorce wrote:
On Fri, 2014-01-10 at 12:15 -0500, Simo Sorce wrote:
This is not what I had in mind, our use cases is something like this:
aci: (target=ldap:///dc=bar)(targetattr=*) (version 3.0; acl "userattr
test"; allow (add) userattr = "managedby#USERDN";)
ldapmodify -D uid=user
On Thu, 2014-01-09 at 17:37 -0500, Simo Sorce wrote:
> On Thu, 2014-01-09 at 16:32 -0500, Nathaniel McCallum wrote:
> > This patch is independent from my patches 0028-0031 and can be merged in
> > any order.
> >
> > This patch has a bug, but I can't figure it out. We need to set
> > nsslapd-access
On Thu, 2014-01-09 at 16:30 +0100, Tomas Babej wrote:
> Hi,
>
> Adds a parameter that represents a DateTime format using datetime.datetime
> object from python's native datetime library.
>
> In the CLI, accepts one of the following formats:
> Accepts subset of values defined by ISO 8601:
> %Y-%m-
On Thu, 09 Jan 2014, Nathaniel McCallum wrote:
New RPMs are up: http://npmccallum.fedorapeople.org/freeipa-otp/rpms/
Just as a note -- we can use copr service to provide a better experience
for testing. I made a copr repo with previous patchset last year:
http://copr.fedoraproject.org/coprs/abbr
18 matches
Mail list logo