Re: [Freeipa-devel] [PATCH 0231] Fix record parsing to prevent child zone corruption

2014-04-09 Thread Tomas Hozza
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/01/2014 08:29 PM, Petr Spacek wrote: > Hello, > > Fix record parsing to prevent child zone corruption. > > Child zone hosted on the same server as parent zone was > corrupted by bug in update_record(). > Child zone's apex was modified by update

Re: [Freeipa-devel] [PATCH 0029-0046] Internationalized domain names in DNS plugin

2014-04-09 Thread Martin Basti
On Tue, 2014-04-08 at 11:01 +0200, Petr Spacek wrote: > On 8.4.2014 10:49, Jan Cholasta wrote: > > On 8.4.2014 10:31, Petr Spacek wrote: > >> On 8.4.2014 10:29, Jan Cholasta wrote: > >>> On 8.4.2014 10:19, Petr Spacek wrote: > On 8.4.2014 10:14, Jan Cholasta wrote: > > On 8.4.2014 10:09, A

Re: [Freeipa-devel] [PATCH] [DOC] document that wildcards are not supported in FreeIPA <= 3.2

2014-04-09 Thread Martin Basti
On Tue, 2014-04-08 at 21:19 -0600, Gabe Alford wrote: > Hello, > > > Not sure how relevant this patch is to the current documentation > considering (I believe) that wildcards are supported in versions 3.3 > and up. Patch for https://fedorahosted.org/freeipa/ticket/3616 > > > Thanks, > > > Gab

Re: [Freeipa-devel] [PATCHES] 0508-0509 Add support for "non-object" managed permissions

2014-04-09 Thread Martin Kosek
On 04/08/2014 05:17 PM, Petr Viktorin wrote: > On 04/08/2014 04:39 PM, Martin Kosek wrote: >> On 04/08/2014 01:14 PM, Petr Viktorin wrote: >>> On 04/08/2014 12:53 PM, Martin Kosek wrote: On 04/08/2014 11:03 AM, Petr Viktorin wrote: >> ... The patch is functional, but I am not really a big

Re: [Freeipa-devel] [PATCH] 0504 Default read ACIs for Sudo objects

2014-04-09 Thread Martin Kosek
On 04/08/2014 05:19 PM, Petr Viktorin wrote: > On 04/08/2014 12:46 PM, Martin Kosek wrote: >> On 04/08/2014 11:03 AM, Petr Viktorin wrote: >>> On 04/07/2014 01:30 PM, Martin Kosek wrote: On 04/03/2014 12:09 PM, Petr Viktorin wrote: > Hello, > This adds read permissions to read Sudo com

Re: [Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup

2014-04-09 Thread Martin Kosek
On 04/08/2014 02:25 PM, Petr Viktorin wrote: > Hello, > These add read permissions to read user groups and hostgroups. > > For most attributes, anonymous read access is given. > For member, memberOf, memberUID, read access is given only to authenticated > users. Didn't we agree that we want to m

Re: [Freeipa-devel] [PATCH] 0505 Default read ACIs for HBAC objects

2014-04-09 Thread Martin Kosek
On 04/07/2014 01:34 PM, Petr Viktorin wrote: > On 04/07/2014 01:28 PM, Martin Kosek wrote: >> On 04/03/2014 12:09 PM, Petr Viktorin wrote: >>> Hello, >>> This adds read permissions to read HBAC rules, services, and service groups. >>> >>> Read access is given to all authenticated users. >> >> So fa

[Freeipa-devel] Ipatests fixes

2014-04-09 Thread Tomas Babej
Hi, the following batch deals with the following: * cleans up apache's semaphores prior to installing IPA (CA install can get stuck when IPA is reinstalled many times) * allows to pass extra arguments to install_client task * uses trailing dot in the hostname as fqdn which should not be overridde

Re: [Freeipa-devel] [PATCH] [DOC] document that wildcards are not supported in FreeIPA <= 3.2

2014-04-09 Thread Petr Spacek
On 9.4.2014 10:29, Martin Basti wrote: On Tue, 2014-04-08 at 21:19 -0600, Gabe Alford wrote: Hello, Not sure how relevant this patch is to the current documentation considering (I believe) that wildcards are supported in versions 3.3 and up. Patch for https://fedorahosted.org/freeipa/ticket/36

Re: [Freeipa-devel] [PATCH] 0506 Default read ACIs for hosts

2014-04-09 Thread Martin Kosek
On 04/03/2014 12:09 PM, Petr Viktorin wrote: > Hello, > This adds read permissions to read hosts. > > Read access is given to all authenticated users. > For reading host membership info, there is a separate permission that also > defaults to all authenticated users. > > The userPassword attribute

Re: [Freeipa-devel] [PATCH 0231] Fix record parsing to prevent child zone corruption

2014-04-09 Thread Petr Spacek
On 9.4.2014 10:03, Tomas Hozza wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/01/2014 08:29 PM, Petr Spacek wrote: Hello, Fix record parsing to prevent child zone corruption. Child zone hosted on the same server as parent zone was corrupted by bug in update_record(). Child zone's

[Freeipa-devel] [PATCH 0232-0233] Bump NVR to 4.2

2014-04-09 Thread Petr Spacek
Hello, Add bind-lite-devel to BuildRequires. Pushed to master: 0a3160bd3a4195429d082d7d48ffa596212c4b82 Bump NVR to 4.2. Pushed to master: 2568801743900684e00cc466deef1c5919d3480f -- Petr^2 Spacek From 0a3160bd3a4195429d082d7d48ffa596212c4b82 Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: We

[Freeipa-devel] User status

2014-04-09 Thread Massimiliano Perrone (tirasa.net)
Hi guys, is there any way to check the user status on ldap server? Thanks and regards, Massi -- Massimiliano Perrone Tel +39 393 9121310 Tirasa S.r.l. Viale D'Annunzio 267 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973 http://www.tirasa.net Apache Syncope PMC Member http://people.apa

Re: [Freeipa-devel] Ipatests fixes

2014-04-09 Thread Petr Viktorin
On 04/09/2014 12:07 PM, Tomas Babej wrote: Hi, the following batch deals with the following: * cleans up apache's semaphores prior to installing IPA (CA install can get stuck when IPA is reinstalled many times) What happens if Apache is running for some reason? Should we also stop it before

Re: [Freeipa-devel] [PATCH] 0505 Default read ACIs for HBAC objects

2014-04-09 Thread Petr Viktorin
On 04/09/2014 10:59 AM, Martin Kosek wrote: On 04/07/2014 01:34 PM, Petr Viktorin wrote: On 04/07/2014 01:28 PM, Martin Kosek wrote: On 04/03/2014 12:09 PM, Petr Viktorin wrote: Hello, This adds read permissions to read HBAC rules, services, and service groups. Read access is given to all aut

Re: [Freeipa-devel] [PATCHES] 0508-0509 Add support for "non-object" managed permissions

2014-04-09 Thread Petr Viktorin
On 04/09/2014 10:31 AM, Martin Kosek wrote: On 04/08/2014 05:17 PM, Petr Viktorin wrote: On 04/08/2014 04:39 PM, Martin Kosek wrote: On 04/08/2014 01:14 PM, Petr Viktorin wrote: On 04/08/2014 12:53 PM, Martin Kosek wrote: On 04/08/2014 11:03 AM, Petr Viktorin wrote: ... The patch is functio

Re: [Freeipa-devel] [PATCH][RFC] 7 automember rebuild nowait feature added

2014-04-09 Thread Misnyovszki Adam
On Tue, 08 Apr 2014 17:31:25 +0200 Petr Viktorin wrote: > On 04/08/2014 04:17 PM, Misnyovszki Adam wrote: > > On Mon, 07 Apr 2014 09:43:10 +0200 > > Petr Viktorin wrote: > > > >> On 03/27/2014 03:37 PM, Misnyovszki Adam wrote: > >>> On Wed, 26 Mar 2014 13:15:55 +0100 > >>> Petr Viktorin wrote:

Re: [Freeipa-devel] [PATCH][RFC] 7 automember rebuild nowait feature added

2014-04-09 Thread Petr Viktorin
On 04/09/2014 01:43 PM, Misnyovszki Adam wrote: On Tue, 08 Apr 2014 17:31:25 +0200 Petr Viktorin wrote: On 04/08/2014 04:17 PM, Misnyovszki Adam wrote: On Mon, 07 Apr 2014 09:43:10 +0200 Petr Viktorin wrote: On 03/27/2014 03:37 PM, Misnyovszki Adam wrote: On Wed, 26 Mar 2014 13:15:55 +010

Re: [Freeipa-devel] User status

2014-04-09 Thread Martin Kosek
On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote: > Hi guys, > is there any way to check the user status on ldap server? > > Thanks and regards, > > Massi > Hello, It depends what you mean by status. We have a command to get a lock/auth status of a user with user-status command:

[Freeipa-devel] [PATCH 0234] Prevent NULL dereference before sync_concurr_limit_signal() calls

2014-04-09 Thread Petr Spacek
Hello, Prevent NULL dereference before sync_concurr_limit_signal() calls. Missing check was causing NULL dereference in case where manager_get_ldap_instance() failed. This typically happens when BIND is processing LDAP updates during shutdown. I noticed this crash during sanity testing 4.2 rele

Re: [Freeipa-devel] User status

2014-04-09 Thread Massimiliano Perrone (tirasa.net)
On 04/09/2014 02:01 PM, Martin Kosek wrote: On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote: Hi guys, is there any way to check the user status on ldap server? Thanks and regards, Massi Hello, It depends what you mean by status. We have a command to get a lock/auth status of

Re: [Freeipa-devel] User status

2014-04-09 Thread Martin Kosek
On 04/09/2014 02:37 PM, Massimiliano Perrone (tirasa.net) wrote: > On 04/09/2014 02:01 PM, Martin Kosek wrote: >> On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote: >>> Hi guys, >>> is there any way to check the user status on ldap server? >>> >>> Thanks and regards, >>> >>> Massi >>>

Re: [Freeipa-devel] [PATCH][RFC] 7 automember rebuild nowait feature added

2014-04-09 Thread Petr Viktorin
On 04/09/2014 01:45 PM, Petr Viktorin wrote: On 04/09/2014 01:43 PM, Misnyovszki Adam wrote: On Tue, 08 Apr 2014 17:31:25 +0200 Petr Viktorin wrote: On 04/08/2014 04:17 PM, Misnyovszki Adam wrote: On Mon, 07 Apr 2014 09:43:10 +0200 Petr Viktorin wrote: On 03/27/2014 03:37 PM, Misnyovszki

Re: [Freeipa-devel] [PATCH] [DOC] document that wildcards are not supported in FreeIPA <= 3.2

2014-04-09 Thread Gabe Alford
I am good with it. Gabe On Wed, Apr 9, 2014 at 4:20 AM, Petr Spacek wrote: > On 9.4.2014 10:29, Martin Basti wrote: > >> On Tue, 2014-04-08 at 21:19 -0600, Gabe Alford wrote: >> >>> Hello, >>> >>> >>> Not sure how relevant this patch is to the current documentation >>> considering (I believe)

Re: [Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup

2014-04-09 Thread Simo Sorce
On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote: > On 04/08/2014 02:25 PM, Petr Viktorin wrote: > > Hello, > > These add read permissions to read user groups and hostgroups. > > > > For most attributes, anonymous read access is given. > > For member, memberOf, memberUID, read access is given

Re: [Freeipa-devel] User status

2014-04-09 Thread Massimiliano Perrone (tirasa.net)
On 04/09/2014 02:40 PM, Martin Kosek wrote: On 04/09/2014 02:37 PM, Massimiliano Perrone (tirasa.net) wrote: On 04/09/2014 02:01 PM, Martin Kosek wrote: On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote: Hi guys, is there any way to check the user status on ldap server? Thanks a

Re: [Freeipa-devel] User status

2014-04-09 Thread Martin Kosek
On 04/09/2014 03:15 PM, Massimiliano Perrone (tirasa.net) wrote: > On 04/09/2014 02:40 PM, Martin Kosek wrote: >> On 04/09/2014 02:37 PM, Massimiliano Perrone (tirasa.net) wrote: >>> On 04/09/2014 02:01 PM, Martin Kosek wrote: On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote: >>

Re: [Freeipa-devel] [PATCH 0234] Prevent NULL dereference before sync_concurr_limit_signal() calls

2014-04-09 Thread Tomas Hozza
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/09/2014 02:07 PM, Petr Spacek wrote: > Hello, > > Prevent NULL dereference before sync_concurr_limit_signal() calls. > > Missing check was causing NULL dereference in case where > manager_get_ldap_instance() failed. This typically happens when

Re: [Freeipa-devel] [PATCH][RFC] 7 automember rebuild nowait feature added

2014-04-09 Thread Misnyovszki Adam
On Wed, 09 Apr 2014 14:53:34 +0200 Petr Viktorin wrote: > On 04/09/2014 01:45 PM, Petr Viktorin wrote: > > On 04/09/2014 01:43 PM, Misnyovszki Adam wrote: > >> On Tue, 08 Apr 2014 17:31:25 +0200 > >> Petr Viktorin wrote: > >> > >>> On 04/08/2014 04:17 PM, Misnyovszki Adam wrote: > On Mon, 0

Re: [Freeipa-devel] [PATCH][RFC] 7 automember rebuild nowait feature added

2014-04-09 Thread Petr Viktorin
On 04/09/2014 03:21 PM, Misnyovszki Adam wrote: On Wed, 09 Apr 2014 14:53:34 +0200 Petr Viktorin wrote: On 04/09/2014 01:45 PM, Petr Viktorin wrote: On 04/09/2014 01:43 PM, Misnyovszki Adam wrote: On Tue, 08 Apr 2014 17:31:25 +0200 Petr Viktorin wrote: On 04/08/2014 04:17 PM, Misnyovszki

Re: [Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup

2014-04-09 Thread Martin Kosek
On 04/09/2014 03:04 PM, Simo Sorce wrote: > On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote: >> On 04/08/2014 02:25 PM, Petr Viktorin wrote: >>> Hello, >>> These add read permissions to read user groups and hostgroups. >>> >>> For most attributes, anonymous read access is given. >>> For membe

Re: [Freeipa-devel] global account lockout

2014-04-09 Thread Ludwig Krispenz
On 04/09/2014 12:31 AM, Simo Sorce wrote: On Tue, 2014-04-08 at 12:00 +0200, Ludwig Krispenz wrote: Replication storms. In my opinion the replication of a mod of one or two attribute in a entry will be faster than the bind itself. Think about the amplification effect in an environment with 20

Re: [Freeipa-devel] [PATCH] 0504 Default read ACIs for Sudo objects

2014-04-09 Thread Petr Viktorin
On 04/09/2014 10:31 AM, Martin Kosek wrote: On 04/08/2014 05:19 PM, Petr Viktorin wrote: On 04/08/2014 12:46 PM, Martin Kosek wrote: On 04/08/2014 11:03 AM, Petr Viktorin wrote: On 04/07/2014 01:30 PM, Martin Kosek wrote: On 04/03/2014 12:09 PM, Petr Viktorin wrote: Hello, This adds read per

Re: [Freeipa-devel] global account lockout

2014-04-09 Thread Petr Spacek
On 9.4.2014 15:50, Ludwig Krispenz wrote: On 04/09/2014 12:31 AM, Simo Sorce wrote: On Tue, 2014-04-08 at 12:00 +0200, Ludwig Krispenz wrote: Replication storms. In my opinion the replication of a mod of one or two attribute in a entry will be faster than the bind itself. Think about the ampl

Re: [Freeipa-devel] [PATCH] 0504 Default read ACIs for Sudo objects

2014-04-09 Thread Martin Kosek
On 04/09/2014 03:56 PM, Petr Viktorin wrote: > On 04/09/2014 10:31 AM, Martin Kosek wrote: >> On 04/08/2014 05:19 PM, Petr Viktorin wrote: >>> On 04/08/2014 12:46 PM, Martin Kosek wrote: On 04/08/2014 11:03 AM, Petr Viktorin wrote: > On 04/07/2014 01:30 PM, Martin Kosek wrote: >> On 04

Re: [Freeipa-devel] global account lockout

2014-04-09 Thread Rich Megginson
On 04/09/2014 07:57 AM, Petr Spacek wrote: On 9.4.2014 15:50, Ludwig Krispenz wrote: On 04/09/2014 12:31 AM, Simo Sorce wrote: On Tue, 2014-04-08 at 12:00 +0200, Ludwig Krispenz wrote: Replication storms. In my opinion the replication of a mod of one or two attribute in a entry will be faster

Re: [Freeipa-devel] global account lockout

2014-04-09 Thread Simo Sorce
On Wed, 2014-04-09 at 15:50 +0200, Ludwig Krispenz wrote: > > Something like this is what we have experienced for real and cause > us to > > actually disable replication of all the lockout related attributes > in > > the past. > But also here it can get complicated, we cannot really use > failedlo

Re: [Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup

2014-04-09 Thread Petr Viktorin
On 04/09/2014 03:26 PM, Martin Kosek wrote: On 04/09/2014 03:04 PM, Simo Sorce wrote: On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote: On 04/08/2014 02:25 PM, Petr Viktorin wrote: Hello, These add read permissions to read user groups and hostgroups. For most attributes, anonymous read a

Re: [Freeipa-devel] [PATCH] 0504 Default read ACIs for Sudo objects

2014-04-09 Thread Petr Viktorin
On 04/09/2014 04:02 PM, Martin Kosek wrote: On 04/09/2014 03:56 PM, Petr Viktorin wrote: On 04/09/2014 10:31 AM, Martin Kosek wrote: On 04/08/2014 05:19 PM, Petr Viktorin wrote: On 04/08/2014 12:46 PM, Martin Kosek wrote: On 04/08/2014 11:03 AM, Petr Viktorin wrote: On 04/07/2014 01:30 PM, M

Re: [Freeipa-devel] global account lockout

2014-04-09 Thread Rich Megginson
On 04/09/2014 08:09 AM, Simo Sorce wrote: On Wed, 2014-04-09 at 15:50 +0200, Ludwig Krispenz wrote: Something like this is what we have experienced for real and cause us to actually disable replication of all the lockout related attributes in the past. But also here it can get complicated,

Re: [Freeipa-devel] [PATCH] [DOC] document that wildcards are not supported in FreeIPA <= 3.2

2014-04-09 Thread Petr Viktorin
On 04/09/2014 02:58 PM, Gabe Alford wrote: I am good with it. Gabe Pushed to docs master: be130d05c2111d31465e57238c5390a5c4ab9de2 On Wed, Apr 9, 2014 at 4:20 AM, Petr Spacek mailto:pspa...@redhat.com>> wrote: On 9.4.2014 10:29, Martin Basti wrote: On Tue, 2014-04-08 at 21:19 -

Re: [Freeipa-devel] [PATCH 0234] Prevent NULL dereference before sync_concurr_limit_signal() calls

2014-04-09 Thread Petr Spacek
On 9.4.2014 15:20, Tomas Hozza wrote: On 04/09/2014 02:07 PM, Petr Spacek wrote: Hello, Prevent NULL dereference before sync_concurr_limit_signal() calls. Missing check was causing NULL dereference in case where manager_get_ldap_instance() failed. This typically happens when BIND is processing

Re: [Freeipa-devel] global account lockout

2014-04-09 Thread Ludwig Krispenz
On 04/09/2014 04:17 PM, Rich Megginson wrote: On 04/09/2014 08:09 AM, Simo Sorce wrote: On Wed, 2014-04-09 at 15:50 +0200, Ludwig Krispenz wrote: Something like this is what we have experienced for real and cause us to actually disable replication of all the lockout related attributes in t

[Freeipa-devel] [PATCH] 0513 Add managed read permissions to permission

2014-04-09 Thread Petr Viktorin
The meta-permissions. Read access is given to all authenticated users. Reading membership info (i.e. privileges) is split into a separate permission. Another permission is added that allows read access to all ACIs. If we don't want to open that up for everyone, I could limit this to only ACIs

Re: [Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup

2014-04-09 Thread Martin Kosek
On 04/09/2014 04:09 PM, Petr Viktorin wrote: > On 04/09/2014 03:26 PM, Martin Kosek wrote: >> On 04/09/2014 03:04 PM, Simo Sorce wrote: >>> On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote: On 04/08/2014 02:25 PM, Petr Viktorin wrote: > Hello, > These add read permissions to read

Re: [Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup

2014-04-09 Thread Petr Viktorin
On 04/09/2014 05:08 PM, Martin Kosek wrote: On 04/09/2014 04:09 PM, Petr Viktorin wrote: On 04/09/2014 03:26 PM, Martin Kosek wrote: On 04/09/2014 03:04 PM, Simo Sorce wrote: On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote: On 04/08/2014 02:25 PM, Petr Viktorin wrote: Hello, These add

Re: [Freeipa-devel] [PATCH] 0513 Add managed read permissions to permission

2014-04-09 Thread Martin Kosek
On 04/09/2014 04:54 PM, Petr Viktorin wrote: > The meta-permissions. :-) > Read access is given to all authenticated users. Reading membership info (i.e. > privileges) is split into a separate permission. > > Another permission is added that allows read access to all ACIs. > If we don't want to

Re: [Freeipa-devel] [PATCH 0234] Prevent NULL dereference before sync_concurr_limit_signal() calls

2014-04-09 Thread Lukas Slebodnik
On (09/04/14 16:38), Petr Spacek wrote: >On 9.4.2014 15:20, Tomas Hozza wrote: >>On 04/09/2014 02:07 PM, Petr Spacek wrote: >>>Hello, >>> >>>Prevent NULL dereference before sync_concurr_limit_signal() calls. >>> >>>Missing check was causing NULL dereference in case where >>>manager_get_ldap_instanc

Re: [Freeipa-devel] [PATCH 0234] Prevent NULL dereference before sync_concurr_limit_signal() calls

2014-04-09 Thread Petr Spacek
On 9.4.2014 17:39, Lukas Slebodnik wrote: On (09/04/14 16:38), Petr Spacek wrote: On 9.4.2014 15:20, Tomas Hozza wrote: On 04/09/2014 02:07 PM, Petr Spacek wrote: Hello, Prevent NULL dereference before sync_concurr_limit_signal() calls. Missing check was causing NULL dereference in case wher

Re: [Freeipa-devel] global account lockout

2014-04-09 Thread Gabe Alford
I came across these articles that may be of some use in this topic. I humbly admit that I am no expert on this topic, and these may not be of any use. Plus, I am not a fan of the product, but maybe it helps? http://technet.microsoft.com/en-us/library/cc772726%28v=ws.10%29.aspx http://blogs.technet

[Freeipa-devel] [PATCH 0235] Bump NVR to 4.3

2014-04-09 Thread Petr Spacek
Hello, Bump NVR to 4.3. Pushed to master: 89f1751ff8f8582d628652060eff3bf5a9d7254a -- Petr^2 Spacek From 89f1751ff8f8582d628652060eff3bf5a9d7254a Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Wed, 9 Apr 2014 17:59:32 +0200 Subject: [PATCH] Bump NVR to 4.3. Signed-off-by: Petr Spacek ---

[Freeipa-devel] Announcing bind-dyndb-ldap version 4.3

2014-04-09 Thread Petr Spacek
The FreeIPA team is proud to announce bind-dyndb-ldap version 4.3. It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/ The new version has also been built for Fedora 20 and and is on its way to updates-testing: https://admin.fedoraproject.org/updates/bind-dyndb-ldap-4.

Re: [Freeipa-devel] [PATCH] 1106 IPA REST smart proxy

2014-04-09 Thread Rob Crittenden
Petr Viktorin wrote: On 03/14/2014 07:58 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 03/12/2014 07:48 PM, Rob Crittenden wrote: [...] Here are a couple more enhancements I'm considering, this seems simpler than inter-diff since it is so small. Not really. Having a patch file with a s

Re: [Freeipa-devel] [PATCH] 1106 IPA REST smart proxy

2014-04-09 Thread Rob Crittenden
Rob Crittenden wrote: Petr Viktorin wrote: On 03/14/2014 07:58 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 03/12/2014 07:48 PM, Rob Crittenden wrote: [...] Here are a couple more enhancements I'm considering, this seems simpler than inter-diff since it is so small. Not really. Havin

Re: [Freeipa-devel] Ipa-server-install Firewall Support

2014-04-09 Thread Dmitri Pal
On 04/08/2014 02:42 PM, Rob Crittenden wrote: Justin Brown wrote: Dmitri, I'd be more than happy to, but I'm having trouble figuring out where it should go. Could you send me a link to a similar design page? I'd put it under here: http://www.freeipa.org/page/V4_Proposals There is a template

Re: [Freeipa-devel] Ipa-server-install Firewall Support

2014-04-09 Thread Martin Kosek
On 04/10/2014 02:57 AM, Dmitri Pal wrote: > On 04/08/2014 02:42 PM, Rob Crittenden wrote: >> Justin Brown wrote: ... > b) Example: freeipa-server-install --setup-dns --forwarder=192.168.0.2 > --forwarder=192.168.0.3 Let's talk about CLI. Shouldn't we add just one option - "--no-firewall"? I would