Re: [Freeipa-devel] [PATCH] 0506 Default read ACIs for hosts

2014-04-11 Thread Martin Kosek
On 04/10/2014 05:29 PM, Petr Viktorin wrote: > On 04/10/2014 03:04 PM, Martin Kosek wrote: >> On 04/10/2014 02:52 PM, Simo Sorce wrote: >>> On Thu, 2014-04-10 at 13:56 +0200, Petr Viktorin wrote: On 04/09/2014 12:25 PM, Martin Kosek wrote: > On 04/03/2014 12:09 PM, Petr Viktorin wrote: >>>

Re: [Freeipa-devel] [PATCH] 0516 Add managed read permissions to realmdomains

2014-04-11 Thread Martin Kosek
On 04/10/2014 03:55 PM, Petr Viktorin wrote: > Read access is given to all authenticated users. > Works for me, ACK. Pushed to master, Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0513 Add managed read permissions to RBAC objects

2014-04-11 Thread Martin Kosek
On 04/10/2014 05:03 PM, Petr Viktorin wrote: > On 04/10/2014 03:20 PM, Martin Kosek wrote: >> On 04/10/2014 03:10 PM, Petr Viktorin wrote: >>> On 04/10/2014 03:07 PM, Martin Kosek wrote: On 04/10/2014 03:02 PM, Petr Viktorin wrote: > On 04/10/2014 02:58 PM, Martin Kosek wrote: >> On 04

Re: [Freeipa-devel] [PATCH] 0515 Add managed read permission for SELinux user map

2014-04-11 Thread Martin Kosek
On 04/10/2014 03:30 PM, Petr Viktorin wrote: > Read access is given to all authenticated users. > ACK, works fine. Pushed to master: 3db9ce320422a6cc57e1767a1e0cbf06d950a67e Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.r

[Freeipa-devel] [PATCH] 0517 test_realmdomains_plugin: Add default ACI to expected output

2014-04-11 Thread Petr Viktorin
On 04/10/2014 03:55 PM, Petr Viktorin wrote: Subject: [PATCH] 0516 Add managed read permissions to realmdomains Read access is given to all authenticated users. Jenkins tells me this breaks tests. Since realmdomains ACIs are set on a single entry, not a container, realmdomains_show --all wil

Re: [Freeipa-devel] [PATCH] 0517 test_realmdomains_plugin: Add default ACI to expected output

2014-04-11 Thread Martin Kosek
On 04/11/2014 12:41 PM, Petr Viktorin wrote: > On 04/10/2014 03:55 PM, Petr Viktorin wrote: >> Subject: [PATCH] 0516 Add managed read permissions to realmdomains >> >> Read access is given to all authenticated users. >> > > Jenkins tells me this breaks tests. Since realmdomains ACIs are set on a

[Freeipa-devel] [PATCH] Do not ask for memberindirect when updating managed permissions

2014-04-11 Thread Petr Viktorin
One of the default_attributes of permission is memberofindirect, a virtual attribute manufactured by ldap2, which is set when a permission is part of a role. When update_entry is called on an entry with memberofindirect, ipaldap tries to add the attribute to LDAP and fails with an objectclass vi

[Freeipa-devel] [PATCH] 0519 Add managed read permissions to pwpolicy and cosentry

2014-04-11 Thread Petr Viktorin
Read access is given as a new privilege, 'Password Policy Readers', and also to the existing privilege 'Password Policy Administrator'. -- PetrĀ³ From c61532cd5bbce02f073a94fdceff8169c4d4b52d Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 26 Mar 2014 17:11:23 +0100 Subject: [PATCH] Add

Re: [Freeipa-devel] [PATCH] 569-583 New Login Screen

2014-04-11 Thread Misnyovszki Adam
On Fri, 28 Mar 2014 14:04:13 +0100 Petr Vobornik wrote: > Attached patches replace IPA.unauthorized dialog with new Login > Screen. > > To make it happen, a support for standalone facets had to be > developed because current framework was limited by facets dependent > on entities and a container

Re: [Freeipa-devel] [PATCH] 0506 Default read ACIs for hosts

2014-04-11 Thread Simo Sorce
On Fri, 2014-04-11 at 09:48 +0200, Martin Kosek wrote: > On 04/10/2014 05:29 PM, Petr Viktorin wrote: > > On 04/10/2014 03:04 PM, Martin Kosek wrote: > >> On 04/10/2014 02:52 PM, Simo Sorce wrote: > >>> On Thu, 2014-04-10 at 13:56 +0200, Petr Viktorin wrote: > On 04/09/2014 12:25 PM, Martin Ko

Re: [Freeipa-devel] [PATCH] 0519 Add managed read permissions to pwpolicy and cosentry

2014-04-11 Thread Simo Sorce
On Fri, 2014-04-11 at 14:26 +0200, Petr Viktorin wrote: > Read access is given as a new privilege, 'Password Policy Readers', and > also to the existing privilege 'Password Policy Administrator'. > LGTM Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] 0506 Default read ACIs for hosts

2014-04-11 Thread Petr Viktorin
On 04/11/2014 02:36 PM, Simo Sorce wrote: On Fri, 2014-04-11 at 09:48 +0200, Martin Kosek wrote: On 04/10/2014 05:29 PM, Petr Viktorin wrote: On 04/10/2014 03:04 PM, Martin Kosek wrote: On 04/10/2014 02:52 PM, Simo Sorce wrote: On Thu, 2014-04-10 at 13:56 +0200, Petr Viktorin wrote: On 04/09