it for libmicrohttp,
shouldn't be too much work, the crypto details are handled by libgssapi
anyways.
That seems to be a common case -- at least for nginx people did go the
same way https://github.com/fintler/nginx-mod-auth-kerb
--
/ Alexander Bokovoy
Hi,
while reading through the code and examples, few typos were identified
and fixed. Really minor patch.
--
/ Alexander Bokovoy
From 178f2da439d1cc1299bb79bf563019ce4877804f Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Mon, 27 Jun 2011 14:58:52 +0300
Subject
--
/ Alexander Bokovoy
From a7cd88f5aa2db2c18fe76c612573ec28eb51fd40 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Fri, 1 Jul 2011 11:11:38 +0300
Subject: [PATCH] Rearrange logging for NSCD daemon.
https://fedorahosted.org/freeipa/ticket/1373
When SSSD is in use
New version: forgot to import package_installed_name from ipautil.
Previous version can be ignored.
--
/ Alexander Bokovoy
From a78f8a4d18a9eae266215238dbaefe3b6cc6cd98 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Fri, 1 Jul 2011 12:41:45 +0300
Subject: [PATCH] Make
--
/ Alexander Bokovoy
From d29143ce5f6364dfc93dd0228dc58199f956b0a6 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Fri, 1 Jul 2011 12:15:12 +0300
Subject: [PATCH] Make error reporting more 'local' for various configurations
of nss_ldap packages
https
Hi,
On 01.07.2011 14:54, Jan Cholasta wrote:
On 1.7.2011 11:44, Alexander Bokovoy wrote:
New version: forgot to import package_installed_name from ipautil.
Previous version can be ignored.
ipa-client-install should be usable on non-RH platforms (see
https://fedorahosted.org/freeipa/ticket
it.
Do we have other cases where it is *not* enough to have check on the
configuration files rather than package itself? For example, for cases
where we would enforce installation of a required package to satisfy
dependencies (like it was discussed for PackageKit on #freeipa)?
--
/ Alexander
On 06.07.2011 17:27, Rob Crittenden wrote:
Alexander Bokovoy wrote:
Should we instead look to see if /usr/sbin/nscd exists before calling
chkconfig?
When you call chkconfig for non-existing service, it is correctly
reporting that it does not exist and sets return code appropriately. I
by rebasing to current git that nothing has changed since
Thursday and patch applies.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 15.07.2011 22:41, Rob Crittenden wrote:
Alexander Bokovoy wrote:
nack.
I don't believe this fixes the reported problem. This patch affects
un-installation in which case whether sssd was selected or not doesn't
matter, we're just trying to restore the previous state (so tangentially
I
On 15.07.2011 22:41, Rob Crittenden wrote:
Alexander Bokovoy wrote:
nack.
I don't believe this fixes the reported problem. This patch affects
un-installation in which case whether sssd was selected or not doesn't
matter, we're just trying to restore the previous state (so tangentially
https://fedorahosted.org/freeipa/ticket/1476
--
/ Alexander Bokovoy
From f80ccb1a3c85afd8d5aa03191ef5c323a35293de Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Tue, 19 Jul 2011 16:07:05 +0300
Subject: [PATCH] Fix sssd.conf to always have IPA certificate for the domain
and ipa-client-install will come from such a package. Thus,
providing proper ipautil-system.py file can be done as packaging effort.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa
Hi,
On 19.07.2011 16:36, Alexander Bokovoy wrote:
I believe that nss-pam-ldapd uses a different configuration file than
nss_ldap, I think I'd rather use the existence of that to determine what
is being used. Calling out to rpm seems heavy-weight.
In continuation of the same story, ticket 1368
On 20.07.2011 20:30, Alexander Bokovoy wrote:
I moved existing code to ipapython/platform/redhat.py.
ipapython/services.py is auto-generated and basically is one-liner:
=
from ipapython.platform.platform import *
=
Actual platform value is substituted using top-level Makefile's
On 20.07.2011 21:59, John Dennis wrote:
On 07/20/2011 01:30 PM, Alexander Bokovoy wrote:
Actualplatform value is substituted using top-level Makefile's
SUPPORTED_PLAFTORM= variable (defaults to 'redhat', can be redefined
without modifying Makefile, in package building scripts, for example
, only HBAC rules
specified on the command line are considered.
I'm still not sure if running simulation against all disabled HBAC rules
in databse is worth it.
--
/ Alexander Bokovoy
# Authors:
# Alexander Bokovoy aboko...@redhat.com
#
# Copyright (C) 2011 Red Hat
# see file 'COPYING' for use
Now real patch: adds command, updates API.txt and VERSION files, along
with freeipa.spec.
On 22.07.2011 12:32, Alexander Bokovoy wrote:
Hi,
attached please find a first cut of an HBAC tester command to CLI,
FreeIPA ticket https://fedorahosted.org/freeipa/ticket/386
The idea behind
On 22.07.2011 22:47, Rob Crittenden wrote:
Alexander Bokovoy wrote:
Now real patch: adds command, updates API.txt and VERSION files, along
with freeipa.spec.
On 22.07.2011 12:32, Alexander Bokovoy wrote:
Hi,
attached please find a first cut of an HBAC tester command to CLI,
FreeIPA
On 22.07.2011 23:10, Alexander Bokovoy wrote:
So this is a little confusing. I thought --rules limited the rules that
were considered. Maybe I'm misunderstanding it.
--validate + --rules gives limitation, --rules alone adds more rules to
the existing test set which is all enabled rules in IPA
to see how
simulation went, which rules granted access and which denied.
Conceptually it should have been --verbose but verbose is already global
option taken by IPA framework.
+1 error - this would match the behavior of all other CLIs.
Ok.
--
/ Alexander Bokovoy
the wording in the help output that confused
me. Details of the rule(s) being validated ?
May be Show which rules are passed, denied, and invalid?
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com
for simulation. Making
--enabled/--disabled taking arguments introduces unneeded information
waste into operation.
I'll send updated patch proposal today.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com
On 26.07.2011 06:23, Alexander Bokovoy wrote:
I'll send updated patch proposal today.
Here is new patch.
$ ipa hbactest --help
Usage: ipa [global-options] hbactest [options]
Options:
-h, --help show this help message and exit
--user=STR User name
--srchost=STR Source host
On 26.07.2011 13:36, Alexander Bokovoy wrote:
On 26.07.2011 06:23, Alexander Bokovoy wrote:
I'll send updated patch proposal today.
Here is new patch.
Rebased against current master (9a4ce988df219565ab84602b1eea93e14700862b)
--
/ Alexander Bokovoy
From 895afdab5a945dfdf68746299c3f7f15d2b718a2
On 26.07.2011 15:26, Jakub Hrozek wrote:
On 07/26/2011 12:41 PM, Alexander Bokovoy wrote:
On 26.07.2011 13:36, Alexander Bokovoy wrote:
On 26.07.2011 06:23, Alexander Bokovoy wrote:
I'll send updated patch proposal today.
Here is new patch.
Rebased against current master
notmatched: myrule
notmatched: кошка, кот
This is scriptable and also returns granted/not-granted result in $? so
you can easily test in shell whether ipa command was successful or not.
Attached is the patch with unit tests and it can be considered for
inclusion.
--
/ Alexander Bokovoy
From
On 29.07.2011 06:38, Alexander Bokovoy wrote:
Fixed that all and added unit test for non-existing rules.
Modified description to be more detailed and added real examples.
Scratch previous version, while nicely renaming unit tests before commit
and after patch testing I didn't keep right order
On 29.07.2011 07:41, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On 29.07.2011 06:38, Alexander Bokovoy wrote:
Fixed that all and added unit test for non-existing rules.
Modified description to be more detailed and added real examples.
Scratch previous version, while nicely renaming unit
https://fedorahosted.org/freeipa/ticket/1368
also replaces a tab by spaces in one else statement (cosmetic).
--
/ Alexander Bokovoy
From bc02d3098671a2284b5764205b893facdeacf80e Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Tue, 19 Jul 2011 15:33:53 +0300
Subject
On 29.07.2011 12:01, Martin Kosek wrote:
On Fri, 2011-07-29 at 11:42 +0300, Alexander Bokovoy wrote:
https://fedorahosted.org/freeipa/ticket/1368
also replaces a tab by spaces in one else statement (cosmetic).
This works fine. But I have few suggestion for improvement:
1) Shouldn't we
/ticket/1369
--
/ Alexander Bokovoy
From 5497a7b2b39a6f7ffd48d35c37beeb80e9730f66 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Fri, 29 Jul 2011 13:05:07 +0300
Subject: [PATCH] Make proper LDAP configuration reporting for
ipa-client-install
Ticket https
it was. sysrestore.StateFile could be used for
storing the old hostname value.
Added use of sysrestore.StateFile and restoring the hostname from it.
Note that /etc/sysconfig/network is restored already via
sysrestore.FileStore.
--
/ Alexander Bokovoy
From c1892612c7ad64f8ea9ae14f8077d0a5a4b832bf Mon Sep 17 00:00:00 2001
On 29.07.2011 14:13, Martin Kosek wrote:
On Fri, 2011-07-29 at 13:09 +0300, Alexander Bokovoy wrote:
Hi,
another attempt to refine error/configuration reporting when configuring
means to access LDAP on a client. Previous one tried to use rpm to find
out package name but this approach
On 29.07.2011 14:53, Alexander Bokovoy wrote:
On 29.07.2011 13:52, Martin Kosek wrote:
Oh, this is not informative at all. I'll get this updated.
Updated patch attached.
Ok, hostname is properly changed now. I still have some issues:
Updated again to use more reliable regexp for parsing
On 29.07.2011 16:25, Martin Kosek wrote:
On Fri, 2011-07-29 at 16:05 +0300, Alexander Bokovoy wrote:
On 29.07.2011 14:53, Alexander Bokovoy wrote:
On 29.07.2011 13:52, Martin Kosek wrote:
Oh, this is not informative at all. I'll get this updated.
Updated patch attached.
Ok, hostname
On 29.07.2011 17:06, Alexander Bokovoy wrote:
There was wrong comparison (I wanted to check if option is not None and
then compare it to 'HOSTNAME' but brain short-circuited. My bad.
... and one more update, to get common style for comparisons.
--
/ Alexander Bokovoy
From
this code for configuring specific services should go into
platform-specific backend and be re-used from there but that is
something for 2.1.1 as it would need my cross-platform enablers which
are too big for 2.1.
--
/ Alexander Bokovoy
From 5d38060f05d4642761bb62db810d8e6b89a3f150 Mon Sep 17 00:00:00
On 29.07.2011 18:45, Dmitri Pal wrote:
On 07/29/2011 11:35 AM, Alexander Bokovoy wrote:
No recognized configuration, please check manually NSS setup
May be reword:
Unknown configuration, please check NSS setup manually
But some time ago, somewhere, some
', env)
yield param
def _create_param_namespace(self, name, env=None):
Does anybody have better suggestion?
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
On 01.08.2011 16:13, Adam Young wrote:
On 08/01/2011 06:34 AM, Alexander Bokovoy wrote:
Hi,
while investigating #1549 and #1550 I stumbled upon a problem. We create
Param(s) as read only entities. This means that using standard methods,
any modifications to Param instances are denied. What
+if not name:
+name = self.name
raise ValidationError(
-name=self.cli_name, error='incomplete time value'
+name=name, error='incomplete time value'
)
return None
--
/ Alexander Bokovoy
shouldn't get to this problem at all.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 01.08.2011 17:15, Adam Young wrote:
On 08/01/2011 10:01 AM, Alexander Bokovoy wrote:
On 01.08.2011 17:00, Adam Young wrote:
I don't really have the context to ACK it, but it looks a lot better to
me than the previous solution.
Thanks.
Here is what I get without and with the patch
Hi,
as result of discussion on Param and environment/context, here is patch
to fix
https://fedorahosted.org/freeipa/ticket/1549
https://fedorahosted.org/freeipa/ticket/1550
CLI and Web UI work.
--
/ Alexander Bokovoy
From 7bbec097dfac402a4b79edc8685b736a53d06aed Mon Sep 17 00:00:00 2001
On 01.08.2011 17:44, Rob Crittenden wrote:
Alexander Bokovoy wrote:
Hi,
as result of discussion on Param and environment/context, here is patch
to fix
https://fedorahosted.org/freeipa/ticket/1549
https://fedorahosted.org/freeipa/ticket/1550
CLI and Web UI work.
nack.
When
On 02.08.2011 15:27, Alexander Bokovoy wrote:
Following yesterday's discussion on IRC with Rob, I further investigated
the issue and came up with a following fix (attached).
The patch extends arguments supported by Param class to accept
environment and set it if it is not None before locking
, system may have no networking enabled
after reboot.
--
/ Alexander Bokovoy
From 2df08449eec5c64f64b20232842f6432b8b64f8f Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Wed, 10 Aug 2011 14:54:32 +0300
Subject: [PATCH] Ensure network configuration file has proper permissions
On 10.08.2011 14:57, Alexander Bokovoy wrote:
Ensure network configuration file has proper permissions
As network configuration file is created as temporary file, it has
stricter permissions than we need for the target system configuration
file. Ensure permissions are properly reset before
On 10.08.2011 14:57, Alexander Bokovoy wrote:
Ensure network configuration file has proper permissions
As network configuration file is created as temporary file, it has
stricter permissions than we need for the target system configuration
file. Ensure permissions are properly reset before
-sensitive due to
schema definition.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 11.08.2011 14:59, Martin Kosek wrote:
On Thu, 2011-08-11 at 13:07 +0300, Alexander Bokovoy wrote:
On 11.08.2011 12:19, Martin Kosek wrote:
This is a first shot for client enrollment fix. I had to pull the new
version of xmlrpc-c from koji as it is not in updates-testing repo yet:
http
://fedorahosted.org/freeipa/ticket/1552
ACK as well. This is straight-forward.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 11.08.2011 15:46, Simo Sorce wrote:
On Thu, 2011-08-11 at 14:07 +0200, Martin Kosek wrote:
The patch is applicable on top of my patch 108.
Shouldn't we also have a requires on libcurl and xmlrpc-c = the version
with the fixes ?
These are in patch 108 already.
--
/ Alexander Bokovoy
/unauthorized.html'follow these directions/a to
+configure your browser.
Note first line of the actual translation and what follows it. It would
probably be better to not include such translated message at all.
ACK for the patch itself.
--
/ Alexander Bokovoy
as diversion in
the output has happened after 9.0.0.3 which is latest F14 package
version for pki-core.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
complexity
other than 8 letters minimum length?
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
.
--
/ Alexander Bokovoy
From c7c414f32a56bb675f9d6b808daf609434fb1aa3 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Mon, 15 Aug 2011 18:35:32 +0300
Subject: [PATCH] Pass empty options as empty arrays for supported dns record
types. https://fedorahosted.org/freeipa/ticket/1632
API.txt.
See following threads on freeipa-devel@ for references:
https://www.redhat.com/archives/freeipa-devel/2011-August/msg0.html
https://www.redhat.com/archives/freeipa-devel/2011-August/msg00011.html
--
/ Alexander Bokovoy
From d11e876f59da5275e1d8d0afece7adbc7535dedb Mon Sep 17 00:00:00
literal to unicode via the u
prefix because the _() function returns unicode.
ACK
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
as quality of translation is subject of another topic and should
really be raised with translators at Transifex.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
12.2% 1167 untranslated, 0 fuzzy
es: 1329/1329 100.0% 0 untranslated, 0 fuzzy
sv: 0/1329 0.0% 1329 untranslated, 0 fuzzy
uk: 1329/1329 100.0% 0 untranslated, 0 fuzzy
ACK
--
/ Alexander Bokovoy
make target in install/po
* adds a new make target called pull-po which pulls updated po files
from Transifex (configure.ac includes some trailing whitespace fixes)
* turns off the generation of fuzzy translation suggestions during the
message merge phase.
ACK.
--
/ Alexander Bokovoy
.
I'll continue with remaining ones tomorrow.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
possible changes to locking
mechanism in the future.
Do we have any ETA for release of the bug? It is not yet released.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 22.08.2011 18:17, Alexander Bokovoy wrote:
On 22.08.2011 16:30, Simo Sorce wrote:
As we finally branched ipa-2-1 from master we are now open to put 3.0
related material on the tree.
Here is my rebased set of patches that apply on top of master:
http://fedorapeople.org/gitweb?p=simo
to be internationalized.
ACK.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
,-password} which are
different PAM services to use with different GDM options.
I think is is worth to create HBAC service groups for them as well but
this is clearly distribution-dependent behaviour.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
On 25.08.2011 14:36, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On 25.08.2011 00:35, Rob Crittenden wrote:
Add a few more ftp HBAC services. This adds vsftpd, proftpd, pure-ftpd
and gssftp. An HBAC service equates to a pam service and since there is
no Linux ftp daemon that uses ftp
On 25.08.2011 00:49, Rob Crittenden wrote:
There was no Param for member_hbacsvc so members weren't showing by
default with ipa hbacsvcgroup-show. This fixes it.
ACK
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
a new option to Password,
confirm, to decide what to do.
You forgot to re-generate API.txt.
-option: Password('password', label=Gettext('Password', domain='ipa',
localedir=None))
+option: Password('password', confirm=False, label=Gettext('Password',
domain='ipa', localedir=None))
--
/ Alexander
On 25.08.2011 14:55, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On 25.08.2011 01:17, Rob Crittenden wrote:
The Password parameter was set up to take passwords for users where you
would want to confirm the entered password. There is a case in the
entitlement plugin where we want to prompt
On 25.08.2011 14:39, Alexander Bokovoy wrote:
What about other services? There are 'sudo', 'sudo-i', 'su', 'su-l',
'runuser', 'runuser-l' in Fedora which represent 'sudo' and 'su', and
'runuser' and dash-variants are used when launched with appropriate
options.
For gdm there are gdm
a GettextFactory instance, not a string
* Clean up trailing whitespace errors
ACK
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 25.08.2011 16:53, John Dennis wrote:
On 08/25/2011 07:50 AM, Alexander Bokovoy wrote:
Read through whole patch. This is one of rare cases where gettext's use
of original text as translation id isn't helpful from both performance
(longer calculation of Id hash during run-time
On 25.08.2011 18:02, John Dennis wrote:
On 08/25/2011 10:36 AM, Alexander Bokovoy wrote:
This would have been enough if only gettext supported fallback between
language translations on the same domain. I.e. if Russian translation is
not available, try English one and if not, return translation
to direct
them to a proper configuration, you can't do so for /usr/bin/net.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
with installation. It confused
users when the hostname change occurred before this prompt.
https://fedorahosted.org/freeipa/ticket/1724
ACK.
Poor me. There was discussion where to put the change but this part
wasn't considered.
Please push.
--
/ Alexander Bokovoy
to work with services as native objects -- Python
interpreter will help to protect against such typos in the client code.
Of course, if framework is not broken... :)
Fixed and pushed update into the tree on fedorapeople.
Thanks for the review!
--
/ Alexander Bokovoy
/httpinstance.py
patching file ipaserver/install/krbinstance.py
Hunk #1 succeeded at 316 with fuzz 2 (offset 34 lines).
Hunk #2 FAILED at 303.
1 out of 2 hunks FAILED -- saving rejects to file
ipaserver/install/krbinstance.py.rej
Could you please re-base these two?
--
/ Alexander Bokovoy
man pages were changed to have the same header and top-center
title to provide united look.
2) Few typos in man pages have been fixed
https://fedorahosted.org/freeipa/ticket/1687
ACK for master.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing
On 05.09.2011 13:38, Martin Kosek wrote:
Make it clear in man pages that ipa-join -u does not remove keytab.
https://fedorahosted.org/freeipa/ticket/1317
ACK for both ipa-2-1 and master.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
On 05.09.2011 17:24, Martin Kosek wrote:
How to test:
1) on server:
- check that files in /usr/share/ipa/html are world readable
why /usr/share/ipa/html/configure.jar has to be executable?
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
://fedorahosted.org/freeipa/ticket/1480
ACK master and ipa-2-1
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
man pages were changed to have the same header and top-center
title to provide united look.
2) Few typos in man pages have been fixed
https://fedorahosted.org/freeipa/ticket/1687
ACK for ipa-2-1.
--
/ Alexander Bokovoy
___
Freeipa-devel
Hi!
When modifying SSSD configuration, attempt to add new domain rather
than replacing whole configuration file.
Only replace file in case it is impossible to parse it by current SSSD
version.
https://fedorahosted.org/freeipa/ticket/1750
--
/ Alexander Bokovoy
From
On Wed, 07 Sep 2011, Stephen Gallagher wrote:
On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
Hi!
When modifying SSSD configuration, attempt to add new domain rather
than replacing whole configuration file.
Only replace file in case it is impossible to parse
?buildID=262773
There are 2 version of the patch - master and ipa-2-1.
ACK for both.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
.
The following changes since commit d3c24bb0a65dae85e665ebc617ab4f084c2299fd:
Don't allow a OTP to be set on an enrolled host (2011-09-10 00:03:32 +)
are available in the git repository at:
git://fedorapeople.org/home/fedora/abbra/public_git/freeipa.git platform
Alexander Bokovoy (5
host (2011-09-10 00:03:19 +)
are available in the git repository at:
git://fedorapeople.org/home/fedora/abbra/public_git/freeipa.git
platform-master
Alexander Bokovoy (5):
Introduce platform-specific adaptation
Convert server install code to platform-independent access to system
On Mon, 12 Sep 2011, Jan Cholasta wrote:
We can't dictate which interface matches the hostname. At most we can
warn about this, but not fail to install.
rob
Changed to print a warning message instead of raising an error.
ACK.
--
/ Alexander Bokovoy
not introduce new tab-spaces problems as they have a
potential to cause nasty problems.
I believe I fixed all whitespace problems, old and new. I eneded up
with a separate commit due to scale of it. It is pushed to both
platform and platform-master branches on fedorapeople repo.
--
/ Alexander
https://fedorahosted.org/freeipa/ticket/1741
--
/ Alexander Bokovoy
From 5391bfde89d890541a0274d39a909c08f09ab3ca Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Mon, 12 Sep 2011 14:06:55 +0300
Subject: [PATCH 6/8] Incorrect name in examples of ipa help hbactest
https
https://fedorahosted.org/freeipa/ticket/1740
--
/ Alexander Bokovoy
From a87317a404717882e35cdeb9a9bc5aa3445e5353 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Mon, 12 Sep 2011 17:23:56 +0300
Subject: [PATCH 7/8] Unroll groups when testing HBAC rules
Fixes https
, and -',
+maxlength=255,
cli_name='hostname',
label=_('Host name'),
primary_key=True,
What about IDN hosts? With this change we would require them to be
always in Punycode?
--
/ Alexander Bokovoy
On Mon, 12 Sep 2011, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Mon, 12 Sep 2011, Rob Crittenden wrote:
Limit hostnames to letters, digits and - with a max length of 255
takes_params = (
Str('fqdn', validate_host,
+pattern='^[a-zA-Z0-9][a-zA-Z0-9
should be able to work with
xn-Punycode form.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
in case of any exception,
not only for ParsingError.
Attached.
--
/ Alexander Bokovoy
From 47d663ce4b265b65f1c4ab4b4e8ec36379d9e602 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Wed, 7 Sep 2011 14:23:29 +0300
Subject: [PATCH] ipa-client-install should not clobber existing
. There is sssd.conf - modify existing one
2.1. Can't open for write - report error
2.2. Can't open and read due to parsing error - create new one
...
What are other cases?
Admittedly, it's a contrived example, but where contrived examples
exist, so can real issues.
True.
--
/ Alexander Bokovoy
sure when this
stopped working.
I added an extra postun rule so that the server-selinux package is
removed as a dependency when you do a yum erase freeipa-python.
ACK.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
1 - 100 of 1523 matches
Mail list logo