Re: [Freeipa-devel] Kerberos implementation issues

2011-06-22 Thread Alexander Bokovoy
it for libmicrohttp, shouldn't be too much work, the crypto details are handled by libgssapi anyways. That seems to be a common case -- at least for nginx people did go the same way https://github.com/fintler/nginx-mod-auth-kerb -- / Alexander Bokovoy

[Freeipa-devel] [PATCH] 0002 Minor typos in examples

2011-06-27 Thread Alexander Bokovoy
Hi, while reading through the code and examples, few typos were identified and fixed. Really minor patch. -- / Alexander Bokovoy From 178f2da439d1cc1299bb79bf563019ce4877804f Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Mon, 27 Jun 2011 14:58:52 +0300 Subject

[Freeipa-devel] [PATCH] 3 ipa-client-install tries to start non-existing nscd

2011-07-01 Thread Alexander Bokovoy
-- / Alexander Bokovoy From a7cd88f5aa2db2c18fe76c612573ec28eb51fd40 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Fri, 1 Jul 2011 11:11:38 +0300 Subject: [PATCH] Rearrange logging for NSCD daemon. https://fedorahosted.org/freeipa/ticket/1373 When SSSD is in use

[Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap

2011-07-01 Thread Alexander Bokovoy
New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. -- / Alexander Bokovoy From a78f8a4d18a9eae266215238dbaefe3b6cc6cd98 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Fri, 1 Jul 2011 12:41:45 +0300 Subject: [PATCH] Make

[Freeipa-devel] [PATCH] 4 ipa-client-install complains about non-existing nss_ldap

2011-07-01 Thread Alexander Bokovoy
-- / Alexander Bokovoy From d29143ce5f6364dfc93dd0228dc58199f956b0a6 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Fri, 1 Jul 2011 12:15:12 +0300 Subject: [PATCH] Make error reporting more 'local' for various configurations of nss_ldap packages https

Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap

2011-07-01 Thread Alexander Bokovoy
Hi, On 01.07.2011 14:54, Jan Cholasta wrote: On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket

Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap

2011-07-06 Thread Alexander Bokovoy
it. Do we have other cases where it is *not* enough to have check on the configuration files rather than package itself? For example, for cases where we would enforce installation of a required package to satisfy dependencies (like it was discussed for PackageKit on #freeipa)? -- / Alexander

Re: [Freeipa-devel] [PATCH] 3 ipa-client-install tries to start non-existing nscd

2011-07-06 Thread Alexander Bokovoy
On 06.07.2011 17:27, Rob Crittenden wrote: Alexander Bokovoy wrote: Should we instead look to see if /usr/sbin/nscd exists before calling chkconfig? When you call chkconfig for non-existing service, it is correctly reporting that it does not exist and sets return code appropriately. I

Re: [Freeipa-devel] [PATCHES] 814, 815, 816 Fix test failures

2011-07-12 Thread Alexander Bokovoy
by rebasing to current git that nothing has changed since Thursday and patch applies. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 3 ipa-client-install tries to start non-existing nscd

2011-07-15 Thread Alexander Bokovoy
On 15.07.2011 22:41, Rob Crittenden wrote: Alexander Bokovoy wrote: nack. I don't believe this fixes the reported problem. This patch affects un-installation in which case whether sssd was selected or not doesn't matter, we're just trying to restore the previous state (so tangentially I

Re: [Freeipa-devel] [PATCH] 3 ipa-client-install tries to start non-existing nscd

2011-07-18 Thread Alexander Bokovoy
On 15.07.2011 22:41, Rob Crittenden wrote: Alexander Bokovoy wrote: nack. I don't believe this fixes the reported problem. This patch affects un-installation in which case whether sssd was selected or not doesn't matter, we're just trying to restore the previous state (so tangentially

[Freeipa-devel] [PATCH] 05 Fix sssd.conf to always have IPA certificate for the domain

2011-07-19 Thread Alexander Bokovoy
https://fedorahosted.org/freeipa/ticket/1476 -- / Alexander Bokovoy From f80ccb1a3c85afd8d5aa03191ef5c323a35293de Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Tue, 19 Jul 2011 16:07:05 +0300 Subject: [PATCH] Fix sssd.conf to always have IPA certificate for the domain

Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap

2011-07-19 Thread Alexander Bokovoy
and ipa-client-install will come from such a package. Thus, providing proper ipautil-system.py file can be done as packaging effort. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa

[Freeipa-devel] [WIP] ipapython/iputil.py refactoring for better cross-platform support

2011-07-20 Thread Alexander Bokovoy
Hi, On 19.07.2011 16:36, Alexander Bokovoy wrote: I believe that nss-pam-ldapd uses a different configuration file than nss_ldap, I think I'd rather use the existence of that to determine what is being used. Calling out to rpm seems heavy-weight. In continuation of the same story, ticket 1368

Re: [Freeipa-devel] [WIP] ipapython/iputil.py refactoring for better cross-platform support

2011-07-20 Thread Alexander Bokovoy
On 20.07.2011 20:30, Alexander Bokovoy wrote: I moved existing code to ipapython/platform/redhat.py. ipapython/services.py is auto-generated and basically is one-liner: = from ipapython.platform.platform import * = Actual platform value is substituted using top-level Makefile's

Re: [Freeipa-devel] [WIP] ipapython/iputil.py refactoring for better cross-platform support

2011-07-20 Thread Alexander Bokovoy
On 20.07.2011 21:59, John Dennis wrote: On 07/20/2011 01:30 PM, Alexander Bokovoy wrote: Actualplatform value is substituted using top-level Makefile's SUPPORTED_PLAFTORM= variable (defaults to 'redhat', can be redefined without modifying Makefile, in package building scripts, for example

[Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-22 Thread Alexander Bokovoy
, only HBAC rules specified on the command line are considered. I'm still not sure if running simulation against all disabled HBAC rules in databse is worth it. -- / Alexander Bokovoy # Authors: # Alexander Bokovoy aboko...@redhat.com # # Copyright (C) 2011 Red Hat # see file 'COPYING' for use

Re: [Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-22 Thread Alexander Bokovoy
Now real patch: adds command, updates API.txt and VERSION files, along with freeipa.spec. On 22.07.2011 12:32, Alexander Bokovoy wrote: Hi, attached please find a first cut of an HBAC tester command to CLI, FreeIPA ticket https://fedorahosted.org/freeipa/ticket/386 The idea behind

Re: [Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-22 Thread Alexander Bokovoy
On 22.07.2011 22:47, Rob Crittenden wrote: Alexander Bokovoy wrote: Now real patch: adds command, updates API.txt and VERSION files, along with freeipa.spec. On 22.07.2011 12:32, Alexander Bokovoy wrote: Hi, attached please find a first cut of an HBAC tester command to CLI, FreeIPA

Re: [Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-25 Thread Alexander Bokovoy
On 22.07.2011 23:10, Alexander Bokovoy wrote: So this is a little confusing. I thought --rules limited the rules that were considered. Maybe I'm misunderstanding it. --validate + --rules gives limitation, --rules alone adds more rules to the existing test set which is all enabled rules in IPA

Re: [Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-25 Thread Alexander Bokovoy
to see how simulation went, which rules granted access and which denied. Conceptually it should have been --verbose but verbose is already global option taken by IPA framework. +1 error - this would match the behavior of all other CLIs. Ok. -- / Alexander Bokovoy

Re: [Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-25 Thread Alexander Bokovoy
the wording in the help output that confused me. Details of the rule(s) being validated ? May be Show which rules are passed, denied, and invalid? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com

Re: [Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-25 Thread Alexander Bokovoy
for simulation. Making --enabled/--disabled taking arguments introduces unneeded information waste into operation. I'll send updated patch proposal today. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com

Re: [Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-26 Thread Alexander Bokovoy
On 26.07.2011 06:23, Alexander Bokovoy wrote: I'll send updated patch proposal today. Here is new patch. $ ipa hbactest --help Usage: ipa [global-options] hbactest [options] Options: -h, --help show this help message and exit --user=STR User name --srchost=STR Source host

Re: [Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-26 Thread Alexander Bokovoy
On 26.07.2011 13:36, Alexander Bokovoy wrote: On 26.07.2011 06:23, Alexander Bokovoy wrote: I'll send updated patch proposal today. Here is new patch. Rebased against current master (9a4ce988df219565ab84602b1eea93e14700862b) -- / Alexander Bokovoy From 895afdab5a945dfdf68746299c3f7f15d2b718a2

Re: [Freeipa-devel] [WIP] Add command to test HBAC rules

2011-07-26 Thread Alexander Bokovoy
On 26.07.2011 15:26, Jakub Hrozek wrote: On 07/26/2011 12:41 PM, Alexander Bokovoy wrote: On 26.07.2011 13:36, Alexander Bokovoy wrote: On 26.07.2011 06:23, Alexander Bokovoy wrote: I'll send updated patch proposal today. Here is new patch. Rebased against current master

[Freeipa-devel] [PATCH] 0007 Add command to test HBAC rules

2011-07-27 Thread Alexander Bokovoy
notmatched: myrule notmatched: кошка, кот This is scriptable and also returns granted/not-granted result in $? so you can easily test in shell whether ipa command was successful or not. Attached is the patch with unit tests and it can be considered for inclusion. -- / Alexander Bokovoy From

Re: [Freeipa-devel] [PATCH] 0007 Add command to test HBAC rules

2011-07-28 Thread Alexander Bokovoy
On 29.07.2011 06:38, Alexander Bokovoy wrote: Fixed that all and added unit test for non-existing rules. Modified description to be more detailed and added real examples. Scratch previous version, while nicely renaming unit tests before commit and after patch testing I didn't keep right order

Re: [Freeipa-devel] [PATCH] 0007 Add command to test HBAC rules

2011-07-29 Thread Alexander Bokovoy
On 29.07.2011 07:41, Rob Crittenden wrote: Alexander Bokovoy wrote: On 29.07.2011 06:38, Alexander Bokovoy wrote: Fixed that all and added unit test for non-existing rules. Modified description to be more detailed and added real examples. Scratch previous version, while nicely renaming unit

[Freeipa-devel] [PATCH] 0008 Modify /etc/sysconfig/network on a client when IPA manages hostname

2011-07-29 Thread Alexander Bokovoy
https://fedorahosted.org/freeipa/ticket/1368 also replaces a tab by spaces in one else statement (cosmetic). -- / Alexander Bokovoy From bc02d3098671a2284b5764205b893facdeacf80e Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Tue, 19 Jul 2011 15:33:53 +0300 Subject

Re: [Freeipa-devel] [PATCH] 0008 Modify /etc/sysconfig/network on a client when IPA manages hostname

2011-07-29 Thread Alexander Bokovoy
On 29.07.2011 12:01, Martin Kosek wrote: On Fri, 2011-07-29 at 11:42 +0300, Alexander Bokovoy wrote: https://fedorahosted.org/freeipa/ticket/1368 also replaces a tab by spaces in one else statement (cosmetic). This works fine. But I have few suggestion for improvement: 1) Shouldn't we

[Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install

2011-07-29 Thread Alexander Bokovoy
/ticket/1369 -- / Alexander Bokovoy From 5497a7b2b39a6f7ffd48d35c37beeb80e9730f66 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Fri, 29 Jul 2011 13:05:07 +0300 Subject: [PATCH] Make proper LDAP configuration reporting for ipa-client-install Ticket https

Re: [Freeipa-devel] [PATCH] 0008 Modify /etc/sysconfig/network on a client when IPA manages hostname

2011-07-29 Thread Alexander Bokovoy
it was. sysrestore.StateFile could be used for storing the old hostname value. Added use of sysrestore.StateFile and restoring the hostname from it. Note that /etc/sysconfig/network is restored already via sysrestore.FileStore. -- / Alexander Bokovoy From c1892612c7ad64f8ea9ae14f8077d0a5a4b832bf Mon Sep 17 00:00:00 2001

Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install

2011-07-29 Thread Alexander Bokovoy
On 29.07.2011 14:13, Martin Kosek wrote: On Fri, 2011-07-29 at 13:09 +0300, Alexander Bokovoy wrote: Hi, another attempt to refine error/configuration reporting when configuring means to access LDAP on a client. Previous one tried to use rpm to find out package name but this approach

Re: [Freeipa-devel] [PATCH] 0008 Modify /etc/sysconfig/network on a client when IPA manages hostname

2011-07-29 Thread Alexander Bokovoy
On 29.07.2011 14:53, Alexander Bokovoy wrote: On 29.07.2011 13:52, Martin Kosek wrote: Oh, this is not informative at all. I'll get this updated. Updated patch attached. Ok, hostname is properly changed now. I still have some issues: Updated again to use more reliable regexp for parsing

Re: [Freeipa-devel] [PATCH] 0008 Modify /etc/sysconfig/network on a client when IPA manages hostname

2011-07-29 Thread Alexander Bokovoy
On 29.07.2011 16:25, Martin Kosek wrote: On Fri, 2011-07-29 at 16:05 +0300, Alexander Bokovoy wrote: On 29.07.2011 14:53, Alexander Bokovoy wrote: On 29.07.2011 13:52, Martin Kosek wrote: Oh, this is not informative at all. I'll get this updated. Updated patch attached. Ok, hostname

Re: [Freeipa-devel] [PATCH] 0008 Modify /etc/sysconfig/network on a client when IPA manages hostname

2011-07-29 Thread Alexander Bokovoy
On 29.07.2011 17:06, Alexander Bokovoy wrote: There was wrong comparison (I wanted to check if option is not None and then compare it to 'HOSTNAME' but brain short-circuited. My bad. ... and one more update, to get common style for comparisons. -- / Alexander Bokovoy From

Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install

2011-07-29 Thread Alexander Bokovoy
this code for configuring specific services should go into platform-specific backend and be re-used from there but that is something for 2.1.1 as it would need my cross-platform enablers which are too big for 2.1. -- / Alexander Bokovoy From 5d38060f05d4642761bb62db810d8e6b89a3f150 Mon Sep 17 00:00:00

Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install

2011-07-29 Thread Alexander Bokovoy
On 29.07.2011 18:45, Dmitri Pal wrote: On 07/29/2011 11:35 AM, Alexander Bokovoy wrote: No recognized configuration, please check manually NSS setup May be reword: Unknown configuration, please check NSS setup manually But some time ago, somewhere, some

[Freeipa-devel] environment in Param(s)

2011-08-01 Thread Alexander Bokovoy
', env) yield param def _create_param_namespace(self, name, env=None): Does anybody have better suggestion? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo

Re: [Freeipa-devel] environment in Param(s)

2011-08-01 Thread Alexander Bokovoy
On 01.08.2011 16:13, Adam Young wrote: On 08/01/2011 06:34 AM, Alexander Bokovoy wrote: Hi, while investigating #1549 and #1550 I stumbled upon a problem. We create Param(s) as read only entities. This means that using standard methods, any modifications to Param instances are denied. What

Re: [Freeipa-devel] environment in Param(s)

2011-08-01 Thread Alexander Bokovoy
+if not name: +name = self.name raise ValidationError( -name=self.cli_name, error='incomplete time value' +name=name, error='incomplete time value' ) return None -- / Alexander Bokovoy

Re: [Freeipa-devel] environment in Param(s)

2011-08-01 Thread Alexander Bokovoy
shouldn't get to this problem at all. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] environment in Param(s)

2011-08-01 Thread Alexander Bokovoy
On 01.08.2011 17:15, Adam Young wrote: On 08/01/2011 10:01 AM, Alexander Bokovoy wrote: On 01.08.2011 17:00, Adam Young wrote: I don't really have the context to ACK it, but it looks a lot better to me than the previous solution. Thanks. Here is what I get without and with the patch

[Freeipa-devel] [PATCH] 0009 Use cli_name if possible to return errors via exceptions in Param

2011-08-01 Thread Alexander Bokovoy
Hi, as result of discussion on Param and environment/context, here is patch to fix https://fedorahosted.org/freeipa/ticket/1549 https://fedorahosted.org/freeipa/ticket/1550 CLI and Web UI work. -- / Alexander Bokovoy From 7bbec097dfac402a4b79edc8685b736a53d06aed Mon Sep 17 00:00:00 2001

Re: [Freeipa-devel] [PATCH] 0009 Use cli_name if possible to return errors via exceptions in Param

2011-08-02 Thread Alexander Bokovoy
On 01.08.2011 17:44, Rob Crittenden wrote: Alexander Bokovoy wrote: Hi, as result of discussion on Param and environment/context, here is patch to fix https://fedorahosted.org/freeipa/ticket/1549 https://fedorahosted.org/freeipa/ticket/1550 CLI and Web UI work. nack. When

Re: [Freeipa-devel] [PATCH] 0009 Use cli_name if possible to return errors via exceptions in Param

2011-08-02 Thread Alexander Bokovoy
On 02.08.2011 15:27, Alexander Bokovoy wrote: Following yesterday's discussion on IRC with Rob, I further investigated the issue and came up with a following fix (attached). The patch extends arguments supported by Param class to accept environment and set it if it is not None before locking

[Freeipa-devel] [PATCH] 0010 fix /etc/sysconfig/network permissions in ipa-client-install

2011-08-10 Thread Alexander Bokovoy
, system may have no networking enabled after reboot. -- / Alexander Bokovoy From 2df08449eec5c64f64b20232842f6432b8b64f8f Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Wed, 10 Aug 2011 14:54:32 +0300 Subject: [PATCH] Ensure network configuration file has proper permissions

Re: [Freeipa-devel] [PATCH] 0010 fix /etc/sysconfig/network permissions in ipa-client-install

2011-08-10 Thread Alexander Bokovoy
On 10.08.2011 14:57, Alexander Bokovoy wrote: Ensure network configuration file has proper permissions As network configuration file is created as temporary file, it has stricter permissions than we need for the target system configuration file. Ensure permissions are properly reset before

Re: [Freeipa-devel] [PATCH] 0010 fix /etc/sysconfig/network permissions in ipa-client-install

2011-08-10 Thread Alexander Bokovoy
On 10.08.2011 14:57, Alexander Bokovoy wrote: Ensure network configuration file has proper permissions As network configuration file is created as temporary file, it has stricter permissions than we need for the target system configuration file. Ensure permissions are properly reset before

Re: [Freeipa-devel] [PATCH 36/36] ticket 1600 - convert unittests to use DN objects

2011-08-10 Thread Alexander Bokovoy
-sensitive due to schema definition. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] [WIP] 108 Fix client enrollment

2011-08-11 Thread Alexander Bokovoy
On 11.08.2011 14:59, Martin Kosek wrote: On Thu, 2011-08-11 at 13:07 +0300, Alexander Bokovoy wrote: On 11.08.2011 12:19, Martin Kosek wrote: This is a first shot for client enrollment fix. I had to pull the new version of xmlrpc-c from koji as it is not in updates-testing repo yet: http

Re: [Freeipa-devel] [PATCH] 109 Update 389-ds-base version

2011-08-11 Thread Alexander Bokovoy
://fedorahosted.org/freeipa/ticket/1552 ACK as well. This is straight-forward. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 109 Update 389-ds-base version

2011-08-11 Thread Alexander Bokovoy
On 11.08.2011 15:46, Simo Sorce wrote: On Thu, 2011-08-11 at 14:07 +0200, Martin Kosek wrote: The patch is applicable on top of my patch 108. Shouldn't we also have a requires on libcurl and xmlrpc-c = the version with the fixes ? These are in patch 108 already. -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH 38/38] transifex translation adjustment

2011-08-11 Thread Alexander Bokovoy
/unauthorized.html'follow these directions/a to +configure your browser. Note first line of the actual translation and what follows it. It would probably be better to not include such translated message at all. ACK for the patch itself. -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH] 110 Update pki-ca version

2011-08-12 Thread Alexander Bokovoy
as diversion in the output has happened after 9.0.0.3 which is latest F14 package version for pki-core. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 38 Verify length of passwords in ipa-server-install

2011-08-15 Thread Alexander Bokovoy
complexity other than 8 letters minimum length? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 39 Fix internal error when removing the last PTR record from a DNS record entry.

2011-08-15 Thread Alexander Bokovoy
. -- / Alexander Bokovoy From c7c414f32a56bb675f9d6b808daf609434fb1aa3 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Mon, 15 Aug 2011 18:35:32 +0300 Subject: [PATCH] Pass empty options as empty arrays for supported dns record types. https://fedorahosted.org/freeipa/ticket/1632

[Freeipa-devel] [PATCH] 0009 (1) Propagate environment when it is required

2011-08-17 Thread Alexander Bokovoy
API.txt. See following threads on freeipa-devel@ for references: https://www.redhat.com/archives/freeipa-devel/2011-August/msg0.html https://www.redhat.com/archives/freeipa-devel/2011-August/msg00011.html -- / Alexander Bokovoy From d11e876f59da5275e1d8d0afece7adbc7535dedb Mon Sep 17 00:00:00

Re: [Freeipa-devel] [PATCH 40/40] ticket 1659 - invalid i18n string in dns.py

2011-08-18 Thread Alexander Bokovoy
literal to unicode via the u prefix because the _() function returns unicode. ACK -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 41/41] ticket 1660 - update LINGUAS file, add missing po files

2011-08-18 Thread Alexander Bokovoy
as quality of translation is subject of another topic and should really be raised with translators at Transifex. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 42/42] ticket 1661 - Update all po files

2011-08-18 Thread Alexander Bokovoy
12.2% 1167 untranslated, 0 fuzzy es: 1329/1329 100.0% 0 untranslated, 0 fuzzy sv: 0/1329 0.0% 1329 untranslated, 0 fuzzy uk: 1329/1329 100.0% 0 untranslated, 0 fuzzy ACK -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH 39/39] ticket 1650 - compute accurate translation statistics

2011-08-18 Thread Alexander Bokovoy
make target in install/po * adds a new make target called pull-po which pulls updated po files from Transifex (configure.ac includes some trailing whitespace fixes) * turns off the generation of fuzzy translation suggestions during the message merge phase. ACK. -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCHES] freeipa-v3

2011-08-22 Thread Alexander Bokovoy
. I'll continue with remaining ones tomorrow. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 850 use pthrea read/write locks instead of NSPR RW locks

2011-08-24 Thread Alexander Bokovoy
possible changes to locking mechanism in the future. Do we have any ETA for release of the bug? It is not yet released. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES] freeipa-v3

2011-08-24 Thread Alexander Bokovoy
On 22.08.2011 18:17, Alexander Bokovoy wrote: On 22.08.2011 16:30, Simo Sorce wrote: As we finally branched ipa-2-1 from master we are now open to put 3.0 related material on the tree. Here is my rebased set of patches that apply on top of master: http://fedorapeople.org/gitweb?p=simo

Re: [Freeipa-devel] [PATCH 45/45] ticket 1706 - internationalize cli help framework

2011-08-25 Thread Alexander Bokovoy
to be internationalized. ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 854 Add ftp HBAC services

2011-08-25 Thread Alexander Bokovoy
,-password} which are different PAM services to use with different GDM options. I think is is worth to create HBAC service groups for them as well but this is clearly distribution-dependent behaviour. -- / Alexander Bokovoy ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 854 Add ftp HBAC services

2011-08-25 Thread Alexander Bokovoy
On 25.08.2011 14:36, Rob Crittenden wrote: Alexander Bokovoy wrote: On 25.08.2011 00:35, Rob Crittenden wrote: Add a few more ftp HBAC services. This adds vsftpd, proftpd, pure-ftpd and gssftp. An HBAC service equates to a pam service and since there is no Linux ftp daemon that uses ftp

Re: [Freeipa-devel] [PATCH] 855 add label for HBAC service group members

2011-08-25 Thread Alexander Bokovoy
On 25.08.2011 00:49, Rob Crittenden wrote: There was no Param for member_hbacsvc so members weren't showing by default with ipa hbacsvcgroup-show. This fixes it. ACK -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 856 add option to only prompt once for passwords

2011-08-25 Thread Alexander Bokovoy
a new option to Password, confirm, to decide what to do. You forgot to re-generate API.txt. -option: Password('password', label=Gettext('Password', domain='ipa', localedir=None)) +option: Password('password', confirm=False, label=Gettext('Password', domain='ipa', localedir=None)) -- / Alexander

Re: [Freeipa-devel] [PATCH] 856 add option to only prompt once for passwords

2011-08-25 Thread Alexander Bokovoy
On 25.08.2011 14:55, Rob Crittenden wrote: Alexander Bokovoy wrote: On 25.08.2011 01:17, Rob Crittenden wrote: The Password parameter was set up to take passwords for users where you would want to confirm the entered password. There is a case in the entitlement plugin where we want to prompt

Re: [Freeipa-devel] [PATCH] 854 Add ftp HBAC services

2011-08-25 Thread Alexander Bokovoy
On 25.08.2011 14:39, Alexander Bokovoy wrote: What about other services? There are 'sudo', 'sudo-i', 'su', 'su-l', 'runuser', 'runuser-l' in Fedora which represent 'sudo' and 'su', and 'runuser' and dash-variants are used when launched with appropriate options. For gdm there are gdm

Re: [Freeipa-devel] [PATCH 44/44] ticket 1705 - internationalize help topics

2011-08-25 Thread Alexander Bokovoy
a GettextFactory instance, not a string * Clean up trailing whitespace errors ACK -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 46/46] ticket 1669 - improve i18n docstring extraction

2011-08-25 Thread Alexander Bokovoy
On 25.08.2011 16:53, John Dennis wrote: On 08/25/2011 07:50 AM, Alexander Bokovoy wrote: Read through whole patch. This is one of rare cases where gettext's use of original text as translation id isn't helpful from both performance (longer calculation of Id hash during run-time

Re: [Freeipa-devel] [PATCH 46/46] ticket 1669 - improve i18n docstring extraction

2011-08-25 Thread Alexander Bokovoy
On 25.08.2011 18:02, John Dennis wrote: On 08/25/2011 10:36 AM, Alexander Bokovoy wrote: This would have been enough if only gettext supported fallback between language translations on the same domain. I.e. if Russian translation is not available, try English one and if not, return translation

Re: [Freeipa-devel] [PATCH] 1 Add ipa-adtrust-install utility

2011-08-26 Thread Alexander Bokovoy
to direct them to a proper configuration, you can't do so for /usr/bin/net. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 115 ipa-client-install breaks network configuration

2011-08-29 Thread Alexander Bokovoy
with installation. It confused users when the hostname change occurred before this prompt. https://fedorahosted.org/freeipa/ticket/1724 ACK. Poor me. There was discussion where to put the change but this part wasn't considered. Please push. -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH, FreeIPA2.1] Review request for platform abstraction refactoring

2011-09-01 Thread Alexander Bokovoy
to work with services as native objects -- Python interpreter will help to protect against such typos in the client code. Of course, if framework is not broken... :) Fixed and pushed update into the tree on fedorapeople. Thanks for the review! -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH] 116 Improve man pages structure

2011-09-05 Thread Alexander Bokovoy
/httpinstance.py patching file ipaserver/install/krbinstance.py Hunk #1 succeeded at 316 with fuzz 2 (offset 34 lines). Hunk #2 FAILED at 303. 1 out of 2 hunks FAILED -- saving rejects to file ipaserver/install/krbinstance.py.rej Could you please re-base these two? -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH] 116 Improve man pages structure

2011-09-06 Thread Alexander Bokovoy
man pages were changed to have the same header and top-center title to provide united look. 2) Few typos in man pages have been fixed https://fedorahosted.org/freeipa/ticket/1687 ACK for master. -- / Alexander Bokovoy ___ Freeipa-devel mailing

Re: [Freeipa-devel] [PATCH] 117 Improve ipa-join man page

2011-09-06 Thread Alexander Bokovoy
On 05.09.2011 13:38, Martin Kosek wrote: Make it clear in man pages that ipa-join -u does not remove keytab. https://fedorahosted.org/freeipa/ticket/1317 ACK for both ipa-2-1 and master. -- / Alexander Bokovoy ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 118 Fix permissions in installers

2011-09-06 Thread Alexander Bokovoy
On 05.09.2011 17:24, Martin Kosek wrote: How to test: 1) on server: - check that files in /usr/share/ipa/html are world readable why /usr/share/ipa/html/configure.jar has to be executable? -- / Alexander Bokovoy ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 119 Fix typos

2011-09-06 Thread Alexander Bokovoy
://fedorahosted.org/freeipa/ticket/1480 ACK master and ipa-2-1 -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 116 Improve man pages structure

2011-09-06 Thread Alexander Bokovoy
man pages were changed to have the same header and top-center title to provide united look. 2) Few typos in man pages have been fixed https://fedorahosted.org/freeipa/ticket/1687 ACK for ipa-2-1. -- / Alexander Bokovoy ___ Freeipa-devel

[Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

2011-09-07 Thread Alexander Bokovoy
Hi! When modifying SSSD configuration, attempt to add new domain rather than replacing whole configuration file. Only replace file in case it is impossible to parse it by current SSSD version. https://fedorahosted.org/freeipa/ticket/1750 -- / Alexander Bokovoy From

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

2011-09-08 Thread Alexander Bokovoy
On Wed, 07 Sep 2011, Stephen Gallagher wrote: On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote: Hi! When modifying SSSD configuration, attempt to add new domain rather than replacing whole configuration file. Only replace file in case it is impossible to parse

Re: [Freeipa-devel] [PATCH] 121 Set bind and bind-dyndb-ldap min nvr

2011-09-09 Thread Alexander Bokovoy
?buildID=262773 There are 2 version of the patch - master and ipa-2-1. ACK for both. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PULL REQUEST, ipa-2-1] Platform-specific adaptation

2011-09-12 Thread Alexander Bokovoy
. The following changes since commit d3c24bb0a65dae85e665ebc617ab4f084c2299fd: Don't allow a OTP to be set on an enrolled host (2011-09-10 00:03:32 +) are available in the git repository at: git://fedorapeople.org/home/fedora/abbra/public_git/freeipa.git platform Alexander Bokovoy (5

[Freeipa-devel] [PULL REQUEST, master] Platform-specific adaptation

2011-09-12 Thread Alexander Bokovoy
host (2011-09-10 00:03:19 +) are available in the git repository at: git://fedorapeople.org/home/fedora/abbra/public_git/freeipa.git platform-master Alexander Bokovoy (5): Introduce platform-specific adaptation Convert server install code to platform-independent access to system

Re: [Freeipa-devel] [PATCH] 45 Check that install hostname matches the server hostname

2011-09-12 Thread Alexander Bokovoy
On Mon, 12 Sep 2011, Jan Cholasta wrote: We can't dictate which interface matches the hostname. At most we can warn about this, but not fail to install. rob Changed to print a warning message instead of raising an error. ACK. -- / Alexander Bokovoy

Re: [Freeipa-devel] [PULL REQUEST, master] Platform-specific adaptation

2011-09-12 Thread Alexander Bokovoy
not introduce new tab-spaces problems as they have a potential to cause nasty problems. I believe I fixed all whitespace problems, old and new. I eneded up with a separate commit due to scale of it. It is pushed to both platform and platform-master branches on fedorapeople repo. -- / Alexander

[Freeipa-devel] [PATCH] 0013 Use proper HBAC service names in the documentation

2011-09-12 Thread Alexander Bokovoy
https://fedorahosted.org/freeipa/ticket/1741 -- / Alexander Bokovoy From 5391bfde89d890541a0274d39a909c08f09ab3ca Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Mon, 12 Sep 2011 14:06:55 +0300 Subject: [PATCH 6/8] Incorrect name in examples of ipa help hbactest https

[Freeipa-devel] [PATCH] 0014 Unroll groups for users, hosts, and services when testing HBAC rules

2011-09-12 Thread Alexander Bokovoy
https://fedorahosted.org/freeipa/ticket/1740 -- / Alexander Bokovoy From a87317a404717882e35cdeb9a9bc5aa3445e5353 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Mon, 12 Sep 2011 17:23:56 +0300 Subject: [PATCH 7/8] Unroll groups when testing HBAC rules Fixes https

Re: [Freeipa-devel] [PATCH] 871 add hostname regex

2011-09-12 Thread Alexander Bokovoy
, and -', +maxlength=255, cli_name='hostname', label=_('Host name'), primary_key=True, What about IDN hosts? With this change we would require them to be always in Punycode? -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH] 871 add hostname regex

2011-09-12 Thread Alexander Bokovoy
On Mon, 12 Sep 2011, Rob Crittenden wrote: Alexander Bokovoy wrote: On Mon, 12 Sep 2011, Rob Crittenden wrote: Limit hostnames to letters, digits and - with a max length of 255 takes_params = ( Str('fqdn', validate_host, +pattern='^[a-zA-Z0-9][a-zA-Z0-9

Re: [Freeipa-devel] [PATCH] 871 add hostname regex

2011-09-13 Thread Alexander Bokovoy
should be able to work with xn-Punycode form. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

2011-09-13 Thread Alexander Bokovoy
in case of any exception, not only for ParsingError. Attached. -- / Alexander Bokovoy From 47d663ce4b265b65f1c4ab4b4e8ec36379d9e602 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Wed, 7 Sep 2011 14:23:29 +0300 Subject: [PATCH] ipa-client-install should not clobber existing

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

2011-09-13 Thread Alexander Bokovoy
. There is sssd.conf - modify existing one 2.1. Can't open for write - report error 2.2. Can't open and read due to parsing error - create new one ... What are other cases? Admittedly, it's a contrived example, but where contrived examples exist, so can real issues. True. -- / Alexander Bokovoy

Re: [Freeipa-devel] [PATCH] 875 fix rpm installation ordering

2011-09-16 Thread Alexander Bokovoy
sure when this stopped working. I added an extra postun rule so that the server-selinux package is removed as a dependency when you do a yum erase freeipa-python. ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

  1   2   3   4   5   6   7   8   9   10   >