This is how it looks like in practice:
./ipa user-show pzuna --all --raw
--
user-show:
--
...
memberof: cn=ipausers,cn=groups,cn=accounts,dc=pzuna,
cn=dráčci,cn=groups,cn=accounts,dc=pzuna
objectclass: top, person, organizationalPerson, inetOrgPerson,
Rob Crittenden wrote:
Pavel Zuna wrote:
python-ldap seems to hate None values when adding an entry and raises
an exception instead ignoring them, so we need to filter them ourselves.
Pavel
Couldn't updates contain None as well?
rob
Updates can and it's valid. None is used in update_entry
Rob Crittenden wrote:
Pavel Zůna wrote:
- remove obsolete code related to PluginProxy
- remove parent_key attribute, for the purpose of nested objects the
parent's primary key is retrieved automatically
- added support for auto-generating UUIDs
- make use of the improved attribute printing in
Rob Crittenden wrote:
Rob Crittenden wrote:
Pavel Zůna wrote:
0007: Add support for different automount maps per location.
This patch enabled us to have a different set of automount maps per
location and to manage those locations via command plugins.
To add a new location:
ipa
Fixed.
Pavel Zuna wrote:
Dmitri Pal wrote:
Pavel, Rob,
What do the CLI utils do when someone uses --help parameter?
Is there a consistent behavior about this?
Thanks
Dmitri
Yes there is, we use OptionParser from python optparse module everywhere
as far as I know and it handles -h/--help
Rob Crittenden wrote:
In the service plugin we will attempt to revoke a server cert when a
service is deleted. Add some error handling around that effort.
This fixes the self-tests.
rob
nack.
Your 269 external CA signing, abstract RA already handles them inside
get_serial(). However, there
Pavel Zuna wrote:
Rob Crittenden wrote:
NOTE, this patch replaces a previous patch to do the same thing. I
fixed a few problems Simo pointed out and re-based it against the
current master.
This largish patch adds host enrollment. There are several scenarios
that are covered. All
Rob Crittenden wrote:
Pavel Zůna wrote:
This is a series of patches that depends on patches:
- Improve attribute printing in the CLI.
- Improve ipalib.plugins.baseldap classes.
All plugins are converted to extend baseldap classes. This makes
things more consistent, fixes some general bugs
The method was returning tuples instead of strings in both plugins causing a
mess in other plugins, when displaying netgroup/HBAC information.
Pavel
0001-Fix-bug-in-HBAC-and-netgroup-plugin-get_primary_key_.patch
Description: application/mbox
___
Rob Crittenden wrote:
Pavel Zuna wrote:
The method was returning tuples instead of strings in both plugins
causing a mess in other plugins, when displaying netgroup/HBAC
information.
Pavel
Assuming that the primary key doesn't exist, what meaning does returning
'' have? For these 2
Rob Crittenden wrote:
One of the last steps of an install is to run through any updates. This
change adds a sleep() prior to calling tasks to ensure postop writes are
done
We were seeing a rare deadlock of DS when creating the memberOf task
because one thread was adding memberOf in a postop
John Dennis wrote:
I wanted to assure myself if a command was expecting an integer value,
it could be input in whatever radix the user desires and be correctly
converted. If I understand correctly this code is in parameters.py and
is implemented by the _convert_scalar member function. The Int
Syntax in schema is 1.3.6.1.4.1.1466.115.121.1.7 == Boolean syntax.
Thanks to Sumit for pointing this out.
Pavel
0001-Handle-ipaEnabledFlag-as-bool-TRUE-FALSE-instead-o.patch
Description: application/mbox
___
Freeipa-devel mailing list
Rob Crittenden wrote:
Pavel Zuna wrote:
Only pwpolicy test is still broken - I'm looking into it.
Pavel
This brings up the return values question again. I thought we had
decided that any attribute that had only one value would be returned as
a scalar. In this case userCertificate is being
Rob Crittenden wrote:
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
Only pwpolicy test is still broken - I'm looking into it.
Pavel
This brings up the return values question again. I thought we had
decided that any attribute that had only one value would be returned
Jason Gerard DeRose wrote:
The vast majority of our Command plugins subclass from one of the CRUD
base classes, so in terms of return value consistency and API style, we
need to focus most on them (and then adapt their style to the few
non-CRUD commands).
While hooking up the webUI there have
Due to the format of accessTime (it has commas and spaces in it), we can't use
the List parameter type. I made it so that accessTime values have to be entered
one by one using new commands.
We also agreed, that we're going to rename GeneralizedTime parameter to
AccessTime to prevent confusion
Rob Crittenden wrote:
Gracefully handle a valid kerberos ticket for a deleted entry.
I saw this with a host where I joined a host, obtained a host principal,
kinited to that principal, then deleted the host from the IPA server.
The ticket was still valid so Apache let it through but
it
Rob Crittenden wrote:
Add some tips for getting more help from ipa command.
% ipa --help
Usage: ipa [options]
Options:
-h, --helpshow this help message and exit
-e KEY=VALSet environment variable KEY to VAL
-c FILE Load configuration from FILE
-d, --debug
Full docstring is shown on `ipa help COMMAND`
Pavel
0001-Print-only-one-line-of-docstrings-in-command-listing.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Jason Gerard DeRose wrote:
On Thu, 2009-11-19 at 15:57 +0100, Pavel Zuna wrote:
Full docstring is shown on `ipa help COMMAND`
Pavel
nack. There is already a Plugin.summary attribute containing the first
line of the docstring. See ipalib/plugable.py line 170.
Ok, I didn't know
Rob Crittenden wrote:
Pavel Zuna wrote:
Due to the format of accessTime (it has commas and spaces in it), we
can't use the List parameter type. I made it so that accessTime values
have to be entered one by one using new commands.
We also agreed, that we're going to rename GeneralizedTime
It was behaving just like Flag except it didn't have autofill=True by default,
so it was impossible to set it to False from the CLI. I also made it ignore case
(so 'FalSE' and 'tRue' are accepted).
Pavel
0007-Fix-Bool-parameter-type.-It-was-impossible-to-set-it.patch
Description:
Okey, here's my first shot at the ipa man page. I didn't post it as a patch, so
it's easier to review.
You can use 'man ./ipa.1.gz' to read it from anywhere, just in case you didn't
know - I didn't. :)
Pavel
ipa.1.gz
Description: GNU Zip compressed data
Rob Crittenden wrote:
Pavel Zuna wrote:
ldap2._generate_modlist now uses more sophisticated means to decide
when to use MOD_ADD+MOD_DELETE instead of MOD_REPLACE. Before it did
MOD_REPLACE only on attributes explicitly specified in
ldap2._FORCE_REPLACE_ON_UPDATE_ATTRS. Now it does MOD_REPLACE
This is actually an old patch that got lost in the depths of freeipa-devel.
There was just one issue with it, that it always assumed that the --all
parameter is present (because it is required in the baseclass). I fixed it and
now use the fail-safe: options.get('all', False)
The Kerberos
Rob Crittenden wrote:
Pavel Zuna wrote:
Alright, here's my first shot at the Kerberos Ticket Policy management
plugin.
It is also a new type of plugin. What I mean by that is that it
takes an optional primary key (username) as its first argument. If
used, policy for a specific user is being
Jason Gerard DeRose wrote:
On Tue, 2010-01-05 at 14:10 +0100, Pavel Zuna wrote:
The backend.Connectible base class was designed, so that only one instance of
each subclass is used at a time. Connectible generates a Connection object for
each thread and stores it in thread-local storage
Rob Crittenden wrote:
Allow the priority to be updated and fix the description of priority
ordering. Lower wins, not higher.
I also had to add the option to not normalize to a few more functions in
ldap2. I have to craft a very specifically-formatted DN for it to be
understood by the krb5
Rob Crittenden wrote:
Add support for starting/stopping the CA to ipactl
rob
ack.
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rob Crittenden wrote:
Remove one more hardcoded reference to the pki-ca service and use
self.service_name instead.
rob
ack.
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Adds some required attributes and values for kerberos ticket policy.
Pavel
0001-Add-default-values-for-krb-ticket-policy-attributes.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Re-post of a long forgotten patch.
Pavel
0001-Make-host-objects-aware-of-their-membership-and-that.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
It seems that 'localityname' and 'locality' aliases were dropped in newer
versions of DS.
Pavel
0001-Use-l-instead-of-localityname-in-host-plugin.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Pavel Zuna wrote:
.
Pavel
Patch attached... here.
Pavel
0001-Make-DNS-plugin-support-output-validation-and-thus-m.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
Recent version of DS requires to specify the attributeTypes and objectClasses
attributes explicitly when retrieving them.
Pavel
0001-Fix-schema-loading-in-the-ldap-backend.patch
Description: application/mbox
___
Freeipa-devel mailing list
cli.prompt_interactively now loads files before validating the parameter value.
It also populates a list of already loaded files, so that cli.load_files knows
when a parameter already contains the file contents.
Fix #557163
Pavel
0001-Fix-File-parameter-validation-when-prompting.patch
John Dennis wrote:
I've been thinking about this a bit more. I wonder if part of the
inelegance is due to the fact we're trying to shoehorn two distinct
concepts into one item when a proper relationship does not exist.
It does not seem logical that a file is a subclass of a string which is
Rob Crittenden wrote:
Try to remove a group password policy when a group is deleted. No need
to leave that hanging around.
rob
The self parameter is missing in the post_callback, it's not a static method.
auto-ack when this is fixed. :)
Pavel
John Dennis wrote:
On 01/29/2010 07:53 AM, Pavel Zuna wrote:
John Dennis wrote:
In this scheme the you don't need to keep state, you don't need to
special case any code, you can use the existing normalize and validate
mechanisms.
The problem here is that validate/normalize can only be used
Pavel Zuna wrote:
I've run into a little problem when implementing --all as a global
option. The problem is that I can't see a way, to propagate it to the
server side. Plugins could always retrieve all attributes and the client
would choose what to display, but that would be very ineffective
Rob Crittenden wrote:
David O'Brien wrote:
I tried this:
# /usr/bin/ipa user-add --first=My --last=Name --password
User login [mname]:
password:
Enter password again to verify:
ipa: ERROR: Constraint violation:pre-hashed passwords are not valid
I entered password as the password.
If I enter
This patch completes the list of attributes in the user plugin. It uses Jason's
no_create,no_update,no_search flags.
I mainly did this to test the Bring back old outputting functionality series
of patches I posted earlier, but we need to do this for all plugins anyway.
Pavel
Rob Crittenden wrote:
Pavel Zuna wrote:
I compiled 3 patches, that effectively bring back all the
functionality we had before Jasons big patch (i.e. before introducing
output validation and the common output interface).
--all and --raw are back, but this time as global options
replacing DNs
The patch is not far from trivial, but...
It makes the assumption, that IPA config files are utf-8 encoded (or compatible
like ASCII). Is that OK?
Pavel
0001-Use-unicode-instead-of-str-for-environmental-variabl.patch
Description: application/mbox
Rob Crittenden wrote:
Integers are included in the list of things to convert to str
internally. This makes them be considered binary by
ipalib.cli.encode_binary(). Add a hackish test for now to see if we have
an integer or not. I know that Pavel is working on more graceful way to
handle
This solves the bug, where integer and boolean values are interpreted as binary.
Pavel
0002-Convert-integer-and-boolean-values-to-unicode-don-t-.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
This patch makes the Command base class generate --all and --raw parameters for
every command, that has either an Entry or a ListOfEntries instance in its
has_output.
It also modifies the default output_for_cli to take these options into account.
I think its better if output_for_cli (instead
Password policy plugin was converting integers to str, which is unfriendly with
our str==binary approach.
Pavel
0001-Convert-password-policy-integer-values-to-unicode-in.patch
Description: application/mbox
___
Freeipa-devel mailing list
Removes most of the deprecated output code from plugins. take 1 because there
might be more patches like this in the near future.
Pavel
0001-Code-cleanup-remove-unused-stuff-take-1.patch
Description: application/mbox
___
Freeipa-devel mailing list
I don't know how it happened, but the contents (except for the licence and
module docstring) of ipaserver/__init__.py are gone when I do a new `git clone`.
I didn't investigate deeply into the issue, but mad this patch from a backup, so
that David can continue his work.
Pavel
Rob Crittenden wrote:
Pavel Zuna wrote:
I don't know how it happened, but the contents (except for the licence
and module docstring) of ipaserver/__init__.py are gone when I do a
new `git clone`.
I didn't investigate deeply into the issue, but mad this patch from a
backup, so that David can
Pavel Zuna wrote:
We talked about this on yesterdays quick server call.
Here's what the messages look like:
# ipa user-show idontexist
ipa: ERROR: idontexist: user not found
# ipa group-show idontexist
ipa: ERROR: idontexist: group not found
# ipa automountmap-add idontexist somemap
ipa
Rob Crittenden wrote:
Pavel Zuna wrote:
Pavel Zuna wrote:
We talked about this on yesterdays quick server call.
Here's what the messages look like:
# ipa user-show idontexist
ipa: ERROR: idontexist: user not found
# ipa group-show idontexist
ipa: ERROR: idontexist: group not found
# ipa
Rob Crittenden wrote:
Method overrides the Command get_output_params() method and only returns
the object params, not anything defined within the method itself. Return
those as well so they are displayed in output. Some care needs to be
taken to avoid returning duplicate values. In the case of
Rob Crittenden wrote:
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
Pavel Zuna wrote:
We talked about this on yesterdays quick server call.
Here's what the messages look like:
# ipa user-show idontexist
ipa: ERROR: idontexist: user not found
# ipa group-show idontexist
ipa
We discussed this with Jason on IRC. There are cases when a defining an internal
command plugin might come in handy. The plugin can be used by other plugin (for
example to create helper objects in LDAP like Class of Service entries).
Pavel
___
Fixes bug #572423 (Providing multiple group names in pwpolicy-show command
throws internal serer error.)
Pavel
0003-Use-ldap2.make_-dn-methods-in-pwpolicy-plugin.patch
Description: application/mbox
___
Freeipa-devel mailing list
This is the first in a series of patches, that replace all the legacy code from
v1 related to LDAP. I did some limited testing of the installer after this patch
and nothing seems to break, but I didn't do replicas etc...
Pavel
0006-Use-ldap2-instead-of-legacy-LDAP-code-from-v1-in-ins.patch
Jason Gerard DeRose wrote:
On Fri, 2010-03-12 at 18:01 -0500, Rob Crittenden wrote:
Ensure that the group policy priority is unique.
We use CoS to determine the order in which group policy is applied. The
behavior in CoS is undefined for multiple entries with the same
cospriority.
This
Last week, I spent a good amount of time investigating about the way we
build/normalize DNs. Most issues, that came up recently originated in the
password policy plugin as it needed specially crafted DNs for class of service
(CoS) entries. As I was playing around with it, I decided to rewrite
Pavel Zuna wrote:
Last week, I spent a good amount of time investigating about the way we
build/normalize DNs. Most issues, that came up recently originated in
the password policy plugin as it needed specially crafted DNs for class
of service (CoS) entries. As I was playing around with it, I
Rob Crittenden wrote:
Pavel Zuna wrote:
Last week, I spent a good amount of time investigating about the way
we build/normalize DNs. Most issues, that came up recently originated
in the password policy plugin as it needed specially crafted DNs for
class of service (CoS) entries. As I
Rob Crittenden wrote:
Pavel Zuna wrote:
This makes it possible to create DNs as required by some class of
service plugins, where the DN actually contains another DN in quotes.
Pavel
I guess we should skip this patch or do the reverse if we're not going
to support quoted dns.
Agreed
This patch effectively removes all LDAPv2 style quoted DNs and makes sure we
don't use them anymore.
KDC doesn't seem to have any problems with LDAPv3 style DNs, but I kept the
option to disable DN normalization for now.
I also had to add a new dollar variable for LDIF files:
Oops, forgot to post the patch.
Sorry and thanks to Rob for reminding me. :)
The man page is installed/uninstalled automatically with IPA. It's under 1 (User
commands).
I also attached the man page separately for more convenient reviews. Use `man
./ipa.1.gz` to view it.
By the way, I'm not
On 03/26/2010 10:57 PM, Rob Crittenden wrote:
I was poking around at the base classes today and I'm wondering if we
need to change the parent of crud.Delete().
The use case is host-del. We store the short and the fqdn name of hosts.
I think that for deleting we want enforce using the fqdn to be
Fixed while fixing my ldap2 for installer patch. :)
Pavel
0001-Fix-http-s-_request-in-dogtag.-Was-blowing-up-becaus.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 03/23/2010 09:40 PM, Rob Crittenden wrote:
Pavel Zuna wrote:
This is the first in a series of patches, that replace all the legacy
code from v1 related to LDAP. I did some limited testing of the
installer after this patch and nothing seems to break, but I didn't do
replicas etc...
Pavel
On 03/31/2010 10:17 PM, Rob Crittenden wrote:
Pavel Zuna wrote:
Oops, forgot to post the patch.
Sorry and thanks to Rob for reminding me. :)
The man page is installed/uninstalled automatically with IPA. It's
under 1 (User commands).
I also attached the man page separately for more convenient
On 03/30/2010 10:27 PM, Rob Crittenden wrote:
Pavel Zuna wrote:
On 03/23/2010 09:40 PM, Rob Crittenden wrote:
Pavel Zuna wrote:
This is the first in a series of patches, that replace all the legacy
code from v1 related to LDAP. I did some limited testing of the
installer after this patch
On 04/16/2010 10:25 PM, Rob Crittenden wrote:
Pavel Zůna wrote:
On 4/16/2010 5:09 PM, Rob Crittenden wrote:
Pavel Zuna wrote:
This patch effectively removes all LDAPv2 style quoted DNs and makes
sure we don't use them anymore.
KDC doesn't seem to have any problems with LDAPv3 style DNs
On 04/22/2010 08:04 PM, Rob Crittenden wrote:
Pavel Zůna wrote:
Note that this is still work in progress and will be finished
in another patch. Specifically, it currently doesn't cover baseldap.py
classes.
Pavel
The content of this is fine and it's a great start, but do we want to
put this
Fix bug #588414.
I'm going to submit improved validation error messages for AccessTime in a
separate patch. This one just fixes the bug.
Pavel
pzuna-freeipa-0002-accesstime.patch
Description: application/mbox
___
Freeipa-devel mailing list
On 04/27/2010 09:49 PM, Rob Crittenden wrote:
Pavel Zůna wrote:
Don't mind the numbering. This is a completely independent patch.
It adds a new pwpolicy plugin based on baseldap.py classes. It has the
same functionality as the current pwpolicy plugin, but a more clean
and consistent interface,
The new callback enables plugin authors to supply their own handler for
ExecutionError exceptions generated by calls to ldap2 made from the execute
method of baseldap.py classes that extend CallbackInterface.
Pavel
pzuna-freeipa-0004-exc_callback.patch
Description: application/mbox
EmptyModlist exception was generated by pwpolicy2-mod when modifying policy
priority only. It was because the priority attribute is stored outside of the
policy entry (in a CoS entry) and there was nothing left to be changed in the
policy entry.
This patch uses the new exception callbacks in
Improved version attached.
If a callback raised a new exception, callbacks next in row would still get the
original exception. Now they should get the new one as intended.
Thanks to Rob for pointing this out.
Pavel
pzuna-freeipa-0004-exc_callback.patch
Description: application/mbox
On 05/14/2010 11:32 PM, Rob Crittenden wrote:
Enforce that the max lifetime is min lifetime. This was a regression
from IPA v1.
This relies on the pwpolicy switcheroo, patch 441.
rob
ack.
Pavel
___
Freeipa-devel mailing list
On 05/14/2010 11:54 PM, Rob Crittenden wrote:
The uid option to the user plugin is the uidnumber, not the login name.
Try to clarify that in the cmd line doc.
rob
ack.
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 05/14/2010 10:02 PM, Rob Crittenden wrote:
This completes the switch to the new pwpolicy plugin. I generated the
patch with -M but it still created a huge diff. The changes are
relatively minor, mostly dropping '2' from a bunch of calls and fixing
removal of the pwpolicy when deleting a
On 05/17/2010 07:39 PM, Rob Crittenden wrote:
Remove the unnecessary get_dn() and get_primary_key_from_dn() from
hbacsvcgroup plugin and add some basic tests for it.
rob
ack.
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 05/19/2010 07:28 PM, Rob Crittenden wrote:
Include -clone_uri argument to pkisilent setting the clone URI.
This makes creating a clone from a clone work as expected.
Note that this depends on some fixes in the pki-ca, pki-common and
pki-silent packages. I tested this against pre-release
On 05/20/2010 05:56 PM, Rob Crittenden wrote:
Move the dogtag SELinux rules loading into the spec file
I couldn't put the dogtag rules into the spec file until we required
dogtag as a component. If it wasn't pre-loaded them the rules loading
would fail because types would be missing.
rob
This
On 05/20/2010 07:54 PM, Rob Crittenden wrote:
Add the 'all' serviceCategory to the default allow_all HBAC rule and add
some standard services: ftp, login, sshd, su, sudo.
rob
ack.
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 05/21/2010 11:35 PM, Rob Crittenden wrote:
Fix this test to work from source tree root
It would work if you ran the test from its location in tests/test_ipalib
but this isn't the most common method. If you want to run it individually
you can do:
$ ./make-test tests/test_ipalib/test_text.py
On 05/26/2010 03:50 PM, Rob Crittenden wrote:
I moved these contents into an update so that each entry could get its
own UUID. The templater for ldif files is a little less robust and can
only assign a single UUID per file. If this is ever an issue we can
address it then butit isn't a problem
On 05/21/2010 10:30 PM, Rob Crittenden wrote:
Add the ipqUniqueID object to HBAC services and make sure that they get
the memberOf attribute if they are members of service groups.
rob
ack.
Pavel
___
Freeipa-devel mailing list
On 05/28/2010 05:22 PM, Rob Crittenden wrote:
The preop.pin is used to authenticate the admin when doing CA
enrollment. We were assuming it would be available and things blow up
badly if not (we end up passing None as an argument to exec). If there
isn't a preop pin there is no need to do
On 05/27/2010 11:51 PM, Rob Crittenden wrote:
If a host is already enrolled (either as a client or a former replica)
then ipa-replica-install will fail spectacularly with an error about a
missing keytab. This is because some entries already exist and it
totally confuses things. We need to start
On 06/02/2010 08:34 PM, Rob Crittenden wrote:
Add a new role specifically for delegating enrollment. Previously you
had to delegate two tasks, this simplifies things.
rob
ack.
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 06/02/2010 08:35 PM, Rob Crittenden wrote:
The Virtual base class is used for doing non-LDAP operations, right not
just for certificate commands. It wasn't honoring the no_* option flags.
Add support for that.
rob
NACK.
I think I do understand what this patch is trying to do and it works,
On 06/02/2010 08:36 PM, Rob Crittenden wrote:
First pass at adding per-command documentation for each plugin.
rob
ack.
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 06/15/2010 03:08 AM, David O'Brien wrote:
Rob Crittenden wrote:
First pass at adding per-command documentation for each plugin.
rob
Rob,
How would you like edits to this?
I _could_ edit the patch, or I could wait until you commit what you have
and then run ipa help topic and send edited
On 06/25/2010 03:46 PM, Rob Crittenden wrote:
Use newer API in selfsign plugin. Fix missing import when running in the
in-tree lite-server.
rob
Maybe we should remove the comment as well, if it's not valid anymore. Other
than that:
ACK.
Pavel
On 07/12/2010 10:47 PM, Rob Crittenden wrote:
When figuring out what to display has_output_params was being ignored by
decendents of the Method class.
rob
ACK.
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 07/12/2010 11:48 PM, Rob Crittenden wrote:
This patch supercedes patch 479 which is now defunct. It relies on patch
481.
Add API to delete a service principal key, service-disable and
host-disable. This is so an admin can essentially revoke a service
principal without deleting it (a host
- Make it recursive.
- Make Param classes serializable.
- Take python native data types into account.
Pavel
pzuna-freeipa-0010-json.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
This is required for the webUI, since we're dropping Genshi. *ehm* :)
You can't use this command on the CLI. It takes one optional argument:
the name of an IPA object. If not specified, meta-data for all objects
are returned.
Note: If you want to try it out on the CLI, just comment out the
What it means?
Well, first I removed some development control variables from ipa.js.
Namely useSampleData and sizelimit. I moved useSampleData to the top
of index.xhtml. This way we won't forget about it when we don't need
it anymore. sizelimit has nothing to do in ipa.js and be hardcoded
for ALL
1 - 100 of 183 matches
Mail list logo