[Freeipa-devel] [PATCH] Add wrapping when printing multi-value attributes that don't fit on one line.

2009-08-04 Thread Pavel Zuna
This is how it looks like in practice: ./ipa user-show pzuna --all --raw -- user-show: -- ... memberof: cn=ipausers,cn=groups,cn=accounts,dc=pzuna, cn=dráčci,cn=groups,cn=accounts,dc=pzuna objectclass: top, person, organizationalPerson, inetOrgPerson,

Re: [Freeipa-devel] [PATCH] Make ldap2.add_entry proof to None values, because python-ldap hates'em.

2009-08-31 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: python-ldap seems to hate None values when adding an entry and raises an exception instead ignoring them, so we need to filter them ourselves. Pavel Couldn't updates contain None as well? rob Updates can and it's valid. None is used in update_entry

[Freeipa-devel] Re: [PATCHES] Improve ipalib.plugins.baseldap classes.

2009-09-09 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zůna wrote: - remove obsolete code related to PluginProxy - remove parent_key attribute, for the purpose of nested objects the parent's primary key is retrieved automatically - added support for auto-generating UUIDs - make use of the improved attribute printing in

Re: [Freeipa-devel] Re: [PATCHES] Add support for different automount maps per location.

2009-09-09 Thread Pavel Zuna
Rob Crittenden wrote: Rob Crittenden wrote: Pavel Zůna wrote: 0007: Add support for different automount maps per location. This patch enabled us to have a different set of automount maps per location and to manage those locations via command plugins. To add a new location: ipa

[Freeipa-devel] [PATCH] Fix incorrect imports in ipa-server-certinstall. [Was: consistent use of --help on CLI?]

2009-09-10 Thread Pavel Zuna
Fixed. Pavel Zuna wrote: Dmitri Pal wrote: Pavel, Rob, What do the CLI utils do when someone uses --help parameter? Is there a consistent behavior about this? Thanks Dmitri Yes there is, we use OptionParser from python optparse module everywhere as far as I know and it handles -h/--help

[Freeipa-devel] Re: [PATCH] Automatically generate an auto.master map for new automount location.

2009-09-10 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zůna wrote: I thought that it might be a good idea to automatically generate the auto.master map for new locations. It depends on my previous automount patch. Pavel Question: do we need a method to return all maps? Jason might need this in the UI. All maps

Re: [Freeipa-devel] [PATCH] 271 handle certificate decode errors in service

2009-09-15 Thread Pavel Zuna
Rob Crittenden wrote: In the service plugin we will attempt to revoke a server cert when a service is deleted. Add some error handling around that effort. This fixes the self-tests. rob nack. Your 269 external CA signing, abstract RA already handles them inside get_serial(). However, there

Re: [Freeipa-devel] [PATCH] 273 join a host to an IPA domain

2009-09-15 Thread Pavel Zuna
Pavel Zuna wrote: Rob Crittenden wrote: NOTE, this patch replaces a previous patch to do the same thing. I fixed a few problems Simo pointed out and re-based it against the current master. This largish patch adds host enrollment. There are several scenarios that are covered. All

[Freeipa-devel] Re: [PATCHES] Make plugins use baseldap classes.

2009-09-15 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zůna wrote: This is a series of patches that depends on patches: - Improve attribute printing in the CLI. - Improve ipalib.plugins.baseldap classes. All plugins are converted to extend baseldap classes. This makes things more consistent, fixes some general bugs

[Freeipa-devel] [PATCH] Fix bug in HBAC and netgroup plugin get_primary_key_from_dn methods.

2009-10-06 Thread Pavel Zuna
The method was returning tuples instead of strings in both plugins causing a mess in other plugins, when displaying netgroup/HBAC information. Pavel 0001-Fix-bug-in-HBAC-and-netgroup-plugin-get_primary_key_.patch Description: application/mbox ___

[Freeipa-devel] Re: [PATCH] Fix bug in HBAC and netgroup plugin get_primary_key_from_dn methods.

2009-10-08 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: The method was returning tuples instead of strings in both plugins causing a mess in other plugins, when displaying netgroup/HBAC information. Pavel Assuming that the primary key doesn't exist, what meaning does returning '' have? For these 2

Re: [Freeipa-devel] [PATCH] 292 use proper objectclass for rolegroups

2009-10-12 Thread Pavel Zuna
Rob Crittenden wrote: I was using groupofnames for rolegroups but trying to add memberof to it (bad). Use nestedgroup instead. rob ack. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 289 fix host admin acis

2009-10-12 Thread Pavel Zuna
Rob Crittenden wrote: It appears I missed a couple of ACI's when we changed the DN format of hosts. rob ack. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 294 sleep before doing a task

2009-10-15 Thread Pavel Zuna
Rob Crittenden wrote: One of the last steps of an install is to run through any updates. This change adds a sleep() prior to calling tasks to ensure postop writes are done We were seeing a rare deadlock of DS when creating the memberOf task because one thread was adding memberOf in a postop

Re: [Freeipa-devel] Integer parameters

2009-10-19 Thread Pavel Zuna
John Dennis wrote: I wanted to assure myself if a command was expecting an integer value, it could be input in whatever radix the user desires and be correctly converted. If I understand correctly this code is in parameters.py and is implemented by the _convert_scalar member function. The Int

Re: [Freeipa-devel] [PATCH] jderose 022 Change Password param

2009-10-19 Thread Pavel Zuna
Jason Gerard DeRose wrote: This patch allows you do provide a Password as a two item tuple or list (the password plus the password confirmation). This is the most natural way for this to work through the UI. ack. Pavel ___ Freeipa-devel mailing

[Freeipa-devel] [PATCH] Remove 'ipaObject' objectClass from rolegroups and taskgroups.

2009-10-29 Thread Pavel Zuna
We don't need it there and rolegroups/taskgroup created on installation don't have it, so they didn't show up in *-find output before this patch. Pavel 0001-Remove-ipaObject-objectClass-from-rolegroups-and-t.patch Description: application/mbox ___

Re: [Freeipa-devel] [PATCH] Add DS to IPA migration plugin and password migration page.

2009-10-30 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Example output of migration plugin: I have a DS server setup on a VM at 192.168.122.4 and I made a few tweaks to show how errors are reported. # ipa migrate-ds ldap://192.168.122.4:389 Password: Enter password again to verify: --- migrate-ds

[Freeipa-devel] [PATCH] Handle ipaEnabledFlag as bool (TRUE/FALSE) instead of string (enabled/disabled).

2009-11-02 Thread Pavel Zuna
Syntax in schema is 1.3.6.1.4.1.1466.115.121.1.7 == Boolean syntax. Thanks to Sumit for pointing this out. Pavel 0001-Handle-ipaEnabledFlag-as-bool-TRUE-FALSE-instead-o.patch Description: application/mbox ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] Add DS to IPA migration plugin and password migration page.

2009-11-02 Thread Pavel Zuna
Everyone wrote: ... A LOT and Thunderbird isn't able to display a thread on a mailing list properly. I did some testing on how much time does it take to migrate a few users. I started with 1, but unfortunately my VM can't handle that much (always running out of space and I already deleted

[Freeipa-devel] [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.

2009-11-13 Thread Pavel Zuna
This should fix the issue: Rob Crittenden wrote: Michael Gregg wrote: Rob, did the support for posix groups change? If I create a group specifying --posix the cli does create the group. Then, using ipa group-find, I do not see any way to determine if that group is a posixgroup or not.

[Freeipa-devel] Re: [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.

2009-11-13 Thread Pavel Zuna
And here's the actual patch. :) Pavel Zuna wrote: This should fix the issue: Rob Crittenden wrote: Michael Gregg wrote: Rob, did the support for posix groups change? If I create a group specifying --posix the cli does create the group. Then, using ipa group-find, I do not see any way

[Freeipa-devel] [PATCH] Fix a bunch of unit tests.

2009-11-13 Thread Pavel Zuna
Only pwpolicy test is still broken - I'm looking into it. Pavel 0001-Fix-a-bunch-of-unit-tests.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Re: [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.

2009-11-16 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: And here's the actual patch. :) Pavel Zuna wrote: This should fix the issue: Rob Crittenden wrote: Michael Gregg wrote: Rob, did the support for posix groups change? If I create a group specifying --posix the cli does create the group. Then, using

Re: [Freeipa-devel] [PATCH] Fix a bunch of unit tests.

2009-11-16 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Only pwpolicy test is still broken - I'm looking into it. Pavel This brings up the return values question again. I thought we had decided that any attribute that had only one value would be returned as a scalar. In this case userCertificate is being

Re: [Freeipa-devel] [PATCH] Fix a bunch of unit tests.

2009-11-18 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Rob Crittenden wrote: Pavel Zuna wrote: Only pwpolicy test is still broken - I'm looking into it. Pavel This brings up the return values question again. I thought we had decided that any attribute that had only one value would be returned

Re: [Freeipa-devel] Return values, CRUD, webUI

2009-11-18 Thread Pavel Zuna
Jason Gerard DeRose wrote: The vast majority of our Command plugins subclass from one of the CRUD base classes, so in terms of return value consistency and API style, we need to focus most on them (and then adapt their style to the few non-CRUD commands). While hooking up the webUI there have

[Freeipa-devel] [PATCH] Add {user, host, sourcehost}Category to HBAC and make accessTime multivalue.

2009-11-18 Thread Pavel Zuna
Due to the format of accessTime (it has commas and spaces in it), we can't use the List parameter type. I made it so that accessTime values have to be entered one by one using new commands. We also agreed, that we're going to rename GeneralizedTime parameter to AccessTime to prevent confusion

Re: [Freeipa-devel] [PATCH] 314 handle LDAP bind failures gracefully

2009-11-19 Thread Pavel Zuna
Rob Crittenden wrote: Gracefully handle a valid kerberos ticket for a deleted entry. I saw this with a host where I joined a host, obtained a host principal, kinited to that principal, then deleted the host from the IPA server. The ticket was still valid so Apache let it through but it

Re: [Freeipa-devel] [PATCH] 316 add tips to --help

2009-11-19 Thread Pavel Zuna
Rob Crittenden wrote: Add some tips for getting more help from ipa command. % ipa --help Usage: ipa [options] Options: -h, --helpshow this help message and exit -e KEY=VALSet environment variable KEY to VAL -c FILE Load configuration from FILE -d, --debug

[Freeipa-devel] [PATCH] Print only one line of docstrings in command listings.

2009-11-19 Thread Pavel Zuna
Full docstring is shown on `ipa help COMMAND` Pavel 0001-Print-only-one-line-of-docstrings-in-command-listing.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

[Freeipa-devel] [PATCH] Make host objects aware of their membership and that l==localityName.

2009-11-26 Thread Pavel Zuna
host object's didn't know they can be member of hostgroups, netgroups and rolegroups and they also didn't know that 'l' and 'localityName' is the same attribute. Pavel 0001-Make-host-objects-aware-of-their-membership-and-that.patch Description: application/mbox

Re: [Freeipa-devel] [PATCH] Print only one line of docstrings in command listings.

2009-11-26 Thread Pavel Zuna
Jason Gerard DeRose wrote: On Thu, 2009-11-19 at 15:57 +0100, Pavel Zuna wrote: Full docstring is shown on `ipa help COMMAND` Pavel nack. There is already a Plugin.summary attribute containing the first line of the docstring. See ipalib/plugable.py line 170. Ok, I didn't know

[Freeipa-devel] [PATCH] Fix takes_options in automount plugin.

2009-11-26 Thread Pavel Zuna
Automount plugin was overwriting options from its base class instead of adding new ones. Pavel 0003-Fix-takes_options-in-automount-plugin.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] Add {user, host, sourcehost}Category to HBAC and make accessTime multivalue.

2009-11-26 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Due to the format of accessTime (it has commas and spaces in it), we can't use the List parameter type. I made it so that accessTime values have to be entered one by one using new commands. We also agreed, that we're going to rename GeneralizedTime

[Freeipa-devel] [PATCH] Fix Bool parameter type. It was impossible to set to FALSE.

2009-11-26 Thread Pavel Zuna
It was behaving just like Flag except it didn't have autofill=True by default, so it was impossible to set it to False from the CLI. I also made it ignore case (so 'FalSE' and 'tRue' are accepted). Pavel 0007-Fix-Bool-parameter-type.-It-was-impossible-to-set-it.patch Description:

[Freeipa-devel] IPA man page

2009-12-10 Thread Pavel Zuna
Okey, here's my first shot at the ipa man page. I didn't post it as a patch, so it's easier to review. You can use 'man ./ipa.1.gz' to read it from anywhere, just in case you didn't know - I didn't. :) Pavel ipa.1.gz Description: GNU Zip compressed data

Re: [Freeipa-devel] Re: [PATCHES] Migration wrap-up.

2009-12-10 Thread Pavel Zuna
David O'Brien wrote: If there's an easy way for me to get access to the messages and anything else that gets put in front of the user I'm happy to review it. I haven't done much (read almost nothing) in the way of patch reviews, so I'm not sure if that's the best way. Maybe I should just learn

Re: [Freeipa-devel] [PATCH] Improve modlist generation in ldap2. Some code cleanup as bonus.

2010-01-05 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: ldap2._generate_modlist now uses more sophisticated means to decide when to use MOD_ADD+MOD_DELETE instead of MOD_REPLACE. Before it did MOD_REPLACE only on attributes explicitly specified in ldap2._FORCE_REPLACE_ON_UPDATE_ATTRS. Now it does MOD_REPLACE

[Freeipa-devel] [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.

2010-01-11 Thread Pavel Zuna
This is actually an old patch that got lost in the depths of freeipa-devel. There was just one issue with it, that it always assumed that the --all parameter is present (because it is required in the baseclass). I fixed it and now use the fail-safe: options.get('all', False) The Kerberos

Re: [Freeipa-devel] [PATCH] Add Kerberos Ticket Policy management plugin.

2010-01-11 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Alright, here's my first shot at the Kerberos Ticket Policy management plugin. It is also a new type of plugin. What I mean by that is that it takes an optional primary key (username) as its first argument. If used, policy for a specific user is being

Re: [Freeipa-devel] [PATCH] Allow creation of new connections by unshared instances of backend.Connectible.

2010-01-11 Thread Pavel Zuna
Jason Gerard DeRose wrote: On Tue, 2010-01-05 at 14:10 +0100, Pavel Zuna wrote: The backend.Connectible base class was designed, so that only one instance of each subclass is used at a time. Connectible generates a Connection object for each thread and stores it in thread-local storage

Re: [Freeipa-devel] [PATCH] 345 fix pwpolicy plugin

2010-01-11 Thread Pavel Zuna
Rob Crittenden wrote: Allow the priority to be updated and fix the description of priority ordering. Lower wins, not higher. I also had to add the option to not normalize to a few more functions in ldap2. I have to craft a very specifically-formatted DN for it to be understood by the krb5

Re: [Freeipa-devel] [PATCH] 346 add pki-cad support to ipactl

2010-01-11 Thread Pavel Zuna
Rob Crittenden wrote: Add support for starting/stopping the CA to ipactl rob ack. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 347 do status on right service in installer

2010-01-11 Thread Pavel Zuna
Rob Crittenden wrote: Remove one more hardcoded reference to the pki-ca service and use self.service_name instead. rob ack. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Add default values for krb ticket policy attributes during installation.

2010-01-12 Thread Pavel Zuna
Adds some required attributes and values for kerberos ticket policy. Pavel 0001-Add-default-values-for-krb-ticket-policy-attributes.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

[Freeipa-devel] [PATCH] Make host objects aware of their membership and that l==localityname.

2010-01-12 Thread Pavel Zuna
Re-post of a long forgotten patch. Pavel 0001-Make-host-objects-aware-of-their-membership-and-that.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Use 'l' instead of 'localityname' in host plugin.

2010-01-12 Thread Pavel Zuna
It seems that 'localityname' and 'locality' aliases were dropped in newer versions of DS. Pavel 0001-Use-l-instead-of-localityname-in-host-plugin.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

[Freeipa-devel] [PATCH] Fix backend.Executioner unit test.

2010-01-13 Thread Pavel Zuna
Before the patch that allows to create unshared instances of Connectible, all Connection objects were deleted at once in destroy_context(). It made sense at the time, because there was always at most one Connection per Connectible subclass and Connectible.disconnect() was called only

Re: [Freeipa-devel] [PATCH] Make host objects aware of their membership and that l==localityname.

2010-01-14 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Re-post of a long forgotten patch. Pavel Not to be too picky but will this conflict with the recent localityname changes? No, the changes only tell the plugin that the memberOf attribute of hosts can contain references to certain types of objects

[Freeipa-devel] [PATCH] Make DNS plugin support output validation and thus make it work again.

2010-01-14 Thread Pavel Zuna
. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Make DNS plugin support output validation and thus make it work again.

2010-01-14 Thread Pavel Zuna
Pavel Zuna wrote: . Pavel Patch attached... here. Pavel 0001-Make-DNS-plugin-support-output-validation-and-thus-m.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo

Re: [Freeipa-devel] [PATCH] Make DNS plugin support output validation and thus make it work again.

2010-01-18 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Pavel Zuna wrote: . Pavel Patch attached... here. Pavel This looks ok but do you really want to override output_for_cli? This doesn't seem to do a lot more than the default, but I may be wrong. It does a little bit more. Anyway this patch

[Freeipa-devel] [PATCH] Fix schema loading in the ldap backend.

2010-01-27 Thread Pavel Zuna
Recent version of DS requires to specify the attributeTypes and objectClasses attributes explicitly when retrieving them. Pavel 0001-Fix-schema-loading-in-the-ldap-backend.patch Description: application/mbox ___ Freeipa-devel mailing list

[Freeipa-devel] [PATCH] Fix File parameter validation when prompting.

2010-01-27 Thread Pavel Zuna
cli.prompt_interactively now loads files before validating the parameter value. It also populates a list of already loaded files, so that cli.load_files knows when a parameter already contains the file contents. Fix #557163 Pavel 0001-Fix-File-parameter-validation-when-prompting.patch

Re: [Freeipa-devel] [PATCH] Fix File parameter validation when prompting.

2010-01-29 Thread Pavel Zuna
John Dennis wrote: On 01/28/2010 06:56 PM, Jason Gerard DeRose wrote: On Wed, 2010-01-27 at 17:53 +0100, Pavel Zuna wrote: cli.prompt_interactively now loads files before validating the parameter value. It also populates a list of already loaded files, so that cli.load_files knows when

Re: [Freeipa-devel] [PATCH] Fix File parameter validation when prompting.

2010-01-29 Thread Pavel Zuna
John Dennis wrote: I've been thinking about this a bit more. I wonder if part of the inelegance is due to the fact we're trying to shoehorn two distinct concepts into one item when a proper relationship does not exist. It does not seem logical that a file is a subclass of a string which is

Re: [Freeipa-devel] [PATCH] 362 remove group pwd policy on group deletion

2010-01-29 Thread Pavel Zuna
Rob Crittenden wrote: Try to remove a group password policy when a group is deleted. No need to leave that hanging around. rob The self parameter is missing in the post_callback, it's not a static method. auto-ack when this is fixed. :) Pavel

Re: [Freeipa-devel] [PATCH] Fix File parameter validation when prompting.

2010-01-29 Thread Pavel Zuna
John Dennis wrote: On 01/29/2010 07:53 AM, Pavel Zuna wrote: John Dennis wrote: In this scheme the you don't need to keep state, you don't need to special case any code, you can use the existing normalize and validate mechanisms. The problem here is that validate/normalize can only be used

Re: [Freeipa-devel] Implementing --all as a global option

2010-02-04 Thread Pavel Zuna
Pavel Zuna wrote: I've run into a little problem when implementing --all as a global option. The problem is that I can't see a way, to propagate it to the server side. Plugins could always retrieve all attributes and the client would choose what to display, but that would be very ineffective

[Freeipa-devel] [PATCH] Fix condition bug in ipa-pwd-extop plugin. Variable used uninitialized. [Was: Re: Adding new IPA users on the CLI]

2010-02-04 Thread Pavel Zuna
Rob Crittenden wrote: David O'Brien wrote: I tried this: # /usr/bin/ipa user-add --first=My --last=Name --password User login [mname]: password: Enter password again to verify: ipa: ERROR: Constraint violation:pre-hashed passwords are not valid I entered password as the password. If I enter

[Freeipa-devel] [PATCH] Complete the list of user attributes.

2010-02-09 Thread Pavel Zuna
This patch completes the list of attributes in the user plugin. It uses Jason's no_create,no_update,no_search flags. I mainly did this to test the Bring back old outputting functionality series of patches I posted earlier, but we need to do this for all plugins anyway. Pavel

Re: [Freeipa-devel] [PATCHES] Bring back old outputting functionality

2010-02-10 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: I compiled 3 patches, that effectively bring back all the functionality we had before Jasons big patch (i.e. before introducing output validation and the common output interface). --all and --raw are back, but this time as global options replacing DNs

Re: [Freeipa-devel] [PATCHES] Bring back old outputting functionality

2010-02-10 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: I compiled 3 patches, that effectively bring back all the functionality we had before Jasons big patch (i.e. before introducing output validation and the common output interface). --all and --raw are back, but this time as global options replacing DNs

[Freeipa-devel] [PATCH] Use unicode instead of str for environmental variables in Env.

2010-02-11 Thread Pavel Zuna
The patch is not far from trivial, but... It makes the assumption, that IPA config files are utf-8 encoded (or compatible like ASCII). Is that OK? Pavel 0001-Use-unicode-instead-of-str-for-environmental-variabl.patch Description: application/mbox

[Freeipa-devel] [PATCH] Add default automount location. Auto-create auto.direct in new locations.

2010-02-12 Thread Pavel Zuna
This patch replaces deprecated automount entries created after installation with a 'default' automount location with auto.master and auto.direct maps. It also makes the automount plugin create the auto.master and auto.direct maps when a new location is added. Pavel

Re: [Freeipa-devel] [PATCH] 381 fix output of integers

2010-02-17 Thread Pavel Zuna
Rob Crittenden wrote: Integers are included in the list of things to convert to str internally. This makes them be considered binary by ipalib.cli.encode_binary(). Add a hackish test for now to see if we have an integer or not. I know that Pavel is working on more graceful way to handle

[Freeipa-devel] [PATCH] Convert integers and boolean values to unicode, don't leave them as str.

2010-02-17 Thread Pavel Zuna
This solves the bug, where integer and boolean values are interpreted as binary. Pavel 0002-Convert-integer-and-boolean-values-to-unicode-don-t-.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

[Freeipa-devel] [PATCH] Auto-generate --all and --raw for commands, that return entries.

2010-02-17 Thread Pavel Zuna
This patch makes the Command base class generate --all and --raw parameters for every command, that has either an Entry or a ListOfEntries instance in its has_output. It also modifies the default output_for_cli to take these options into account. I think its better if output_for_cli (instead

[Freeipa-devel] [PATCH] Convert password policy integer values to unicode instead of str.

2010-02-17 Thread Pavel Zuna
Password policy plugin was converting integers to str, which is unfriendly with our str==binary approach. Pavel 0001-Convert-password-policy-integer-values-to-unicode-in.patch Description: application/mbox ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH 384-386 small problems discovered in migration

2010-02-17 Thread Pavel Zuna
Rob Crittenden wrote: Here are 3 tiny patches that fix some problems in the migration plugin. This should allow group migration from an IPA v1 server to work. rob ack all 3 patches Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

[Freeipa-devel] [PATCH] Make error messages in migration plugin unicode.

2010-02-17 Thread Pavel Zuna
Fixes output of the migration plugin. Pavel 0001-Make-error-message-in-migration-plugin-unicode.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Make the --all option work in Add/Remove Member commands.

2010-02-24 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zůna wrote: Add/Remove Member commands didn't work with the --all option. They do now. Pavel Nack, it causes 5 tests to fail. rob New version attached. Fixes the tests and makes Add/Remove Member commands return DN as well. Pavel

[Freeipa-devel] Plugin versioning scheme and plugin dependencies

2010-02-25 Thread Pavel Zuna
I've been thinking about this a little bit and came up with the following proposition. All plugin, that are going to be registered in API, will need a version number or preferably two. A major and a minor version number. The major number will only be incremented when a backward incompatible

[Freeipa-devel] [PATCH] Code cleanup: remove unused stuff, take 1.

2010-02-25 Thread Pavel Zuna
Removes most of the deprecated output code from plugins. take 1 because there might be more patches like this in the near future. Pavel 0001-Code-cleanup-remove-unused-stuff-take-1.patch Description: application/mbox ___ Freeipa-devel mailing list

[Freeipa-devel] [PATCH] Restore ipaserver/__init__.py

2010-03-03 Thread Pavel Zuna
I don't know how it happened, but the contents (except for the licence and module docstring) of ipaserver/__init__.py are gone when I do a new `git clone`. I didn't investigate deeply into the issue, but mad this patch from a backup, so that David can continue his work. Pavel

Re: [Freeipa-devel] [PATCH] Restore ipaserver/__init__.py

2010-03-03 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: I don't know how it happened, but the contents (except for the licence and module docstring) of ipaserver/__init__.py are gone when I do a new `git clone`. I didn't investigate deeply into the issue, but mad this patch from a backup, so that David can

Re: [Freeipa-devel] [PATCH] Provide more detailed NotFound error messages from baseldap.py classes.

2010-03-03 Thread Pavel Zuna
Pavel Zuna wrote: We talked about this on yesterdays quick server call. Here's what the messages look like: # ipa user-show idontexist ipa: ERROR: idontexist: user not found # ipa group-show idontexist ipa: ERROR: idontexist: group not found # ipa automountmap-add idontexist somemap ipa

Re: [Freeipa-devel] [PATCH] Provide more detailed NotFound error messages from baseldap.py classes.

2010-03-08 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Pavel Zuna wrote: We talked about this on yesterdays quick server call. Here's what the messages look like: # ipa user-show idontexist ipa: ERROR: idontexist: user not found # ipa group-show idontexist ipa: ERROR: idontexist: group not found # ipa

Re: [Freeipa-devel] [PATCH] 399 Include params in Method.output_params

2010-03-09 Thread Pavel Zuna
Rob Crittenden wrote: Method overrides the Command get_output_params() method and only returns the object params, not anything defined within the method itself. Return those as well so they are displayed in output. Some care needs to be taken to avoid returning duplicate values. In the case of

Re: [Freeipa-devel] [PATCH] Provide more detailed NotFound error messages from baseldap.py classes.

2010-03-09 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Rob Crittenden wrote: Pavel Zuna wrote: Pavel Zuna wrote: We talked about this on yesterdays quick server call. Here's what the messages look like: # ipa user-show idontexist ipa: ERROR: idontexist: user not found # ipa group-show idontexist ipa

[Freeipa-devel] [PATCH] Add INTERNAL flag to frontend plugins. If set, the plugin won't show up in UI.

2010-03-16 Thread Pavel Zuna
We discussed this with Jason on IRC. There are cases when a defining an internal command plugin might come in handy. The plugin can be used by other plugin (for example to create helper objects in LDAP like Class of Service entries). Pavel ___

[Freeipa-devel] Use ldap2.make_*dn* methods in pwpolicy plugin.

2010-03-16 Thread Pavel Zuna
Fixes bug #572423 (Providing multiple group names in pwpolicy-show command throws internal serer error.) Pavel 0003-Use-ldap2.make_-dn-methods-in-pwpolicy-plugin.patch Description: application/mbox ___ Freeipa-devel mailing list

[Freeipa-devel] [PATCH] Don't escape DN characters between quotes in attribute values.

2010-03-16 Thread Pavel Zuna
This makes it possible to create DNs as required by some class of service plugins, where the DN actually contains another DN in quotes. Pavel 0002-Don-t-escape-DN-characters-between-quotes-in-attribu.patch Description: application/mbox ___

[Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts.

2010-03-16 Thread Pavel Zuna
This is the first in a series of patches, that replace all the legacy code from v1 related to LDAP. I did some limited testing of the installer after this patch and nothing seems to break, but I didn't do replicas etc... Pavel 0006-Use-ldap2-instead-of-legacy-LDAP-code-from-v1-in-ins.patch

Re: [Freeipa-devel] [PATCH] 404 ensure priority is unique

2010-03-19 Thread Pavel Zuna
Jason Gerard DeRose wrote: On Fri, 2010-03-12 at 18:01 -0500, Rob Crittenden wrote: Ensure that the group policy priority is unique. We use CoS to determine the order in which group policy is applied. The behavior in CoS is undefined for multiple entries with the same cospriority. This

[Freeipa-devel] [PATCH] Add new pwpolicy plugin based on baseldap classes.

2010-03-19 Thread Pavel Zuna
Last week, I spent a good amount of time investigating about the way we build/normalize DNs. Most issues, that came up recently originated in the password policy plugin as it needed specially crafted DNs for class of service (CoS) entries. As I was playing around with it, I decided to rewrite

Re: [Freeipa-devel] [PATCH] Add new pwpolicy plugin based on baseldap classes.

2010-03-19 Thread Pavel Zuna
Pavel Zuna wrote: Last week, I spent a good amount of time investigating about the way we build/normalize DNs. Most issues, that came up recently originated in the password policy plugin as it needed specially crafted DNs for class of service (CoS) entries. As I was playing around with it, I

Re: [Freeipa-devel] [PATCH] Add new pwpolicy plugin based on baseldap classes.

2010-03-23 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: Last week, I spent a good amount of time investigating about the way we build/normalize DNs. Most issues, that came up recently originated in the password policy plugin as it needed specially crafted DNs for class of service (CoS) entries. As I

Re: [Freeipa-devel] [PATCH] Don't escape DN characters between quotes in attribute values.

2010-03-23 Thread Pavel Zuna
Rob Crittenden wrote: Pavel Zuna wrote: This makes it possible to create DNs as required by some class of service plugins, where the DN actually contains another DN in quotes. Pavel I guess we should skip this patch or do the reverse if we're not going to support quoted dns. Agreed

[Freeipa-devel] [PATCH] Use escapes in DNs instead of quoting.

2010-03-26 Thread Pavel Zuna
This patch effectively removes all LDAPv2 style quoted DNs and makes sure we don't use them anymore. KDC doesn't seem to have any problems with LDAPv3 style DNs, but I kept the option to disable DN normalization for now. I also had to add a new dollar variable for LDIF files:

[Freeipa-devel] [PATCH] Add ipa man page.

2010-03-29 Thread Pavel Zuna
Oops, forgot to post the patch. Sorry and thanks to Rob for reminding me. :) The man page is installed/uninstalled automatically with IPA. It's under 1 (User commands). I also attached the man page separately for more convenient reviews. Use `man ./ipa.1.gz` to view it. By the way, I'm not

Re: [Freeipa-devel] super of crud.Delete

2010-03-29 Thread Pavel Zuna
On 03/26/2010 10:57 PM, Rob Crittenden wrote: I was poking around at the base classes today and I'm wondering if we need to change the parent of crud.Delete(). The use case is host-del. We store the short and the fqdn name of hosts. I think that for deleting we want enforce using the fqdn to be

[Freeipa-devel] [PATCH] Fix http(s)_request in dogtag. Was blowing up because of unicode strings.

2010-03-30 Thread Pavel Zuna
Fixed while fixing my ldap2 for installer patch. :) Pavel 0001-Fix-http-s-_request-in-dogtag.-Was-blowing-up-becaus.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts.

2010-03-30 Thread Pavel Zuna
On 03/23/2010 09:40 PM, Rob Crittenden wrote: Pavel Zuna wrote: This is the first in a series of patches, that replace all the legacy code from v1 related to LDAP. I did some limited testing of the installer after this patch and nothing seems to break, but I didn't do replicas etc... Pavel

Re: [Freeipa-devel] [PATCH] Add ipa man page.

2010-04-06 Thread Pavel Zuna
On 03/31/2010 10:17 PM, Rob Crittenden wrote: Pavel Zuna wrote: Oops, forgot to post the patch. Sorry and thanks to Rob for reminding me. :) The man page is installed/uninstalled automatically with IPA. It's under 1 (User commands). I also attached the man page separately for more convenient

Re: [Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts.

2010-04-12 Thread Pavel Zuna
On 03/30/2010 10:27 PM, Rob Crittenden wrote: Pavel Zuna wrote: On 03/23/2010 09:40 PM, Rob Crittenden wrote: Pavel Zuna wrote: This is the first in a series of patches, that replace all the legacy code from v1 related to LDAP. I did some limited testing of the installer after this patch

Re: [Freeipa-devel] [PATCH] Use escapes in DNs instead of quoting.

2010-04-19 Thread Pavel Zuna
On 04/16/2010 10:25 PM, Rob Crittenden wrote: Pavel Zůna wrote: On 4/16/2010 5:09 PM, Rob Crittenden wrote: Pavel Zuna wrote: This patch effectively removes all LDAPv2 style quoted DNs and makes sure we don't use them anymore. KDC doesn't seem to have any problems with LDAPv3 style DNs

Re: [Freeipa-devel] [PATCH] 414 MITM compatibility fixes for dogtag

2010-04-19 Thread Pavel Zuna
On 03/30/2010 09:46 PM, Rob Crittenden wrote: dogtag has its final nss MITM fixes committed into 1.3.3. This patch reverses the previous fixes we used, they are no longer needed. We just need to configure an additional port (that we don't use ourselves). This also changes the mechanism we use

Re: [Freeipa-devel] [PATCH] Add file with example plugins/tutorial.

2010-04-27 Thread Pavel Zuna
On 04/22/2010 08:04 PM, Rob Crittenden wrote: Pavel Zůna wrote: Note that this is still work in progress and will be finished in another patch. Specifically, it currently doesn't cover baseldap.py classes. Pavel The content of this is fine and it's a great start, but do we want to put this

  1   2   3   >