-signed CA awareness so I'm not sure how I'm going to tackle
that yet but I suspect that I'll simply make it the default if no CA is
found (along with a log entry saying so).
rob
From 7c97c6c1e5201c9fc483d4713d5e21c0e2ca0201 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rc...@thor.greyoak.com
Date
Simo Sorce wrote:
On Wed, 2009-07-01 at 15:52 -0400, Rob Crittenden wrote:
Fedora 11 replaced a SELinux macro which was causing the build to fail.
Dan Walsh provided a patch to fix it and this patch integrates it into
the tree. I've added a conditional so that the same policy file should
A new way to identify the CAs to trust when importing a PKCS#12 file
(like during replica installation). We used to use certutil -O but
Fedora 11 changed certutil so it doesn't show untrusted CAs (the whole
point of running the command).
Instead parse the output of pk12util -l to find the
Martin Nagy wrote:
On Wed, 29 Jul 2009 10:12:51 -0400, Rob Crittenden
rcrit...@redhat.com wrote:
The 1.2 LDAP module was throwing a deprecation warning for using
popen2 and pychecker found a slew of other issues as well.
This patch removes a bunch of unused imports, renames some variables
Pavel Zůna wrote:
No more tracebacks when an INT parameter is beyond the type limit.
Fix bug: 5107333
There will probably be more patches similar to this one in the future.
TYPE_ERROR is used in a several places where a better suited exception
is available.
ack
smime.p7s
Description:
Pavel Zuna wrote:
The option in question is '--raw'.
In the future all plugins (extending classes in baseldap) will have 2
types of output - one human-readable and one raw (as stored in LDAP).
It's going to look something like this:
# ./ipa user-show pzuna --all
--
user-show:
This patch configures the CA to publish CRLs and makes that directory
available via Apache so one can retrieve them. The URI will be /ipa/crl/
I made that directory indexable so one can pull delta CRLs or older ones
if desired. There is always a symbolic link to the latest named
This enables ldapi in the kerberos backend.
rob
freeipa-258-ldapi.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Loris Santamaria wrote:
El jue, 27-08-2009 a las 21:31 -0400, Rob Crittenden escribió:
Loris Santamaria wrote:
El mié, 26-08-2009 a las 14:13 -0400, Rob Crittenden escribió:
This enables an ldapi listening socket in the LDAP server and configures
the management framework to use it instead
Pavel Zuna wrote:
Fixes bug 519481.
Pavel
ack, pushed to master
rob
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Add an option so we can generate a new cert for a CA. This is so we can
ultimately fix the missing CA basic constraint but it will also allow
the CA to be renewed.
This also fixes a small bug when generating the CA basic constraint. It
wasn't getting set as Critical because somehow I had it
distribution since it only applies to existing installs. I'd appreciate
any thoughts on that as well.
rob
#! /usr/bin/python -E
# Authors: Rob Crittenden rcrit...@redhat.com
#
# Copyright (C) 2009 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can
The ldapi code I committed yesterday didn't work with SELinux enabled.
This patch addresses that.
On Python 2.5+ systems the mgmt framework didn't work with SELinux
enabled because of the ctypes module. It does all sorts of crazy stuff
which makes SELinux absolutely freak out (it tries to
Jason Gerard DeRose wrote:
Attached is an updated to this patch that now correctly applies.
ack
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
For IPA 1-2
Have our spec file own the Apache configuration files we create.
rob
freeipa-264-spec.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Simo Sorce wrote:
On Wed, 2009-09-02 at 18:03 -0400, Rob Crittenden wrote:
We have an upgrade script that runs in rpm %post to see if an
existing
installation needs to be updated. This sometimes printed spurious
error
messages that were confusing. This patch attempts to tighten things up
Simo Sorce wrote:
On Wed, 2009-09-02 at 18:04 -0400, Rob Crittenden wrote:
For IPA 1-2
Have our spec file own the Apache configuration files we create.
ACK
Simo.
pushed to ipa-1-2
smime.p7s
Description: S/MIME Cryptographic Signature
Pavel Zůna wrote:
- remove obsolete code related to PluginProxy
- remove parent_key attribute, for the purpose of nested objects the
parent's primary key is retrieved automatically
- added support for auto-generating UUIDs
- make use of the improved attribute printing in CLI
!!! depends on
Rob Crittenden wrote:
Pavel Zůna wrote:
0007: Add support for different automount maps per location.
This patch enabled us to have a different set of automount maps per
location and to manage those locations via command plugins.
To add a new location:
ipa automountlocation-add Brno
To add
Martin Nagy wrote:
Rob Crittenden wrote:
Ensure that dnaMaxValue is higher than dnaNextValue at install time. If
you don't specify a specific uid/gid start value then a random one gets
set. We need to be sure that the max value is more than this.
I picked a 10 range to ensure
Simo Sorce wrote:
On Fri, 2009-08-28 at 13:12 -0400, Rob Crittenden wrote:
The management framework wasn't working with SELinux over ldapi
because
it lacked permission to access the unix socket. This patch grants
permission.
The patch itself looks good anyway, so it's an ACK for me.
Simo
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zůna wrote:
I thought that it might be a good idea to automatically generate the
auto.master map for new locations.
It depends on my previous automount patch.
Pavel
Question: do we need a method to return all maps? Jason might need
Remove comment about plugin naming conventions. We've dumped this
convention.
rob
freeipa-266-deprecated.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Fix the virtual access plugin to work with the new backend. Also do a
more explicit objectviolation catch. We will switch this to use GER when
that is completed.
rob
freeipa-267-virtual.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
I've needed to set verbose to True in the rpc client and every time I
have to do this I hunt around trying to figure out where to put it. This
will make it easier to find next time :-)
rob
freeipa-268-rpc.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic
Pavel Zuna wrote:
Fixed.
Pavel Zuna wrote:
Dmitri Pal wrote:
Pavel, Rob,
What do the CLI utils do when someone uses --help parameter?
Is there a consistent behavior about this?
Ack, pushed to master
smime.p7s
Description: S/MIME Cryptographic Signature
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zůna wrote:
Fixes some minor things in baseldap. It also add the --all options
(to display all attribute) to LDAPUpdate.
Pavel
Why are you not returning failed anymore with post_callback?
Because that was a mistake, I meant to return dn
In the service plugin we will attempt to revoke a server cert when a
service is deleted. Add some error handling around that effort.
This fixes the self-tests.
rob
freeipa-271-service.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
IPA v1.2.2 has been released into the Fedora updates-testing repository
(not quite pushed to all the mirrors yet). I'm putting it into testing
so we can get some feedback on it before pushing it out to the masses.
It primarily addresses the following bugs:
* Fix group deletion in the web UI.
Pavel Zůna wrote:
This is a series of patches that depends on patches:
- Improve attribute printing in the CLI.
- Improve ipalib.plugins.baseldap classes.
All plugins are converted to extend baseldap classes. This makes things
more consistent, fixes some general bugs (with return values for
Pavel Zůna wrote:
Rob Crittenden wrote:
Remove comment about plugin naming conventions. We've dumped this
convention.
rob
ack
Pavel
pushed to master
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Pavel Zůna wrote:
Rob Crittenden wrote:
Fix the virtual access plugin to work with the new backend. Also do a
more explicit objectviolation catch. We will switch this to use GER
when that is completed.
rob
ack
Pavel
Pushed to master
smime.p7s
Description: S/MIME Cryptographic
Pavel Zůna wrote:
Rob Crittenden wrote:
I've needed to set verbose to True in the rpc client and every time I
have to do this I hunt around trying to figure out where to put it.
This will make it easier to find next time :-)
rob
ack
Pavel
Push to master
smime.p7s
Description: S/MIME
Pavel Zuna wrote:
Rob Crittenden wrote:
The RA plugin originally only supported dogtag. At some point I want
to be able to do on-line replica creation and this means we need to be
able to do remote cert requests. To support this I've abstracted the
RA plugin and added basic self-signed CA
Pavel Zuna wrote:
Rob Crittenden wrote:
In the service plugin we will attempt to revoke a server cert when a
service is deleted. Add some error handling around that effort.
This fixes the self-tests.
rob
nack.
Your 269 external CA signing, abstract RA already handles them inside
The FreeIPA Project (http://freeipa.org) is proud to present FreeIPA
version 1.22.
FreeIPA is an integrated security information management solution
combining Linux (Fedora), Fedora Directory Server, MIT Kerberos and NTP.
FreeIPA binds together a number of technologies and adds a web interface
Rob Crittenden wrote:
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zůna wrote:
This is a series of patches that depends on patches:
- Improve attribute printing in the CLI.
- Improve ipalib.plugins.baseldap classes.
All plugins are converted to extend baseldap classes. This makes
things
Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2009-09-02 at 18:03 -0400, Rob Crittenden wrote:
We have an upgrade script that runs in rpm %post to see if an
existing installation needs to be updated. This sometimes printed
spurious
error messages that were confusing. This patch attempts
This warning was logged in the Apache error log:
/usr/lib/python2.6/site-packages/mod_python/importer.py:32:
DeprecationWarning: the md5 module is deprecated; use hashlib instead
Try to import hashlib for md5 and if it fails, fall back to the
deprecated version. Tested on Python 2.4 and 2.6.
I goofed on the paths in the original patch I sent on this a while back.
This corrects it.
I know it looks like we're creating 0-length files here but with the
%ghost directive it won't create the files, just own them.
rob
freeipa-277-spec.patch
Description: application/mbox
smime.p7s
Martin Nagy wrote:
On Wed, 2009-09-16 at 13:05 -0400, Rob Crittenden wrote:
I goofed on the paths in the original patch I sent on this a while back.
This corrects it.
I know it looks like we're creating 0-length files here but with the
%ghost directive it won't create the files, just own
Simo Sorce wrote:
On Thu, 2009-09-17 at 09:06 -0400, Rob Crittenden wrote:
Martin Nagy wrote:
On Wed, 2009-09-16 at 13:05 -0400, Rob Crittenden wrote:
I goofed on the paths in the original patch I sent on this a while back.
This corrects it.
I know it looks like we're creating 0-length
Two patches crossed in the night, both added a call to initialize the
API. There can be only one.
Also need to make the ldap2 plugin more flexible and not require the
schema to be loaded at startup so we can initialize the API before IPA
has been installed.
Addresses bug 525303.
rob
The aci plugin didn't quite work with the new ldap2 backend, fix that.
We already walk through the target part of the ACI syntax so skip that
in the regex altogether. This now lets us handle all current ACIs in IPA
(some used to be ignored/skipped)
Add support for user groups so one can do
Rob Crittenden wrote:
The aci plugin didn't quite work with the new ldap2 backend, fix that.
We already walk through the target part of the ACI syntax so skip that
in the regex altogether. This now lets us handle all current ACIs in IPA
(some used to be ignored/skipped)
Add support for user
This gives the updater the ability to delete entries and adds some unit
test cases.
rob
freeipa-272-updater.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Pavel Zuna wrote:
Pavel Zuna wrote:
Pavel Zůna wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zůna wrote:
This is a series of patches that depends on patches:
- Improve attribute printing in the CLI.
- Improve ipalib.plugins.baseldap
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel, I pushed a slew of your patches today but there were so many
patches flying around that e-mail thread I may have missed something
(and the tests patch doesn't apply).
Can you check your patches to make sure I've applied everything?
git has
I ran ipa-join on some not properly-configured clients and found a bunch
of corner cases that are fixed here. This improves debugging and
standard output considerably.
rob
freeipa-287-join.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
Pavel Zuna wrote:
Fixes bug #527537: https://bugzilla.redhat.com/show_bug.cgi?id=527537
Pavel
ack, pushed to master
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
The method was returning tuples instead of strings in both plugins
causing a mess in other plugins, when displaying netgroup/HBAC
information.
Pavel
Assuming that the primary key doesn't exist, what meaning does
returning '' have
It appears I missed a couple of ACI's when we changed the DN format of
hosts.
rob
freeipa-289-aci.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
John Dennis wrote:
On 10/08/2009 05:11 PM, Rob Crittenden wrote:
I missed this file when I did the last CA patch :-(
This sets the cert_t context on some files needed for the selfsign
plugin to work. It needs to let httpd write the serial number file and
open the NSS database.
Thanks Rob
Jenny Galipeau wrote:
John Dennis wrote:
On 10/08/2009 05:22 PM, Rob Crittenden wrote:
John Dennis wrote:
Thanks Rob. BTW, I was going to add a try/except block around that
code in selfsign and return a non-zero status if it fails. Do we have
predefined status codes I should be using?
I'm
Martin Nagy wrote:
Hi Rob,
On Wed, 2009-10-07 at 10:57 -0400, Rob Crittenden wrote:
Installing a CA that is signed by another CA is a 2-step process. The
first step is to generate a CSR for the CA and the second step is to
install the certificate issued by the external CA. To avoid asking
Martin Nagy wrote:
On Thu, 2009-10-08 at 11:11 -0400, Rob Crittenden wrote:
Add a man page for the new ipa-join command.
rob
+ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-w\fR
bulk bind password ] [ \fB\-d\fR ] [ \fB\-q\fR ]
Can you use something like bulk-bind
Martin Nagy wrote:
On Fri, 2009-10-09 at 17:29 -0400, Rob Crittenden wrote:
Use the DS memberof plugin instead of the one contained in the IPA
source. I'm not removing that source yet, simply not building or
configuring it.
rob
Looks good to me. Ack.
Martin
pushed to master
smime.p7s
Use getfqdn() instead of the gethostname(). self.ca_host could end up as
the same value as self.host and if this isn't fully-qualified then SSL
client requests won't work (we query the CA over SSL).
rob
freeipa-293-fqdn.patch
Description: application/mbox
smime.p7s
Description: S/MIME
One of the last steps of an install is to run through any updates. This
change adds a sleep() prior to calling tasks to ensure postop writes are
done
We were seeing a rare deadlock of DS when creating the memberOf task
because one thread was adding memberOf in a postop while another was
This adds a few new targets to the top-level Makefile, most notably
client and client-rpms. Using this you can more easily build just the
client pieces of IPA.
rob
freeipa-295-client.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
John Dennis wrote:
Is there a reason why the run command (ipapython.ipautil.run()) does not
log what command it's running? It logs the stdout and stderr output of
the command (but without indicating what the log output is, so a lot of
time it just shows up as a blank line if there was no
Dmitri Pal wrote:
Jason Gerard DeRose wrote:
Okay, finally here is the revised webui patch. Since the last version,
I:
* Ported to various API changed between wehjit 0.0.1 and 0.1.0
* Removed the session.py stuff, which will be in a separate patch
* Added the plugin browser to help
John Dennis wrote:
On 10/13/2009 02:25 PM, Rob Crittenden wrote:
John Dennis wrote:
Is there a reason why the run command (ipapython.ipautil.run()) does
not log what command it's running? It logs the stdout and stderr
output of the command (but without indicating what the log output is,
so
Jason Gerard DeRose wrote:
Okay, finally here is the revised webui patch. Since the last version,
I:
* Ported to various API changed between wehjit 0.0.1 and 0.1.0
* Removed the session.py stuff, which will be in a separate patch
* Added the plugin browser to help developers inspect the
The HEAD branch of upstream of 389-DS has lots new schema stuff. We have
to work around some incompatibilities with the DNS schema in
05rfc2247.ldif but this isn't required in the HEAD, so don't fail if we
can't replace this file. It isn't needed in newer versions of DS.
rob
Jason Gerard DeRose wrote:
It's very helpful if the plugin browser shows the parent class (or
classes) that a plugin subclasses from. This small patch adds this
feature.
ack
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel
Pavel Zuna wrote:
Rob Crittenden wrote:
One of the last steps of an install is to run through any updates.
This change adds a sleep() prior to calling tasks to ensure postop
writes are done
We were seeing a rare deadlock of DS when creating the memberOf task
because one thread was adding
I goofed and didn't replace my test domain with a template string for
some virtual operations.
rob
freeipa-297-template.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Add 2 new Get Effective Rights helpers for adding and deleting entries.
These will be useful in the UI for determining what things a user can do.
rob
freeipa-298-ger.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
David O'Brien wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
Rob Crittenden wrote:
You had to pass --ca when uninstalling if you wanted the CA
uninstalled. This was nuts, auto-detect it.
rob
ack.
Pavel
pushed rebased patch to master
rob
do you mean when uninstalling ipa-server you
John Dennis wrote:
On 10/22/2009 10:45 AM, Jason Gerard DeRose wrote:
So I've been thinking about this as I've been doing the UI
tuning (extending meta-data and making the engine smarter). I agree
with John that we need to describe the return values programatically.
We can also kill two birds
Remove a bunch of unused imports, add some docstrings, etc.
rob
freeipa-302-cleanup.patch
Description: application/mbox
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Pavel Zůna wrote:
When a multi-value attribute had no values, and exception was generated
while trying to word-wrap it.
Pavel
ack, pushed to master
rob
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Pavel Zůna wrote:
It's not used anymore.
Pavel
ack, pushed to master
rob
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I've got all the pieces together to create a host principal and keytab
when a machine joins an IPA realm and am thinking about how I'm going to
tie it altogether.
My plan revolves around enhancing ipa-client-install to call ipa-join
and ipa-rmkeytab (for uninstall). The question then becomes,
Simo Sorce wrote:
On Mon, 2009-11-09 at 11:27 -0500, Rob Crittenden wrote:
I've got all the pieces together to create a host principal and keytab
when a machine joins an IPA realm and am thinking about how I'm going to
tie it altogether.
My plan revolves around enhancing ipa-client-install
Jason Gerard DeRose wrote:
Oops, was this missing the attachment? ;)
Bah, here it is.
rob
On Wed, 2009-11-04 at 16:04 -0500, Rob Crittenden wrote:
This adds 2 new parameters, --setattr and --addattr and lets you manage
whatever attribute you want (within the given set of objectclasses
Pavel Zuna wrote:
And here's the actual patch. :)
Pavel Zuna wrote:
This should fix the issue:
Rob Crittenden wrote:
Michael Gregg wrote:
Rob, did the support for posix groups change?
If I create a group specifying --posix the cli does create the group.
Then, using ipa group-find, I do
Pavel Zuna wrote:
Only pwpolicy test is still broken - I'm looking into it.
Pavel
This brings up the return values question again. I thought we had
decided that any attribute that had only one value would be returned as
a scalar. In this case userCertificate is being returned as a list
Jason Gerard DeRose wrote:
On Wed, 2009-11-11 at 11:41 -0500, Rob Crittenden wrote:
Rob Crittenden wrote:
There are probably occasions where a caller will want more control over
what happens when running a command fails. I've added an optional
argument to run where it will not raise
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
Only pwpolicy test is still broken - I'm looking into it.
Pavel
This brings up the return values question again. I thought we had
decided that any attribute that had only one value would be returned
as a scalar. In this case
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
And here's the actual patch. :)
Pavel Zuna wrote:
This should fix the issue:
Rob Crittenden wrote:
Michael Gregg wrote:
Rob, did the support for posix groups change?
If I create a group specifying --posix the cli does create
Martin Nagy wrote:
Rob Crittenden wrote:
Martin Nagy wrote:
Hi Rob,
On Wed, 2009-10-07 at 10:57 -0400, Rob Crittenden wrote:
Installing a CA that is signed by another CA is a 2-step process. The
first step is to generate a CSR for the CA and the second step is to
install the certificate
Pavel Zůna wrote:
Previously we only filtered None values, but it turns out that's not
enough. For example, empty lists/tuples generate ProtocolErrors.
Pavel
ack, pushed to master
smime.p7s
Description: S/MIME Cryptographic Signature
___
Pavel Zuna wrote:
Rob Crittenden wrote:
The user plugin is crapping out on line 317 of ldap2.py because attr
is coming back None. The attribute it is looking for is member.
I think the fix involves setting member_attributes = ['member'] to the
user plugin.
I wonder if we need to make
Pavel Zuna wrote:
We don't need it there and rolegroups/taskgroup created on installation
don't have it, so they didn't show up in *-find output before this patch.
Pavel
ack, pushed to master
smime.p7s
Description: S/MIME Cryptographic Signature
Pavel Zuna wrote:
Re-post from ipa-and-samba-team-list.
This patch makes DS generate new Kerberos keys for eligible users upon a
successful simple bind. We need this for password migration.
Pavel
Some minor points:
- The comment block of ipa_pwd_pre_bind() doesn't match the code: it
Add some tips for getting more help from ipa command.
% ipa --help
Usage: ipa [options]
Options:
-h, --helpshow this help message and exit
-e KEY=VALSet environment variable KEY to VAL
-c FILE Load configuration from FILE
-d, --debug Produce full debuging
The output of ipa-server-install pointed to the old location of the
self-signed database, the 389-DS instance. It is now stored in the
Apache NSS database.
Also set a db password on the 389-DS NSS database. It was using a blank
password.
rob
freeipa-317-ca.patch
Description:
Jason Gerard DeRose wrote:
On Wed, 2009-11-11 at 11:39 -0500, Rob Crittenden wrote:
This patch integrates ipa-join and ipa-rmkeytab into the client
installer. This will join a machine to the IPA realm and fetch a host
principal for /etc/krb5.keytab.
On uninstall all principals for the realm
John Dennis wrote:
The correct exception is the built-in NotImplemented exception
---
From: John Dennis jden...@redhat.com
Subject: [PATCH] Fix raising nonexistent errros.NotImplemented
0 files changed, 0 insertions(+), 0 deletions(-)
diff --git a/ipaserver/plugins/rabase.py
John Dennis wrote:
This modifies the original patch by including a unit test, handling floats
when passed as unicode, and handling large magnitude values beyond maxint.
The INT parameter class was not respecting any radix prefix (e.g. 0x) the user
may have supplied. This patch implements
In ipa-client-install we do the ipa-join before creating any of the
configuration files. I added a -s option to ipa-join to specify the IPA
server since it won't be defined in /etc/ipa/default.conf yet.
I discovered to my chagrin that previous testing of this worked because
Jason Gerard DeRose wrote:
On Wed, 2009-11-25 at 12:05 -0500, Rob Crittenden wrote:
This is purely from reading the patch, I haven't applied and tested it yet.
ipalib/output.py:
+primary_key = Output('primary_key', unicode,
+'The primary key of the deleted entry'
+)
This isn't only
Pavel Zuna wrote:
Jason Gerard DeRose wrote:
On Thu, 2009-11-19 at 15:57 +0100, Pavel Zuna wrote:
Full docstring is shown on `ipa help COMMAND`
Pavel
nack. There is already a Plugin.summary attribute containing the first
line of the docstring. See ipalib/plugable.py line 170.
Ok, I
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
Due to the format of accessTime (it has commas and spaces in it), we
can't use the List parameter type. I made it so that accessTime
values have to be entered one by one using new commands.
We also agreed, that we're going to rename
Pavel Zuna wrote:
It was behaving just like Flag except it didn't have autofill=True by
default, so it was impossible to set it to False from the CLI. I also
made it ignore case (so 'FalSE' and 'tRue' are accepted).
Pavel
ack, pushed to master
Martin Nagy wrote:
On Mon, 2009-11-30 at 10:49 +0100, Pavel Zuna wrote:
Sometimes they worked fine and sometimes DS rejected them as invalid. Now they
should always work.
Pavel
Tested and ack.
Martin
pushed to master
___
Freeipa-devel mailing
Rob Crittenden wrote:
Jason Gerard DeRose wrote:
On Wed, 2009-11-11 at 11:41 -0500, Rob Crittenden wrote:
Rob Crittenden wrote:
There are probably occasions where a caller will want more control
over what happens when running a command fails. I've added an
optional argument to run where
This improves the LDAP exception handling in the client. The existing
code spit out a slew of deprecation errors because of the use of the
message attribute.
rob
freeipa-321-client.patch
Description: application/mbox
___
Freeipa-devel mailing list
1 - 100 of 3315 matches
Mail list logo