Re: [Freeipa-devel] [PATCHES] c-ares integration

2009-07-22 Thread Simo Sorce
On Wed, 2009-07-22 at 20:09 +0200, Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All three patches with corrections are attached. Some comments inline. Patches look good to me, ack to all three. Simo. ___ Freeipa-devel mailing

Re: [Freeipa-devel] [PATCH] Fix race condition leading to segfaults

2009-07-24 Thread Simo Sorce
On Fri, 2009-07-24 at 15:52 +0200, Sumit Bose wrote: After a discussion on irc Simo and I came to the conclusion that the conditional code in DEBUG would prevent gcc from optimizing away the check. ACK pushed. Simo. -- Simo Sorce * Red Hat, Inc * New York

[Freeipa-devel] New List: sssd development moves

2009-08-05 Thread Simo Sorce
Hello Freeipa and sssd developers and followers, we've decided to move sssd development to its own mailing list so that freeipa proper development and sssd are not intermixed. sssd is not simply a component of Freeipa although it will be a key piece of the client functionality, sssd works on its

Re: [Freeipa-devel] [PATCH] 255 publish CRLs

2009-08-24 Thread Simo Sorce
. There is always a symbolic link to the latest named MasterCRL.bin. I had to add some SELinux permissions to let Apache read these files. ack, awesome and so simple. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 257 Enable ldapi in the management framework

2009-08-26 Thread Simo Sorce
to TCP/IP sockets. Ah thanks for this, nice to see we finally get to use ldapi. ACK! Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 257 Enable ldapi in the management framework

2009-08-26 Thread Simo Sorce
On Thu, 2009-08-27 at 00:41 -0400, Simo Sorce wrote: On Wed, 2009-08-26 at 14:13 -0400, Rob Crittenden wrote: This enables an ldapi listening socket in the LDAP server and configures the management framework to use it instead of ldap://localhost:389/ To disable this remove

Re: [Freeipa-devel] [PATCH] 260 allow a CA to be regenerated

2009-08-28 Thread Simo Sorce
. It wasn't getting set as Critical because somehow I had it sending a 7 instead of a y :-( Ack. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-devel] contribution policy update, what's next

2009-09-01 Thread Simo Sorce
On Mon, 2009-08-31 at 18:50 -0600, Rich Megginson wrote: Simo Sorce wrote: On Mon, 2009-08-31 at 13:23 -0700, Karsten Wade wrote: Richard looked at the license-specific version, made some suggestions, then asked if there is a reason for being GPLv2 only as a project and codebase

Re: [Freeipa-devel] [PATCH] Start bind only after restarting kdc and dirsrv

2009-09-02 Thread Simo Sorce
On Wed, 2009-09-02 at 02:37 +0200, Martin Nagy wrote: BIND starting before we apply LDAP updates and restart kdc and directory server causes trouble. We resolve this for now by postponing BIND start to the end of installation. Ack, Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] 259 Fix selinux issue with ldapi

2009-09-10 Thread Simo Sorce
. The patch was attached :-) One question comes to mind though, you are giving access to any socket labeled initrc_t (if my selinux policy reading skills are good enough, which may not be). Shouldn't we discuss with the DS team to have a more specific label for this socket ? Simo. -- Simo Sorce

Re: [Freeipa-devel] [PATCH] 259 Fix selinux issue with ldapi

2009-09-10 Thread Simo Sorce
On Fri, 2009-08-28 at 13:12 -0400, Rob Crittenden wrote: The management framework wasn't working with SELinux over ldapi because it lacked permission to access the unix socket. This patch grants permission. The patch itself looks good anyway, so it's an ACK for me. Simo. -- Simo Sorce

Re: [Freeipa-devel] [PATCH] 261 Many SELinux fixes

2009-09-10 Thread Simo Sorce
On Fri, 2009-08-28 at 18:06 -0400, Rob Crittenden wrote: The ldapi code I committed yesterday didn't work with SELinux enabled. This patch addresses that. ACK, although the same question as for the other patch wrt initrd_t context for the socket remains. Simo. -- Simo Sorce * Red Hat, Inc

Re: [Freeipa-devel] [PATCH] 259 Fix selinux issue with ldapi

2009-09-10 Thread Simo Sorce
On Thu, 2009-09-10 at 08:16 -0700, Nathan Kinder wrote: On 09/10/2009 07:40 AM, Jenny Galipeau wrote: Simo Sorce wrote: On Thu, 2009-09-10 at 10:20 -0400, Rob Crittenden wrote: Rob Crittenden wrote: The management framework wasn't working with SELinux over ldapi because it lacked

Re: [Freeipa-devel] [PATCH] 277 properly own Apache config files

2009-09-17 Thread Simo Sorce
-http.conf ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 296 work with newer schema layout of 389-DS

2009-10-15 Thread Simo Sorce
. It isn't needed in newer versions of DS. Ack Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 294 sleep before doing a task

2009-10-15 Thread Simo Sorce
available and it gets the job done, so ack. So are we covering a DS bug here ? Or are we doing an asynchronous ldap request when we should do a synchronous one and wait for it to finish (I've fixed another place where we were doing that and racing against our own requests) ? Simo. -- Simo Sorce

Re: [Freeipa-devel] [PATCH] 294 sleep before doing a task

2009-10-15 Thread Simo Sorce
On Thu, 2009-10-15 at 08:15 -0700, Nathan Kinder wrote: On 10/15/2009 06:40 AM, Simo Sorce wrote: On Thu, 2009-10-15 at 15:28 +0200, Pavel Zuna wrote: Rob Crittenden wrote: One of the last steps of an install is to run through any updates. This change adds a sleep() prior

[Freeipa-devel] Re: [PATCH] Allow adding entries with pre-hashed passwords, but don't generate keys for them.

2009-10-19 Thread Simo Sorce
attributes) if present, right? Only KrbPrincipalKey I'd say. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Re: Certificate enrollment, principal names

2009-11-05 Thread Simo Sorce
IMO. Otherwise do we have any other part that checks that host foo.example.com is asking a certificate for itself and not for bar.example.com ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

Re: [Freeipa-devel] Re: Certificate enrollment, principal names

2009-11-05 Thread Simo Sorce
On Thu, 2009-11-05 at 11:28 -0800, Andrew Wnuk wrote: On 11/05/09 11:22, Simo Sorce wrote: On Thu, 2009-11-05 at 13:21 -0500, Rob Crittenden wrote: This is about right. What you're missing is storing the certificate in the service record. To do this we need to know what the target

Re: [Freeipa-devel] DNS schema

2009-11-05 Thread Simo Sorce
it is the right thing to do and will face all sorts of migration issues. Ideas? Unless it is a major amount of work we should use the proper syntax. Especially for standard schema. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list

Re: [Freeipa-devel] Thoughts on client configuration

2009-11-09 Thread Simo Sorce
not? Well, you're missing the host keytab for some reason... Yeah, I think we should avoid half configured machines. If someone has special needs he can script his own installation procedure the way he wants, IMO. Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] handle kdb stash being a keytab

2009-11-24 Thread Simo Sorce
On Tue, 2009-07-21 at 15:08 -0400, Simo Sorce wrote: On Mon, 2009-07-20 at 17:53 -0400, Nalin Dahyabhai wrote: In krb5 1.7 and later, the stash file (/var/kerberos/krb5kdc/.k5.$REALM on Fedora) is created in the regular keytab format instead of the older less-portable one. Based from

[Freeipa-devel] patch for freeipa on Fedora 12

2009-11-24 Thread Simo Sorce
going to make a new package for F-12 with this patch. Simo. -- Simo Sorce * Red Hat, Inc * New York diff -uPr freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py freeipa-1.2.2.new/ipa-server/ipaserver/krbinstance.py --- freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py 2009-09-09 15:41:27.0

Re: [Freeipa-devel] IPAv2, replica installation can be broken

2010-01-15 Thread Simo Sorce
to do an online replica install instead of going through the current file based replica. Can we revisit what keeps us from doing that ? With the addition of dogtag in 2.0 are certificates still a problem ? What else do we miss ? Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] 348, v1.2, explicitly pull schema attributes

2010-01-18 Thread Simo Sorce
at. rob Ack -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] more basic stuff for krbCanonicalName

2010-02-05 Thread Simo Sorce
(4679 bytes)] [0002-also-ensure-that-krbCanonicalName-is-unique.patch text/plain (1399 bytes)] ACK to both. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman

Re: [Freeipa-devel] JSON problems (the woes of binary data)

2010-02-26 Thread Simo Sorce
On Fri, 26 Feb 2010 15:59:53 -0500 John Dennis jden...@redhat.com wrote: My personal recommendation is we adopt the convention that certificates are always PEM encoded. +1 Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing

Re: [Freeipa-devel] commit policy for translations (.po files)

2010-02-26 Thread Simo Sorce
or not. +1 we do the same for sssd Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 423 better error messages for LDAP_OPERATION_ERRORs

2010-04-23 Thread Simo Sorce
manager -w password user.ldif adding new entry uid=tuser,cn=users,cn=accounts,dc=example,dc=com ldap_add: Operations error (1) additional info: no krbPrincipalName present in this entry Ack Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] 468 don't run through pre-bind code on enrollment

2010-06-11 Thread Simo Sorce
/ Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Fields currently available for the user object

2010-06-17 Thread Simo Sorce
be in rst format. More info on style and tools also available here: http://freeipa.org/page/Contribute#Development_Process Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com

Re: [Freeipa-devel] Writing to /var/cache/ipa/assets/

2010-06-18 Thread Simo Sorce
, and it wasn't for code in the main git repo, so no bug yet. As a general rule I don't like that apache gets to write to the file system, esp if that means changing code that different users use at the same time. It's a too big risk. Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] Communicating with FreeIPA via curl

2010-07-22 Thread Simo Sorce
. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!]

2010-09-08 Thread Simo Sorce
crafted email ... Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!]

2010-09-08 Thread Simo Sorce
On Wed, 08 Sep 2010 15:02:12 -0400 Dmitri Pal d...@redhat.com wrote: Simo Sorce wrote: On Tue, 07 Sep 2010 14:45:49 +0200 Pavel Zuna pz...@redhat.com wrote: Enough text. Waiting for comments. :) I have one question. Have you made any consideration wrt security

Re: [Freeipa-devel] Proposed Javascript coding standards

2010-09-13 Thread Simo Sorce
to me. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Proposed Javascript coding standards

2010-09-13 Thread Simo Sorce
:) Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] split password extop plugin in multiple files

2010-10-01 Thread Simo Sorce
On Fri, 1 Oct 2010 10:40:34 -0400 Simo Sorce sso...@redhat.com wrote: On Wed, 29 Sep 2010 18:00:15 -0400 Simo Sorce sso...@redhat.com wrote: I was looking into a few bugs to fix in the plugin and realized it was so big an messy that it would greatly help readbility if we splitted

[Freeipa-devel] [PATCH] Fix 14 char limit with NT hash

2010-10-04 Thread Simo Sorce
This patch fixes bz#475051/trac#223 Simo. -- Simo Sorce * Red Hat, Inc * New York From fdf2092618c68065b3880f9f01567c94e36ae57d Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Fri, 1 Oct 2010 12:13:43 -0400 Subject: [PATCH 1/6] pwd-plugin: Remove 14 chars limitation from

[Freeipa-devel] [PATCH] Cosmetic fixes

2010-10-04 Thread Simo Sorce
Cosmetic changes to fix code style and LDAP attribute descriptions. -- Simo Sorce * Red Hat, Inc * New York From d89e2d07e7b306b95cafb27e9cf355fa3835d1cc Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Fri, 1 Oct 2010 12:29:05 -0400 Subject: [PATCH 2/6] pwd-plugin: format

[Freeipa-devel] [PATCH] Improve NTLM hash generation configuration

2010-10-04 Thread Simo Sorce
Long overdue, fix TODOs in the code. With this patch it is now possible to configure the password plugin so that only certain types of NTLM hashes are created for Samba objects. Simo. -- Simo Sorce * Red Hat, Inc * New York From 77b22920bb962c46712c31ac1d66b757b02c7c5a Mon Sep 17 00:00:00 2001

[Freeipa-devel] [PATCH] more style fixes

2010-10-04 Thread Simo Sorce
fix style in some more code. purely cosmetic again. Simo. -- Simo Sorce * Red Hat, Inc * New York From faeb3b4677cefdd32ae05de8468a6456aef0761d Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Mon, 4 Oct 2010 15:17:55 -0400 Subject: [PATCH 6/6] Fix ipapwd_start() style Trun

[Freeipa-devel] [PATCH] Fix password history rotation

2010-10-04 Thread Simo Sorce
This patch properly roatets the password history so the oldest entry is pushed out when we reach the max entries limit. Fixes bz#527879/trac#256 Simo. -- Simo Sorce * Red Hat, Inc * New York From 176ee45d4acd31c6cbee8e70e56f66009515e354 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso

Re: [Freeipa-devel] [PATCH] Improve NTLM hash generation configuration

2010-10-05 Thread Simo Sorce
On Mon, 04 Oct 2010 22:40:25 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Long overdue, fix TODOs in the code. With this patch it is now possible to configure the password plugin so that only certain types of NTLM hashes are created for Samba objects. Simo

Re: [Freeipa-devel] [PATCH] Cosmetic fixes

2010-10-05 Thread Simo Sorce
On Mon, 04 Oct 2010 22:38:31 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Cosmetic changes to fix code style and LDAP attribute descriptions. ACK x2 pushed to master Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] more style fixes

2010-10-05 Thread Simo Sorce
On Tue, 05 Oct 2010 08:40:03 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: On Mon, 04 Oct 2010 22:42:02 -0400 Rob Crittendenrcrit...@redhat.com wrote: Simo Sorce wrote: fix style in some more code. purely cosmetic again. Simo. Shouldn't this contain

Re: [Freeipa-devel] [PATCH] Fix password history rotation

2010-10-05 Thread Simo Sorce
On Mon, 04 Oct 2010 23:02:18 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: This patch properly roatets the password history so the oldest entry is pushed out when we reach the max entries limit. Fixes bz#527879/trac#256 Simo. This was a little confusing

[Freeipa-devel] [PATCH] properly check for ldap headers

2010-10-05 Thread Simo Sorce
#464564/trac#221) Simo. -- Simo Sorce * Red Hat, Inc * New York From d6425215c92dba5af4dd108a492620b53c649702 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Tue, 5 Oct 2010 17:35:16 -0400 Subject: [PATCH] Always detect openldap and mozldap at the same time Slapi plugins must use

Re: [Freeipa-devel] [PATCH] set attribute when changing passwords

2010-10-07 Thread Simo Sorce
On Wed, 06 Oct 2010 16:56:31 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Set the sambaPwdLastSet when changing password for a user that has the sambaSamAccount objectclass, so that samba is kept in sync with the status of the user account wrt whether the user need

Re: [Freeipa-devel] [PATCH] fix uninstall with bind

2010-10-07 Thread Simo Sorce
On Wed, 06 Oct 2010 13:59:49 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: During uninstall we were asking useless questions about removing SRV and NS records from LDAP. An uninstall implies the LDAP repository will be wiped out anyway. Avoid asking these questions

Re: [Freeipa-devel] [PATCH] properly check for ldap headers

2010-10-07 Thread Simo Sorce
On Wed, 06 Oct 2010 16:56:21 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: We need to always use mozldap ldap headers for slapi plugins, untill 389 ds moves to openldap libs. But at the same time we want to move to openldap libs for anything else. Fix configure

Re: [Freeipa-devel] [PATCH] fix segfault in pwd plugin

2010-10-07 Thread Simo Sorce
On Thu, 07 Oct 2010 11:25:50 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: I thought I tested ipa-getkeytab but I was wrong as we do not use it during the install. Turns out my patch to split the pwd plugin in multiple files had still one error that showed up only

Re: [Freeipa-devel] [PATCH] Improve logging for pwd plugin

2010-10-07 Thread Simo Sorce
On Thu, 07 Oct 2010 11:01:01 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: This patch changes all the logging done through slapi_log_error() to go thorugh macros. It simplifies calling the log function and adds information in an automated way to help debugging in case

Re: [Freeipa-devel] [PATCH] 550 estimated install times

2010-10-07 Thread Simo Sorce
. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Initial gettext support for C tools

2010-10-11 Thread Simo Sorce
On Mon, 11 Oct 2010 14:18:11 -0400 John Dennis jden...@redhat.com wrote: On 10/11/2010 01:01 PM, Simo Sorce wrote: On Fri, 08 Oct 2010 10:26:18 -0400 Rob Crittendenrcrit...@redhat.com wrote: Simo Sorce wrote: This is some very basic initial localization work for the C tools. I

Re: [Freeipa-devel] [PATCH] Initial gettext support for C tools

2010-10-11 Thread Simo Sorce
On Mon, 11 Oct 2010 14:36:49 -0400 John Dennis jden...@redhat.com wrote: On 10/11/2010 02:18 PM, John Dennis wrote: On 10/11/2010 01:01 PM, Simo Sorce wrote: On Fri, 08 Oct 2010 10:26:18 -0400 Rob Crittendenrcrit...@redhat.com wrote: Simo Sorce wrote: This is some very basic

Re: [Freeipa-devel] [PATCH] Initial gettext support for C tools

2010-10-12 Thread Simo Sorce
On Tue, 12 Oct 2010 10:44:29 -0400 John Dennis jden...@redhat.com wrote: On 10/11/2010 06:43 PM, Simo Sorce wrote: Ok, I've filtered out a few other files/directories. I think the list now is correct, but whoever will end up reviewing this patchset *please* explicitly ack if you think

Re: [Freeipa-devel] [PATCH] Initial gettext support for C tools

2010-10-12 Thread Simo Sorce
On Tue, 12 Oct 2010 14:25:42 -0400 John Dennis jden...@redhat.com wrote: On 10/12/2010 12:01 PM, Simo Sorce wrote: On Tue, 12 Oct 2010 10:57:11 -0400 Simo Sorcesso...@redhat.com wrote: I may have inadvertently altered it while investigating the update-po issue. I will make sure I run

Re: [Freeipa-devel] DNS use cases

2010-10-13 Thread Simo Sorce
and is applied to all records regardless of where they come from. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] #318 Use openldap's ldappasswd

2010-10-13 Thread Simo Sorce
The following patch makes the ldappasswd operation use the openldap's ldappasswd command, as well as avoiding to put passwords in the command line (visible through a ps) and instead using secure temporary files that are deleted immediately after the operation. Simo. -- Simo Sorce * Red Hat

[Freeipa-devel] [PATCH] #316 Avoid installing files in /usr

2010-10-13 Thread Simo Sorce
The default setup-ds.pl configuration installs ds scripts in /usr With this patch the customized scripts are kep in /var/lib/dirsrv/scripts-instance-name instead of /usr/lib/dirsrv/slapd-instance-name Simo. -- Simo Sorce * Red Hat, Inc * New York From d450b7da7a0f5ec7c967f3ad332235ffb1fdb631

Re: [Freeipa-devel] [PATCH] #316 Avoid installing files in /usr

2010-10-14 Thread Simo Sorce
On Thu, 14 Oct 2010 13:28:14 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: The default setup-ds.pl configuration installs ds scripts in /usr With this patch the customized scripts are kep in /var/lib/dirsrv/scripts-instance-name instead of /usr/lib/dirsrv/slapd

Re: [Freeipa-devel] [PATCH] #318 Use openldap's ldappasswd

2010-10-14 Thread Simo Sorce
On Thu, 14 Oct 2010 13:30:33 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: The following patch makes the ldappasswd operation use the openldap's ldappasswd command, as well as avoiding to put passwords in the command line (visible through a ps) and instead using

Re: [Freeipa-devel] [PATCH] #319 better cope with ntp config files

2010-10-15 Thread Simo Sorce
On Fri, 15 Oct 2010 10:05:50 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Instead of replacing the files altogether parse them and add only the options we care about. For ntp.conf those are the server related options. For sysconfig/ntpd we care of adding just -x

Re: [Freeipa-devel] [PATCH] #319 better cope with ntp config files

2010-10-15 Thread Simo Sorce
On Fri, 15 Oct 2010 10:27:59 -0400 Simo Sorce sso...@redhat.com wrote: Right, thanks for catching this, my python got a bit rusty in the last few months :) Ok, changed the patch according to your guidelines, and retested. Also caught a bug that didn't show up with the previous way I did

Re: [Freeipa-devel] Some thoughts about login services

2010-10-15 Thread Simo Sorce
On Fri, 15 Oct 2010 14:12:22 -0400 Dmitri Pal d...@redhat.com wrote: Simo Sorce wrote: I'd go for the last one, may be ugly, but does not undo anything that already works and has the effect of simplifying the UI which is what you are after right now. Of course that also means the UI

Re: [Freeipa-devel] [PATCH] 581 remove enrolledBy when unenrolled

2010-10-15 Thread Simo Sorce
On Fri, 15 Oct 2010 17:27:07 -0400 Rob Crittenden rcrit...@redhat.com wrote: Remove the enrolledBy when a host is unenrolled (which is the same as disabling the host). ticket 301 rob nack, if host can write enrolledBy it can fake info Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] admiyo-freeipa-0056-removing-dead-files

2010-10-15 Thread Simo Sorce
stuff builds from scratch before pushing patches. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] beef up .gitignore

2010-10-18 Thread Simo Sorce
We are not ignoring enough stuff, every time you run make you get a ton of files in git status These changes returned to me a very clean git status at last :-) Simo. -- Simo Sorce * Red Hat, Inc * New York From b37c2d5883714a4d86dfe6d610b8162f2c267ee3 Mon Sep 17 00:00:00 2001 From: Simo Sorce

Re: [Freeipa-devel] [PATCH] #394 Fix ldappasswd on some OSs

2010-10-18 Thread Simo Sorce
On Mon, 18 Oct 2010 11:56:10 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Apparnetly my f14 test environment didn't need the host name but in some cases w/o it the passwd change will fail because SSL verification fails. The attached patch should fix the issue

[Freeipa-devel] [PATCH] #360 ipa-uuid plugin

2010-10-18 Thread Simo Sorce
These 2 patches configure and load a new plugin that uses internal DS functions to generate UUIDs. The plugin is similar to DNA but instead of generating sequential numbers it generates UUIDs (type 1). These patches do not yet remove the UUID code in the framework. Simo. -- Simo Sorce * Red

[Freeipa-devel] [PATCH] #403 Handle multiline options in sysconfig.ntpd

2010-10-20 Thread Simo Sorce
In some Fedora versions /etc/sysconfig/ntpd has OPTIONS scattered on multiple line through shell expansion. Handle simple cases like that. Simo. -- Simo Sorce * Red Hat, Inc * New York From 3f140eff0e264bae3d23b1e8a94f52886ba09469 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com

Re: [Freeipa-devel] [PATCH] #403 Handle multiline options in sysconfig.ntpd

2010-10-21 Thread Simo Sorce
On Wed, 20 Oct 2010 22:25:26 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: In some Fedora versions /etc/sysconfig/ntpd has OPTIONS scattered on multiple line through shell expansion. Handle simple cases like that. Simo. I think this will work, it's just one

Re: [Freeipa-devel] [PATCH] #360 ipa-uuid plugin

2010-10-22 Thread Simo Sorce
On Tue, 19 Oct 2010 17:13:03 -0400 Simo Sorce sso...@redhat.com wrote: On Mon, 18 Oct 2010 17:15:29 -0400 Simo Sorce sso...@redhat.com wrote: These 2 patches configure and load a new plugin that uses internal DS functions to generate UUIDs. The plugin is similar to DNA but instead

Re: [Freeipa-devel] [PATCH] #403 Handle multiline options in sysconfig.ntpd

2010-10-22 Thread Simo Sorce
On Thu, 21 Oct 2010 17:07:01 -0400 Simo Sorce sso...@redhat.com wrote: On Wed, 20 Oct 2010 22:25:26 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: In some Fedora versions /etc/sysconfig/ntpd has OPTIONS scattered on multiple line through shell expansion

Re: [Freeipa-devel] [PATCH] #403 Handle multiline options in sysconfig.ntpd

2010-10-22 Thread Simo Sorce
On Fri, 22 Oct 2010 16:43:47 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: On Thu, 21 Oct 2010 17:07:01 -0400 Simo Sorcesso...@redhat.com wrote: On Wed, 20 Oct 2010 22:25:26 -0400 Rob Crittendenrcrit...@redhat.com wrote: Simo Sorce wrote: In some Fedora

Re: [Freeipa-devel] [PATCH] #360 ipa-uuid plugin

2010-10-22 Thread Simo Sorce
On Fri, 22 Oct 2010 17:05:46 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: On Tue, 19 Oct 2010 17:13:03 -0400 Simo Sorcesso...@redhat.com wrote: On Mon, 18 Oct 2010 17:15:29 -0400 Simo Sorcesso...@redhat.com wrote: These 2 patches configure and load a new

[Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

2010-10-22 Thread Simo Sorce
This plugin intercepts a modrdn change so that when a user is renamed the krbprincipalname is changhed accordingly. The second patch activates the plugin. Simo. -- Simo Sorce * Red Hat, Inc * New York From 8dbbc7a916202905375358670c5b7a6378f7e67d Mon Sep 17 00:00:00 2001 From: Simo Sorce sso

Re: [Freeipa-devel] [PATCH] 561 set default python encoding to utf-8

2010-10-22 Thread Simo Sorce
() 'utf-8' This will be linked into IPA in a future patch. The code was written by John, I'm just packaging it, so he gets all the credit :-) Since I was messing with the spec file I also removed glob that was pulling in a slew of duplicate files for the UI. Ack. -- Simo Sorce * Red Hat

Re: [Freeipa-devel] [PATCH] 562 set default encoding, print as unicode

2010-10-22 Thread Simo Sorce
the encoding plugin that this loads. rob ACK Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 566 disallow writes on some attributes

2010-10-22 Thread Simo Sorce
. rob ACK. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 577 Grant /usr/sbin/ipa_kpasswd name_bind access.

2010-10-22 Thread Simo Sorce
. ticket 73 ACK Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 584 fix 2 tests

2010-10-22 Thread Simo Sorce
On Wed, 20 Oct 2010 13:19:29 -0400 Rob Crittenden rcrit...@redhat.com wrote: The first test is a mismatch in the sample output of an exception. The second test adds certificate information output to the service plugin. ACK Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] Should we remove the reset button?

2010-10-23 Thread Simo Sorce
already, and there slight risk of hitting the wrong button may in fact outweigh the value of putting the feature in place. I wouldn't be opposed to removing it. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

2010-10-25 Thread Simo Sorce
On Mon, 25 Oct 2010 10:39:06 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: On Fri, 22 Oct 2010 17:46:55 -0400 Rob Crittendenrcrit...@redhat.com wrote: Simo Sorce wrote: This plugin intercepts a modrdn change so that when a user is renamed the krbprincipalname

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

2010-10-25 Thread Simo Sorce
On Mon, 25 Oct 2010 11:42:09 -0400 Nalin Dahyabhai na...@redhat.com wrote: On Mon, Oct 25, 2010 at 10:53:19AM -0400, Rob Crittenden wrote: Simo Sorce wrote: Can you do a modrdn modification on a compat plugin entry ? Well, right, I don't know :-) And if not, what error would be raised

[Freeipa-devel] [PATCH] plugins slim down

2010-10-25 Thread Simo Sorce
I had some unusued functions in the uuid and modrdn plugins, do to copypaste. Remove unused functions. Simo. -- Simo Sorce * Red Hat, Inc * New York From 60e4b0c7f096e4cfb8827f3127a794bc6f970bb0 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Mon, 25 Oct 2010 17:12:18 -0400

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

2010-10-26 Thread Simo Sorce
On Mon, 25 Oct 2010 20:27:04 -0400 Nalin Dahyabhai na...@redhat.com wrote: On Mon, Oct 25, 2010 at 06:59:18PM -0400, Simo Sorce wrote: I was meaning to ask you if we have any other way around. Is it possible to use a random salt instead of the principal name ? We do enforce pre

Re: [Freeipa-devel] [PATCH] whoami goodby

2010-10-26 Thread Simo Sorce
On Mon, 25 Oct 2010 20:38:04 -0400 Adam Young ayo...@redhat.com wrote: removal of the whoami plugin ACK -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-devel] [PATCH] 585 entitlement plugin

2010-10-26 Thread Simo Sorce
development. rob This plugin seem to depend on python libraries that are not available in Fedora nor any other distribution. ECANTTEST NACK until that is fixed. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa

Re: [Freeipa-devel] Proposed standard for Patches: RFC

2010-10-26 Thread Simo Sorce
and have the full URL as a nice optional. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Proposed standard for Patches: RFC

2010-10-26 Thread Simo Sorce
On Tue, 26 Oct 2010 14:22:01 -0400 Adam Young ayo...@redhat.com wrote: On 10/26/2010 02:08 PM, Simo Sorce wrote: On Tue, 26 Oct 2010 13:40:11 -0400 Adam Youngayo...@redhat.com wrote: We've been doing this informally for a while, and I think, if we all agree to the format

Re: [Freeipa-devel] Proposed standard for Patches: RFC

2010-10-26 Thread Simo Sorce
. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] RFC wrt little snag in LDAPCreate when ipa_uuid manipulates the DN on entry add

2010-10-26 Thread Simo Sorce
LDAPCreate so that we can pass in a filter. If the caller passes in a filter we use that instead of the DN to search the entry back. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

[Freeipa-devel] [PATCHES] Address #413 and Complete UUID related changes

2010-10-27 Thread Simo Sorce
Sorce * Red Hat, Inc * New York From c6aa13c14280cc36fb3ad443b2f584d488d2fe53 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Tue, 26 Oct 2010 11:29:53 -0400 Subject: [PATCH 1/3] ipa_uuid: Handle generation of the uuid when it is a RDN --- daemons/ipa-slapi-plugins/ipa-uuid

[Freeipa-devel] [PATCH] #412 Make always use of special salt type

2010-10-27 Thread Simo Sorce
they will prevent renames from working correctly. By default special is used. Simo. -- Simo Sorce * Red Hat, Inc * New York From 2accddf2bb85ea41e73c2ff48f4c39fc4c6b5e90 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Wed, 27 Oct 2010 15:05:56 -0400 Subject: [PATCH] pwd-plugin: Always

Re: [Freeipa-devel] RFC wrt little snag in LDAPCreate when ipa_uuid manipulates the DN on entry add

2010-10-27 Thread Simo Sorce
On Wed, 27 Oct 2010 14:52:17 -0600 Rich Megginson rmegg...@redhat.com wrote: Rob Crittenden wrote: Simo Sorce wrote: On Wed, 27 Oct 2010 09:35:17 -0400 Adam Youngayo...@redhat.com wrote: I'm not up to speed on this code. Why do a find right after create? I guess to pick up all

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

2010-10-28 Thread Simo Sorce
On Wed, 27 Oct 2010 22:25:26 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: This plugin intercepts a modrdn change so that when a user is renamed the krbprincipalname is changhed accordingly. The second patch activates the plugin. Simo. ack x2 rob pushed

Re: [Freeipa-devel] [PATCHES] UUID Plugin: Code fixes and cleanups

2010-10-28 Thread Simo Sorce
On Wed, 27 Oct 2010 22:26:12 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: These are a few minor fixes and cleanups I split in multiple patches for easier review. 1. makes sure we reset the generate flag at every loop, so that we do not risk a false positive

  1   2   3   4   5   6   7   8   9   10   >