On Wed, 2009-07-22 at 20:09 +0200, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All three patches with corrections are attached. Some comments inline.
Patches look good to me, ack to all three.
Simo.
___
Freeipa-devel mailing
On Fri, 2009-07-24 at 15:52 +0200, Sumit Bose wrote:
After a discussion on irc Simo and I came to the conclusion that the
conditional code in DEBUG would prevent gcc from optimizing away the
check.
ACK
pushed.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
Hello Freeipa and sssd developers and followers,
we've decided to move sssd development to its own mailing list so that
freeipa proper development and sssd are not intermixed.
sssd is not simply a component of Freeipa although it will be a key
piece of the client functionality, sssd works on its
. There is always a symbolic link to the latest named
MasterCRL.bin. I had to add some SELinux permissions to let Apache
read
these files.
ack, awesome and so simple.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
to TCP/IP sockets.
Ah thanks for this, nice to see we finally get to use ldapi.
ACK!
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Thu, 2009-08-27 at 00:41 -0400, Simo Sorce wrote:
On Wed, 2009-08-26 at 14:13 -0400, Rob Crittenden wrote:
This enables an ldapi listening socket in the LDAP server and
configures
the management framework to use it instead of ldap://localhost:389/
To disable this remove
.
It
wasn't getting set as Critical because somehow I had it sending a 7
instead of a y :-(
Ack.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa
On Mon, 2009-08-31 at 18:50 -0600, Rich Megginson wrote:
Simo Sorce wrote:
On Mon, 2009-08-31 at 13:23 -0700, Karsten Wade wrote:
Richard looked at the license-specific version, made some suggestions,
then asked if there is a reason for being GPLv2 only as a project and
codebase
On Wed, 2009-09-02 at 02:37 +0200, Martin Nagy wrote:
BIND starting before we apply LDAP updates and restart kdc and
directory
server causes trouble. We resolve this for now by postponing BIND
start
to the end of installation.
Ack,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
.
The patch was attached :-)
One question comes to mind though, you are giving access to any socket
labeled initrc_t (if my selinux policy reading skills are good enough,
which may not be).
Shouldn't we discuss with the DS team to have a more specific label for
this socket ?
Simo.
--
Simo Sorce
On Fri, 2009-08-28 at 13:12 -0400, Rob Crittenden wrote:
The management framework wasn't working with SELinux over ldapi
because
it lacked permission to access the unix socket. This patch grants
permission.
The patch itself looks good anyway, so it's an ACK for me.
Simo.
--
Simo Sorce
On Fri, 2009-08-28 at 18:06 -0400, Rob Crittenden wrote:
The ldapi code I committed yesterday didn't work with SELinux
enabled.
This patch addresses that.
ACK,
although the same question as for the other patch wrt initrd_t context
for the socket remains.
Simo.
--
Simo Sorce * Red Hat, Inc
On Thu, 2009-09-10 at 08:16 -0700, Nathan Kinder wrote:
On 09/10/2009 07:40 AM, Jenny Galipeau wrote:
Simo Sorce wrote:
On Thu, 2009-09-10 at 10:20 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
The management framework wasn't working with SELinux over ldapi
because it lacked
-http.conf ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
. It isn't needed in newer versions of DS.
Ack
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
available and it gets the
job
done, so ack.
So are we covering a DS bug here ? Or are we doing an asynchronous ldap
request when we should do a synchronous one and wait for it to finish
(I've fixed another place where we were doing that and racing against
our own requests) ?
Simo.
--
Simo Sorce
On Thu, 2009-10-15 at 08:15 -0700, Nathan Kinder wrote:
On 10/15/2009 06:40 AM, Simo Sorce wrote:
On Thu, 2009-10-15 at 15:28 +0200, Pavel Zuna wrote:
Rob Crittenden wrote:
One of the last steps of an install is to run through any updates. This
change adds a sleep() prior
attributes) if present, right?
Only KrbPrincipalKey I'd say.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
IMO.
Otherwise do we have any other part that checks that host
foo.example.com is asking a certificate for itself and not for
bar.example.com ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
On Thu, 2009-11-05 at 11:28 -0800, Andrew Wnuk wrote:
On 11/05/09 11:22, Simo Sorce wrote:
On Thu, 2009-11-05 at 13:21 -0500, Rob Crittenden wrote:
This is about right. What you're missing is storing the certificate
in
the service record. To do this we need to know what the target
it is the right thing to do and will face all
sorts of migration issues.
Ideas?
Unless it is a major amount of work we should use the proper syntax.
Especially for standard schema.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
not? Well, you're missing the host keytab for some reason...
Yeah, I think we should avoid half configured machines. If someone has
special needs he can script his own installation procedure the way he
wants, IMO.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
On Tue, 2009-07-21 at 15:08 -0400, Simo Sorce wrote:
On Mon, 2009-07-20 at 17:53 -0400, Nalin Dahyabhai wrote:
In krb5 1.7 and later, the stash file
(/var/kerberos/krb5kdc/.k5.$REALM
on Fedora) is created in the regular keytab format instead of the
older
less-portable one. Based from
going to make a new package for F-12 with this patch.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
diff -uPr freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py freeipa-1.2.2.new/ipa-server/ipaserver/krbinstance.py
--- freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py 2009-09-09 15:41:27.0
to do an online replica
install instead of going through the current file based replica.
Can we revisit what keeps us from doing that ? With the addition of
dogtag in 2.0 are certificates still a problem ? What else do we miss ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
at.
rob
Ack
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
(4679
bytes)]
[0002-also-ensure-that-krbCanonicalName-is-unique.patch text/plain
(1399 bytes)]
ACK to both.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman
On Fri, 26 Feb 2010 15:59:53 -0500
John Dennis jden...@redhat.com wrote:
My personal recommendation is we adopt the convention that
certificates are always PEM encoded.
+1
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing
or not.
+1 we do the same for sssd
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
manager -w password user.ldif
adding new entry uid=tuser,cn=users,cn=accounts,dc=example,dc=com
ldap_add: Operations error (1)
additional info: no krbPrincipalName present in this entry
Ack
Simo.
--
Simo Sorce * Red Hat, Inc * New York
/
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
be in rst format.
More info on style and tools also available here:
http://freeipa.org/page/Contribute#Development_Process
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com
, and it wasn't for code in the
main git repo, so no bug yet.
As a general rule I don't like that apache gets to write to the file
system, esp if that means changing code that different users use at
the same time. It's a too big risk.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
crafted email ...
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Wed, 08 Sep 2010 15:02:12 -0400
Dmitri Pal d...@redhat.com wrote:
Simo Sorce wrote:
On Tue, 07 Sep 2010 14:45:49 +0200
Pavel Zuna pz...@redhat.com wrote:
Enough text. Waiting for comments. :)
I have one question.
Have you made any consideration wrt security
to me.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
:)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Fri, 1 Oct 2010 10:40:34 -0400
Simo Sorce sso...@redhat.com wrote:
On Wed, 29 Sep 2010 18:00:15 -0400
Simo Sorce sso...@redhat.com wrote:
I was looking into a few bugs to fix in the plugin and realized it
was so big an messy that it would greatly help readbility if we
splitted
This patch fixes bz#475051/trac#223
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From fdf2092618c68065b3880f9f01567c94e36ae57d Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Fri, 1 Oct 2010 12:13:43 -0400
Subject: [PATCH 1/6] pwd-plugin: Remove 14 chars limitation from
Cosmetic changes to fix code style and LDAP attribute descriptions.
--
Simo Sorce * Red Hat, Inc * New York
From d89e2d07e7b306b95cafb27e9cf355fa3835d1cc Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Fri, 1 Oct 2010 12:29:05 -0400
Subject: [PATCH 2/6] pwd-plugin: format
Long overdue, fix TODOs in the code.
With this patch it is now possible to configure the password plugin so
that only certain types of NTLM hashes are created for Samba objects.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 77b22920bb962c46712c31ac1d66b757b02c7c5a Mon Sep 17 00:00:00 2001
fix style in some more code.
purely cosmetic again.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From faeb3b4677cefdd32ae05de8468a6456aef0761d Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Mon, 4 Oct 2010 15:17:55 -0400
Subject: [PATCH 6/6] Fix ipapwd_start() style
Trun
This patch properly roatets the password history so the oldest entry is
pushed out when we reach the max entries limit.
Fixes bz#527879/trac#256
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 176ee45d4acd31c6cbee8e70e56f66009515e354 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso
On Mon, 04 Oct 2010 22:40:25 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
Long overdue, fix TODOs in the code.
With this patch it is now possible to configure the password plugin
so that only certain types of NTLM hashes are created for Samba
objects.
Simo
On Mon, 04 Oct 2010 22:38:31 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
Cosmetic changes to fix code style and LDAP attribute descriptions.
ACK x2
pushed to master
Simo.
--
Simo Sorce * Red Hat, Inc * New York
On Tue, 05 Oct 2010 08:40:03 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
On Mon, 04 Oct 2010 22:42:02 -0400
Rob Crittendenrcrit...@redhat.com wrote:
Simo Sorce wrote:
fix style in some more code.
purely cosmetic again.
Simo.
Shouldn't this contain
On Mon, 04 Oct 2010 23:02:18 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
This patch properly roatets the password history so the oldest
entry is pushed out when we reach the max entries limit.
Fixes bz#527879/trac#256
Simo.
This was a little confusing
#464564/trac#221)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From d6425215c92dba5af4dd108a492620b53c649702 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Tue, 5 Oct 2010 17:35:16 -0400
Subject: [PATCH] Always detect openldap and mozldap at the same time
Slapi plugins must use
On Wed, 06 Oct 2010 16:56:31 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
Set the sambaPwdLastSet when changing password for a user that has
the sambaSamAccount objectclass, so that samba is kept in sync with
the status of the user account wrt whether the user need
On Wed, 06 Oct 2010 13:59:49 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
During uninstall we were asking useless questions about removing SRV
and NS records from LDAP.
An uninstall implies the LDAP repository will be wiped out anyway.
Avoid asking these questions
On Wed, 06 Oct 2010 16:56:21 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
We need to always use mozldap ldap headers for slapi plugins, untill
389 ds moves to openldap libs.
But at the same time we want to move to openldap libs for anything
else.
Fix configure
On Thu, 07 Oct 2010 11:25:50 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
I thought I tested ipa-getkeytab but I was wrong as we do not use it
during the install.
Turns out my patch to split the pwd plugin in multiple files had
still one error that showed up only
On Thu, 07 Oct 2010 11:01:01 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
This patch changes all the logging done through slapi_log_error()
to go thorugh macros. It simplifies calling the log function and
adds information in an automated way to help debugging in case
.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Mon, 11 Oct 2010 14:18:11 -0400
John Dennis jden...@redhat.com wrote:
On 10/11/2010 01:01 PM, Simo Sorce wrote:
On Fri, 08 Oct 2010 10:26:18 -0400
Rob Crittendenrcrit...@redhat.com wrote:
Simo Sorce wrote:
This is some very basic initial localization work for the C tools.
I
On Mon, 11 Oct 2010 14:36:49 -0400
John Dennis jden...@redhat.com wrote:
On 10/11/2010 02:18 PM, John Dennis wrote:
On 10/11/2010 01:01 PM, Simo Sorce wrote:
On Fri, 08 Oct 2010 10:26:18 -0400
Rob Crittendenrcrit...@redhat.com wrote:
Simo Sorce wrote:
This is some very basic
On Tue, 12 Oct 2010 10:44:29 -0400
John Dennis jden...@redhat.com wrote:
On 10/11/2010 06:43 PM, Simo Sorce wrote:
Ok, I've filtered out a few other files/directories. I think the
list now is correct, but whoever will end up reviewing this patchset
*please* explicitly ack if you think
On Tue, 12 Oct 2010 14:25:42 -0400
John Dennis jden...@redhat.com wrote:
On 10/12/2010 12:01 PM, Simo Sorce wrote:
On Tue, 12 Oct 2010 10:57:11 -0400
Simo Sorcesso...@redhat.com wrote:
I may have inadvertently altered it while investigating the
update-po issue. I will make sure I run
and is applied to all records regardless of where they come from.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
The following patch makes the ldappasswd operation use the openldap's
ldappasswd command, as well as avoiding to put passwords in the command
line (visible through a ps) and instead using secure temporary files
that are deleted immediately after the operation.
Simo.
--
Simo Sorce * Red Hat
The default setup-ds.pl configuration installs ds scripts in /usr
With this patch the customized scripts are kep
in /var/lib/dirsrv/scripts-instance-name instead of
/usr/lib/dirsrv/slapd-instance-name
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From d450b7da7a0f5ec7c967f3ad332235ffb1fdb631
On Thu, 14 Oct 2010 13:28:14 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
The default setup-ds.pl configuration installs ds scripts in /usr
With this patch the customized scripts are kep
in /var/lib/dirsrv/scripts-instance-name instead of
/usr/lib/dirsrv/slapd
On Thu, 14 Oct 2010 13:30:33 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
The following patch makes the ldappasswd operation use the
openldap's ldappasswd command, as well as avoiding to put passwords
in the command line (visible through a ps) and instead using
On Fri, 15 Oct 2010 10:05:50 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
Instead of replacing the files altogether parse them and add only
the options we care about.
For ntp.conf those are the server related options.
For sysconfig/ntpd we care of adding just -x
On Fri, 15 Oct 2010 10:27:59 -0400
Simo Sorce sso...@redhat.com wrote:
Right, thanks for catching this, my python got a bit rusty in the last
few months :)
Ok, changed the patch according to your guidelines, and retested.
Also caught a bug that didn't show up with the previous way I did
On Fri, 15 Oct 2010 14:12:22 -0400
Dmitri Pal d...@redhat.com wrote:
Simo Sorce wrote:
I'd go for the last one, may be ugly, but does not undo anything
that already works and has the effect of simplifying the UI which
is what you are after right now. Of course that also means the UI
On Fri, 15 Oct 2010 17:27:07 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Remove the enrolledBy when a host is unenrolled (which is the same as
disabling the host).
ticket 301
rob
nack, if host can write enrolledBy it can fake info
Simo.
--
Simo Sorce * Red Hat, Inc * New York
stuff builds from scratch before
pushing patches.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
We are not ignoring enough stuff, every time you run make you get a ton
of files in git status
These changes returned to me a very clean git status at last :-)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From b37c2d5883714a4d86dfe6d610b8162f2c267ee3 Mon Sep 17 00:00:00 2001
From: Simo Sorce
On Mon, 18 Oct 2010 11:56:10 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
Apparnetly my f14 test environment didn't need the host name but in
some cases w/o it the passwd change will fail because SSL
verification fails.
The attached patch should fix the issue
These 2 patches configure and load a new plugin that uses internal DS
functions to generate UUIDs.
The plugin is similar to DNA but instead of generating sequential
numbers it generates UUIDs (type 1).
These patches do not yet remove the UUID code in the framework.
Simo.
--
Simo Sorce * Red
In some Fedora versions /etc/sysconfig/ntpd has OPTIONS scattered on
multiple line through shell expansion.
Handle simple cases like that.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 3f140eff0e264bae3d23b1e8a94f52886ba09469 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
On Wed, 20 Oct 2010 22:25:26 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
In some Fedora versions /etc/sysconfig/ntpd has OPTIONS scattered on
multiple line through shell expansion.
Handle simple cases like that.
Simo.
I think this will work, it's just one
On Tue, 19 Oct 2010 17:13:03 -0400
Simo Sorce sso...@redhat.com wrote:
On Mon, 18 Oct 2010 17:15:29 -0400
Simo Sorce sso...@redhat.com wrote:
These 2 patches configure and load a new plugin that uses internal
DS functions to generate UUIDs.
The plugin is similar to DNA but instead
On Thu, 21 Oct 2010 17:07:01 -0400
Simo Sorce sso...@redhat.com wrote:
On Wed, 20 Oct 2010 22:25:26 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
In some Fedora versions /etc/sysconfig/ntpd has OPTIONS scattered
on multiple line through shell expansion
On Fri, 22 Oct 2010 16:43:47 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
On Thu, 21 Oct 2010 17:07:01 -0400
Simo Sorcesso...@redhat.com wrote:
On Wed, 20 Oct 2010 22:25:26 -0400
Rob Crittendenrcrit...@redhat.com wrote:
Simo Sorce wrote:
In some Fedora
On Fri, 22 Oct 2010 17:05:46 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
On Tue, 19 Oct 2010 17:13:03 -0400
Simo Sorcesso...@redhat.com wrote:
On Mon, 18 Oct 2010 17:15:29 -0400
Simo Sorcesso...@redhat.com wrote:
These 2 patches configure and load a new
This plugin intercepts a modrdn change so that when a user is renamed
the krbprincipalname is changhed accordingly.
The second patch activates the plugin.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 8dbbc7a916202905375358670c5b7a6378f7e67d Mon Sep 17 00:00:00 2001
From: Simo Sorce sso
()
'utf-8'
This will be linked into IPA in a future patch. The code was written
by John, I'm just packaging it, so he gets all the credit :-)
Since I was messing with the spec file I also removed glob that was
pulling in a slew of duplicate files for the UI.
Ack.
--
Simo Sorce * Red Hat
the encoding
plugin that this loads.
rob
ACK
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
.
rob
ACK.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
.
ticket 73
ACK
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Wed, 20 Oct 2010 13:19:29 -0400
Rob Crittenden rcrit...@redhat.com wrote:
The first test is a mismatch in the sample output of an exception.
The second test adds certificate information output to the service
plugin.
ACK
Simo.
--
Simo Sorce * Red Hat, Inc * New York
already, and there slight risk
of hitting the wrong button may in fact outweigh the value of putting
the feature in place.
I wouldn't be opposed to removing it.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa
On Mon, 25 Oct 2010 10:39:06 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
On Fri, 22 Oct 2010 17:46:55 -0400
Rob Crittendenrcrit...@redhat.com wrote:
Simo Sorce wrote:
This plugin intercepts a modrdn change so that when a user is
renamed the krbprincipalname
On Mon, 25 Oct 2010 11:42:09 -0400
Nalin Dahyabhai na...@redhat.com wrote:
On Mon, Oct 25, 2010 at 10:53:19AM -0400, Rob Crittenden wrote:
Simo Sorce wrote:
Can you do a modrdn modification on a compat plugin entry ?
Well, right, I don't know :-) And if not, what error would be
raised
I had some unusued functions in the uuid and modrdn plugins, do to
copypaste.
Remove unused functions.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 60e4b0c7f096e4cfb8827f3127a794bc6f970bb0 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Mon, 25 Oct 2010 17:12:18 -0400
On Mon, 25 Oct 2010 20:27:04 -0400
Nalin Dahyabhai na...@redhat.com wrote:
On Mon, Oct 25, 2010 at 06:59:18PM -0400, Simo Sorce wrote:
I was meaning to ask you if we have any other way around. Is it
possible to use a random salt instead of the principal name ?
We do enforce pre
On Mon, 25 Oct 2010 20:38:04 -0400
Adam Young ayo...@redhat.com wrote:
removal of the whoami plugin
ACK
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa
development.
rob
This plugin seem to depend on python libraries that are not available
in Fedora nor any other distribution.
ECANTTEST
NACK until that is fixed.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa
and have the full URL as a nice optional.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Tue, 26 Oct 2010 14:22:01 -0400
Adam Young ayo...@redhat.com wrote:
On 10/26/2010 02:08 PM, Simo Sorce wrote:
On Tue, 26 Oct 2010 13:40:11 -0400
Adam Youngayo...@redhat.com wrote:
We've been doing this informally for a while, and I think, if we
all agree to the format
.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
LDAPCreate so that we can pass in a filter. If the caller
passes in a filter we use that instead of the DN to search the entry
back.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
Sorce * Red Hat, Inc * New York
From c6aa13c14280cc36fb3ad443b2f584d488d2fe53 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Tue, 26 Oct 2010 11:29:53 -0400
Subject: [PATCH 1/3] ipa_uuid: Handle generation of the uuid when it is a RDN
---
daemons/ipa-slapi-plugins/ipa-uuid
they will
prevent renames from working correctly.
By default special is used.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 2accddf2bb85ea41e73c2ff48f4c39fc4c6b5e90 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Wed, 27 Oct 2010 15:05:56 -0400
Subject: [PATCH] pwd-plugin: Always
On Wed, 27 Oct 2010 14:52:17 -0600
Rich Megginson rmegg...@redhat.com wrote:
Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 27 Oct 2010 09:35:17 -0400
Adam Youngayo...@redhat.com wrote:
I'm not up to speed on this code. Why do a find right after
create?
I guess to pick up all
On Wed, 27 Oct 2010 22:25:26 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
This plugin intercepts a modrdn change so that when a user is
renamed the krbprincipalname is changhed accordingly.
The second patch activates the plugin.
Simo.
ack x2
rob
pushed
On Wed, 27 Oct 2010 22:26:12 -0400
Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
These are a few minor fixes and cleanups I split in multiple patches
for easier review.
1. makes sure we reset the generate flag at every loop, so that we
do not risk a false positive
1 - 100 of 1952 matches
Mail list logo