Re: [Freeipa-devel] [PATCH][SSSD] Minor cleanups in monitor.c

2009-07-22 Thread Simo Sorce
On Wed, 2009-07-22 at 12:40 -0400, Stephen Gallagher wrote: * Forgot to check for successful allocation * Used the wrong mem_ctx when allocating a timer event. ack Simo. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCHES] c-ares integration

2009-07-22 Thread Simo Sorce
On Wed, 2009-07-22 at 20:09 +0200, Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All three patches with corrections are attached. Some comments inline. Patches look good to me, ack to all three. Simo. ___ Freeipa-devel mailing

Re: [Freeipa-devel] [PATCH] Fix race condition leading to segfaults

2009-07-24 Thread Simo Sorce
On Fri, 2009-07-24 at 15:52 +0200, Sumit Bose wrote: After a discussion on irc Simo and I came to the conclusion that the conditional code in DEBUG would prevent gcc from optimizing away the check. ACK pushed. Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCHES] c-ares integration

2009-07-24 Thread Simo Sorce
On Thu, 2009-07-23 at 10:56 +0200, Jakub Hrozek wrote: On 07/22/2009 10:11 PM, Simo Sorce wrote: Patches look good to me, ack to all three. Simo. Thank you for the review, attached are rebased versions as those I sent did not apply cleanly on top of current HEAD. Pushed. Simo

[Freeipa-devel] New List: sssd development moves

2009-08-05 Thread Simo Sorce
Hello Freeipa and sssd developers and followers, we've decided to move sssd development to its own mailing list so that freeipa proper development and sssd are not intermixed. sssd is not simply a component of Freeipa although it will be a key piece of the client functionality, sssd works on its

Re: [Freeipa-devel] [PATCH] Make child processes exit when parent dies

2009-08-06 Thread Simo Sorce
On Wed, 2009-08-05 at 18:25 -0400, Dmitri Pal wrote: Jakub Hrozek wrote: The attached patch addresses ticket #84. The implementation is unfortunately Linux-specific as it uses the prctl(2) syscall. Ideas how to accomplish this in a cross-platform manner are welcome. Jakub How

Re: [Freeipa-devel] [PATCH] 255 publish CRLs

2009-08-24 Thread Simo Sorce
. There is always a symbolic link to the latest named MasterCRL.bin. I had to add some SELinux permissions to let Apache read these files. ack, awesome and so simple. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 257 Enable ldapi in the management framework

2009-08-26 Thread Simo Sorce
to TCP/IP sockets. Ah thanks for this, nice to see we finally get to use ldapi. ACK! Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 257 Enable ldapi in the management framework

2009-08-26 Thread Simo Sorce
On Thu, 2009-08-27 at 00:41 -0400, Simo Sorce wrote: On Wed, 2009-08-26 at 14:13 -0400, Rob Crittenden wrote: This enables an ldapi listening socket in the LDAP server and configures the management framework to use it instead of ldap://localhost:389/ To disable this remove

Re: [Freeipa-devel] [PATCH] 260 allow a CA to be regenerated

2009-08-28 Thread Simo Sorce
. It wasn't getting set as Critical because somehow I had it sending a 7 instead of a y :-( Ack. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-devel] contribution policy update, what's next

2009-08-31 Thread Simo Sorce
is GPLv2+exceptions, but I have no problem in clearly spelling out that plugins have a different license because of their dependency and move on with the rest of the code. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa

Re: [Freeipa-devel] contribution policy update, what's next

2009-09-01 Thread Simo Sorce
On Mon, 2009-08-31 at 18:50 -0600, Rich Megginson wrote: Simo Sorce wrote: On Mon, 2009-08-31 at 13:23 -0700, Karsten Wade wrote: Richard looked at the license-specific version, made some suggestions, then asked if there is a reason for being GPLv2 only as a project and codebase

Re: [Freeipa-devel] contribution policy update, what's next

2009-09-01 Thread Simo Sorce
is not that easy. It is true that the DS core is arguably not derived from any of its plugins, but still I'd like legal's opinion on what license a plugin can have to be compatible in the other direction. Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] Start bind only after restarting kdc and dirsrv

2009-09-02 Thread Simo Sorce
On Wed, 2009-09-02 at 02:37 +0200, Martin Nagy wrote: BIND starting before we apply LDAP updates and restart kdc and directory server causes trouble. We resolve this for now by postponing BIND start to the end of installation. Ack, Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] 264 own IPA httpd conf files

2009-09-03 Thread Simo Sorce
On Wed, 2009-09-02 at 18:04 -0400, Rob Crittenden wrote: For IPA 1-2 Have our spec file own the Apache configuration files we create. ACK Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

Re: [Freeipa-devel] [PATCH] 259 Fix selinux issue with ldapi

2009-09-10 Thread Simo Sorce
. The patch was attached :-) One question comes to mind though, you are giving access to any socket labeled initrc_t (if my selinux policy reading skills are good enough, which may not be). Shouldn't we discuss with the DS team to have a more specific label for this socket ? Simo. -- Simo Sorce

Re: [Freeipa-devel] [PATCH] 259 Fix selinux issue with ldapi

2009-09-10 Thread Simo Sorce
On Fri, 2009-08-28 at 13:12 -0400, Rob Crittenden wrote: The management framework wasn't working with SELinux over ldapi because it lacked permission to access the unix socket. This patch grants permission. The patch itself looks good anyway, so it's an ACK for me. Simo. -- Simo Sorce

Re: [Freeipa-devel] [PATCH] 261 Many SELinux fixes

2009-09-10 Thread Simo Sorce
On Fri, 2009-08-28 at 18:06 -0400, Rob Crittenden wrote: The ldapi code I committed yesterday didn't work with SELinux enabled. This patch addresses that. ACK, although the same question as for the other patch wrt initrd_t context for the socket remains. Simo. -- Simo Sorce * Red Hat, Inc

Re: [Freeipa-devel] [PATCH] 259 Fix selinux issue with ldapi

2009-09-10 Thread Simo Sorce
On Thu, 2009-09-10 at 08:16 -0700, Nathan Kinder wrote: On 09/10/2009 07:40 AM, Jenny Galipeau wrote: Simo Sorce wrote: On Thu, 2009-09-10 at 10:20 -0400, Rob Crittenden wrote: Rob Crittenden wrote: The management framework wasn't working with SELinux over ldapi because it lacked

Re: [Freeipa-devel] [PATCH] 270 handle all exceptions in XML-RPC server

2009-09-11 Thread Simo Sorce
a context already exists. ack -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 277 properly own Apache config files

2009-09-17 Thread Simo Sorce
-http.conf ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 296 work with newer schema layout of 389-DS

2009-10-15 Thread Simo Sorce
. It isn't needed in newer versions of DS. Ack Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 294 sleep before doing a task

2009-10-15 Thread Simo Sorce
available and it gets the job done, so ack. So are we covering a DS bug here ? Or are we doing an asynchronous ldap request when we should do a synchronous one and wait for it to finish (I've fixed another place where we were doing that and racing against our own requests) ? Simo. -- Simo Sorce

Re: [Freeipa-devel] [PATCH] 294 sleep before doing a task

2009-10-15 Thread Simo Sorce
On Thu, 2009-10-15 at 08:15 -0700, Nathan Kinder wrote: On 10/15/2009 06:40 AM, Simo Sorce wrote: On Thu, 2009-10-15 at 15:28 +0200, Pavel Zuna wrote: Rob Crittenden wrote: One of the last steps of an install is to run through any updates. This change adds a sleep() prior

[Freeipa-devel] Re: [PATCH] Allow adding entries with pre-hashed passwords, but don't generate keys for them.

2009-10-19 Thread Simo Sorce
attributes) if present, right? Only KrbPrincipalKey I'd say. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Add DS to IPA migration plugin and password migration page.

2009-10-30 Thread Simo Sorce
this is a different thing I can agree with. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Re: Certificate enrollment, principal names

2009-11-05 Thread Simo Sorce
IMO. Otherwise do we have any other part that checks that host foo.example.com is asking a certificate for itself and not for bar.example.com ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

Re: [Freeipa-devel] Re: Certificate enrollment, principal names

2009-11-05 Thread Simo Sorce
On Thu, 2009-11-05 at 11:28 -0800, Andrew Wnuk wrote: On 11/05/09 11:22, Simo Sorce wrote: On Thu, 2009-11-05 at 13:21 -0500, Rob Crittenden wrote: This is about right. What you're missing is storing the certificate in the service record. To do this we need to know what the target

Re: [Freeipa-devel] DNS schema

2009-11-05 Thread Simo Sorce
it is the right thing to do and will face all sorts of migration issues. Ideas? Unless it is a major amount of work we should use the proper syntax. Especially for standard schema. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list

Re: [Freeipa-devel] Thoughts on client configuration

2009-11-09 Thread Simo Sorce
not? Well, you're missing the host keytab for some reason... Yeah, I think we should avoid half configured machines. If someone has special needs he can script his own installation procedure the way he wants, IMO. Simo. -- Simo Sorce * Red Hat, Inc * New York

[Freeipa-devel] How to implement Magic Private Groups in FreeIPA ?

2009-11-11 Thread Simo Sorce
. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] How to implement Magic Private Groups in FreeIPA ?

2009-11-13 Thread Simo Sorce
On Fri, 2009-11-13 at 10:30 -0500, Rob Crittenden wrote: Simo Sorce wrote: On Thu, 2009-11-12 at 10:37 -0500, Dmitri Pal wrote: So killing two birds with one stone we are thinking of introducing a new attribute called posixName that has a case sensitive syntax and does not conflict

Re: [Freeipa-devel] [PATCH] handle kdb stash being a keytab

2009-11-24 Thread Simo Sorce
On Tue, 2009-07-21 at 15:08 -0400, Simo Sorce wrote: On Mon, 2009-07-20 at 17:53 -0400, Nalin Dahyabhai wrote: In krb5 1.7 and later, the stash file (/var/kerberos/krb5kdc/.k5.$REALM on Fedora) is created in the regular keytab format instead of the older less-portable one. Based from

[Freeipa-devel] patch for freeipa on Fedora 12

2009-11-24 Thread Simo Sorce
going to make a new package for F-12 with this patch. Simo. -- Simo Sorce * Red Hat, Inc * New York diff -uPr freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py freeipa-1.2.2.new/ipa-server/ipaserver/krbinstance.py --- freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py 2009-09-09 15:41:27.0

Re: [Freeipa-devel] IPAv2, replica installation can be broken

2010-01-15 Thread Simo Sorce
to do an online replica install instead of going through the current file based replica. Can we revisit what keeps us from doing that ? With the addition of dogtag in 2.0 are certificates still a problem ? What else do we miss ? Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] 348, v1.2, explicitly pull schema attributes

2010-01-18 Thread Simo Sorce
at. rob Ack -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] more basic stuff for krbCanonicalName

2010-02-05 Thread Simo Sorce
(4679 bytes)] [0002-also-ensure-that-krbCanonicalName-is-unique.patch text/plain (1399 bytes)] ACK to both. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman

Re: [Freeipa-devel] mod_wsgi troubles

2010-02-23 Thread Simo Sorce
, but also a better, clear naming will help. Perhaps adding a README in the directory that server /ipa/ that explains what should go where, might help ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] JSON problems (the woes of binary data)

2010-02-26 Thread Simo Sorce
On Fri, 26 Feb 2010 15:59:53 -0500 John Dennis jden...@redhat.com wrote: My personal recommendation is we adopt the convention that certificates are always PEM encoded. +1 Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing

Re: [Freeipa-devel] commit policy for translations (.po files)

2010-02-26 Thread Simo Sorce
or not. +1 we do the same for sssd Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 424 don't require kerberos attrs on all password changes

2010-04-23 Thread Simo Sorce
to see if the entry has kerberos objectclasses and if not then skip the kerberos code. rob Ack, looks good. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman

Re: [Freeipa-devel] [PATCH] 423 better error messages for LDAP_OPERATION_ERRORs

2010-04-23 Thread Simo Sorce
manager -w password user.ldif adding new entry uid=tuser,cn=users,cn=accounts,dc=example,dc=com ldap_add: Operations error (1) additional info: no krbPrincipalName present in this entry Ack Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] 467 fix aci-mod command

2010-06-11 Thread Simo Sorce
of aci tests we perform. While the patch as is will work, I'd like to NACK and ask to check if the ipaHost objectClass is present instead. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

Re: [Freeipa-devel] [PATCH] 468 don't run through pre-bind code on enrollment

2010-06-11 Thread Simo Sorce
/ Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Fields currently available for the user object

2010-06-17 Thread Simo Sorce
be in rst format. More info on style and tools also available here: http://freeipa.org/page/Contribute#Development_Process Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com

Re: [Freeipa-devel] Writing to /var/cache/ipa/assets/

2010-06-18 Thread Simo Sorce
, and it wasn't for code in the main git repo, so no bug yet. As a general rule I don't like that apache gets to write to the file system, esp if that means changing code that different users use at the same time. It's a too big risk. Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] Git devel approach

2010-07-09 Thread Simo Sorce
are doing, or if there are any obvious errors. http://adam.younglogic.com/?p=885 This is more or less what I do daily for SSSD and Samba and used to do with the FreeIPA stuff when I was a bit more active. Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] Communicating with FreeIPA via curl

2010-07-22 Thread Simo Sorce
. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Kerberos lockout policy

2010-08-27 Thread Simo Sorce
by replication. The suggested fix was to simply not replicate these. Rob, we do not want to replicate counters or timestamps, but we certainly want to replicate an account lock. It should happen rarely enough to reach that stage that we can replicate nsAccountLock easily. Simo. -- Simo Sorce * Red

Re: [Freeipa-devel] Kerberos lockout policy

2010-08-27 Thread Simo Sorce
On Fri, 27 Aug 2010 14:35:34 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: On Fri, 27 Aug 2010 09:41:57 -0400 Rob Crittendenrcrit...@redhat.com wrote: We had talked about this at one point, perhaps in irc, and there was some reluctance to do this since every time

Re: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!]

2010-09-08 Thread Simo Sorce
crafted email ... Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!]

2010-09-08 Thread Simo Sorce
On Wed, 08 Sep 2010 15:02:12 -0400 Dmitri Pal d...@redhat.com wrote: Simo Sorce wrote: On Tue, 07 Sep 2010 14:45:49 +0200 Pavel Zuna pz...@redhat.com wrote: Enough text. Waiting for comments. :) I have one question. Have you made any consideration wrt security

Re: [Freeipa-devel] Proposed Javascript coding standards

2010-09-13 Thread Simo Sorce
to me. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Proposed Javascript coding standards

2010-09-13 Thread Simo Sorce
:) Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] split password extop plugin in multiple files

2010-10-01 Thread Simo Sorce
On Fri, 1 Oct 2010 10:40:34 -0400 Simo Sorce sso...@redhat.com wrote: On Wed, 29 Sep 2010 18:00:15 -0400 Simo Sorce sso...@redhat.com wrote: I was looking into a few bugs to fix in the plugin and realized it was so big an messy that it would greatly help readbility if we splitted

[Freeipa-devel] [PATCH] Fix 14 char limit with NT hash

2010-10-04 Thread Simo Sorce
This patch fixes bz#475051/trac#223 Simo. -- Simo Sorce * Red Hat, Inc * New York From fdf2092618c68065b3880f9f01567c94e36ae57d Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Fri, 1 Oct 2010 12:13:43 -0400 Subject: [PATCH 1/6] pwd-plugin: Remove 14 chars limitation from

[Freeipa-devel] [PATCH] Cosmetic fixes

2010-10-04 Thread Simo Sorce
Cosmetic changes to fix code style and LDAP attribute descriptions. -- Simo Sorce * Red Hat, Inc * New York From d89e2d07e7b306b95cafb27e9cf355fa3835d1cc Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Fri, 1 Oct 2010 12:29:05 -0400 Subject: [PATCH 2/6] pwd-plugin: format

[Freeipa-devel] [PATCH] Improve NTLM hash generation configuration

2010-10-04 Thread Simo Sorce
Long overdue, fix TODOs in the code. With this patch it is now possible to configure the password plugin so that only certain types of NTLM hashes are created for Samba objects. Simo. -- Simo Sorce * Red Hat, Inc * New York From 77b22920bb962c46712c31ac1d66b757b02c7c5a Mon Sep 17 00:00:00 2001

[Freeipa-devel] [PATCH] more style fixes

2010-10-04 Thread Simo Sorce
fix style in some more code. purely cosmetic again. Simo. -- Simo Sorce * Red Hat, Inc * New York From faeb3b4677cefdd32ae05de8468a6456aef0761d Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Mon, 4 Oct 2010 15:17:55 -0400 Subject: [PATCH 6/6] Fix ipapwd_start() style Trun

[Freeipa-devel] [PATCH] Fix password history rotation

2010-10-04 Thread Simo Sorce
This patch properly roatets the password history so the oldest entry is pushed out when we reach the max entries limit. Fixes bz#527879/trac#256 Simo. -- Simo Sorce * Red Hat, Inc * New York From 176ee45d4acd31c6cbee8e70e56f66009515e354 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso

Re: [Freeipa-devel] [PATCH] more style fixes

2010-10-05 Thread Simo Sorce
On Mon, 04 Oct 2010 22:42:02 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: fix style in some more code. purely cosmetic again. Simo. Shouldn't this contain the __func__ fix as well? I stopped adding __func__ for now as it introduces a lot of warnings

Re: [Freeipa-devel] [PATCH] Improve NTLM hash generation configuration

2010-10-05 Thread Simo Sorce
On Mon, 04 Oct 2010 22:40:25 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Long overdue, fix TODOs in the code. With this patch it is now possible to configure the password plugin so that only certain types of NTLM hashes are created for Samba objects. Simo

Re: [Freeipa-devel] [PATCH] Cosmetic fixes

2010-10-05 Thread Simo Sorce
On Mon, 04 Oct 2010 22:38:31 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Cosmetic changes to fix code style and LDAP attribute descriptions. ACK x2 pushed to master Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] more style fixes

2010-10-05 Thread Simo Sorce
On Tue, 05 Oct 2010 08:40:03 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: On Mon, 04 Oct 2010 22:42:02 -0400 Rob Crittendenrcrit...@redhat.com wrote: Simo Sorce wrote: fix style in some more code. purely cosmetic again. Simo. Shouldn't this contain

Re: [Freeipa-devel] [PATCH] Fix password history rotation

2010-10-05 Thread Simo Sorce
On Mon, 04 Oct 2010 23:02:18 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: This patch properly roatets the password history so the oldest entry is pushed out when we reach the max entries limit. Fixes bz#527879/trac#256 Simo. This was a little confusing

[Freeipa-devel] [PATCH] properly check for ldap headers

2010-10-05 Thread Simo Sorce
#464564/trac#221) Simo. -- Simo Sorce * Red Hat, Inc * New York From d6425215c92dba5af4dd108a492620b53c649702 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Tue, 5 Oct 2010 17:35:16 -0400 Subject: [PATCH] Always detect openldap and mozldap at the same time Slapi plugins must use

Re: [Freeipa-devel] [PATCH] set attribute when changing passwords

2010-10-07 Thread Simo Sorce
On Wed, 06 Oct 2010 16:56:31 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Set the sambaPwdLastSet when changing password for a user that has the sambaSamAccount objectclass, so that samba is kept in sync with the status of the user account wrt whether the user need

Re: [Freeipa-devel] [PATCH] fix uninstall with bind

2010-10-07 Thread Simo Sorce
On Wed, 06 Oct 2010 13:59:49 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: During uninstall we were asking useless questions about removing SRV and NS records from LDAP. An uninstall implies the LDAP repository will be wiped out anyway. Avoid asking these questions

Re: [Freeipa-devel] [PATCH] properly check for ldap headers

2010-10-07 Thread Simo Sorce
On Wed, 06 Oct 2010 16:56:21 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: We need to always use mozldap ldap headers for slapi plugins, untill 389 ds moves to openldap libs. But at the same time we want to move to openldap libs for anything else. Fix configure

[Freeipa-devel] [PATCH] fix segfault in pwd plugin

2010-10-07 Thread Simo Sorce
I thought I tested ipa-getkeytab but I was wrong as we do not use it during the install. Turns out my patch to split the pwd plugin in multiple files had still one error that showed up only when using the ipa-getkeytab client. Patch attached. Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] fix segfault in pwd plugin

2010-10-07 Thread Simo Sorce
On Thu, 07 Oct 2010 11:25:50 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: I thought I tested ipa-getkeytab but I was wrong as we do not use it during the install. Turns out my patch to split the pwd plugin in multiple files had still one error that showed up only

Re: [Freeipa-devel] [PATCH] Improve logging for pwd plugin

2010-10-07 Thread Simo Sorce
On Thu, 07 Oct 2010 11:01:01 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: This patch changes all the logging done through slapi_log_error() to go thorugh macros. It simplifies calling the log function and adds information in an automated way to help debugging in case

Re: [Freeipa-devel] [PATCH] 550 estimated install times

2010-10-07 Thread Simo Sorce
. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Proposal about ACI management in IPA v2

2010-10-11 Thread Simo Sorce
at all? Or would it be too complex for the UI to interpret ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Initial gettext support for C tools

2010-10-11 Thread Simo Sorce
On Mon, 11 Oct 2010 14:18:11 -0400 John Dennis jden...@redhat.com wrote: On 10/11/2010 01:01 PM, Simo Sorce wrote: On Fri, 08 Oct 2010 10:26:18 -0400 Rob Crittendenrcrit...@redhat.com wrote: Simo Sorce wrote: This is some very basic initial localization work for the C tools. I

Re: [Freeipa-devel] [PATCH] Initial gettext support for C tools

2010-10-11 Thread Simo Sorce
On Mon, 11 Oct 2010 14:36:49 -0400 John Dennis jden...@redhat.com wrote: On 10/11/2010 02:18 PM, John Dennis wrote: On 10/11/2010 01:01 PM, Simo Sorce wrote: On Fri, 08 Oct 2010 10:26:18 -0400 Rob Crittendenrcrit...@redhat.com wrote: Simo Sorce wrote: This is some very basic

Re: [Freeipa-devel] [PATCH] Initial gettext support for C tools

2010-10-12 Thread Simo Sorce
On Tue, 12 Oct 2010 10:44:29 -0400 John Dennis jden...@redhat.com wrote: On 10/11/2010 06:43 PM, Simo Sorce wrote: Ok, I've filtered out a few other files/directories. I think the list now is correct, but whoever will end up reviewing this patchset *please* explicitly ack if you think

Re: [Freeipa-devel] [PATCH] Initial gettext support for C tools

2010-10-12 Thread Simo Sorce
On Tue, 12 Oct 2010 14:25:42 -0400 John Dennis jden...@redhat.com wrote: On 10/12/2010 12:01 PM, Simo Sorce wrote: On Tue, 12 Oct 2010 10:57:11 -0400 Simo Sorcesso...@redhat.com wrote: I may have inadvertently altered it while investigating the update-po issue. I will make sure I run

Re: [Freeipa-devel] DNS use cases

2010-10-13 Thread Simo Sorce
and is applied to all records regardless of where they come from. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] #318 Use openldap's ldappasswd

2010-10-13 Thread Simo Sorce
The following patch makes the ldappasswd operation use the openldap's ldappasswd command, as well as avoiding to put passwords in the command line (visible through a ps) and instead using secure temporary files that are deleted immediately after the operation. Simo. -- Simo Sorce * Red Hat

[Freeipa-devel] [PATCH] #316 Avoid installing files in /usr

2010-10-13 Thread Simo Sorce
The default setup-ds.pl configuration installs ds scripts in /usr With this patch the customized scripts are kep in /var/lib/dirsrv/scripts-instance-name instead of /usr/lib/dirsrv/slapd-instance-name Simo. -- Simo Sorce * Red Hat, Inc * New York From d450b7da7a0f5ec7c967f3ad332235ffb1fdb631

Re: [Freeipa-devel] [PATCH] #316 Avoid installing files in /usr

2010-10-14 Thread Simo Sorce
On Thu, 14 Oct 2010 13:28:14 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: The default setup-ds.pl configuration installs ds scripts in /usr With this patch the customized scripts are kep in /var/lib/dirsrv/scripts-instance-name instead of /usr/lib/dirsrv/slapd

Re: [Freeipa-devel] [PATCH] #318 Use openldap's ldappasswd

2010-10-14 Thread Simo Sorce
On Thu, 14 Oct 2010 13:30:33 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: The following patch makes the ldappasswd operation use the openldap's ldappasswd command, as well as avoiding to put passwords in the command line (visible through a ps) and instead using

Re: [Freeipa-devel] [PATCH] 575 compare resolver and dns reverse lookups

2010-10-14 Thread Simo Sorce
--no-host-dns for installation to continue. I tested by setting my own host entry in /etc/host to a bogus IP addr. ACK, looks good to me. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

Re: [Freeipa-devel] [PATCH] 578 remove ldapi socket on uninstall

2010-10-14 Thread Simo Sorce
On Thu, 14 Oct 2010 14:50:18 -0400 Rob Crittenden rcrit...@redhat.com wrote: Remove the directory server ldapi socket on uninstall. ticket 350 ACK Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel

[Freeipa-devel] [PATCH] #319 better cope with ntp config files

2010-10-14 Thread Simo Sorce
Instead of replacing the files altogether parse them and add only the options we care about. For ntp.conf those are the server related options. For sysconfig/ntpd we care of adding just -x and -g if missing Simo. -- Simo Sorce * Red Hat, Inc * New York From

Re: [Freeipa-devel] [PATCH] #319 better cope with ntp config files

2010-10-15 Thread Simo Sorce
On Fri, 15 Oct 2010 10:05:50 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Instead of replacing the files altogether parse them and add only the options we care about. For ntp.conf those are the server related options. For sysconfig/ntpd we care of adding just -x

Re: [Freeipa-devel] [PATCH] #319 better cope with ntp config files

2010-10-15 Thread Simo Sorce
On Fri, 15 Oct 2010 10:27:59 -0400 Simo Sorce sso...@redhat.com wrote: Right, thanks for catching this, my python got a bit rusty in the last few months :) Ok, changed the patch according to your guidelines, and retested. Also caught a bug that didn't show up with the previous way I did

Re: [Freeipa-devel] Some thoughts about login services

2010-10-15 Thread Simo Sorce
On Fri, 15 Oct 2010 14:12:22 -0400 Dmitri Pal d...@redhat.com wrote: Simo Sorce wrote: I'd go for the last one, may be ugly, but does not undo anything that already works and has the effect of simplifying the UI which is what you are after right now. Of course that also means the UI

Re: [Freeipa-devel] [PATCH] 581 remove enrolledBy when unenrolled

2010-10-15 Thread Simo Sorce
On Fri, 15 Oct 2010 17:27:07 -0400 Rob Crittenden rcrit...@redhat.com wrote: Remove the enrolledBy when a host is unenrolled (which is the same as disabling the host). ticket 301 rob nack, if host can write enrolledBy it can fake info Simo. -- Simo Sorce * Red Hat, Inc * New York

Re: [Freeipa-devel] [PATCH] admiyo-freeipa-0056-removing-dead-files

2010-10-15 Thread Simo Sorce
stuff builds from scratch before pushing patches. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Fix build

2010-10-15 Thread Simo Sorce
patch to fix the build Simo. -- Simo Sorce * Red Hat, Inc * New York From 0ce2ed330eb1a07285c283d8b4f255a68779f8bd Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Fri, 15 Oct 2010 18:21:27 -0400 Subject: [PATCH] Fix build after file was removed but not eliminated from

[Freeipa-devel] [PATCH] beef up .gitignore

2010-10-18 Thread Simo Sorce
We are not ignoring enough stuff, every time you run make you get a ton of files in git status These changes returned to me a very clean git status at last :-) Simo. -- Simo Sorce * Red Hat, Inc * New York From b37c2d5883714a4d86dfe6d610b8162f2c267ee3 Mon Sep 17 00:00:00 2001 From: Simo Sorce

Re: [Freeipa-devel] [PATCH] #394 Fix ldappasswd on some OSs

2010-10-18 Thread Simo Sorce
On Mon, 18 Oct 2010 11:56:10 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: Apparnetly my f14 test environment didn't need the host name but in some cases w/o it the passwd change will fail because SSL verification fails. The attached patch should fix the issue

[Freeipa-devel] [PATCH] #360 ipa-uuid plugin

2010-10-18 Thread Simo Sorce
These 2 patches configure and load a new plugin that uses internal DS functions to generate UUIDs. The plugin is similar to DNA but instead of generating sequential numbers it generates UUIDs (type 1). These patches do not yet remove the UUID code in the framework. Simo. -- Simo Sorce * Red

[Freeipa-devel] [PATCH] #403 Handle multiline options in sysconfig.ntpd

2010-10-20 Thread Simo Sorce
In some Fedora versions /etc/sysconfig/ntpd has OPTIONS scattered on multiple line through shell expansion. Handle simple cases like that. Simo. -- Simo Sorce * Red Hat, Inc * New York From 3f140eff0e264bae3d23b1e8a94f52886ba09469 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com

Re: [Freeipa-devel] [PATCH] #403 Handle multiline options in sysconfig.ntpd

2010-10-21 Thread Simo Sorce
On Wed, 20 Oct 2010 22:25:26 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: In some Fedora versions /etc/sysconfig/ntpd has OPTIONS scattered on multiple line through shell expansion. Handle simple cases like that. Simo. I think this will work, it's just one

Re: [Freeipa-devel] [PATCH] #360 ipa-uuid plugin

2010-10-22 Thread Simo Sorce
On Tue, 19 Oct 2010 17:13:03 -0400 Simo Sorce sso...@redhat.com wrote: On Mon, 18 Oct 2010 17:15:29 -0400 Simo Sorce sso...@redhat.com wrote: These 2 patches configure and load a new plugin that uses internal DS functions to generate UUIDs. The plugin is similar to DNA but instead

Re: [Freeipa-devel] [PATCH] #403 Handle multiline options in sysconfig.ntpd

2010-10-22 Thread Simo Sorce
On Thu, 21 Oct 2010 17:07:01 -0400 Simo Sorce sso...@redhat.com wrote: On Wed, 20 Oct 2010 22:25:26 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: In some Fedora versions /etc/sysconfig/ntpd has OPTIONS scattered on multiple line through shell expansion

Re: [Freeipa-devel] [PATCH] #403 Handle multiline options in sysconfig.ntpd

2010-10-22 Thread Simo Sorce
On Fri, 22 Oct 2010 16:43:47 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: On Thu, 21 Oct 2010 17:07:01 -0400 Simo Sorcesso...@redhat.com wrote: On Wed, 20 Oct 2010 22:25:26 -0400 Rob Crittendenrcrit...@redhat.com wrote: Simo Sorce wrote: In some Fedora

  1   2   3   4   5   6   7   8   9   10   >