Re: [Freeipa-devel] [PATCH] cleanup of pam_sss

2009-07-22 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/22/2009 08:59 AM, Sumit Bose wrote: On Wed, Jul 22, 2009 at 07:46:53AM -0400, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/22/2009 06:52 AM, Sumit Bose wrote: Hi, this patch should make pam_sss.c

Re: [Freeipa-devel] [PATCH][SSSD] Minor cleanups in monitor.c

2009-07-22 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/22/2009 01:09 PM, Simo Sorce wrote: On Wed, 2009-07-22 at 12:40 -0400, Stephen Gallagher wrote: * Forgot to check for successful allocation * Used the wrong mem_ctx when allocating a timer event. ack Simo

Re: [Freeipa-devel] [PATCH] initial commit of log watcher (lwatch)

2009-07-22 Thread Stephen Gallagher
will review other components over the next day or two, but I figured I'd send back these comments first. - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG

Re: [Freeipa-devel] [PATCH] Use correct return codes

2009-07-30 Thread Stephen Gallagher
- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -BEGIN PGP

Re: [Freeipa-devel] [PATCH] Improve error messages

2009-07-31 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/28/2009 10:21 AM, Stephen Gallagher wrote: On 07/28/2009 08:58 AM, Jakub Hrozek wrote: Jenny found several cases where our error messages were not very descriptive. This patch adds a ERROR() call for those cases. The error message

Re: [Freeipa-devel] [PATCH] Notify user when deleting nonexistent user or group

2009-07-31 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/31/2009 11:55 AM, Stephen Gallagher wrote: On 07/31/2009 06:02 AM, Jakub Hrozek wrote: On 07/30/2009 08:45 PM, Stephen Gallagher wrote: I'm going to nack the user notification patch. I think we need to think some more about this. The sysdb

Re: [Freeipa-devel] [PATCH] Correct check for local domain in tools

2009-07-31 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/31/2009 12:01 PM, Stephen Gallagher wrote: On 07/30/2009 12:50 PM, Jakub Hrozek wrote: As Stephen noted in a recent post[1], the check for a local non-legacy domain should be done with checking if provider == local, not by comparing

Re: [Freeipa-devel] [PATCHES] one for INI another for ELAPI

2009-07-31 Thread Stephen Gallagher
-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http

Re: [Freeipa-devel] [PATCHES] Allow the tools to operate on fully qualified names

2009-08-04 Thread Stephen Gallagher
. - ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -BEGIN PGP SIGNATURE

Re: [Freeipa-devel] contribution policy update, what's next

2009-08-05 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/04/2009 05:58 PM, Karsten Wade wrote: Yesterday I lurked on a call with Stephen Gallagher and Richard Fontana, legal expert on FLOSS licensing. Due to audio problems, I wasn't able to fully participate, but I did hear an implicit agreement

Re: [Freeipa-devel] [PATCHES] Allow the tools to operate on fully qualified names

2009-08-05 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/2009 04:51 AM, Jakub Hrozek wrote: On 08/04/2009 09:17 PM, Stephen Gallagher wrote: Patch 1: Ack. Patch 2: Nack. In sss_groupadd.c, sss_groupdel.c and sss_groupmod.c: if (data-domain data-uid data-domain != dom) { should be data-gid

Re: [Freeipa-devel] [PATCH] Consolidate tevent helpers

2009-08-05 Thread Stephen Gallagher
duplication. Jakub Looks fine to me. Ack. - ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel - -- Stephen

Re: [Freeipa-devel] [PATCH] Fix adding to groups on user creation

2009-08-05 Thread Stephen Gallagher
- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9

Re: [Freeipa-devel] [PATCH] Fix typo in function call in pamsrv_cmd.c

2009-08-05 Thread Stephen Gallagher
- -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkp5jj4ACgkQeiVVYja6o6PmdwCdGrQeiB+PAvNDQR7/nhMK03uD

Re: [Freeipa-devel] New List: sssd development moves

2009-08-05 Thread Stephen Gallagher
mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Correction: the list is at sssd-de...@lists.fedorahosted.org (note the plural lists) You can subscribe here: https://fedorahosted.org/mailman/listinfo/sssd-devel - -- Stephen Gallagher RHCE 804006346421761

Re: [Freeipa-devel] [PATCH] add Polish translation

2010-02-12 Thread Stephen Gallagher
what went wrong and resubmit it. I suggest always sending translation patches as forced base-64 encoded attachments. Sometimes the extended character set gets broken by mailman. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software

Re: [Freeipa-devel] git patch email issues

2010-02-15 Thread Stephen Gallagher
recommend the use of base64 encoding. Also, for the record, Thunderbird can be configured to use UTF-8 for incoming and outgoing mail by default. In Thunderbird preferences, go to Display-Formatting-Fonts Encodings. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year

Re: [Freeipa-devel] [PATCH] jderose 046 Add buildrequires script

2010-02-19 Thread Stephen Gallagher
accomplish this (assuming they have the development repo in their yum configuration) I think directing people to use this will prove easier than trying to maintain this script separate from the RPM spec. It would also probably be easy to parse the RPM spec itself to accomplish this. - -- Stephen

Re: [Freeipa-devel] [PATCH] Add contributors file

2010-02-24 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/23/2010 05:30 PM, John Dennis wrote: Add contributors file. This gets installed along side the LICENSE and README files in the doc dir for each rpm package. My name is spelled Stephen, not Steven. - -- Stephen Gallagher RHCE

Re: [Freeipa-devel] [PATCH] 438 client uninstaller work

2010-05-07 Thread Stephen Gallagher
On 05/06/2010 10:15 PM, Rob Crittenden wrote: Check to see if we are installed before doing an uninstall. Uses the same mechanism as is used to see if we are already installed. I also changed this so the --force flag will override on install and uninstall. rob Ack. -- Stephen Gallagher

Re: [Freeipa-devel] [PATCH] 448 fix default hbac rule, add default services

2010-05-20 Thread Stephen Gallagher
On 05/20/2010 01:54 PM, Rob Crittenden wrote: Add the 'all' serviceCategory to the default allow_all HBAC rule and add some standard services: ftp, login, sshd, su, sudo. rob Please add 'su-l' as well -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks

Re: [Freeipa-devel] [PATCH] 453 fix gpg2 usage

2010-05-26 Thread Stephen Gallagher
that this fixes some whitespace issues as well. rob Ack. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ ___ Freeipa-devel mailing list Freeipa-devel

Re: [Freeipa-devel] [PATCH] 454 add su-l hbac service

2010-05-27 Thread Stephen Gallagher
On 05/27/2010 10:59 AM, Rob Crittenden wrote: Add another default hbac service, su-l. rob Ack -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor

Re: [Freeipa-devel] [PATCH] 459 remove Requires on python-krbV

2010-06-01 Thread Stephen Gallagher
Patch looks good to me. Ack. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

[Freeipa-devel] Proposed changes to the HBAC grammar

2010-11-17 Thread Stephen Gallagher
- -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

Re: [Freeipa-devel] Proposed changes to the HBAC grammar

2010-11-18 Thread Stephen Gallagher
sunday I'm not sure that 'First Wednesday of the month' is possible with this grammar, either. Yet, somehow, it has survived many years. 0 8 1-7 * 3 (read, 08:00 on the Wednesday that falls between the 1st and 7th day of the 6th month) - -- Stephen Gallagher RHCE 804006346421761

Re: [Freeipa-devel] [SSSD] Proposed changes to the HBAC grammar

2010-11-18 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/17/2010 04:48 PM, Sumit Bose wrote: On Wed, Nov 17, 2010 at 04:07:24PM -0500, Stephen Gallagher wrote: After extended discussion, Simo, Ben and I discussed replacing this week-of-the-month concept with a septet-of-the-month concept instead

Re: [Freeipa-devel] Proposed changes to the HBAC grammar

2010-11-18 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/18/2010 09:31 AM, Adam Young wrote: On 11/18/2010 07:09 AM, Stephen Gallagher wrote: On 11/17/2010 04:51 PM, Adam Young wrote: On 11/17/2010 04:31 PM, Simo Sorce wrote: On Wed, 17 Nov 2010 16:07:24 -0500 Stephen Gallaghersgall

Re: [Freeipa-devel] Proposed changes to the HBAC grammar

2010-11-19 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/19/2010 07:49 AM, Sumit Bose wrote: On Thu, Nov 18, 2010 at 05:27:13PM -0500, Dmitri Pal wrote: Adam Young wrote: On 11/18/2010 04:02 PM, Stephen Gallagher wrote: On 11/18/2010 09:55 AM, Dmitri Pal wrote: Steve can you summarize where we

Re: [Freeipa-devel] Proposed changes to the HBAC grammar

2010-11-22 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/19/2010 04:09 PM, Endi Sukma Dewata wrote: On 11/19/2010 2:56 PM, Stephen Gallagher wrote: So we loose the possibility of saying: the last friday of the month ? It's not impossible, it can still be done with this schema, though it's

Re: [Freeipa-devel] Proposed changes to the HBAC grammar

2010-11-22 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/19/2010 04:09 PM, Dmitri Pal wrote: Stephen Gallagher wrote: Breaking the thread intentionally to bring back focus. With Adam's recent input, I've modified the grammar to what I hope will be it's final form. The complete grammar

Re: [Freeipa-devel] [SSSD] Proposed changes to the HBAC grammar

2010-11-22 Thread Stephen Gallagher
. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel - -- Stephen Gallagher RHCE 804006346421761

Re: [Freeipa-devel] Other issues with HBAC calendar

2010-11-24 Thread Stephen Gallagher
that the servers themselves are in the same timezone. Given this, I think the only sane thing to do here is to always use UTC (and state clearly that this is what is happening) - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software

Re: [Freeipa-devel] Other issues with HBAC calendar

2010-11-24 Thread Stephen Gallagher
store it in DDHHMM format and display it in the WebUI as hours if we really want to. To someone writing a rule by hand, the DDHHMM representation is going to be far more useful. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software

Re: [Freeipa-devel] Other issues with HBAC calendar

2010-11-24 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/24/2010 11:15 AM, Dmitri Pal wrote: Stephen Gallagher wrote: On 11/23/2010 04:32 PM, Simo Sorce wrote: On Tue, 23 Nov 2010 16:07:47 -0500 Rob Crittenden rcrit...@redhat.com wrote: I don't want to throw a wrench in, but what if you have

Re: [Freeipa-devel] [PATCH] 0024 - Better random ranges

2010-12-07 Thread Stephen Gallagher
it). - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkz

Re: [Freeipa-devel] [PATCH] 0024 - Better random ranges

2010-12-07 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/07/2010 08:13 AM, Simo Sorce wrote: On Tue, 07 Dec 2010 07:40:36 -0500 Stephen Gallagher sgall...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/06/2010 06:51 PM, Simo Sorce wrote: This patch reduced the size

[Freeipa-devel] Plans for bind-dyndb-ldap

2010-12-14 Thread Stephen Gallagher
project that we maintain and include in Fedora. This is the least controversial approach, as it will involve no difficult political maneuvering to include. However, it also requires an additional effort in setting up a new project and getting packages approved in Fedora. - -- Stephen Gallagher RHCE

Re: [Freeipa-devel] Plans for bind-dyndb-ldap

2010-12-14 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/14/2010 01:57 PM, Stephen Gallagher wrote: 1) Petition the Fedora Infrastructure team to turn over ownership of this upstream project. This is likely to meet with resistance without the input of the current owner (who is more or less

[Freeipa-devel] [PATCHES] Three patches for bind-dyndb-ldap

2010-12-16 Thread Stephen Gallagher
Pericic zperi...@inet.hr To: Stephen Gallagher sgall...@redhat.com On 12/14/2010 08:26 PM, Stephen Gallagher wrote: In the past, you have each requested commit privilege to the bind-dyndb-ldap project. This project was mostly abandoned, and I have taken it over in a sustaining capacity. If you

Re: [Freeipa-devel] [PATCH] bynd-dyndb-ldap: Fix keytab checking

2010-12-17 Thread Stephen Gallagher
. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

[Freeipa-devel] [PATCHES] [bind-dyndb-ldap] Two patches for minor Coverity issues

2011-01-04 Thread Stephen Gallagher
() is always called. Patch 0002: Fix potential out-of-bounds write If there are exactly LD_MAX_SPLITS entries resulting from this split, the mandatory trailing NULL entry will be written to one entry past the end of the static arrayof LD_MAX_SPLITS size. - -- Stephen Gallagher RHCE 804006346421761

Re: [Freeipa-devel] [PATCHES] [bind-dyndb-ldap] Two patches for minor Coverity issues

2011-01-05 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/05/2011 05:00 AM, Adam Tkac wrote: On Tue, Jan 04, 2011 at 03:41:12PM -0500, Stephen Gallagher wrote: Patch 0001: Fix missing varargs cleanup The CHECK() macro may cause execution to skip down to the cleanup tag. If this happens, it would

Re: [Freeipa-devel] [PATCH] bind-dyndb-ldap: Don't leave empty nodes in LDAP after DDNS update

2011-01-12 Thread Stephen Gallagher
that by coincidence these typedefs are the same primitive type, but I'd rather they both use isc_boolean_t which is more correct. Otherwise it looks good to me. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com

Re: [Freeipa-devel] [PATCH] bind-dyndb-ldap: Don't leave empty nodes in LDAP after DDNS update

2011-01-12 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/12/2011 01:25 PM, Adam Tkac wrote: On Wed, Jan 12, 2011 at 01:15:36PM -0500, Stephen Gallagher wrote: Nack. Your prototype for ldap_modify_do() includes 'isc_result_t delete_node', but the actual implementation expects 'isc_boolean_t

Re: [Freeipa-devel] Dropping support for Fedora 13

2011-01-14 Thread Stephen Gallagher
for a while yet. We do have users playing with it there. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment

Re: [Freeipa-devel] [PATCH] 21 Escape LDAP characters in member and memberof searches

2011-03-30 Thread Stephen Gallagher
= (memberof=%s) % search_group_dn - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora

Re: [Freeipa-devel] [PATCH] 21 Escape LDAP characters in member and memberof searches

2011-03-30 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/30/2011 04:22 PM, JR Aquino wrote: On Mar 30, 2011, at 1:01 PM, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/30/2011 03:53 PM, JR Aquino wrote: On Mar 30, 2011, at 12:05 PM, JR Aquino wrote: The FreeIPA

Re: [Freeipa-devel] [PATCH] 763 use full name for gecos

2011-04-01 Thread Stephen Gallagher
. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

Re: [Freeipa-devel] [PATCH] 763 use full name for gecos

2011-04-04 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/01/2011 06:14 PM, Rich Megginson wrote: On 04/01/2011 02:17 PM, Rob Crittenden wrote: Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/01/2011 03:55 PM, Rob Crittenden wrote: Use fullname for gecos instead

Re: [Freeipa-devel] [PATCH] 763 use full name for gecos

2011-04-04 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/04/2011 09:58 AM, Stephen Gallagher wrote: On 04/01/2011 06:14 PM, Rich Megginson wrote: On 04/01/2011 02:17 PM, Rob Crittenden wrote: Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/01/2011 03:55 PM, Rob

Re: [Freeipa-devel] [Freeipa-users] 6.1 beta

2011-04-04 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/04/2011 04:43 PM, Sigbjorn Lie wrote: On 04/04/2011 10:28 PM, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/04/2011 04:20 PM, Sigbjorn Lie wrote: On 04/04/2011 10:12 PM, Stephen Gallagher wrote: -BEGIN

Re: [Freeipa-devel] [PATCH] 062 Update spec with missing BuildRequires for pylint check

2011-05-05 Thread Stephen Gallagher
On Thu, 2011-05-05 at 15:09 +0200, Martin Kosek wrote: https://fedorahosted.org/freeipa/ticket/1203 Ack signature.asc Description: This is a digitally signed message part ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] Summary of Session discussion

2011-05-26 Thread Stephen Gallagher
On Thu, 2011-05-26 at 14:43 -0400, Simo Sorce wrote: On Thu, 2011-05-26 at 14:19 -0400, Dmitri Pal wrote: Cookie can be stored on the home directory of the user and user home directory can be NFS mounted so if we save anything important in the cookie the NFS root would be able to

Re: [Freeipa-devel] [PATCH] 806 configure sssd to talk to local master

2011-06-20 Thread Stephen Gallagher
On Mon, 2011-06-20 at 15:42 -0400, Rob Crittenden wrote: On masters configure sssd to only talk to the local master rather than having _srv_ as well. If we use _srv_ and a remote master is down the local master will have problems as well. ticket https://fedorahosted.org/freeipa/ticket/1187

[Freeipa-devel] Proposal: drop DENY rules from HBAC

2011-06-29 Thread Stephen Gallagher
We discussed today on the FreeIPA status meeting the possibility of dropping support for DENY rules from the HBAC specification. I'm submitting it for discussion. Specifically, I'm looking to hear whether there any any FreeIPA admins out there that have a strong opinion on whether the DENY rules

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

2011-09-07 Thread Stephen Gallagher
On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote: Hi! When modifying SSSD configuration, attempt to add new domain rather than replacing whole configuration file. Only replace file in case it is impossible to parse it by current SSSD version.

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

2011-09-13 Thread Stephen Gallagher
On Tue, 2011-09-13 at 15:08 +0200, Martin Kosek wrote: On Tue, 2011-09-13 at 15:11 +0300, Alexander Bokovoy wrote: On Thu, 08 Sep 2011, Alexander Bokovoy wrote: On Wed, 07 Sep 2011, Stephen Gallagher wrote: On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote: Hi

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

2011-09-13 Thread Stephen Gallagher
On Tue, 2011-09-13 at 16:22 +0300, Alexander Bokovoy wrote: On Tue, 13 Sep 2011, Martin Kosek wrote: So this patch is unblocked. To solve delayed data initialization from SSSD in NSS responder we might simply increase number of tries to 10 in case SSSD is in use. That sounds good. I

Re: [Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

2011-09-13 Thread Stephen Gallagher
On Tue, 2011-09-13 at 16:33 +0300, Alexander Bokovoy wrote: On Tue, 13 Sep 2011, Stephen Gallagher wrote: File /usr/lib/python2.7/site-packages/SSSDConfig.py, line 1207, in import_config fd = open(configfile, 'r') IOError: [Errno 2] No such file or directory: '/etc/sssd

Re: [Freeipa-devel] FreeIPA and per-machine views

2011-09-23 Thread Stephen Gallagher
On Thu, 2011-09-22 at 21:55 -0400, Dmitri Pal wrote: On 09/21/2011 10:07 PM, Stephen Gallagher wrote: I've ben working on the multiple search base feature in SSSD and I've had some thoughts that might be relevant to the FreeIPA v3 core effort. The idea behind multiple search bases

Re: [Freeipa-devel] [PATCH] 130 ipa-client assumes a single namingcontext

2011-10-04 Thread Stephen Gallagher
On Fri, 2011-09-30 at 16:15 -0400, Simo Sorce wrote: On Fri, 2011-09-30 at 16:02 -0400, Stephen Gallagher wrote: On Thu, 2011-09-29 at 15:20 +0200, Martin Kosek wrote: How to test: 1) Add new naming context (suffix) to your LDAP database with installed IPA (see attached LDIF

Re: [Freeipa-devel] LDAPS for the IPA LDAP server?

2011-11-08 Thread Stephen Gallagher
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote: I noticed that the PKI Directory server has a secure port set but the IPA DS instance does not: PKI nsslapd-secureport: 7390 Why doesn IPA set up ldapson port 636? I think you're confused. FreeIPA does indeed set up to listen on

Re: [Freeipa-devel] Samba package name change samba-4.0 - samba4

2011-11-30 Thread Stephen Gallagher
On Wed, 2011-11-30 at 14:40 +0100, Sumit Bose wrote: Hi, we recently changed the name of the samba packages in the ipa-devel respository. The packages are now called samba4-* and libsmbclient4-* instead of samba-4.0-* and libsmbclient-4.0-* . The name was changed because the samba

Re: [Freeipa-devel] Session design document

2011-12-05 Thread Stephen Gallagher
On Sat, 2011-12-03 at 14:06 -0500, Dmitri Pal wrote: On 12/01/2011 08:48 PM, Simo Sorce wrote: On Thu, 2011-12-01 at 19:31 -0500, John Dennis wrote: On 12/01/2011 06:54 PM, Dmitri Pal wrote: Seems reasonable. I agree with pros and cons and suggestions but I am not the person to make the

Re: [Freeipa-devel] Session design document

2011-12-05 Thread Stephen Gallagher
On Mon, 2011-12-05 at 09:42 -0500, Dmitri Pal wrote: On 12/05/2011 09:33 AM, Stephen Gallagher wrote: On Sat, 2011-12-03 at 14:06 -0500, Dmitri Pal wrote: On 12/01/2011 08:48 PM, Simo Sorce wrote: On Thu, 2011-12-01 at 19:31 -0500, John Dennis wrote: On 12/01/2011 06:54 PM, Dmitri

Re: [Freeipa-devel] session authentication URI issues

2011-12-22 Thread Stephen Gallagher
On Wed, 2011-12-21 at 14:07 -0500, John Dennis wrote: For your holiday reading pleasure :-) Happy holidays to all. Ok, I want to try to restate the problem so that I'm sure I understand it. The way the session management is going to work is that the Apache server/FreeIPA application is going

[Freeipa-devel] New SSSD FAQ page in the works

2012-01-10 Thread Stephen Gallagher
It's come up more than once that SSSD needs a Frequently Asked Questions page to field some of our more common questions. I'm reaching out to the SSSD and FreeIPA user and developer communities to help us flesh out this page. I've begun it with the two most common questions I've received lately,

[Freeipa-devel] Announcing SSSD 1.8.0 beta 1

2012-02-06 Thread Stephen Gallagher
manipulation helper * nsssrv: use sized_string in fill_pwent * nsssrv: use sized_string in fill_grent * util: add murmurhash3 hash function * Add a random + identity test for murmurhash3 * util: Fix murmurhash3 on machines with old glibc Stephen Gallagher (46): * Bump version to 1.8.0 * Add

Re: [Freeipa-devel] samba4 woes

2012-04-20 Thread Stephen Gallagher
On Fri, 2012-04-20 at 22:27 +0300, Alexander Bokovoy wrote: :) It failed to build due to koji issues, not the build issues. We had also incompatible libldb in F16/F15 that prevented us going to alpha18 instead of alpha16 in those distributions. I hope Andreas (CC:) will be able to look

[Freeipa-devel] Announcing SSSD 1.9.0 beta 2

2012-06-15 Thread Stephen Gallagher
and full_name_format per domain options Stephen Gallagher (27): * Bumping version ton 1.8.92 for beta 2 development * RPM: Allow running 'make rpms' on RHEL 5 machines * NSS: Expire in-memory netgroup cache before the nowait timeout * Always use positional arguments in translatable strings * KRB5

Re: [Freeipa-devel] [SSSD] Announcing SSSD 1.9.0 beta 2

2012-06-18 Thread Stephen Gallagher
upstream) so anyone who wants to build beta 2 to try out the DIR cache support must apply this patch for it to work. We decided not to reroll the beta for this one patch, since beta 3 is being released on Friday anyway. On Fri, 2012-06-15 at 15:22 -0400, Stephen Gallagher wrote: The SSSD team

[Freeipa-devel] Announcing SSSD 1.9.0 beta 3

2012-06-25 Thread Stephen Gallagher
log levels Stephen Gallagher (6): * Bumping version to 1.9.0 beta 3 * Fix typo breaking DIR cache detection * Make the client idle timeout configurable * UTILS: Fix segfault due to sss_parse_name_for_domains * BUILD: Change default unicode library to glib2 * Update translations for 1.9.0 beta

[Freeipa-devel] [PATCH] IPA-CLIENT: NSS test needs to check against the domain name

2013-09-05 Thread Stephen Gallagher
Sep 17 00:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Thu, 5 Sep 2013 13:21:53 -0400 Subject: [PATCH] IPA-CLIENT: NSS test needs to check against the domain name In situations where the FreeIPA server is configured with different domain and realm values, we will fail to test

[Freeipa-devel] [PATCH] Change BuildRequires for Java

2014-08-20 Thread Stephen Gallagher
analysis scans on Rawhide. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlP0jZoACgkQeiVVYja6o6OyNgCeL/x+CKnGMhuw8tGM/X3xi5Po L+8AoKI14SRizGxPmBpjhuZkxk8uZlLU =l8zE -END PGP SIGNATURE- From 19bdee103f9db004a3869cffd7ad516bc5661784 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher

Re: [Freeipa-devel] [PATCH] Change BuildRequires for Java

2014-08-20 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/20/2014 07:59 AM, Stephen Gallagher wrote: Requiring a specific version of Java leads to breakages, like the one happening on nightly builds in Fedora Rawhide right now. We should use the more generic 'java' BuildRequires instead

Re: [Freeipa-devel] Announcing FreeIPA 4.0.3

2014-09-15 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2014 12:16 PM, Nathaniel McCallum wrote: On Mon, 2014-09-15 at 17:26 +0200, Petr Viktorin wrote: On 09/15/2014 04:45 PM, Nathaniel McCallum wrote: FYI, for any Fedora testers out there, we have updated to 4.0.3 in Fedora 21 in part

Re: [Freeipa-devel] [PATCH] Fix license exception

2015-02-20 Thread Stephen Gallagher
On Fri, 2015-02-20 at 09:34 -0500, Simo Sorce wrote: During internal conversations it occurred to me we link to OpenSSL but never provided the proper exception for downstreams. Attached patch fixes the problem. Simo. +this exception statement from your version.i If you delete the

Re: [Freeipa-devel] terminology: "main/primary/? DNS domain" for FreeIPA

2015-10-08 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/08/2015 09:34 AM, Petr Spacek wrote: > Hello list, > > I'm in process of reviewing and fixing some of our docs and it > seems that we do not have established term for The Domain user > specified during ipa-server-install. > > Term "DNS domain"

Re: [Freeipa-devel] ipa-devel repos on jdennis.fedorapeople.org

2015-08-31 Thread Stephen Gallagher
On Thu, 2015-08-27 at 08:20 -0400, John Dennis wrote: > On 08/27/2015 04:27 AM, Petr Spacek wrote: > > On 15.7.2015 09:44, Jan Pazdziora wrote: > > > On Tue, Jul 14, 2015 at 12:49:23PM -0400, John Dennis wrote: > > > > On 07/14/2015 12:03 PM, Petr Spacek wrote: > > > > > Hello, > > > > > > > > >