[Freeipa-devel] [Patch] 0001 Add check for existence of ipa-join in the tree in test_host_plugin.py

2012-07-27 Thread Tomas Babej
Hi, this patch simply checks if ipa-join exists in ipa-client folder, if not, skips tests relying on it. Uses nose.plugin.skip. https://fedorahosted.org/freeipa/ticket/2905 Tomas BabejFrom 2f7cb184619fddd40c7d141b42d35892b6cd5aff Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com

Re: [Freeipa-devel] [Patch] 0001 Adds check for ipa-join.

2012-08-03 Thread Tomas Babej
All suggestions implemented. Tomas - Original Message - From: Martin Kosek mko...@redhat.com To: Tomas Babej tba...@redhat.com Cc: freeipa-devel@redhat.com Sent: Friday, August 3, 2012 11:24:03 AM Subject: Re: [Freeipa-devel] [Patch] 0001 Add check for existence of ipa-join in the tree

[Freeipa-devel] [PATCH] Permissions of replica files changed to 0600.

2012-08-06 Thread Tomas Babej
Hi, file system permissions on replica files in /var/lib/ipa were changed to 0600. https://fedorahosted.org/freeipa/ticket/2847 TomasFrom 21c23582bac3c3ca54b413f95cac948daad90084 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Mon, 6 Aug 2012 08:57:14 -0400 Subject: [PATCH

[Freeipa-devel] [PATCH] Handle SSSD restart crash more gently.

2012-08-07 Thread Tomas Babej
Hi, In ipa-client-install, failure of restart of sssd service no longer causes the crash of the install process. Adds a warning message to the root logger instead. https://fedorahosted.org/freeipa/ticket/2827 Tomas ___ Freeipa-devel mailing list

[Freeipa-devel] [PATCH] 0004 Corrects help description of selinuxusermap.

2012-08-10 Thread Tomas Babej
Hi, I checked the rest of the description as well, seems alright. https://fedorahosted.org/freeipa/ticket/2959 Tomas ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0004 Corrects help description of selinuxusermap.

2012-08-10 Thread Tomas Babej
I forgot the patch once again. - Original Message - From: Tomas Babej tba...@redhat.com To: freeipa-devel@redhat.com Sent: Friday, August 10, 2012 12:44:41 PM Subject: [Freeipa-devel] [PATCH] 0004 Corrects help description of selinuxusermap. Hi, I checked the rest

[Freeipa-devel] [PATCH] 0005 Improves exception handling in ipa-replica-prepare.

2012-08-10 Thread Tomas Babej
00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Fri, 10 Aug 2012 08:59:58 -0400 Subject: [PATCH] Improves exception handling in ipa-replica-prepare. A backtrace is no longer displayed when trying to prepare a replica file with the local LDAP server down. Also adds --debug option

Re: [Freeipa-devel] [PATCH] 0004-2 Corrects help description of selinuxusermap.

2012-08-10 Thread Tomas Babej
Suggestion incorporated. Tomas - Original Message - From: Martin Kosek mko...@redhat.com To: Tomas Babej tba...@redhat.com Cc: freeipa-devel@redhat.com Sent: Friday, August 10, 2012 3:43:06 PM Subject: Re: [Freeipa-devel] [PATCH] 0004 Corrects help description of selinuxusermap. On 08

Re: [Freeipa-devel] [PATCH] 0003-2 Handle SSSD restart crash more gently.

2012-08-14 Thread Tomas Babej
Issue resolved. Tomas - Original Message - From: Martin Kosek mko...@redhat.com To: Tomas Babej tba...@redhat.com Cc: freeipa-devel@redhat.com Sent: Tuesday, August 14, 2012 9:26:03 AM Subject: Re: [Freeipa-devel] [PATCH] 0003 Handle SSSD restart crash more gently. On 08/07/2012 06:14

Re: [Freeipa-devel] [PATCH] 0004-3 Corrects help description of selinuxusermap.

2012-08-14 Thread Tomas Babej
- Original Message - From: Martin Kosek mko...@redhat.com To: Tomas Babej tba...@redhat.com Cc: freeipa-devel@redhat.com Sent: Tuesday, August 14, 2012 8:41:44 AM Subject: Re: [Freeipa-devel] [PATCH] 0004-2 Corrects help description of selinuxusermap. Looking at the changes, I think

Re: [Freeipa-devel] [PATCH] 0005-3 Improves exception handling in ipa-replica-prepare.

2012-08-14 Thread Tomas Babej
- Original Message - From: Martin Kosek mko...@redhat.com To: Tomas Babej tba...@redhat.com Cc: freeipa-devel@redhat.com Sent: Tuesday, August 14, 2012 8:55:19 AM Subject: Re: [Freeipa-devel] [PATCH] 0005-2 Improves exception handling in ipa-replica-prepare. On 08/10/2012 04:32 PM, Tomas

[Freeipa-devel] [PATCH] 0006 Removes sssd.conf after uninstall.

2012-08-17 Thread Tomas Babej
Hi, The sssd.conf file is no longer left behind in case sssd was not configured before the installation. https://fedorahosted.org/freeipa/ticket/2740 TomasFrom ae338576d912f494707653e311517070baedb986 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Fri, 17 Aug 2012 08:56:45

[Freeipa-devel] [PATCH] 0007 Adds dependency on samba4-windbind.

2012-08-20 Thread Tomas Babej
Hi, Dependency on samba4-winbind has been added to the package freeipa-server-trust-ad. TomasFrom 63123b9a753df05cec06e369c80a58e01601423a Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Mon, 20 Aug 2012 03:57:55 -0400 Subject: [PATCH] Adds dependency on samba4-windbind

Re: [Freeipa-devel] [PATCH] 0007 Adds dependency on samba4-windbind.

2012-08-20 Thread Tomas Babej
Fixed typo in the commit message. Tomas - Original Message - From: Tomas Babej tba...@redhat.com To: freeipa-devel@redhat.com Sent: Monday, August 20, 2012 10:08:41 AM Subject: [Freeipa-devel] [PATCH] 0007 Adds dependency on samba4-windbind. Hi, Dependency on samba4-winbind has been

Re: [Freeipa-devel] [PATCH] 0007 Adds dependency on samba4-windbind.

2012-08-21 Thread Tomas Babej
On 08/20/2012 02:05 PM, Alexander Bokovoy wrote: On Mon, 20 Aug 2012, Petr Vobornik wrote: On 08/20/2012 10:16 AM, Tomas Babej wrote: Fixed typo in the commit message. Tomas - Original Message - From: Tomas Babej tba...@redhat.com To: freeipa-devel@redhat.com Sent: Monday, August 20

[Freeipa-devel] [PATCH] 0008 Fixes different behaviour of permission-mod and show.

2012-08-22 Thread Tomas Babej
Hi, Both commands now produce the same output regarding the attributelevelrights. https://fedorahosted.org/freeipa/ticket/2875 Tomas From 67c3a3337fe6ce40510f60ecacfc7b8dc8a6cc9d Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Wed, 22 Aug 2012 10:39:01 -0400 Subject: [PATCH

Re: [Freeipa-devel] [PATCH] 0008 Fixes different behaviour of permission-mod and show.

2012-08-22 Thread Tomas Babej
On 08/22/2012 05:15 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, Both commands now produce the same output regarding the attributelevelrights. https://fedorahosted.org/freeipa/ticket/2875 I think some unit tests would be helpful so we don't regress and we know which other commands

Re: [Freeipa-devel] [PATCH] 0008 Fixes different behaviour of permission-mod and show.

2012-08-27 Thread Tomas Babej
On 08/23/2012 02:46 PM, Rob Crittenden wrote: Tomas Babej wrote: On 08/22/2012 05:15 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, Both commands now produce the same output regarding the attributelevelrights. https://fedorahosted.org/freeipa/ticket/2875 I think some unit tests would

[Freeipa-devel] [PATCH 0009] Improves deletion of PTR records in ipa host-del.

2012-08-28 Thread Tomas Babej
Hi, Command ipa host-del with --updatedns now can deal both with hosts which zones are in FQDN form with or without a trailing dot. https://fedorahosted.org/freeipa/ticket/2809 Tomas ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH 0009] Improves deletion of PTR records in ipa host-del.

2012-08-28 Thread Tomas Babej
On 08/28/2012 02:11 PM, Tomas Babej wrote: Hi, Command ipa host-del with --updatedns now can deal both with hosts which zones are in FQDN form with or without a trailing dot. https://fedorahosted.org/freeipa/ticket/2809 Tomas ___ Freeipa-devel

[Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall

2012-08-29 Thread Tomas Babej
fac8d676d2e727977a8a52bdd2990eb2839b54c4 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Fri, 17 Aug 2012 08:56:45 -0400 Subject: [PATCH] Improves sssd.conf handling during ipa-client uninstall The sssd.conf file is no longer left behind in case sssd was not configured before the installation. However, the patch

[Freeipa-devel] [PATCH 0010] Sort policies numerically in pwpolicy-find

2012-08-31 Thread Tomas Babej
Hi, this is a fairly simple one-liner. https://fedorahosted.org/freeipa/ticket/3039 Tomas From fd68588f8fbd28c942042fe8fb55bc3bef90e345 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Fri, 31 Aug 2012 05:29:32 -0400 Subject: [PATCH] Sort policies numerically in pwpolicy-find

Re: [Freeipa-devel] [PATCH 0010] Sort policies numerically in pwpolicy-find

2012-08-31 Thread Tomas Babej
On 08/31/2012 07:08 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, this is a fairly simple one-liner. https://fedorahosted.org/freeipa/ticket/3039 Tomas Looks good. Can you add a unit test so we don't have a regression on this? thanks rob I tweaked one of the existing unit tests

[Freeipa-devel] [PATCH 0011] Make sure selinuxusemap behaves consistently to HBAC rule

2012-09-03 Thread Tomas Babej
From 8cfde7e9fde521608557b6767ad91dee1901b45f Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Mon, 3 Sep 2012 10:49:53 -0400 Subject: [PATCH] Make sure selinuxusemap behaves consistently to HBAC rule Both selinuxusermap-add and selinuxusermap-mod commands now behave consistently

[Freeipa-devel] [PATCH 0012] Change slapi_mods_init in ipa_winsync_pre_ad_mod_user_mods_cb

2012-09-04 Thread Tomas Babej
Hi, https://fedorahosted.org/freeipa/ticket/2953 Tomas. From 37765df5653f1c2ef8d4c6382b28269d48ab112a Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 4 Sep 2012 09:20:10 -0400 Subject: [PATCH] Change slapi_mods_init in ipa_winsync_pre_ad_mod_user_mods_cb https

[Freeipa-devel] [PATCH 0013] Remove user-unfriendly u character from error messages

2012-09-05 Thread Tomas Babej
Hi, User-unfriendly errors were caused by re-raising errors from external python module netaddr. https://fedorahosted.org/freeipa/ticket/2588 Tomas From 34f3da391a8e070b29640b0ecdfed6db81b86ce2 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Wed, 5 Sep 2012 09:03:18 -0400

Re: [Freeipa-devel] [PATCH 0013] Remove user-unfriendly u character from error messages

2012-09-05 Thread Tomas Babej
On 09/05/2012 03:42 PM, Petr Viktorin wrote: On 09/05/2012 03:19 PM, Tomas Babej wrote: Hi, User-unfriendly errors were caused by re-raising errors from external python module netaddr. https://fedorahosted.org/freeipa/ticket/2588 Tomas

Re: [Freeipa-devel] [PATCH 0011] Make sure selinuxusemap behaves consistently to HBAC rule

2012-09-06 Thread Tomas Babej
On 09/05/2012 01:56 PM, Martin Kosek wrote: On 09/03/2012 05:12 PM, Tomas Babej wrote: Hi, Both selinuxusermap-add and selinuxusermap-mod commands now behave consistently in not allowing user/host category or user/host members and HBAC rule being set at the same time. Also adds a bunch of unit

Re: [Freeipa-devel] [PATCH 0011] Make sure selinuxusemap behaves consistently to HBAC rule

2012-09-12 Thread Tomas Babej
On 09/11/2012 01:14 PM, Martin Kosek wrote: On 09/06/2012 01:13 PM, Tomas Babej wrote: On 09/05/2012 01:56 PM, Martin Kosek wrote: On 09/03/2012 05:12 PM, Tomas Babej wrote: Hi, Both selinuxusermap-add and selinuxusermap-mod commands now behave consistently in not allowing user/host category

Re: [Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall

2012-09-18 Thread Tomas Babej
On 09/12/2012 05:29 PM, Martin Kosek wrote: On 08/29/2012 02:54 PM, Tomas Babej wrote: On 08/27/2012 04:55 PM, Martin Kosek wrote: On 08/27/2012 03:37 PM, Jakub Hrozek wrote: On Mon, Aug 27, 2012 at 02:57:44PM +0200, Martin Kosek wrote: I think that the right behavior of SSSD conf uninstall

Re: [Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall

2012-09-20 Thread Tomas Babej
On 09/20/2012 02:42 PM, Martin Kosek wrote: On 09/18/2012 11:21 AM, Tomas Babej wrote: On 09/12/2012 05:29 PM, Martin Kosek wrote: On 08/29/2012 02:54 PM, Tomas Babej wrote: On 08/27/2012 04:55 PM, Martin Kosek wrote: On 08/27/2012 03:37 PM, Jakub Hrozek wrote: On Mon, Aug 27, 2012 at 02:57

[Freeipa-devel] [PATCH 0014] Improve user addition to default group in host-add

2012-09-25 Thread Tomas Babej
in such cases. https://fedorahosted.org/freeipa/ticket/3097 Tomas From 931d947b27c3e84c09f075c799e04f0ac723ab60 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 25 Sep 2012 06:20:49 -0400 Subject: [PATCH] Improve user addition to default group in host-add On adding new user, host-add

[Freeipa-devel] [PATCH 0015] Restrict admins group modifications

2012-09-25 Thread Tomas Babej
Hi, Group-mod command no longer allows --rename and/or --external changes made to the admins group. In such cases, ProtectedEntryError is being raised. https://fedorahosted.org/freeipa/ticket/3098 Tomas From 667031a12f7c2bc0b95573afc0a7cf572d64cb43 Mon Sep 17 00:00:00 2001 From: Tomas Babej

Re: [Freeipa-devel] [PATCH 0015] Restrict admins group modifications

2012-09-25 Thread Tomas Babej
On 09/25/2012 02:31 PM, Martin Kosek wrote: On 09/25/2012 02:22 PM, Tomas Babej wrote: Hi, Group-mod command no longer allows --rename and/or --external changes made to the admins group. In such cases, ProtectedEntryError is being raised. https://fedorahosted.org/freeipa/ticket/3098 Tomas

[Freeipa-devel] [PATCH 0016] Adds port to connection error message in ipa-client-install

2012-09-26 Thread Tomas Babej
From: Tomas Babej tba...@redhat.com Date: Wed, 26 Sep 2012 08:52:50 -0400 Subject: [PATCH] Adds port to connection error message in ipa-client-install Connection error message in ipa-client-install now warns the user about the need of opening 389 port for directory server. https://fedorahosted.org

Re: [Freeipa-devel] [PATCH 0014] Improve user addition to default group in host-add

2012-09-26 Thread Tomas Babej
On 09/25/2012 12:37 PM, Tomas Babej wrote: Hi, On adding new user, host-add tries to make it a member of default user group. This, however, can raise AlreadyGroupMember when the user is already member of this group due to automember rule or default group configured. This patch makes sure

Re: [Freeipa-devel] [PATCH 0014] Improve user addition to default group in host-add

2012-10-01 Thread Tomas Babej
On 09/26/2012 04:12 PM, Martin Kosek wrote: On 09/26/2012 03:23 PM, Tomas Babej wrote: On 09/25/2012 12:37 PM, Tomas Babej wrote: Hi, On adding new user, host-add tries to make it a member of default user group. This, however, can raise AlreadyGroupMember when the user is already member

Re: [Freeipa-devel] [PATCH 0016] Adds port to connection error message in ipa-client-install

2012-10-01 Thread Tomas Babej
On 09/26/2012 09:32 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, Connection error message in ipa-client-install now warns the user about the need of opening 389 port for directory server. https://fedorahosted.org/freeipa/ticket/2816 I think this can be pushed as a one-liner. I think we

Re: [Freeipa-devel] [PATCH 0015] Restrict admins group modifications

2012-10-02 Thread Tomas Babej
On 09/26/2012 05:44 PM, Martin Kosek wrote: On 09/25/2012 02:59 PM, Tomas Babej wrote: On 09/25/2012 02:31 PM, Martin Kosek wrote: On 09/25/2012 02:22 PM, Tomas Babej wrote: Hi, Group-mod command no longer allows --rename and/or --external changes made to the admins group. In such cases

[Freeipa-devel] [PATCH 0017] Improve error message in ipa-replica-manage

2012-10-02 Thread Tomas Babej
From: Tomas Babej tba...@redhat.com Date: Tue, 2 Oct 2012 09:15:33 -0400 Subject: [PATCH] Improve error message in ipa-replica-manage When executing ipa-replica-manage connect to an unknown or irrelevant master, we now print a sensible error message informing the user about this possiblity as well

Re: [Freeipa-devel] [PATCH 0015] Restrict admins group modifications

2012-10-03 Thread Tomas Babej
On 10/03/2012 09:18 AM, Martin Kosek wrote: On 10/02/2012 02:33 PM, Tomas Babej wrote: On 09/26/2012 05:44 PM, Martin Kosek wrote: On 09/25/2012 02:59 PM, Tomas Babej wrote: On 09/25/2012 02:31 PM, Martin Kosek wrote: On 09/25/2012 02:22 PM, Tomas Babej wrote: Hi, Group-mod command

Re: [Freeipa-devel] [PATCH 0016] Adds port to connection error message in ipa-client-install

2012-10-03 Thread Tomas Babej
On 10/02/2012 08:48 PM, Rob Crittenden wrote: Tomas Babej wrote: On 09/26/2012 09:32 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, Connection error message in ipa-client-install now warns the user about the need of opening 389 port for directory server. https://fedorahosted.org/freeipa

Re: [Freeipa-devel] [PATCH 0016] Adds port to connection error message in ipa-client-install

2012-10-03 Thread Tomas Babej
On 10/03/2012 03:31 PM, Tomas Babej wrote: On 10/02/2012 08:48 PM, Rob Crittenden wrote: Tomas Babej wrote: On 09/26/2012 09:32 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, Connection error message in ipa-client-install now warns the user about the need of opening 389 port for directory

Re: [Freeipa-devel] [PATCH 0016] Adds port to connection error message in ipa-client-install

2012-10-04 Thread Tomas Babej
On 10/03/2012 07:27 PM, Rob Crittenden wrote: Tomas Babej wrote: On 10/03/2012 03:31 PM, Tomas Babej wrote: On 10/02/2012 08:48 PM, Rob Crittenden wrote: Tomas Babej wrote: On 09/26/2012 09:32 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, Connection error message in ipa-client-install

Re: [Freeipa-devel] [PATCH 0017] Improve error message in ipa-replica-manage

2012-10-05 Thread Tomas Babej
On 10/02/2012 03:55 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, When executing ipa-replica-manage connect to an unknown or irrelevant master, we now print a sensible error message informing the user about this possiblity as well. https://fedorahosted.org/freeipa/ticket/3105 Tomas I

Re: [Freeipa-devel] [PATCH 0016] Adds port to connection error message in ipa-client-install

2012-10-10 Thread Tomas Babej
On 10/04/2012 11:06 AM, Tomas Babej wrote: On 10/03/2012 07:27 PM, Rob Crittenden wrote: Tomas Babej wrote: On 10/03/2012 03:31 PM, Tomas Babej wrote: On 10/02/2012 08:48 PM, Rob Crittenden wrote: Tomas Babej wrote: On 09/26/2012 09:32 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi

[Freeipa-devel] [PATCH 0018] Make service naming in ipa-server-install consistent

2012-10-11 Thread Tomas Babej
messages. Sample output produced by this patch attached. https://fedorahosted.org/freeipa/ticket/3059 Tomas From 8614544d08b1b2b4e85156bebbe629215fb14915 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 11 Oct 2012 03:32:17 -0400 Subject: [PATCH] Make service naming in ipa

Re: [Freeipa-devel] [PATCH 0018] Make service naming in ipa-server-install consistent

2012-10-11 Thread Tomas Babej
On 10/11/2012 12:32 PM, Martin Kosek wrote: On 10/11/2012 12:26 PM, Tomas Babej wrote: Hi, This patch forces more consistency into ipa-server-install output. All descriptions of services that are not instances of SimpleServiceInstance are now in the following format: Description (Service Name

Re: [Freeipa-devel] [PATCH 0019] Forbid overlapping primary and secondary rid ranges

2012-10-17 Thread Tomas Babej
On 10/17/2012 11:14 AM, Sumit Bose wrote: On Tue, Oct 16, 2012 at 02:26:24PM +0200, Tomas Babej wrote: Hi, commands ipa idrange-add / idrange-mod no longer allows the user to enter primary or secondary rid range such that has non-zero intersection with primary or secondary rid range of another

Re: [Freeipa-devel] [PATCH 0019] Forbid overlapping primary and secondary rid ranges

2012-10-17 Thread Tomas Babej
On 10/17/2012 02:34 PM, Sumit Bose wrote: On Wed, Oct 17, 2012 at 12:59:52PM +0200, Tomas Babej wrote: On 10/17/2012 11:14 AM, Sumit Bose wrote: On Tue, Oct 16, 2012 at 02:26:24PM +0200, Tomas Babej wrote: Hi, commands ipa idrange-add / idrange-mod no longer allows the user to enter primary

[Freeipa-devel] [PATCH 0020] Refactoring of default.conf man page

2012-10-17 Thread Tomas Babej
time. The rest of the patch is just sorting options lexicographically. Tomas From 0ad81fd6cfca017631c705465f940a9b461a52ce Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Wed, 17 Oct 2012 08:27:26 -0400 Subject: [PATCH] Refactoring of default.conf man page Description

Re: [Freeipa-devel] [PATCH 0019] Forbid overlapping primary and secondary rid ranges

2012-10-18 Thread Tomas Babej
On 10/17/2012 08:12 PM, Sumit Bose wrote: On Wed, Oct 17, 2012 at 03:29:11PM +0200, Tomas Babej wrote: On 10/17/2012 02:34 PM, Sumit Bose wrote: On Wed, Oct 17, 2012 at 12:59:52PM +0200, Tomas Babej wrote: On 10/17/2012 11:14 AM, Sumit Bose wrote: On Tue, Oct 16, 2012 at 02:26:24PM +0200

Re: [Freeipa-devel] [PATCH 0018] Make service naming in ipa-server-install consistent

2012-10-19 Thread Tomas Babej
On 10/18/2012 11:27 AM, Martin Kosek wrote: On 10/11/2012 05:11 PM, Tomas Babej wrote: On 10/11/2012 12:32 PM, Martin Kosek wrote: On 10/11/2012 12:26 PM, Tomas Babej wrote: Hi, This patch forces more consistency into ipa-server-install output. All descriptions of services

Re: [Freeipa-devel] [PATCH 0018] Make service naming in ipa-server-install consistent

2012-10-19 Thread Tomas Babej
On 10/19/2012 01:44 PM, Martin Kosek wrote: On 10/19/2012 01:26 PM, Tomas Babej wrote: On 10/18/2012 11:27 AM, Martin Kosek wrote: On 10/11/2012 05:11 PM, Tomas Babej wrote: On 10/11/2012 12:32 PM, Martin Kosek wrote: On 10/11/2012 12:26 PM, Tomas Babej wrote: Hi, This patch forces more

Re: [Freeipa-devel] [PATCH 0020] Refactoring of default.conf man page

2012-10-22 Thread Tomas Babej
On 10/18/2012 05:14 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, Description for the 'server' and 'wait_for_attr' option has been added. Option 'server' has been marked as deprecated, as it is not used anywhere in IPA code. All the options have been sorted lexicographically. Please

Re: [Freeipa-devel] [PATCH 0017] Improve error message in ipa-replica-manage

2012-10-22 Thread Tomas Babej
On 10/19/2012 09:55 AM, Petr Viktorin wrote: On 10/18/2012 08:01 PM, Rob Crittenden wrote: Tomas Babej wrote: On 10/02/2012 03:55 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, When executing ipa-replica-manage connect to an unknown or irrelevant master, we now print a sensible error

Re: [Freeipa-devel] [PATCH 0018] Make service naming in ipa-server-install consistent

2012-10-22 Thread Tomas Babej
On 10/19/2012 03:16 PM, Martin Kosek wrote: On 10/19/2012 02:49 PM, Tomas Babej wrote: On 10/19/2012 01:44 PM, Martin Kosek wrote: On 10/19/2012 01:26 PM, Tomas Babej wrote: On 10/18/2012 11:27 AM, Martin Kosek wrote: On 10/11/2012 05:11 PM, Tomas Babej wrote: On 10/11/2012 12:32 PM, Martin

Re: [Freeipa-devel] [PATCH 0017] Improve error message in ipa-replica-manage

2012-10-25 Thread Tomas Babej
On 10/24/2012 04:40 AM, Rob Crittenden wrote: Tomas Babej wrote: On 10/19/2012 09:55 AM, Petr Viktorin wrote: On 10/18/2012 08:01 PM, Rob Crittenden wrote: Tomas Babej wrote: On 10/02/2012 03:55 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, When executing ipa-replica-manage connect

Re: [Freeipa-devel] [PATCH 0017] Improve error message in ipa-replica-manage

2012-10-25 Thread Tomas Babej
On 10/25/2012 12:40 PM, Tomas Babej wrote: On 10/24/2012 04:40 AM, Rob Crittenden wrote: Tomas Babej wrote: On 10/19/2012 09:55 AM, Petr Viktorin wrote: On 10/18/2012 08:01 PM, Rob Crittenden wrote: Tomas Babej wrote: On 10/02/2012 03:55 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi

[Freeipa-devel] --setattr for attributes that are handled via command options

2012-10-26 Thread Tomas Babej
In many ipa commands you are usually able to mess things up using --setattr for attributes that are handled by command options. using --setattr=attributename=: - I am able to set the attribute to None using --setattr=attributename=value: - I am often able to bypass validation in

[Freeipa-devel] [PATCH 0022] Relax restriction for leading/trailing whitespaces in *-find commands

2012-10-30 Thread Tomas Babej
Hi, All *-find commands now enable leading/trailing whitespaces in the search phrase. Behaviour has been implemented directly into crud.Search class. https://fedorahosted.org/freeipa/ticket/2981 Tomas From 6b7f3d99a9592e2f8e1155e12d743a60453f7e83 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba

Re: [Freeipa-devel] [PATCH 0022] Relax restriction for leading/trailing whitespaces in *-find commands

2012-10-31 Thread Tomas Babej
On 10/31/2012 12:15 PM, Martin Kosek wrote: On 10/31/2012 10:16 AM, Martin Kosek wrote: On 10/30/2012 03:08 PM, Tomas Babej wrote: Hi, All *-find commands now enable leading/trailing whitespaces in the search phrase. Behaviour has been implemented directly into crud.Search class. https

Re: [Freeipa-devel] [PATCH 0023] Add detection for users from trusted/invalid realms

2012-11-15 Thread Tomas Babej
On 11/15/2012 12:41 PM, Petr Vobornik wrote: On 11/15/2012 11:54 AM, Tomas Babej wrote: Hi, This is server part of #3252. When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm ticket), the 401 Unauthorized error with X-Ipa

Re: [Freeipa-devel] [PATCH 0023] Add detection for users from trusted/invalid realms

2012-11-15 Thread Tomas Babej
On 11/15/2012 03:10 PM, Simo Sorce wrote: On Thu, 2012-11-15 at 12:41 +0100, Petr Vobornik wrote: On 11/15/2012 11:54 AM, Tomas Babej wrote: Hi, This is server part of #3252. When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm

Re: [Freeipa-devel] [PATCH 0023] Add detection for users from trusted/invalid realms

2012-11-15 Thread Tomas Babej
On 11/15/2012 04:14 PM, Simo Sorce wrote: On Thu, 2012-11-15 at 15:51 +0100, Tomas Babej wrote: On 11/15/2012 03:10 PM, Simo Sorce wrote: On Thu, 2012-11-15 at 12:41 +0100, Petr Vobornik wrote: On 11/15/2012 11:54 AM, Tomas Babej wrote: Hi, This is server part of #3252. When user from

[Freeipa-devel] [PATCH 0024] Make options checks in idrange-add/mod consistent

2012-12-11 Thread Tomas Babej
and rid_base must be used together if dom_rid is not set cat Unit test for third check has been added. http://fedorahosted.org/freeipa/ticket/3170 Tomas From 980ecec7721b53f50318d602dce146e5efc29815 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Wed, 5 Dec 2012 08:29:55

[Freeipa-devel] [PATCH 0025] Add trusted domain range objectclass to idrange-mod

2012-12-11 Thread Tomas Babej
objectclass ipatrustedaddomainrange being added. This patch fixes the issue. Tomas From 9e72a92e942d0fe357ae82cf65a1a94ab03fa0e5 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Wed, 5 Dec 2012 11:19:57 -0500 Subject: [PATCH] Add trusted domain range objectclass to idrange-mod When

Re: [Freeipa-devel] [PATCH 0021] Forbid overlapping rid ranges for the same id range

2012-12-13 Thread Tomas Babej
On 12/12/2012 04:32 PM, Martin Kosek wrote: On 10/26/2012 03:43 PM, Tomas Babej wrote: Hi, creating an id range with overlapping primary and secondary rid range using idrange-add or idrange-mod command now raises ValidationError. Unit tests have been added to test_range_plugin.py. https

Re: [Freeipa-devel] [PATCH 0021] Forbid overlapping rid ranges for the same id range

2012-12-14 Thread Tomas Babej
On 12/13/2012 02:48 PM, Martin Kosek wrote: On 12/13/2012 11:52 AM, Tomas Babej wrote: On 12/12/2012 04:32 PM, Martin Kosek wrote: On 10/26/2012 03:43 PM, Tomas Babej wrote: Hi, creating an id range with overlapping primary and secondary rid range using idrange-add or idrange-mod command now

Re: [Freeipa-devel] [PATCH 0021] Forbid overlapping rid ranges for the same id range

2012-12-14 Thread Tomas Babej
On 12/14/2012 01:59 PM, Alexander Bokovoy wrote: On Fri, 14 Dec 2012, Tomas Babej wrote: On 12/13/2012 02:48 PM, Martin Kosek wrote: On 12/13/2012 11:52 AM, Tomas Babej wrote: On 12/12/2012 04:32 PM, Martin Kosek wrote: On 10/26/2012 03:43 PM, Tomas Babej wrote: Hi, creating an id range

[Freeipa-devel] [PATCHES 0024-0025] Improvements to idrange.py

2012-12-21 Thread Tomas Babej
Hi, Sending updated and rebased versions of patches 0024 and 0025. Tomas From 6d4903a1c5e255929cdbce2a67d79c6e44b1 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Fri, 21 Dec 2012 05:34:37 -0500 Subject: [PATCH] Make options checks in idrange-add/mod consistent Both

[Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration

2013-01-14 Thread Tomas Babej
if password policy was changed (#3114) or new users not being able to log in at all (#3312). https://fedorahosted.org/freeipa/ticket/3312 https://fedorahosted.org/freeipa/ticket/3114 Tomas From 58e10e269b2cf1b789094d09207844cbc4f56f99 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date

Re: [Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration

2013-01-16 Thread Tomas Babej
, Tomas Babej wrote: Hi, Since in Kerberos V5 are used 32-bit unix timestamps, setting maxlife in pwpolicy to values such as days would cause integer overflow in krbPasswordExpiration attribute. This would result into unpredictable behaviour such as users not being able to log in after password

Re: [Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration

2013-01-16 Thread Tomas Babej
On 01/16/2013 02:47 PM, Simo Sorce wrote: On Wed, 2013-01-16 at 12:52 +0100, Tomas Babej wrote: On 01/15/2013 11:55 PM, Simo Sorce wrote: On Tue, 2013-01-15 at 17:36 -0500, Dmitri Pal wrote: On 01/15/2013 03:59 PM, Simo Sorce wrote: On Tue, 2013-01-15 at 15:53 -0500, Rob Crittenden wrote

Re: [Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration

2013-01-16 Thread Tomas Babej
On 01/16/2013 06:01 PM, Simo Sorce wrote: On Wed, 2013-01-16 at 17:57 +0100, Tomas Babej wrote: On 01/16/2013 02:47 PM, Simo Sorce wrote: On Wed, 2013-01-16 at 12:52 +0100, Tomas Babej wrote: On 01/15/2013 11:55 PM, Simo Sorce wrote: On Tue, 2013-01-15 at 17:36 -0500, Dmitri Pal wrote

Re: [Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration

2013-01-16 Thread Tomas Babej
On 01/16/2013 06:57 PM, Simo Sorce wrote: On Wed, 2013-01-16 at 18:32 +0100, Tomas Babej wrote: They all use ipadb_ldap_attr_to_time_t() to get their values, so the following addition to the patch should be sufficient. It will break dates for other users of the function that do not need

Re: [Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration

2013-01-17 Thread Tomas Babej
On 01/17/2013 01:56 AM, Dmitri Pal wrote: On 01/16/2013 12:32 PM, Tomas Babej wrote: On 01/16/2013 06:01 PM, Simo Sorce wrote: On Wed, 2013-01-16 at 17:57 +0100, Tomas Babej wrote: On 01/16/2013 02:47 PM, Simo Sorce wrote: On Wed, 2013-01-16 at 12:52 +0100, Tomas Babej wrote: On 01/15/2013

Re: [Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration

2013-01-22 Thread Tomas Babej
On 01/17/2013 05:18 PM, Simo Sorce wrote: On Thu, 2013-01-17 at 15:29 +0100, Tomas Babej wrote: On 01/17/2013 01:56 AM, Dmitri Pal wrote: On 01/16/2013 12:32 PM, Tomas Babej wrote: On 01/16/2013 06:01 PM, Simo Sorce wrote: On Wed, 2013-01-16 at 17:57 +0100, Tomas Babej wrote: On 01/16/2013

Re: [Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration

2013-01-23 Thread Tomas Babej
On 01/22/2013 07:39 PM, Dmitri Pal wrote: On 01/22/2013 10:57 AM, Simo Sorce wrote: On Tue, 2013-01-22 at 15:50 +0100, Tomas Babej wrote: Here I bring the updated version of the patch. Please note, that I *added* a flag attribute to ipadb_ldap_attr_to_krb5_timestamp function, that controls

[Freeipa-devel] [PATCH 0027] Add checks for SELinux in install scripts

2013-01-30 Thread Tomas Babej
f038bb7b79d5a048e9c9ae7fd7391edabb6ac3ac Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 24 Jan 2013 15:37:21 -0500 Subject: [PATCH] Add checks for SElinux in install scripts The checks make sure that SELinux is: - installed and enabled (on server install) - installed and enabled

Re: [Freeipa-devel] [PATCH 0027] Add checks for SELinux in install scripts

2013-01-30 Thread Tomas Babej
On 01/30/2013 05:12 PM, Tomas Babej wrote: Hi, The checks make sure that SELinux is: - installed and enabled (on server install) - installed and enabled OR not installed (on client install) Please note that client installs with SELinux not installed are allowed since freeipa-client package

[Freeipa-devel] [PATCH 0028] Prevent backtrace in ipa-replica-prepare

2013-01-31 Thread Tomas Babej
Hi, This was a regression due to change from DatabaseError to NetworkError when LDAP server is down. https://fedorahosted.org/freeipa/ticket/2939 Tomas ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH 0028] Prevent backtrace in ipa-replica-prepare

2013-01-31 Thread Tomas Babej
On 01/31/2013 12:03 PM, Tomas Babej wrote: Hi, This was a regression due to change from DatabaseError to NetworkError when LDAP server is down. https://fedorahosted.org/freeipa/ticket/2939 Tomas ___ Freeipa-devel mailing list Freeipa-devel

[Freeipa-devel] [PATCH 0029] Fix a typo in ipa-adtrust-install help

2013-01-31 Thread Tomas Babej
Hi, this is a fix for a benign typo in ipa-adtrust-install --help description. Tomas From 785cd2df77874c524a36eab24257cdaff14a374b Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 31 Jan 2013 07:58:48 -0500 Subject: [PATCH] Fix a typo in ipa-adtrust-install help Add SIDs

Re: [Freeipa-devel] [PATCH 0027] Add checks for SELinux in install scripts

2013-01-31 Thread Tomas Babej
On 01/30/2013 05:58 PM, Tomas Babej wrote: On 01/30/2013 05:12 PM, Tomas Babej wrote: Hi, The checks make sure that SELinux is: - installed and enabled (on server install) - installed and enabled OR not installed (on client install) Please note that client installs with SELinux

Re: [Freeipa-devel] [PATCH 0028] Prevent backtrace in ipa-replica-prepare

2013-02-03 Thread Tomas Babej
On Fri 01 Feb 2013 08:03:37 PM CET, Rob Crittenden wrote: Martin Kosek wrote: On 01/31/2013 12:05 PM, Tomas Babej wrote: On 01/31/2013 12:03 PM, Tomas Babej wrote: Hi, This was a regression due to change from DatabaseError to NetworkError when LDAP server is down. https://fedorahosted.org

[Freeipa-devel] [PATCH 0030] Add option to specify SID using domain name to idrange-add/mod

2013-02-04 Thread Tomas Babej
manually is shown. https://fedorahosted.org/freeipa/ticket/3133 Tomas From 72f8802953edaaf5b9f7c34a38601fbccd681c8e Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Mon, 4 Feb 2013 08:33:53 -0500 Subject: [PATCH] Add option to specify SID using domain name to idrange-add/mod When

Re: [Freeipa-devel] [PATCH 0027] Add checks for SELinux in install scripts

2013-02-04 Thread Tomas Babej
On 02/04/2013 04:21 PM, Rob Crittenden wrote: Tomas Babej wrote: On 01/30/2013 05:12 PM, Tomas Babej wrote: Hi, The checks make sure that SELinux is: - installed and enabled (on server install) - installed and enabled OR not installed (on client install) Please note that client installs

[Freeipa-devel] [PATCHES 0031-0032] Improve HBAC rule handling in selinuxusermap-add/mod/find

2013-02-06 Thread Tomas Babej
for detailed info. Tomas From aa171a4e3bc5295cdf332215e1b2477c7512180a Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Wed, 6 Feb 2013 07:04:03 -0500 Subject: [PATCH 31/32] Improve HBAC rule handling in selinuxusermap-add/mod/find Pre-patch handling of HBAC rules in selinuxusermap

Re: [Freeipa-devel] [PATCH 0034] Deny LDAP binds for user accounts with expired principal

2013-02-13 Thread Tomas Babej
On 02/12/2013 06:23 PM, Simo Sorce wrote: On Tue, 2013-02-12 at 18:03 +0100, Tomas Babej wrote: On 02/12/2013 05:50 PM, Tomas Babej wrote: Hi, This patch adds a check for krbprincipalexpiration attribute to pre_bind operation in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth

Re: [Freeipa-devel] [PATCH 0030] Add option to specify SID using domain name to idrange-add/mod

2013-02-14 Thread Tomas Babej
On 02/12/2013 06:58 PM, Petr Vobornik wrote: On 02/04/2013 05:23 PM, Tomas Babej wrote: Hi, When adding/modifying an ID range for a trusted domain, the newly added option --dom-name can be used. This looks up SID of the trusted domain in LDAP and therefore the user is not required to write

Re: [Freeipa-devel] [PATCH 0030] Add option to specify SID using domain name to idrange-add/mod

2013-02-14 Thread Tomas Babej
On 02/12/2013 06:00 PM, Alexander Bokovoy wrote: On Fri, 08 Feb 2013, Tomas Babej wrote: On 02/08/2013 03:25 PM, Alexander Bokovoy wrote: On Mon, 04 Feb 2013, Tomas Babej wrote: Hi, When adding/modifying an ID range for a trusted domain, the newly added option --dom-name can be used

Re: [Freeipa-devel] [PATCH 0030] Add option to specify SID using domain name to idrange-add/mod

2013-02-15 Thread Tomas Babej
On 02/14/2013 05:37 PM, Alexander Bokovoy wrote: On Thu, 14 Feb 2013, Tomas Babej wrote: + Str('ipanttrusteddomainname?', + cli_name='dom_name', + flags=('no_search', 'virtual_attribute'), + label=_('Name of the trusted domain'), + ), New options is added but API.txt wasn't changed. As result

Re: [Freeipa-devel] [PATCH 0030] Add option to specify SID using domain name to idrange-add/mod

2013-02-18 Thread Tomas Babej
On 02/18/2013 12:36 PM, Alexander Bokovoy wrote: On Fri, 15 Feb 2013, Tomas Babej wrote: On 02/14/2013 05:37 PM, Alexander Bokovoy wrote: On Thu, 14 Feb 2013, Tomas Babej wrote: + Str('ipanttrusteddomainname?', + cli_name='dom_name', + flags=('no_search', 'virtual_attribute'), + label=_('Name

[Freeipa-devel] [PATCH 0035] Use default.conf as flag of IPA client being installed

2013-02-20 Thread Tomas Babej
will not install if something is backed up or default.conf file does exist (unless it's installation on master). https://fedorahosted.org/freeipa/ticket/3331 Tomas From 6a81800dedab33881a4c3573efa80cac50c84d40 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 19 Feb 2013 17:59

Re: [Freeipa-devel] [PATCHES 0024-0025] Improvements to idrange.py

2013-02-20 Thread Tomas Babej
On 12/21/2012 12:15 PM, Tomas Babej wrote: Hi, Sending updated and rebased versions of patches 0024 and 0025. Tomas Sending rebased version, these got quite rotten. Tomas From f21b135d546678544ccf05efd587b46bba88e07a Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Fri

Re: [Freeipa-devel] [PATCH 0027] Add checks for SELinux in install scripts

2013-02-20 Thread Tomas Babej
On Tue 19 Feb 2013 08:37:26 PM CET, Rob Crittenden wrote: Tomas Babej wrote: On 02/04/2013 04:21 PM, Rob Crittenden wrote: Tomas Babej wrote: On 01/30/2013 05:12 PM, Tomas Babej wrote: Hi, The checks make sure that SELinux is: - installed and enabled (on server install) - installed

Re: [Freeipa-devel] [PATCHES 0031-0032] Improve HBAC rule handling in selinuxusermap-add/mod/find

2013-02-20 Thread Tomas Babej
On 02/19/2013 10:33 PM, Rob Crittenden wrote: Tomas Babej wrote: On 02/06/2013 07:57 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, this pair of patches improves HBAC rule handling in selinuxusermap commands. Patch 0031 deals with: https://fedorahosted.org/freeipa/ticket/3349 Patch 0032

Re: [Freeipa-devel] [PATCHES 0024-0025] Improvements to idrange.py

2013-02-20 Thread Tomas Babej
On Wed 20 Feb 2013 02:24:03 PM CET, Alexander Bokovoy wrote: On Wed, 20 Feb 2013, Tomas Babej wrote: On 12/21/2012 12:15 PM, Tomas Babej wrote: Hi, Sending updated and rebased versions of patches 0024 and 0025. Tomas Sending rebased version, these got quite rotten. Thanks for updating

Re: [Freeipa-devel] [PATCH 0035] Use default.conf as flag of IPA client being installed

2013-02-21 Thread Tomas Babej
On 02/21/2013 12:47 PM, Martin Kosek wrote: On 02/20/2013 10:31 AM, Tomas Babej wrote: Hi, When installing / uninstalling IPA client, the checks that determine whether IPA client is installed now take the existence of /etc/ipa/default.conf into consideration. The client will not uninstall

  1   2   3   4   5   6   7   8   9   10   >