On Wed, Jul 22, 2009 at 08:46:13AM -0400, Simo Sorce wrote:
On Wed, 2009-07-22 at 12:52 +0200, Sumit Bose wrote:
this patch should make pam_sss.c considerably more readable and should
allow to use modules like pam_cracklib together with pam_sss. I hope I
have caught all corner cases
On Fri, Jul 24, 2009 at 10:15:25AM +0200, Sumit Bose wrote:
On Thu, Jul 23, 2009 at 04:18:15PM -0400, Simo Sorce wrote:
Sumit found out that ldap auth would segfault from time to time.
The problem was the way ldap_result() works you don't know how many
results are in the pipe so you
On Tue, Sep 29, 2009 at 12:43:15PM -0400, Simo Sorce wrote:
Sasl mappings never worked properly with full principal names.
This patch fixes the problem.
See bug#526284
Should probably commit this patch also against v1.
Simo.
this patch works for me with v1 and v2.
ACK
bye,
Sumit
On Wed, May 26, 2010 at 09:51:21AM -0400, Rob Crittenden wrote:
Sumit Bose wrote:
On Fri, May 21, 2010 at 04:30:12PM -0400, Rob Crittenden wrote:
Add the ipqUniqueID object to HBAC services and make sure that they
get the memberOf attribute if they are members of service groups.
rob
I
On Thu, Aug 19, 2010 at 02:47:33PM -0400, Rob Crittenden wrote:
Dmitri Pal wrote:
Hello,
It occurred to me that we can have a compromise. We can have two ways
and let the admins to decide which model to follow.
So the schema will look like this:
The sudo rule entry will have a string
On Thu, Sep 30, 2010 at 12:06:01AM -0400, Dmitri Pal wrote:
JR Aquino wrote:
I have encountered and troubleshot several instances recently where a user
was present in more than 1 sudo rule. One that permitted the user, the
host, and commands, and another that permited the user, and host,
On Sep 30, 2010, at 6:17 AM,
freeipa-devel-requ...@redhat.commailto:freeipa-devel-requ...@redhat.com
freeipa-devel-requ...@redhat.commailto:freeipa-devel-requ...@redhat.com
wrote:
I think this behaviour is a contradiction to 'paranoid behavior'. I
think that instead of
'If there are
On Thu, Nov 18, 2010 at 05:27:13PM -0500, Dmitri Pal wrote:
Adam Young wrote:
On 11/18/2010 04:02 PM, Stephen Gallagher wrote:
On 11/18/2010 09:55 AM, Dmitri Pal wrote:
Steve can you summarize where we are and what we agreed to,
please, and
identify the questions that we need to
On Sun, Jan 30, 2011 at 11:53:19PM -0500, Dmitri Pal wrote:
On 01/30/2011 11:23 AM, JR Aquino wrote:
On 1/29/11 3:40 PM, Dmitri Pal d...@redhat.com wrote:
On 01/29/2011 12:37 PM, JR Aquino wrote:
On 1/29/11 9:30 AM, JR Aquino jr.aqu...@citrix.com wrote:
From: Dmitri Pal
On Fri, Feb 25, 2011 at 12:47:03AM -0500, Simo Sorce wrote:
On Thu, 24 Feb 2011 20:55:32 -0500
Adam Young ayo...@redhat.com wrote:
I updated the reolve.conf of the client machine to point to the
server and ran:
[root@vm-060 ~]# ipa-client-install --domain idm.lab.bos.redhat.com
On Tue, Jun 21, 2011 at 04:48:08PM -0600, Pete Zaitcev wrote:
On Tue, 21 Jun 2011 18:28:36 -0400
Dmitri Pal d...@redhat.com wrote:
Dear Dmitri, thanks for the reply. I am reading curl source code
now and I notice the distinction between Negotiate that comes
from SPNEGO, and GSS-Negotiate.
+1,198 @@
+#! /usr/bin/python
+#
+# Authors: Sumit Bose sb...@redhat.com
+# Based on ipa-server-install by Karl MacMillan kmacmil...@mentalrootkit.com
+# and ipa-dns-install by Martin Nagy
+#
+# Copyright (C) 2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program
On Fri, Aug 26, 2011 at 09:35:16PM +0300, Alexander Bokovoy wrote:
diff --git a/ipaserver/install/smbinstance.py
b/ipaserver/install/smbinstance.py
new file mode 100644
The code in smbinstance.py assumes Samba has been compiled with
/etc/ipa/smb.conf as default configuration file
On Wed, Sep 07, 2011 at 06:10:50PM -0400, Simo Sorce wrote:
On Tue, 2011-08-30 at 16:40 +0200, Sumit Bose wrote:
I don't think that we should run winbind.
I also changed the path to the smb.conf file from /etc/ipa
to /etc/samba
which makes the change to /etc/sysconfig/samba unnecessary
On Thu, Sep 08, 2011 at 02:06:44PM +0200, Martin Kosek wrote:
On Thu, 2011-09-08 at 13:52 +0200, Sumit Bose wrote:
On Wed, Sep 07, 2011 at 06:10:50PM -0400, Simo Sorce wrote:
On Tue, 2011-08-30 at 16:40 +0200, Sumit Bose wrote:
I don't think that we should run winbind.
I also
On Fri, Sep 09, 2011 at 07:06:47PM -0400, Simo Sorce wrote:
On Thu, 2011-09-08 at 14:39 +0200, Sumit Bose wrote:
On Thu, Sep 08, 2011 at 02:06:44PM +0200, Martin Kosek wrote:
On Thu, 2011-09-08 at 13:52 +0200, Sumit Bose wrote:
On Wed, Sep 07, 2011 at 06:10:50PM -0400, Simo Sorce wrote
Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 13 Sep 2011 12:37:47 +0200
Subject: [PATCH] Call standard_logging_setup() before any logging is done
---
install/tools/ipa-dns-install |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/install/tools/ipa-dns
On Mon, Sep 12, 2011 at 05:24:38PM -0400, Simo Sorce wrote:
On Mon, 2011-09-12 at 17:53 +0200, Sumit Bose wrote:
[..]
I can now run 'smbclient -k -L' on my test system wit hthe recent samba
patch.
Sorry a couple more nitpicks.
Trying to reinstall ipa-adtrust-install it returned
Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 19 Sep 2011 11:48:05 +0200
Subject: [PATCH] Fix ACIs in ipa-adtrust-install
---
ipaserver/install/adtrustinstance.py | 15 +--
1 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install
expects the old objectclasses for users, groups and trust
objects.
bye,
Sumit
From 08ba5beebf81be67f03ae384f2119ae81b3ebf9d Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 19 Sep 2011 15:45:30 +0200
Subject: [PATCH] Update samba LDAP schema
The samba LDAP schema is updated
On Mon, Sep 19, 2011 at 12:34:36PM -0400, Simo Sorce wrote:
Attached find a patch for new attributes and objectclasses for the IPA
v3 goal of configuring trust relationships between freeipa and windows
domains.
I think everything is ok, I just started to wonder if it is maybe safer
to always
On Tue, Sep 20, 2011 at 08:47:58AM -0400, Simo Sorce wrote:
On Tue, 2011-09-20 at 12:36 +0200, Sumit Bose wrote:
On Mon, Sep 19, 2011 at 12:34:36PM -0400, Simo Sorce wrote:
Attached find a patch for new attributes and objectclasses for the IPA
v3 goal of configuring trust relationships
Hi,
this patch extends the ipa-adtrust-install utility by adding SIDs to the
IPA admin user and the admins group.
bye,
Sumit
From 9d24a20c8d81440398f38e71efd024320b20577d Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 23 Sep 2011 15:11:23 +0200
Subject: [PATCH] Add admin
check in ipa_enrollment.c. But I think enrollments via
LDAPI does not make much sense so it does not need to be changed.
This patch should fix https://fedorahosted.org/freeipa/ticket/1877.
bye,
Sumit
From 8ed807a42982aabe958a4d0cac47d5f4511be11c Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
Hi,
this patch adds DNS service records for for Windows systems during the
setup of trust support.
Fixes https://fedorahosted.org/freeipa/ticket/1939.
bye,
Sumit
From 098f835edf3baedf2e69392909c9e725fde378f0 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 13 Oct 2011 12:01
On Fri, Nov 04, 2011 at 10:49:40AM -0400, Simo Sorce wrote:
The attached patches are for master and concern the effort of creating
trust relationships between IPA and AD domains.
With these patches if you have run ipa-adtrust-install the IPA kdc will
be able to create a MS-PAC if the user
On Fri, Nov 18, 2011 at 11:50:47AM -0500, Simo Sorce wrote:
On Fri, 2011-11-18 at 16:07 +0100, Sumit Bose wrote:
On Thu, Nov 17, 2011 at 05:00:51PM -0500, Simo Sorce wrote:
Attached find a series of patches that implement a CLDAP server as a
dirsrv plugin.
The server right now
On Tue, Nov 22, 2011 at 07:10:54PM -0500, Simo Sorce wrote:
In some cases the KDC will decide to use a different checksum type when
re-signing a PAC to include it in a service ticket.
This is common in a cross-realm trust with AD as most AD DCs will use a
HMAC-MD5-RC4 checksum while IPA's
68d66eba4e31a314242322471dbfe698f4493737 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 24 Nov 2011 18:38:38 +0100
Subject: [PATCH] Make pwd-extop aware of new ipaNTHash attribute
---
.../ipa-pwd-extop/ipa_pwd_extop.c |4 +-
daemons/ipa-slapi-plugins/ipa
On Mon, Nov 28, 2011 at 07:43:57PM -0500, Simo Sorce wrote:
On Thu, 2011-11-24 at 13:54 +0100, Sumit Bose wrote:
I think I found two issues which should be fixed by the following
patch:
- krb5_pac_add_buffer() expects krb5_pac and not krb5_pac * as a
second
argument
good catch
On Tue, Nov 29, 2011 at 11:25:41PM +0200, Alexander Bokovoy wrote:
On Tue, 29 Nov 2011, Sumit Bose wrote:
@@ -199,10 +216,11 @@ class ADTRUSTInstance(service.Service):
self.admin_conn.addEntry(entry)
entry = ipaldap.Entry(self.smb_dom_dn
Hi,
we recently changed the name of the samba packages in the ipa-devel
respository. The packages are now called samba4-* and libsmbclient4-*
instead of samba-4.0-* and libsmbclient-4.0-* .
The name was changed because the samba packages will updated the samba4
packages which are currently
On Wed, Nov 30, 2011 at 08:46:04AM -0500, Stephen Gallagher wrote:
On Wed, 2011-11-30 at 14:40 +0100, Sumit Bose wrote:
Hi,
we recently changed the name of the samba packages in the ipa-devel
respository. The packages are now called samba4-* and libsmbclient4-*
instead of samba-4.0
Hi,
the samba team decided to rename the symbol to initialize a new module
(again). This patch adds the new name and keeps the old one.
bye,
Sumit
From a9036112ca47f14d9f17f665fd6bd3efba9dc7b3 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 7 Dec 2011 17:23:53 +0100
Subject
On Mon, Dec 12, 2011 at 07:49:04PM +0200, Alexander Bokovoy wrote:
Hi,
I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
management CLI and GUI. It is quite apparent that most of management
commands will be similar to all future trust types (AD, IPA, etc),
thus, it makes
On Tue, Dec 13, 2011 at 07:08:24PM +0200, Alexander Bokovoy wrote:
On Tue, 13 Dec 2011, Simo Sorce wrote:
On Mon, 2011-12-12 at 22:27 +0200, Alexander Bokovoy wrote:
On Mon, 12 Dec 2011, Sumit Bose wrote:
--password Value [type-specific parameters]
Creates a trust between
On Wed, Dec 14, 2011 at 07:45:53AM -0500, Simo Sorce wrote:
On Wed, 2011-12-14 at 10:23 +0100, Sumit Bose wrote:
On Tue, Dec 13, 2011 at 07:08:24PM +0200, Alexander Bokovoy wrote:
On Tue, 13 Dec 2011, Simo Sorce wrote:
On Mon, 2011-12-12 at 22:27 +0200, Alexander Bokovoy wrote
On Wed, Dec 14, 2011 at 08:31:57AM -0500, Simo Sorce wrote:
On Wed, 2011-12-14 at 14:12 +0100, Sumit Bose wrote:
On Wed, Dec 14, 2011 at 07:45:53AM -0500, Simo Sorce wrote:
On Wed, 2011-12-14 at 10:23 +0100, Sumit Bose wrote:
On Tue, Dec 13, 2011 at 07:08:24PM +0200, Alexander Bokovoy
Hi,
for the IPAv3 trust feature we have to add the objectclass
ipaNTUserAttrs/ipaNTGroupAttrs to every user/group which should be
visible on the Windows side of the trust. The only MUST attribute of
both objectclasses is ipaNTSecurityIdentifier the SID or the user or
group. We would like to
On Wed, Feb 01, 2012 at 01:59:15PM -0500, Simo Sorce wrote:
On Wed, 2012-02-01 at 12:00 -0500, Dmitri Pal wrote:
On 01/31/2012 06:45 AM, Sumit Bose wrote:
Hi,
for the IPAv3 trust feature we have to add the objectclass
ipaNTUserAttrs/ipaNTGroupAttrs to every user/group which should
On Fri, Mar 23, 2012 at 09:35:47AM -0400, Dmitri Pal wrote:
On 03/23/2012 08:52 AM, Sumit Bose wrote:
Hi,
these two patches introduce a new extended operation to the IPA server
which can be used by clients in the IPA domain to obtain information
about users and groups from trusted
On Fri, Mar 23, 2012 at 12:08:22PM -0400, Dmitri Pal wrote:
On 03/23/2012 11:57 AM, Sumit Bose wrote:
On Fri, Mar 23, 2012 at 09:35:47AM -0400, Dmitri Pal wrote:
On 03/23/2012 08:52 AM, Sumit Bose wrote:
Hi,
these two patches introduce a new extended operation to the IPA server
which
On Tue, Mar 27, 2012 at 03:17:06PM -0400, Simo Sorce wrote:
This patch fixes #2504, the logic to choose the client principal to use
was basically reversed, and we ended up using the wrong principal to
verify the PAC owner.
This patch fixes it. Tested and s4u2proxy keeps working both with and
On Thu, Mar 29, 2012 at 05:02:31PM -0400, Simo Sorce wrote:
On Thu, 2012-03-29 at 16:30 +0300, Alexander Bokovoy wrote:
This is due to some krbtgt/realm@REALM searches performed in KDC
without
allowing for principal aliases and therefore no chance to our
case-insensitive searches to kick
On Tue, Apr 03, 2012 at 01:41:35PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are the current patches for adding support for Active Directory
trusts for FreeIPA v3 (master).
These are tested and working with samba4 build available in ipa-devel@
repo. You have to use --delegate until
On Fri, Apr 20, 2012 at 12:37:08PM -0400, John Dennis wrote:
We're supposed to be working on master now, not 2.2. But master has
dependencies on samba4. Those dependencies can only be resolved on
F17, an unreleased platform.
I think it's reasonable for IPA developers to work on the current
On Fri, Apr 20, 2012 at 07:20:32PM -0400, John Dennis wrote:
On 04/20/2012 05:49 PM, Sumit Bose wrote:
I take samba4 and libldb from the ipa-devel repo. There are even
versions for my very old F15 devel system.
Yup, one of the first things I tried.
But those conflict with the libsmbclient
On Mon, Apr 23, 2012 at 11:51:09AM -0400, John Dennis wrote:
Just curious, some changes went into master that modified how we
call into ldap (for both the installer and normal server operation).
But those changes occurred when many of us we working on 2.2 almost
exclusively. So has anybody
On Mon, Jun 04, 2012 at 03:32:36PM +0300, Alexander Bokovoy wrote:
On Mon, 04 Jun 2012, Martin Kosek wrote:
I did another round of testing and this is what I found so far:
1) freeipa.spec.in was missing python-crypto BuildRequires (you fixed
that)
2) Unit tests need to be updated,
On Thu, Jun 07, 2012 at 12:09:32PM +0200, Sumit Bose wrote:
now with patches :-)
On Thu, Jun 07, 2012 at 12:07:13PM +0200, Sumit Bose wrote:
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/2513 and as a
consequence makes https://fedorahosted.org/freeipa/ticket/2516 obsolete
On Tue, Jun 12, 2012 at 04:08:12PM +0300, Alexander Bokovoy wrote:
DCERPC code in AD trusts implementation depends on Samba 4 Python
bindings.
Make this dependency optional for main freeipa-server package by moving
the dependency to freeipa-server-trust-ad subpackage.
Main interface to AD
0024: add primary and secondary RID base to the local range object
during ipa-adtrust-install
bye,
Sumit
From f9dbf28c52feabeae801d41bd4f69d2eb898a8b0 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 11 Jun 2012 18:31:36 +0200
Subject: [PATCH] Extend LDAP schema
On Wed, Jun 13, 2012 at 08:38:23PM -0400, Simo Sorce wrote:
On Wed, 2012-06-13 at 21:17 +0200, Sumit Bose wrote:
to keep track of the different ranges we use for UIDs/GIDs for local
users/groups and users from trusted domains new range objects are
introduced which are stored below cn
On Thu, Jun 14, 2012 at 07:54:40AM -0400, Simo Sorce wrote:
On Thu, 2012-06-14 at 12:35 +0200, Sumit Bose wrote:
On Wed, Jun 13, 2012 at 08:38:23PM -0400, Simo Sorce wrote:
On Wed, 2012-06-13 at 21:17 +0200, Sumit Bose wrote:
to keep track of the different ranges we use for UIDs
On Thu, Jun 14, 2012 at 02:25:01PM +0200, Sumit Bose wrote:
On Thu, Jun 14, 2012 at 07:54:40AM -0400, Simo Sorce wrote:
On Thu, 2012-06-14 at 12:35 +0200, Sumit Bose wrote:
On Wed, Jun 13, 2012 at 08:38:23PM -0400, Simo Sorce wrote:
On Wed, 2012-06-13 at 21:17 +0200, Sumit Bose wrote
Hi Alexander,
On Thu, Jun 21, 2012 at 06:26:02PM +0300, Alexander Bokovoy wrote:
Hi!
Attached is the patch to support external group membership for trusted
domains. This is needed to get proper group membership with the work
Sumit and Jan are doing on both IPA and SSSD sides.
We already
the user from the PAC is added to the local groups on the
client.
bye,
Sumit
From 2e1415e17b811f76d2611a70560ab024765ab3ad Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 30 Apr 2012 15:30:01 +0200
Subject: [PATCH] Filter groups in the PAC
If one or more of the external
: Sumit Bose sb...@redhat.com
Date: Tue, 26 Jun 2012 09:58:01 +0200
Subject: [PATCH] Fix typo
---
daemons/ipa-kdb/ipa_kdb_mspac.c |2 +-
1 Datei geändert, 1 Zeile hinzugefügt(+), 1 Zeile entfernt(-)
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index
On Sun, Jun 17, 2012 at 09:47:20PM +0200, Sumit Bose wrote:
On Thu, Jun 14, 2012 at 02:25:01PM +0200, Sumit Bose wrote:
On Thu, Jun 14, 2012 at 07:54:40AM -0400, Simo Sorce wrote:
On Thu, 2012-06-14 at 12:35 +0200, Sumit Bose wrote:
On Wed, Jun 13, 2012 at 08:38:23PM -0400, Simo Sorce
On Wed, Jun 27, 2012 at 12:56:56PM +0300, Alexander Bokovoy wrote:
On Mon, 25 Jun 2012, Alexander Bokovoy wrote:
On Mon, 25 Jun 2012, Sumit Bose wrote:
Hi Alexander,
On Thu, Jun 21, 2012 at 06:26:02PM +0300, Alexander Bokovoy wrote:
Hi!
Attached is the patch to support external group
On Wed, Jun 27, 2012 at 05:29:07PM +0300, Alexander Bokovoy wrote:
Hi,
attached patch adds comprehensive error condition handling to SASL bind
callback in ipasam module. The callback is doing keytab-based auth
against FreeIPA LDAP server and original version lacked error checks on
purpose.
On Wed, Jun 27, 2012 at 05:36:51PM +0300, Alexander Bokovoy wrote:
Hi,
Windows 2008R2 attempts to authenticate as DOMAIN$ with trust password
when trust is established. Change ipasam module to consider DOMAIN$ when
checking for trusted domain accounts as current code only checks for
DOMAIN.
On Wed, Jun 27, 2012 at 07:09:03PM +0300, Alexander Bokovoy wrote:
On Wed, 27 Jun 2012, Sumit Bose wrote:
On Wed, Jun 27, 2012 at 05:29:07PM +0300, Alexander Bokovoy wrote:
Hi,
attached patch adds comprehensive error condition handling to SASL bind
callback in ipasam module. The callback
On Thu, Jun 28, 2012 at 01:51:28PM +0200, Martin Kosek wrote:
On 06/28/2012 01:09 PM, Martin Kosek wrote:
On 06/28/2012 12:19 PM, Sumit Bose wrote:
On Thu, Jun 28, 2012 at 09:52:14AM +0200, Martin Kosek wrote:
On 06/27/2012 06:38 PM, Alexander Bokovoy wrote:
On Wed, 27 Jun 2012, Sumit
On Wed, Jun 27, 2012 at 07:28:11PM +0300, Alexander Bokovoy wrote:
On Tue, 26 Jun 2012, Sumit Bose wrote:
Hi,
this patch contains the KDC part of the external groups handling. If
group SIDs from the PAC can be found in the ipaExternalGroup objects and
the external groups are member of local
: Sumit Bose sb...@redhat.com
Date: Fri, 29 Jun 2012 10:58:04 +0200
Subject: [PATCH] Use lower case names in LDAP to meet freeIPA convention
---
daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen.h | 22 ++---
1 Datei geändert, 11 Zeilen hinzugefügt(+), 11 Zeilen entfernt(-)
diff --git
On Fri, Jun 29, 2012 at 05:27:41PM -0400, John Dennis wrote:
I just saw a commit that had things like this in it:
admin_conn.search_s(cn=ranges,cn=etc,+self.suffix,
Please don't form DN's using string formatting!
We've had DN objects in the code for a long time now, please use
them,
Hi,
as pointed out by John adtrustinstance.py does not use the DN objects
but strings to define LDAP DNs. This patch fixes it.
bye,
Sumit
From e91540c323791f06791c973754e7773eaccaf08e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 2 Jul 2012 12:20:23 +0200
Subject: [PATCH
On Wed, Jul 04, 2012 at 08:57:44PM +0300, Alexander Bokovoy wrote:
Hi,
when chasing what looked like ccache corruption with Sumit, I've found
yet another issue: use of local stack variable in long-time living code.
This local stack use was absent in the original patch version and was
Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 2 Jul 2012 18:19:38 +0200
Subject: [PATCH] Only check local ID range during ipa-adtrust-install
Since the local ID range it now added during the update process it does
not have to be created during ipa-adtrust-install
00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 4 Jul 2012 12:15:05 +0200
Subject: [PATCH] Allow silent build if available
---
daemons/configure.ac |1 +
1 Datei geändert, 1 Zeile hinzugefügt(+)
diff --git a/daemons/configure.ac b/daemons/configure.ac
index
Hi,
the following two patches contain fixes for ipa_sam.c. The first fixes
several issues which were found by clang and the second removes some
testing stuff I forgot to change.
bye,
Sumit
From 116631a3fd2a50e3c2b5a44ed4cff44fe4f0ab99 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
On Fri, Jul 06, 2012 at 12:47:12PM +0300, Alexander Bokovoy wrote:
Hi,
another small two-line cleanup. We already set 'dedicated keytab file'
in smb.conf when installing trusts via ipa-adtrust-install.
ACK
bye,
Sumit
--
/ Alexander Bokovoy
On Fri, Jul 06, 2012 at 01:18:28PM +0300, Alexander Bokovoy wrote:
On Fri, 06 Jul 2012, Alexander Bokovoy wrote:
Hi,
Obvious clean up in ldapsam_search_users(): every branch is setting the
same base dn and nothing else.
Merged the line with talloc_strdup() call few lines after that.
ACK
On Tue, Jun 26, 2012 at 10:29:00AM +0200, Sumit Bose wrote:
Hi,
this patch fixes a small typo and silences a compiler warning. I think
it is right to use authdata instead of authdata here, but I have to
admit that I cannot say why we have not seen any issues before.
bye,
Sumit
I think I
will finish this
after my PTO. But I haven't started to work on this. So if you think it
should be fixed earlier feel free to take the ticket.
bye,
Sumit
From a70dd5049943ae88aba46ef3e95b06a944efcf60 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 6 Jul 2012 12:24:01 +0200
Subject
On Mon, Jul 16, 2012 at 06:54:26PM -0400, Simo Sorce wrote:
This patchset is about Ticket #2849
The point is to verify that the PAC information we are getting from a
trusted realm is actually consistent with the information we know about
that trust relationship.
The patchset adds a way to
On Mon, Aug 13, 2012 at 07:41:01PM -0500, Endi Sukma Dewata wrote:
On 8/6/2012 2:08 AM, Petr Vobornik wrote:
Range web UI was implemented.
It consist of:
* new menu item - 'ranges' in 'IPA Server' tab
* new search page
* new details page
independently of the SSSD patch.
bye,
Sumit
From f9515cb32526a078a01604c072a7bc6e9b265b19 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 6 Aug 2012 14:30:38 +0200
Subject: [PATCH 1/2] extdom: read ranges from LDAP
---
.../ipa-extdom-extop/ipa_extdom_common.c | 72
On Mon, Aug 20, 2012 at 04:53:50PM -0500, Endi Sukma Dewata wrote:
On 8/20/2012 10:49 AM, Petr Vobornik wrote:
Updated patch attached.
Preview can be seen at:
http://pvoborni.fedorapeople.org/ranges/#ipaserver=rangenavigation=ipaserverrange-facet=search
ACK.
I agree, all options should
From: Sumit Bose sb...@redhat.com
Date: Tue, 21 Aug 2012 12:48:29 +0200
Subject: [PATCH] ipadb_iterate(): handle match_entry == NULL
If match_entry == NULL all principals should be iterated.
Additionally this patch adds a check in ipadb_filter_escape() to make
sure that the input is not NULL
On Tue, Aug 21, 2012 at 08:53:50AM -0400, Simo Sorce wrote:
- Original Message -
Hi,
there was an issue reported yesterday on #freeipa
(https://fedorahosted.org/freeipa/ticket/3011). It is easy to
reproduce
'kdb5_util dump' just core dumps. The attached patch adds a parameter
On Wed, Sep 05, 2012 at 05:13:41PM +0200, Martin Kosek wrote:
range_mod and range_del command could easily create objects with
ID which is suddenly out of specified range. This could cause issues
in trust scenarios where range objects are used for computation of
remote IDs.
Add validator
Hi,
in samba4 rc1 there is an API change which we have to adopt in ipasam.
This patch updates ipasam and unbreaks the build with samba4 rc1.
bye,
Sumit
From 4e39eb306da08b29f694b9ff44ccb53865e33d92 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 14 Sep 2012 14:14:23 +0200
On Fri, Sep 14, 2012 at 05:57:23PM -0400, Rob Crittenden wrote:
Sumit Bose wrote:
Hi,
those two patches should fix
https://fedorahosted.org/freeipa/ticket/2515 . The first makes the
needed change for fresh installations. The second adds the changes
during ipa-adtrust-install if needed. I
On Sat, Sep 15, 2012 at 06:14:56PM -0400, Simo Sorce wrote:
On Sat, 2012-09-15 at 22:02 +0200, Sumit Bose wrote:
On Fri, Sep 14, 2012 at 05:57:23PM -0400, Rob Crittenden wrote:
Sumit Bose wrote:
Hi,
those two patches should fix
https://fedorahosted.org/freeipa/ticket/2515
On Mon, Sep 17, 2012 at 11:18:53AM +0200, Petr Spacek wrote:
On 09/17/2012 09:15 AM, Martin Kosek wrote:
On 09/17/2012 09:06 AM, Petr Spacek wrote:
Discussion about patch Set master_kdc and dns_lookup_kdc to true) reminds
one
related problem:
Our server installer puts line nameserver
On Mon, Sep 17, 2012 at 06:44:36PM +0300, Alexander Bokovoy wrote:
Hi,
Following patch adds trust verification sequence to the case when we
establish trust with knowledge of AD administrative credentials.
As we found out, in order to validate/verify trust, one has to have
administrative
On Tue, Sep 18, 2012 at 12:42:49PM +0200, Sumit Bose wrote:
On Mon, Sep 17, 2012 at 06:44:36PM +0300, Alexander Bokovoy wrote:
Hi,
Following patch adds trust verification sequence to the case when we
establish trust with knowledge of AD administrative credentials.
As we found out
On Mon, Sep 24, 2012 at 05:01:25PM +0300, Alexander Bokovoy wrote:
Hi,
small patch, to make sure external members are listed when 'ipa
group-show' is called.
https://fedorahosted.org/freeipa/ticket/2975
ACK
bye,
Sumit
--
/ Alexander Bokovoy
On Mon, Sep 24, 2012 at 02:40:45PM -0400, Simo Sorce wrote:
This should also give us a slight performance boost as we do
not convert the whole SID to a string many times over.
I was digging up the archive URL of my patch related to this posted to
the list on July
On Tue, Sep 25, 2012 at 05:40:57PM +0300, Alexander Bokovoy wrote:
Hi,
Domain validator code in ipaserver/dcerpc.py verifies that a SID belongs
to one of our trusted domains. This verification was expecting that SID
is for some resource within trusted domain and ignored the case when it
is
Hi,
the following three patches should fix
https://fedorahosted.org/freeipa/ticket/2967
https://fedorahosted.org/freeipa/ticket/2972
https://fedorahosted.org/freeipa/ticket/3038 respectively.
bye,
Sumit
From bab787a651773ec9bead34cfaaec05991ebc74c4 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
Hi,
this patch fixes a couple of resource leaks and unchecked return and an
uninitialised value found by Coverity.
bye,
Sumit
From b39269b5adf5d2ae6076d5aa4394e68924027ce6 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 2 Oct 2012 11:25:04 +0200
Subject: [PATCH] Fix various
9cb3514cd7c73810ce4b5dceb82d36b739124854 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 18 Sep 2012 11:32:10 +0200
Subject: [PATCH 75/78] ipa-adtrust-install: Add fallback group
---
ipaserver/install/adtrustinstance.py | 79 ++--
1 Datei geändert, 67 Zeilen hinzugefügt(+), 12
Hi,
this patch adds a new option to ipa-adtrust-install to generate the SID
for users and groups at the end of the run. This fixes
https://fedorahosted.org/freeipa/ticket/3104 .
bye,
Sumit
From 64f5b76c1869dbbc5e63035baa13642b43854839 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Hi,
this patch tries to avoid the ldapmodiy error messages during
ipa-adtrust-install by checking if the related object already exists.
Fixes https://fedorahosted.org/freeipa/ticket/3012 .
bye,
Sumit
From e2412c162fb4eeab6db280a207002ccba31be2d8 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
On Thu, Oct 04, 2012 at 12:13:57PM +0300, Alexander Bokovoy wrote:
On Thu, 04 Oct 2012, Sumit Bose wrote:
Hi,
this patch tries to avoid the ldapmodiy error messages during
ipa-adtrust-install by checking if the related object already exists.
Fixes https://fedorahosted.org/freeipa/ticket
Hi,
this patch fixes unattended installation for ipa-adtrust-install and
ticket https://fedorahosted.org/freeipa/ticket/3023 .
bye,
Sumit
From 4a4532e8d57cf76c39f2d9483683edee01648f2f Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 4 Oct 2012 11:37:45 +0200
Subject: [PATCH
On Thu, Oct 04, 2012 at 12:39:07PM +0300, Alexander Bokovoy wrote:
On Thu, 04 Oct 2012, Sumit Bose wrote:
On Thu, Oct 04, 2012 at 12:13:57PM +0300, Alexander Bokovoy wrote:
On Thu, 04 Oct 2012, Sumit Bose wrote:
Hi,
this patch tries to avoid the ldapmodiy error messages during
ipa-adtrust
1 - 100 of 377 matches
Mail list logo