[Freeipa-devel] [PATCH] 268 Fixed labels for run-as users and groups.
The labels for the run-as users and groups tables in sudo rule details page have been modified to improve the clarity. Ticket #1752 -- Endi S. Dewata From c05edd38c54994a295c3d7d15477bd87a599ee0d Mon Sep 17 00:00:00 2001 From: Endi S. Dewata Date: Fri, 9 Sep 2011 18:58:52 -0500 Subject: [PATCH] Fixed labels for run-as users and groups. The labels for the run-as users and groups tables in sudo rule details page have been modified to improve the clarity. Ticket #1752 --- install/ui/association.js |4 +++- install/ui/sudo.js |3 +++ install/ui/test/data/ipa_init.json |3 +++ ipalib/plugins/internal.py |3 +++ 4 files changed, 12 insertions(+), 1 deletions(-) diff --git a/install/ui/association.js b/install/ui/association.js index a9cce8e841edbd75ed1de6c1e103f41fd2775a95..2adc6f5af955b87fb481179f03e21031100e2098 100644 --- a/install/ui/association.js +++ b/install/ui/association.js @@ -292,6 +292,8 @@ IPA.association_table_widget = function (spec) { that.other_entity = spec.other_entity; that.attribute_member = spec.attribute_member; +that.label = that.label || IPA.metadata.objects[that.other_entity].label; + that.associator = spec.associator || IPA.bulk_associator; that.add_method = spec.add_method || 'add_member'; that.remove_method = spec.remove_method || 'remove_member'; @@ -324,7 +326,7 @@ IPA.association_table_widget = function (spec) { if (!that.columns.length) { that.create_column({ name: that.name, -label: IPA.metadata.objects[that.other_entity].label, +label: that.label, entity_name: that.other_entity, primary_key: true, link: true diff --git a/install/ui/sudo.js b/install/ui/sudo.js index 4806c17b33d3b38e827453aa47f412db4785f905..43e7c50dba26335174cdb3da61025bec8ebf7b57 100644 --- a/install/ui/sudo.js +++ b/install/ui/sudo.js @@ -870,6 +870,7 @@ IPA.sudo.rule_details_runas_section = function(spec) { that.add_field(IPA.sudorule_association_table_widget({ id: that.entity.name+'-runasruser_user', name: 'ipasudorunas_user', +label: IPA.messages.objects.sudorule.runas_users, add_method: 'add_runasuser', remove_method: 'remove_runasuser', add_title: IPA.messages.association.add.ipasudorunas, @@ -878,6 +879,7 @@ IPA.sudo.rule_details_runas_section = function(spec) { that.add_field(IPA.sudorule_association_table_widget({ id: that.entity.name+'-runasuser_group', name: 'ipasudorunas_group', +label: IPA.messages.objects.sudorule.groups_of_runas_users, add_method: 'add_runasuser', remove_method: 'remove_runasuser', add_title: IPA.messages.association.add.ipasudorunas, @@ -902,6 +904,7 @@ IPA.sudo.rule_details_runas_section = function(spec) { that.add_field(IPA.sudorule_association_table_widget({ id: that.entity.name+'-runasgroup_group', name: 'ipasudorunasgroup_group', +label: IPA.messages.objects.sudorule.runas_groups, add_method: 'add_runasgroup', remove_method: 'remove_runasgroup', add_title: IPA.messages.association.add.ipasudorunasgroup, diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index e15c2618814ef9a6714fc1fcda4ce8ac75f5e09b..9f02cd1864e2798430b9cd3c547aa76eb1c86f83 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -16211,11 +16211,14 @@ "command": "Run Commands", "deny": "Deny", "external": "External", +"groups_of_runas_users": "Groups of RunAs Users", "host": "Access this host", "inactive": "Inactive", "ipaenabledflag": "Rule status", "options": "Options", "runas": "As Whom", +"runas_groups": "RunAs Groups", +"runas_users": "RunAs Users", "specified_commands": "Specified Commands and Groups", "specified_groups": "Specified Groups", "specified_hosts": "Specified Hosts and Groups", diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py index b87fa27a38785f9a8034dafafd02f3ddda900173..bd1e9b97c6052f938f3f5f9c9a610a1ac4e7fca0 100644 --- a/ipalib/plugins/internal.py +++ b/ipalib/plugins/internal.py @@ -394,11 +394,14 @@ class i18n_messages(Command): "command": _("Run Commands"), "deny": _("Deny"), "external": _("External"), +"groups_of_runas_users": _("Groups of RunAs Users"),
[Freeipa-devel] [PATCH] 267 Fixed missing optional field.
The optional uid field in user's adder dialog did not appear when the link is clicked to show the field. This is a regression introduced in the patch for ticket #1648. The click handler for the link field has been moved into a new closure so that the variables point to the correct elements. Note: the duplicate code in IPA.details_table_section.create() and IPA.dialog.create() will be addressed separately in ticket #1394. -- Endi S. Dewata From c2a90c8cd76f0aecf7593cdf438fecda6c21ccef Mon Sep 17 00:00:00 2001 From: Endi S. Dewata Date: Fri, 9 Sep 2011 18:32:37 -0500 Subject: [PATCH] Fixed missing optional field. The optional uid field in user's adder dialog did not appear when the link is clicked to show the field. This is a regression introduced in the patch for ticket #1648. The click handler for the link field has been moved into a new closure so that the variables point to the correct elements. Note: the duplicate code in IPA.details_table_section.create() and IPA.dialog.create() will be addressed separately in ticket #1394. --- install/ui/details.js | 14 +- install/ui/dialog.js | 16 ++-- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/install/ui/details.js b/install/ui/details.js index 23f217afb161c5a21ac6f11e01c80c74203672d1..f7831114d1fdda76c6c1d0276fd5f2c07051616e 100644 --- a/install/ui/details.js +++ b/install/ui/details.js @@ -213,17 +213,21 @@ IPA.details_table_section = function(spec) { field.create(field_container); -if (field.optional){ +if (field.optional) { field_container.css('display', 'none'); + var link = $('', { text: IPA.messages.widget.optional, -href: '', -click: function() { +href: '' +}).appendTo(td); + +link.click(function(field_container, link) { +return function() { field_container.css('display', 'inline'); link.css('display', 'none'); return false; -} -}).appendTo(td); +}; +}(field_container, link)); } } }; diff --git a/install/ui/dialog.js b/install/ui/dialog.js index 2d6d941c6379c0ac6b61eef852ea5b3bd58240c3..86aefeffc06c7e2404a9ec9bc15ea9d8a949c278 100644 --- a/install/ui/dialog.js +++ b/install/ui/dialog.js @@ -162,17 +162,21 @@ IPA.dialog = function(spec) { field.create(field_container); -if (field.optional){ -field_container.css('display','none'); +if (field.optional) { +field_container.css('display', 'none'); + var link = $('', { text: IPA.messages.widget.optional, -href: '', -click: function(){ +href: '' +}).appendTo(td); + +link.click(function(field_container, link) { +return function() { field_container.css('display', 'inline'); link.css('display', 'none'); return false; -} -}).appendTo(td); +}; +}(field_container, link)); } } -- 1.7.5.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 866 don't allow a otp to be set on enrolled hosts
On 9/8/2011 12:51 PM, Rob Crittenden wrote: Don't allow a one-time password to be set on enrolled hosts. This will invalidate the existing keytab. ACK and pushed to master and ipa-2-1. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 1 Add ipa-adtrust-install utility
On Thu, 2011-09-08 at 14:39 +0200, Sumit Bose wrote: > On Thu, Sep 08, 2011 at 02:06:44PM +0200, Martin Kosek wrote: > > On Thu, 2011-09-08 at 13:52 +0200, Sumit Bose wrote: > > > On Wed, Sep 07, 2011 at 06:10:50PM -0400, Simo Sorce wrote: > > > > On Tue, 2011-08-30 at 16:40 +0200, Sumit Bose wrote: > > > > > I don't think that we should run winbind. > > > > > > > > > > I also changed the path to the smb.conf file from /etc/ipa > > > > > to /etc/samba > > > > > which makes the change to /etc/sysconfig/samba unnecessary. > > > > > > > > > > Thanks for review. > > > > > > > > > Ok tested this today, after I was able to tame my machine. > > > > > > > > Some issues and comments still. > > > > > > > > 1) If you just run ipa-adtrust-install it throws an error about an > > > > Illegal netbios name and quits. That's not right, as it should ask for > > > > the netbios name if one is not provided on the command line presenting a > > > > default option (based on the last domain component uppercased maybe), > > > > > > fixed > > > > > > > > > > > 2) I see the way you write the temp smb.conf is by using a lot of > > > > fd.write() calls. It would be much easier instead to use the templating > > > > engine we use elsewhere in the code and drop a template file in > > > > install/share, this will allow us to easily tweak the initial > > > > installation options w/o touching the python code every time. > > > > > > fixed > > > > > > new version attached. > > > > > > bye, > > > Sumit > > > > > > > > > > > 3) Everything installed and started but my smbd coredump immediately > > > > after. It is almost certainly not a problem in your patch though :-) > > > > > > > > So jokes aside if you fix 1 and 2 I think we can push to master. > > > > > > > > Simo. > > > > > > > > -- > > > > Simo Sorce * Red Hat, Inc * New York > > > > > > > > Only one nitpick from me. The new man page header should be changed > > according to our last man page consolidation effort in ticket 1687 so > > that it is consistent with the others. In your case, the header should > > be: > > > > +.TH "ipa-adtrust-install" "1" "Aug 23 2011" "FreeIPA" "FreeIPA Manual > > Pages" > > > > Plus, --netbios-name option is not covered in the man page. > > Thank you for the feedback, I fixed it accordingly. New version > attached. NACK Ok I spent an afternoon with gd's packages trying to get the install work. I have it finally start smbd if run manually. Quite a few things needed to be changed in the configuration to get it to start smbd (not a working solution yet though). First of all for some reason passdb backend would use the hostname instead of the ldapi socket. This seem to be fixed in the latest patch (the install had been done with the previous) - ldap ssl need to set to off, as dirsrv does not allow (nor we want) to use start tls on ldapi I had to use: net conf setparms global 'ldap ssl' off - ldap suffix = cn=accounts,dc=ipa,dc=test is definitely not right. This is not fixed in the current patch either. It should be ldap suffix = $SUFFIX - log file directive is unusual %d causes each log file to be created with the pid number, that is very annoying when you want to see the logs of a specific machine, please change it to use %m - No service principal is created for cifs/fqdn - No directive to tell samba to use the system keytab. you should probably set 'kerberos method = system keytab' I couldn't test everything due to other issues I found and need to investigate in both the samba packaghes and krb5kdc segfaulting on me when I try to use smbclient -k yes :-( Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 868 better handling of ipa-pki-proxy.conf
- Remove ipa-pki-proxy.conf when IPA is uninstalled - Move file removal to httpinstance.py and use remove_file() - Add a version stanza - Create the file if it doesn't exist on upgraded installs https://fedorahosted.org/freeipa/ticket/1771 rob >From 7852db92caaace209b8ab226c4945c250d971ada Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 9 Sep 2011 17:07:09 -0400 Subject: [PATCH] Improved handling for ipa-pki-proxy.conf - Remove ipa-pki-proxy.conf when IPA is uninstalled - Move file removal to httpinstance.py and use remove_file() - Add a version stanza - Create the file if it doesn't exist on upgraded installs https://fedorahosted.org/freeipa/ticket/1771 --- install/conf/ipa-pki-proxy.conf |2 ++ install/tools/ipa-server-install |6 +- install/tools/ipa-upgradeconfig | 21 + ipaserver/install/httpinstance.py |8 4 files changed, 28 insertions(+), 9 deletions(-) diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf index 275f32645be6b41063ec5c20f0e0923f61efbaaa..91a99aaf9cd9ce3669fbe12450bfae1b220fa67b 100644 --- a/install/conf/ipa-pki-proxy.conf +++ b/install/conf/ipa-pki-proxy.conf @@ -1,3 +1,5 @@ +# VERSION 1 - DO NOT REMOVE THIS LINE + ProxyRequests Off # matches for ee port diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 0572d4f2640fbb6eecb64060ebb8de1807d81aef..03cb2e06c283276b64b7fad0b448265e8c432af2 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -490,12 +490,8 @@ def uninstall(): os.remove(ANSWER_CACHE) except Exception: pass + # ipa-client-install removes /etc/ipa/default.conf -try: -os.remove("/etc/httpd/conf.d/ipa-rewrite.conf") -os.remove("/etc/httpd/conf.d/ipa.conf") -except: -pass sstore._load() group_exists = sstore.restore_state("install", "group_exists") diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 4ac3092888b0daa14159d6e789e8e60f425ebb40..1b08382e40788b9be80d538607bd605320279d8e 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -52,7 +52,13 @@ def backup_file(filename, ext): while os.path.exists(backupfile): backupfile = backupfile + "." + str(ext) -shutil.copy2(filename, backupfile) +try: +shutil.copy2(filename, backupfile) +except IOError, e: +if e.errno == 2: # No such file or directory +pass +else: +raise e def update_conf(sub_dict, filename, template_filename): template = ipautil.template_file(template_filename, sub_dict) @@ -93,18 +99,24 @@ def find_version(filename): else: return -1 -def upgrade(sub_dict, filename, template): +def upgrade(sub_dict, filename, template, add=False): +""" +Get the version from the current and template files and update the +installed configuration file if there is a new template. + +If add is True then create a new configuration file. +""" old = int(find_version(filename)) new = int(find_version(template)) -if old < 0: +if old < 0 and not add: print "%s not found." % filename sys.exit(1) if new < 0: print "%s not found." % template -if old < new: +if old < new or add: backup_file(filename, new) update_conf(sub_dict, filename, template) print "Upgraded %s to version %d" % (filename, new) @@ -149,6 +161,7 @@ def main(): upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") +upgrade(sub_dict, "/etc/httpd/conf.d/ipa-pki-proxy.conf", ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True) try: if __name__ == "__main__": diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 4294bee1b75c64fc3af9bee2cfaf19c45629e6b6..266d72783e380b3840600d890fbf894cd1f76133 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -281,6 +281,14 @@ class HTTPInstance(service.Service): logging.debug(error) pass +# Remove the configuration files we create +try: +installutils.remove_file("/etc/httpd/conf.d/ipa-rewrite.conf") +installutils.remove_file("/etc/httpd/conf.d/ipa.conf") +installutils.remove_file("/etc/httpd/conf.d/ipa-pki-proxy.conf") +except: +pass + sebool_state = self.restore_state("httpd_can_network_connect") if not sebool_state is None: try: -- 1.7.6 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 121 Set bind and bind-dyndb-ldap min nvr
On Fri, 2011-09-09 at 14:26 +0300, Alexander Bokovoy wrote: > On Fri, 09 Sep 2011, Martin Kosek wrote: > > > bind-dyndb-ldap will be in stable repo soon, it has already been requested: > > https://admin.fedoraproject.org/updates/bind-dyndb-ldap-1.0.0-0.1.b1.fc15 > > > > bind is still in koji only, it can be downloaded here: > > http://koji.fedoraproject.org/koji/buildinfo?buildID=262773 > > > > There are 2 version of the patch - master and ipa-2-1. > ACK for both. > bind has been pushed to updates-testing now, so the installation is much easier. Pushed to master, ipa-2-1. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 121 Set bind and bind-dyndb-ldap min nvr
On Fri, 09 Sep 2011, Martin Kosek wrote: > bind-dyndb-ldap will be in stable repo soon, it has already been requested: > https://admin.fedoraproject.org/updates/bind-dyndb-ldap-1.0.0-0.1.b1.fc15 > > bind is still in koji only, it can be downloaded here: > http://koji.fedoraproject.org/koji/buildinfo?buildID=262773 > > There are 2 version of the patch - master and ipa-2-1. ACK for both. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 012 Fixed inconsistency in enabling delete buttons
On 09/07/2011 09:06 PM, Endi Sukma Dewata wrote: On 9/7/2011 7:16 AM, Petr Vobornik wrote: https://fedorahosted.org/freeipa/ticket/1640 .. One issue, in HBAC/sudo rules details page if the category is changed from 'all' to 'specific', the Delete button will be enabled although there is no entries selected. See the set_enabled() in IPA.association_table_widget. I think if the parameter is true it should enable only the Add button. If the parameter is false it disable both Add and Delete button and call unselect_all(). Fixed -- Petr Vobornik From ef769ee328dfd0d2293ec3095ddf021eea1fd3ed Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 7 Sep 2011 13:57:47 +0200 Subject: [PATCH] Fixed inconsistency in enabling delete buttons https://fedorahosted.org/freeipa/ticket/1640 On the HBAC Rules page, where the rules are listed, if no rule is selected, the "Delete" button is not enabled, and cannot be clicked on. But edit a Rule, and Delete button is enabled in the available sections - regardless of, if an object is selected to be deleted or not, or even if there is no object to be selected to delete. One can click on this button...but then - there is no message indicating that something should be selected for deletion for this button to do anything. Notes: * fixed association_table_widget and association_facet --- install/ui/association.js | 40 +++- 1 files changed, 35 insertions(+), 5 deletions(-) diff --git a/install/ui/association.js b/install/ui/association.js index 1c9776b0e6c596be4dd07665b141891d2e7d4ba0..b999f0eade03bc2ab2f2a55d7baadb008ce0d9b7 100644 --- a/install/ui/association.js +++ b/install/ui/association.js @@ -352,24 +352,25 @@ IPA.association_table_widget = function (spec) { that.table_create(container); -var remove_button = IPA.action_button({ +that.remove_button = IPA.action_button({ name: 'remove', label: IPA.messages.buttons.remove, icon: 'remove-icon', +'class': 'action-button-disabled', click: function() { -if (!remove_button.hasClass('action-button-disabled')) { +if (!that.remove_button.hasClass('action-button-disabled')) { that.remove_handler(); } return false; } }).appendTo(that.buttons); -var add_button = IPA.action_button({ +that.add_button = IPA.action_button({ name: 'add', label: IPA.messages.buttons.add, icon: 'add-icon', click: function() { -if (!add_button.hasClass('action-button-disabled')) { +if (!that.add_button.hasClass('action-button-disabled')) { that.add_handler(); } return false; @@ -420,9 +421,25 @@ IPA.association_table_widget = function (spec) { that.set_enabled = function(enabled) { that.table_set_enabled(enabled); if (enabled) { -$('.action-button', that.table).removeClass('action-button-disabled'); +if(that.add_button) { +that.add_button.removeClass('action-button-disabled'); +} } else { $('.action-button', that.table).addClass('action-button-disabled'); +that.unselect_all(); +} +}; + +that.select_changed = function() { + +var values = that.get_selected_values(); + +if (that.remove_button) { +if (values.length === 0) { +that.remove_button.addClass('action-button-disabled'); +} else { +that.remove_button.removeClass('action-button-disabled'); +} } }; @@ -829,6 +846,18 @@ IPA.association_facet = function (spec) { that.refresh_table(); }; +that.table.select_changed = function() { + +var values = that.table.get_selected_values(); + +if (that.remove_button) { +if (values.length === 0) { +that.remove_button.addClass('action-button-disabled'); +} else { +that.remove_button.removeClass('action-button-disabled'); +} +} +}; } that.create_header = function(container) { @@ -842,6 +871,7 @@ IPA.association_facet = function (spec) { name: 'remove', label: IPA.messages.buttons.remove, icon: 'remove-icon', +'class': 'action-button-disabled', click: function() { if (!that.remove_button.hasClass('action-button-disabled')) { that.show_remove_dialog(); -- 1.7.6 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 121 Set bind and bind-dyndb-ldap min nvr
bind-dyndb-ldap will be in stable repo soon, it has already been requested: https://admin.fedoraproject.org/updates/bind-dyndb-ldap-1.0.0-0.1.b1.fc15 bind is still in koji only, it can be downloaded here: http://koji.fedoraproject.org/koji/buildinfo?buildID=262773 There are 2 version of the patch - master and ipa-2-1. Martin >From 356141a4129afd414dd93dc05f1b9317a1d518c5 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Fri, 9 Sep 2011 12:30:00 +0200 Subject: [PATCH] Set bind and bind-dyndb-ldap min nvr This is a soft dependency, min nvr version will only be required when bind/bind-dyndb-ldap are installed. https://fedorahosted.org/freeipa/ticket/1121 https://fedorahosted.org/freeipa/ticket/1573 --- freeipa.spec.in |9 + 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 31a1e943a3c33645e9d6a8a2c4fc86b89c32f382..fc7141cc1729b751e09f8fc8dfdd1c8d94756359 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -124,6 +124,12 @@ Requires: subscription-manager Requires(preun): python initscripts chkconfig Requires(postun): python initscripts chkconfig +# We have a soft-requires on bind. It is an optional part of +# IPA but if it is configured we need a way to require versions +# that work for us. +Conflicts: bind-dyndb-ldap < 1.0.0-0.1.b1 +Conflicts: bind < 9.8.1-1 + Obsoletes: ipa-server >= 1.0 %description server @@ -537,6 +543,9 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf %changelog +* Fri Sep 9 2011 Martin Kosek - 2.99.0-4 +- Add soft dependency for bind and bind-dyndb-ldap required versions + * Wed Aug 31 2011 Rob Crittenden - 2.99.0-3 - Set min nvr of 389-ds-base to 1.2.9.7-1 for BZ 728605 -- 1.7.6 >From 7a6098514231ea728b7eaa20104a1065f17dd532 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Fri, 9 Sep 2011 12:40:28 +0200 Subject: [PATCH] Set bind and bind-dyndb-ldap min nvr This is a soft dependency, min nvr version will only be required when bind/bind-dyndb-ldap are installed. https://fedorahosted.org/freeipa/ticket/1121 https://fedorahosted.org/freeipa/ticket/1573 --- freeipa.spec.in |9 + 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 1c13f778bec450d704f27dfaf5600994d5cbbb06..5bc481b1d173c6e65781f577116b93939aee02e8 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -124,6 +124,12 @@ Requires: subscription-manager Requires(preun): python initscripts chkconfig Requires(postun): python initscripts chkconfig +# We have a soft-requires on bind. It is an optional part of +# IPA but if it is configured we need a way to require versions +# that work for us. +Conflicts: bind-dyndb-ldap < 1.0.0-0.1.b1 +Conflicts: bind < 9.8.1-1 + Obsoletes: ipa-server >= 1.0 %description server @@ -541,6 +547,9 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf %changelog +* Fri Sep 9 2011 Martin Kosek - 2.1.0-4 +- Add soft dependency for bind and bind-dyndb-ldap required versions + * Wed Aug 31 2011 Rob Crittenden - 2.1.0-3 - Set min nvr of 389-ds-base to 1.2.9.7-1 for BZ 728605 -- 1.7.6 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 266 Fixed sudo rule association dialogs.
On 09/08/2011 06:53 PM, Endi Sukma Dewata wrote: On 9/8/2011 10:28 AM, Endi Sukma Dewata wrote: The adder dialog for the user and host tables in sudo rule details page have been fixed to use --not-in-sudorules to avoid showing entries that are already added into the rule either directly or indirectly via groups. This does not apply to the command and run-as tables because they do not support such option. Ticket #1768 Wrong email title. It should be patch #266. ACK -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 265 Fixed layout problem in permission adder dialog.
On 09/08/2011 06:51 PM, Endi Sukma Dewata wrote: On 9/8/2011 11:13 AM, Petr Vobornik wrote: In IPA.details_table_section: 1)not renamed list_section_create method Fixed. Code clean-up in aci.js: 2) IPA.rights_section can be deleted and replaced by spec object usage. It doesn't add any functionality. Fixed. 3) IPA.permission_details_facet can be deleted - it isn't used anywhere. Fixed. ACK -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel