On 10/02/2012 10:31 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> PAC type (ipakrbauthzdata attribute) was being filled for all new
>> service automatically. However, the PAC type attribute was designed
>> to serve only as an override to default PAC type configured in
>> IPA config. With PAC t
--- Begin Message ---
The Dogtag team is proud to announce version Dogtag v10.0.0 alpha 2.
A build is available for Fedora 18 in the updates-testing repo. Please
try it out and provide karma to move it to the F18 stable repo.
Daily developer builds for Fedora 17 and 18 are available at
http://n
Martin Kosek wrote:
PAC type (ipakrbauthzdata attribute) was being filled for all new
service automatically. However, the PAC type attribute was designed
to serve only as an override to default PAC type configured in
IPA config. With PAC type set in all services, users would have
to update all se
On Tue, 2012-10-02 at 21:29 +0200, Sumit Bose wrote:
> Hi,
>
> this patch should fix https://fedorahosted.org/freeipa/ticket/2955 by
> adding a fallback group as described in comment 2 of the ticket in
> ipa-adtrust-install.
>
> If you prefer to use a different kind of group I can change the patc
Martin Kosek wrote:
On 09/26/2012 08:58 PM, Rob Crittenden wrote:
Martin Kosek wrote:
These 2 patches significantly limit the number of unindexed LDAP searches we do
in IPA. I used our unit test suite as a good source of different LDAP searches
run by our command suite.
Most of the remaining u
Hi,
this patch should fix https://fedorahosted.org/freeipa/ticket/2955 by
adding a fallback group as described in comment 2 of the ticket in
ipa-adtrust-install.
If you prefer to use a different kind of group I can change the patch
accordingly.
bye,
Sumit
From 9cb3514cd7c73810ce4b5dceb82d36b7391
Tomas Babej wrote:
On 09/26/2012 09:32 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Connection error message in ipa-client-install now warns the user
about the need of opening 389 port for directory server.
https://fedorahosted.org/freeipa/ticket/2816
I think this can be pushed as a one-
Petr Viktorin wrote:
On 10/01/2012 09:29 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 10/01/2012 04:41 PM, Rob Crittenden wrote:
The web uninstall step can be very long because we restore two SELinux
booleans individually. This patch combines them into a single step, and
skips setting the
Clear the host session key when enrolling a client.
Make sure dbdir is preserved when a new connection is created.
rob
>From b9d21ae9082e84853d316a49729aac21d848501f Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Mon, 1 Oct 2012 13:05:11 -0400
Subject: [PATCH] Clear kernel keyring in clien
On 10/02/2012 03:04 PM, Martin Kosek wrote:
> On 10/02/2012 12:19 PM, Petr Viktorin wrote:
>> On 10/01/2012 05:28 PM, Martin Kosek wrote:
From IPA 3.0, services have by default ipakrbprincipal objectclass which
>>> allows ipakrbprincipalalias attribute used for case-insensitive principal
>>> s
On 10/02/2012 03:02 PM, Petr Viktorin wrote:
On 10/01/2012 05:02 PM, Ade Lee wrote:
On Mon, 2012-10-01 at 16:09 +0200, Martin Kosek wrote:
On 10/01/2012 03:35 PM, Petr Viktorin wrote:
On 09/27/2012 10:26 AM, Petr Viktorin wrote:
On 09/20/2012 05:58 AM, Ade Lee wrote:
Changes to use a single
PAC type (ipakrbauthzdata attribute) was being filled for all new
service automatically. However, the PAC type attribute was designed
to serve only as an override to default PAC type configured in
IPA config. With PAC type set in all services, users would have
to update all services to get new PAC
Tomas Babej wrote:
Hi,
When executing ipa-replica-manage connect to an unknown or irrelevant
master, we now print a sensible error message informing the user
about this possiblity as well.
https://fedorahosted.org/freeipa/ticket/3105
Tomas
I put a whole bunch of code into a try/except and th
Hi,
When executing ipa-replica-manage connect to an unknown or irrelevant
master, we now print a sensible error message informing the user
about this possiblity as well.
https://fedorahosted.org/freeipa/ticket/3105
Tomas
>From dac062488a4f7989a87358433a83ee1195e21237 Mon Sep 17 00:00:00 2001
Fr
Hello,
Fix potential crash caused by failing zone_register allocation.
Problematic call flow:
new_ldap_instance -> zr_create (returns failure) -> destroy_ldap_instance ->
zr_get_rbt (*crash*)
--
Petr^2 Spacek
From 9d96a9c4a4ac5b592ed5874132e0618b1b259de0 Mon Sep 17 00:00:00 2001
From: Petr Sp
On 10/02/2012 12:19 PM, Petr Viktorin wrote:
> On 10/01/2012 05:28 PM, Martin Kosek wrote:
>>> From IPA 3.0, services have by default ipakrbprincipal objectclass which
>> allows ipakrbprincipalalias attribute used for case-insensitive principal
>> searches. However, as services created in previous
On 10/01/2012 05:02 PM, Ade Lee wrote:
On Mon, 2012-10-01 at 16:09 +0200, Martin Kosek wrote:
On 10/01/2012 03:35 PM, Petr Viktorin wrote:
On 09/27/2012 10:26 AM, Petr Viktorin wrote:
On 09/20/2012 05:58 AM, Ade Lee wrote:
Changes to use a single database for dogtag and IPA
New servers
On 09/26/2012 05:44 PM, Martin Kosek wrote:
On 09/25/2012 02:59 PM, Tomas Babej wrote:
On 09/25/2012 02:31 PM, Martin Kosek wrote:
On 09/25/2012 02:22 PM, Tomas Babej wrote:
Hi,
Group-mod command no longer allows --rename and/or --external
changes made to the admins group. In such cases, Prot
On 10/02/2012 01:33 PM, Petr Viktorin wrote:
> On 10/02/2012 12:48 PM, Martin Kosek wrote:
>> On 10/02/2012 10:49 AM, Petr Viktorin wrote:
>>> On 09/27/2012 01:35 PM, Martin Kosek wrote:
A hotfix pushed in a scope of ticket 3088 forced conversion of DN
object (baseDN) in IPA client discov
On 10/02/2012 12:48 PM, Martin Kosek wrote:
On 10/02/2012 10:49 AM, Petr Viktorin wrote:
On 09/27/2012 01:35 PM, Martin Kosek wrote:
A hotfix pushed in a scope of ticket 3088 forced conversion of DN
object (baseDN) in IPA client discovery so that ipa-client-install
does not crash when creating
On 10/02/2012 10:49 AM, Petr Viktorin wrote:
> On 09/27/2012 01:35 PM, Martin Kosek wrote:
>> A hotfix pushed in a scope of ticket 3088 forced conversion of DN
>> object (baseDN) in IPA client discovery so that ipa-client-install
>> does not crash when creating an IPA default.conf. Since this is no
On 10/01/2012 05:28 PM, Martin Kosek wrote:
From IPA 3.0, services have by default ipakrbprincipal objectclass which
allows ipakrbprincipalalias attribute used for case-insensitive principal
searches. However, as services created in previous version do not have
this objectclass (and attribute),
Hi,
this patch fixes a couple of resource leaks and unchecked return and an
uninitialised value found by Coverity.
bye,
Sumit
From b39269b5adf5d2ae6076d5aa4394e68924027ce6 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Tue, 2 Oct 2012 11:25:04 +0200
Subject: [PATCH] Fix various issues found by
On 09/27/2012 01:35 PM, Martin Kosek wrote:
A hotfix pushed in a scope of ticket 3088 forced conversion of DN
object (baseDN) in IPA client discovery so that ipa-client-install
does not crash when creating an IPA default.conf. Since this is not
a preferred way to handle DN objects, improve its us
On 10/01/2012 09:29 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 10/01/2012 04:41 PM, Rob Crittenden wrote:
The web uninstall step can be very long because we restore two SELinux
booleans individually. This patch combines them into a single step, and
skips setting them if the values won't
Hi,
the following three patches should fix
https://fedorahosted.org/freeipa/ticket/2967
https://fedorahosted.org/freeipa/ticket/2972
https://fedorahosted.org/freeipa/ticket/3038 respectively.
bye,
Sumit
From bab787a651773ec9bead34cfaaec05991ebc74c4 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date:
On 10/01/2012 06:08 PM, Alexander Bokovoy wrote:
> On Mon, 01 Oct 2012, Martin Kosek wrote:
+%else
Requires: samba4-python
Requires: samba4
-Requires: libsss_idmap
Requires: samba4-winbind
+%endif
+Requires: libsss_idmap <
>>> :) Thanks.
>>> I was not lo
27 matches
Mail list logo