Re: [Freeipa-devel] [PATCH] 288 man page for ipa-join
On Thu, 2009-10-08 at 11:11 -0400, Rob Crittenden wrote: Add a man page for the new ipa-join command. rob +ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-w\fR bulk bind password ] [ \fB\-d\fR ] [ \fB\-q\fR ] Can you use something like bulk-bind-password instead? (with dashes) There is also some trailing white-space in the copyright notice and after all .TP commands. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 291 use DS memberof plugin
On Fri, 2009-10-09 at 17:29 -0400, Rob Crittenden wrote: Use the DS memberof plugin instead of the one contained in the IPA source. I'm not removing that source yet, simply not building or configuring it. rob Looks good to me. Ack. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 286 cache installer questions
Martin Nagy wrote: Hi Rob, On Wed, 2009-10-07 at 10:57 -0400, Rob Crittenden wrote: Installing a CA that is signed by another CA is a 2-step process. The first step is to generate a CSR for the CA and the second step is to install the certificate issued by the external CA. To avoid asking questions over and over (and potentially getting different answers) the answers are cached. rob -try: -from ipaserver.install import cainstance -except ImportError: -print sys.stderr, Import failed: %s % sys.exc_value -sys.exit(1) What's this? From just a quick look, it seems to me that this will cause troubles. Martin It was duplicated code, we check for that elsewhere. rob smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 288 man page for ipa-join
Martin Nagy wrote: On Thu, 2009-10-08 at 11:11 -0400, Rob Crittenden wrote: Add a man page for the new ipa-join command. rob +ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-w\fR bulk bind password ] [ \fB\-d\fR ] [ \fB\-q\fR ] Can you use something like bulk-bind-password instead? (with dashes) I picked -w since that is common to the openldap clients. I can add a long version too. There is also some trailing white-space in the copyright notice and after all .TP commands. I think that the manpage editor I use, manedit, adds those. I can get those cleaned up as well. Do you want another patch or just a promise that I'll fix these up? rob smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 291 use DS memberof plugin
Martin Nagy wrote: On Fri, 2009-10-09 at 17:29 -0400, Rob Crittenden wrote: Use the DS memberof plugin instead of the one contained in the IPA source. I'm not removing that source yet, simply not building or configuring it. rob Looks good to me. Ack. Martin pushed to master smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 293 use fqdn
Use getfqdn() instead of the gethostname(). self.ca_host could end up as the same value as self.host and if this isn't fully-qualified then SSL client requests won't work (we query the CA over SSL). rob freeipa-293-fqdn.patch Description: application/mbox smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 294 sleep before doing a task
One of the last steps of an install is to run through any updates. This change adds a sleep() prior to calling tasks to ensure postop writes are done We were seeing a rare deadlock of DS when creating the memberOf task because one thread was adding memberOf in a postop while another was trying to create an index and this was causing a PRLock deadlock. rob freeipa-294-task.patch Description: application/mbox smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Re: [PATCH] Fix bug in HBAC and netgroup plugin get_primary_key_from_dn methods.
On Mon, 2009-10-12 at 10:22 -0400, Rob Crittenden wrote: Pavel Zuna wrote: Rob Crittenden wrote: Pavel Zuna wrote: The method was returning tuples instead of strings in both plugins causing a mess in other plugins, when displaying netgroup/HBAC information. Pavel Assuming that the primary key doesn't exist, what meaning does returning '' have? For these 2 plugins shouldn't it always have a primary key? rob In most plugins, retrieving the primary key from DN is easy, because it is part of the DN (RDN attribute == primary key attribute). With netgroups and HBAC it is a bit more complicated, because the RDN attribute is 'ipauniqueid' and the primary key is 'cn' - we have to do a search to retrieve it. If the search fails for some reason (someone deletes the entry in parallel for example), we return an empty string, which is fail-safe. Pavel Ok, Jason does 11 ET work for you, say on Wed and Fri? rob Yep, sounds good. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 288 man page for ipa-join
Rob Crittenden wrote: Martin Nagy wrote: On Thu, 2009-10-08 at 11:11 -0400, Rob Crittenden wrote: Add a man page for the new ipa-join command. rob +ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-w\fR bulk bind password ] [ \fB\-d\fR ] [ \fB\-q\fR ] Can you use something like bulk-bind-password instead? (with dashes) Ah, I didn't mean that you should change -w. But rather, I would change [ \fB\-w\fR bulk bind password ] to something like this: [ \fB\-w\fR bulk\-bind\-password ] Similarly as we use keytab\-file and not keytab file. I picked -w since that is common to the openldap clients. I can add a long version too. There is also some trailing white-space in the copyright notice and after all .TP commands. I think that the manpage editor I use, manedit, adds those. I can get those cleaned up as well. Do you want another patch or just a promise that I'll fix these up? rob Yes, if you do the changes you have an Ack. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 286 cache installer questions
Rob Crittenden wrote: Martin Nagy wrote: Hi Rob, On Wed, 2009-10-07 at 10:57 -0400, Rob Crittenden wrote: Installing a CA that is signed by another CA is a 2-step process. The first step is to generate a CSR for the CA and the second step is to install the certificate issued by the external CA. To avoid asking questions over and over (and potentially getting different answers) the answers are cached. rob -try: -from ipaserver.install import cainstance -except ImportError: -print sys.stderr, Import failed: %s % sys.exc_value -sys.exit(1) What's this? From just a quick look, it seems to me that this will cause troubles. Martin It was duplicated code, we check for that elsewhere. rob Ah, right. Not thrilled that it's not in a separate patch but what the heck. Ack. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 295 client Makefile target
This adds a few new targets to the top-level Makefile, most notably client and client-rpms. Using this you can more easily build just the client pieces of IPA. rob freeipa-295-client.patch Description: application/mbox smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
