Re: [Freeipa-devel] [PATCH] 431 better CSR header handling
On Mon, 2010-05-03 at 17:41 -0400, Rob Crittenden wrote: > Properly handle CSRs whether they have NEW in the header block or not. > The code was looking for headers without NEW in it but in that case > would cut the first 4 characters of the request off, causing decoding to > fail. > > I also consolidate some duplicate code. > > rob ack. pushed to master. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Add weekly periodic schedule to AccessTime param type.
Fix bug #588414. I'm going to submit improved validation error messages for AccessTime in a separate patch. This one just fixes the bug. Pavel pzuna-freeipa-0002-accesstime.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Add weekly periodic schedule to AccessTime param type.
Pavel Zuna wrote: Fix bug #588414. I'm going to submit improved validation error messages for AccessTime in a separate patch. This one just fixes the bug. Pavel ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Add new pwpolicy plugin based on baseldap classes
On 04/27/2010 09:49 PM, Rob Crittenden wrote: Pavel Zůna wrote: Don't mind the numbering. This is a completely independent patch. It adds a new pwpolicy plugin based on baseldap.py classes. It has the same functionality as the current pwpolicy plugin, but a more clean and consistent interface, fine grained search capabilities, etc. This is actually an updated version of a patch I released some time ago, but it never got fully reviewed. Pavel The original pwpolicy module took group policy via the --group option, yours takes group as the first argument (if any). My thought on this was that at some point someone would want per-user password policy so we could add a --user option. If this isn't forseen as needed then using the first argument for group is probably easier to grok. Had a failure: $ ./ipa pwpolicy2-mod g1 --priority=2 ipa: ERROR: an internal error has occurred File "/home/rcrit/redhat/freeipa-ca/ipalib/plugins/pwpolicy2.py", line 99, in pre_callback del entry_attrs['cn'] KeyError: 'cn' rob Fixed. I also noticed another minor bug. When only priority is modified by pwpolicy2-mod, the EmptyModlist exception is raised. This is because priority is stored in a different entry that is managed by cosentry_* commands and there's nothing left to be changed for the policy entry. The command does it's job, but reports an error and there is no way to catch it without ugly hacks. I'm going to implement a new callback type for baseldap.py classes for the purpose of error handling/exception catching. Pavel pzuna-freeipa-0003-pwpolicy2.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 432 add default open HBAC on install
Create an HBAC that allows all users to access all hosts from any host. This should make initial installation and testing easier. It is expected that this rule (allow_all) will be removed before deployment. In case you know you don't want this you can pass --no_hbac_allow to ipa-server-install and the rule won't be added. rob freeipa-432-hbac.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 433 improve hbac output
This patch adds more attributes to the default output and fixes up some labels. rob freeipa-433-hbac.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
