Re: [Freeipa-devel] [PATCH] Add flags to enforce asking for object attribute
Rob Crittenden wrote: > Jan Zelený wrote: > > So far the only way to enforce asking for parameter in interactive mode > > was the alwaysask attribute, which is not sufficient any more. This > > patch adds the ability to control during which actions the atrribute > > shall be asked for. > > > > Jan > > nack, this doesn't address the interactive part in ipalib/cli.py. > > rob I'm afraid I don't know what do you mean. Can you please give me a quick guidance what are you referring to? Thanks Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0164-dns-visible-if-enabled.
From 40c765b901e23d4677f82439796563241a6d40bd Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 25 Jan 2011 21:58:49 -0500 Subject: [PATCH] dns visible if enabled use the result of the is_dns_enabled command to show or hid the dns tab Also, Javascript lint cleanup from recent patches. --- install/ui/entity.js |2 +- install/ui/ipa.js|1 + install/ui/webui.js | 13 ++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/install/ui/entity.js b/install/ui/entity.js index 34e34d6cfccc199ee68404cd7276d22a0b342494..e7fa6a7a3e96ea850e87036a4cb06029cd8d2eba 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -434,7 +434,7 @@ IPA.nested_tabs = function(entity_name){ IPA.nested_tab_labels[entity_name] = top_tab.children[subtab_index].label; if (top_tab.children[subtab_index].children){ -label = top_tab.children[subtab_index].label +label = top_tab.children[subtab_index].label; nested_entities = top_tab.children[subtab_index].children; for ( nested_index = 0; nested_index < nested_entities.length; diff --git a/install/ui/ipa.js b/install/ui/ipa.js index 5e22b2c3f08781f2f5a7bce1b72bd3142bcde240..725bf17c593aa30115d318bf3614239ef58948a6 100644 --- a/install/ui/ipa.js +++ b/install/ui/ipa.js @@ -95,6 +95,7 @@ var IPA = ( function () { that.messages = data.result.results[1].messages; that.whoami = data.result.results[2].result[0]; that.env = data.result.results[3].result; +that.dns_enabled = data.result.results[4].result; if (on_success) { on_success(data, text_status, xhr); } diff --git a/install/ui/webui.js b/install/ui/webui.js index b1097f63a1f5ec843961ed1b90a86d8d6e05a1c9..f5b77c851a798e3fbea328178be70e49fb86a7f6 100644 --- a/install/ui/webui.js +++ b/install/ui/webui.js @@ -27,7 +27,7 @@ IPA.admin_tab_set = function () { -return [ +var tabset = [ {name:'identity', label: IPA.messages.tabs.identity, children:[ {name:'user', entity:'user'}, {name:'group', entity:'group'}, @@ -37,7 +37,6 @@ IPA.admin_tab_set = function () { {name:'service', entity:'service'} ]}, {name:'policy', label: IPA.messages.tabs.policy, children:[ -{name:'dnszone', entity:'dnszone'}, {name:'hbacrule', label: IPA.messages.tabs.hbac , entity:'hbacrule', children:[ {name:'hbacsvc', entity:'hbacsvc'}, @@ -60,6 +59,14 @@ IPA.admin_tab_set = function () { {name:'delegation' ,entity:'delegation'}, {name:'config', entity:'config'} ]}]; + +if (IPA.dns_enabled){ +tabset[1].children.unshift( +{name:'dnszone', entity:'dnszone'} +); +} + +return tabset; }; IPA.self_serv_tab_set = function(){ @@ -139,7 +146,7 @@ $(function() { IPA.tab_set = IPA.admin_tab_set(); nav_create(IPA.tab_set, navigation, 'tabs'); } else { -IPA.tab_set = self_serv_tab_set(); +IPA.tab_set = IPA.self_serv_tab_set(); nav_create(IPA.tab_set, navigation, 'tabs'); var state = {'user-pkey':IPA.whoami_pkey , -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0163-dns-container
On 01/25/2011 09:16 PM, Adam Young wrote: Kyle noticed that the DNS page was off. This fixes it. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Fixes the title. It had to be set after the entity was assigned. From 7873786188e39b6d91645dc66c733477188e6fdf Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 25 Jan 2011 21:15:05 -0500 Subject: [PATCH] dns container the dns records page was adding controls to the wrong tag. This pushes everything down one level, fixing the formatting. --- install/ui/policy.js | 58 - 1 files changed, 33 insertions(+), 25 deletions(-) diff --git a/install/ui/policy.js b/install/ui/policy.js index 208b7c9ec55f82166d876fea250c93a37bf85880..fedf40726ac11d05f859cc09045ebe59a783fb94 100644 --- a/install/ui/policy.js +++ b/install/ui/policy.js @@ -276,30 +276,21 @@ IPA.records_facet = function (spec){ }; function create(container) { + +container.attr('title', that.entity_name); + +$('',{ +}).append(IPA.create_network_spinner()). +appendTo(container); + var details = $('', { 'class': 'content' }).appendTo(container); -} - -function setup(container){ - -that.facet_setup(container); - -that.pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; -that.record = $.bbq.getState(that.entity_name + '-record', true) || ''; - -that.container.attr('title', that.entity_name); - -var h2 = $('',{ -text: "Records for DNS Zone:" + that.pkey -}).appendTo(that.container); - var div = $(''). -appendTo(that.container); +appendTo(details); var control_span =$('').appendTo(div); - control_span.append('Resource'); control_span.append($('',{ type: "text", @@ -311,13 +302,6 @@ IPA.records_facet = function (spec){ create_type_select('dns-record-type-filter',true). appendTo(control_span); -//commented out until data is searchable -//control_span.append('Data'); -//control_span.append($('',{ -//type: "text", -//id: 'dns-record-data-filter', -//name: 'search-' + obj_name + '-filter' -//})); IPA.button({ @@ -349,7 +333,7 @@ IPA.records_facet = function (spec){ var records_results = $('', { 'class': 'records-results' -}).appendTo(that.container); +}).appendTo(details); var records_table = $('', { 'class': 'search-table' @@ -373,6 +357,30 @@ IPA.records_facet = function (spec){ tr.append($('Record Type')); tr.append($('Data')); +} + +function setup(container){ + +that.facet_setup(container); + +that.pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; +that.record = $.bbq.getState(that.entity_name + '-record', true) || ''; + + +$('h1',container). +html("Records for DNS Zone:" + that.pkey); + + +//commented out until data is searchable +//control_span.append('Data'); +//control_span.append($('',{ +//type: "text", +//id: 'dns-record-data-filter', +//name: 'search-' + obj_name + '-filter' +//})); + + + refresh(); } -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0163-dns-container
Kyle noticed that the DNS page was off. This fixes it. From 6a7ca9e8400c359fa50f1ecca62a34a7cdf3abd7 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 25 Jan 2011 21:15:05 -0500 Subject: [PATCH] dns container the dns records page was adding controls to the wrong tag. This pushes everything down one level, fixing the formatting. --- install/ui/policy.js | 55 +++-- 1 files changed, 30 insertions(+), 25 deletions(-) diff --git a/install/ui/policy.js b/install/ui/policy.js index 208b7c9ec55f82166d876fea250c93a37bf85880..7e9e05eb637047bf344c7748c06698ef3de4004f 100644 --- a/install/ui/policy.js +++ b/install/ui/policy.js @@ -276,30 +276,22 @@ IPA.records_facet = function (spec){ }; function create(container) { + +container.attr('title', that.entity_name); + +$('',{ +html: "Records for DNS Zone:" + that.pkey +}).append(IPA.create_network_spinner()). +appendTo(container); + var details = $('', { 'class': 'content' }).appendTo(container); -} - -function setup(container){ - -that.facet_setup(container); - -that.pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; -that.record = $.bbq.getState(that.entity_name + '-record', true) || ''; - -that.container.attr('title', that.entity_name); - -var h2 = $('',{ -text: "Records for DNS Zone:" + that.pkey -}).appendTo(that.container); - var div = $(''). -appendTo(that.container); +appendTo(details); var control_span =$('').appendTo(div); - control_span.append('Resource'); control_span.append($('',{ type: "text", @@ -311,13 +303,6 @@ IPA.records_facet = function (spec){ create_type_select('dns-record-type-filter',true). appendTo(control_span); -//commented out until data is searchable -//control_span.append('Data'); -//control_span.append($('',{ -//type: "text", -//id: 'dns-record-data-filter', -//name: 'search-' + obj_name + '-filter' -//})); IPA.button({ @@ -349,7 +334,7 @@ IPA.records_facet = function (spec){ var records_results = $('', { 'class': 'records-results' -}).appendTo(that.container); +}).appendTo(details); var records_table = $('', { 'class': 'search-table' @@ -373,6 +358,26 @@ IPA.records_facet = function (spec){ tr.append($('Record Type')); tr.append($('Data')); +} + +function setup(container){ + +that.facet_setup(container); + +that.pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; +that.record = $.bbq.getState(that.entity_name + '-record', true) || ''; + + +//commented out until data is searchable +//control_span.append('Data'); +//control_span.append($('',{ +//type: "text", +//id: 'dns-record-data-filter', +//name: 'search-' + obj_name + '-filter' +//})); + + + refresh(); } -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 690 add brackets around optional prompts
Jan Zelený wrote: Rob Crittenden wrote: When prompting for arguments in the cli there is no way to tell what is optional and what is required. This sticks brackets around optional arguments. Ticket 832 rob Ack Jan pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] kylebaker- 0006-Modal-Panel-Changes.patch
Pushed to master On 01/25/2011 04:57 PM, Adam Young wrote: Sent direct to me From Kyle. ACK Original Message Subject:0006-Modal-Panel-Changes.patch Date: Tue, 25 Jan 2011 16:41:56 -0500 (EST) From: Kyle Baker To: Adam Young ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] {pATCH] kylebaker- 0006-Modal-Panel-Changes.patch
Sent direct to me From Kyle. ACK Original Message Subject:0006-Modal-Panel-Changes.patch Date: Tue, 25 Jan 2011 16:41:56 -0500 (EST) From: Kyle Baker To: Adam Young From 0f67a5588d4df002a2941af1030b51da627ace8f Mon Sep 17 00:00:00 2001 From: System Administrator Date: Tue, 25 Jan 2011 09:23:55 -0500 Subject: [PATCH] Modal Panel Changes --- install/ui/ipa.css | 57 +--- 1 files changed, 45 insertions(+), 12 deletions(-) diff --git a/install/ui/ipa.css b/install/ui/ipa.css index 0d63c9703bf29f60df9a992d52a50a7cf479b362..bc7aed1d6cc344246a62dd3b44e1b2585870b52e 100644 --- a/install/ui/ipa.css +++ b/install/ui/ipa.css @@ -283,6 +283,10 @@ span.attrhint { background-position: -176px -97px; } +.ui-dialog .ui-dialog-titlebar-close span { + background-color: none !important; +} + .ui-widget-content .ui-icon { //background-image: url("ui-icons_22_256x240.png"); background-color: #e2e2e2; @@ -305,6 +309,22 @@ span.attrhint { font-weight: bold; } +.ui-dialog .ui-dialog-buttonpane button { +cursor: pointer; +margin: 0.5em 0.4em 0.5em 0; +padding: 0.1em 0.2em; +} + +.ui-dialog .ui-dialog-buttonpane { +background-image: none; +border-width: 1px 0 0; +padding: 0.3em 1em 0.5em 0.4em; +text-align: left; +} + +//.ui-dialog .ui-dialog-content { + min-height: 26em !important; +}// .ui-widget input, .ui-widget select, .ui-widget textarea, .ui-widget button { @@ -607,6 +627,7 @@ a.action-button-disabled { padding-left: 0.5em; } + .search-table th{ padding-left: 0.5em; background-color:#f6f6f6; @@ -705,7 +726,14 @@ dl.modal dd { margin-left: 0.8em; } +#dns-record-resource-filter { + padding: 0em 1em; + margin: 0 1em; +} +#dns-record-type-filter { + margin: 0 1em 0 0.5em; +} .ui-widget-content { border:0; @@ -722,6 +750,7 @@ table.scrollable tbody { .adder-dialog-filter { height: 2.5em; + padding-top: 0.7em; } .adder-dialog-results { @@ -730,30 +759,34 @@ table.scrollable tbody { } .adder-dialog-available { -border: 1px solid black; +background-color: #ff; + border: none; position: absolute; top: 0; left: 0; bottom: 0; -width: 25.0em; -} - -.adder-dialog-buttons { -position: absolute; -top: 1.5em; -left: 23.35em; -right: 25; -bottom: 0; -text-align: center; +width: 23em; + padding-top: 1em; } .adder-dialog-selected { -border: 1px solid black; +background-color: #ff; + border: none; position: absolute; top: 0; right: 0; bottom: 0; width: 23em; + padding-top: 1em; +} + +.adder-dialog-buttons { +position: absolute; +top: 7.5em; + left: 23.7em; +right: 25; +bottom: 0; +text-align: center; } .adder-dialog-internal { -- 1.7.3.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Two for Style changes
On 01/25/2011 04:20 PM, Adam Young wrote: Apply the kylebaker patch first. These should be considered one patch, but I'd like to keep them separate to idntify authorship ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Rename package to freeipa
Jan Zelený wrote: Ok, so here is the first version of patch which will rename the package in Fedora from ipa to freeipa. I've tried to keep it as minimal as possible, but my concern is whether it doesn't break any Fedora rules. I tried to remember them from time I was maintainer and no particular rule we might be breaking came to my mind, so hopefully we are ok. The package builds fine using `make rpms` and it installs fine as well. I also tested that installation fails in case ipa-* packages are installed. Jan Ack, pushed to master. I made one minor change, I replaced the Conflicts with Obsoletes per the Fedora packaging guideines. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0072 Fix regreasions in setting up winsync agreements
On Tue, 25 Jan 2011 18:50:38 +0100 Jakub Hrozek wrote: > On Tue, Jan 25, 2011 at 12:11:01PM -0500, Simo Sorce wrote: > > On Tue, 25 Jan 2011 12:05:07 -0500 > > Simo Sorce wrote: > > > > > > > > Some basic fixes to winsync replication setups. > > > Depends on 0069-4 > > > > > > Ticket #807 > > > > With the actual patch :) > > > > Ack - I have found the same issue with pylint. Yeah pretty easy to spot even for automated tools :) Pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0069 Add/Remove DNS records for replicas
On Tue, 25 Jan 2011 18:43:38 +0100 Jakub Hrozek wrote: > >> Let me rebase and steal those changes from my other patch and > >> resubmit. > >> > >> Simo. > >> > > > > New patch attached. > > > > Simo. > > > > Ack Thanks, pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0070 Create DNS entries early on
On Tue, 25 Jan 2011 18:44:02 +0100 Jakub Hrozek wrote: > On 01/24/2011 05:59 PM, Simo Sorce wrote: > > > > See ticket #833 for a detailed explanation. > > > > Simo. > > > > Ack Pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 040 Assorted bugs found by pylint
On Tue, 25 Jan 2011 18:52:13 +0100 Jakub Hrozek wrote: > On Tue, Jan 25, 2011 at 01:09:25PM +0100, Jakub Hrozek wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > On 01/21/2011 11:43 AM, Jakub Hrozek wrote: > > > https://fedorahosted.org/freeipa/ticket/358 > > > > > > Another part of this effort is running pylint during build. I have > > > started on this, but because we use python's dynamic features > > > quite a lot, pylint produces a big number of false positives. > > > > > > I wrote a small pylint plugin that helps (so it allowed me to > > > review the pylint results sanely), but it's still not complete - > > > I'd like to resume that work during the 2.0.1 bug fixing as there > > > are more pressing issues right now, I think. > > > > Attaching a new version that fixes one more bug and also changes one > > hunk so it does not exceed the recommended 80-chars limit. > > Attached is a new version that is rebased on top of Simo's patch 072. Ack and pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 692 fix rpmlint warnings
On Tue, 25 Jan 2011 18:28:15 +0100 Jakub Hrozek wrote: > On Tue, Jan 25, 2011 at 11:06:01AM -0500, Rob Crittenden wrote: > > I did some specfile clean up in preparation of proposing this as a > > package for Fedora 15. > > > > ticket 804. > > > > rob > > Ack Pushed to master Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0159-unselected-facets
On 01/25/2011 01:51 PM, Kyle Baker wrote: ACK looks good - Original Message - ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0160-action-panel-select-for-multiple-entities
On 01/25/2011 01:52 PM, Kyle Baker wrote: ACK looks good - Original Message - On 01/25/2011 11:38 AM, Adam Young wrote: ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Had left in a typo. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0160-action-panel-select-for-multiple-entities
ACK looks good - Original Message - > On 01/25/2011 11:38 AM, Adam Young wrote: > > > ___ > Freeipa-devel mailing list Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel Had left in a > typo. > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From 28059f95700b664acb12d08f677be53b5430019d Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 25 Jan 2011 11:37:08 -0500 Subject: [PATCH] action panel select for multiple entities --- install/ui/entity.js | 26 ++ 1 files changed, 18 insertions(+), 8 deletions(-) diff --git a/install/ui/entity.js b/install/ui/entity.js index 1e9535c91b7e9083f5e3983d99d6afa753707517..70b583cc4a3838e2a0c92cee87077517e6e15a1c 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -480,6 +480,8 @@ IPA. facet_create_action_panel = function(container) { }); return li; } + + /*Note, for debugging purposes, it is useful to set var pkey_type = 'text';*/ var pkey_type = 'hidden'; $('', { @@ -502,19 +504,24 @@ IPA. facet_create_action_panel = function(container) { do not have search*/ if (entity.facets.length > 0 ){ if ( entity.facets[0].name === IPA.current_facet( entity)){ +if (nested_tabs.length > 1 ){ +main_facet.html(IPA.selected_icon + +IPA.metadata[nested_tabs[nested_index]].label); + +main_facet.addClass('entity-facet-selected'); +main_facet.appendTo(ul); +} ul.append($('')); - -}else{ -main_facet.html( -$('',{ -"class":"input_link" -}). -append(IPA.back_icon + ' Back to List ')); +} else { +main_facet.html( +$('',{ +"class":"input_link" +}). +append(IPA.back_icon + ' Back to List ')); main_facet.addClass('back-to-search'); main_facet.appendTo(ul); } ul.append($('')); - } var facet_groups = {}; var li; @@ -562,6 +569,9 @@ IPA. facet_create_action_panel = function(container) { innerlist.append(facet_link); if ( other_facet.name === IPA.current_facet( entity)){ +var text = facet_link.text(); +facet_link.html(IPA.selected_icon + text); +facet_link.addClass('entity-facet-selected'); innerlist.append($('')); } } -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0159-unselected-facets
ACK looks good - Original Message - > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From e8dc07ef3f3de44d3c92ffb02c13e7cbe99a3e95 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 25 Jan 2011 09:51:25 -0500 Subject: [PATCH] unselected facets Facets that were not selected were getting the class indicating that they were sselected --- install/ui/entity.js |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/install/ui/entity.js b/install/ui/entity.js index 9c58ee3dbbd97f71ab23a204d6bc6d09ce2186db..1e9535c91b7e9083f5e3983d99d6afa753707517 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -559,8 +559,6 @@ IPA. facet_create_action_panel = function(container) { } else { var innerlist = $('').appendTo(ul); var facet_link = build_link(other_facet, other_facet.label); -facet_link.addClass('entity-facet-selected'); -facet_link.prepend(IPA.selected_icon); innerlist.append(facet_link); if ( other_facet.name === IPA.current_facet( entity)){ -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0156-remove-icons-from-association-buttons.
On 01/25/2011 09:58 AM, Kyle Baker wrote: ACK Looks good. - Original Message - ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0072 Fix regreasions in setting up winsync agreements
On Tue, Jan 25, 2011 at 12:11:01PM -0500, Simo Sorce wrote: > On Tue, 25 Jan 2011 12:05:07 -0500 > Simo Sorce wrote: > > > > > Some basic fixes to winsync replication setups. > > Depends on 0069-4 > > > > Ticket #807 > > With the actual patch :) > Ack - I have found the same issue with pylint. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0158-action-buttons-for-dns
On 01/25/2011 09:52 AM, Kyle Baker wrote: ACK Looks good. - Original Message - ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0157-aci-attribute-table-two-columns.patc
On 01/25/2011 09:57 AM, Kyle Baker wrote: ACK Looks good. - Original Message - ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 040 Assorted bugs found by pylint
On Tue, Jan 25, 2011 at 01:09:25PM +0100, Jakub Hrozek wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 01/21/2011 11:43 AM, Jakub Hrozek wrote: > > https://fedorahosted.org/freeipa/ticket/358 > > > > Another part of this effort is running pylint during build. I have > > started on this, but because we use python's dynamic features quite a > > lot, pylint produces a big number of false positives. > > > > I wrote a small pylint plugin that helps (so it allowed me to review the > > pylint results sanely), but it's still not complete - I'd like to resume > > that work during the 2.0.1 bug fixing as there are more pressing issues > > right now, I think. > > Attaching a new version that fixes one more bug and also changes one > hunk so it does not exceed the recommended 80-chars limit. Attached is a new version that is rebased on top of Simo's patch 072. >From 77b338d07f16c548538ccdbc6f8fe55feaa7486b Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 25 Jan 2011 18:46:26 +0100 Subject: [PATCH] Fix assorted bugs found by pylint --- install/tools/ipa-replica-install|4 ++-- install/tools/ipa-server-certinstall |2 +- ipalib/cli.py| 11 --- ipalib/frontend.py |2 +- ipalib/parameters.py |7 +++ ipalib/pkcs10.py |2 -- ipalib/plugins/dns.py|2 +- ipalib/plugins/group.py |2 +- ipalib/plugins/host.py |1 - ipapython/ipautil.py |4 +--- ipaserver/install/certs.py |2 +- ipaserver/install/installutils.py|4 ++-- ipaserver/ipaldap.py |2 -- ipaserver/plugins/dogtag.py |4 +--- ipaserver/plugins/ldap2.py |2 +- ipaserver/plugins/ldapapi.py |6 -- ipaserver/servercore.py |8 17 files changed, 19 insertions(+), 46 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 69c0e7e..ac8b299 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -407,8 +407,8 @@ def main(): # We ned to ldap_enable the CA now that DS is up and running if CA: -CA.ldap_enable('CA', host_name, dm_password, - util.realm_to_suffix(self.realm_name)) +CA.ldap_enable('CA', config.host_name, config.dirman_password, + util.realm_to_suffix(config.realm_name)) install_krb(config, setup_pkinit=options.setup_pkinit) install_http(config) diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall index 543c770..5fc5811 100755 --- a/install/tools/ipa-server-certinstall +++ b/install/tools/ipa-server-certinstall @@ -141,7 +141,7 @@ def main(): set_ds_cert_name(server_cert[0], dm_password) if options.http: -dirname = httpinstance.NSS_DIR +dirname = certs.NSS_DIR server_cert = import_cert(dirname, pkcs12_fname, options.http_pin, "") installutils.set_directive(httpinstance.NSS_CONF, 'NSSNickname', server_cert[0]) diff --git a/ipalib/cli.py b/ipalib/cli.py index 2d219b7..9dda1c2 100644 --- a/ipalib/cli.py +++ b/ipalib/cli.py @@ -620,17 +620,6 @@ class help(frontend.Local): if module == __name__: return return module.split('.')[-1] -# get representation in the form of 'base_module.bare_module.command()' -r = repr(cmd_plugin_proxy) -# skip base module part and the following dot -start = r.find(self._PLUGIN_BASE_MODULE) -if start == -1: -# command module isn't a plugin module, it's a builtin -return None -start += len(self._PLUGIN_BASE_MODULE) + 1 -# parse bare module name -end = r.find('.', start) -return r[start:end] def _get_module_topic(self, module_name): if not sys.modules[module_name]: diff --git a/ipalib/frontend.py b/ipalib/frontend.py index 567edfd..58fd4d6 100644 --- a/ipalib/frontend.py +++ b/ipalib/frontend.py @@ -693,13 +693,13 @@ class Command(HasParam): If the client minor version is less than or equal to the server then let the request proceed. """ +server_ver = version.LooseVersion(API_VERSION) ver = version.LooseVersion(client_version) if len(ver.version) < 2: raise VersionError(cver=ver.version, sver=server_ver.version, server= self.env.xmlrpc_uri) client_major = ver.version[0] client_minor = ver.version[1] -server_ver = version.LooseVersion(API_VERSION) server_major = server_ver.version[0] server_minor = server_ver.version[1] diff --git a/ipalib/parameters.py b/ipalib/parameters.py index 0d6c690..22b0321 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -1532,6 +1532,13 @@ class AccessTime
Re: [Freeipa-devel] [PATCH] 0070 Create DNS entries early on
On 01/24/2011 05:59 PM, Simo Sorce wrote: See ticket #833 for a detailed explanation. Simo. Ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0069 Add/Remove DNS records for replicas
On 01/25/2011 06:05 PM, Simo Sorce wrote: On Tue, 25 Jan 2011 11:59:22 -0500 Simo Sorce wrote: On Tue, 25 Jan 2011 17:47:49 +0100 Jakub Hrozek wrote: On Tue, Jan 25, 2011 at 11:09:46AM -0500, Simo Sorce wrote: On Tue, 25 Jan 2011 10:36:49 -0500 Simo Sorce wrote: On Tue, 25 Jan 2011 15:40:26 +0100 Jakub Hrozek wrote: On Tue, Jan 25, 2011 at 08:57:57AM -0500, Simo Sorce wrote: On Mon, 24 Jan 2011 23:06:17 +0100 Jakub Hrozek wrote: On 01/23/2011 02:09 AM, Simo Sorce wrote: Do it always when the dns tree is available, even if the replica being installed doesn't provide dns service itself. Ticket #824 Simo. I tried applying this on top of both origin/master and 068 but did not succeed. Can you rebase, please? Rebased on top of the new 0068 Simo. I think you attached the wrong patch - the attachment is 68-02, not 69. Sigh. Right one attached now. Simo. Rebased once again leaving only 0068 on top of master. Simo. -- Simo Sorce * Red Hat, Inc * New York Adding DNS records works fine with or without Bind, but removing does not work - you need to import api from ipalib - currently it's just undefined symbol in ipa-replica-manage. I suspect you'll also need to call api.bootstrap() and api.finalize() for the LDAP module to work. Ha now, I know what happend, the other patch I had in the tree is what adds api and all, and that's why I guess you couldn't apply. All my tests about removal passed but I had that other patch in the tree too. Let me rebase and steal those changes from my other patch and resubmit. Simo. New patch attached. Simo. Ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0160-action-panel-select-for-multiple-entities
On 01/25/2011 11:38 AM, Adam Young wrote: ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Had left in a typo. From 28059f95700b664acb12d08f677be53b5430019d Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 25 Jan 2011 11:37:08 -0500 Subject: [PATCH] action panel select for multiple entities --- install/ui/entity.js | 26 ++ 1 files changed, 18 insertions(+), 8 deletions(-) diff --git a/install/ui/entity.js b/install/ui/entity.js index 1e9535c91b7e9083f5e3983d99d6afa753707517..70b583cc4a3838e2a0c92cee87077517e6e15a1c 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -480,6 +480,8 @@ IPA. facet_create_action_panel = function(container) { }); return li; } + + /*Note, for debugging purposes, it is useful to set var pkey_type = 'text';*/ var pkey_type = 'hidden'; $('', { @@ -502,19 +504,24 @@ IPA. facet_create_action_panel = function(container) { do not have search*/ if (entity.facets.length > 0 ){ if ( entity.facets[0].name === IPA.current_facet( entity)){ +if (nested_tabs.length > 1 ){ +main_facet.html(IPA.selected_icon + +IPA.metadata[nested_tabs[nested_index]].label); + +main_facet.addClass('entity-facet-selected'); +main_facet.appendTo(ul); +} ul.append($('')); - -}else{ -main_facet.html( -$('',{ -"class":"input_link" -}). -append(IPA.back_icon + ' Back to List ')); +} else { +main_facet.html( +$('',{ +"class":"input_link" +}). +append(IPA.back_icon + ' Back to List ')); main_facet.addClass('back-to-search'); main_facet.appendTo(ul); } ul.append($('')); - } var facet_groups = {}; var li; @@ -562,6 +569,9 @@ IPA. facet_create_action_panel = function(container) { innerlist.append(facet_link); if ( other_facet.name === IPA.current_facet( entity)){ +var text = facet_link.text(); +facet_link.html(IPA.selected_icon + text); +facet_link.addClass('entity-facet-selected'); innerlist.append($('')); } } -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 692 fix rpmlint warnings
On Tue, Jan 25, 2011 at 11:06:01AM -0500, Rob Crittenden wrote: > I did some specfile clean up in preparation of proposing this as a > package for Fedora 15. > > ticket 804. > > rob Ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0072 Fix regreasions in setting up winsync agreements
On Tue, 25 Jan 2011 12:05:07 -0500 Simo Sorce wrote: > > Some basic fixes to winsync replication setups. > Depends on 0069-4 > > Ticket #807 With the actual patch :) -- Simo Sorce * Red Hat, Inc * New York >From a376d01d9eaebd5a0cd8f2e04776df5bbed81fee Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 19 Jan 2011 09:53:59 -0500 Subject: [PATCH] Fix ipa-replica-manage regressions with winsync Avoids ipa-replica-manage to throw up errors. Fixes: https://fedorahosted.org/freeipa/ticket/807 --- ipaserver/install/dsinstance.py |1 + ipaserver/install/replication.py |8 +--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 7bf29ce98b4fd0aed4f3426b7b901cbaef0b7d0d..29950520117f92938621e843c7787ff0346b3508 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -180,6 +180,7 @@ class DsInstance(service.Service): self.dercert = None self.idstart = None self.idmax = None +self.subject_base = None if realm_name: self.suffix = util.realm_to_suffix(self.realm_name) self.__setup_sub_dict() diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 3c2f3c1807aa553c4c24925bf39c4311d3331683..77ca0578ed66ee7f206e1797b432ccf1c5522b39 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -625,7 +625,8 @@ class ReplicationManager: # there is no other side to get a replica ID from # So we generate one locally replica_id = self._get_replica_id(self.conn, self.conn) -self.basic_replication_setup(self.conn, replica_id) +self.basic_replication_setup(self.conn, replica_id, + self.repl_man_dn, self.repl_man_passwd) #now add a passync user allowed to access the AD server self.add_passsync_user(self.conn, passsync_pw) @@ -638,8 +639,9 @@ class ReplicationManager: logging.info("Agreement is ready, starting replication . . .") #Finally start replication -return self.start_replication(self.conn, ad_conn, - self.repl_man_dn, self.repl_man_passwd) +ret = self.start_replication(ad_conn) +if ret != 0: +raise RuntimeError("Failed to start replication") def convert_to_gssapi_replication(self, r_hostname, r_binddn, r_bindpw): r_conn = ipaldap.IPAdmin(r_hostname, port=PORT, cacert=CACERT) -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0068 populate dua profile
On Tue, 25 Jan 2011 16:19:56 +0100 Jakub Hrozek wrote: > On Tue, Jan 25, 2011 at 08:57:02AM -0500, Simo Sorce wrote: > > On Tue, 25 Jan 2011 08:28:49 -0500 > > Simo Sorce wrote: > > > > > On Tue, 25 Jan 2011 10:41:39 +0100 > > > Jakub Hrozek wrote: > > > > > > > -BEGIN PGP SIGNED MESSAGE- > > > > Hash: SHA1 > > > > > > > > On 01/23/2011 02:08 AM, Simo Sorce wrote: > > > > > Ticket #820 > > > > > > > > > > Simo. > > > > > > > > > > > > > > > > > > I think there's a bug in how the defaultServerList attribute is > > > > cleaned up when a replica is deleted - it seems to remove the > > > > FQDN of the host ipa-replica-manage del is run. In > > > > ReplicationManager.replica_cleanup() you call > > > > srvlist.remove(self.hostname), should that be > > > > srvlist.remove(replica) ? > > > > > > Oh crap :-) > > > > > > Nice catch! > > > > > > Simo. > > > > > > > > > > Ok this new patch should fix that. > > > > Ack Pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0069 Add/Remove DNS records for replicas
On Tue, 25 Jan 2011 11:59:22 -0500 Simo Sorce wrote: > On Tue, 25 Jan 2011 17:47:49 +0100 > Jakub Hrozek wrote: > > > On Tue, Jan 25, 2011 at 11:09:46AM -0500, Simo Sorce wrote: > > > On Tue, 25 Jan 2011 10:36:49 -0500 > > > Simo Sorce wrote: > > > > > > > On Tue, 25 Jan 2011 15:40:26 +0100 > > > > Jakub Hrozek wrote: > > > > > > > > > On Tue, Jan 25, 2011 at 08:57:57AM -0500, Simo Sorce wrote: > > > > > > On Mon, 24 Jan 2011 23:06:17 +0100 > > > > > > Jakub Hrozek wrote: > > > > > > > > > > > > > On 01/23/2011 02:09 AM, Simo Sorce wrote: > > > > > > > > > > > > > > > > Do it always when the dns tree is available, even if the > > > > > > > > replica being installed doesn't provide dns service > > > > > > > > itself. > > > > > > > > > > > > > > > > Ticket #824 > > > > > > > > > > > > > > > > Simo. > > > > > > > > > > > > > > > > > > > > > > I tried applying this on top of both origin/master and 068 > > > > > > > but did not succeed. Can you rebase, please? > > > > > > > > > > > > Rebased on top of the new 0068 > > > > > > > > > > > > Simo. > > > > > > > > > > > > > > > > I think you attached the wrong patch - the attachment is > > > > > 68-02, not 69. > > > > > > > > Sigh. > > > > Right one attached now. > > > > > > > > Simo. > > > > > > > > > > Rebased once again leaving only 0068 on top of master. > > > > > > Simo. > > > > > > -- > > > Simo Sorce * Red Hat, Inc * New York > > > > Adding DNS records works fine with or without Bind, but removing > > does not work - you need to import api from ipalib - currently > > it's just undefined symbol in ipa-replica-manage. I suspect you'll > > also need to call api.bootstrap() and api.finalize() for the LDAP > > module to work. > > Ha now, I know what happend, the other patch I had in the tree is what > adds api and all, and that's why I guess you couldn't apply. > All my tests about removal passed but I had that other patch in the > tree too. > > Let me rebase and steal those changes from my other patch and > resubmit. > > Simo. > New patch attached. Simo. -- Simo Sorce * Red Hat, Inc * New York >From 69f58f8dd3da965c39e70fd10c58c7c8d102b19a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 21 Jan 2011 14:46:58 -0500 Subject: [PATCH] Always add DNS records when installing a replica Even if the replica is not running a DNS server other replicas might. So if the DNS container is present, then try to add DNS records. Fixes: https://fedorahosted.org/freeipa/ticket/824 --- install/tools/ipa-replica-install | 24 +-- install/tools/ipa-replica-manage | 23 ++- ipaserver/install/bindinstance.py | 58 + 3 files changed, 101 insertions(+), 4 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 69c0e7eac73d1f80bb900d13370e7d5e3325e1ed..b53ceeea4f7849a67facd46e7fbf3c2203ad7af5 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -245,6 +245,8 @@ def install_http(config): sys.exit(1) def install_bind(config, options): +api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + bind_pw=config.dirman_password) if options.forwarders: forwarders = options.forwarders else: @@ -266,6 +268,23 @@ def install_bind(config, options): config.domain_name, forwarders, options.conf_ntp, create_reverse) bind.create_instance() +def install_dns_records(config, options): + +if not bindinstance.dns_container_exists(config.host_name, + util.realm_to_suffix(config.realm_name)): +return + +api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + bind_pw=config.dirman_password) +bind = bindinstance.BindInstance(dm_password=config.dirman_password) +ip_address = resolve_host(config.host_name) +if not ip_address: +sys.exit("Unable to resolve IP address for host name") + +bind.add_master_dns_records(config.host_name, ip_address, +config.realm_name, config.domain_name, +options.conf_ntp) + def check_dirsrv(): serverids = dsinstance.check_existing_installation() if serverids: @@ -432,10 +451,9 @@ def main(): service.restart("httpd") if options.setup_dns: -api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", - bind_pw=config.dirman_password) - install_bind(config, options) +else: +install_dns_records(config, options) # Call client install script try: diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 80974545761399cec46032c8ae2b6689aa4ff7fd..8f0b7c59c75042d1b3b4dadbc9e53cd311434a5c 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -24,9 +24,10 @@ import traceback, logging fro
[Freeipa-devel] [PATCH] 0072 Fix regreasions in setting up winsync agreements
Some basic fixes to winsync replication setups. Depends on 0069-4 Ticket #807 -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0069 Add/Remove DNS records for replicas
On Tue, 25 Jan 2011 17:47:49 +0100 Jakub Hrozek wrote: > On Tue, Jan 25, 2011 at 11:09:46AM -0500, Simo Sorce wrote: > > On Tue, 25 Jan 2011 10:36:49 -0500 > > Simo Sorce wrote: > > > > > On Tue, 25 Jan 2011 15:40:26 +0100 > > > Jakub Hrozek wrote: > > > > > > > On Tue, Jan 25, 2011 at 08:57:57AM -0500, Simo Sorce wrote: > > > > > On Mon, 24 Jan 2011 23:06:17 +0100 > > > > > Jakub Hrozek wrote: > > > > > > > > > > > On 01/23/2011 02:09 AM, Simo Sorce wrote: > > > > > > > > > > > > > > Do it always when the dns tree is available, even if the > > > > > > > replica being installed doesn't provide dns service > > > > > > > itself. > > > > > > > > > > > > > > Ticket #824 > > > > > > > > > > > > > > Simo. > > > > > > > > > > > > > > > > > > > I tried applying this on top of both origin/master and 068 > > > > > > but did not succeed. Can you rebase, please? > > > > > > > > > > Rebased on top of the new 0068 > > > > > > > > > > Simo. > > > > > > > > > > > > > I think you attached the wrong patch - the attachment is 68-02, > > > > not 69. > > > > > > Sigh. > > > Right one attached now. > > > > > > Simo. > > > > > > > Rebased once again leaving only 0068 on top of master. > > > > Simo. > > > > -- > > Simo Sorce * Red Hat, Inc * New York > > Adding DNS records works fine with or without Bind, but removing does > not work - you need to import api from ipalib - currently it's just > undefined symbol in ipa-replica-manage. I suspect you'll also need to > call api.bootstrap() and api.finalize() for the LDAP module to work. Ha now, I know what happend, the other patch I had in the tree is what adds api and all, and that's why I guess you couldn't apply. All my tests about removal passed but I had that other patch in the tree too. Let me rebase and steal those changes from my other patch and resubmit. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0069 Add/Remove DNS records for replicas
On Tue, Jan 25, 2011 at 11:09:46AM -0500, Simo Sorce wrote: > On Tue, 25 Jan 2011 10:36:49 -0500 > Simo Sorce wrote: > > > On Tue, 25 Jan 2011 15:40:26 +0100 > > Jakub Hrozek wrote: > > > > > On Tue, Jan 25, 2011 at 08:57:57AM -0500, Simo Sorce wrote: > > > > On Mon, 24 Jan 2011 23:06:17 +0100 > > > > Jakub Hrozek wrote: > > > > > > > > > On 01/23/2011 02:09 AM, Simo Sorce wrote: > > > > > > > > > > > > Do it always when the dns tree is available, even if the > > > > > > replica being installed doesn't provide dns service itself. > > > > > > > > > > > > Ticket #824 > > > > > > > > > > > > Simo. > > > > > > > > > > > > > > > > I tried applying this on top of both origin/master and 068 but > > > > > did not succeed. Can you rebase, please? > > > > > > > > Rebased on top of the new 0068 > > > > > > > > Simo. > > > > > > > > > > I think you attached the wrong patch - the attachment is 68-02, not > > > 69. > > > > Sigh. > > Right one attached now. > > > > Simo. > > > > Rebased once again leaving only 0068 on top of master. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York Adding DNS records works fine with or without Bind, but removing does not work - you need to import api from ipalib - currently it's just undefined symbol in ipa-replica-manage. I suspect you'll also need to call api.bootstrap() and api.finalize() for the LDAP module to work. Jakub ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0160-action-panel-select-for-multiple-entities
From 7f61f392cf9cfafb6d1de32e90ed403d3971a186 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 25 Jan 2011 11:37:08 -0500 Subject: [PATCH] action panel select for multiple entities --- install/ui/entity.js | 28 1 files changed, 20 insertions(+), 8 deletions(-) diff --git a/install/ui/entity.js b/install/ui/entity.js index 1e9535c91b7e9083f5e3983d99d6afa753707517..8e28abca02313a417e2f87c6e0bd65674a001d00 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -480,6 +480,8 @@ IPA. facet_create_action_panel = function(container) { }); return li; } + + /*Note, for debugging purposes, it is useful to set var pkey_type = 'text';*/ var pkey_type = 'hidden'; $('', { @@ -502,19 +504,24 @@ IPA. facet_create_action_panel = function(container) { do not have search*/ if (entity.facets.length > 0 ){ if ( entity.facets[0].name === IPA.current_facet( entity)){ +if (nested_tabs.length > 1 ){ +main_facet.html(IPA.selected_icon + +IPA.metadata[nested_tabs[nested_index]].label); + +main_facet.addClass('entity-facet-selected'); +main_facet.appendTo(ul); +} ul.append($('')); - -}else{ -main_facet.html( -$('',{ -"class":"input_link" -}). -append(IPA.back_icon + ' Back to List ')); +} else { +main_facet.html( +$('',{ +"class":"input_link" +}). +append(IPA.back_icon + ' Back to List ')); main_facet.addClass('back-to-search'); main_facet.appendTo(ul); } ul.append($('')); - } var facet_groups = {}; var li; @@ -562,7 +569,12 @@ IPA. facet_create_action_panel = function(container) { innerlist.append(facet_link); if ( other_facet.name === IPA.current_facet( entity)){ +var text = facet_link.text(); +facet_link.html(IPA.selected_icon + text); +facet_link.addClass('entity-facet-selected'); innerlist.append($('')); + +make_current_facet(facet_link); } } } -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 029 Enforce uniqueness on (key, info) pairs in automount keys
Rob Crittenden wrote: Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/25/2011 04:42 AM, Rob Crittenden wrote: Jakub Hrozek wrote: On 01/21/2011 05:55 PM, Rob Crittenden wrote: Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/10/2011 05:15 PM, Jakub Hrozek wrote: On 12/20/2010 03:33 PM, Jakub Hrozek wrote: On 12/20/2010 02:49 PM, Jakub Hrozek wrote: Attached is a patch that changes the uniqueness constraint of automount keys from (key) to (key,info) pairs. The patch is not really standard baseldap style. The reason is that during development, I found that baseldap is really dependent on having a single primary key and also during many operations accessing it as keys[-1]. Please note that the ipa automountkey-* commands used to have three args, now its two args and two required options (that compose the tuple that is primary key). I know next to nothing about UI, but I assume this has consequences as the JSON marshalled call needs to be different now. Can someone point me to the place in code that I need to fix now? Fixes: https://fedorahosted.org/freeipa/ticket/293 Sorry, I left some debugging statements in. Attached is a new patch. Attached is a patch that applies cleanly on top of origin/master. Can you provide some guidance on how to test this patch? thanks rob Sure: The main change to CLI is that both key and info must be provided. These are put into the description attribute, at the same time this (key,info) tuple is checked for uniqueness. The automount test is a good start for testing the patch. It also tests a duplicate direct map. To test the duplicates manually: ipa automountlocation-add baltimore ipa automountmap-add baltimore auto.direct2 ipa automountkey-add baltimore auto.master --key=/- --info=auto.direct2 ipa automountlocation-tofiles baltimore You should see something like: /etc/auto.master: /- /etc/auto.direct /- /etc/auto.direct2 --- /etc/auto.direct: --- /etc/auto.direct2: Ack with two conditions and a question: Conditions: 1. Check with qe to see if they already have tests for automount. If they do we'll need to coordinate getting their tests updated. Jenny, I see you are in the CC list. Do you know? 2. The samples in the command help don't use the --key argument, can you update them? Sorry, but I think the samples are OK. I just tried cut-n-pasting all of them into the terminal and found one glitch (new patch that fixes just that typo in help is attached), but all the ipa automountkey-* commands list the --key parameter in help. Or do you mean something else than the output of ipa help automount? Ok, you're right. Time to get my eyes checked :-) If Jenny says ok then ack. rob Question: Can you import multiple direct maps? Yes, just tested. If someone would like to test, please note that when you create a new automount location, a direct map is created for the new location by default. This is how I imported a /etc/auto.master file with multiple direct maps: # create a new location ipa automountlocation-add testimport # remove the reference to the direct map from the auto.master map ipa automountkey-del testimport auto.master --key=/- --info=auto.direct # remove the auto.direct location ipa automountmap-del testimport auto.direct # import the new maps ipa automountlocation-import testimport /etc/auto.master My /etc/auto.master looks something like this: - - /misc /etc/auto.misc /net -hosts /- /etc/auto.direct /- /etc/auto.direct2 /home /etc/auto.home - - Jenny says ok, pushed to master rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0069 Add/Remove DNS records for replicas
On Tue, 25 Jan 2011 10:36:49 -0500 Simo Sorce wrote: > On Tue, 25 Jan 2011 15:40:26 +0100 > Jakub Hrozek wrote: > > > On Tue, Jan 25, 2011 at 08:57:57AM -0500, Simo Sorce wrote: > > > On Mon, 24 Jan 2011 23:06:17 +0100 > > > Jakub Hrozek wrote: > > > > > > > On 01/23/2011 02:09 AM, Simo Sorce wrote: > > > > > > > > > > Do it always when the dns tree is available, even if the > > > > > replica being installed doesn't provide dns service itself. > > > > > > > > > > Ticket #824 > > > > > > > > > > Simo. > > > > > > > > > > > > > I tried applying this on top of both origin/master and 068 but > > > > did not succeed. Can you rebase, please? > > > > > > Rebased on top of the new 0068 > > > > > > Simo. > > > > > > > I think you attached the wrong patch - the attachment is 68-02, not > > 69. > > Sigh. > Right one attached now. > > Simo. > Rebased once again leaving only 0068 on top of master. Simo. -- Simo Sorce * Red Hat, Inc * New York >From e7d01a0d4404eaea0acda6d40e21b4b9d9c1b5b6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 21 Jan 2011 14:46:58 -0500 Subject: [PATCH] Always add DNS records when installing a replica Even if the replica is not running a DNS server other replicas might. So if the DNS container is present, then try to add DNS records. Fixes: https://fedorahosted.org/freeipa/ticket/824 --- install/tools/ipa-replica-install | 24 +-- install/tools/ipa-replica-manage | 16 ++ ipaserver/install/bindinstance.py | 58 + 3 files changed, 95 insertions(+), 3 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 69c0e7eac73d1f80bb900d13370e7d5e3325e1ed..b53ceeea4f7849a67facd46e7fbf3c2203ad7af5 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -245,6 +245,8 @@ def install_http(config): sys.exit(1) def install_bind(config, options): +api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + bind_pw=config.dirman_password) if options.forwarders: forwarders = options.forwarders else: @@ -266,6 +268,23 @@ def install_bind(config, options): config.domain_name, forwarders, options.conf_ntp, create_reverse) bind.create_instance() +def install_dns_records(config, options): + +if not bindinstance.dns_container_exists(config.host_name, + util.realm_to_suffix(config.realm_name)): +return + +api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + bind_pw=config.dirman_password) +bind = bindinstance.BindInstance(dm_password=config.dirman_password) +ip_address = resolve_host(config.host_name) +if not ip_address: +sys.exit("Unable to resolve IP address for host name") + +bind.add_master_dns_records(config.host_name, ip_address, +config.realm_name, config.domain_name, +options.conf_ntp) + def check_dirsrv(): serverids = dsinstance.check_existing_installation() if serverids: @@ -432,10 +451,9 @@ def main(): service.restart("httpd") if options.setup_dns: -api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", - bind_pw=config.dirman_password) - install_bind(config, options) +else: +install_dns_records(config, options) # Call client install script try: diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 80974545761399cec46032c8ae2b6689aa4ff7fd..e611324a44ea13f8cb0763b6cc7d4b5c008b6bd5 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -24,6 +24,7 @@ import traceback, logging from ipapython import ipautil from ipaserver.install import replication, dsinstance, installutils +from ipaserver.install import bindinstance from ipaserver import ipaldap from ipapython import version from ipalib import errors, util @@ -274,6 +275,21 @@ def del_master(realm, hostname, options): print "Failed to cleanup %s entries: %s" % (hostname, str(e)) print "You may need to manually remove them from the tree" +# 5. And clean up the removed replica DNS entries if any. +try: +if bindinstance.dns_container_exists(options.host, thisrepl.suffix): +if options.dirman_passwd: +api.Backend.ldap2.connect(bind_dn='cn=Directory Manager', + bind_pw=options.dirman_passwd) +else: +ccache = krbV.default_context().default_ccache().name +api.Backend.ldap2.connect(ccache=ccache) +bind = bindinstance.BindInstance() +bind.remove_master_dns_records(hostname, realm, realm.lower()) +except Exception, e: +print "Failed to cleanup %s DNS entries: %s" % (hostname, str(e))
[Freeipa-devel] [PATCH] 692 fix rpmlint warnings
I did some specfile clean up in preparation of proposing this as a package for Fedora 15. ticket 804. rob >From 53249503123048c05127136ae2900b3aa810423e Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 25 Jan 2011 11:03:40 -0500 Subject: [PATCH] Clean up some rpmlint errors in the spec file. Re-arrange doc and defattr to clean up rpmlint warnings Remove conditionals on older releases Move some man pages into admintools subpackage Remove some explicit Requires in client that aren't needed Consistent use of buildroot vs RPM_BUILD_ROOT Ticket 804 --- ipa.spec.in | 54 -- 1 files changed, 24 insertions(+), 30 deletions(-) diff --git a/ipa.spec.in b/ipa.spec.in index 7d7ce77..b538820 100644 --- a/ipa.spec.in +++ b/ipa.spec.in @@ -69,9 +69,7 @@ Requires: 389-ds-base >= 1.2.7.4 Requires: openldap-clients Requires: nss Requires: nss-tools -%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 Requires: krb5-server -%endif Requires: krb5-server-ldap Requires: krb5-pkinit-openssl Requires: cyrus-sasl-gssapi @@ -79,19 +77,13 @@ Requires: ntp Requires: httpd Requires: mod_wsgi Requires: mod_auth_kerb -%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 Requires: mod_nss -%endif Requires: python-ldap Requires: python-krbV Requires: acl Requires: python-pyasn1 >= 0.0.9a Requires: libcap -%{?fc12:Requires: selinux-policy >= 3.6.32-123} -%{?fc13:Requires: selinux-policy >= 3.7.19-40} -%if 0%{?fedora} >= 14 || 0%{?rhel} >= 6 Requires: selinux-policy -%endif Requires(post): selinux-policy-base Requires: slapi-nis >= 0.21 Requires: pki-ca >= 9.0.0 @@ -131,12 +123,10 @@ Requires: python-ldap Requires: cyrus-sasl-gssapi Requires: ntp Requires: krb5-workstation -Requires: krb5-libs Requires: authconfig Requires: pam_krb5 Requires: wget Requires: xmlrpc-c -Requires: libcurl Requires: sssd >= 1.2.1 Requires: certmonger >= 0.26 Requires: nss-tools @@ -196,11 +186,7 @@ export CPPFLAGS="$CPPFLAGS %{optflags}" make version-update cd ipa-client; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd .. %if ! %{ONLY_CLIENT} -%if 0%{?fedora} >= 14 || 0%{?rhel} >= 6 cd daemons; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir} --with-openldap; cd .. -%else -cd daemons; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd .. -%endif cd install; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd .. %endif @@ -248,19 +234,19 @@ ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \ %{buildroot}%{_usr}/share/ipa/html/unauthorized.html # So we can own our Apache configuration -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ -/bin/touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa.conf -/bin/touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf -install -m755 ipa.init $RPM_BUILD_ROOT%{_initrddir}/ipa +mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/ +/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa.conf +/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf +install -m755 ipa.init %{buildroot}%{_initrddir}/ipa %endif -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/ipa/ -/bin/touch $RPM_BUILD_ROOT%{_sysconfdir}/ipa/default.conf +mkdir -p %{buildroot}%{_sysconfdir}/ipa/ +/bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore %if ! %{ONLY_CLIENT} -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d -install -pm 644 contrib/completion/ipa.bash_completion $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/ipa +mkdir -p %{buildroot}%{_sysconfdir}/bash_completion.d +install -pm 644 contrib/completion/ipa.bash_completion %{buildroot}%{_sysconfdir}/bash_completion.d/ipa %endif %clean @@ -335,8 +321,8 @@ fi %if ! %{ONLY_CLIENT} %files server -%doc COPYING README Contributors.txt %defattr(-,root,root,-) +%doc COPYING README Contributors.txt %{_sbindir}/ipa-dns-install %{_sbindir}/ipa-server-install %{_sbindir}/ipa-replica-install @@ -407,18 +393,16 @@ fi %{_mandir}/man1/ipa-dns-install.1.gz %{_mandir}/man8/ipa_kpasswd.8.gz %{_mandir}/man8/ipactl.8.gz -%{_mandir}/man1/ipa-compat-manage.1.gz -%{_mandir}/man1/ipa-nis-manage.1.gz -%{_mandir}/man1/ipa-host-net-manage.1.gz -%{_mandir}/man1/ipa-ldap-updater.1.gz %files server-selinux +%defattr(-,root,root,-) %{_usr}/share/selinux/targeted/ipa_kpasswd.pp %{_usr}/share/selinux/targeted/ipa_httpd.pp %{_usr}/share/selinux/targeted/ipa_dogtag.pp %endif %files client +%defattr(-,root,root,-) %doc COPYING README Contributors.txt %{_sbindir}/ipa-client-install %{_sbindir}/ipa-getkeytab @@ -439,8 +423,8 @@ fi %if ! %{ONLY_CLIENT} %files admintools -%doc COPYIN
Re: [Freeipa-devel] [PATCH] 0069 Add/Remove DNS records for replicas
On Tue, 25 Jan 2011 15:40:26 +0100 Jakub Hrozek wrote: > On Tue, Jan 25, 2011 at 08:57:57AM -0500, Simo Sorce wrote: > > On Mon, 24 Jan 2011 23:06:17 +0100 > > Jakub Hrozek wrote: > > > > > On 01/23/2011 02:09 AM, Simo Sorce wrote: > > > > > > > > Do it always when the dns tree is available, even if the replica > > > > being installed doesn't provide dns service itself. > > > > > > > > Ticket #824 > > > > > > > > Simo. > > > > > > > > > > I tried applying this on top of both origin/master and 068 but did > > > not succeed. Can you rebase, please? > > > > Rebased on top of the new 0068 > > > > Simo. > > > > I think you attached the wrong patch - the attachment is 68-02, not > 69. Sigh. Right one attached now. Simo. -- Simo Sorce * Red Hat, Inc * New York >From 616991da58f9bd64e0fe90dcd197bfd2b5725a02 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 21 Jan 2011 14:46:58 -0500 Subject: [PATCH 2/3] Always add DNS records when installing a replica Even if the replica is not running a DNS server other replicas might. So if the DNS container is present, then try to add DNS records. Fixes: https://fedorahosted.org/freeipa/ticket/824 --- install/tools/ipa-replica-install | 24 +-- install/tools/ipa-replica-manage | 16 ++ ipaserver/install/bindinstance.py | 58 + 3 files changed, 95 insertions(+), 3 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 69c0e7eac73d1f80bb900d13370e7d5e3325e1ed..b53ceeea4f7849a67facd46e7fbf3c2203ad7af5 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -245,6 +245,8 @@ def install_http(config): sys.exit(1) def install_bind(config, options): +api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + bind_pw=config.dirman_password) if options.forwarders: forwarders = options.forwarders else: @@ -266,6 +268,23 @@ def install_bind(config, options): config.domain_name, forwarders, options.conf_ntp, create_reverse) bind.create_instance() +def install_dns_records(config, options): + +if not bindinstance.dns_container_exists(config.host_name, + util.realm_to_suffix(config.realm_name)): +return + +api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + bind_pw=config.dirman_password) +bind = bindinstance.BindInstance(dm_password=config.dirman_password) +ip_address = resolve_host(config.host_name) +if not ip_address: +sys.exit("Unable to resolve IP address for host name") + +bind.add_master_dns_records(config.host_name, ip_address, +config.realm_name, config.domain_name, +options.conf_ntp) + def check_dirsrv(): serverids = dsinstance.check_existing_installation() if serverids: @@ -432,10 +451,9 @@ def main(): service.restart("httpd") if options.setup_dns: -api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", - bind_pw=config.dirman_password) - install_bind(config, options) +else: +install_dns_records(config, options) # Call client install script try: diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 20eb93c26748c71e097a38f40cb58c0215a643e1..8f0b7c59c75042d1b3b4dadbc9e53cd311434a5c 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -24,6 +24,7 @@ import traceback, logging from ipapython import ipautil from ipaserver.install import replication, dsinstance, installutils +from ipaserver.install import bindinstance from ipaserver import ipaldap from ipapython import version from ipalib import api, errors, util @@ -274,6 +275,21 @@ def del_master(realm, hostname, options): print "Failed to cleanup %s entries: %s" % (hostname, str(e)) print "You may need to manually remove them from the tree" +# 5. And clean up the removed replica DNS entries if any. +try: +if bindinstance.dns_container_exists(options.host, thisrepl.suffix): +if options.dirman_passwd: +api.Backend.ldap2.connect(bind_dn='cn=Directory Manager', + bind_pw=options.dirman_passwd) +else: +ccache = krbV.default_context().default_ccache().name +api.Backend.ldap2.connect(ccache=ccache) +bind = bindinstance.BindInstance() +bind.remove_master_dns_records(hostname, realm, realm.lower()) +except Exception, e: +print "Failed to cleanup %s DNS entries: %s" % (hostname, str(e)) +print "You may need to manually remove them from the tree" + def add_link(realm, replica1, replica2, dirman_passwd, options): if options.winsync: diff --git a/
[Freeipa-devel] [PATCH] Raise ValidationError when adding unallowed attribute to search fields.
Depends on my previous patch number 64 (posted on the list 2 minutes ago). Ticket #845 Pavel >From 275f22f718af14f3f3c5e29c1f03471ab152b386 Mon Sep 17 00:00:00 2001 From: Pavel Zuna Date: Tue, 25 Jan 2011 15:25:52 -0500 Subject: [PATCH 2/2] Raise ValidationError when adding unallowed attribute to search fields. Ticket #845 --- ipalib/plugins/config.py | 16 1 files changed, 16 insertions(+), 0 deletions(-) diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index ccd06ca..f779732 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -198,6 +198,22 @@ class config_mod(LDAPUpdate): api.Command['group_show'](group) except errors.NotFound: raise errors.NotFound(message=unicode("The group doesn't exist")) +kw = {} +if 'ipausersearchfields' in entry_attrs: +kw['ipausersearchfields'] = 'ipauserobjectclasses' +if 'ipagroupsearchfields' in entry_attrs: +kw['ipagroupsearchfields'] = 'ipagroupobjectclasses' +if kw: +config = ldap.get_ipa_config(kw.values()) +for (k, v) in kw.iteritems(): +allowed_attrs = ldap.get_allowed_attributes(config[1][v]) +fields = entry_attrs[k].split(',') +for a in fields: +a = a.strip() +if a not in allowed_attrs: +raise errors.ValidationError( +name=k, error='attribute "%s" not allowed' % a +) return dn api.register(config_mod) -- 1.7.1.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Add ldap2 method to retrieve allowed attributes for specified objectClasses.
ldap2.get_allowed_attributes(['posixuser']) returns a list of unicode all lower case attribute names allowed for the object class 'posixuser' You can enter as many object classes as you want. Pavel >From 044476963a96136f951ccf8232debc1b1c48513f Mon Sep 17 00:00:00 2001 From: Pavel Zuna Date: Tue, 25 Jan 2011 15:24:03 -0500 Subject: [PATCH 1/2] Add ldap2 method to retrieve allowed attributes for specified objectClasses. ldap2.get_allowed_attribute(['posixuser']) returns a list of unicode all lower case attribute names allowed for the object class 'posixuser' --- ipaserver/plugins/ldap2.py | 20 +--- 1 files changed, 17 insertions(+), 3 deletions(-) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 86ea3f8..7490dfb 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -266,6 +266,16 @@ class ldap2(CrudBackend, Encoder): else: return None +def get_allowed_attributes(self, objectclasses): +if not self.schema: +return [] +allowed_attributes = [] +for oc in objectclasses: +obj = self.schema.get_obj(_ldap.schema.ObjectClass, oc) +if obj is not None: +allowed_attributes += obj.must + obj.may +return [unicode(a).lower() for a in list(set(allowed_attributes))] + def get_single_value(self, attr): """ Check the schema to see if the attribute is single-valued. @@ -597,15 +607,19 @@ class ldap2(CrudBackend, Encoder): Keyword arguments: attrs_list - list of attributes to return, all if None (default None) """ -return self.find_entries(None, attrs_list, dn, self.SCOPE_BASE, time_limit=time_limit, size_limit=size_limit, normalize=normalize)[0][0] +return self.find_entries( +None, attrs_list, dn, self.SCOPE_BASE, time_limit=time_limit, +size_limit=size_limit, normalize=normalize +)[0][0] config_defaults = {'ipasearchtimelimit': [2], 'ipasearchrecordslimit': [0]} -def get_ipa_config(self): +def get_ipa_config(self, attrs_list=None): """Returns the IPA configuration entry (dn, entry_attrs).""" cdn = "%s,%s" % (api.Object.config.get_dn(), api.env.basedn) try: (cdn, config_entry) = self.find_entries( -base_dn=cdn, scope=self.SCOPE_BASE, time_limit=2, size_limit=10 +None, attrs_list, base_dn=cdn, scope=self.SCOPE_BASE, +time_limit=2, size_limit=10 )[0][0] except errors.NotFound: config_entry = {} -- 1.7.1.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0068 populate dua profile
On Tue, Jan 25, 2011 at 08:57:02AM -0500, Simo Sorce wrote: > On Tue, 25 Jan 2011 08:28:49 -0500 > Simo Sorce wrote: > > > On Tue, 25 Jan 2011 10:41:39 +0100 > > Jakub Hrozek wrote: > > > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > On 01/23/2011 02:08 AM, Simo Sorce wrote: > > > > Ticket #820 > > > > > > > > Simo. > > > > > > > > > > > > > > I think there's a bug in how the defaultServerList attribute is > > > cleaned up when a replica is deleted - it seems to remove the FQDN > > > of the host ipa-replica-manage del is run. In > > > ReplicationManager.replica_cleanup() you call > > > srvlist.remove(self.hostname), should that be > > > srvlist.remove(replica) ? > > > > Oh crap :-) > > > > Nice catch! > > > > Simo. > > > > > > Ok this new patch should fix that. > Ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Add flags to enforce asking for object attribute
Jan Zelený wrote: So far the only way to enforce asking for parameter in interactive mode was the alwaysask attribute, which is not sufficient any more. This patch adds the ability to control during which actions the atrribute shall be asked for. Jan nack, this doesn't address the interactive part in ipalib/cli.py. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0156-remove-icons-from-association-buttons.
ACK Looks good. - Original Message - > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From b4313a5605bdd9de95d4bb245196d13aa54a7e46 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Mon, 24 Jan 2011 22:00:38 -0500 Subject: [PATCH] remove icons from association buttons --- install/ui/widget.js |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/install/ui/widget.js b/install/ui/widget.js index 138526fb3520e71643769ee8ad841be6769d0d70..90f6dac8bf47dec2ef17bcd4a84648ffd829d99d 100644 --- a/install/ui/widget.js +++ b/install/ui/widget.js @@ -1191,7 +1191,6 @@ IPA.adder_dialog = function (spec) { button = $('input[name=remove]', that.container); that.remove_button = IPA.button({ 'label': button.val(), -'icon': 'ui-icon-trash', 'click': function() { that.remove(); } @@ -1201,7 +1200,6 @@ IPA.adder_dialog = function (spec) { button = $('input[name=add]', that.container); that.add_button = IPA.button({ 'label': button.val(), -'icon': 'ui-icon-plus', 'click': function() { that.add(); } -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0157-aci-attribute-table-two-columns.patc
ACK Looks good. - Original Message - > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From 9611600891b8e594f25cd04f8aa5b2f0c1ca79f9 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Mon, 24 Jan 2011 22:21:31 -0500 Subject: [PATCH] aci attribute table two columns --- install/ui/aci.js | 31 +++ install/ui/ipa.css |9 + 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/install/ui/aci.js b/install/ui/aci.js index 85cfcaa850a17a94e40c53320c41b11b444b5f3a..eb941cb97a3f201bb17b8cc5828b1e19d1e539b8 100644 --- a/install/ui/aci.js +++ b/install/ui/aci.js @@ -42,6 +42,7 @@ IPA.populate_attribute_table = function (table, entity){ id:'aciattr-'+aciattrs[a].toLowerCase(), "class":'aci-attribute' })); +td = $('').appendTo(aci_tr); td.append($('',{ text:aciattrs[a].toLowerCase()})); } @@ -58,25 +59,23 @@ IPA.attribute_table_widget= function (spec){ var dd = $('').appendTo(container); table = $('',{ id:id, -'class':'search-table'}). +'class':'search-table aci-attribute-table'}). append(''). -append($('',{ -style:"height:30em; overflow:auto;" -})). +append($('')). appendTo(dd); -$(''). -append($('',{ -style:"height:2em; vertical-align:bottom;", -html:$('',{ -type: "checkbox", -click: function(){ -$('.aci-attribute'). -attr('checked', $(this).attr('checked')); -}}). -after('Attribute') -})). -appendTo($('thead', table)); +var tr = $('').appendTo($('thead', table)); +tr.append($('',{ +style:"height:2em; vertical-align:bottom;", +html:$('',{ +type: "checkbox", +click: function(){ +$('.aci-attribute'). +attr('checked', $(this).attr('checked')); +}}) +})). +append('Attribute'); + IPA.populate_attribute_table(table, object_type); }; diff --git a/install/ui/ipa.css b/install/ui/ipa.css index 5726ad99cae139ea8b7b99f09445579c6ad5d95a..37324f891666872fca91a3c7f4a1df057e310fd8 100644 --- a/install/ui/ipa.css +++ b/install/ui/ipa.css @@ -597,12 +597,13 @@ a.action-button-disabled { margin-top: 2em; } -.search-table tr:nth-child(even){ -#background-color:#CCC; +.aci-attribute-table tbody{ +height:30em; +overflow:auto; } -.search-table tr:nth-child(odd){ -#background-color:#FFF; +.aci-attribute-table th.aci-attribute-column{ +width: 25em; } .entity-views{ -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 029 Enforce uniqueness on (key, info) pairs in automount keys
Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/25/2011 04:42 AM, Rob Crittenden wrote: Jakub Hrozek wrote: On 01/21/2011 05:55 PM, Rob Crittenden wrote: Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/10/2011 05:15 PM, Jakub Hrozek wrote: On 12/20/2010 03:33 PM, Jakub Hrozek wrote: On 12/20/2010 02:49 PM, Jakub Hrozek wrote: Attached is a patch that changes the uniqueness constraint of automount keys from (key) to (key,info) pairs. The patch is not really standard baseldap style. The reason is that during development, I found that baseldap is really dependent on having a single primary key and also during many operations accessing it as keys[-1]. Please note that the ipa automountkey-* commands used to have three args, now its two args and two required options (that compose the tuple that is primary key). I know next to nothing about UI, but I assume this has consequences as the JSON marshalled call needs to be different now. Can someone point me to the place in code that I need to fix now? Fixes: https://fedorahosted.org/freeipa/ticket/293 Sorry, I left some debugging statements in. Attached is a new patch. Attached is a patch that applies cleanly on top of origin/master. Can you provide some guidance on how to test this patch? thanks rob Sure: The main change to CLI is that both key and info must be provided. These are put into the description attribute, at the same time this (key,info) tuple is checked for uniqueness. The automount test is a good start for testing the patch. It also tests a duplicate direct map. To test the duplicates manually: ipa automountlocation-add baltimore ipa automountmap-add baltimore auto.direct2 ipa automountkey-add baltimore auto.master --key=/- --info=auto.direct2 ipa automountlocation-tofiles baltimore You should see something like: /etc/auto.master: /- /etc/auto.direct /- /etc/auto.direct2 --- /etc/auto.direct: --- /etc/auto.direct2: Ack with two conditions and a question: Conditions: 1. Check with qe to see if they already have tests for automount. If they do we'll need to coordinate getting their tests updated. Jenny, I see you are in the CC list. Do you know? 2. The samples in the command help don't use the --key argument, can you update them? Sorry, but I think the samples are OK. I just tried cut-n-pasting all of them into the terminal and found one glitch (new patch that fixes just that typo in help is attached), but all the ipa automountkey-* commands list the --key parameter in help. Or do you mean something else than the output of ipa help automount? Ok, you're right. Time to get my eyes checked :-) If Jenny says ok then ack. rob Question: Can you import multiple direct maps? Yes, just tested. If someone would like to test, please note that when you create a new automount location, a direct map is created for the new location by default. This is how I imported a /etc/auto.master file with multiple direct maps: # create a new location ipa automountlocation-add testimport # remove the reference to the direct map from the auto.master map ipa automountkey-del testimport auto.master --key=/- --info=auto.direct # remove the auto.direct location ipa automountmap-del testimport auto.direct # import the new maps ipa automountlocation-import testimport /etc/auto.master My /etc/auto.master looks something like this: - - /misc /etc/auto.misc /net-hosts /- /etc/auto.direct /- /etc/auto.direct2 /home /etc/auto.home - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0+zdYACgkQHsardTLnvCVL/ACghLxen44ZZv+qIFBm6Cz3cinM oMEAoLAAUtCKnxDlUHKtpyMvg75Zq/Iq =7MbL -END PGP SIGNATURE- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0158-action-buttons-for-dns
ACK Looks good. - Original Message - > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From 27660b175d90b1d7b96958aa537a96ff46b498b8 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Mon, 24 Jan 2011 22:30:28 -0500 Subject: [PATCH] action buttons for dns --- install/ui/policy.js |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/install/ui/policy.js b/install/ui/policy.js index eeec44e35b144b911bcdb4abdb047f17432594a6..208b7c9ec55f82166d876fea250c93a37bf85880 100644 --- a/install/ui/policy.js +++ b/install/ui/policy.js @@ -333,13 +333,13 @@ IPA.records_facet = function (spec){ "class":"action-controls"}).appendTo(action_panel_ul); -IPA.button({ +IPA.action_button({ 'label': IPA.messages.button.add, 'icon': 'ui-icon-plus', 'click': add_click }).appendTo(action_controls); -IPA.button({ +IPA.action_button({ 'label': IPA.messages.button.remove, 'icon': 'ui-icon-trash', 'click': function(){delete_records(records_table);} -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0159-unselected-facets
From e8dc07ef3f3de44d3c92ffb02c13e7cbe99a3e95 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 25 Jan 2011 09:51:25 -0500 Subject: [PATCH] unselected facets Facets that were not selected were getting the class indicating that they were sselected --- install/ui/entity.js |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/install/ui/entity.js b/install/ui/entity.js index 9c58ee3dbbd97f71ab23a204d6bc6d09ce2186db..1e9535c91b7e9083f5e3983d99d6afa753707517 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -559,8 +559,6 @@ IPA. facet_create_action_panel = function(container) { } else { var innerlist = $('').appendTo(ul); var facet_link = build_link(other_facet, other_facet.label); -facet_link.addClass('entity-facet-selected'); -facet_link.prepend(IPA.selected_icon); innerlist.append(facet_link); if ( other_facet.name === IPA.current_facet( entity)){ -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0069 Add/Remove DNS records for replicas
On Tue, Jan 25, 2011 at 08:57:57AM -0500, Simo Sorce wrote: > On Mon, 24 Jan 2011 23:06:17 +0100 > Jakub Hrozek wrote: > > > On 01/23/2011 02:09 AM, Simo Sorce wrote: > > > > > > Do it always when the dns tree is available, even if the replica > > > being installed doesn't provide dns service itself. > > > > > > Ticket #824 > > > > > > Simo. > > > > > > > I tried applying this on top of both origin/master and 068 but did > > not succeed. Can you rebase, please? > > Rebased on top of the new 0068 > > Simo. > I think you attached the wrong patch - the attachment is 68-02, not 69. Jakub ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Add flags to enforce asking for object attribute
So far the only way to enforce asking for parameter in interactive mode was the alwaysask attribute, which is not sufficient any more. This patch adds the ability to control during which actions the atrribute shall be asked for. Jan From 96a8b94e877f6f6bc2d5cbd274d46aa66df85b88 Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Tue, 25 Jan 2011 09:06:19 -0500 Subject: [PATCH] Add flags to enforce asking for object attribute So far the only flag to enforce asking in interactive mode was the alwaysask attribute, which is not sufficient any more. This patch adds the ability to control for which actions the atrribute shall be asked for. --- ipalib/crud.py | 23 --- ipalib/plugins/permission.py | 12 ++-- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/ipalib/crud.py b/ipalib/crud.py index 76d57daef68128bafab923ce00c7afe0e290966d..b7a665361804b853da4f00de5ab2b2030c9de86c 100644 --- a/ipalib/crud.py +++ b/ipalib/crud.py @@ -141,7 +141,13 @@ class Create(Method): for option in self.obj.params_minus(self.args): if 'no_create' in option.flags: continue -yield option.clone(attribute=True) +if 'ask_create' in option.flags: +yield option.clone( +attribute=True, query=True, required=False, +autofill=False, alwaysask=True +) +else: +yield option.clone(attribute=True) if not self.extra_options_first: for option in super(Create, self).get_options(): yield option @@ -179,7 +185,13 @@ class Update(PKQuery): for option in self.obj.params_minus_pk(): if 'no_update' in option.flags: continue -yield option.clone(attribute=True, required=False, autofill=False) +if 'ask_update' in option.flags: +yield option.clone( +attribute=True, query=True, required=False, +autofill=False, alwaysask=True +) +else: +yield option.clone(attribute=True, required=False, autofill=False) if not self.extra_options_first: for option in super(Update, self).get_options(): yield option @@ -210,7 +222,12 @@ class Search(Method): for option in self.obj.params_minus(self.args): if 'no_search' in option.flags: continue -if isinstance(option, parameters.Flag): +if 'ask_search' in option.flags: +yield option.clone( +attribute=True, query=True, required=False, +autofill=False, alwaysask=True +) +elif isinstance(option, parameters.Flag): yield option.clone_retype( option.name, parameters.Bool, attribute=True, query=True, required=False, autofill=False diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index e97174abfaa855a36552dcfdc55049c58cb5c312..14d7b96569cc9e228bebaac37d67d6709039e164 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -116,38 +116,38 @@ class permission(LDAPObject): label=_('Attributes'), doc=_('Comma-separated list of attributes'), normalizer=lambda value: value.lower(), -alwaysask=True, +flags=('ask_create', 'ask_update'), ), StrEnum('type?', cli_name='type', label=_('Type'), doc=_('Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)'), values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns',), -alwaysask=True, +flags=('ask_create', 'ask_update'), ), Str('memberof?', cli_name='memberof', label=_('Member of group'), # FIXME: Does this label make sense? doc=_('Target members of a group'), -alwaysask=True, +flags=('ask_create', 'ask_update'), ), Str('filter?', cli_name='filter', label=_('Filter'), doc=_('Legal LDAP filter (e.g. ou=Engineering)'), -alwaysask=True, +flags=('ask_create', 'ask_update'), ), Str('subtree?', cli_name='subtree', label=_('Subtree'), doc=_('Subtree to apply permissions to'), -alwaysask=True, +flags=('ask_create', 'ask_update'), ), Str('targetgroup?', cli_name='targetgroup', label=_('Target group'), doc=_('User group to apply permissions to'), -alwaysask=True, +flags=('ask_create', 'ask_update'), ), ) -- 1.7.3.4 ___ Freeipa-deve
Re: [Freeipa-devel] [PATCH] Unused value in initdefault_encoding_utf8
On Tue, 25 Jan 2011 09:55:51 +0100 Martin Kosek wrote: > On Mon, 2011-01-17 at 13:13 +0100, Jakub Hrozek wrote: > > On 01/17/2011 01:00 PM, Martin Kosek wrote: > > > There is no use for return value of Py_InitModule3. Removing it > > > in this patch. > > > > > > https://fedorahosted.org/freeipa/ticket/710 > > > > > > > Ack > > Just a reminder that this patch is ready for push. Pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0069 Add/Remove DNS records for replicas
On Mon, 24 Jan 2011 23:06:17 +0100 Jakub Hrozek wrote: > On 01/23/2011 02:09 AM, Simo Sorce wrote: > > > > Do it always when the dns tree is available, even if the replica > > being installed doesn't provide dns service itself. > > > > Ticket #824 > > > > Simo. > > > > I tried applying this on top of both origin/master and 068 but did > not succeed. Can you rebase, please? Rebased on top of the new 0068 Simo. -- Simo Sorce * Red Hat, Inc * New York >From 7974762d315932a906735b5e5df8d589d292a89c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 21 Jan 2011 14:32:55 -0500 Subject: [PATCH 1/3] Populate shared tree with replica related values Fixes: https://fedorahosted.org/freeipa/ticket/820 --- install/tools/ipa-replica-install |1 + ipaserver/install/dsinstance.py | 22 ++ ipaserver/install/replication.py | 29 + 3 files changed, 52 insertions(+), 0 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 3c912a759ac10ef69b4828b67dae4feef4d504fa..69c0e7eac73d1f80bb900d13370e7d5e3325e1ed 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -445,6 +445,7 @@ def main(): print "ipa-client-install returned: " + str(e) raise RuntimeError("Failed to configure the client") +ds.replica_populate() ds.init_memberof() try: diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 234462fab6aeab70f42536cd6592fcd42aeb54e0..29950520117f92938621e843c7787ff0346b3508 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -738,3 +738,25 @@ class DsInstance(service.Service): def __root_autobind(self): self._ldap_mod("root-autobind.ldif") +def replica_populate(self): +self.ldap_connect() + +dn = "cn=default,ou=profile,%s" % self.suffix +try: +ret = self.admin_conn.search_s(dn, ldap.SCOPE_BASE, + '(objectclass=*)')[0] +srvlist = ret.data.get('defaultServerList') +if len(srvlist) > 0: +srvlist = srvlist[0].split() +if not self.fqdn in srvlist: +srvlist.append(self.fqdn) +attr = ' '.join(srvlist) +mod = [(ldap.MOD_REPLACE, 'defaultServerList', attr)] +self.admin_conn.modify_s(dn, mod) +except ldap.NO_SUCH_OBJECT: +pass +except ldap.TYPE_OR_VALUE_EXISTS: +pass + +self.ldap_disconnect() + diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 756bb5595226d49e31edf5ce5afd12d26ac26758..77ca0578ed66ee7f206e1797b432ccf1c5522b39 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -732,6 +732,11 @@ class ReplicationManager: return IPA_REPLICA def replica_cleanup(self, replica, realm, force=False): +""" +This function removes information about the replica in parts +of the shared tree that expose it, so clients stop trying to +use this replica. +""" err = None @@ -792,6 +797,30 @@ class ReplicationManager: except errors.NotFound: pass except Exception, e: +if not force: +raise e +elif not err: +err = e + +try: +dn = 'cn=default,ou=profile,%s' % self.suffix +ret = self.conn.search_s(dn, ldap.SCOPE_BASE, + '(objectclass=*)')[0] +srvlist = ret.data.get('defaultServerList') +if len(srvlist) > 0: +srvlist = srvlist[0].split() +if replica in srvlist: +srvlist.remove(replica) +attr = ' '.join(srvlist) +mod = [(ldap.MOD_REPLACE, 'defaultServerList', attr)] +self.conn.modify_s(dn, mod) +except ldap.NO_SUCH_OBJECT: +pass +except ldap.NO_SUCH_ATTRIBUTE: +pass +except ldap.TYPE_OR_VALUE_EXISTS: +pass +except Exception, e: if force and err: raise err else: -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0068 populate dua profile
On Tue, 25 Jan 2011 08:28:49 -0500 Simo Sorce wrote: > On Tue, 25 Jan 2011 10:41:39 +0100 > Jakub Hrozek wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > On 01/23/2011 02:08 AM, Simo Sorce wrote: > > > Ticket #820 > > > > > > Simo. > > > > > > > > > > I think there's a bug in how the defaultServerList attribute is > > cleaned up when a replica is deleted - it seems to remove the FQDN > > of the host ipa-replica-manage del is run. In > > ReplicationManager.replica_cleanup() you call > > srvlist.remove(self.hostname), should that be > > srvlist.remove(replica) ? > > Oh crap :-) > > Nice catch! > > Simo. > > Ok this new patch should fix that. Simo. -- Simo Sorce * Red Hat, Inc * New York >From 7974762d315932a906735b5e5df8d589d292a89c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 21 Jan 2011 14:32:55 -0500 Subject: [PATCH 1/3] Populate shared tree with replica related values Fixes: https://fedorahosted.org/freeipa/ticket/820 --- install/tools/ipa-replica-install |1 + ipaserver/install/dsinstance.py | 22 ++ ipaserver/install/replication.py | 29 + 3 files changed, 52 insertions(+), 0 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 3c912a759ac10ef69b4828b67dae4feef4d504fa..69c0e7eac73d1f80bb900d13370e7d5e3325e1ed 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -445,6 +445,7 @@ def main(): print "ipa-client-install returned: " + str(e) raise RuntimeError("Failed to configure the client") +ds.replica_populate() ds.init_memberof() try: diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 234462fab6aeab70f42536cd6592fcd42aeb54e0..29950520117f92938621e843c7787ff0346b3508 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -738,3 +738,25 @@ class DsInstance(service.Service): def __root_autobind(self): self._ldap_mod("root-autobind.ldif") +def replica_populate(self): +self.ldap_connect() + +dn = "cn=default,ou=profile,%s" % self.suffix +try: +ret = self.admin_conn.search_s(dn, ldap.SCOPE_BASE, + '(objectclass=*)')[0] +srvlist = ret.data.get('defaultServerList') +if len(srvlist) > 0: +srvlist = srvlist[0].split() +if not self.fqdn in srvlist: +srvlist.append(self.fqdn) +attr = ' '.join(srvlist) +mod = [(ldap.MOD_REPLACE, 'defaultServerList', attr)] +self.admin_conn.modify_s(dn, mod) +except ldap.NO_SUCH_OBJECT: +pass +except ldap.TYPE_OR_VALUE_EXISTS: +pass + +self.ldap_disconnect() + diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 756bb5595226d49e31edf5ce5afd12d26ac26758..77ca0578ed66ee7f206e1797b432ccf1c5522b39 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -732,6 +732,11 @@ class ReplicationManager: return IPA_REPLICA def replica_cleanup(self, replica, realm, force=False): +""" +This function removes information about the replica in parts +of the shared tree that expose it, so clients stop trying to +use this replica. +""" err = None @@ -792,6 +797,30 @@ class ReplicationManager: except errors.NotFound: pass except Exception, e: +if not force: +raise e +elif not err: +err = e + +try: +dn = 'cn=default,ou=profile,%s' % self.suffix +ret = self.conn.search_s(dn, ldap.SCOPE_BASE, + '(objectclass=*)')[0] +srvlist = ret.data.get('defaultServerList') +if len(srvlist) > 0: +srvlist = srvlist[0].split() +if replica in srvlist: +srvlist.remove(replica) +attr = ' '.join(srvlist) +mod = [(ldap.MOD_REPLACE, 'defaultServerList', attr)] +self.conn.modify_s(dn, mod) +except ldap.NO_SUCH_OBJECT: +pass +except ldap.NO_SUCH_ATTRIBUTE: +pass +except ldap.TYPE_OR_VALUE_EXISTS: +pass +except Exception, e: if force and err: raise err else: -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] No luck using ds-migrate to import Apple Open Directory
Rob Crittenden wrote: > Jeff B wrote: >> Apple Open Directory is as follows: >> >> cn=users,dc=host,dc=domain,dc=tld >> cn=groups,dc=host,dc=domain,dc=tld >> >> User records have the following object classes: >> - person >> - top >> - organizationalPerson >> - extensibleObject >> - apple-user >> - shadowAccount >> - posixAccount >> - inetOrgPerson >> >> Group records have the following object classes: >> - top >> - extensibleObject >> - apple-group >> - posixGroup >> >> The data is mostly what you would expect for posixAccount and the >> other common object classes. When I try to import data to IPA I get >> this error for every user and group like this: >> >> --- >> migrate-ds: >> --- >> Migrated: >> Failed user: >>: unknown object class "apple-user" >>: unknown object class "apple-user" >>: unknown object class "apple-user" >>... And the rest >> Failed group: >>: unknown object class "apple-group" >>: unknown object class "apple-group" >>: unknown object class "apple-group" >>... And the rest >> -- >> >> Here are some of the migrate options I've tried: >> >> ipa -d migrate-ds >> --bind-dn="uid=user,cn=users,dc=host,dc=domain,dc=tld" >> ldap://10.0.0.1:389 --user-objectclass="posixAccount" >> --group-objectclass="posixGroups" --user-container="cn=users" >> --group-container="cn=groups" >> >> ipa -d migrate-ds >> --bind-dn="uid=user,cn=users,dc=host,dc=domain,dc=tld" >> ldap://10.0.0.1:389 --user-objectclass="apple-user" >> --group-objectclass="apple-group" --user-container="cn=users" >> --group-container="cn=groups" >> >> I've tried combinations of the two. I've tried changing the --schema >> with no change in outcome. The only time the outcome is different is >> when I don't include the --group-objectclass or the --user-objectclass >> It fails before it even tries to import the data in the directory. I >> get this error: >> >> ipa: DEBUG: Caught fault 4001 from server >> https://ipa0.myrealm.com/ipa/xml: Container for group not found >> ipa: INFO: Destroyed connection context.xmlclient >> ipa: ERROR: Container for group not found >> >> If I add only the --group-objectclass it tries to migrate and gives me >> the list of errors for every user and group having an unknown object >> class as described at the top. >> >> Would one expect that I should be able to migrate this data, or would >> one it fail because it differs from the two supported schemas? I was >> hoping since it was based off of posixAccount and posixGroup that it >> was close enough to work. > > Hmm, interesting problem, I don't think we really thought about this. > In the broadest sense apple-user could be just about any unknown > objectclass. > > If we *just* aim at migrating over POSIX information we can simply > target the attributes we want and migrate those and ignore the rest. > This might not be so nice for some users. > > Or we can try to run through the schema for every entry and delete > objectclasses and attributes we know nothing about. > > Or we could do both, with the default setting perhaps to migrate the > minimum with an --aggressive option perhaps? > > Or we could have a --objectclass option to list all the objectclasses > to migrate. > > Or even better, perhaps we should have a --test mode where you can > test the migration before actually having to move users over. > Basically try to migrate one user and if successful delete it from IPA > when done and, if unsuccessful report whatever errors were raised. I like --test option. But what is the problem? Do we not recognize the entries to pull in? I suggest then to have a map file option. The contents of the map file would then be: [Objectclass] userentryobjclass=... groupentryobjclass=... [UserMap] = ... [GroupMap] = ... This would allow to pull in even custom attributes if needed. It might require new schema provided by the customer but if it is provided and loaded then the migration of the custom attributes can happen. Of cause it is not something for 2.0. > > rob > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0068 populate dua profile
On Tue, 25 Jan 2011 10:41:39 +0100 Jakub Hrozek wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 01/23/2011 02:08 AM, Simo Sorce wrote: > > Ticket #820 > > > > Simo. > > > > > > I think there's a bug in how the defaultServerList attribute is > cleaned up when a replica is deleted - it seems to remove the FQDN of > the host ipa-replica-manage del is run. In > ReplicationManager.replica_cleanup() you call > srvlist.remove(self.hostname), should that be > srvlist.remove(replica) ? Oh crap :-) Nice catch! Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 029 Enforce uniqueness on (key, info) pairs in automount keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/25/2011 04:42 AM, Rob Crittenden wrote: > Jakub Hrozek wrote: >> On 01/21/2011 05:55 PM, Rob Crittenden wrote: >>> Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/10/2011 05:15 PM, Jakub Hrozek wrote: > On 12/20/2010 03:33 PM, Jakub Hrozek wrote: >> On 12/20/2010 02:49 PM, Jakub Hrozek wrote: >>> Attached is a patch that changes the uniqueness constraint of >>> automount >>> keys from (key) to (key,info) pairs. The patch is not really >>> standard >>> baseldap style. The reason is that during development, I found that >>> baseldap is really dependent on having a single primary key and also >>> during many operations accessing it as keys[-1]. > >>> Please note that the ipa automountkey-* commands used to have three >>> args, now its two args and two required options (that compose the >>> tuple >>> that is primary key). I know next to nothing about UI, but I assume >>> this >>> has consequences as the JSON marshalled call needs to be different >>> now. >>> Can someone point me to the place in code that I need to fix now? > >>> Fixes: >>> https://fedorahosted.org/freeipa/ticket/293 > >> Sorry, I left some debugging statements in. Attached is a new patch. > > Attached is a patch that applies cleanly on top of origin/master. >>> >>> Can you provide some guidance on how to test this patch? >>> >>> thanks >>> >>> rob >> >> Sure: >> >> The main change to CLI is that both key and info must be provided. These >> are put into the description attribute, at the same time this (key,info) >> tuple is checked for uniqueness. >> >> The automount test is a good start for testing the patch. It also tests >> a duplicate direct map. To test the duplicates manually: >> >> ipa automountlocation-add baltimore >> ipa automountmap-add baltimore auto.direct2 >> ipa automountkey-add baltimore auto.master --key=/- --info=auto.direct2 >> ipa automountlocation-tofiles baltimore >> >> You should see something like: >> /etc/auto.master: >> /- /etc/auto.direct >> /- /etc/auto.direct2 >> --- >> /etc/auto.direct: >> --- >> /etc/auto.direct2: > > Ack with two conditions and a question: > > Conditions: > > 1. Check with qe to see if they already have tests for automount. If > they do we'll need to coordinate getting their tests updated. Jenny, I see you are in the CC list. Do you know? > 2. The samples in the command help don't use the --key argument, can you > update them? Sorry, but I think the samples are OK. I just tried cut-n-pasting all of them into the terminal and found one glitch (new patch that fixes just that typo in help is attached), but all the ipa automountkey-* commands list the --key parameter in help. Or do you mean something else than the output of ipa help automount? > > Question: > > Can you import multiple direct maps? > Yes, just tested. If someone would like to test, please note that when you create a new automount location, a direct map is created for the new location by default. This is how I imported a /etc/auto.master file with multiple direct maps: # create a new location ipa automountlocation-add testimport # remove the reference to the direct map from the auto.master map ipa automountkey-del testimport auto.master --key=/- --info=auto.direct # remove the auto.direct location ipa automountmap-del testimport auto.direct # import the new maps ipa automountlocation-import testimport /etc/auto.master My /etc/auto.master looks something like this: - - /misc /etc/auto.misc /net-hosts /- /etc/auto.direct /- /etc/auto.direct2 /home /etc/auto.home - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0+zdYACgkQHsardTLnvCVL/ACghLxen44ZZv+qIFBm6Cz3cinM oMEAoLAAUtCKnxDlUHKtpyMvg75Zq/Iq =7MbL -END PGP SIGNATURE- From 108d0adcaec2f62c81eac5f77a7ea1eac8dd65ee Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sun, 19 Dec 2010 20:23:16 +0100 Subject: [PATCH] Enforce uniqueness on (key,info) pairs in automount keys https://fedorahosted.org/freeipa/ticket/293 --- API.txt| 27 +++-- install/share/bootstrap-template.ldif |3 +- ipalib/plugins/automount.py| 175 ++-- tests/test_xmlrpc/test_automount_plugin.py | 83 +++--- 4 files changed, 248 insertions(+), 40 deletions(-) diff --git a/API.txt b/API.txt index 0380c48..9717acc 100644 --- a/API.txt +++ b/API.txt @@ -94,12 +94,11 @@ output: Output('summary', (, ), 'User-friendly output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('value', , "The primary_key value of the entry, e.g. 'jdoe' for a user") command: automountkey_add -args: 3,7
Re: [Freeipa-devel] [PATCH] 690 add brackets around optional prompts
Rob Crittenden wrote: > When prompting for arguments in the cli there is no way to tell what is > optional and what is required. This sticks brackets around optional > arguments. > > Ticket 832 > > rob Ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Changed dns permission types
Jan Zelený wrote: > Rob Crittenden wrote: > > Jan Zelený wrote: > > > Rob Crittenden wrote: > > >> Jan Zelený wrote: > > >>> Recent change of DNS module to version caused that dns object type > > >>> was replaced by dnszone and dnsrecord. This patch corrects dns types > > >>> in permissions class. > > >>> > > >>> https://fedorahosted.org/freeipa/ticket/646 > > >> > > >> Nack. These values need to be added as valid types to the aci plugin > > >> and the _type_map needs to be updated. > > >> > > >> rob > > > > > > I'm sending an updated patch. > > > > > > Jan > > > > Since dnszone and dnsrecord point to the same kind of entry what is the > > point of having two separate names for them? When we read the entry we > > aren't going to be able to differentiate between the two. > > I didn't take a look how the type thing works, so I'm kinda guessing here > (please ignore the comment if it is wrong): > Sure, object with idnszone class is always also in dnsrecord class, but > that's not the case backwards (idnsrecord object isn't always idnszone) - > so I think it is possible to set different ACIs for these two types. > > > Can the type be made more specific? > > If the mapping doesn't distinguish object classes and it can, maybe that's > the answer. Will investagate further. But if not, I still think this is > the way to go considering the underline issue which we tried to solve by > this change. From what I found I think that making changes necessary to distinguish dnsrecord and dnszone are not worth it, especially that user can use "filter" for that purpose. Since having both of them doesn't have any additional value, I'm sending new version of the patch, which is only adding dnsrecord type. Jan From 0b7c6ddbc5e40e802357c01fb4d568965b77165e Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Thu, 13 Jan 2011 17:32:57 +0100 Subject: [PATCH] Changed dns permission types Recent change of DNS module to version caused that dns object type was replaced by dnszone and dnsrecord. This patch corrects dns types in permissions class. https://fedorahosted.org/freeipa/ticket/646 --- ipalib/plugins/aci.py|5 +++-- ipalib/plugins/permission.py |2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index 939fe535ab01bec9be0caa1952b4a36123bcc2db..d7765488fa1c48d618030564d652a90143bd0123 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -135,7 +135,7 @@ _type_map = { 'hostgroup': 'ldap:///cn=*,%s,%s' % (api.env.container_hostgroup, api.env.basedn), 'service': 'ldap:///krbprincipalname=*,%s,%s' % (api.env.container_service, api.env.basedn), 'netgroup': 'ldap:///ipauniqueid=*,%s,%s' % (api.env.container_netgroup, api.env.basedn), -'dns': 'ldap:///idnsname=*,%s,%s' % (api.env.container_dns, api.env.basedn), +'dnsrecord': 'ldap:///idnsname=*,%s,%s' % (api.env.container_dns, api.env.basedn), } _valid_permissions_values = [ @@ -382,7 +382,7 @@ class aci(Object): cli_name='type', label=_('Type'), doc=_('type of IPA object (user, group, host, hostgroup, service, netgroup)'), -values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns',), +values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'), ), Str('memberof?', cli_name='memberof', diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 43bb2634d34cab8d2bb8ecbce883df8008c34645..182a02cc389c970962e93c4e1653cbbfeee3f30b 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -121,7 +121,7 @@ class permission(LDAPObject): cli_name='type', label=_('Type'), doc=_('Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)'), -values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns',), +values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord',), ), Str('memberof?', cli_name='memberof', -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 040 Assorted bugs found by pylint
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/21/2011 11:43 AM, Jakub Hrozek wrote: > https://fedorahosted.org/freeipa/ticket/358 > > Another part of this effort is running pylint during build. I have > started on this, but because we use python's dynamic features quite a > lot, pylint produces a big number of false positives. > > I wrote a small pylint plugin that helps (so it allowed me to review the > pylint results sanely), but it's still not complete - I'd like to resume > that work during the 2.0.1 bug fixing as there are more pressing issues > right now, I think. Attaching a new version that fixes one more bug and also changes one hunk so it does not exceed the recommended 80-chars limit. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0+vXUACgkQHsardTLnvCV1QACgvBDM/J+KotvGpodZ6eZ7qL4o Xs4An25x48Sir5YKk8/cqZLZMXXcH53Z =T0TP -END PGP SIGNATURE- From 27f111d6bac48615652f04c367e1fd8a4af6a785 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 20 Jan 2011 18:25:20 +0100 Subject: [PATCH] Assorted bugs found by pylint https://fedorahosted.org/freeipa/ticket/358 --- install/tools/ipa-replica-install|4 ++-- install/tools/ipa-server-certinstall |2 +- ipalib/cli.py| 11 --- ipalib/frontend.py |2 +- ipalib/parameters.py |7 +++ ipalib/pkcs10.py |2 -- ipalib/plugins/dns.py|2 +- ipalib/plugins/group.py |2 +- ipalib/plugins/host.py |1 - ipapython/ipautil.py |4 +--- ipaserver/install/certs.py |2 +- ipaserver/install/installutils.py|4 ++-- ipaserver/install/replication.py |5 ++--- ipaserver/ipaldap.py |2 -- ipaserver/plugins/dogtag.py |4 +--- ipaserver/plugins/ldap2.py |2 +- ipaserver/plugins/ldapapi.py |6 -- ipaserver/servercore.py |8 18 files changed, 21 insertions(+), 49 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 3c912a7..e3394e8 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -407,8 +407,8 @@ def main(): # We ned to ldap_enable the CA now that DS is up and running if CA: -CA.ldap_enable('CA', host_name, dm_password, - util.realm_to_suffix(self.realm_name)) +CA.ldap_enable('CA', config.host_name, config.dirman_password, + util.realm_to_suffix(config.realm_name)) install_krb(config, setup_pkinit=options.setup_pkinit) install_http(config) diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall index 543c770..5fc5811 100755 --- a/install/tools/ipa-server-certinstall +++ b/install/tools/ipa-server-certinstall @@ -141,7 +141,7 @@ def main(): set_ds_cert_name(server_cert[0], dm_password) if options.http: -dirname = httpinstance.NSS_DIR +dirname = certs.NSS_DIR server_cert = import_cert(dirname, pkcs12_fname, options.http_pin, "") installutils.set_directive(httpinstance.NSS_CONF, 'NSSNickname', server_cert[0]) diff --git a/ipalib/cli.py b/ipalib/cli.py index 2d219b7..9dda1c2 100644 --- a/ipalib/cli.py +++ b/ipalib/cli.py @@ -620,17 +620,6 @@ class help(frontend.Local): if module == __name__: return return module.split('.')[-1] -# get representation in the form of 'base_module.bare_module.command()' -r = repr(cmd_plugin_proxy) -# skip base module part and the following dot -start = r.find(self._PLUGIN_BASE_MODULE) -if start == -1: -# command module isn't a plugin module, it's a builtin -return None -start += len(self._PLUGIN_BASE_MODULE) + 1 -# parse bare module name -end = r.find('.', start) -return r[start:end] def _get_module_topic(self, module_name): if not sys.modules[module_name]: diff --git a/ipalib/frontend.py b/ipalib/frontend.py index 567edfd..58fd4d6 100644 --- a/ipalib/frontend.py +++ b/ipalib/frontend.py @@ -693,13 +693,13 @@ class Command(HasParam): If the client minor version is less than or equal to the server then let the request proceed. """ +server_ver = version.LooseVersion(API_VERSION) ver = version.LooseVersion(client_version) if len(ver.version) < 2: raise VersionError(cver=ver.version, sver=server_ver.version, server= self.env.xmlrpc_uri) client_major = ver.version[0] client_minor = ver.version[1] -server_ver = version.LooseVersion(API_VERSION) server_major = server_ver.version[0] server_minor = server_ver.version[1] d
Re: [Freeipa-devel] [PATCH] Changed dns permission types
Rob Crittenden wrote: > Jan Zelený wrote: > > Rob Crittenden wrote: > >> Jan Zelený wrote: > >>> Recent change of DNS module to version caused that dns object type > >>> was replaced by dnszone and dnsrecord. This patch corrects dns types > >>> in permissions class. > >>> > >>> https://fedorahosted.org/freeipa/ticket/646 > >> > >> Nack. These values need to be added as valid types to the aci plugin and > >> the _type_map needs to be updated. > >> > >> rob > > > > I'm sending an updated patch. > > > > Jan > > Since dnszone and dnsrecord point to the same kind of entry what is the > point of having two separate names for them? When we read the entry we > aren't going to be able to differentiate between the two. I didn't take a look how the type thing works, so I'm kinda guessing here (please ignore the comment if it is wrong): Sure, object with idnszone class is always also in dnsrecord class, but that's not the case backwards (idnsrecord object isn't always idnszone) - so I think it is possible to set different ACIs for these two types. > Can the type be made more specific? If the mapping doesn't distinguish object classes and it can, maybe that's the answer. Will investagate further. But if not, I still think this is the way to go considering the underline issue which we tried to solve by this change. Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0068 populate dua profile
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 02:08 AM, Simo Sorce wrote: > Ticket #820 > > Simo. > > I think there's a bug in how the defaultServerList attribute is cleaned up when a replica is deleted - it seems to remove the FQDN of the host ipa-replica-manage del is run. In ReplicationManager.replica_cleanup() you call srvlist.remove(self.hostname), should that be srvlist.remove(replica) ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0+mtMACgkQHsardTLnvCX29ACfRLlUCZW+UmQXKY0dvOra7wQZ 9NgAn3otzd9NDIkqfX0eEpuaiGqC/8l9 =R9ak -END PGP SIGNATURE- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Unused value in initdefault_encoding_utf8
On Mon, 2011-01-17 at 13:13 +0100, Jakub Hrozek wrote: > On 01/17/2011 01:00 PM, Martin Kosek wrote: > > There is no use for return value of Py_InitModule3. Removing it > > in this patch. > > > > https://fedorahosted.org/freeipa/ticket/710 > > > > Ack Just a reminder that this patch is ready for push. Thanks, Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel