It looks like we missed the userCategory and hostCategory stuff when we
did the original pass at configuring the nis server and schema compat
plugins for netgroups. Here's a proposed change which should empty the
right fields when we have one or the other set to "ALL".
Nalin
commit 7a76e7b25026eb
On 11/3/2010 2:50 PM, Adam Young wrote:
Now defaulting to rscwo, which means that some fields will show up
editable even if the user can't change them, due to effectiverights not
being returned on all fields.
Could you rebase it against the latest in master? The patch cannot be
applied. Thanks
Pushed this fix under the 1-liner rule. We had the wrong attribute in an
aci.
diff --git a/install/updates/40-delegation.update
b/install/updates/40-delegation.update
index da17358..d51e213 100644
--- a/install/updates/40-delegation.update
+++ b/install/updates/40-delegation.update
@@ -241,7
On 11/03/2010 02:20 PM, Adam Young wrote:
On 11/03/2010 01:15 PM, Endi Sukma Dewata wrote:
On 11/3/2010 9:10 AM, Adam Young wrote:
The IPA and ipa_cmd are defined twice.
+var IPA;
+var ipa_cmd;
+var IPA = ( function () {
function ipa_cmd(name, args, options, win_callback, fail_callback,
objna
On 11/03/2010 12:55 PM, Endi Sukma Dewata wrote:
On 11/3/2010 8:53 AM, Adam Young wrote:
Still NACK. I have tested this again. It looks like the UI does not
send the --rights parameter which is required to get the
attributelevelrights. With this patch even the admin can't edit
anything.
Ah...
Always display the account enable/disable status.
Don't ignore the exceptions when a user is already enabled or disabled.
Fix the exception error messages to use the right terminology.
In baseldap when retrieving all attributes include the default
attributes in case they include some operation
On 11/3/2010 1:20 PM, Adam Young wrote:
Note the comment about "Forward declared"
jslint complains if there is no forward declaration. I've postponed
moving ipa_cmd into the IPA namespace in this patch, as that will cause
a ripple effect through the rest of the .js files.
I've seen several ways
On 11/03/2010 02:43 PM, Endi Sukma Dewata wrote:
On 11/3/2010 10:09 AM, Adam Young wrote:
A few questions (and tweaks). Note that I have just given the code a
read through, not applied the patch yet.
Are you sure we want to implement our own Theme code? I'd rather try
to keep theme stuff as par
On 11/3/2010 10:09 AM, Adam Young wrote:
A few questions (and tweaks). Note that I have just given the code a
read through, not applied the patch yet.
Are you sure we want to implement our own Theme code? I'd rather try
to keep theme stuff as part of JQUery.UI. At a mionimum, we risk name
clash
On 11/03/2010 01:15 PM, Endi Sukma Dewata wrote:
On 11/3/2010 9:10 AM, Adam Young wrote:
The IPA and ipa_cmd are defined twice.
+var IPA;
+var ipa_cmd;
+var IPA = ( function () {
function ipa_cmd(name, args, options, win_callback, fail_callback,
objname)
Fixed
The duplicate IPA declaratio
On 11/03/2010 01:42 PM, Rob Crittenden wrote:
Adam Young wrote:
On 11/03/2010 11:32 AM, Rob Crittenden wrote:
Break out an ACI into components so it is easier to see what it does.
This will be needed for UI support.
I also filled more supported types and made the List parameter perform
validat
This tool was designed to fix CVE-2008-3274. This configuration is
default now in V2 so this isn't needed now.
https://fedorahosted.org/freeipa/ticket/331
rob
>From 576594158d15546242b18151697cef37dfa551ad Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Wed, 3 Nov 2010 13:47:15 -0400
Subje
Adam Young wrote:
On 11/03/2010 11:32 AM, Rob Crittenden wrote:
Break out an ACI into components so it is easier to see what it does.
This will be needed for UI support.
I also filled more supported types and made the List parameter perform
validation.
rob
___
On 11/3/2010 9:10 AM, Adam Young wrote:
The IPA and ipa_cmd are defined twice.
+var IPA;
+var ipa_cmd;
+var IPA = ( function () {
function ipa_cmd(name, args, options, win_callback, fail_callback,
objname)
Fixed
The duplicate IPA declaration is fixed, but the ipa_cmd is still
declared twic
On 11/3/2010 8:55 AM, Adam Young wrote:
I suspect then that the service add dialog is wrong. This behaviour has
been spec'ed and working for a long time. What does it break?
The field.setup(dialog, IPA_ADD_UPDATE) should be called before the add
operation to allow constructing krbprincipalname
On 11/3/2010 8:53 AM, Adam Young wrote:
Still NACK. I have tested this again. It looks like the UI does not
send the --rights parameter which is required to get the
attributelevelrights. With this patch even the admin can't edit anything.
Ah...that was because I did it as two commits, and only
On 11/03/2010 11:37 AM, Rob Crittenden wrote:
Patch is a 1 liner that changes:
import default_encoding_utf8
To
from policycoreutils import default_encoding_utf8
But this one was not reviewed yet, right?
It was, I'm trying to decide what to do with it.
It would seem that the SELinux poli
Add gdm, gdm-password and kdm as default hbac services.
ticket https://fedorahosted.org/freeipa/ticket/307
rob
>From 5c5e32b138bacd7e23596e20329fd5c1af9920f7 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Wed, 3 Nov 2010 11:49:51 -0400
Subject: [PATCH] Add additional default HBAC login ser
Dmitri Pal wrote:
JR Aquino wrote:
./lite-server.py -d
ipa: DEBUG: importing all plugin modules in '/usr/src/freeipa/ipalib/plugins'...
ipa: DEBUG: importing plugin module '/usr/src/freeipa/ipalib/plugins/aci.py'
ipa: DEBUG: importing plugin module
'/usr/src/freeipa/ipalib/plugins/automount.py'
This issue is resolved.
A full uninstall and reinstall properly fixed the dependency issue.
On 11/3/10 8:33 AM, "Dmitri Pal" wrote:
>JR Aquino wrote:
>> ./lite-server.py -d
>> ipa: DEBUG: importing all plugin modules in
>>'/usr/src/freeipa/ipalib/plugins'...
>> ipa: DEBUG: importing plugin modu
Break out an ACI into components so it is easier to see what it does.
This will be needed for UI support.
I also filled more supported types and made the List parameter perform
validation.
rob
>From d3f91cf238daf76e908f37b7a591612c6f986aa0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date:
JR Aquino wrote:
> ./lite-server.py -d
> ipa: DEBUG: importing all plugin modules in
> '/usr/src/freeipa/ipalib/plugins'...
> ipa: DEBUG: importing plugin module '/usr/src/freeipa/ipalib/plugins/aci.py'
> ipa: DEBUG: importing plugin module
> '/usr/src/freeipa/ipalib/plugins/automount.py'
> ipa:
Dmitri Pal wrote:
> Adam Young wrote:
>
>> freeipa-admiyo-freeipa-0070-delete-associations.patch
>> freeipa-admiyo-freeipa-0071-group_remove_memeber.json.patch
>> freeipa-admiyo-freeipa-0072-rights-check.patch
>> freeipa-admiyo-freeipa-0073-Clear-fields-after-add.patch
>> freeipa-admiyo-freeipa-
On 11/03/2010 10:35 AM, Rob Crittenden wrote:
Adam Young wrote:
Joint effort between me and Rob in getting this to work.
I've tested it with the following data:
[ayo...@ipa freeipa]$ cat ../bulk_request.json
{"method":"bulk","params":[[
{"method":"json_metadata","params":[[],{}]},
{"method":"u
Adam Young wrote:
> freeipa-admiyo-freeipa-0070-delete-associations.patch
> freeipa-admiyo-freeipa-0071-group_remove_memeber.json.patch
> freeipa-admiyo-freeipa-0072-rights-check.patch
> freeipa-admiyo-freeipa-0073-Clear-fields-after-add.patch
> freeipa-admiyo-freeipa-0074-jslint-cleanup.patch
> fr
On 11/03/2010 10:48 AM, Adam Young wrote:
On 11/03/2010 08:30 AM, Endi Sukma Dewata wrote:
On 11/1/2010 12:35 PM, Adam Young wrote:
NACK, based on the templating issues we discussed on the phone.
TO lay out the issues for other people reading: we previously had a
framework like what Endi is pr
On 11/03/2010 08:30 AM, Endi Sukma Dewata wrote:
On 11/1/2010 12:35 PM, Adam Young wrote:
NACK, based on the templating issues we discussed on the phone.
TO lay out the issues for other people reading: we previously had a
framework like what Endi is proposing here. We found that importing HTML
Adam Young wrote:
Joint effort between me and Rob in getting this to work.
I've tested it with the following data:
[ayo...@ipa freeipa]$ cat ../bulk_request.json
{"method":"bulk","params":[[
{"method":"json_metadata","params":[[],{}]},
{"method":"user_find","params":[[],{"whoami":" true","all":
Jan Zelený wrote:
I tried one other solution, but this approach was recommended to me by Pavel.
It seems to be working fine. If you don't agree with the concept (detection per
request), I can present you the original one.
https://fedorahosted.org/freeipa/ticket/252
Jan
nack. I think we need
Jan Zelený wrote:
All ipa-* commands except for ipa-fix-CVE-2008-3274 were added to SEE
ALSO section of ipa(1).
https://fedorahosted.org/freeipa/ticket/329
Jan
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://ww
David O'Brien wrote:
Jan Zelený wrote:
"David O'Brien" wrote:
Jan Zelený wrote:
There was a single reference, so I removed it and rephrased the
sentence
a little.
https://fedorahosted.org/freeipa/ticket/330
Jan
nack
"...and starting IPA\-provided service ipa_kpasswd." is grammatically
inc
On 11/03/2010 08:31 AM, Endi Sukma Dewata wrote:
Hi,
Please review the attached patch. It can be installed independently
from my patch #25-2 (HBAC Details Page). Thanks!
https://fedorahosted.org/reviewboard/r/100/
___
Freeipa-devel mailing list
Fr
JR Aquino wrote:
Patches for sudocmd attribute change and support for sudorule cmdCategory.
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 11/03/2010 08:33 AM, Endi Sukma Dewata wrote:
On 11/2/2010 2:33 PM, Adam Young wrote:
While this doesn't fix all of the jslint complaints for ipa.js, it fixes
the worst offenders.
Nearly ACKed... is there such thing? :)
The IPA and ipa_cmd are defined twice.
+var IPA;
+var ipa_cmd;
+var
On 11/03/2010 08:33 AM, Endi Sukma Dewata wrote:
On 11/1/2010 12:58 PM, Adam Young wrote:
For the 'add and add again' useage.
NACK. The following for-loop shouldn't be moved into add_win() because
it breaks the service add dialog.
-for (var i = 0; i < that.fields.length; ++i) {
-
On 11/03/2010 08:32 AM, Endi Sukma Dewata wrote:
On 11/1/2010 9:28 AM, Adam Young wrote:
Check effective rights. If the right is not explicitly allowed,
show the
field as read only.
It seems to be working, but I think it has to wait until the
attributelevelrights is returned in the JSON resp
Jan Zelený wrote:
"David O'Brien" wrote:
Jan Zelený wrote:
There was a single reference, so I removed it and rephrased the sentence
a little.
https://fedorahosted.org/freeipa/ticket/330
Jan
nack
"...and starting IPA\-provided service ipa_kpasswd." is grammatically
incorrect (missing articl
These were acked and pushed last week:
freeipa-admiyo-freeipa-0070-delete-associations.patch
freeipa-admiyo-freeipa-0071-group_remove_memeber.json.patch
These still have problems:
freeipa-admiyo-freeipa-0072-rights-check.patch
freeipa-admiyo-freeipa-0073-Clear-fields-after-add.patch
freeipa-ad
On 11/2/2010 2:33 PM, Adam Young wrote:
While this doesn't fix all of the jslint complaints for ipa.js, it fixes
the worst offenders.
Nearly ACKed... is there such thing? :)
The IPA and ipa_cmd are defined twice.
+var IPA;
+var ipa_cmd;
+var IPA = ( function () {
function ipa_cmd(name, args
On 11/1/2010 9:28 AM, Adam Young wrote:
Check effective rights. If the right is not explicitly allowed, show the
field as read only.
It seems to be working, but I think it has to wait until the
attributelevelrights is returned in the JSON response because without
it the UI would become unusabl
On 11/1/2010 12:58 PM, Adam Young wrote:
For the 'add and add again' useage.
NACK. The following for-loop shouldn't be moved into add_win() because
it breaks the service add dialog.
-for (var i = 0; i < that.fields.length; ++i) {
-var field = that.fields[i];
-
Hi,
Please review the attached patch. It can be installed independently from
my patch #25-2 (HBAC Details Page). Thanks!
https://fedorahosted.org/reviewboard/r/100/
--
Endi S. Dewata
From 28fbe82de301bc0e2a3166a43e991b403750658e Mon Sep 17 00:00:00 2001
From: Endi S. Dewata
Date: Tue, 2 Nov
./lite-server.py -d
ipa: DEBUG: importing all plugin modules in '/usr/src/freeipa/ipalib/plugins'...
ipa: DEBUG: importing plugin module '/usr/src/freeipa/ipalib/plugins/aci.py'
ipa: DEBUG: importing plugin module
'/usr/src/freeipa/ipalib/plugins/automount.py'
ipa: ERROR: could not load plugin mod
43 matches
Mail list logo
