On Tue, 2011-03-29 at 13:20 -0400, Rob Crittenden wrote:
> If a one-time password is set when a host is created the
> krbPrincipalName is not created. It will be added when the client
> enrolls with the password.
>
> This means that the host can't enroll with an admin user because we
> don't al
On Tue, 2011-03-29 at 13:36 -0400, Rob Crittenden wrote:
> This makes the CA retrieval during IPA discovery non-fatal. If we can't
> get the CA cert then this likely isn't an IPA server so we should just
> return.
>
> ticket 1135
>
> rob
ACK from me.
I also tried to at least partially simulat
On 30.3.2011 01:01, David O'Brien wrote:
Jan Cholasta wrote:
Added the note so that users know that they can setup DNS at any time
after ipa-server-install.
https://fedorahosted.org/freeipa/ticket/1082
_
On 29.3.2011 22:15, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File "", line 1, in
File "ipaserver/install/installutils.py", line
Martin Kosek wrote:
On Tue, 2011-03-29 at 16:42 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
When IPA server was configured as self-signed (--selfsign option)
the replica always failed to install.
https://fedorahosted.org/freeipa/ticket/1122
Why not just make install_ca return (None, No
Martin Kosek wrote:
On Tue, 2011-03-29 at 13:20 -0400, Rob Crittenden wrote:
If a one-time password is set when a host is created the
krbPrincipalName is not created. It will be added when the client
enrolls with the password.
This means that the host can't enroll with an admin user because we
Martin Kosek wrote:
On Tue, 2011-03-29 at 13:36 -0400, Rob Crittenden wrote:
This makes the CA retrieval during IPA discovery non-fatal. If we can't
get the CA cert then this likely isn't an IPA server so we should just
return.
ticket 1135
rob
ACK from me.
I also tried to at least partially
Some requests generate multiple calls to get_ipa_config(). This patch
caches the return value for this in the request context.
ticket 1023
rob
freeipa-rcrit-759-cache.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@r
This prevents an internal error when calculating direct vs indirect
membership.
ticket 1133
rob
freeipa-rcrit-760-member.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listi
Rob Crittenden wrote:
This prevents an internal error when calculating direct vs indirect
membership.
ticket 1133
I accidentally included a change from another patch. Updated patch attached.
rob
freeipa-rcrit-760-2-member.patch
Description: application/mbox
Since this is a new-feature type patch it should be pushed only to master.
---
The DNS record plugin does not support modification of a record. One
can only add A type addresses to a DNS record or remove the current
ones. To actually change a DNS record value it has to be removed and
then added
The FreeIPA framework performs unescaped searches to enumerate group membership.
The following patch corrects this behavior.
-JR
binIXm2E6QDid.bin
Description: freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch
___
Freei
On Mar 30, 2011, at 12:05 PM, JR Aquino wrote:
> The FreeIPA framework performs unescaped searches to enumerate group
> membership.
>
> The following patch corrects this behavior.
>
> -JR
>
> ___
> Freeipa-devel mailing list
> Freeipa-devel@redhat.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/30/2011 03:53 PM, JR Aquino wrote:
>
> On Mar 30, 2011, at 12:05 PM, JR Aquino wrote:
>
>> The FreeIPA framework performs unescaped searches to enumerate group
>> membership.
>>
>> The following patch corrects this behavior.
>>
>> -JR
>>
>> __
The plugin architecture makes a great deal of calls to search for memberUser
and memberHost. These attributes are missing from the index and are greatly
slowing down the CLI and WebUI.
They should be added as Equality Indexes, as the searches that are performed
are meant for enumeration after t
On Mar 30, 2011, at 1:01 PM, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 03/30/2011 03:53 PM, JR Aquino wrote:
>>
>> On Mar 30, 2011, at 12:05 PM, JR Aquino wrote:
>>
>>> The FreeIPA framework performs unescaped searches to enumerate group
>>> membership.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/30/2011 04:22 PM, JR Aquino wrote:
> On Mar 30, 2011, at 1:01 PM, Stephen Gallagher wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 03/30/2011 03:53 PM, JR Aquino wrote:
>>>
>>> On Mar 30, 2011, at 12:05 PM, JR Aquino wrote
On 03/30/2011 11:13 AM, Martin Kosek wrote:
Since this is a new-feature type patch it should be pushed only to master.
---
The DNS record plugin does not support modification of a record. One
can only add A type addresses to a DNS record or remove the current
ones. To actually change a DNS re
Sort output on find commands based on the baseldap LDAPSearch class.
A couple tests had to be modified to match the new order.
ticket 794
rob
freeipa-rcrit-761-sort.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@red
JR Aquino wrote:
On Mar 30, 2011, at 1:01 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/30/2011 03:53 PM, JR Aquino wrote:
On Mar 30, 2011, at 12:05 PM, JR Aquino wrote:
The FreeIPA framework performs unescaped searches to enumerate group membership.
The
On Mar 30, 2011, at 3:03 PM, Rob Crittenden wrote:
> JR Aquino wrote:
>> On Mar 30, 2011, at 1:01 PM, Stephen Gallagher wrote:
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> On 03/30/2011 03:53 PM, JR Aquino wrote:
On Mar 30, 2011, at 12:05 PM, JR Aquino wrote:
Jan Cholasta wrote:
On 30.3.2011 01:01, David O'Brien wrote:
Jan Cholasta wrote:
Added the note so that users know that they can setup DNS at any time
after ipa-server-install.
https://fedorahosted.org/freeipa/ticket/1082
--
Requires patch 217
From d07565bd09081e9d2dd010f6b9a39cdd8df01e1d Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Wed, 30 Mar 2011 20:54:34 -0400
Subject: [PATCH] default all false
no longer default to all: true for searches, only specify it for user searches
---
install/ui/entity.js |5 +++
23 matches
Mail list logo
