On Tue, 2011-09-13 at 18:01 +0200, Sumit Bose wrote:
> Yes, if you do not find another major issue it would be nice if you
> can
> open a new ticket for new features.
>
Haven't finished testing, but compiling on master throws an error.
You need to rebase and s/chkconfig_off/disable/ in smbinstance
ipa-ldap-updater is really just meant to be run during upgrades, not as
a user utility. Add a blurb about that.
This also fixes a bit of formatting and adds a bit about the order of
operations.
rob
>From b7ce783956cc57cd9b2153c2da5487d0e96b242f Mon Sep 17 00:00:00 2001
From: Rob Crittenden
D
Add an escape clause to the CSR validator in the cert plugin. If the csr
is a file just return and let the load_files() call slurp in the
contents. It will still get validated.
rob
>From d85b43a4bf88224734a7a9f93bbc6e56f467b068 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 13 Sep 20
On 9/13/2011 7:54 AM, Petr Vobornik wrote:
The labels from entity parameter are actually more appropriate. I've
updated the patch to use them instead. I also fixed some of the labels
(the run-as group label & doc is incorrect).
ACK
Pushed to master and ipa-2-1.
--
Endi S. Dewata
___
On 9/13/2011 8:08 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1787
In 'IPA Server/RBAC/Permission/Settings/Rights' is missing a option for
setting 'read' permission which is supported in CLI.
As discussed in the meeting, the UI will not provide a 'read' checkbox
(sorry!).
On 9/13/2011 7:54 AM, Petr Vobornik wrote:
The labels from entity parameter are actually more appropriate. I've
updated the patch to use them instead. I also fixed some of the labels
(the run-as group label & doc is incorrect).
ACK
Pushed to master and ipa-2-1.
--
Endi S. Dewata
___
On 9/13/2011 7:57 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1788
Removed code duplication of undo links.
Simplified code of widget creation to be more readable.
ACK and pushed to master and ipa-2-1.
One little thing though, the create_undo() will always append a space
On Mon, Sep 12, 2011 at 05:24:38PM -0400, Simo Sorce wrote:
> On Mon, 2011-09-12 at 17:53 +0200, Sumit Bose wrote:
> [..]
> > >
> > I can now run 'smbclient -k -L' on my test system wit hthe recent samba
> > patch.
>
> Sorry a couple more nitpicks.
>
> Trying to reinstall ipa-adtrust-install it
On Tue, 2011-09-13 at 11:14 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Tue, 2011-09-13 at 10:15 -0400, Rob Crittenden wrote:
> >> Martin Kosek wrote:
> >>> On Mon, 2011-09-12 at 11:01 -0400, Rob Crittenden wrote:
> I set precedence in the wrong entry of the modrdn plugin so it w
Martin Kosek wrote:
On Tue, 2011-09-13 at 10:15 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-09-12 at 11:01 -0400, Rob Crittenden wrote:
I set precedence in the wrong entry of the modrdn plugin so it wasn't
having any effect. This should fix it.
rob
Works fine.
Shouldn't w
On 09/13/2011 09:08 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1787
In 'IPA Server/RBAC/Permission/Settings/Rights' is missing a option
for setting 'read' permission which is supported in CLI.
___
Freeipa-devel mailing list
F
On Tue, 2011-09-13 at 10:15 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2011-09-12 at 11:01 -0400, Rob Crittenden wrote:
> >> I set precedence in the wrong entry of the modrdn plugin so it wasn't
> >> having any effect. This should fix it.
> >>
> >> rob
> >
> > Works fine.
> >
>
To convert an older build where the PKI system wasn't proxied:
awk '{print $0} /Define an AJP 1.3 Connector on port/ {print
"/>}" }' /etc/pki-ca/server.xml > server.xml.new ; mv server.xml.new
/etc/pki-ca/server.xml
sed -e "s/\[PKI_MACHINE_NAME\]/$HOSTNAME/g" -e
"s/\[PKI_AJP_PORT\]/9444/
On Tue, 2011-09-13 at 09:58 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Fri, 2011-09-09 at 17:41 -0400, Rob Crittenden wrote:
> >> - Remove ipa-pki-proxy.conf when IPA is uninstalled
> >> - Move file removal to httpinstance.py and use remove_file()
> >> - Add a version stanza
> >> - C
Martin Kosek wrote:
On Mon, 2011-09-12 at 11:01 -0400, Rob Crittenden wrote:
I set precedence in the wrong entry of the modrdn plugin so it wasn't
having any effect. This should fix it.
rob
Works fine.
Shouldn't we remove errorneous nsslapd-pluginprecedence from cn=Kerberos
Principal Name,cn
Alexander Bokovoy wrote:
On Mon, 12 Sep 2011, Rob Crittenden wrote:
Remove the lower-case normalizer on roles, privileges and
permissions. Mixed-case works fine.
ACK.
I suppose we don't need any unit-test for lift of restriction...
pushed to master and ipa-2-1
Martin Kosek wrote:
On Fri, 2011-09-09 at 17:41 -0400, Rob Crittenden wrote:
- Remove ipa-pki-proxy.conf when IPA is uninstalled
- Move file removal to httpinstance.py and use remove_file()
- Add a version stanza
- Create the file if it doesn't exist on upgraded installs
https://fedorahosted.or
On Tue, 2011-09-13 at 16:33 +0300, Alexander Bokovoy wrote:
> On Tue, 13 Sep 2011, Stephen Gallagher wrote:
> > > > File "/usr/lib/python2.7/site-packages/SSSDConfig.py", line 1207, in
> > > > import_config
> > > > fd = open(configfile, 'r')
> > > > IOError: [Errno 2] No such file or directo
JR Aquino wrote:
On Sep 8, 2011, at 10:41 AM, JR Aquino wrote:
On Sep 8, 2011, at 10:06 AM, JR Aquino wrote:
On Sep 8, 2011, at 4:38 AM, Martin Kosek wrote:
On Tue, 2011-09-06 at 22:33 +, JR Aquino wrote:
On Jul 22, 2011, at 6:54 AM, Martin Kosek wrote:
On Thu, 2011-07-21 at 23:00 +0
On Fri, 2011-09-09 at 17:41 -0400, Rob Crittenden wrote:
> - Remove ipa-pki-proxy.conf when IPA is uninstalled
> - Move file removal to httpinstance.py and use remove_file()
> - Add a version stanza
> - Create the file if it doesn't exist on upgraded installs
>
> https://fedorahosted.org/freeipa/t
On Tue, 2011-09-13 at 16:22 +0300, Alexander Bokovoy wrote:
> On Tue, 13 Sep 2011, Martin Kosek wrote:
> > > So this patch is unblocked. To solve delayed data initialization from
> > > SSSD in NSS responder we might simply increase number of tries to 10
> > > in case SSSD is in use.
> > That soun
On Tue, 13 Sep 2011, Stephen Gallagher wrote:
> > > File "/usr/lib/python2.7/site-packages/SSSDConfig.py", line 1207, in
> > > import_config
> > > fd = open(configfile, 'r')
> > > IOError: [Errno 2] No such file or directory: '/etc/sssd/sssd.conf'
> > Right, we need to fallback to new sssd.c
On Tue, 2011-09-13 at 16:22 +0300, Alexander Bokovoy wrote:
> On Tue, 13 Sep 2011, Martin Kosek wrote:
> > > So this patch is unblocked. To solve delayed data initialization from
> > > SSSD in NSS responder we might simply increase number of tries to 10
> > > in case SSSD is in use.
> > That soun
On Tue, 13 Sep 2011, Martin Kosek wrote:
> > So this patch is unblocked. To solve delayed data initialization from
> > SSSD in NSS responder we might simply increase number of tries to 10
> > in case SSSD is in use.
> That sounds good. I made few tests of this patch and I still see a
> problem he
On Tue, 2011-09-13 at 15:08 +0200, Martin Kosek wrote:
> On Tue, 2011-09-13 at 15:11 +0300, Alexander Bokovoy wrote:
> > On Thu, 08 Sep 2011, Alexander Bokovoy wrote:
> >
> > > On Wed, 07 Sep 2011, Stephen Gallagher wrote:
> > >
> > > > On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
On Tue, 2011-09-13 at 15:11 +0300, Alexander Bokovoy wrote:
> On Thu, 08 Sep 2011, Alexander Bokovoy wrote:
>
> > On Wed, 07 Sep 2011, Stephen Gallagher wrote:
> >
> > > On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
> > > > Hi!
> > > >
> > > > When modifying SSSD configuration, att
https://fedorahosted.org/freeipa/ticket/1787
In 'IPA Server/RBAC/Permission/Settings/Rights' is missing a option for
setting 'read' permission which is supported in CLI.
--
Petr Vobornik
From 6110e275e36adf310fc56d3d72480b1512a76be2 Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Tue, 13 S
On 09/13/2011 08:04 AM, Endi Sukma Dewata wrote:
The labels from entity parameter are actually more appropriate. I've
updated the patch to use them instead. I also fixed some of the labels
(the run-as group label & doc is incorrect).
ACK
--
Petr Vobornik
_
https://fedorahosted.org/freeipa/ticket/1788
Removed code duplication of undo links.
Simplified code of widget creation to be more readable.
--
Petr Vobornik
From c1e47469cd394c8934e0a6bf3cc84e88b5a6bb5a Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Tue, 13 Sep 2011 13:53:54 +0200
Subject:
On Thu, 08 Sep 2011, Alexander Bokovoy wrote:
> On Wed, 07 Sep 2011, Stephen Gallagher wrote:
>
> > On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
> > > Hi!
> > >
> > > When modifying SSSD configuration, attempt to add new domain rather
> > > than replacing whole configuration file
On Mon, 2011-09-12 at 11:01 -0400, Rob Crittenden wrote:
> I set precedence in the wrong entry of the modrdn plugin so it wasn't
> having any effect. This should fix it.
>
> rob
Works fine.
Shouldn't we remove errorneous nsslapd-pluginprecedence from cn=Kerberos
Principal Name,cn=IPA MODRDN,cn=
On Tue, 2011-09-13 at 13:17 +0200, Martin Kosek wrote:
> On Tue, 2011-09-13 at 11:54 +0300, Alexander Bokovoy wrote:
> > When external host is specified in HBAC rule, allow its use in simulation
> >
> > https://fedorahosted.org/freeipa/ticket/1763
> >
> > When external host is specified in HBAC r
On Tue, 2011-09-13 at 12:44 +0200, Sumit Bose wrote:
> Hi,
>
> in ipa-dns-install installutils.check_server_configuration() is called
> before standard_logging_setup() but already calls logging.debug() and
> all settings from standard_logging_setup() are ignored. The attached
> patch should fix it
On Tue, 2011-09-13 at 11:54 +0300, Alexander Bokovoy wrote:
> When external host is specified in HBAC rule, allow its use in simulation
>
> https://fedorahosted.org/freeipa/ticket/1763
>
> When external host is specified in HBAC rule, it needs to be added to
> the set of source hosts this rule ap
Hi,
in ipa-dns-install installutils.check_server_configuration() is called
before standard_logging_setup() but already calls logging.debug() and
all settings from standard_logging_setup() are ignored. The attached
patch should fix it.
bye,
Sumit
From 4379fda4b40d0a8b76d2ec9ee960904d321acc2f Mon S
On Mon, 2011-09-12 at 17:49 +0300, Alexander Bokovoy wrote:
> On Mon, 12 Sep 2011, Martin Kosek wrote:
> > Good job! This all looks very good, I found no installation error in
> > various scenarios I tried. I only found a problem with mixed tabs-spaces
> > indentation. You introduced it at least in
On Mon, 2011-09-12 at 10:58 +0300, Alexander Bokovoy wrote:
> Hi,
>
> As the patchset is rather big, I'm sending pull request from my
> fedorapeople.org git repository instead of separate patches.
>
> This is pull request for ipa-2-1, I'll send pull request for master
> branch as a separate ema
When external host is specified in HBAC rule, allow its use in simulation
https://fedorahosted.org/freeipa/ticket/1763
When external host is specified in HBAC rule, it needs to be added to
the set of source hosts this rule applies to. Add (list of external hosts)
explicitly when converting FreeIP
On Tue, 13 Sep 2011, Jan Cholasta wrote:
> >>What about IDN hosts? With this change we would require them to be
> >>always in Punycode?
> >>
> >
> >Oh, hadn't considered that, I was just following the relevent RFCs. Is
> >there a way we can easily support those as well?
>
> The easiest way would p
On 12.9.2011 22:13, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Mon, 12 Sep 2011, Rob Crittenden wrote:
Limit hostnames to letters, digits and - with a max length of 255
takes_params = (
Str('fqdn', validate_host,
+ pattern='^[a-zA-Z0-9][a-zA-Z0-9-\.]{0,254}$',
+ pattern_errmsg='may onl
40 matches
Mail list logo
