Rob Crittenden wrote:
Rather than manually adding users to the default ipa users group
configure automember to do it for us.
This was quite simple for new installs but a bit complex on upgrades so
I implemented it as an update plugin.
I also added a unit test for the config module. The majority
Rather than manually adding users to the default ipa users group
configure automember to do it for us.
This was quite simple for new installs but a bit complex on upgrades so
I implemented it as an update plugin.
I also added a unit test for the config module. The majority of config
is ignor
On 12/12/2011 07:15 PM, Simo Sorce wrote:
> On Mon, 2011-12-12 at 15:22 -0500, Rob Crittenden wrote:
>> This patch adds support for s4u2proxy. This means that the Apache
>> server
>> will obtain the ldap service ticket on behalf of the user rather than
>> the using having to send their TGT. The u
On Mon, 2011-12-12 at 15:22 -0500, Rob Crittenden wrote:
> This patch adds support for s4u2proxy. This means that the Apache
> server
> will obtain the ldap service ticket on behalf of the user rather than
> the using having to send their TGT. The user's ticket still needs to
> be
> forwardable,
On Mon, 12 Dec 2011, Rob Crittenden wrote:
> >>actual members, it treats it as a no-op. We should probably be
> >>consistent.
> >Don't understand. Did you mean 'to not provide any actual members'?
> >
> >In case you did, attached patch removes remaining checks for
> >runas_{user,group) to be False.
Ondrej Hamada wrote:
On 12/09/2011 08:46 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/29/2011 10:31 AM, Martin Kosek wrote:
On Thu, 2011-11-24 at 17:51 +0100, Ondrej Hamada wrote:
On 11/24/2011 03:54 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/1979
I've used cod
Alexander Bokovoy wrote:
On Fri, 02 Dec 2011, Rob Crittenden wrote:
Alexander Bokovoy wrote:
Hi,
FreeIPA SUDO rules use --usercat/--groupcat to specify that rule
applies to all users or groups. Thus, sudorule-add-runasuser and
sudorule-add-runasgroup accept specific groups and users and do not
This patch makes all categories and their equivalent members mutually
exclusive like in the HBAC plugin. So if you have usercat='all' you
can't add users.
Added test cases for these as well.
I also modified the default list of attributes to include the RunAs
attributes.
rob
>From cee85b3cc8
On Mon, 12 Dec 2011, Sumit Bose wrote:
> > --password [type-specific parameters]
> >
> > Creates a trust between FreeIPA realm and another realm of selected
> > type. Only 'ads' type is currently supported.
> >
> > For 'ads' type running `ipa trust-add' would be equivalent to
> > following seq
On Mon, 12 Dec 2011, Rob Crittenden wrote:
> Alexander Bokovoy wrote:
> >Hi,
> >
> >I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
> >management CLI and GUI. It is quite apparent that most of management
> >commands will be similar to all future trust types (AD, IPA, etc),
> >thus, i
On Mon, 12 Dec 2011, Simo Sorce wrote:
> > Creates a trust between FreeIPA realm and another realm of selected
> > type. Only 'ads' type is currently supported.
> >
> > For 'ads' type running `ipa trust-add' would be equivalent to
> > following sequence:
> > * ipa-adtrust-install
> > * net rpc
This patch adds support for s4u2proxy. This means that the Apache server
will obtain the ldap service ticket on behalf of the user rather than
the using having to send their TGT. The user's ticket still needs to be
forwardable, we just don't require it to be forwarded any more.
This patch has
On 12/12/2011 12:21 PM, Petr Vobornik wrote:
Facet tabs are now colored according to their group.
https://fedorahosted.org/freeipa/ticket/1976
This is how it looks:
http://edewata.fedorapeople.org/freeipa/install/ui/#identity=group&navigation=identity&group-facet=default&group-pkey=editors
S
On 12/12/2011 9:27 AM, Petr Vobornik wrote:
This patch works with assumption that user in self-service mode doesn't
have rights for enrolling/un-enrolling himself to/from group, role, hbac
rule, net group, sudo rule. He can only read the attributes. Therefore
in self service mode all user associa
On Mon, Dec 12, 2011 at 07:49:04PM +0200, Alexander Bokovoy wrote:
> Hi,
>
> I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
> management CLI and GUI. It is quite apparent that most of management
> commands will be similar to all future trust types (AD, IPA, etc),
> thus, it make
Alexander Bokovoy wrote:
Hi,
I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
management CLI and GUI. It is quite apparent that most of management
commands will be similar to all future trust types (AD, IPA, etc),
thus, it makes sense to develop a generalized `ipa trust' family of
On Mon, 2011-12-12 at 19:49 +0200, Alexander Bokovoy wrote:
> Hi,
>
> I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
> management CLI and GUI. It is quite apparent that most of management
> commands will be similar to all future trust types (AD, IPA, etc),
> thus, it makes sense
Facet tabs are now colored according to their group.
https://fedorahosted.org/freeipa/ticket/1976
--
Petr Vobornik
From bdb6e0137f2e22ebb4d7c45e471e716588d171fd Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Mon, 12 Dec 2011 19:16:46 +0100
Subject: [PATCH] Added facet tabs coloring
Facet t
Hi,
I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
management CLI and GUI. It is quite apparent that most of management
commands will be similar to all future trust types (AD, IPA, etc),
thus, it makes sense to develop a generalized `ipa trust' family of
commands that would app
On 12/12/2011 7:32 AM, Petr Vobornik wrote:
The first option is we could modify this page to use a table for each
type, similar to HBAC/sudo rule. For example:
SRV Records
x | Priority | Weight | Port | Target [Delete] [Add]
---
x | 0 | 100 |
This patch works with assumption that user in self-service mode doesn't
have rights for enrolling/un-enrolling himself to/from group, role, hbac
rule, net group, sudo rule. He can only read the attributes. Therefore
in self service mode all user association facets are set read only.
Checking a
On 12/09/2011 08:02 AM, Endi Sukma Dewata wrote:
On 11/28/2011 10:35 AM, Martin Kosek wrote:
I have prepared a working prototype of the new structured DNS API. It
may still have rough edges (and unit tests are not ready), but it will
provide a base for discussion and for WebUI folks - so that th
On 12/09/2011 08:46 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/29/2011 10:31 AM, Martin Kosek wrote:
On Thu, 2011-11-24 at 17:51 +0100, Ondrej Hamada wrote:
On 11/24/2011 03:54 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/1979
I've used code from ipalib/plugins/
23 matches
Mail list logo
