On 01/13/2012 01:02 PM, Martin Kosek wrote:
This patch fixes RHEL 6.2 build issue.
Having float type as a base type for floating point parameter in
ipalib introduces several issues, e.g. problem with representation
or value comparison. Python language provides Decimal type which
help overcom
From 147094fcc960af10c5c918d205dbfa739bcd436c Mon Sep 17 00:00:00 2001
From: Rich Megginson
Date: Fri, 13 Jan 2012 14:58:45 -0700
Subject: [PATCH] Ticket #1891 - Rewrite IPA plugins to take advantage of the
single transaction
Make all ipa slapi plugins aware of slapi transactions.
Allow ipa sl
On Fri, 2012-01-13 at 10:28 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > aci_mod command is composed of 2 ACI commands: aci_del which
> > deletes the old ACI and aci_add which adds the new modified ACI.
> > However, if aci_add command fails then both new and the old ACI
> > are lost. Old
On Fri, 2012-01-13 at 10:48 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > It seems I sent two patches with number 189. Sending a patch with a
> > correct number.
> >
> > Martin
> >
> > On Tue, 2012-01-10 at 12:40 +0100, Martin Kosek wrote:
> >> Depends on my patch 188
> >> ---
> >> A serve
This patch fixes RHEL 6.2 build issue.
Having float type as a base type for floating point parameter in
ipalib introduces several issues, e.g. problem with representation
or value comparison. Python language provides Decimal type which
help overcome these issue.
This patch replaces a float ty
When viewing a certificate it will show the serial number as hex (dec).
# ipa service-show HTTP/rawhide.example.com
Principal: HTTP/rawhide.example@example.com
Certificate: [snip]
Keytab: True
Managed by: rawhide.example.com
Subject: CN=rawhide.example.com,O=EXAMPLE.COM
Serial Num
On Fri, 2012-01-13 at 12:38 -0500, Adam Young wrote:
> On 01/13/2012 11:09 AM, Petr Vobornik wrote:
> > I have created a helper tool (script) for updating
> > install/ui/test/data/*.json files which are used for offline
> > presentation of FreeIPA Web UI. So I'm sharing it as it might be
> > usefu
On 01/13/2012 11:09 AM, Petr Vobornik wrote:
I have created a helper tool (script) for updating
install/ui/test/data/*.json files which are used for offline
presentation of FreeIPA Web UI. So I'm sharing it as it might be
useful for others.
Main purpose:
* updating ipa_init*.json files (shoul
On Tue, 20 Dec 2011, Simo Sorce wrote:
> On Tue, 2011-12-20 at 12:46 -0500, Simo Sorce wrote:
> > This patch is needed to fix the slapi plugins to build against the
> > thread-safe (reentrant) version of openldap libraries.
> >
> > I haven't changed ipa-clients because they are not threaded progr
On 1/13/2012 10:59 AM, Endi Sukma Dewata wrote:
Fixed and pushed to master.
And ipa-2-2.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 1/13/2012 9:38 AM, Rob Crittenden wrote:
The certificate request dialog box has been modified to show
the OpenSSL commands for generating a CRL.
The realm and entry names in the test data have been fixed to
be more consistent.
Ticket #1012
ACK but you need to clean up the commit message. T
Jérôme Fenal wrote:
Jérôme Fenal -
ACK, pushed to master and ipa-2-2
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Cholasta wrote:
Dne 14.12.2011 16:21, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 14.12.2011 15:23, Rob Crittenden napsal(a):
Jan Cholasta wrote:
Dne 14.12.2011 05:20, Rob Crittenden napsal(a):
The sudo schema now defines sudoOrder, sudoNotBefore and sudoNotAfter
but these weren't
On 01/12/2012 10:53 PM, Rob Crittenden wrote:
John Dennis wrote:
On 01/12/2012 05:36 PM, Rob Crittenden wrote:
John Dennis wrote:
This patch adds an ipa memcached service, it does the following:
* adds SysV initscript for ipa_memcached
* adds systemd service file for ipa_memcached
* adds tm
On Fri, 13 Jan 2012, Rob Crittenden wrote:
> Alexander Bokovoy wrote:
> >When multiple HBAC rules are defined, IPA default limits to retrieve
> >objects may limit the scope of HBAC testing. To allow full range of
> >rules to be tested support for --sizelimit option is added.
> >
> >In addition, wh
I have created a helper tool (script) for updating
install/ui/test/data/*.json files which are used for offline
presentation of FreeIPA Web UI. So I'm sharing it as it might be useful
for others.
Main purpose:
* updating ipa_init*.json files (should replace old not-working bash script)
* creat
Martin Kosek wrote:
Ignore empty options when performing an ACI search so that the
find command does not crash.
https://fedorahosted.org/freeipa/ticket/2011
https://fedorahosted.org/freeipa/ticket/2012
I tested this and it works, I just wanted to confirm that this is the
behavior we want. Emp
Rob Crittenden wrote:
When adding a hostgroup check for current existence of hostgroup and
netgroup
The netgroup gets added automatically so we need to check in advance for
it. But we also need to look for the hostgroup otherwise the error
message is confusing (netgroup already exists).
Also co
Martin Kosek wrote:
It seems I sent two patches with number 189. Sending a patch with a
correct number.
Martin
On Tue, 2012-01-10 at 12:40 +0100, Martin Kosek wrote:
Depends on my patch 188
---
A server may have 2 or more NICs and its hostname may thus resolve
to 2 and more forward addresses.
Alexander Bokovoy wrote:
When multiple HBAC rules are defined, IPA default limits to retrieve
objects may limit the scope of HBAC testing. To allow full range of
rules to be tested support for --sizelimit option is added.
In addition, when --rules option is specified, make sure only those
rules
Endi Sukma Dewata wrote:
The certificate request dialog box has been modified to show
the OpenSSL commands for generating a CRL.
The realm and entry names in the test data have been fixed to
be more consistent.
Ticket #1012
ACK but you need to clean up the commit message. This is about CSR no
Martin Kosek wrote:
aci_mod command is composed of 2 ACI commands: aci_del which
deletes the old ACI and aci_add which adds the new modified ACI.
However, if aci_add command fails then both new and the old ACI
are lost. Old ACI must be restored in this case.
https://fedorahosted.org/freeipa/tick
On Fri, 2012-01-13 at 10:11 -0500, Rob Crittenden wrote:
> Simo Sorce wrote:
> > The work done to create the ipa-csreplica-manage tool introduced a bug
> > in normal replication agreements setups which caused replicas to not
> > properly filter out attributes that absoluteley must not be replicated
Rob Crittenden wrote:
A bug when creating replication agreements has caused memberOf to be
dropped from the exclusion list. This patch adds a tool that will find
and fix the agreements. It will be run when the package is installed so
end-users should never need to do anything, but it is harmless
Simo Sorce wrote:
The work done to create the ipa-csreplica-manage tool introduced a bug
in normal replication agreements setups which caused replicas to not
properly filter out attributes that absoluteley must not be replicated
around.
This patch should fix the issue.
Trac ticket TBC
Simo.
A
On Thu, 12 Jan 2012, Rob Crittenden wrote:
> >>(assuming joe doesn't already exist, of course).
> >Refactored the patch using original values from options[]:
> >
> >$ ipa sudorule-add-runasuser testr --group=all
> >ipa: ERROR: invalid 'runas-user': RunAsUser does not accept 'all' as a group
> >nam
On Thu, 2012-01-12 at 17:39 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Thu, 2012-01-05 at 16:36 -0500, Rob Crittenden wrote:
> >> Martin Kosek wrote:
> >>> Patches 185-186 are needed to make ipa-replica-install run without
> >>> crashes.
> >>>
> >>> How to test:
> >>>
> >>> on server
27 matches
Mail list logo
