[Freeipa-devel] [PATCH] 984 fix anonlimits dn

The value of nsslapd-anonlimitsdn wasn't being set properly because it wasn't quoted. This will fix it, replacing whatever is there with a correct value. rob >From a20cb5be4922df78c3ad0ede74bfae5cc9d617a1 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 7 Mar 2012 17:59:19 -0500 Subjec

[Freeipa-devel] [PATCH] 983 add subject key identifier

Add subject key identifier to the dogtag server cert profile. This will add it on upgrades too and any new certs issued will have a subject key identifier set. If the user has customized the profile themselves then this won't be applied. rob >From 830740ea18e92fa7ea2bf6d8db16a2aadc43e76f Mo

[Freeipa-devel] [PATCH] 982 tweak to no_init patch

I discovered today that cert-request was failing with an untrusted CA error. The problem had to do with the NSS no_init patch. We were setting dbdir in the connection object too soon so it was comparing itself to itself and always determined that NSS was initialized just fine. This needs to be

Re: [Freeipa-devel] [PATCH] 231 Ignore case in yes/no prompts

On Wed, 2012-03-07 at 10:45 +0100, Petr Viktorin wrote: > On 03/07/2012 10:40 AM, Petr Viktorin wrote: > > On 03/06/2012 06:40 PM, Martin Kosek wrote: > >> We did not accept answers like "Yes", "YES", "No", etc. as valid > >> answers to yes/no prompts (used for example in dnsrecord-del > >> interac

[Freeipa-devel] [PATCH] 232 Treat UPGs correctly in winsync replication

There are some test hints attached to the ticket. --- IPA winsync plugin failed to replicate users when default user group was non-posix even though User Private Groups (UPG) were enabled on the server. Both their uidNumber and gidNumber were empty and they missed essential object classes. When the

Re: [Freeipa-devel] [PATCH] 104 Fixed mask validation in network_validator

Attaching patch file. On 03/07/2012 05:10 PM, Petr Vobornik wrote: Network validator allowed invalid mask format: * leading zeros: 192.168.0.1/0024 * trailing chars: 192.168.0.1/24abcd It was fixed. https://fedorahosted.org/freeipa/ticket/2493 -- Petr Vobornik From bdc47a1f588a0e406c66467fae

Re: [Freeipa-devel] [PATCH] 924 display both hex and decimal serial numbers

Petr Vobornik wrote: On 03/06/2012 09:56 PM, Rob Crittenden wrote: Rob Crittenden wrote: Jan Cholasta wrote: Dne 18.1.2012 00:04, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 16.1.2012 22:02, Rob Crittenden napsal(a): Rob Crittenden wrote: Jan Cholasta wrote: Dne 13.1.2012 20:53, Rob

[Freeipa-devel] [PATCH] 104 Fixed mask validation in network_validator

Network validator allowed invalid mask format: * leading zeros: 192.168.0.1/0024 * trailing chars: 192.168.0.1/24abcd It was fixed. https://fedorahosted.org/freeipa/ticket/2493 -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

[Freeipa-devel] [PATCH] 102-103 UI part of 'Add last missing bits in new bind-dyndb-ldap'

1) Add support of new options in dnsconfig dnsconfig was extended of new attributes, so reflecting it in UI. New attributes: * idnsForwardPolicy * idnsAllowSyncPTR * idnsZoneRefresh https://fedorahosted.org/freeipa/ticket/2489 2) DNS forwarder's value can consist of IP address and a port

Re: [Freeipa-devel] [PATCH] 924 display both hex and decimal serial numbers

On 03/06/2012 09:56 PM, Rob Crittenden wrote: Rob Crittenden wrote: Jan Cholasta wrote: Dne 18.1.2012 00:04, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 16.1.2012 22:02, Rob Crittenden napsal(a): Rob Crittenden wrote: Jan Cholasta wrote: Dne 13.1.2012 20:53, Rob Crittenden napsal(a):

Re: [Freeipa-devel] [PATCH] 227-228 Add last missing bits in new bind-dyndb-ldap

On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote: > These 2 patches changes the DNS API to support the last missing bits in > new bind-dyndb-ldap: > > 1) Both global and per-zone forwarders now support a conditional custom > port (with format "IP_ADDRESS PORT") > 2) Missing global configurati

[Freeipa-devel] [PATCH] 981 set httpd_manage_ipa

Set SELinux boolean httpd_manage_ipa so ipa_memcached will work in enforcing mode. This is being done in the HTTP instance so we can set both booleans in one step and save a bit of time (it is still slow). rob >From 2794abe72ebbdc38503cdf3cc779fa41d6e14a92 Mon Sep 17 00:00:00 2001 From: Rob C

[Freeipa-devel] [PATCH] 0021 Add CLI tests

Most of the tests we have check if the server does the right thing with XML-RPC calls. How the commandline is converted to command arguments, including interactive prompting, is untested. This patch adds some tests in this area. To do that I had to break up cli.run into more manageable pieces, a

Re: [Freeipa-devel] [PATCH] 231 Ignore case in yes/no prompts

On 03/07/2012 10:40 AM, Petr Viktorin wrote: On 03/06/2012 06:40 PM, Martin Kosek wrote: We did not accept answers like "Yes", "YES", "No", etc. as valid answers to yes/no prompts (used for example in dnsrecord-del interactive mode). This could confuse users. This patch changes the behavior to i

Re: [Freeipa-devel] [PATCH] 231 Ignore case in yes/no prompts

On 03/06/2012 06:40 PM, Martin Kosek wrote: We did not accept answers like "Yes", "YES", "No", etc. as valid answers to yes/no prompts (used for example in dnsrecord-del interactive mode). This could confuse users. This patch changes the behavior to ignore the answer case. https://fedorahosted.o