On Fri, 13 Jul 2012, Alexander Bokovoy wrote:
Hi,
when adding AD trusts support, we need to ensure we have valid kerberos
ticket of the user from 'admins' group or otherwise appropriate ACIs
will not be granted.
This patch introduces a check for that. We already check if
ipa-adtrust-install is
On 07/13/2012 03:48 PM, Adam Tkac wrote:
On Thu, Jul 12, 2012 at 05:18:35PM +0200, Petr Spacek wrote:
Hello,
this patch fixes occasional crashes caused by incorrect error
handling in ldap_pool_*() functions.
https://fedorahosted.org/bind-dyndb-ldap/ticket/84
It can be caused by memory allocat
On 07/13/2012 03:47 PM, Adam Tkac wrote:
On Wed, Jul 11, 2012 at 03:54:07PM +0200, Petr Spacek wrote:
Hello,
this patch fixes bug introduced by CVE-2012-2134 fix (commit
cd33194c5a61e98cba53212458cce02b849077ba).
From cd33194c5a61e98cba53212458cce02b849077ba up to now each query
for nonexiste
On 07/13/2012 03:42 PM, Adam Tkac wrote:
On Tue, Jul 10, 2012 at 03:57:24PM +0200, Petr Spacek wrote:
Hello,
these patches provides SOA serial auto-increment feature for external changes.
Related ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/67
It is necessary to set "psearch" AND "s
Hi,
when adding AD trusts support, we need to ensure we have valid kerberos
ticket of the user from 'admins' group or otherwise appropriate ACIs
will not be granted.
This patch introduces a check for that. We already check if
ipa-adtrust-install is run by root so this complements existing checks
Martin Kosek wrote:
RFC 1912 states that no record (besides PTR) is allowed to coexist
with any other record type. When BIND detects this situation, it
refuses to load such records.
Enforce the constrain for dnsrecord-mod and dnsrecord-add commands.
https://fedorahosted.org/freeipa/ticket/2601
On 07/13/2012 04:00 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 07/12/2012 07:46 AM, Martin Kosek wrote:
>>> On 07/11/2012 09:27 PM, Rob Crittenden wrote:
Martin Kosek wrote:
> IPA 3.0 introduced range ID objects in replicated space which specify
> a range of IDs assigned via
On 07/13/2012 03:47 PM, Jan Cholasta wrote:
> Dne 12.7.2012 16:25, Martin Kosek napsal(a):
>> On 07/02/2012 08:45 AM, Martin Kosek wrote:
>>> On 06/29/2012 09:00 PM, Rob Crittenden wrote:
Martin Kosek wrote:
> This patch enables currently developed SOA serial autoincrement feature in
>
Martin Kosek wrote:
On 07/12/2012 07:46 AM, Martin Kosek wrote:
On 07/11/2012 09:27 PM, Rob Crittenden wrote:
Martin Kosek wrote:
IPA 3.0 introduced range ID objects in replicated space which specify
a range of IDs assigned via DNA plugin. ipa-ldap-updater generates the
default ID range which
On Wed, Jul 11, 2012 at 03:54:07PM +0200, Petr Spacek wrote:
> Hello,
>
> this patch fixes bug introduced by CVE-2012-2134 fix (commit
> cd33194c5a61e98cba53212458cce02b849077ba).
>
> From cd33194c5a61e98cba53212458cce02b849077ba up to now each query
> for nonexistent DNS name results to two (exa
On Thu, Jul 12, 2012 at 05:18:35PM +0200, Petr Spacek wrote:
> Hello,
>
> this patch fixes occasional crashes caused by incorrect error
> handling in ldap_pool_*() functions.
>
> https://fedorahosted.org/bind-dyndb-ldap/ticket/84
>
> It can be caused by memory allocation error OR timeout during
Dne 12.7.2012 16:25, Martin Kosek napsal(a):
On 07/02/2012 08:45 AM, Martin Kosek wrote:
On 06/29/2012 09:00 PM, Rob Crittenden wrote:
Martin Kosek wrote:
This patch enables currently developed SOA serial autoincrement feature in
bind-dyndb-ldap. The patch may be updated if any assumptions abo
On Wed, Jul 11, 2012 at 03:10:11PM +0200, Petr Spacek wrote:
> Hello,
>
> this patch adds documention for serial_autoincrement feature to README.
Please add note about slave servers. Slave servers should be configured to use
only one IPA master when serial_autoincrement is enabled, otherwise thin
On Tue, Jul 10, 2012 at 03:57:24PM +0200, Petr Spacek wrote:
> Hello,
>
> these patches provides SOA serial auto-increment feature for external changes.
> Related ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/67
>
> It is necessary to set "psearch" AND "serial_autoincrement" to "yes"
>
On Tue, 2012-07-10 at 23:04 +0200, Sumit Bose wrote:
> Hi,
>
> the following two patches are the first step to fix
> https://fedorahosted.org/freeipa/ticket/2881. Unit tests with time
> measurements are added and the performance of the get_group_sids()
> function is improved by an order of magnitu
On 07/13/2012 02:20 PM, Jan Cholasta wrote:
> Dne 11.7.2012 10:34, Martin Kosek napsal(a):
>> On 07/04/2012 09:13 AM, Martin Kosek wrote:
>>> I did various tests with IPv4 and IPv6 and everything worked for me. I also
>>> tried a mixed IPv4+IPv6 and IPv6-only environment and I was able to install
Dne 11.7.2012 10:34, Martin Kosek napsal(a):
On 07/04/2012 09:13 AM, Martin Kosek wrote:
I did various tests with IPv4 and IPv6 and everything worked for me. I also
tried a mixed IPv4+IPv6 and IPv6-only environment and I was able to install an
IPv6-only replica without issues.
---
Many functio
On 07/13/2012 01:17 PM, Adam Tkac wrote:
On Tue, Jul 10, 2012 at 03:15:03PM +0200, Petr Spacek wrote:
Hello,
this patch adds an debug message to ldap_cache_addrdatalist().
It is very useful for persistent search debugging.
Hi,
although idea of the patch is fine, I don't think that statement
On Mon, 2012-04-02 at 17:50 +0200, Sumit Bose wrote:
> On Thu, Mar 29, 2012 at 05:02:31PM -0400, Simo Sorce wrote:
> > On Thu, 2012-03-29 at 16:30 +0300, Alexander Bokovoy wrote:
> > > This is due to some krbtgt/realm@REALM searches performed in KDC
> > > without
> > > allowing for principal aliase
On Tue, Jul 10, 2012 at 03:15:03PM +0200, Petr Spacek wrote:
> Hello,
>
> this patch adds an debug message to ldap_cache_addrdatalist().
>
> It is very useful for persistent search debugging.
Hi,
although idea of the patch is fine, I don't think that statements which allocate
memory should be i
On 06/27/2012 03:32 PM, William Brown wrote:
Hi,
I have been working on adding support for FreeIPA to support
configuration storage for ISC-DHCP 4.X servers. I have added the schema
which is included at installation, added the template / empty files that
will be filled in and used for the instal
Hey All ,
where can to try an Multitenancy IPA 3.0 system or change , config
my hope .. one ldap-system which sub system
my hope .. for only Tenant one KDC over other port .. ( same linux system
)
Can i try that !
Klaus
Best Regards,
Klaus Eckel, UNIX
Consultant HPC (AIX,Linux) GP
RFC 1912 states that no record (besides PTR) is allowed to coexist
with any other record type. When BIND detects this situation, it
refuses to load such records.
Enforce the constrain for dnsrecord-mod and dnsrecord-add commands.
https://fedorahosted.org/freeipa/ticket/2601
--
Martin Kosek
Red
23 matches
Mail list logo