[Freeipa-devel] [PATCH] Allow ipa-replica-conncheck and ipa-adtrust-install to read krb5 includedir

The krb5 includedir uses a different delimeter (space) than the rest of the krb5 config file (equal sign). But only the ipa-client-install and ipa-server-install scripts were set with the correct delimeters. This patch also adds the delimeters to ipa-adtrust-install and ipa-replica-conncheck. >From

Re: [Freeipa-devel] [PATCH] 356 Add trusconfig-show and trustconfig-mod commands

On Fri, 01 Feb 2013, Martin Kosek wrote: On 02/01/2013 03:55 PM, Alexander Bokovoy wrote: On Tue, 29 Jan 2013, Martin Kosek wrote: trust_output_params = ( @@ -482,3 +499,158 @@ api.register(trust_mod) api.register(trust_del) api.register(trust_find) api.register(trust_show) + + +_trust_type_opt

[Freeipa-devel] [PATCH] 369 Fix permission_find test error

Remove extraneous memberindirect_role attribute from permission_find unit test to avoid false negative test result. Pushed as a one-liner to all affected branches: master, ipa-3-1, ipa-3-0. Martin From 9547266709f1e0ce75ec45a6c6b9e94a8b344e51 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Fri

Re: [Freeipa-devel] [PATCH 0030] Add option to specify SID using domain name to idrange-add/mod

On 02/08/2013 03:25 PM, Alexander Bokovoy wrote: On Mon, 04 Feb 2013, Tomas Babej wrote: Hi, When adding/modifying an ID range for a trusted domain, the newly added option --dom-name can be used. This looks up SID of the trusted domain in LDAP and therefore the user is not required to write it

Re: [Freeipa-devel] [PATCH] 1086 handle no entries migrated

On 02/08/2013 03:44 PM, Rob Crittenden wrote: > The migration performance patch added a crash bug if no entries were > successfully migrated. This should fix it. > > rob > ACK. Pushed to master, ipa-3-1, ipa-3-0. Martin ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCHES 0031-0032] Improve HBAC rule handling in selinuxusermap-add/mod/find

On 02/06/2013 07:57 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, this pair of patches improves HBAC rule handling in selinuxusermap commands. Patch 0031 deals with: https://fedorahosted.org/freeipa/ticket/3349 Patch 0032 takes care of: https://fedorahosted.org/freeipa/ticket/3348 and is

Re: [Freeipa-devel] [PATCH 0026] Prevent integer overflow when setting krbPasswordExpiration

On 01/25/2013 12:45 AM, Simo Sorce wrote: > On Wed, 2013-01-23 at 14:00 +0100, Tomas Babej wrote: >> On 01/22/2013 07:39 PM, Dmitri Pal wrote: >>> On 01/22/2013 10:57 AM, Simo Sorce wrote: On Tue, 2013-01-22 at 15:50 +0100, Tomas Babej wrote: > Here I bring the updated version of the patch

[Freeipa-devel] [PATCH] 1086 handle no entries migrated

The migration performance patch added a crash bug if no entries were successfully migrated. This should fix it. rob >From 3724f1ee1fb4e231586d253c922c7dcf3e26f459 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 8 Feb 2013 09:42:34 -0500 Subject: [PATCH] Prevent a crash when no entries

Re: [Freeipa-devel] [PATCH 0030] Add option to specify SID using domain name to idrange-add/mod

On Mon, 04 Feb 2013, Tomas Babej wrote: Hi, When adding/modifying an ID range for a trusted domain, the newly added option --dom-name can be used. This looks up SID of the trusted domain in LDAP and therefore the user is not required to write it down in CLI. If the lookup fails, error message as

Re: [Freeipa-devel] [PATCH] 89 Raise ValidationError on invalid CSV values

On 01/28/2013 03:30 PM, Petr Viktorin wrote: > On 01/28/2013 10:29 AM, Jan Cholasta wrote: >> On 14.1.2013 12:56, Petr Viktorin wrote: >>> On 01/09/2013 06:11 PM, Jan Cholasta wrote: Hi, this patch fixes . Honza >>> >>> The

Re: [Freeipa-devel] [RFE] List of IPA realm domains

I have modified the design page as per suggestions posted on the list: * There will 2 commands (not 3): realmdomains-show and realmdomains-mod * Updates and Upgrades section updated to reflect the addition of new LDAP container http://www.freeipa.org/page/V3/Realm_Domains On 02/06/2013 06:27 PM

Re: [Freeipa-devel] [PATCH] 1085 cert-find command

Jan Cholasta wrote: Hi, On 6.2.2013 00:44, Rob Crittenden wrote: This adds a cert-find command for the dogtag backend. Searches can be done by serial number, by subject, revocation reason, issue date, notbefore, notafter and revocation dates. I added some basic tests for this. I made it a sep

[Freeipa-devel] [PATCH] 255 Added Web UI support for service PAC type option: NONE

Checkbox for NONE option was added. https://fedorahosted.org/freeipa/ticket/3404 Patches for master and 3.1 branch attached. -- Petr Vobornik From abd8ae1e9bd2443d6494ea1dcf66fd20de2be43a Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Tue, 5 Feb 2013 18:34:08 +0100 Subject: [PATCH] Added We

Re: [Freeipa-devel] [PATCH] 363-368 Configurable SID blacklists

On 02/08/2013 10:47 AM, Martin Kosek wrote: > Sending patches according to RFE: > http://www.freeipa.org/page/V3/Configurable_SID_Blacklists > > How this works: > > 1) Trust is added, SID blacklist is filled with default list (by ipa-sam > plugin). When SID blacklist attribute is missing (e.g. fo

[Freeipa-devel] [PATCH] 363-368 Configurable SID blacklists

Sending patches according to RFE: http://www.freeipa.org/page/V3/Configurable_SID_Blacklists How this works: 1) Trust is added, SID blacklist is filled with default list (by ipa-sam plugin). When SID blacklist attribute is missing (e.g. for current trusts), ipa-kdb will use the hardcoded list. #