Re: [Freeipa-devel] [RFE] Anonymous and All permissions

2013-11-04 Thread Petr Viktorin
On 11/04/2013 04:33 PM, Martin Kosek wrote: On 11/04/2013 02:49 PM, Petr Viktorin wrote: Hello, During discussions about fine-grained read ACIs [0], it became clear that we need to grant permissions to "all authenticated" and "all, even anonymous" users. Here is a design document for the feat

Re: [Freeipa-devel] [PATCHES] 0289-0302 Managed Read permissions

2013-11-04 Thread Martin Kosek
On 11/04/2013 04:48 PM, Petr Viktorin wrote: > On 10/21/2013 03:57 PM, Martin Kosek wrote: >> On 10/18/2013 04:28 PM, Petr Viktorin wrote: > [...] >>> >>> Alright, I'm crafting an updated design page with the above in mind. Here >>> are >>> the main differences. >>> >>> >>> New permissions won't (

Re: [Freeipa-devel] [PATCH] 0126 Guard ipa-server-install from missing trusts support

2013-11-04 Thread Martin Kosek
On 11/04/2013 04:24 PM, Alexander Bokovoy wrote: > Hi! > > Attached patch is needed to cover the case when freeipa-server-trust-ad > package is not installed since FreeIPA 3.3.3 does now import > adtrustinstance to handle ipa-server-install --uninstall. > > We need to issue a package update to al

Re: [Freeipa-devel] [PATCHES] 0289-0302 Managed Read permissions

2013-11-04 Thread Petr Viktorin
On 10/21/2013 03:57 PM, Martin Kosek wrote: On 10/18/2013 04:28 PM, Petr Viktorin wrote: [...] Alright, I'm crafting an updated design page with the above in mind. Here are the main differences. New permissions won't (necessarily) be in $SUFFIX, so old IPA servers will not be able to modify

Re: [Freeipa-devel] [RFE] Anonymous and All permissions

2013-11-04 Thread Martin Kosek
On 11/04/2013 02:49 PM, Petr Viktorin wrote: > Hello, > > During discussions about fine-grained read ACIs [0], it became clear that we > need to grant permissions to "all authenticated" and "all, even anonymous" > users. > > Here is a design document for the feature: > http://www.freeipa.org/pag

[Freeipa-devel] [PATCH] 0126 Guard ipa-server-install from missing trusts support

2013-11-04 Thread Alexander Bokovoy
Hi! Attached patch is needed to cover the case when freeipa-server-trust-ad package is not installed since FreeIPA 3.3.3 does now import adtrustinstance to handle ipa-server-install --uninstall. We need to issue a package update to all releases where FreeIPA 3.3.3 packages are available. -- /

[Freeipa-devel] [RFE] Anonymous and All permissions

2013-11-04 Thread Petr Viktorin
Hello, During discussions about fine-grained read ACIs [0], it became clear that we need to grant permissions to "all authenticated" and "all, even anonymous" users. Here is a design document for the feature: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions [0] http://www.redhat

[Freeipa-devel] [PATCH] 0315 Fix debug output in integration test

2013-11-04 Thread Petr Viktorin
Recent ipaldap refactoring broke the simple_replication test; here is a fix. Pushed as one-liner to master: 1f6880c59059496f5002111cd0b5f16cc51961db -- PetrĀ³ From 95c229b617342f9fb46373428abbc5ba4c7778e4 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 1 Nov 2013 15:17:46 +0100 Subject: