On 04/16/2014 06:56 PM, Sumit Bose wrote:
On Wed, Apr 16, 2014 at 04:59:55PM +0300, Alexander Bokovoy wrote:
On Wed, 16 Apr 2014, Simo Sorce wrote:
...
Can you please list exactly which ones are needed ?
...
- objectclass ipaIDRange
- cn
- ipaBaseID
- ipaIDRangeSize
-
On 04/16/2014 03:58 PM, Martin Kosek wrote:
On 04/16/2014 03:52 PM, Simo Sorce wrote:
On Wed, 2014-04-16 at 10:35 +0200, Jan Cholasta wrote:
On 11.4.2014 13:31, Petr Viktorin wrote:
One of the default_attributes of permission is memberofindirect, a
virtual attribute manufactured by ldap2,
On Wed, Apr 16, 2014 at 09:02:00PM -0400, Dmitri Pal wrote:
On 04/15/2014 05:13 AM, Sumit Bose wrote:
Hi,
I have started to write a design page for 'Migrating existing
environments to Trust'
http://www.freeipa.org/page/V3/Migrating_existing_environments_to_Trust
It shall cover
On 04/16/2014 04:35 PM, Martin Kosek wrote:
On 04/15/2014 02:33 PM, Petr Viktorin wrote:
Read access to both rules and definitions is given to a new privilege,
'Automember Readers', as well as the existing 'Automember Task Administrator'.
This needs a mild rebase in 40-delegation.update. When
On 04/16/2014 03:04 PM, Simo Sorce wrote:
On Wed, 2014-04-16 at 15:00 +0200, Petr Viktorin wrote:
Simo, Rob, would you be OK with changing virtual operation
objectclass to our
own one to have a better control over it?
No, in general I am not ok to change objects that already exist in
IPA
On 04/09/2014 01:33 PM, Petr Viktorin wrote:
On 04/09/2014 12:07 PM, Tomas Babej wrote:
Hi,
the following batch deals with the following:
* cleans up apache's semaphores prior to installing IPA (CA install can
get stuck when IPA is reinstalled many times)
What happens if Apache is running
On Thu, 17 Apr 2014, Sumit Bose wrote:
On Wed, Apr 16, 2014 at 09:02:00PM -0400, Dmitri Pal wrote:
On 04/15/2014 05:13 AM, Sumit Bose wrote:
Hi,
I have started to write a design page for 'Migrating existing
environments to Trust'
On 04/17/2014 12:03 PM, Petr Viktorin wrote:
On 04/16/2014 04:35 PM, Martin Kosek wrote:
On 04/15/2014 02:33 PM, Petr Viktorin wrote:
Read access to both rules and definitions is given to a new privilege,
'Automember Readers', as well as the existing 'Automember Task
Administrator'.
This
On 04/16/2014 03:41 PM, Simo Sorce wrote:
On Wed, 2014-04-16 at 15:08 +0200, Martin Kosek wrote:
On 04/15/2014 04:55 PM, Petr Viktorin wrote:
Hello,
At Devconf, we decided what most of the default read permissions should look
like, but we did not get to user.
Here is a draft of 4 read
Hi,
This set of patches deals with bugs and extensions of ipa_range_check
plugin.
See commit messages for details.
Parts of: https://fedorahosted.org/freeipa/ticket/4137
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
ACK for 256 - 259.
On 04/01/2014 10:45 AM, Jan Cholasta wrote:
Hi,
while working with Martin Bašti on issues in his dns plugin patches we
ran into several limitations in the framework. The attached patches
remove these limitations.
Also, Tomáš Babej pointed out that when using --raw, all
On Thu, 17 Apr 2014, Tomas Babej wrote:
From 43cd26a0a42c3b18e4dbb5c6ed0f20ee1562b98a Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 16 Apr 2014 17:15:55 +0200
Subject: [PATCH] ipa_range_check: Use special attributes to determine presence
of RID bases
The
On Thu, 17 Apr 2014, Tomas Babej wrote:
From d714f77f1f162d1c7daeecf7a340f95ed3368f2d Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 16 Apr 2014 17:20:55 +0200
Subject: [PATCH] ipa_range_check: Connect the new node of the linked list
Part of:
On Thu, 17 Apr 2014, Tomas Babej wrote:
From 632c0ed1fca2cb48b981f6daac55badd59c9c263 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 16 Apr 2014 17:22:46 +0200
Subject: [PATCH] ipa_range_check: Make a new copy of forest_root_id attribute
for range_info struct
Not
On Thu, 17 Apr 2014, Tomas Babej wrote:
From ed60bd0e865aad85eb1ffa02d8aea7f76220c65c Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 16 Apr 2014 17:26:07 +0200
Subject: [PATCH] ipa_range_check: Do not fail when no trusted domain is
available
When building the domain to
Hi,
this patch modifies ipa-server-install to warn the user, if there is
a lack of entropy, also runs generate-rndc-key.sh before named restart,
to ensure, that it can start before systemd timeouts.
Thanks
Adam
From d405cea8dae5a03ab0f9d429d3251e8be9ae9fe2 Mon Sep 17 00:00:00 2001
From: Adam
Hello,
I created draft to split forward and master zone.
http://www.freeipa.org/page/V4/Forward_zones#Questions
There is question: should it be implemented as new command set, or as
--type={master|forward} parameter only. For details see link above in
section Questions.
Martin^2 Basti
On Thu, 17 Apr 2014, Tomas Babej wrote:
From 96f27c06f062dcfaa40405c50ad087d6013dc62c Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 16 Apr 2014 17:28:34 +0200
Subject: [PATCH] ipa_range_check: Fix typo when comparing strings using
strcasecmp
Part of:
On 04/17/2014 02:51 PM, Martin Basti wrote:
Hello,
I created draft to split forward and master zone.
http://www.freeipa.org/page/V4/Forward_zones#Questions
There is question: should it be implemented as new command set, or as
--type={master|forward} parameter only. For details see link
I would like to discuss more on the managed read permissions upgrades [1].
Right now, we simply merge an old permission with the new one, making sure that
we only add new attributes instead of just replacing them, to prevent a managed
permission to be spoiled by a lower FreeIPA server version
Misnyovszki Adam wrote:
Hi,
this patch modifies ipa-server-install to warn the user, if there is
a lack of entropy, also runs generate-rndc-key.sh before named restart,
to ensure, that it can start before systemd timeouts.
I think the exception should be logged in check_entropy() in case this
On 04/17/2014 04:10 PM, Rob Crittenden wrote:
Misnyovszki Adam wrote:
Hi,
this patch modifies ipa-server-install to warn the user, if there is
a lack of entropy, also runs generate-rndc-key.sh before named restart,
to ensure, that it can start before systemd timeouts.
I think the exception
On 04/16/2014 04:21 PM, Misnyovszki Adam wrote:
On Wed, 16 Apr 2014 07:59:39 +0200
Martin Kosek mko...@redhat.com wrote:
On 04/15/2014 05:36 PM, Misnyovszki Adam wrote:
On Tue, 15 Apr 2014 12:51:47 +0200
Petr Viktorin pvikt...@redhat.com wrote:
On 04/15/2014 12:41 PM, Misnyovszki Adam
On 04/15/2014 03:21 PM, Misnyovszki Adam wrote:
On Tue, 15 Apr 2014 09:54:22 +0200
Petr Vobornik pvobo...@redhat.com wrote:
OTP Token add failed because of invalid function call. qr_widget
doesn't contain `on_value_changed` method since it inherits from
`IPA.widget` and not from
On 04/17/2014 02:33 PM, Tomas Babej wrote:
ACK for 256 - 259.
On 04/01/2014 10:45 AM, Jan Cholasta wrote:
Hi,
while working with Martin Bašti on issues in his dns plugin patches we
ran into several limitations in the framework. The attached patches
remove these limitations.
Also, Tomáš Babej
On Thu, Apr 17, 2014 at 01:25:08PM +0300, Alexander Bokovoy wrote:
On Thu, 17 Apr 2014, Sumit Bose wrote:
On Wed, Apr 16, 2014 at 09:02:00PM -0400, Dmitri Pal wrote:
On 04/15/2014 05:13 AM, Sumit Bose wrote:
Hi,
#* Shall we allow different UIDs/GIDs in different views?
Yes.
I hope
On Thu, 17 Apr 2014, Sumit Bose wrote:
On Thu, Apr 17, 2014 at 01:25:08PM +0300, Alexander Bokovoy wrote:
On Thu, 17 Apr 2014, Sumit Bose wrote:
On Wed, Apr 16, 2014 at 09:02:00PM -0400, Dmitri Pal wrote:
On 04/15/2014 05:13 AM, Sumit Bose wrote:
Hi,
#* Shall we allow different UIDs/GIDs in
On Thu, 2014-04-17 at 17:20 +0200, Sumit Bose wrote:
On Thu, Apr 17, 2014 at 01:25:08PM +0300, Alexander Bokovoy wrote:
On Thu, 17 Apr 2014, Sumit Bose wrote:
On Wed, Apr 16, 2014 at 09:02:00PM -0400, Dmitri Pal wrote:
On 04/15/2014 05:13 AM, Sumit Bose wrote:
Hi,
#* Shall we
Hello,
While working on the trust permissions I found a typo in the
'ipanttrustauthoutgoing' attribute in default_attributes. Here is a fix.
--
Petr³
From ef98055a524dffbe98098def896f40592a3fdac4 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Thu, 17 Apr 2014 19:06:52
Hello,
This patch set attempts to move ldap_parse_master_zoneentry() a little bit
closer to sane code.
It is preparation for
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
--
Petr^2 Spacek
From bfa03960c700bedda454bb7cef5c89bbfce1bbba Mon Sep 17 00:00:00 2001
From: Petr Spacek
On Thu, 2014-04-17 at 15:48 +0200, Martin Kosek wrote:
I would like to discuss more on the managed read permissions upgrades [1].
Right now, we simply merge an old permission with the new one, making sure
that
we only add new attributes instead of just replacing them, to prevent a
managed
Simo Sorce wrote:
On Thu, 2014-04-17 at 15:48 +0200, Martin Kosek wrote:
I would like to discuss more on the managed read permissions upgrades [1].
Right now, we simply merge an old permission with the new one, making sure that
we only add new attributes instead of just replacing them, to
On 04/17/2014 07:11 PM, Petr Viktorin wrote:
Hello,
While working on the trust permissions I found a typo in the
'ipanttrustauthoutgoing' attribute in default_attributes. Here is a fix.
I think the right question to ask - do we want to have
ipanttrustauth{incoming,outgoing} in default
On Thu, 2014-04-17 at 15:00 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Thu, 2014-04-17 at 15:48 +0200, Martin Kosek wrote:
I would like to discuss more on the managed read permissions upgrades [1].
Right now, we simply merge an old permission with the new one, making sure
that
On Thu, 2014-04-17 at 20:30 +0200, Martin Kosek wrote:
On 04/17/2014 07:11 PM, Petr Viktorin wrote:
Hello,
While working on the trust permissions I found a typo in the
'ipanttrustauthoutgoing' attribute in default_attributes. Here is a fix.
I think the right question to ask - do we
On Thu, 17 Apr 2014, Simo Sorce wrote:
On Thu, 2014-04-17 at 20:30 +0200, Martin Kosek wrote:
On 04/17/2014 07:11 PM, Petr Viktorin wrote:
Hello,
While working on the trust permissions I found a typo in the
'ipanttrustauthoutgoing' attribute in default_attributes. Here is a fix.
I think
Simo Sorce wrote:
On Thu, 2014-04-17 at 15:00 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Thu, 2014-04-17 at 15:48 +0200, Martin Kosek wrote:
I would like to discuss more on the managed read permissions upgrades [1].
Right now, we simply merge an old permission with the new one, making
On Thu, 2014-04-17 at 18:25 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Thu, 2014-04-17 at 15:00 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Thu, 2014-04-17 at 15:48 +0200, Martin Kosek wrote:
I would like to discuss more on the managed read permissions upgrades
[1].
On 04/17/2014 05:15 AM, Sumit Bose wrote:
On Wed, Apr 16, 2014 at 09:02:00PM -0400, Dmitri Pal wrote:
On 04/15/2014 05:13 AM, Sumit Bose wrote:
Hi,
I have started to write a design page for 'Migrating existing
environments to Trust'
On Thu, 2014-04-17 at 23:58 -0400, Dmitri Pal wrote:
yes, this can already be controlled by the idrange type. But you
have to
choose either algorithmic or manual mapping you cannot have both in
a
given domain. What you can do is to create a domain in the AD forest
for
the old users and
40 matches
Mail list logo