Re: [Freeipa-devel] Krb service delegation rules in CLI

On Mon, 22 Sep 2014 17:45:55 +0200 Martin Basti wrote: > Hello, > > Related ticket: https://fedorahosted.org/freeipa/ticket/3644 > > > 1) API > > The ipaKrb5DelegationACL objectclass requires targets which are > stored in extra objectclass. > > A) we allow users to create groups of principal

Re: [Freeipa-devel] [PATCH 0065] Don't allow users to create tokens with a specified ID

On 09/22/2014 01:28 PM, Martin Kosek wrote: On 09/22/2014 06:58 PM, Simo Sorce wrote: On Mon, 22 Sep 2014 17:42:39 +0200 thierry bordaz wrote: RFC 4527 Thanks a lot Thierry, this is exactly the control I had in mind last week. If we could implement it then we could solve any issue where the

Re: [Freeipa-devel] Krb service delegation rules in CLI

On Mon, 22 Sep 2014, Martin Basti wrote: Hello, Related ticket: https://fedorahosted.org/freeipa/ticket/3644 1) API The ipaKrb5DelegationACL objectclass requires targets which are stored in extra objectclass. A) we allow users to create groups of principals and then associate them as targ

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

On Mon, 22 Sep 2014 21:21:04 +0200 Martin Kosek wrote: > On 09/22/2014 04:55 PM, Simo Sorce wrote: > > On Mon, 22 Sep 2014 10:02:01 -0400 > > Nathaniel McCallum wrote: > > > >> On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote: > >>> On Mon, 22 Sep 2014 10:34:54 +0200 > >>> Martin Kosek wrote

Re: [Freeipa-devel] [PATCH 0065] Don't allow users to create tokens with a specified ID

On 09/22/2014 06:58 PM, Simo Sorce wrote: On Mon, 22 Sep 2014 17:42:39 +0200 thierry bordaz wrote: RFC 4527 Thanks a lot Thierry, this is exactly the control I had in mind last week. If we could implement it then we could solve any issue where the RDN needs to be modified by the ADD operatio

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

On 09/22/2014 04:55 PM, Simo Sorce wrote: On Mon, 22 Sep 2014 10:02:01 -0400 Nathaniel McCallum wrote: On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote: On Mon, 22 Sep 2014 10:34:54 +0200 Martin Kosek wrote: On 09/22/2014 09:33 AM, thierry bordaz wrote: Hello Nathaniel, Just a rem

Re: [Freeipa-devel] [PATCH 0065] Don't allow users to create tokens with a specified ID

On Mon, 22 Sep 2014 12:58:58 -0400 Simo Sorce wrote: > On Mon, 22 Sep 2014 17:42:39 +0200 > thierry bordaz wrote: > > > RFC 4527 > > Thanks a lot Thierry, this is exactly the control I had in mind last > week. If we could implement it then we could solve any issue where the > RDN needs to be m

Re: [Freeipa-devel] [PATCH 0118] Allow to disable service (in LDAP)

On 19/09/14 14:47, Jan Cholasta wrote: Dne 19.9.2014 v 13:33 Martin Basti napsal(a): On 02/09/14 11:59, Martin Basti wrote: On 02/09/14 09:10, Jan Cholasta wrote: Hi, Dne 1.9.2014 v 16:57 Martin Basti napsal(a): This patch allows to disable service in LDAP to prevents service to be started

Re: [Freeipa-devel] [PATCH 0126 - 0127] DNS: remove --class option

On 22/09/14 13:17, Petr Vobornik wrote: On 19.9.2014 16:15, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/3414 Patch attached. Patch 126: 1. I think that just DeprecatedParam('dnsclass?'), should be enough. Sorry I forgot to reply, I was getting error without remov

Re: [Freeipa-devel] [PATCH 0126 - 0127] DNS: remove --class option

On 22/09/14 13:17, Petr Vobornik wrote: On 19.9.2014 16:15, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/3414 Patch attached. Patch 126: 1. I think that just DeprecatedParam('dnsclass?'), should be enough. Also 2. You forgot to update API.txt and VERSION Patch 12

Re: [Freeipa-devel] [PATCHES 0114-0115, 0120-0121, 0123-0125] DNS: allow to add root zone '.'

On 19/09/14 13:54, Martin Kosek wrote: I did not review, just found something that hit me in the eyes: On 09/19/2014 01:25 PM, Martin Basti wrote: +class OptionDeprecatedWarning(PublicMessage): +""" +**13004** Used when user uses a deprecated option +""" + +errno = 13004 +t

Re: [Freeipa-devel] [PATCH 0065] Don't allow users to create tokens with a specified ID

On Mon, 22 Sep 2014 17:42:39 +0200 thierry bordaz wrote: > RFC 4527 Thanks a lot Thierry, this is exactly the control I had in mind last week. If we could implement it then we could solve any issue where the RDN needs to be modified by the ADD operation. Simo. -- Simo Sorce * Red Hat, Inc * N

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

On Mon, 22 Sep 2014 17:36:01 +0200 Martin Basti wrote: > On 22/09/14 17:29, Simo Sorce wrote: > > On Mon, 22 Sep 2014 17:05:15 +0200 > > Martin Basti wrote: > > > >> On 22/09/14 08:53, Martin Kosek wrote: > >>> On 09/19/2014 06:33 PM, Simo Sorce wrote: > On Fri, 19 Sep 2014 17:50:16 +0200 >

Re: [Freeipa-devel] [PATCH] 0015-16 Allow multiple krbprincipalnames + test

On Mon, 22 Sep 2014 17:25:27 +0200 Martin Kosek wrote: > On 09/22/2014 04:16 PM, Simo Sorce wrote: > > On Mon, 22 Sep 2014 15:36:01 +0200 > > David Kupka wrote: > > > >> On 09/18/2014 09:42 PM, Martin Kosek wrote: > >>> On 09/18/2014 09:11 PM, Simo Sorce wrote: > On Thu, 18 Sep 2014 14:57:

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

On Mon, 22 Sep 2014 11:14:31 -0400 Nathaniel McCallum wrote: > On Mon, 2014-09-22 at 10:55 -0400, Simo Sorce wrote: > > On Mon, 22 Sep 2014 10:02:01 -0400 > > Nathaniel McCallum wrote: > > > > > On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote: > > > > On Mon, 22 Sep 2014 10:34:54 +0200 > >

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

On 09/22/2014 09:14 AM, Nathaniel McCallum wrote: On Mon, 2014-09-22 at 10:55 -0400, Simo Sorce wrote: On Mon, 22 Sep 2014 10:02:01 -0400 Nathaniel McCallum wrote: On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote: On Mon, 22 Sep 2014 10:34:54 +0200 Martin Kosek wrote: On 09/22/2014 09:

[Freeipa-devel] Krb service delegation rules in CLI

Hello, Related ticket: https://fedorahosted.org/freeipa/ticket/3644 1) API The ipaKrb5DelegationACL objectclass requires targets which are stored in extra objectclass. A) we allow users to create groups of principals and then associate them as targets -- user can use same group for multipl

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

On 22/09/14 17:37, Rob Crittenden wrote: Simo Sorce wrote: On Mon, 22 Sep 2014 17:05:15 +0200 Martin Basti wrote: On 22/09/14 08:53, Martin Kosek wrote: On 09/19/2014 06:33 PM, Simo Sorce wrote: On Fri, 19 Sep 2014 17:50:16 +0200 Martin Kosek wrote: On 09/19/2014 05:23 PM, Rob Crittenden

Re: [Freeipa-devel] [PATCH 0065] Don't allow users to create tokens with a specified ID

On 09/22/2014 05:37 PM, Martin Kosek wrote: On 09/20/2014 10:22 PM, Nathaniel McCallum wrote: On Wed, 2014-09-17 at 12:31 +0200, Martin Kosek wrote: On 09/17/2014 08:51 AM, Jan Cholasta wrote: Hi, Dne 16.9.2014 v 19:32 Nathaniel McCallum napsal(a): We perform this enforcement at the API leve

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

Simo Sorce wrote: > On Mon, 22 Sep 2014 17:05:15 +0200 > Martin Basti wrote: > >> On 22/09/14 08:53, Martin Kosek wrote: >>> On 09/19/2014 06:33 PM, Simo Sorce wrote: On Fri, 19 Sep 2014 17:50:16 +0200 Martin Kosek wrote: > On 09/19/2014 05:23 PM, Rob Crittenden wrote: >>

Re: [Freeipa-devel] [PATCH 0065] Don't allow users to create tokens with a specified ID

On 09/20/2014 10:22 PM, Nathaniel McCallum wrote: > On Wed, 2014-09-17 at 12:31 +0200, Martin Kosek wrote: >> On 09/17/2014 08:51 AM, Jan Cholasta wrote: >>> Hi, >>> >>> Dne 16.9.2014 v 19:32 Nathaniel McCallum napsal(a): We perform this enforcement at the API level since: * DS level enfo

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

On 22/09/14 17:29, Simo Sorce wrote: On Mon, 22 Sep 2014 17:05:15 +0200 Martin Basti wrote: On 22/09/14 08:53, Martin Kosek wrote: On 09/19/2014 06:33 PM, Simo Sorce wrote: On Fri, 19 Sep 2014 17:50:16 +0200 Martin Kosek wrote: On 09/19/2014 05:23 PM, Rob Crittenden wrote: Martin Basti w

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

On Mon, 22 Sep 2014 17:05:15 +0200 Martin Basti wrote: > On 22/09/14 08:53, Martin Kosek wrote: > > On 09/19/2014 06:33 PM, Simo Sorce wrote: > >> On Fri, 19 Sep 2014 17:50:16 +0200 > >> Martin Kosek wrote: > >> > >>> On 09/19/2014 05:23 PM, Rob Crittenden wrote: > Martin Basti wrote: > >>>

Re: [Freeipa-devel] [PATCH] 0015-16 Allow multiple krbprincipalnames + test

On 09/22/2014 04:16 PM, Simo Sorce wrote: > On Mon, 22 Sep 2014 15:36:01 +0200 > David Kupka wrote: > >> On 09/18/2014 09:42 PM, Martin Kosek wrote: >>> On 09/18/2014 09:11 PM, Simo Sorce wrote: On Thu, 18 Sep 2014 14:57:45 -0400 Rob Crittenden wrote: > Martin Kosek wrote: >>>

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

On Mon, 2014-09-22 at 10:55 -0400, Simo Sorce wrote: > On Mon, 22 Sep 2014 10:02:01 -0400 > Nathaniel McCallum wrote: > > > On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote: > > > On Mon, 22 Sep 2014 10:34:54 +0200 > > > Martin Kosek wrote: > > > > > > > On 09/22/2014 09:33 AM, thierry borda

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

On 22/09/14 08:53, Martin Kosek wrote: On 09/19/2014 06:33 PM, Simo Sorce wrote: On Fri, 19 Sep 2014 17:50:16 +0200 Martin Kosek wrote: On 09/19/2014 05:23 PM, Rob Crittenden wrote: Martin Basti wrote: Hello list, I need to use systemd mask/unmask in ipa service. But as Honza wrote: "IMO

Re: [Freeipa-devel] [PATCH] 0015-16 Allow multiple krbprincipalnames + test

On Mon, 22 Sep 2014, Simo Sorce wrote: On Mon, 22 Sep 2014 15:36:01 +0200 David Kupka wrote: On 09/18/2014 09:42 PM, Martin Kosek wrote: > On 09/18/2014 09:11 PM, Simo Sorce wrote: >> On Thu, 18 Sep 2014 14:57:45 -0400 >> Rob Crittenden wrote: >> >>> Martin Kosek wrote: On 09/18/2014 04:

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

On Mon, 22 Sep 2014 10:02:01 -0400 Nathaniel McCallum wrote: > On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote: > > On Mon, 22 Sep 2014 10:34:54 +0200 > > Martin Kosek wrote: > > > > > On 09/22/2014 09:33 AM, thierry bordaz wrote: > > > > Hello Nathaniel, > > > > > > > >Just a remark,

[Freeipa-devel] [PATCH] 756 webui: fix regression in association facet preop

Association facet specs use 'add_method' instead of 'add_command' origin: https://fedorahosted.org/freeipa/ticket/4507 -- Petr Vobornik From ba765690eb3189381fecf1f6e071419e3f4530d6 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Fri, 19 Sep 2014 18:27:35 +0200 Subject: [PATCH] webui: fix reg

[Freeipa-devel] [PATCH] 755 webui-ci: case-insensitive record check

[PATCH] webui-ci: case-insensitive record check Indirect association are no longer lower cased, which caused a issue in CI. -- Petr Vobornik From 78ec25f05eabfd61b89d497fa72e3f997dc3ef99 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Mon, 22 Sep 2014 12:01:47 +0200 Subject: [PATCH] webui-ci:

Re: [Freeipa-devel] [PATCH] 749-754 webui: new ID views section

On 19.9.2014 14:29, Petr Vobornik wrote: Hello, attached patches implements Web UI part of ID Views. Backend is currently on review as well - thread "[PATCHES 247-259] ID views - management part". https://fedorahosted.org/freeipa/ticket/4535 I expect that backed can change and that the UI migh

Re: [Freeipa-devel] [PATCH] 0015-16 Allow multiple krbprincipalnames + test

On Mon, 22 Sep 2014 15:36:01 +0200 David Kupka wrote: > On 09/18/2014 09:42 PM, Martin Kosek wrote: > > On 09/18/2014 09:11 PM, Simo Sorce wrote: > >> On Thu, 18 Sep 2014 14:57:45 -0400 > >> Rob Crittenden wrote: > >> > >>> Martin Kosek wrote: > On 09/18/2014 04:06 PM, David Kupka wrote: >

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

On Mon, 2014-09-22 at 09:50 -0400, Simo Sorce wrote: > On Mon, 22 Sep 2014 10:34:54 +0200 > Martin Kosek wrote: > > > On 09/22/2014 09:33 AM, thierry bordaz wrote: > > > Hello Nathaniel, > > > > > >Just a remark, in is_token if the entry is objectclass=ipaToken > > > it returns without freei

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

On Mon, 22 Sep 2014 10:34:54 +0200 Martin Kosek wrote: > On 09/22/2014 09:33 AM, thierry bordaz wrote: > > Hello Nathaniel, > > > >Just a remark, in is_token if the entry is objectclass=ipaToken > > it returns without freeing the 'objectclass' char array. > > > >thanks > >thierry >

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

Hello Nathaniel, I have a separated remark about updating the mods. modifications of the entry occurs in two phases: * call BE_PREOP plugins then apply the mods on the entry * call BE_TXN_PREOP plugin then apply *only* extra mods on the entry The plugin (BE_TXN_PREOP) transl

Re: [Freeipa-devel] [PATCH] 0015-16 Allow multiple krbprincipalnames + test

On 09/18/2014 09:42 PM, Martin Kosek wrote: On 09/18/2014 09:11 PM, Simo Sorce wrote: On Thu, 18 Sep 2014 14:57:45 -0400 Rob Crittenden wrote: Martin Kosek wrote: On 09/18/2014 04:06 PM, David Kupka wrote: On 09/18/2014 03:44 PM, Rob Crittenden wrote: David Kupka wrote: https://fedorahost

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

On Sun, 21 Sep 2014 22:33:47 -0400 Nathaniel McCallum wrote: Comments inline. > + > +#define ch_malloc(type) \ > +(type*) slapi_ch_malloc(sizeof(type)) > +#define ch_calloc(count, type) \ > +(type*) slapi_ch_calloc(count, sizeof(type)) > +#define ch_free(p) \ > +slapi_ch_free((void**

Re: [Freeipa-devel] [PATCH 0298-0302] Implement handling of inactive master zones

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2014 03:46 PM, Petr Spacek wrote: > Hello, > > This patch set fixes > https://fedorahosted.org/bind-dyndb-ldap/ticket/127 > https://bugzilla.redhat.com/show_bug.cgi?id=1138317 > > Please review it ASAP, it targets IPA 4.1/Fedora 21. > > Tom

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

On Mon, 2014-09-22 at 11:22 +0200, thierry bordaz wrote: > On 09/20/2014 09:39 PM, Nathaniel McCallum wrote: > > On Sat, 2014-09-20 at 00:25 +0200, thierry bordaz wrote: > >> Hello Nathaniel, > >> > >> sanitize_input translates MOD/REPLACE into MOD/DEL+MOD/ADD. It > >> looks good

Re: [Freeipa-devel] [PATCH 0298-0302] Implement handling of inactive master zones

On 09/22/2014 02:01 PM, Martin Basti wrote: On 19/09/14 15:46, Petr Spacek wrote: Hello, This patch set fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/127 https://bugzilla.redhat.com/show_bug.cgi?id=1138317 Please review it ASAP, it targets IPA 4.1/Fedora 21. Tomas and Martin, please c

[Freeipa-devel] [PATCHES] 319, 324-335 CA management and renewal fixes

Hi, the attached patches fix various bugs and shortcomings in the CA management and renewal code. Related tickets: , . (Patch 319 was originally posted at

Re: [Freeipa-devel] [PATCH] 0645 ipa-replica-prepare: Wait for the DNS entry to be resolvable

On 09/22/2014 01:48 PM, Petr Spacek wrote: On 22.9.2014 10:38, Martin Kosek wrote: On 09/22/2014 10:31 AM, Petr Spacek wrote: On 22.9.2014 10:14, Martin Kosek wrote: On 09/19/2014 07:29 PM, Petr Viktorin wrote: https://fedorahosted.org/freeipa/ticket/4551 See ticket & commit message for deta

Re: [Freeipa-devel] [PATCH] 0105 FIX: LDAP_updater

On 09/01/2014 04:31 PM, Martin Basti wrote: On 24/07/14 09:06, Martin Basti wrote: On 23/07/14 15:17, Martin Basti wrote: This patch fixes ordering problem of schema updates Martin should it be in IPA 4.0.x ? It requires rebased ldap_python (will be in Fedora 21) Patch attached I found a b

Re: [Freeipa-devel] [PATCH 0298-0302] Implement handling of inactive master zones

On 19/09/14 15:46, Petr Spacek wrote: Hello, This patch set fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/127 https://bugzilla.redhat.com/show_bug.cgi?id=1138317 Please review it ASAP, it targets IPA 4.1/Fedora 21. Tomas and Martin, please communicate who is going to review what :-) T

Re: [Freeipa-devel] [PATCH 0297] Add log message about initial LDAP synchronization

On 22.9.2014 11:52, Tomas Hozza wrote: On 09/17/2014 01:33 PM, Petr Spacek wrote: >Hello, > >Add log message about initial LDAP synchronization. > ACK. Thanks! Pushed to master: ce1b8f400d236d0da5b76c90ddc93adbf6980691 v4: f03ff4d877240f13db419fde28e51d216277b87c -- Petr^2 Spacek _

Re: [Freeipa-devel] [PATCH] 0645 ipa-replica-prepare: Wait for the DNS entry to be resolvable

On 22.9.2014 10:38, Martin Kosek wrote: On 09/22/2014 10:31 AM, Petr Spacek wrote: On 22.9.2014 10:14, Martin Kosek wrote: On 09/19/2014 07:29 PM, Petr Viktorin wrote: https://fedorahosted.org/freeipa/ticket/4551 See ticket & commit message for details. Shouldn't we add a 1 sec sleep betwee

Re: [Freeipa-devel] [PATCH 0126 - 0127] DNS: remove --class option

On 19.9.2014 16:15, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/3414 Patch attached. Patch 126: 1. I think that just DeprecatedParam('dnsclass?'), should be enough. Also 2. You forgot to update API.txt and VERSION Patch 127: ACK -- Petr Vobornik __

Re: [Freeipa-devel] [PATCH 0122] Add dogtag 10.2 to specfile

On 09/12/2014 04:46 PM, Martin Basti wrote: On 12/09/14 16:38, Martin Kosek wrote: On 09/12/2014 04:14 PM, Martin Basti wrote: On 12/09/14 16:02, Martin Basti wrote: I always forgot to install dogtag 10.2, so here is updated specfile. COPR: http://copr.fedoraproject.org/coprs/vakwetu/dogtag/

Re: [Freeipa-devel] [PATCH 0297] Add log message about initial LDAP synchronization

On 09/17/2014 01:33 PM, Petr Spacek wrote: > Hello, > > Add log message about initial LDAP synchronization. > ACK. Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com __

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

On 09/20/2014 09:39 PM, Nathaniel McCallum wrote: On Sat, 2014-09-20 at 00:25 +0200, thierry bordaz wrote: Hello Nathaniel, sanitize_input translates MOD/REPLACE into MOD/DEL+MOD/ADD. It looks good but difficult to think to all possible cases. I think to the following

Re: [Freeipa-devel] [PATCH] 0645 ipa-replica-prepare: Wait for the DNS entry to be resolvable

On 09/22/2014 10:31 AM, Petr Spacek wrote: > On 22.9.2014 10:14, Martin Kosek wrote: >> On 09/19/2014 07:29 PM, Petr Viktorin wrote: >>> https://fedorahosted.org/freeipa/ticket/4551 >>> >>> See ticket & commit message for details. >> >> Shouldn't we add a 1 sec sleep between tries? Wouldn't current

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

On 09/22/2014 09:33 AM, thierry bordaz wrote: > Hello Nathaniel, > >Just a remark, in is_token if the entry is objectclass=ipaToken it >returns without freeing the 'objectclass' char array. > >thanks >thierry > > On 09/21/2014 09:07 PM, Nathaniel McCallum wrote: >> Users that can

Re: [Freeipa-devel] [PATCH] 0645 ipa-replica-prepare: Wait for the DNS entry to be resolvable

On 22.9.2014 10:14, Martin Kosek wrote: On 09/19/2014 07:29 PM, Petr Viktorin wrote: https://fedorahosted.org/freeipa/ticket/4551 See ticket & commit message for details. Shouldn't we add a 1 sec sleep between tries? Wouldn't current version just hammer DNS server with as many DNS queries as

Re: [Freeipa-devel] [PATCH] 0645 ipa-replica-prepare: Wait for the DNS entry to be resolvable

On 09/19/2014 07:29 PM, Petr Viktorin wrote: > https://fedorahosted.org/freeipa/ticket/4551 > > See ticket & commit message for details. Shouldn't we add a 1 sec sleep between tries? Wouldn't current version just hammer DNS server with as many DNS queries as it can send? Martin

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

Dne 19.9.2014 v 17:23 Rob Crittenden napsal(a): Martin Basti wrote: Hello list, I need to use systemd mask/unmask in ipa service. But as Honza wrote: "IMO masking/unmasking should be part of disabling/enabling a service in systemd. AFAIK in most other init systems when you disable a service, i

Re: [Freeipa-devel] [PATCH 0069] Adds 389DS plugin to enforce UUID token IDs

Hello Nathaniel, Just a remark, in is_token if the entry is objectclass=ipaToken it returns without freeing the 'objectclass' char array. thanks thierry On 09/21/2014 09:07 PM, Nathaniel McCallum wrote: Users that can rename the token (such as admins) can also create non-UUID token

Re: [Freeipa-devel] [PATCH 0065] Don't allow users to create tokens with a specified ID

On 09/20/2014 10:22 PM, Nathaniel McCallum wrote: > On Wed, 2014-09-17 at 12:31 +0200, Martin Kosek wrote: >> On 09/17/2014 08:51 AM, Jan Cholasta wrote: >>> Hi, >>> >>> Dne 16.9.2014 v 19:32 Nathaniel McCallum napsal(a): We perform this enforcement at the API level since: * DS level enfo