If not set, it causes the script to fail with traceback on some machines (for
example when resolve_host() couple lines below threw an exception).
Jan
From b312e4210866a11266d12b56e2be4ca08dc94379 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Wed, 22 Feb 2012 16:01:37 +0100
Subject: [PATCH] Ini
Hello everyone,
this is a follow-up on the email on OpenSSH integration - known_host. It
describes another scenario we want to address in the process of integrating
OpenSSH to SSSD-IPA infrastructure - user public keys and their central
management. As in the previous email, we would also like to
Hello everyone,
there is a new effort in IPA and SSSD teams and that is SSH key integration in
both parts of SSSD-IPA infrastructure. We've put together some basic plans and
now we would like to know your opinion.
Note that this is just shortened version to make it easier to read. It doesn't
co
> Jan Zeleny notes that users who are members of groups which are
> themselves members of groups don't show up in the compat entries of the
> the containing groups.
>
> Nalin
Ack
Jan
signature.asc
Description: This is a digitally signed message part.
___
Jan Zelený wrote:
> Jan Zeleny wrote:
> > Jan Zelený wrote:
> > > Jan Zelený wrote:
> > > > Rob Crittenden wrote:
> > > > > Jan Zelený wrote:
> > > > > > Rob Crittenden wrote:
> > > > > >> Jan Zel
Jan Zeleny wrote:
> Jan Zelený wrote:
> > Jan Zelený wrote:
> > > Rob Crittenden wrote:
> > > > Jan Zelený wrote:
> > > > > Rob Crittenden wrote:
> > > > >> Jan Zelený wrote:
> > > > >>> Load
Jan Zelený wrote:
> Rob Crittenden wrote:
> > Jan Zelený wrote:
> > > Rob Crittenden wrote:
> > >> Jan Zelený wrote:
> > >>> Loading of the schema is now performed in the first request that
> > >>> requires it.
> > >>>
Rob Crittenden wrote:
> Jan Zelený wrote:
> > Rob Crittenden wrote:
> >> Jan Zelený wrote:
> >>> Loading of the schema is now performed in the first request that
> >>> requires it.
> >>>
> >>> https://fedorahosted.org/freeipa/ti
Rob Crittenden wrote:
> Jan Zelený wrote:
> > Loading of the schema is now performed in the first request that requires
> > it.
> >
> > https://fedorahosted.org/freeipa/ticket/583
> >
> > Jan
>
> We still need to enforce that we get the schema, some
Rob Crittenden wrote:
> Jakub Hrozek wrote:
> > On Mon, Feb 21, 2011 at 10:11:38AM -0500, Rob Crittenden wrote:
> >> Rob Crittenden wrote:
> >>> Jakub Hrozek wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 02/17/2011 04:35 AM, Rob Crittenden wrote:
> > Add
Jakub Hrozek wrote:
> On Tue, Feb 22, 2011 at 11:21:41AM +0100, Jakub Hrozek wrote:
> > Note the %else.
>
> Sorry, %endif. That separates BRs for !ONLY_CLIENT from those that are
> needed in both cases.
Yes I noticed that and I understand that part. I meant the part after the
%endif - there is
Rob Crittenden wrote:
> Jan Zelený wrote:
> > https://fedorahosted.org/freeipa/ticket/563
> > https://fedorahosted.org/freeipa/ticket/588
> >
> > Jan
>
> This is a good start, I think we need to include some guidance on why
> this exists and why it exists whe
https://fedorahosted.org/freeipa/ticket/735
Jan
From 52fa78ffe70d581125f54ca9138e8afba06aacc8 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Thu, 17 Feb 2011 07:25:57 -0500
Subject: [PATCH] Fixed user-add help
https://fedorahosted.org/freeipa/ticket/735
---
ipalib/plugins/user.py |2 +-
1
JR Aquino wrote:
> This patch fixes the netgroup plugin's behavior of adding duplicate entries
> when the managed entry plugin creates a netgroup with a mepManagedEntry
> This problem is documented in ticket:
> https://fedorahosted.org/freeipa/ticket/963
>
> As noted by Endi for issue #3 in the H
Jakub Hrozek wrote:
> On Thu, Feb 17, 2011 at 11:06:35AM +0100, Jan Zelený wrote:
> > Jan Zelený wrote:
> > > Jakub Hrozek wrote:
> > > > While reviewing Rob's latest patch I found out that we didn't convert
> > > > to unicode on couple of pla
Jan Zelený wrote:
> Jakub Hrozek wrote:
> > While reviewing Rob's latest patch I found out that we didn't convert to
> > unicode on couple of places in the host plugin.
>
> ack
On a second thoughts - maybe the _get_unicode_reverse_zone isn't necessary at
al
JR Aquino wrote:
> This patch addresses the need to utilize TLS when using the
> ipa-client-install tool. It addresses ticket:
> https://fedorahosted.org/freeipa/ticket/974
Nack, running ipa-client-install returned this error:
# ipa-client-install
Retrieving CA from None failed.
Command '/usr/bi
Jakub Hrozek wrote:
> While reviewing Rob's latest patch I found out that we didn't convert to
> unicode on couple of places in the host plugin.
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/fr
https://fedorahosted.org/freeipa/ticket/563
https://fedorahosted.org/freeipa/ticket/588
Jan
From 5d23b3fad0dd8bc9633e5a69d069d9346f52 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Thu, 17 Feb 2011 03:55:14 -0500
Subject: [PATCH] Document the --rights output format
https://fedorahosted.org/
Rob Crittenden wrote:
> Jan Zelený wrote:
> > https://fedorahosted.org/freeipa/ticket/831
> >
> > Jan
>
> I think I'd like David's take on this, but my initial reaction is I'd
> prefer the word maximum to maximal.
>
> rob
The second patch is
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
https://fedorahosted.org/freeipa/ticket/839
Jan
From 4d2b3200920c90884ddf5a2d5ae784bbe35b41d1 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Wed, 16 Feb 2011 04:47:36 -0500
Subject: [PATCH] Validate that the reverse DN
Martin Kosek wrote:
> On Wed, 2011-02-16 at 09:13 +0100, Jan Zelený wrote:
> > The first part of the ticket has already been solved, hence it is not a
> > part of this patch.
> >
> > https://fedorahosted.org/freeipa/ticket/351
> >
> > Jan
>
> NACK
Jakub Hrozek wrote:
> https://fedorahosted.org/freeipa/ticket/967
>
> I'm wondering whether to extend the patch - if the mail server name does
> not end with a dot, BIND treats it as relative to the zone.
>
> So if you do:
> ipa dnsrecord-add example.com @ --mx-rec="10 mail.example.com"
>
> dig
https://fedorahosted.org/freeipa/ticket/831
Jan
From 4fc3a69901c893f7e3403378ddf2d3bfa435132f Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Wed, 16 Feb 2011 03:20:00 -0500
Subject: [PATCH] Fixed in ipa-server-install help and man page
https://fedorahosted.org/freeipa/ticket/831
---
install/to
The first part of the ticket has already been solved, hence it is not a part of
this patch.
https://fedorahosted.org/freeipa/ticket/351
Jan
From 0d649884896d67759187a605526fefc31b4ad81c Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Wed, 16 Feb 2011 03:10:14 -0500
Subject: [PATCH] Reword help
Jan Zeleny wrote:
> Rob Crittenden wrote:
> > Jan Zelený wrote:
> > > https://fedorahosted.org/freeipa/ticket/930
> > >
> > > I put there a value Dmitri suggested. Feel free to change it before
> > > pushing if you think there should be the
"David O'Brien" wrote:
> Jan Zelený wrote:
> > https://fedorahosted.org/freeipa/ticket/784
> > https://fedorahosted.org/freeipa/ticket/786
> > https://fedorahosted.org/freeipa/ticket/787
> >
> > Jan
>
> nack
>
> A few typos and style
https://fedorahosted.org/freeipa/ticket/784
https://fedorahosted.org/freeipa/ticket/786
https://fedorahosted.org/freeipa/ticket/787
Jan
From d9fed7217b7cb599089f5d3e1d16820c080b2cd6 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Tue, 15 Feb 2011 08:22:13 -0500
Subject: [PATCH] Fixes in ipa-join
Loading of the schema is now performed in the first request that requires it.
https://fedorahosted.org/freeipa/ticket/583
Jan
From 0b1368442254cb738a95e766539fa030fe2504c8 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Tue, 15 Feb 2011 09:37:58 +0100
Subject: [PATCH] Don't load the LDAP schema
https://fedorahosted.org/freeipa/ticket/782
Jan
From 14581a1507d846d9147799809aad2d8075eb1cb8 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Tue, 15 Feb 2011 05:56:10 -0500
Subject: [PATCH] Fix a typo in ipa-client-install man page
https://fedorahosted.org/freeipa/ticket/782
---
ipa-client/man
https://fedorahosted.org/freeipa/ticket/915
Jan
From d624fa6db9c652565ce2555abc0f5e915e7fac97 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Tue, 15 Feb 2011 05:03:41 -0500
Subject: [PATCH] Add group members to default output of sudorule-show
https://fedorahosted.org/freeipa/ticket/915
---
ipa
Martin Kosek wrote:
> On Mon, 2011-02-14 at 14:37 +0100, Jan Zelený wrote:
> > Rob Crittenden wrote:
> > > Add permission and privilege for updating the IPA configuration in
> > > cn=ipaconfig.
> > >
> > > ticket 950
> > >
> > &
Rob Crittenden wrote:
> Ignore case when removing members from a group.
>
> ticket 944
>
> rob
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rob Crittenden wrote:
> Add permission and privilege for updating the IPA configuration in
> cn=ipaconfig.
>
> ticket 950
>
> rob
I'm not quite sure how does the patch work. In particular, I wonder about
these two blocks:
+dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
+default:
Rob Crittenden wrote:
> Move a bunch of utilities that really only make sense to be run on the
> server from the admintools package to the server package.
>
> ticket 947
>
> rob
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https:/
Jakub Hrozek wrote:
> https://fedorahosted.org/freeipa/ticket/923
Patch looks good. I'm running some test. Unless they fail, ACK
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jan Zelený wrote:
> Rob Crittenden wrote:
> > Yi found a tricky way to remove required attributes that aren't required
> > in the schema. The problem was we weren't enforcing parameter.required
> > in mods (because it was enforcing that every variable with requir
Rob Crittenden wrote:
> Yi found a tricky way to remove required attributes that aren't required
> in the schema. The problem was we weren't enforcing parameter.required
> in mods (because it was enforcing that every variable with required be
> provided).
>
> I added a new check routine that is e
Hi,
I'd like to propose this cleanup patch. I just noticed that the code in these
two files is most likely not used any more (at least I didn't find a place
where
it is used).
What do you think? Is it safe to throw it out? Or are there some places which
are still using it? I'd be more than ha
Rob Crittenden wrote:
> Handle bad DM password in ipa-host-net-manage & ipa-copmat-manage.
>
> This was resulting in a traceback because while conn was not None it
> wasn't connected either.
>
> ticket 920
>
> rob
ack
jan
___
Freeipa-devel mailing
https://fedorahosted.org/freeipa/ticket/930
I put there a value Dmitri suggested. Feel free to change it before pushing if
you think there should be the originally suggested 10 login attempts.
--
Thank you
Jan Zeleny
Red Hat Software Engineer
Brno, Czech Republic
From bc08a4bc646ca7947fad4b917
Pavel Zuna wrote:
> On 02/08/2011 01:06 PM, Pavel Zuna wrote:
> > The patch also corrects exception handling in some of the tools.
> >
> > Fix #874
> >
> > Pavel
>
> Updated patch attached. Forgot to rename an identifier in exception
> handling.
>
> Pavel
ack
Jan
___
Pavel Zuna wrote:
> This is a follow-up to my patches 69 and 71 (70 is garbage).
>
> It prevents a crash when user misconfigures his locale settings.
>
> Pavel
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/ma
Pavel Zuna wrote:
> Fix #830
>
> Pavel
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rob Crittenden wrote:
> Remove certificate as service a search option. There is no point on
> searching on binary objects.
>
> ticket 912
>
> rob
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
Rob Crittenden wrote:
> The main aci that grants user's the ability to manage themselves wasn't
> visible to the selfservice plugin. Move the location of the aci and fix
> the description.
>
> ticket 934
>
> rob
ack
Jan
___
Freeipa-devel mailing lis
Pavel Zuna wrote:
> Fix #927
>
> Pavel
Ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Martin Kosek wrote:
> On Mon, 2011-02-07 at 10:38 +0100, Jan Zelený wrote:
> > Martin Kosek wrote:
> > > This patch adds a proper summary text to HBAC command which is
> > > then printed out in CLI. Now, HBAC plugin output is consistent
> > > wi
Jakub Hrozek wrote:
> On Thu, Feb 03, 2011 at 02:23:11PM +0100, Jan Zelený wrote:
> > Jakub Hrozek wrote:
> > > Hi,
> > >
> > > attached is a patch to nsslib.py that changes its semantics so
> > > it is able to work with different address familie
Rob Crittenden wrote:
> The entitlement plugin was being skipped completely if the python-rhsm
> package wasn't installed. We want to let it limp through if the package
> isn't installed but we're doing API validation.
>
> ticket 919
>
> rob
Patch looks and applies ok, installation and subseque
Jakub Hrozek wrote:
> On Fri, Feb 04, 2011 at 06:40:54PM +0100, Jan Zeleny wrote:
> > Recent changes in permission prefixes influenced also delegations. The
> > plugin has been updated accordingly, but this one line has been
> > forgotten.
> >
> > Jan
>
> I think it is not needed, the only comma
Jakub Hrozek wrote:
> On Wed, Feb 02, 2011 at 08:54:47AM +0100, Jan Zelený wrote:
> > At Rob's suggestion I changed the argument type in class help, this is
> > only oneliner, I think it can be pushed directly.
> >
> > Jan
> >
> > -takes_arg
Martin Kosek wrote:
> This patch adds a proper summary text to HBAC command which is
> then printed out in CLI. Now, HBAC plugin output is consistent
> with other plugins.
>
> https://fedorahosted.org/freeipa/ticket/596
I believe API.txt should be updated (you change hbacrule_enable and
hbacrul
Martin Kosek wrote:
> When v2 IPA client is trying to join an IPA v1 server
> a strange exception is printed out to the user. This patch
> detects this by catching an XML-RPC error reported by ipa-join
> binary called in the process which fails on unexisting IPA server
> 'join' method.
>
> wget c
Jakub Hrozek wrote:
> Hi,
>
> attached is a patch to nsslib.py that changes its semantics so
> it is able to work with different address families. It is the last piece
> of IPv6 support.
>
> Aside from the hunks in the patch, I still need to set Requires: in the
> patch (don't know the exact ver
Rob Crittenden wrote:
> Update min version of 389-ds-base, mod_nss and selinux-policy.
>
> As of this writing the selinux-policy update hasn't actually gone out to
> updates-testing so I'm going to hold onto this even if I get an ack.
>
> The selinux-policy update is needed to fix slapi-nis work
Martin Kosek wrote:
> A cosmetic patch to IPA server installation output aimed to make
> capitalization in installer output consistent. Several installation
> tasks started with a lowercase letter and several installation
> task steps started with an uppercase letter.
>
> https://fedorahosted.org
Martin Kosek wrote:
> When attempting to detach a private group that doesn't exist, the
> error message returned is not consistent with the error returned by
> the other topic commands. This patch adds a standard message.
>
> https://fedorahosted.org/freeipa/ticket/291
ack
Jan
Pavel Zuna wrote:
> Fix #798
>
> Pavel
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Pavel Zuna wrote:
> Fix #854
>
> Pavel
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
At Rob's suggestion I changed the argument type in class help, this is only
oneliner, I think it can be pushed directly.
Jan
From f7ca20a79bf06832c20262582f5ca83ec48ff056 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Wed, 2 Feb 2011 02:49:57 -0500
Subject: [PATCH] Fixed type of argument in cla
Ok, I'm sending updated patch in attachment
> > Should I change it in class help then? That's where I copied this from.
>
> I think so.
Ok, I'll send another patch, so me don't mix it together with this patch. I'll
do a review of the code in cli.py, maybe the same issue is elsewhere as well.
>
Rob Crittenden wrote:
> Jan Zelený wrote:
> > Jan Zelený wrote:
> >> Rob Crittenden wrote:
> >>> Jan Zelený wrote:
> >>>> Rob Crittenden wrote:
> >>>>> Jan Zelený wrote:
> >>>>>> Recent change of DNS module t
This patch adds python config file ipaconfig.py, which can contain
various configuration directives for ipalib and other python code. These
directives can be detected at build time.
The first config directive in use is enable_pkinit, which can be set by
running (in 'install' subdirectory)
./config
Rob Crittenden wrote:
> Jan Zelený wrote:
> > Since some LDAP attributes have their cli_name value defined,
> > so they can be more user friendly, it can be difficult for user to find
> > out which attributes do the parameteres given to CLI really represent.
> > This
Rob Crittenden wrote:
> Jan Zelený wrote:
> > Martin Kosek wrote:
> >> On Fri, 2011-01-28 at 09:21 +0100, Martin Kosek wrote:
> >>> On Thu, 2011-01-27 at 15:41 +0100, Jan Zelený wrote:
> >>>> Rob Crittenden wrote:
> >>>>> Jan Zele
Martin Kosek wrote:
> On Fri, 2011-01-28 at 09:21 +0100, Martin Kosek wrote:
> > On Thu, 2011-01-27 at 15:41 +0100, Jan Zelený wrote:
> > > Rob Crittenden wrote:
> > > > Jan Zelený wrote:
> > > > > Martin Kosek wrote:
> > > &g
Rob Crittenden wrote:
> Jan Zelený wrote:
> > Jan Zeleny wrote:
> >> This patch adds command ipa user-unlock and some LDAP modifications
> >> which are required by Kerberos for unlocking to work.
> >>
> >> Ticket:
> >> https://fedorahosted
Dmitri Pal wrote:
> On 01/27/2011 05:27 AM, Jan Zelený wrote:
> > Simo Sorce wrote:
> >> First part of ticket #855
> >>
> >> Add the requires we will need on F15, tested against jdennis ipa-devel
> >> repo, works as expected.
> >>
> >
Rob Crittenden wrote:
> Jan Zelený wrote:
> > Martin Kosek wrote:
> >> On Thu, 2011-01-27 at 11:15 +0100, Jan Zelený wrote:
> >>> Lookup based on --filter wasn't implemented at all. It did't show until
> >>> now, because of bug sitting on t
Martin Kosek wrote:
> On Thu, 2011-01-27 at 11:15 +0100, Jan Zelený wrote:
> > Lookup based on --filter wasn't implemented at all. It did't show until
> > now, because of bug sitting on top of it which was resulting in internal
> > error. This patch fixes
Jan Zelený wrote:
> Jan Zelený wrote:
> > Rob Crittenden wrote:
> > > Jan Zelený wrote:
> > > > Rob Crittenden wrote:
> > > >> Jan Zelený wrote:
> > > >>> Recent change of DNS module to version caused that dns object type
> >
Simo Sorce wrote:
> When using ipa-replica-manage re-initialize with GSSAPI credentials it
> turns out that the DN password may be set to None and this can end up in
> the nolog list.
>
> Add a check to skip any non-string object in the log substitution list,
> so that the code doesn't freak out
Simo Sorce wrote:
> First part of ticket #855
>
> Add the requires we will need on F15, tested against jdennis ipa-devel
> repo, works as expected.
>
> Simo.
The patch is obviously ok, so ack from this point of view. But I would just
like to know if it is necessary. I just inspected F15 pki-ca
Lookup based on --filter wasn't implemented at all. It did't show until
now, because of bug sitting on top of it which was resulting in internal
error. This patch fixes the bug and adds the filtering functionality.
https://fedorahosted.org/freeipa/ticket/818
--
Thank you
Jan Zeleny
Red Hat Soft
Rob Crittenden wrote:
> Jakub Hrozek wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On 01/26/2011 03:38 PM, Jakub Hrozek wrote:
> >> https://fedorahosted.org/freeipa/ticket/846
> >
> > This version contains a better example (consistent zone name).
>
> This requires a chang
Jakub Hrozek wrote:
> On 01/26/2011 03:38 PM, Jakub Hrozek wrote:
> > https://fedorahosted.org/freeipa/ticket/846
>
> This version contains a better example (consistent zone name).
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
Since some LDAP attributes have their cli_name value defined,
so they can be more user friendly, it can be difficult for user to find
out which attributes do the parameteres given to CLI really represent.
This patch provides new command, which will take another IPA command as
and argument and displ
Jan Zeleny wrote:
> This patch adds command ipa user-unlock and some LDAP modifications
> which are required by Kerberos for unlocking to work.
>
> Ticket:
> https://fedorahosted.org/freeipa/ticket/344
>
> Jan
Just a reminder that this patch needs a review.
Thanks
Jan
Pavel Zuna wrote:
> ldap2.get_allowed_attributes(['posixuser'])
>
> returns a list of unicode all lower case attribute names allowed for the
> object class 'posixuser'
>
> You can enter as many object classes as you want.
>
> Pavel
ack
Jan
___
Free
Pavel Zuna wrote:
> Depends on my previous patch number 64 (posted on the list 2 minutes ago).
>
> Ticket #845
>
> Pavel
ack
Jan
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rob Crittenden wrote:
> Jan Zelený wrote:
> > So far the only way to enforce asking for parameter in interactive mode
> > was the alwaysask attribute, which is not sufficient any more. This
> > patch adds the ability to control during which actions the atrribute
&
So far the only way to enforce asking for parameter in interactive mode was
the alwaysask attribute, which is not sufficient any more. This patch adds the
ability to control during which actions the atrribute shall be asked for.
Jan
From 96a8b94e877f6f6bc2d5cbd274d46aa66df85b88 Mon Sep 17 00:00:
Rob Crittenden wrote:
> When prompting for arguments in the cli there is no way to tell what is
> optional and what is required. This sticks brackets around optional
> arguments.
>
> Ticket 832
>
> rob
Ack
Jan
___
Freeipa-devel mailing list
Freeipa-
Jan Zelený wrote:
> Rob Crittenden wrote:
> > Jan Zelený wrote:
> > > Rob Crittenden wrote:
> > >> Jan Zelený wrote:
> > >>> Recent change of DNS module to version caused that dns object type
> > >>> was replaced by dnszone and dns
Rob Crittenden wrote:
> Jan Zelený wrote:
> > Rob Crittenden wrote:
> >> Jan Zelený wrote:
> >>> Recent change of DNS module to version caused that dns object type
> >>> was replaced by dnszone and dnsrecord. This patch corrects dns types
>
So far it was possible to rename any object using LDAPUpdate to a name
with empty primary key. Since this can cause nasty problems, this patch
disables empty string in --rename argument.
https://fedorahosted.org/freeipa/ticket/827
Jan
From 5d2eb85af1df7c20049e7fdc05e6a529a2b2839b Mon Sep 17 00:00
Rob Crittenden wrote:
> Jan Zeleny wrote:
> > Either one of type, filter, subtree, targetgroup, attrs or memberof is
> > required.
> >
> > https://fedorahosted.org/freeipa/ticket/819
> >
> > Jan
>
> Do you think the prompt should be annotated somehow to indicate that the
> optional attributes a
Hi,
I've been thinking about the concept of mapping CLI attributes to LDAP
attributes (ticket #447) and I'd like to get a second opinion.
The most simple solution would be to add this functionality to existing help.
For the sake of lucidity, it should be hidden by default. To achieve this a
new
Rob Crittenden wrote:
> Rob Crittenden wrote:
> > Jan Zeleny wrote:
> >> Rob Crittenden wrote:
> >>> Update kerberos password policy values on LDAP binds. This is so
> >>> locked-out accounts in kerberos don't try things using LDAP instead.
> >>>
> >>> On a failed bind this will update krbLoginFa
90 matches
Mail list logo
