Re: [Freeipa-devel] More types of replicas in FreeIPA

Dne 13.2.2013 14:36, Simo Sorce napsal(a): On Tue, 2013-02-12 at 19:30 -0500, Dmitri Pal wrote: It looks like thinks are starting to boil down to building a Kerberos proxy. Is this something that fits within your thesis agenda Ondra? I guess that's for Ondrej to say, if it is too much we can

[Freeipa-devel] More types of replicas in FreeIPA

Hello, I'm starting to work on my thesis about 'More types of replicas in FreeIPA' again. One of the main problems is the way how should the read-only replicas deal with KDC because they're not supposed to posses the Kerberos (krb) master key. The task was to investigate how is this solved in

Re: [Freeipa-devel] [PATCH] 26 Fix '--random' param behaviour for host plugin

On 06/25/2012 04:59 PM, Petr Viktorin wrote: On 06/20/2012 05:43 PM, Ondrej Hamada wrote: On 06/15/2012 07:36 AM, Martin Kosek wrote: On Thu, 2012-06-14 at 16:35 -0400, Rob Crittenden wrote: Ondrej Hamada wrote: Improved options checking so that host-mod operation is not changing password

Re: [Freeipa-devel] [PATCH] 26 Fix '--random' param behaviour for host plugin

On 06/15/2012 07:36 AM, Martin Kosek wrote: On Thu, 2012-06-14 at 16:35 -0400, Rob Crittenden wrote: Ondrej Hamada wrote: Improved options checking so that host-mod operation is not changing password for enrolled host when '--random' option is used. https://fedorahosted.org/freeipa/ticket

[Freeipa-devel] [PATCH] 26 Fix '--random' param behaviour for host plugin

from the set: '`\$ https://fedorahosted.org/freeipa/ticket/2800 https://fedorahosted.org/freeipa/ticket/2800 -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From a6e41564225b9b9efe7fd2ae3e21ae90288680b2 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com

Re: [Freeipa-devel] [PATCH] 269 permission-find missed some results with --pkey-only option

On 05/31/2012 12:42 PM, Martin Kosek wrote: On Wed, 2012-05-30 at 14:43 +0200, Ondrej Hamada wrote: On 05/30/2012 07:45 AM, Martin Kosek wrote: When permission-find post callback detected a --pkey-only option, it just terminated. However, this way the results that could have been added from

[Freeipa-devel] [PATCH] 25 ipa-server-install: s/calculated/determined/

https://fedorahosted.org/freeipa/ticket/2704 Output message of the 'read_domain_name' function in ipa-server-install was reworded. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 4a7eda9b2a97b10ee0767696406fda09c1a9de86 Mon Sep 17 00:00:00 2001 From: Ondrej

Re: [Freeipa-devel] [PATCH] 0044 Validate externalhost (when added by --addattr/--setattr)

On 05/10/2012 01:40 PM, Petr Viktorin wrote: On 05/10/2012 12:05 PM, Ondrej Hamada wrote: On 05/09/2012 04:49 PM, Petr Viktorin wrote: On 05/04/2012 01:25 PM, Ondrej Hamada wrote: On 04/30/2012 02:13 PM, Petr Viktorin wrote: Change the externalhost attribute of hbacrule, netgroup

Re: [Freeipa-devel] [PATCH] 257 Fix python Requires in Fedora 17 build

/mailman/listinfo/freeipa-devel works as proposed, ACK -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 23 Allow one letter net/hostgroups names

On 05/03/2012 05:44 PM, Martin Kosek wrote: On Thu, 2012-05-03 at 17:08 +0200, Ondrej Hamada wrote: On 05/02/2012 05:49 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2671 Changed regex validating net/hostgroup names to allow single letter names. Unit-tests added

Re: [Freeipa-devel] [PATCH] 0044 Validate externalhost (when added by --addattr/--setattr)

/python2.7/site-packages/nose/case.py, line 197, in runTest self.test(*self.arg) File /home/ohamada/2649/tests/test_xmlrpc/test_sudorule_plugin.py, line 500, in test_a_sudorule_mod_externalhost_invalid_addattr character) AssertionError -- Regards, Ondrej Hamada FreeIPA team jabber: oh

Re: [Freeipa-devel] [PATCH] 23 Allow one letter net/hostgroups names

On 05/02/2012 05:49 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2671 Changed regex validating net/hostgroup names to allow single letter names. Unit-tests added. But the current validation allows weird (host|net)group names like: ., .-, ... I'm just not sure, do we

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/24/2012 10:47 AM, Ondrej Hamada wrote: On 04/23/2012 07:58 PM, Simo Sorce wrote: On Mon, 2012-04-23 at 13:50 -0400, Dmitri Pal wrote: Ah OK. Another semantic difference. Doing it in phases is one thing and delivering is another. Let us say we identified 10 things that needs

[Freeipa-devel] [PATCH] 23 Allow one letter net/hostgroups names

fixes one of netgroup and host unit-tests. The error message in hostname validation function has changed (in ticket #1966). -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 62043ae72e77978c3315070eb09bb9939aa5b99e Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham

Re: [Freeipa-devel] Ticket #2293 - permission attribute check

,dc=com\22;): Invalid syntax. Martin What about simply let the command succeed and print out a warning like: 'Attribute passwordhistory is not a default one for specified object type. The permission might not be properly evaluated.' -- Regards, Ondrej Hamada FreeIPA team jabber: oh

Re: [Freeipa-devel] More types of replica in FreeIPA

, will do. I would like to start with the login server scenario. It will be possible to use it later as a 'training field' for the fractional replication and help deciding what entries should and shouldn't be replicated. Ok. Simo. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/18/2012 08:30 PM, Rich Megginson wrote: On 04/17/2012 06:42 AM, Simo Sorce wrote: On Tue, 2012-04-17 at 01:13 +0200, Ondrej Hamada wrote: Sorry for inactivity, I was struggling with a lot of school stuff. I've summed up the main goals, do you agree on them or should I add/remove any

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/19/2012 04:10 PM, Dmitri Pal wrote: On 04/19/2012 09:03 AM, Simo Sorce wrote: On Thu, 2012-04-19 at 14:18 +0200, Ondrej Hamada wrote: On 04/18/2012 08:30 PM, Rich Megginson wrote: * Credentials expiration on replica should be configurable What does this mean ? We should store

Re: [Freeipa-devel] More types of replica in FreeIPA

of the normal krbtgt to perform operations when user's krbtgt are presented to a different server. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-devel mailing list Freeipa-devel

[Freeipa-devel] [PATCH] 22 Always set ipa_hostname for sssd.conf

https://fedorahosted.org/freeipa/ticket/2527 ipa-client-install will always set ipa_hostname for sssd.conf in order to prevent the client from getting into weird state. -- Regards, Ondrej Hamada FreeIPA team jabber:oh...@jabbim.cz IRC: ohamada From 4f471211d6e0ab33e17bc1cda5d7c89045e2b3d5 Mon

Re: [Freeipa-devel] [PATCH] 21 Unable to rename permission object

On 04/10/2012 09:35 PM, Rob Crittenden wrote: Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2571 The update was failing because of the case insensitivity of permission object DN. Can you wrap the error in _() and add a couple of test cases for this, say one for the case

[Freeipa-devel] [PATCH] 21 Unable to rename permission object

https://fedorahosted.org/freeipa/ticket/2571 The update was failing because of the case insensitivity of permission object DN. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 75772d91024d961fc4193654a8ca128664b2d4d5 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/04/2012 06:16 PM, Ondrej Hamada wrote: On 04/04/2012 03:02 PM, Simo Sorce wrote: On Tue, 2012-04-03 at 18:45 +0200, Ondrej Hamada wrote: On 03/13/2012 01:13 AM, Dmitri Pal wrote: On 03/12/2012 06:10 PM, Simo Sorce wrote: On Mon, 2012-03-12 at 17:40 -0400, Dmitri Pal wrote: On 03/12

Re: [Freeipa-devel] [PATCH] 15 Confusing default user groups

On 03/27/2012 12:39 PM, Petr Vobornik wrote: On 03/26/2012 10:27 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 03/19/2012 05:25 PM, Martin Kosek wrote: On Tue, 2012-03-06 at 19:07 +0100, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2354 There was added '(fallback

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/04/2012 03:02 PM, Simo Sorce wrote: On Tue, 2012-04-03 at 18:45 +0200, Ondrej Hamada wrote: On 03/13/2012 01:13 AM, Dmitri Pal wrote: On 03/12/2012 06:10 PM, Simo Sorce wrote: On Mon, 2012-03-12 at 17:40 -0400, Dmitri Pal wrote: On 03/12/2012 04:16 PM, Simo Sorce wrote: On Mon, 2012

[Freeipa-devel] [PATCH] 20 Fix empty external member processing

https://fedorahosted.org/freeipa/ticket/2447 Validation of external member was failing for empty strings because of wrong condition. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 137c676c6c182f839cbcd9332f9d0f6d8d18b3f0 Mon Sep 17 00:00:00 2001 From: Ondrej

Re: [Freeipa-devel] [PATCH] 20 Fix empty external member processing

On 04/03/2012 12:22 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2447 Validation of external member was failing for empty strings because of wrong condition. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

Re: [Freeipa-devel] More types of replica in FreeIPA

On 03/13/2012 01:13 AM, Dmitri Pal wrote: On 03/12/2012 06:10 PM, Simo Sorce wrote: On Mon, 2012-03-12 at 17:40 -0400, Dmitri Pal wrote: On 03/12/2012 04:16 PM, Simo Sorce wrote: On Mon, 2012-03-12 at 20:38 +0100, Ondrej Hamada wrote: USER'S operations when connection is OK

Re: [Freeipa-devel] [PATCH] 0030 Allow multi-line CSV parameters

://www.redhat.com/mailman/listinfo/freeipa-devel ACK -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 16 Netgroup nisdomain and hosts validation

On 03/27/2012 01:57 PM, Martin Kosek wrote: On Fri, 2012-03-23 at 23:10 +0100, Ondrej Hamada wrote: On 03/15/2012 08:13 AM, Martin Kosek wrote: On Wed, 2012-03-14 at 16:54 +0100, Ondrej Hamada wrote: On 03/09/2012 04:34 PM, Martin Kosek wrote: On Thu, 2012-03-08 at 14:52 +0100, Ondrej Hamada

Re: [Freeipa-devel] [PATCH] 996 fix unit tests

://www.redhat.com/mailman/listinfo/freeipa-devel You were faster. Works for me. ACK -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-devel] [PATCH] 16 Netgroup nisdomain and hosts validation

On 03/15/2012 08:13 AM, Martin Kosek wrote: On Wed, 2012-03-14 at 16:54 +0100, Ondrej Hamada wrote: On 03/09/2012 04:34 PM, Martin Kosek wrote: On Thu, 2012-03-08 at 14:52 +0100, Ondrej Hamada wrote: Netgroup nisdomain and hosts validation nisdomain validation: Added pattern

Re: [Freeipa-devel] [PATCH] 15 Confusing default user groups

On 03/19/2012 05:25 PM, Martin Kosek wrote: On Tue, 2012-03-06 at 19:07 +0100, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2354 There was added '(fallback)' string in the automember plugin labels referring to automember default groups to point out, that the users are already

[Freeipa-devel] [PATCH] 19 Search allowed attributes in superior objectclasses

of get_allowed_attributes on the superior objectclasses. Test case that revealed the regression was added into the unit-tests. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 5399a72edd69c5f59ba1308e03a17531557faf11 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada

[Freeipa-devel] [PATCH] 18 Typos in FreeIPA messages

, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 8cdd8d2000167a1db924f3eb73d50555ffc32768 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com Date: Wed, 14 Mar 2012 13:16:29 +0100 Subject: [PATCH] Typos in FreeIPA messages Rebased patch sent by Yuri Chornoivan (yurc

Re: [Freeipa-devel] [PATCH] 16 Netgroup nisdomain and hosts validation

On 03/09/2012 04:34 PM, Martin Kosek wrote: On Thu, 2012-03-08 at 14:52 +0100, Ondrej Hamada wrote: Netgroup nisdomain and hosts validation nisdomain validation: Added pattern to the 'nisdomain' parameter to validate the specified nisdomain name. According to most common use cases the same

Re: [Freeipa-devel] More types of replica in FreeIPA

On 03/08/2012 04:54 PM, Dmitri Pal wrote: On 03/06/2012 01:30 PM, Ondrej Hamada wrote: On 03/06/2012 05:47 PM, Dmitri Pal wrote: On 03/06/2012 10:59 AM, Simo Sorce wrote: On Tue, 2012-03-06 at 10:56 -0500, Dmitri Pal wrote: [...] For a read-only KDC we need to investigate what's the better

[Freeipa-devel] [PATCH] 17 More exception handlers in ipa-client-install

, the installation is aborted and changes are rolled back. #1995 -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From e3e556d68f4f04df5ca948341d6b8c0384df47b6 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com Date: Fri, 9 Mar 2012 13:04:23 +0100 Subject: [PATCH

[Freeipa-devel] [PATCH] 16 Netgroup nisdomain and hosts validation

validation: Added precallback to netgroup_add_member. It validates the specified hostnames and raises ValidationError exception for invalid hostnames. Unit-test added. https://fedorahosted.org/freeipa/ticket/2448 -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From

[Freeipa-devel] [PATCH] 15 Confusing default user groups

will be additional one - a fallback group. -- Regards, Ondrej Hamada FreeIPA team jabber:oh...@jabbim.cz IRC: ohamada From d0cb34a172b23806e6047f85d668e478ae96c4f2 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com Date: Tue, 6 Mar 2012 12:00:34 +0100 Subject: [PATCH] Confusing

Re: [Freeipa-devel] More types of replica in FreeIPA

forwarding must be implemented. I suppose that there shouldn't be big problem to decide during the installation to turn the caching off by some option like '-no-chaching' so that the consumer could be used for the third use case as well. -- Regards, Ondrej Hamada FreeIPA team jabber: oh

Re: [Freeipa-devel] [PATCH] 14 ipa permission-add does not fail if using invalid attribute

On 02/28/2012 09:57 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 02/27/2012 03:22 PM, Rob Crittenden wrote: Ondrej Hamada wrote: When adding or modifying permission with both type and attributes specified, check whether the attributes are allowed for specified type. In case

Re: [Freeipa-devel] [PATCH] 12 When migrating warn user if compat is enabled

On 02/28/2012 10:52 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 02/27/2012 09:47 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 02/21/2012 02:32 PM, Ondrej Hamada wrote: On 02/20/2012 06:53 PM, Rob Crittenden wrote: Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2274

[Freeipa-devel] More types of replica in FreeIPA

to let users authenticate against these replicas? Is it correct to leave classified data like passwords on these replicas? Thanks in advance for your reactions Ondra -- Regards, Ondrej Hamada FreeIPA team jabber:oh...@jabbim.cz IRC: ohamada

Re: [Freeipa-devel] [PATCH] 12 When migrating warn user if compat is enabled

On 02/27/2012 09:47 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 02/21/2012 02:32 PM, Ondrej Hamada wrote: On 02/20/2012 06:53 PM, Rob Crittenden wrote: Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2274 Added check into migration plugin to warn user when compat

Re: [Freeipa-devel] [PATCH] 14 ipa permission-add does not fail if using invalid attribute

On 02/27/2012 03:22 PM, Rob Crittenden wrote: Ondrej Hamada wrote: When adding or modifying permission with both type and attributes specified, check whether the attributes are allowed for specified type. In case of disallowed attributes the InvalidSyntax error is raised. New tests were also

Re: [Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig

On 02/25/2012 08:30 PM, Alexander Bokovoy wrote: On Thu, 23 Feb 2012, Ondrej Hamada wrote: Option '--noac' was added. If set, the ipa-client-install will not call authconfig for setting nsswitch.conf and PAM configuration. In fact no configuration of nsswitch.conf or PAM would be done at all

[Freeipa-devel] [PATCH] 14 ipa permission-add does not fail if using invalid attribute

-- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 80326444a08076f6e8a1f62296ea33413b526a9b Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com Date: Sun, 26 Feb 2012 03:38:08 +0100 Subject: [PATCH] Validate attributes in permission-add When adding

Re: [Freeipa-devel] [PATCH] 930 add conflicts on mod_ssl

___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK, but needs rebase - there's problem in the changelog part -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada

[Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig

Option '--noac' was added. If set, the ipa-client-install will not call authconfig for setting nsswitch.conf and PAM configuration. In fact no configuration of nsswitch.conf or PAM would be done at all. https://fedorahosted.org/freeipa/ticket/2369 -- Regards, Ondrej Hamada FreeIPA team jabber

Re: [Freeipa-devel] [PATCH] 12 When migrating warn user if compat is enabled

On 02/21/2012 02:32 PM, Ondrej Hamada wrote: On 02/20/2012 06:53 PM, Rob Crittenden wrote: Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2274 Added check into migration plugin to warn user when compat is enabled. If compat is enabled, the migration fails and user is warned

Re: [Freeipa-devel] [PATCH] 12 When migrating warn user if compat is enabled

On 02/20/2012 06:53 PM, Rob Crittenden wrote: Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2274 Added check into migration plugin to warn user when compat is enabled. If compat is enabled, the migration fails and user is warned that he must turn the compat off or run the script

[Freeipa-devel] [PATCH] 12 When migrating warn user if compat is enabled

a flag, by default set to false. If it is set, the compat check is skipped. -- Regards, Ondrej Hamada FreeIPA team jabber:oh...@jabbim.cz IRC: ohamada From 2b146dc28bdf35b5840cd193f59ff32db226548a Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com Date: Wed, 15 Feb 2012 14:56:39

Re: [Freeipa-devel] [PATCH] 11 Checking and modifying of memberof attribute

On 02/06/2012 05:03 PM, Martin Kosek wrote: On Mon, 2012-02-06 at 12:14 +0100, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2255 https://fedorahosted.org/freeipa/ticket/2286 https://fedorahosted.org/freeipa/ticket/2305 Added checking of existence of groups that are specified

[Freeipa-devel] [PATCH] 11 Checking and modifying of memberof attribute

. Additional unit tests for checking new behaviour were created. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From e26c980cffc5703845aeca4dba28dcca0364ab3a Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com Date: Mon, 6 Feb 2012 11:04:15 +0100 Subject: [PATCH

Re: [Freeipa-devel] [PATCH] 10 --no-reverse option in ipa-replica-install is not honoured

On 01/26/2012 09:24 AM, Jan Cholasta wrote: Dne 25.1.2012 17:50, Ondrej Hamada napsal(a): https://fedorahosted.org/freeipa/ticket/2161 The option '--no-reverse' was not honoured in replica-install because of wrongly placed condition checking. NACK The --no-reverse options means do

[Freeipa-devel] [PATCH] 10 --no-reverse option in ipa-replica-install is not honoured

https://fedorahosted.org/freeipa/ticket/2161 The option '--no-reverse' was not honoured in replica-install because of wrongly placed condition checking. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 5aa9a2238ee5c32aeebf3c2cabc6aa5c31794822 Mon Sep 17 00:00

[Freeipa-devel] [PATCH] 9 Don't set nsds5replicaupdateschedule in replication agreements

https://fedorahosted.org/freeipa/ticket/1482 The nsDS5ReplicaUpdateSchedule parameter is omitted what results in replication being run all the time. The parameter is still used for forcing replica update but after that action it is always deleted. -- Regards, Ondrej Hamada FreeIPA team jabber

[Freeipa-devel] [PATCH] 8 localhost.localdomain clients refused to join ipa domain

https://fedorahosted.org/freeipa/ticket/2112 Machines with hostname 'localhost.localdomain' are refused from joining IPA domain and proper error message is shown. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 0d91a4ba654ba47759cdecdd60bc7d938d11313b Mon Sep

Re: [Freeipa-devel] [PATCH] 7 Ignore srchost option in hbactest

On 01/05/2012 05:40 PM, Alexander Bokovoy wrote: On Thu, 05 Jan 2012, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2085 New version of SSSD begins ignoring sourcehost value of HBAC rules by default. In order to match this behaviour the sourcehost option in hbactest is optional

[Freeipa-devel] [PATCH] 7 Ignore srchost option in hbactest

the same result. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From fd585c817c57596cba1caaee86f41d8b115040e6 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com Date: Thu, 5 Jan 2012 17:03:53 +0100 Subject: [PATCH] HBAC test optional sourcehost option New

Re: [Freeipa-devel] [PATCH] 5 User-add random password support

On 11/29/2011 10:31 AM, Martin Kosek wrote: On Thu, 2011-11-24 at 17:51 +0100, Ondrej Hamada wrote: On 11/24/2011 03:54 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/1979 I've used code from ipalib/plugins/host.py to add support for random password generation. The '--random

Re: [Freeipa-devel] [PATCH] 6 Sort password policy by priority

On 11/29/2011 08:43 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 11/29/2011 03:46 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2045 'ipa pwpolicy-find' output is now sorted by priority of the policies. Lower position means lower priority. Global policy

Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap

On 11/29/2011 10:33 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 11/11/2011 02:55 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install

[Freeipa-devel] [PATCH] 6 Sort password policy by priority

is not allowed to have any priority. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 6 Sort password policy by priority

On 11/29/2011 03:46 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2045 'ipa pwpolicy-find' output is now sorted by priority of the policies. Lower position means lower priority. Global policy is then at the bottom. The changes has also affected LDAPSearch class

[Freeipa-devel] [PATCH] 5 User-add random password support

will be ignored. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 5787f847de123f1426080830db138ac88bc83751 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com Date: Thu, 24 Nov 2011 15:39:22 +0100 Subject: [PATCH] User-add random password support I've used code from

[Freeipa-devel] [PATCH] 4 ipa-client-install fails when not run as root

initialization. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From f7a53fa52cd2e757a183015d17b6d5c4d8dae08d Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham...@redhat.com Date: Fri, 18 Nov 2011 13:55:16 +0100 Subject: [PATCH] Client install root privileges check ipa-client

Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap

On 11/11/2011 02:55 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files

[Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap

/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. -- Regards, Ondrej Hamada FreeIPA team jabber:oh...@jabbim.cz IRC: ohamada From 741e6da0531986ed32f4e3ef0fbb53e5fbd5ee44 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada oham

Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap

On 11/11/2011 03:25 PM, Alexander Bokovoy wrote: On Fri, 11 Nov 2011, Rob Crittenden wrote: Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install

Re: [Freeipa-devel] [PATCH] the 'Keytab:' field in ipa user-show output is misleading

On 11/10/2011 10:30 AM, Martin Kosek wrote: On Tue, 2011-11-08 at 20:41 +0100, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/1961 The 'Keytab' filed in output of all 'user-*' commands was changed to 'Kerberos keys available'. In order to do this change for 'user-*' commands only

[Freeipa-devel] [PATCH] the 'Keytab:' field in ipa user-show output is misleading

. This change also affected the host.py and service.py, where the 'has_keytab' flag was added to their local output params. Both host.py and service.py holds the old field caption - 'Keytab' - because of compatibility with older clients. -- Regards, Ondrej Hamada FreeIPA team jabber:oh...@jabbim.cz

[Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

user-add jsmith --firt=john --last=smith 1.658 | 2.235 | ipa user-del jsmith 1.624 | 2.204 | ipa dnsrecord-find example.com -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada diff --git a/ipalib/plugable.py b/ipalib/plugable.py index

Re: [Freeipa-devel] [PATCH] 1 Do lazy initializiation ipalib

On 10/25/2011 04:01 PM, Martin Kosek wrote: On Tue, 2011-10-25 at 15:29 +0200, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/1336 Lazy initialization of ipalib plugins is used under all contexts, not only when context = cli. Every loaded plugin is pre-finalized - a flag is set