From rmeggins at redhat.com Tue Sep 1 21:23:39 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 01 Sep 2009 15:23:39 -0600 Subject: [389-devel] Upgrade procedures Message-ID: <4A9D90DB.5020200@redhat.com> I'm envisioning something like patch files in an RPM - things that can easily come and go depending on what needs to be done for a particular release. In this case, instead of patch files, these would be short perl or shell scripts. These would be invoked once or once per instance. One way would be to have a large script which would be edited for each release, adding or deleting code as needed. This is the way it worked in the past - the file quickly becomes "unruly". However, we would only have to touch Makefile.am once to add the upgrade script. Another way would be to have small scripts that could come and go with each release. The disadvantage is that we would be constantly adding/deleting items from Makefile.am. This is what I would prefer. Before invoking the update scripts, the code would create some sort of context, containing information about the config directory, each instance, and an identity and credentials that can be used to manage each instance. For example, when you run setup-ds-admin.pl -u, it uses the uid=admin identity and asks for the password, then uses that identity to manage each instance. However, in the case where there is just the base ds package, we would need some way to ask or specify the identity for each instance. For the UI, I don't think there's any way around just simply asking for the username and password for each instance (we can default the username to directory manager or the last value specified). For .inf file usage, I was thinking about adding a new section - [slapd-instancename] - in which you could specify the RootDN and RootDNPwd. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Tue Sep 1 21:52:07 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 01 Sep 2009 14:52:07 -0700 Subject: [389-devel] Upgrade procedures In-Reply-To: <4A9D90DB.5020200@redhat.com> References: <4A9D90DB.5020200@redhat.com> Message-ID: <4A9D9787.2040309@redhat.com> On 09/01/2009 02:23 PM, Rich Megginson wrote: > I'm envisioning something like patch files in an RPM - things that can > easily come and go depending on what needs to be done for a particular > release. In this case, instead of patch files, these would be short > perl or shell scripts. These would be invoked once or once per instance. > > One way would be to have a large script which would be edited for each > release, adding or deleting code as needed. This is the way it worked > in the past - the file quickly becomes "unruly". However, we would > only have to touch Makefile.am once to add the upgrade script. You mean like the migrate4to6, migrate5to6, etc. stuff? > > Another way would be to have small scripts that could come and go with > each release. The disadvantage is that we would be constantly > adding/deleting items from Makefile.am. This is what I would prefer. I prefer the scriptlet approach too. How do you envision dealing with upgrading from different versions? For example, we would need to do much different work upgrading from 1.1 -> 1.3 than we would from 1.2 -> 1.3. Will there be some way for the scriptlet to specify what versions it needs to be run for? > > Before invoking the update scripts, the code would create some sort of > context, containing information about the config directory, each > instance, and an identity and credentials that can be used to manage > each instance. For example, when you run setup-ds-admin.pl -u, it > uses the uid=admin identity and asks for the password, then uses that > identity to manage each instance. However, in the case where there is > just the base ds package, we would need some way to ask or specify the > identity for each instance. For the UI, I don't think there's any way > around just simply asking for the username and password for each > instance (we can default the username to directory manager or the last > value specified). For .inf file usage, I was thinking about adding a > new section - [slapd-instancename] - in which you could specify the > RootDN and RootDNPwd. > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Sep 1 22:38:45 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 01 Sep 2009 16:38:45 -0600 Subject: [389-devel] Upgrade procedures In-Reply-To: <4A9D9787.2040309@redhat.com> References: <4A9D90DB.5020200@redhat.com> <4A9D9787.2040309@redhat.com> Message-ID: <4A9DA275.2020004@redhat.com> Nathan Kinder wrote: > On 09/01/2009 02:23 PM, Rich Megginson wrote: >> I'm envisioning something like patch files in an RPM - things that >> can easily come and go depending on what needs to be done for a >> particular release. In this case, instead of patch files, these >> would be short perl or shell scripts. These would be invoked once or >> once per instance. >> >> One way would be to have a large script which would be edited for >> each release, adding or deleting code as needed. This is the way it >> worked in the past - the file quickly becomes "unruly". However, we >> would only have to touch Makefile.am once to add the upgrade script. > You mean like the migrate4to6, migrate5to6, etc. stuff? Sort of, but much smaller. And not necessarily version specific - see below. >> >> Another way would be to have small scripts that could come and go >> with each release. The disadvantage is that we would be constantly >> adding/deleting items from Makefile.am. This is what I would prefer. > I prefer the scriptlet approach too. > > How do you envision dealing with upgrading from different versions? > For example, we would need to do much different work upgrading from > 1.1 -> 1.3 than we would from 1.2 -> 1.3. Will there be some way for > the scriptlet to specify what versions it needs to be run for? I'm hoping to avoid looking at explicit versions. Instead, I would prefer that the scriptlet would determine if the work it needed to do is already done. For example, upgrading from 1.2.0 to 1.2.x would need to add the syntax validation plugin. The scriptlet should check to see if the syntax validation plugin exists before adding it. I can't really think of anything which would require an explicit version. >> >> Before invoking the update scripts, the code would create some sort >> of context, containing information about the config directory, each >> instance, and an identity and credentials that can be used to manage >> each instance. For example, when you run setup-ds-admin.pl -u, it >> uses the uid=admin identity and asks for the password, then uses that >> identity to manage each instance. However, in the case where there >> is just the base ds package, we would need some way to ask or specify >> the identity for each instance. For the UI, I don't think there's >> any way around just simply asking for the username and password for >> each instance (we can default the username to directory manager or >> the last value specified). For .inf file usage, I was thinking about >> adding a new section - [slapd-instancename] - in which you could >> specify the RootDN and RootDNPwd. >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Tue Sep 1 23:00:50 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 01 Sep 2009 16:00:50 -0700 Subject: [389-devel] Upgrade procedures In-Reply-To: <4A9DA275.2020004@redhat.com> References: <4A9D90DB.5020200@redhat.com> <4A9D9787.2040309@redhat.com> <4A9DA275.2020004@redhat.com> Message-ID: <4A9DA7A2.1080608@redhat.com> On 09/01/2009 03:38 PM, Rich Megginson wrote: > Nathan Kinder wrote: >> On 09/01/2009 02:23 PM, Rich Megginson wrote: >>> I'm envisioning something like patch files in an RPM - things that >>> can easily come and go depending on what needs to be done for a >>> particular release. In this case, instead of patch files, these >>> would be short perl or shell scripts. These would be invoked once >>> or once per instance. >>> >>> One way would be to have a large script which would be edited for >>> each release, adding or deleting code as needed. This is the way it >>> worked in the past - the file quickly becomes "unruly". However, we >>> would only have to touch Makefile.am once to add the upgrade script. >> You mean like the migrate4to6, migrate5to6, etc. stuff? > Sort of, but much smaller. And not necessarily version specific - see > below. >>> >>> Another way would be to have small scripts that could come and go >>> with each release. The disadvantage is that we would be constantly >>> adding/deleting items from Makefile.am. This is what I would prefer. >> I prefer the scriptlet approach too. >> >> How do you envision dealing with upgrading from different versions? >> For example, we would need to do much different work upgrading from >> 1.1 -> 1.3 than we would from 1.2 -> 1.3. Will there be some way for >> the scriptlet to specify what versions it needs to be run for? > I'm hoping to avoid looking at explicit versions. Instead, I would > prefer that the scriptlet would determine if the work it needed to do > is already done. For example, upgrading from 1.2.0 to 1.2.x would > need to add the syntax validation plugin. The scriptlet should check > to see if the syntax validation plugin exists before adding it. I > can't really think of anything which would require an explicit version. That makes sense. We may want to talk with Rob C. since I think he's done something similar for FreeIPA's upgrade procedure with regards to DS plug-in config. Perhaps he has some insight. >>> >>> Before invoking the update scripts, the code would create some sort >>> of context, containing information about the config directory, each >>> instance, and an identity and credentials that can be used to manage >>> each instance. For example, when you run setup-ds-admin.pl -u, it >>> uses the uid=admin identity and asks for the password, then uses >>> that identity to manage each instance. However, in the case where >>> there is just the base ds package, we would need some way to ask or >>> specify the identity for each instance. For the UI, I don't think >>> there's any way around just simply asking for the username and >>> password for each instance (we can default the username to directory >>> manager or the last value specified). For .inf file usage, I was >>> thinking about adding a new section - [slapd-instancename] - in >>> which you could specify the RootDN and RootDNPwd. >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> 389-devel mailing list >>> 389-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Sep 2 15:15:13 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 02 Sep 2009 09:15:13 -0600 Subject: [389-devel] Upgrade procedures In-Reply-To: <4A9DA7A2.1080608@redhat.com> References: <4A9D90DB.5020200@redhat.com> <4A9D9787.2040309@redhat.com> <4A9DA275.2020004@redhat.com> <4A9DA7A2.1080608@redhat.com> Message-ID: <4A9E8C01.1030304@redhat.com> Nathan Kinder wrote: > On 09/01/2009 03:38 PM, Rich Megginson wrote: >> Nathan Kinder wrote: >>> On 09/01/2009 02:23 PM, Rich Megginson wrote: >>>> I'm envisioning something like patch files in an RPM - things that >>>> can easily come and go depending on what needs to be done for a >>>> particular release. In this case, instead of patch files, these >>>> would be short perl or shell scripts. These would be invoked once >>>> or once per instance. >>>> >>>> One way would be to have a large script which would be edited for >>>> each release, adding or deleting code as needed. This is the way >>>> it worked in the past - the file quickly becomes "unruly". >>>> However, we would only have to touch Makefile.am once to add the >>>> upgrade script. >>> You mean like the migrate4to6, migrate5to6, etc. stuff? >> Sort of, but much smaller. And not necessarily version specific - >> see below. >>>> >>>> Another way would be to have small scripts that could come and go >>>> with each release. The disadvantage is that we would be constantly >>>> adding/deleting items from Makefile.am. This is what I would prefer. >>> I prefer the scriptlet approach too. >>> >>> How do you envision dealing with upgrading from different versions? >>> For example, we would need to do much different work upgrading from >>> 1.1 -> 1.3 than we would from 1.2 -> 1.3. Will there be some way >>> for the scriptlet to specify what versions it needs to be run for? >> I'm hoping to avoid looking at explicit versions. Instead, I would >> prefer that the scriptlet would determine if the work it needed to do >> is already done. For example, upgrading from 1.2.0 to 1.2.x would >> need to add the syntax validation plugin. The scriptlet should check >> to see if the syntax validation plugin exists before adding it. I >> can't really think of anything which would require an explicit version. > That makes sense. We may want to talk with Rob C. since I think he's > done something similar for FreeIPA's upgrade procedure with regards to > DS plug-in config. Perhaps he has some insight. I think they use ldif files that they either pass to ldapmodify or parse with python-ldap. I think it would be useful to do that too, and possibly provide hooks that ipa could use. So we can have 3 types of files to execute during upgrade perl code - small perl scripts, which can be imported into the setup perl interpreter and executed in that context ldif - which can be applied by the use of our current ldif code in setup executable code - which will primarily be shell scripts, but I don't think there is any reason to limit it - we will need some way to pass the context to them, probably in the form of environment variables (INSTANCEDIR=/etc/dirsrv/slapd-foo ; BINDDN="cn=directory manager"; BINDPW="password" ; etc.) I think there will have to some sort of manifest file (or main controlling script) to control the order of execution of these upgrade scripts/ldif. Either that, or some sort of scheme like we use for schema files - name the files 00something through 99something and have them executed in order. The numbering scheme might be tricky to manage. The manifest/upgrade script will probably get ugly after a while. >>>> >>>> Before invoking the update scripts, the code would create some sort >>>> of context, containing information about the config directory, each >>>> instance, and an identity and credentials that can be used to >>>> manage each instance. For example, when you run setup-ds-admin.pl >>>> -u, it uses the uid=admin identity and asks for the password, then >>>> uses that identity to manage each instance. However, in the case >>>> where there is just the base ds package, we would need some way to >>>> ask or specify the identity for each instance. For the UI, I don't >>>> think there's any way around just simply asking for the username >>>> and password for each instance (we can default the username to >>>> directory manager or the last value specified). For .inf file >>>> usage, I was thinking about adding a new section - >>>> [slapd-instancename] - in which you could specify the RootDN and >>>> RootDNPwd. >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> 389-devel mailing list >>>> 389-devel at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >>>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> 389-devel mailing list >>> 389-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >>> >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Tue Sep 8 17:15:12 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 08 Sep 2009 10:15:12 -0700 Subject: [389-devel] Please Review: Add selinux policy module for ns-slapd Message-ID: <4AA69120.8080800@redhat.com> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Add-selinux-policy-for-ns-slapd.patch URL: From nhosoi at redhat.com Wed Sep 9 01:05:20 2009 From: nhosoi at redhat.com (Noriko Hosoi) Date: Tue, 08 Sep 2009 18:05:20 -0700 Subject: [389-devel] Please Review: Add selinux policy module for ns-slapd In-Reply-To: <4AA69120.8080800@redhat.com> References: <4AA69120.8080800@redhat.com> Message-ID: <4AA6FF50.6090702@redhat.com> Thanks for the lecture! Your implementation looks good to me. --noriko On 09/08/2009 10:15 AM, Nathan Kinder wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Sep 9 16:46:33 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 09 Sep 2009 10:46:33 -0600 Subject: [389-devel] Please Review: Add selinux policy module for ns-slapd In-Reply-To: <4AA69120.8080800@redhat.com> References: <4AA69120.8080800@redhat.com> Message-ID: <4AA7DBE9.9030705@redhat.com> Nathan Kinder wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel Ok. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Wed Sep 9 17:01:31 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 09 Sep 2009 10:01:31 -0700 Subject: [389-devel] Please Review: Add selinux policy module for ns-slapd In-Reply-To: <4AA69120.8080800@redhat.com> References: <4AA69120.8080800@redhat.com> Message-ID: <4AA7DF6B.8070101@redhat.com> On 09/08/2009 10:15 AM, Nathan Kinder wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > Thanks to Rich and Noriko for their reviews. Pushed to master. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nkinder at redhat.com Thu Sep 10 15:38:20 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 10 Sep 2009 08:38:20 -0700 Subject: [389-devel] Please Review: SELinux policy change for LDAPI Message-ID: <4AA91D6C.6080303@redhat.com> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-SELinux-policy-change-for-LDAPI.patch URL: From rmeggins at redhat.com Thu Sep 10 15:53:13 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 10 Sep 2009 09:53:13 -0600 Subject: [389-devel] Please Review: SELinux policy change for LDAPI In-Reply-To: <4AA91D6C.6080303@redhat.com> References: <4AA91D6C.6080303@redhat.com> Message-ID: <4AA920E9.1030000@redhat.com> Nathan Kinder wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel ack -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Sep 10 16:47:47 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 10 Sep 2009 09:47:47 -0700 Subject: [389-devel] Please Review: SELinux policy change for LDAPI In-Reply-To: <4AA920E9.1030000@redhat.com> References: <4AA91D6C.6080303@redhat.com> <4AA920E9.1030000@redhat.com> Message-ID: <4AA92DB3.5040900@redhat.com> On 09/10/2009 08:53 AM, Rich Megginson wrote: > Nathan Kinder wrote: >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel > ack Thanks for the review! Pushed to master. > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nkinder at redhat.com Wed Sep 16 16:40:31 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 16 Sep 2009 09:40:31 -0700 Subject: [389-devel] Please Review: Add SELinux policy for SNMP subagent (ldap-agent) Message-ID: <4AB114FF.6090004@redhat.com> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Add-SELinux-policy-for-ldap-agent.patch URL: From nhosoi at redhat.com Wed Sep 16 17:00:43 2009 From: nhosoi at redhat.com (Noriko Hosoi) Date: Wed, 16 Sep 2009 10:00:43 -0700 Subject: [389-devel] Please Review: Add SELinux policy for SNMP subagent (ldap-agent) In-Reply-To: <4AB114FF.6090004@redhat.com> References: <4AB114FF.6090004@redhat.com> Message-ID: <4AB119BB.2010907@redhat.com> On 09/16/2009 09:40 AM, Nathan Kinder wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > Looks good. --noriko -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3250 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Sep 17 15:17:32 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 17 Sep 2009 08:17:32 -0700 Subject: [389-devel] Please Review: Add SELinux policy for SNMP subagent (ldap-agent) In-Reply-To: <4AB119BB.2010907@redhat.com> References: <4AB114FF.6090004@redhat.com> <4AB119BB.2010907@redhat.com> Message-ID: <4AB2530C.9030708@redhat.com> On 09/16/2009 10:00 AM, Noriko Hosoi wrote: > On 09/16/2009 09:40 AM, Nathan Kinder wrote: >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > Looks good. Thanks for the review! Pushed to master. > --noriko > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nkinder at redhat.com Thu Sep 17 22:05:38 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 17 Sep 2009 15:05:38 -0700 Subject: [389-devel] Please Review: Don't use admin-pattern macro in SELinux policy Message-ID: <4AB2B2B2.20505@redhat.com> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Don-t-use-admin_pattern-macro-in-SELinux-policy.patch URL: From rmeggins at redhat.com Thu Sep 17 22:11:18 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 17 Sep 2009 16:11:18 -0600 Subject: [389-devel] Please Review: Don't use admin-pattern macro in SELinux policy In-Reply-To: <4AB2B2B2.20505@redhat.com> References: <4AB2B2B2.20505@redhat.com> Message-ID: <4AB2B406.6040307@redhat.com> Nathan Kinder wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel ack -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Sep 17 22:27:19 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 17 Sep 2009 15:27:19 -0700 Subject: [389-devel] Please Review: Don't use admin-pattern macro in SELinux policy In-Reply-To: <4AB2B406.6040307@redhat.com> References: <4AB2B2B2.20505@redhat.com> <4AB2B406.6040307@redhat.com> Message-ID: <4AB2B7C7.1080602@redhat.com> On 09/17/2009 03:11 PM, Rich Megginson wrote: > Nathan Kinder wrote: >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel > ack Thanks for the review! Pushed to master. > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu Sep 17 23:12:44 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 17 Sep 2009 17:12:44 -0600 Subject: [389-devel] Please review: Add update code - make setup-ds.pl -u do updates Message-ID: <4AB2C26C.4030208@redhat.com> -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-update-code-make-setup-ds.pl-u-do-updates.patch Type: text/x-patch Size: 114729 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Sep 17 23:13:39 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 17 Sep 2009 17:13:39 -0600 Subject: [389-devel] Please review: Add support for new ds base update framework Message-ID: <4AB2C2A3.6030606@redhat.com> This is for the admin server/console code -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-support-for-new-ds-base-update-framework.patch Type: text/x-patch Size: 38711 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Fri Sep 18 23:36:24 2009 From: nhosoi at redhat.com (Noriko Hosoi) Date: Fri, 18 Sep 2009 16:36:24 -0700 Subject: [389-devel] Please review: Add support for new ds base update framework In-Reply-To: <4AB2C2A3.6030606@redhat.com> References: <4AB2C2A3.6030606@redhat.com> Message-ID: <4AB41978.5070105@redhat.com> On 09/17/2009 04:13 PM, Rich Megginson wrote: > This is for the admin server/console code > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > Looks good to me. -noriko -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3250 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Mon Sep 21 18:19:09 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Mon, 21 Sep 2009 11:19:09 -0700 Subject: [389-devel] Please review: Add update code - make setup-ds.pl -u do updates In-Reply-To: <4AB2C26C.4030208@redhat.com> References: <4AB2C26C.4030208@redhat.com> Message-ID: <4AB7C39D.1000204@redhat.com> On 09/17/2009 04:12 PM, Rich Megginson wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > ack. Looks good! -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Sep 21 19:22:28 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 21 Sep 2009 13:22:28 -0600 Subject: [389-devel] Please review: Add update code - make setup-ds.pl -u do updates In-Reply-To: <4AB41960.90007@redhat.com> References: <4AB2C26C.4030208@redhat.com> <4AB41960.90007@redhat.com> Message-ID: <4AB7D274.2060400@redhat.com> Noriko Hosoi wrote: > On 09/17/2009 04:12 PM, Rich Megginson wrote: >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > Hi Rich, > > I noticed these 2 minor things. Other than these, your patch looks good. Thanks. Fixed and pushed to master. To ssh://git.fedorahosted.org/git/389/ds.git 2de80f5..cc89083 master -> master commit cc89083f1177606d4cbbb52f8cdc5e34d0d16f70 Author: Rich Megginson Date: Wed Sep 9 17:01:49 2009 -0600 Add update code - make setup-ds.pl -u do updates > > diff --git a/ldap/admin/src/scripts/Setup.pm.in > b/ldap/admin/src/scripts/Setup.pm.in > index 7ad57c1..f314d67 100644 > --- a/ldap/admin/src/scripts/Setup.pm.in > +++ b/ldap/admin/src/scripts/Setup.pm.in > @@ -142,6 +145,7 @@ sub init { > $self->{keep} = $keep; > $self->{preonly} = $preonly; > $self->{update} = $update; > + $self->{force} = *$update;* <== could this be "$force"? > $self->{logfile} = $logfile; > $self->{log} = new SetupLog($self->{logfile}); > # if user supplied inf file, use that to initializ > > > diff --git a/ldap/admin/src/scripts/dsupdate.map.in > b/ldap/admin/src/scripts/dsupdate.map.in > new file mode 100644 > +# Copyright (C) *2007* Red Hat, Inc. <== 2009? :) > +# All rights reserved. > +# END COPYRIGHT BLOCK > > --noriko > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Sep 21 21:11:02 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 21 Sep 2009 15:11:02 -0600 Subject: [389-devel] Please review: Running setup-ds-admin.pl -u on replica with ldaps chokes on CA cert Message-ID: <4AB7EBE6.3070504@redhat.com> -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Running-setup-ds-admin.pl-u-on-replica-with-ldaps-c.patch Type: text/x-patch Size: 1583 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Mon Sep 21 21:10:35 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Mon, 21 Sep 2009 14:10:35 -0700 Subject: [389-devel] Please review: Running setup-ds-admin.pl -u on replica with ldaps chokes on CA cert In-Reply-To: <4AB7EBE6.3070504@redhat.com> References: <4AB7EBE6.3070504@redhat.com> Message-ID: <4AB7EBCB.40408@redhat.com> On 09/21/2009 02:11 PM, Rich Megginson wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > ack. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Mon Sep 21 21:23:23 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 21 Sep 2009 15:23:23 -0600 Subject: [389-devel] Please review: Running setup-ds-admin.pl -u on replica with ldaps chokes on CA cert In-Reply-To: <4AB7EBCB.40408@redhat.com> References: <4AB7EBE6.3070504@redhat.com> <4AB7EBCB.40408@redhat.com> Message-ID: <4AB7EECB.1060006@redhat.com> Nathan Kinder wrote: > On 09/21/2009 02:11 PM, Rich Megginson wrote: >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > ack. Thanks - pushed to master > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Sep 22 01:48:57 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 21 Sep 2009 19:48:57 -0600 Subject: [389-devel] Please review: Bug 523476 - 389-ds-base/glibmm24: conflicting perl provides Message-ID: <4AB82D09.5090303@redhat.com> Basically just rename Util to DSUtil https://bugzilla.redhat.com/attachment.cgi?id=362019&action=diff https://bugzilla.redhat.com/attachment.cgi?id=362020&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Sep 22 02:17:35 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 21 Sep 2009 20:17:35 -0600 Subject: [389-devel] Please review: Bug 523476 - 389-ds-base/glibmm24: conflicting perl provides In-Reply-To: <4AB82D09.5090303@redhat.com> References: <4AB82D09.5090303@redhat.com> Message-ID: <4AB833BF.3040708@redhat.com> Rich Megginson wrote: > Basically just rename Util to DSUtil > https://bugzilla.redhat.com/attachment.cgi?id=362019&action=diff > https://bugzilla.redhat.com/attachment.cgi?id=362020&action=diff Thanks Noriko! Pushed to master. > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Sep 22 02:18:36 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 21 Sep 2009 20:18:36 -0600 Subject: [389-devel] Please review: Bug 520483 - setup-ds-admin.pl: Can't call method "getErrorString" on an undefined value at /usr/lib64/dirsrv/perl/AdminUtil.pm line 405. Message-ID: <4AB833FC.4050402@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=520483 Resolves: bug 520483 Bug Description: setup-ds-admin.pl: Can't call method "getErrorString" on an undefined value at /usr/lib64/dirsrv/perl/AdminUtil.pm line 405. Reviewed by: ??? Files: see diff Fix Description: Just use "unknown" as the error string. Platforms tested: Fedora 11 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=362022&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Sep 22 16:04:54 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 22 Sep 2009 10:04:54 -0600 Subject: [389-devel] Re: [Bug 520483] setup-ds-admin.pl: Can't call method "getErrorString" on an undefined value at /usr/lib64/dirsrv/perl/AdminUtil.pm line 405. In-Reply-To: <200909221451.n8MEperM012214@bz-web1.app.phx.redhat.com> References: <200909221451.n8MEperM012214@bz-web1.app.phx.redhat.com> Message-ID: <4AB8F5A6.2010705@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=520483 > > > Nathan Kinder changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nkinder at redhat.com > Devel Whiteboard|comment#2.review? |comment#2.review+nkinder > Thanks - pushed to master. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Tue Sep 22 16:04:42 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 22 Sep 2009 09:04:42 -0700 Subject: [389-devel] Please Review: Don't build policy module from Makefile Message-ID: <4AB8F59A.9090109@redhat.com> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Don-t-build-policy-module-from-Makefile.patch URL: From nhosoi at redhat.com Tue Sep 22 16:18:22 2009 From: nhosoi at redhat.com (Noriko Hosoi) Date: Tue, 22 Sep 2009 09:18:22 -0700 Subject: [389-devel] Please Review: Don't build policy module from Makefile In-Reply-To: <4AB8F59A.9090109@redhat.com> References: <4AB8F59A.9090109@redhat.com> Message-ID: <4AB8F8CE.1010405@redhat.com> On 09/22/2009 09:04 AM, Nathan Kinder wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > Looks good! (and understood :) --noriko -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3250 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Tue Sep 22 17:49:49 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 22 Sep 2009 10:49:49 -0700 Subject: [389-devel] Please Review: Don't build policy module from Makefile In-Reply-To: <4AB8F8CE.1010405@redhat.com> References: <4AB8F59A.9090109@redhat.com> <4AB8F8CE.1010405@redhat.com> Message-ID: <4AB90E3D.3030107@redhat.com> On 09/22/2009 09:18 AM, Noriko Hosoi wrote: > On 09/22/2009 09:04 AM, Nathan Kinder wrote: >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > Looks good! (and understood :) Thanks! Pushed to master. > --noriko > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Sep 22 21:51:28 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 22 Sep 2009 15:51:28 -0600 Subject: [389-devel] Please review: Bug 495522 - Start script hardcodes file permissions mask to 077 (600), so the nsslapd-*log-mode configuration attributes don't work Message-ID: <4AB946E0.7040007@redhat.com> Start script hardcodes file permissions mask to 077 (600), so the nsslapd-*l https://bugzilla.redhat.com/show_bug.cgi?id=495522 Resolves: bug 495522 Bug Description: Start script hardcodes file permissions mask to 077 (600), Reviewed by: ??? Fix Description: Use umask 002 for the directory server process Note that I'm not sure why the init script set the umask to 077 in the first place - probably copied from some boilerplate - it's probably ok to use 000, but 002 at least affords some minimal protection. Platforms tested: Fedora 11 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=362142&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Sep 22 22:08:01 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 22 Sep 2009 16:08:01 -0600 Subject: [389-devel] Re: [Bug 495522] Start script hardcodes file permissions mask to 077 (600), so the nsslapd-*log-mode configuration attributes don't work In-Reply-To: <200909222158.n8MLwTnC024945@bz-web1.app.phx.redhat.com> References: <200909222158.n8MLwTnC024945@bz-web1.app.phx.redhat.com> Message-ID: <4AB94AC1.9030000@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=495522 > > > Nathan Kinder changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nkinder at redhat.com > Devel Whiteboard|comment#1.review? |comment#1.review+nkinder > > Thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Sep 22 23:05:53 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 22 Sep 2009 17:05:53 -0600 Subject: [389-devel] Please review: Bug 518279 - logs created at startup can get wrong file mode Message-ID: <4AB95851.2080604@redhat.com> logs created at startup can get wrong file mode https://bugzilla.redhat.com/show_bug.cgi?id=518279 Resolves: bug 518279 Bug Description: logs created at startup can get wrong file mode Reviewed by: ??? Fix Description: Try to apply the mode using chmod() if a log file has been Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=362149&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From TShi at business.queensu.ca Mon Sep 21 02:12:00 2009 From: TShi at business.queensu.ca (Tiebing Shi) Date: Sun, 20 Sep 2009 22:12:00 -0400 Subject: [389-devel] A student hopes to learn more about the 389 Directory Server Community and the Free/Open Source Software Message-ID: Dear friends, I have been reading your postings to the mailing lists of the 389 Directory Server Community. I have really enjoyed reading about your collaborative creative activities and your perspectives on the free/open source software. My name is Tiebing Shi and I am a Ph.D. student at Queen's University in Canada. I am very interested in learning more about the Free/Open Source Software Community. The study that I am doing for my Ph.D. thesis is called "User Creativity: An Investigation of the Free/Open Source Software Community." The purpose of my thesis is to study how developers and users collectively create free/open source software. I sincerely invite you to participate in my study. I would like to interview you in your role as a developer and/or user in your legendary 389 Directory Server Community. Your experiences of developing and/or using 389 Directory Server software and your perspectives on the free/open source software will greatly help me to understand the creative activities of the 389 Directory Server Community and the whole Free/Open Source Software Community. If your time permits, I would like to interview you via phone. The phone interview will last about 1 hour. If you like, we can conduct our interview via email. Please be kindly informed that there is no obligation to participate in this study. But your participation will be highly appreciated. Your confidentiality will be protected. For example, your real name will NOT be used in my thesis and future publications. Further information about this study and our interview will be provided to you upon request. Please respond to this email to let me know your interest in participating in a phone or an email interview with me. If you select the phone interview format, please select a time for an interview that is most convenient for you. Please also let me know your phone number and time zone (my time zone is Eastern Daylight Time) so that I can call you at your local time you select. Should you have any questions, please do not hesitate to contact me. I will respond to you as soon as possible. Thank you for your support and I look forward to talking with you. Sincerely, Tiebing Shi Queen's?School?of?Business, Queen’s University Kingston,?ON, Canada K7L 3N6? Tel: 613-533-2377 (Office) Email: tshi at business.queensu.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Sep 23 13:19:40 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 23 Sep 2009 07:19:40 -0600 Subject: [389-devel] Re: [Bug 518279] logs created at startup can get wrong file mode In-Reply-To: <200909230417.n8N4HCxr005931@bz-web1.app.phx.redhat.com> References: <200909230417.n8N4HCxr005931@bz-web1.app.phx.redhat.com> Message-ID: <4ABA206C.8050509@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=518279 > > > Nathan Kinder changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nkinder at redhat.com > Devel Whiteboard|comment#2.review? |comment#2.review+nkinder > > Thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Sep 23 15:54:48 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 23 Sep 2009 09:54:48 -0600 Subject: [389-devel] Please review: Bug 519455 - Should not attempt to pop SASL IO layer if not using SASL IO Message-ID: <4ABA44C8.7050904@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=519455 Resolves: bug 519455 Bug Description: Should not attempt to pop SASL IO layer if not using SASL IO Reviewed by: ??? Fix Description: Before attempting to pop the SASL IO layer from the prfd, first make sure we are using sasl IO, the prfd is not NULL, and the prfd has a SASL IO layer on it. This also fixes a bug with setting nsslapd-localhost in the bootstrap code - if you are using a system that does not have DNS configured correctly, you may want to force the SASL code to use the nsslapd-localhost for the FQDN. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=362324&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Sep 23 16:03:59 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 23 Sep 2009 10:03:59 -0600 Subject: [389-devel] Re: [Bug 519455] Should not attempt to pop SASL IO layer if not using SASL IO In-Reply-To: <200909231556.n8NFu9aP017704@bz-web1.app.phx.redhat.com> References: <200909231556.n8NFu9aP017704@bz-web1.app.phx.redhat.com> Message-ID: <4ABA46EF.3090703@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=519455 > > > Nathan Kinder changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nkinder at redhat.com > Devel Whiteboard|comment#6.review? |comment#6.review+nkinder > Thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Sep 23 17:15:58 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 23 Sep 2009 11:15:58 -0600 Subject: [389-devel] Please review: Bug 513308 - empty principal name used when using server to server sasl for db chaining Message-ID: <4ABA57CE.70301@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=513308 Resolves: bug 513308 Bug Description: empty principal name used when using server to server sasl for db chaining Reviewed by: ??? Fix Description: Change the logic to check if the username is a valid principal name. A valid principal name in this context will be a non-empty string that does not contain the '=' character (which will be a bind DN in this context). Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=362330&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Sep 23 17:51:50 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 23 Sep 2009 11:51:50 -0600 Subject: [389-devel] Re: [Bug 513308] empty principal name used when using server to server sasl for db chaining In-Reply-To: <200909231740.n8NHekHN010330@bz-web1.app.phx.redhat.com> References: <200909231740.n8NHekHN010330@bz-web1.app.phx.redhat.com> Message-ID: <4ABA6036.8060109@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=513308 > > > Noriko Hosoi changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nhosoi at redhat.com > Devel Whiteboard|comment#3.review? |comment#4.review+nhosoi > Thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Sep 24 17:14:47 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 24 Sep 2009 11:14:47 -0600 Subject: [389-devel] Re: [Bug 516305] MODIFY/replace with empty values does not ignore missing or unknown attributes In-Reply-To: <200909241652.n8OGqqBv007264@bz-web2.app.phx.redhat.com> References: <200909241652.n8OGqqBv007264@bz-web2.app.phx.redhat.com> Message-ID: <4ABBA907.8050006@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=516305 > > > Noriko Hosoi changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nhosoi at redhat.com > Devel Whiteboard| |comment#18.review+nhosoi > > > > > --- Comment #19 from Noriko Hosoi 2009-09-24 12:52:52 EDT --- > Your fix looks good. Thanks, Rich! > Thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Sep 24 19:06:43 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 24 Sep 2009 12:06:43 -0700 Subject: [389-devel] Please Review: Allow anonymous access to be disabled Message-ID: <4ABBC343.2060002@redhat.com> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Allow-anonymous-access-to-be-disabled.patch URL: From nhosoi at redhat.com Thu Sep 24 20:02:14 2009 From: nhosoi at redhat.com (Noriko Hosoi) Date: Thu, 24 Sep 2009 13:02:14 -0700 Subject: [389-devel] Please Review: Allow anonymous access to be disabled In-Reply-To: <4ABBC343.2060002@redhat.com> References: <4ABBC343.2060002@redhat.com> Message-ID: <4ABBD046.50707@redhat.com> On 09/24/2009 12:06 PM, Nathan Kinder wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > Looks good to me. --noriko -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3250 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Sep 24 20:52:02 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 24 Sep 2009 13:52:02 -0700 Subject: [389-devel] Please Review: Allow anonymous access to be disabled In-Reply-To: <4ABBD046.50707@redhat.com> References: <4ABBC343.2060002@redhat.com> <4ABBD046.50707@redhat.com> Message-ID: <4ABBDBF2.5050000@redhat.com> On 09/24/2009 01:02 PM, Noriko Hosoi wrote: > On 09/24/2009 12:06 PM, Nathan Kinder wrote: >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > Looks good to me. > --noriko > Thanks! Pushed to master. Counting objects: 35, done. Delta compression using 2 threads. Compressing objects: 100% (17/17), done. Writing objects: 100% (18/18), 2.29 KiB, done. Total 18 (delta 15), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 64a62ff..ff7d08d master -> master > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Sep 25 17:46:34 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 25 Sep 2009 11:46:34 -0600 Subject: [389-devel] Please review: Bug 518514 - Bitwise Plugin: Bitwise filter doesn't return except the first entry if its multi-valued Message-ID: <4ABD01FA.9070505@redhat.com> http://bugzilla.redhat.com/show_bug.cgi?id=518514 Resolves: bug 518514 Bug Description: Bitwise Plugin: Bitwise filter doesn't return except the fi rst entry if its multi-valued Reviewed by: ??? Fix Description: Get the values as a char ** - look through each one until we find one that matches. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=362701&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From ulf.weltman at hp.com Fri Sep 25 17:49:42 2009 From: ulf.weltman at hp.com (Ulf Weltman) Date: Fri, 25 Sep 2009 10:49:42 -0700 Subject: [389-devel] Please review: [Bug 525007] ldif2db replaces existing modify/create name and timestamps Message-ID: <4ABD02B6.2040603@hp.com> Summary: ldif2db replaces existing modify/create name and timestamps https://bugzilla.redhat.com/show_bug.cgi?id=525007 [Problem Description] LDIF that is imported might contain createTimestamp, creatorsName, modifyTimestamp, or modifiersName. The import code since FDS 1.2 inserts these attributes but it should only do so if they're missing; any existing values should take precedence. [Fix Description] Only insert the attributes if they don't already exist in the entry. attrlist_find() rather than slapi_entry_attr_find() is used because the latter reports attributes with empty values as being missing attributes. [Proposed Fix] https://bugzilla.redhat.com/attachment.cgi?id=362157 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6110 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Fri Sep 25 17:50:39 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Fri, 25 Sep 2009 10:50:39 -0700 Subject: [389-devel] Please review: Bug 518514 - Bitwise Plugin: Bitwise filter doesn't return except the first entry if its multi-valued In-Reply-To: <4ABD01FA.9070505@redhat.com> References: <4ABD01FA.9070505@redhat.com> Message-ID: <4ABD02EF.50902@redhat.com> On 09/25/2009 10:46 AM, Rich Megginson wrote: > http://bugzilla.redhat.com/show_bug.cgi?id=518514 > Resolves: bug 518514 > Bug Description: Bitwise Plugin: Bitwise filter doesn't return > except the fi > rst entry if its multi-valued > Reviewed by: ??? > Fix Description: Get the values as a char ** - look through each > one until > we find one that matches. > Platforms tested: RHEL5 x86_64 > Flag Day: no > Doc impact: no > https://bugzilla.redhat.com/attachment.cgi?id=362701&action=diff ack. > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Sep 25 17:56:06 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 25 Sep 2009 11:56:06 -0600 Subject: [389-devel] Re: [Bug 518514] Bitwise Plugin: Bitwise filter doesn't return except the first entry if its multi-valued In-Reply-To: <200909251748.n8PHmM97032440@bz-web2.app.phx.redhat.com> References: <200909251748.n8PHmM97032440@bz-web2.app.phx.redhat.com> Message-ID: <4ABD0436.5000408@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=518514 > > > Noriko Hosoi changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nhosoi at redhat.com > Devel Whiteboard|comment#1.review? |comment#1.review+nhosoi > > Thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Sep 25 18:03:58 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 25 Sep 2009 12:03:58 -0600 Subject: [389-devel] Please review: Bug 525785 - setup-ds-admin.pl should use correct default hostname + port Message-ID: <4ABD060E.5000500@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=525785 Resolves: bug 525785 Bug Description: setup-ds-admin.pl should use correct default hostname + port Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: We were not setting a default hostname and port in silent mode. I also fixed a problem with the SysUser setting. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=362703&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Fri Sep 25 18:03:35 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Fri, 25 Sep 2009 11:03:35 -0700 Subject: [389-devel] Please review: Bug 525785 - setup-ds-admin.pl should use correct default hostname + port In-Reply-To: <4ABD060E.5000500@redhat.com> References: <4ABD060E.5000500@redhat.com> Message-ID: <4ABD05F7.4090007@redhat.com> On 09/25/2009 11:03 AM, Rich Megginson wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=525785 > Resolves: bug 525785 > Bug Description: setup-ds-admin.pl should use correct default hostname > + port > Reviewed by: ??? > Files: see diff > Branch: HEAD > Fix Description: We were not setting a default hostname and port in > silent > mode. I also fixed a problem with the SysUser setting. > Platforms tested: RHEL5 x86_64 > Flag Day: no > Doc impact: no > https://bugzilla.redhat.com/attachment.cgi?id=362703&action=diff ack > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nhosoi at redhat.com Fri Sep 25 18:16:13 2009 From: nhosoi at redhat.com (Noriko Hosoi) Date: Fri, 25 Sep 2009 11:16:13 -0700 Subject: [389-devel] Commit: [Bug 525007] ldif2db replaces existing modify/create name and timestamps In-Reply-To: <4ABD02B6.2040603@hp.com> References: <4ABD02B6.2040603@hp.com> Message-ID: <4ABD08ED.7080400@redhat.com> Thanks to Ulf for his contribution! The fix was reviewed and pushed to master. $ git merge work Updating b5b57df..467df90 Fast forward ldap/servers/slapd/back-ldbm/import-threads.c | 19 ++++++++++++------- 1 files changed, 12 insertions(+), 7 deletions(-) $ git push Counting objects: 13, done. Delta compression using 2 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 1.17 KiB, done. Total 7 (delta 5), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git b5b57df..467df90 master -> master --noriko > Subject: [PATCH] 525007 ldif2db replaces existing modify/create name > and timestamps > > Fix contributed by Ulf Weltman (ulf.weltman at hp.com) > > Description From Ulf Weltman (ulf.weltman at hp.com) > In previous releases, if LDIF being imported contained createTimestamp, > creatorsName, modifyTimestamp, or modifiersName, those values would be > kept in > the imported entries. BZ# 462922 added code to insert those > attributes during > import but it clobbers any values existing in the LDIF being > imported. I think > the imported values should take precedence, this would be useful during > migration for example. > > If anyone wants to take advantage of the new behavior where the server > provisions new values, they can strip out the values from the LDIF before > importing or they can set nsslapd-exclude-from-export to not export those > attributes before importing. > > See also https://bugzilla.redhat.com/show_bug.cgi?id=525007 > > Reviewed by richm, nkinder, and nhosoi On 09/25/2009 10:49 AM, Ulf Weltman wrote: > Summary: ldif2db replaces existing modify/create name and timestamps > https://bugzilla.redhat.com/show_bug.cgi?id=525007 > > [Problem Description] > LDIF that is imported might contain createTimestamp, creatorsName, > modifyTimestamp, or modifiersName. The import code since FDS 1.2 > inserts these attributes but it should only do so if they're missing; > any existing values should take precedence. > > [Fix Description] > Only insert the attributes if they don't already exist in the entry. > attrlist_find() rather than slapi_entry_attr_find() is used because > the latter reports attributes with empty values as being missing > attributes. > > [Proposed Fix] > https://bugzilla.redhat.com/attachment.cgi?id=362157 > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Fri Sep 25 18:40:15 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 25 Sep 2009 12:40:15 -0600 Subject: [389-devel] Re: [Bug 525785] setup-ds-admin.pl should use correct default hostname + port In-Reply-To: <200909251803.n8PI3IDo012629@bz-web1.app.phx.redhat.com> References: <200909251803.n8PI3IDo012629@bz-web1.app.phx.redhat.com> Message-ID: <4ABD0E8F.9010304@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=525785 > > > Nathan Kinder changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nkinder at redhat.com > Devel Whiteboard|comment#1.review? |comment#1.review+nkinder > thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Sep 29 21:52:22 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 29 Sep 2009 15:52:22 -0600 Subject: [389-devel] Please review: Bug 526319 - SASL IO sometimes loops with "error: would block" Message-ID: <4AC28196.8040301@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=526319 Resolves: bug 526319 Bug Description: SASL IO sometimes loops with "error: would block" Reviewed by: ??? Fix Description: The semantics for recv() are that it returns -1 for errors, 0 for connection closed, and non-zero for some bytes received. The sasl code w as not using those semantics - it was returning 0 for successful read and -1 for error. Although I have not been able to reproduce the exact failure, what I be lieve is happening is that the initial read of the packet length in sasl_io_star t_packet() works, and the sasl IO is received. At some point, the connection is closed by the client, and the PR_Recv return of 0 is not handled correctly, and somehow the errno gets set to EWOULDBLOCK. From this point on, PR_Recv() wi ll return -1 (since the socket has been closed) and errno is not reset from EWOU LDBLOCK. The fix is to make sure the sasl IO code handles the PR_Recv() return value correctly. Note that with CONNS (8) error log level, you may still occasionally see "wo uld block" errors, but as long as they are not endlessly repeating, this should be ok. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=363058&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Tue Sep 29 22:33:11 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 29 Sep 2009 15:33:11 -0700 Subject: [389-devel] Please review: Bug 526319 - SASL IO sometimes loops with "error: would block" In-Reply-To: <4AC28196.8040301@redhat.com> References: <4AC28196.8040301@redhat.com> Message-ID: <4AC28B27.50807@redhat.com> On 09/29/2009 02:52 PM, Rich Megginson wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=526319 > Resolves: bug 526319 > Bug Description: SASL IO sometimes loops with "error: would block" > Reviewed by: ??? > Fix Description: The semantics for recv() are that it returns -1 > for errors, > 0 for connection closed, and non-zero for some bytes received. The > sasl code w > as not using those semantics - it was returning 0 for successful read > and -1 for > error. Although I have not been able to reproduce the exact failure, > what I be > lieve is happening is that the initial read of the packet length in > sasl_io_star > t_packet() works, and the sasl IO is received. At some point, the > connection is > closed by the client, and the PR_Recv return of 0 is not handled > correctly, > and somehow the errno gets set to EWOULDBLOCK. From this point on, > PR_Recv() wi > ll return -1 (since the socket has been closed) and errno is not reset > from EWOU > LDBLOCK. > The fix is to make sure the sasl IO code handles the PR_Recv() > return value > correctly. > Note that with CONNS (8) error log level, you may still > occasionally see "wo > uld block" errors, but as long as they are not endlessly repeating, > this should > be ok. > Platforms tested: RHEL5 x86_64 > Flag Day: no > Doc impact: no > https://bugzilla.redhat.com/attachment.cgi?id=363058&action=diff ack > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Sep 29 23:00:42 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 29 Sep 2009 17:00:42 -0600 Subject: [389-devel] Re: [Bug 526319] SASL IO sometimes loops with "error: would block" In-Reply-To: <200909292232.n8TMWpXx022730@bz-web1.app.phx.redhat.com> References: <200909292232.n8TMWpXx022730@bz-web1.app.phx.redhat.com> Message-ID: <4AC2919A.5050708@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=526319 > > > Nathan Kinder changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nkinder at redhat.com > Devel Whiteboard|comment#1.review? |comment#1.review+nkinder > Thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Sep 29 23:02:04 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 29 Sep 2009 17:02:04 -0600 Subject: [389-devel] Please review: Bug 520921 - Config schema not included in core schema Message-ID: <4AC291EC.80105@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=520921 Resolves: bug 520921 Bug Description: Config schema not included in core schema Reviewed by: ??? Fix Description: Just had to move a few schema from 02common and 30ns-common into 01core389.ldif. I also added 01core389.ldif to the list of schema installed when install_full_schema=0 is specified with setup-ds.pl. I also added these schema files to the list of schema files to upgrade. With these changes, the server starts up fine. The only error is this: [29/Sep/2009:16:47:53 -0600] - Entry "cn=PAM Pass Through Auth,cn=plugins,cn =config" has unknown object class "pamConfig" This is because the pam pass through plugin is included in the default config. I'd rather not move that schema file. That plugin can be removed from the default config during setup by specifying a slapd.ConfigFile directive with contents like this: dn: cn=PAM Pass Through Auth,cn=plugins,cn=config changetype: delete Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=363060&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Tue Sep 29 23:23:28 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 29 Sep 2009 16:23:28 -0700 Subject: [389-devel] Please review: Bug 520921 - Config schema not included in core schema In-Reply-To: <4AC291EC.80105@redhat.com> References: <4AC291EC.80105@redhat.com> Message-ID: <4AC296F0.3040303@redhat.com> On 09/29/2009 04:02 PM, Rich Megginson wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=520921 > Resolves: bug 520921 > Bug Description: Config schema not included in core schema > Reviewed by: ??? > Fix Description: Just had to move a few schema from 02common and > 30ns-common into 01core389.ldif. I also added 01core389.ldif to the > list of schema installed when install_full_schema=0 is specified > with setup-ds.pl. I also added these schema files to the list of > schema files to upgrade. > With these changes, the server starts up fine. The only error is > this: > > [29/Sep/2009:16:47:53 -0600] - Entry "cn=PAM Pass Through > Auth,cn=plugins,cn > =config" has unknown object class "pamConfig" > > This is because the pam pass through plugin is included in the > default config. I'd rather not move that schema file. That plugin > can be removed from the default config during setup by specifying a > slapd.ConfigFile directive with contents like this: > dn: cn=PAM Pass Through Auth,cn=plugins,cn=config > changetype: delete > Platforms tested: RHEL5 x86_64 > Flag Day: no > Doc impact: no > https://bugzilla.redhat.com/attachment.cgi?id=363060&action=diff ack > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Wed Sep 30 01:55:59 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 29 Sep 2009 19:55:59 -0600 Subject: [389-devel] Re: [Bug 520921] Config schema not included in core schema In-Reply-To: <200909292323.n8TNNNfG020963@bz-web2.app.phx.redhat.com> References: <200909292323.n8TNNNfG020963@bz-web2.app.phx.redhat.com> Message-ID: <4AC2BAAF.2050004@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=520921 > > > Nathan Kinder changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nkinder at redhat.com > Devel Whiteboard|comment#5.review? |comment#5.review+nkinder > Thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Sep 30 02:48:26 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 29 Sep 2009 20:48:26 -0600 Subject: [389-devel] Please review: Bug 526141 - allow empty groups Message-ID: <4AC2C6FA.5080300@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=526141 Resolves: bug 526141 Bug Description: allow empty groups Reviewed by: ??? Fix Description: Change groupOfNames and groupOfUniqueNames to allow empty groups by changing the member/uniqueMember attribute from MUST to MAY. NOTE: This is the way it was before 1.2.1 changed it. Also note that this is a temporary hack until we solve the problem of LDAP grouping with a better solution, one that eases migration of existing installations. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=363112&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Sep 30 15:04:23 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 30 Sep 2009 09:04:23 -0600 Subject: [389-devel] Re: [Bug 526141] allow empty groups In-Reply-To: <200909301458.n8UEwWR5023215@bz-web1.app.phx.redhat.com> References: <200909301458.n8UEwWR5023215@bz-web1.app.phx.redhat.com> Message-ID: <4AC37377.2050402@redhat.com> bugzilla at redhat.com wrote: > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=526141 > > > Noriko Hosoi changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |nhosoi at redhat.com > Devel Whiteboard|comment#1.review? |comment#1.review+nhosoi > Thanks - pushed to master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Wed Sep 30 16:36:19 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 30 Sep 2009 09:36:19 -0700 Subject: [389-devel] Please Review: Add minimum SSF setting Message-ID: <4AC38903.9090501@redhat.com> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Add-minimum-SSF-setting.patch URL: From rmeggins at redhat.com Wed Sep 30 17:29:59 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 30 Sep 2009 11:29:59 -0600 Subject: [389-devel] pushed man page fix Message-ID: <4AC39597.30501@redhat.com> I updated the setup-ds.pl man page with the new update options and documentation. To ssh://git.fedorahosted.org/git/389/ds.git 5d91896..7cd8196 master -> master -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Sep 30 17:48:12 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 30 Sep 2009 11:48:12 -0600 Subject: [389-devel] Please Review: Add minimum SSF setting In-Reply-To: <4AC38903.9090501@redhat.com> References: <4AC38903.9090501@redhat.com> Message-ID: <4AC399DC.8000406@redhat.com> Nathan Kinder wrote: > > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel ack -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Wed Sep 30 18:56:14 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 30 Sep 2009 11:56:14 -0700 Subject: [389-devel] Please Review: Add minimum SSF setting In-Reply-To: <4AC399DC.8000406@redhat.com> References: <4AC38903.9090501@redhat.com> <4AC399DC.8000406@redhat.com> Message-ID: <4AC3A9CE.7030503@redhat.com> On 09/30/2009 10:48 AM, Rich Megginson wrote: > Nathan Kinder wrote: >> >> ------------------------------------------------------------------------ >> >> -- >> 389-devel mailing list >> 389-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel > ack Pushed to master. Thanks for the review! > ------------------------------------------------------------------------ > > -- > 389-devel mailing list > 389-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: