From rcritten at redhat.com Thu Apr 1 17:18:53 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 01 Apr 2010 13:18:53 -0400 Subject: [Freeipa-devel] [PATCH] two patches pushed to ipa-1-2 branch Message-ID: <4BB4D57D.9040407@redhat.com> I rebased and pushed two patches from the master branch (IPA v2) into the ipa-1-2 branch, they are: - A patch to support krb5 1.7 which stores the stash file as a keytab instead of an older, less-portable format. - A patch to enable anonymous VLV browsing when the schema compat plugin is enabled. I attached the patches in case anyone wants to look at them. I'm going to do another Fedora release soon with these patches included. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-417-krb.patch Type: application/mbox Size: 5342 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-416-vlv.patch Type: application/mbox Size: 1352 bytes Desc: not available URL: From rcritten at redhat.com Thu Apr 1 17:21:34 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 01 Apr 2010 13:21:34 -0400 Subject: [Freeipa-devel] [PATCH] two patches pushed to ipa-1-2 branch In-Reply-To: <4BB4D57D.9040407@redhat.com> References: <4BB4D57D.9040407@redhat.com> Message-ID: <4BB4D61E.3040006@redhat.com> Rob Crittenden wrote: > I rebased and pushed two patches from the master branch (IPA v2) into > the ipa-1-2 branch, they are: > > - A patch to support krb5 1.7 which stores the stash file as a keytab > instead of an older, less-portable format. > - A patch to enable anonymous VLV browsing when the schema compat plugin > is enabled. > > I attached the patches in case anyone wants to look at them. > > I'm going to do another Fedora release soon with these patches included. > Ah, never mind about the Fedora thing. We have the kerberos patch there already, it just had never been committed to the repo. rob From rcritten at redhat.com Thu Apr 1 18:20:32 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 01 Apr 2010 14:20:32 -0400 Subject: [Freeipa-devel] [PATCH] 418 don't abort when trusting CA cert Message-ID: <4BB4E3F0.9040001@redhat.com> If there was a problem trusting the CA cert on installation the whole install would abort. This is overkill so let things continue. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-418-trust.patch Type: application/mbox Size: 1366 bytes Desc: not available URL: From rcritten at redhat.com Thu Apr 1 21:25:14 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 01 Apr 2010 17:25:14 -0400 Subject: [Freeipa-devel] [PATCH] 419 fix external CA installation Message-ID: <4BB50F3A.8020408@redhat.com> I guess I did all my testing by passing in all arguments on the command-line. We weren't caching them properly. Also fix handling of cached boolean values and require an absolute path on the CA and certificate files passed in. I updated the documentation on doing an install wiht an externally-signed CA at http://freeipa.org/page/Certificate_Authority rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-419-dogtag.patch Type: application/mbox Size: 4162 bytes Desc: not available URL: From rcritten at redhat.com Mon Apr 5 20:51:45 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 05 Apr 2010 16:51:45 -0400 Subject: [Freeipa-devel] [PATCH] 420 use proper subject when requesting certs using certmonger Message-ID: <4BBA4D61.6030305@redhat.com> When using the dogtag CA we can control what the subject of an issued certificate is regardless of what is in the CSR, we just use the CN value. The selfsign CA does not have this capability. The subject format must match the configured format or certificate requests are rejected. The default format is CN=%s,O=IPA. certmonger by default issues requests with just CN so all requests would fail if using the selfsign CA. This subject base is stored in cn=ipaconfig so we can just fetch that value in the enrollment process and pass it to certmonger to request the right thing. Note that this also fixes ipa-join to work with the new argument passing mechanism. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-420-certmonger.patch Type: application/mbox Size: 11016 bytes Desc: not available URL: From pzuna at redhat.com Tue Apr 6 12:24:17 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Tue, 06 Apr 2010 14:24:17 +0200 Subject: [Freeipa-devel] [PATCH] Add ipa man page. In-Reply-To: <4BB3ADF3.3010801@redhat.com> References: <4BB09F32.7040004@redhat.com> <4BB3ADF3.3010801@redhat.com> Message-ID: <4BBB27F1.5000105@redhat.com> On 03/31/2010 10:17 PM, Rob Crittenden wrote: > Pavel Zuna wrote: >> Oops, forgot to post the patch. >> Sorry and thanks to Rob for reminding me. :) >> >> The man page is installed/uninstalled automatically with IPA. It's >> under 1 (User commands). >> >> I also attached the man page separately for more convenient reviews. >> Use `man ./ipa.1.gz` to view it. >> >> By the way, I'm not used to write "formal" English, so feel free to >> point out any mistakes or reword sentences that don't make sense. >> >> Pavel > > Here is a replacement patch that does the following: > > - Moves the man page to the root directory, where ipa is located. > - Enhance setup.py so the man page gets installed and gzipped properly > - Add the copyright header to the man page > - Make a few minor corrections to the man page contents > - Move the man page from the server package to the admintools package > > This patch completely replaces Pavel's original patch. > > rob ack. Pavel From mnagy at redhat.com Tue Apr 6 14:02:11 2010 From: mnagy at redhat.com (Martin Nagy) Date: Tue, 06 Apr 2010 16:02:11 +0200 Subject: [Freeipa-devel] [PATCH] 418 don't abort when trusting CA cert In-Reply-To: <4BB4E3F0.9040001@redhat.com> References: <4BB4E3F0.9040001@redhat.com> Message-ID: <1270562531.7366.2.camel@wolverine.englab.brq.redhat.com> On Thu, 2010-04-01 at 14:20 -0400, Rob Crittenden wrote: > If there was a problem trusting the CA cert on installation the whole > install would abort. This is overkill so let things continue. > > rob Ack. Martin From rcritten at redhat.com Wed Apr 7 12:59:41 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 07 Apr 2010 08:59:41 -0400 Subject: [Freeipa-devel] [PATCH] 418 don't abort when trusting CA cert In-Reply-To: <1270562531.7366.2.camel@wolverine.englab.brq.redhat.com> References: <4BB4E3F0.9040001@redhat.com> <1270562531.7366.2.camel@wolverine.englab.brq.redhat.com> Message-ID: <4BBC81BD.9050800@redhat.com> Martin Nagy wrote: > On Thu, 2010-04-01 at 14:20 -0400, Rob Crittenden wrote: >> If there was a problem trusting the CA cert on installation the whole >> install would abort. This is overkill so let things continue. >> >> rob > > Ack. > Martin > pushed to master From rcritten at redhat.com Wed Apr 7 12:59:53 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 07 Apr 2010 08:59:53 -0400 Subject: [Freeipa-devel] [PATCH] Add ipa man page. In-Reply-To: <4BBB27F1.5000105@redhat.com> References: <4BB09F32.7040004@redhat.com> <4BB3ADF3.3010801@redhat.com> <4BBB27F1.5000105@redhat.com> Message-ID: <4BBC81C9.9090309@redhat.com> Pavel Zuna wrote: > On 03/31/2010 10:17 PM, Rob Crittenden wrote: >> Pavel Zuna wrote: >>> Oops, forgot to post the patch. >>> Sorry and thanks to Rob for reminding me. :) >>> >>> The man page is installed/uninstalled automatically with IPA. It's >>> under 1 (User commands). >>> >>> I also attached the man page separately for more convenient reviews. >>> Use `man ./ipa.1.gz` to view it. >>> >>> By the way, I'm not used to write "formal" English, so feel free to >>> point out any mistakes or reword sentences that don't make sense. >>> >>> Pavel >> >> Here is a replacement patch that does the following: >> >> - Moves the man page to the root directory, where ipa is located. >> - Enhance setup.py so the man page gets installed and gzipped properly >> - Add the copyright header to the man page >> - Make a few minor corrections to the man page contents >> - Move the man page from the server package to the admintools package >> >> This patch completely replaces Pavel's original patch. >> >> rob > ack. > > Pavel pushed to master From jdennis at redhat.com Thu Apr 8 16:11:42 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 08 Apr 2010 12:11:42 -0400 Subject: [Freeipa-devel] A problem with the translation of FreeIPA In-Reply-To: References: Message-ID: <4BBE003E.4030603@redhat.com> Dimitris, do have any insights into this issue? On 04/08/2010 11:34 AM, daniel cabrera wrote: > Hi John, > I'm sorry to bother you with this, but I'm not sure if it's worth to > opening a bug. > I'm one of the Spanish translators at Fedora, and I think there's a > kind of problem with the syncing of FreeIPA > According to our team translation page at Fedora [1], the module has > 327 strings and it's been 100% translated. But if you check its master > translation page at Fedora [2], or at Transifex.net [3], the module > has 365 strings: 327 translated, and 38 waiting to be. The curious > thing is that, when we try to download that module, either from [2] or > [3], we've got the same one that is hosted on [1]: a fully translated > module with a total of 327 strings. > > > [1] http://translate.fedoraproject.org/languages/l/es/collection/c/fedora/r/various/ > [2] http://translate.fedoraproject.org/projects/p/freeipa/c/master/ > [3] http://www.transifex.net/projects/p/freeipa/c/master/ > > I hope that you can help us with this, and again, sorry for the inconvinience. > Kind regards, > Daniel Cabrera (es) Hi Daniel: According to our git repository: ipa.pot has 365 messages and es.po has 327 translated messages out of 365 Thus what's on transifex.net matches what's in our git repo, that's good. Why the view provided by fedora's transifex instance is wrong I can't tell you, my guess is that's a problem with the fedora transifex instance. I think Dimitris Glezos might be the right person to explain why the two transifex instances have different views of the same project. Dimitris, do you have any ideas? By any chance has the fedora transifex instance cached one of the files which is now out of date? -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From logan at fedoraproject.org Thu Apr 8 15:34:55 2010 From: logan at fedoraproject.org (daniel cabrera) Date: Thu, 8 Apr 2010 12:34:55 -0300 Subject: [Freeipa-devel] A problem with the translation of FreeIPA Message-ID: Hi John, I'm sorry to bother you with this, but I'm not sure if it's worth to opening a bug. I'm one of the Spanish translators at Fedora, and I think there's a kind of problem with the syncing of FreeIPA According to our team translation page at Fedora [1], the module has 327 strings and it's been 100% translated. But if you check its master translation page at Fedora [2], or at Transifex.net [3], the module has 365 strings: 327 translated, and 38 waiting to be. The curious thing is that, when we try to download that module, either from [2] or [3], we've got the same one that is hosted on [1]: a fully translated module with a total of 327 strings. [1] http://translate.fedoraproject.org/languages/l/es/collection/c/fedora/r/various/ [2] http://translate.fedoraproject.org/projects/p/freeipa/c/master/ [3] http://www.transifex.net/projects/p/freeipa/c/master/ I hope that you can help us with this, and again, sorry for the inconvinience. Kind regards, Daniel Cabrera (es) From logan at fedoraproject.org Thu Apr 8 17:26:18 2010 From: logan at fedoraproject.org (daniel cabrera) Date: Thu, 8 Apr 2010 14:26:18 -0300 Subject: [Freeipa-devel] A problem with the translation of FreeIPA In-Reply-To: <4BBE003E.4030603@redhat.com> References: <4BBE003E.4030603@redhat.com> Message-ID: On Thu, Apr 8, 2010 at 1:11 PM, John Dennis wrote: > Dimitris, do have any insights into this issue? > > > Hi Daniel: > > According to our git repository: > ipa.pot has 365 messages > and es.po has 327 translated messages out of 365 > > Thus what's on transifex.net matches what's in our git repo, that's good. > > Why the view provided by fedora's transifex instance is wrong I can't tell > you, my guess is that's a problem with the fedora transifex instance. I > think Dimitris Glezos might be the right person to explain why the two > transifex instances have different views of the same project. Dimitris, do > you have any ideas? By any chance has the fedora transifex instance cached > one of the files which is now out of date? > Thanks a lot John for your quick reply. I'll continue this conversation alone with Dimitris, ccying you only in case of necessity. And my apologies to both of you if I've touched the wrong doorbell ;-) See you around, Daniel Cabrera (es) From dimitris at glezos.com Thu Apr 8 18:48:41 2010 From: dimitris at glezos.com (Dimitris Glezos) Date: Thu, 8 Apr 2010 21:48:41 +0300 Subject: [Freeipa-devel] A problem with the translation of FreeIPA In-Reply-To: References: <4BBE003E.4030603@redhat.com> Message-ID: On Thu, Apr 8, 2010 at 8:26 PM, daniel cabrera wrote: > On Thu, Apr 8, 2010 at 1:11 PM, John Dennis wrote: >> Dimitris, do have any insights into this issue? Hey guys. I think the following FAQ (and the next one) can answer your questions: http://www.transifex.net/help/faq/#my-file-is-100-why-do-i-still-see-english-strings-when-i-test-my-app -d >> >> Hi Daniel: >> >> According to our git repository: >> ipa.pot has 365 messages >> and es.po has 327 translated messages out of 365 >> >> Thus what's on transifex.net matches what's in our git repo, that's good. >> >> Why the view provided by fedora's transifex instance is wrong I can't tell >> you, my guess is that's a problem with the fedora transifex instance. I >> think Dimitris Glezos might be the right person to explain why the two >> transifex instances have different views of the same project. Dimitris, do >> you have any ideas? By any chance has the fedora transifex instance cached >> one of the files which is now out of date? >> > > Thanks a lot John for your quick reply. > I'll continue this conversation alone with Dimitris, ccying you only > in case of necessity. > And my apologies to both of you if I've touched the wrong doorbell ;-) > > See you around, > Daniel Cabrera (es) > -- Dimitris Glezos Transifex: The Multilingual Publishing Revolution http://www.transifex.net/ -- http://www.indifex.com/ From admin at transifex.net Fri Apr 9 22:08:43 2010 From: admin at transifex.net (admin at transifex.net) Date: Fri, 09 Apr 2010 22:08:43 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100409220843.26146.20694@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by logan Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # Fedora Spanish translation of freeipa.master.ipa. # This file is distributed under the same license as the freeipa.master.ipa package. # # Domingo Becker , 2010. # H?ctor Daniel Cabrera , 2010. # msgid "" msgstr "" "Project-Id-Version: freeipa.master.ipa\n" "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-03-16 17:21-0400\n" "PO-Revision-Date: \n" "Last-Translator: H?ctor Daniel Cabrera \n" "Language-Team: Fedora Spanisg \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Spanish\n" "X-Poedit-Country: ARGENTINA\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: ../../ipalib/parameters.py:295 msgid "incorrect type" msgstr "tipo incorrecto" #: ../../ipalib/parameters.py:298 msgid "Only one value is allowed" msgstr "S?lo se permite un valor" #: ../../ipalib/parameters.py:862 msgid "must be True or False" msgstr "debe ser True o False" #: ../../ipalib/parameters.py:963 msgid "must be an integer" msgstr "debe ser un entero" #: ../../ipalib/parameters.py:1014 #, python-format msgid "must be at least %(minvalue)d" msgstr "debe ser como m?nimo %(minvalue)d" #: ../../ipalib/parameters.py:1024 #, python-format msgid "can be at most %(maxvalue)d" msgstr "puede ser como m?ximo %(maxvalue)d" #: ../../ipalib/parameters.py:1034 msgid "must be a decimal number" msgstr "debe ser un n?mero decimal" #: ../../ipalib/parameters.py:1056 #, python-format msgid "must be at least %(minvalue)f" msgstr "debe ser como m?nimo %(minvalue)f" #: ../../ipalib/parameters.py:1066 #, python-format msgid "can be at most %(maxvalue)f" msgstr "puede ser como m?ximo %(maxvalue)f" #: ../../ipalib/parameters.py:1126 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "debe coincidir con el modelo \"%(pattern)s" #: ../../ipalib/parameters.py:1144 msgid "must be binary data" msgstr "debe ser un dato binario" #: ../../ipalib/parameters.py:1159 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "debe ser como m?nimo de %(minlength)d bytes" #: ../../ipalib/parameters.py:1169 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "puede ser a lo sumo de %(maxlength)d bytes" #: ../../ipalib/parameters.py:1179 #, python-format msgid "must be exactly %(length)d bytes" msgstr "debe ser exactamente de %(length)d bytes" #: ../../ipalib/parameters.py:1197 msgid "must be Unicode text" msgstr "debe ser texto Unicode" #: ../../ipalib/parameters.py:1227 #, python-format msgid "must be at least %(minlength)d characters" msgstr "debe tener como m?nimo %(minlength)d caracteres" #: ../../ipalib/parameters.py:1237 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "puede tener a lo sumo %(maxlength)d caracteres" #: ../../ipalib/parameters.py:1247 #, python-format msgid "must be exactly %(length)d characters" msgstr "debe tener exactamente %(length)d caracteres" #: ../../ipalib/parameters.py:1286 #, python-format msgid "must be one of %(values)r" msgstr "debe ser uno de %(values)r" #: ../../ipalib/output.py:92 msgid "A dictionary representing an LDAP entry" msgstr "Un diccionario representando una entrada LDAP" #: ../../ipalib/output.py:100 msgid "A list of LDAP entries" msgstr "Una lista de entradas LDAP" #: ../../ipalib/output.py:111 msgid "All commands should at least have a result" msgstr "Todos los comandos deber?an por lo menos tener un resultado" #: ../../ipalib/cli.py:507 #, python-format msgid "Enter %(label)s again to verify: " msgstr "ngrese %(label)s nuevamente para su verificaci?n: " #: ../../ipalib/cli.py:511 msgid "Passwords do not match!" msgstr "?Las contrase?as no coinciden!" #: ../../ipalib/cli.py:516 msgid "Cancelled." msgstr "Cancelado." #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "Los resultados se encuentran truncados, intente realizar una b?squeda m?s espec?fica" #: ../../ipalib/frontend.py:785 msgid "retrieve all attributes" msgstr "recuperar todos los atributos" #: ../../ipalib/frontend.py:790 msgid "print entries as stored on the server" msgstr "imprime las entradas como se encuentran almacenadas en el servidor" #: ../../ipalib/frontend.py:883 msgid "Forward to server instead of running locally" msgstr "Reenv?a al servidor en lugar de ejecutarse localmente" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "el cliente %(cver)s no es compatible con el servidor %(sver)s en %(server)r" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "error %(code)d desconocido de %(server)s: %(error)s" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "ha ocurrido un error interno" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "ha ocurrido un error interno en el servidor en %(server)r" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "comando desconocido %(name)r" #: ../../ipalib/errors.py:386 #: ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "error en el servidor %(server)r: %(error)s" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "no es posible conectar con %(uri)r: %(error)s" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "Petici?n JSON-RPC no v?lida: %(error)s" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "Error de kerberos: %(major)s/%(minor)s" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "no se ha recibido ninguna credencial Kerberos" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "El servicio %(service)r no se ha encontrado en la base de datos Kerberos" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "No se han encontrado credenciales de cach?" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "El ticket ha expirado" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "Los permisos de credenciales de cach? son incorrectos" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "Las credenciales de cach? est?n mal formadas" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "No es posible resolver KDC para el reinado solicitado" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "Acceso insuficiente: %(info)s" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "el comando %(name)r no tiene argumentos" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "el comando %(name)r lleva al menos %(count)d argumento" msgstr[1] "el comando %(name)r lleva al menos %(count)d argumentos" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "superponiendo argumentos y opciones: %(names)r" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "%(name)r es necesario" #: ../../ipalib/errors.py:706 #: ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "%(name)r inv?lido: %(error)s" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "api no posee tal nombre de espacio: %(name)r" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "Las contrase?as no coinciden" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "El comando no se ha implementado" #: ../../ipalib/errors.py:783 #: ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "%(reason)s" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "Esta entrada ya existe" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "Debe registrar un equipo para poder generar un servicio de equipo" #: ../../ipalib/errors.py:831 #, python-format msgid "Service principal is not of the form: service/fully-qualified host name: %(reason)s" msgstr "El servicio principal no tiene la forma de servicio/nombre de equipo totalmente calificado: %(reason)s" #: ../../ipalib/errors.py:847 msgid "The realm for the principal does not match the realm for this IPA server" msgstr "El reinado para el principal no coincide con el reinado para este servidor IPA" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "Este comando necesita acceso de usuario root" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "Este ya es un grupo posix" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "El principal no tiene la forma usuario at REINADO: %(principal)r" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "Esta entrada ya se encuentra desbloqueada" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "Esta entrada ya se encuentra bloqueada" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "Esta entrada posee definido nsAccountLock, no puede ser bloqueada ni desbloqueada" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "Esta entrada no es miembro del grupo" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "Un grupo no puede ser miembro de s? mismo" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "Esta entrada ya es miembro del grupo" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "Fall? la decodificaci?n base64: %(reason)s" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "Un grupo no puede ser agregado como miembro de s? mismo" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "El grupo de usuarios predeterminado no puede ser eliminado" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "no existe un comando para el t?pico de ayuda %(topic)r" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "la modificaci?n choca con otra modificaci?n diferente" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "no existen modificaciones a ser realizadas" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "%(desc)s:%(info)s" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "han sido excedidos los l?mites para esta consulta" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "%(info)s" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "La operaci?n certificada no puede ser completada: %(error)s" #: ../../ipalib/plugins/config.py:45 msgid "Max username length" msgstr "Longitud m?xima de nombre de usuario" #: ../../ipalib/plugins/config.py:50 msgid "Home directory base" msgstr "Base del directorio principal" #: ../../ipalib/plugins/config.py:51 msgid "Default location of home directories" msgstr "Ubicaci?n predeterminada de los directorios principales" #: ../../ipalib/plugins/config.py:55 msgid "Default shell" msgstr "Shell predeterminada" #: ../../ipalib/plugins/config.py:56 msgid "Default shell for new users" msgstr "Shell predeterminada para nuevos usuarios" #: ../../ipalib/plugins/config.py:60 msgid "Default users group" msgstr "Grupo de usuarios predeterminado" #: ../../ipalib/plugins/config.py:61 msgid "Default group for new users" msgstr "Grupo predeterminado para nuevos usuarios" #: ../../ipalib/plugins/config.py:65 msgid "Default e-mail domain" msgstr "Dominio predeterminado de correo electr?nico" #: ../../ipalib/plugins/config.py:66 msgid "Default e-mail domain new users" msgstr "Dominio predeterminado de correo electr?nico para nuevos usuarios" #: ../../ipalib/plugins/config.py:70 msgid "Search time limit" msgstr "Buscar l?mite de tiempo" #: ../../ipalib/plugins/config.py:71 msgid "Max. amount of time (sec.) for a search (-1 is unlimited)" msgstr "Cantidad m?xima de tiempo (en segundos) para realizar una b?squeda (-1 es ilimitado)" #: ../../ipalib/plugins/config.py:76 msgid "Search size limit" msgstr "L?mite del tama?o de la b?squeda" #: ../../ipalib/plugins/config.py:77 msgid "Max. number of records to search (-1 is unlimited)" msgstr "cantidad m?xima de registros que buscar (-1 es ilimitado)" #: ../../ipalib/plugins/config.py:82 msgid "User search fields" msgstr "Campos de b?squeda de usuario" #: ../../ipalib/plugins/config.py:83 msgid "A comma-separated list of fields to search when searching for users" msgstr "Una lista separada por comas de campos a buscar, cuando se realice una b?squeda de usuarios" #: ../../ipalib/plugins/config.py:88 msgid "A comma-separated list of fields to search when searching for groups" msgstr "Una lista separada por comas de campos a buscar, cuando se realice una b?squeda de grupos" #: ../../ipalib/plugins/config.py:92 msgid "Migration mode" msgstr "Modo de migraci?n" #: ../../ipalib/plugins/config.py:93 msgid "Enabled migration mode" msgstr "Modo de migraci?n habilitado" #: ../../ipalib/plugins/config.py:97 msgid "Certificate Subject base" msgstr "Base de certificado de asunto" #: ../../ipalib/plugins/config.py:98 msgid "base for certificate subjects (OU=Test,O=Example)" msgstr "base para certificar asuntos (OU=Prueba,O=Ejemplo)" #: ../../ipalib/plugins/rolegroup.py:42 msgid "Role Groups" msgstr "Grupos de funciones" #: ../../ipalib/plugins/rolegroup.py:47 msgid "Role-group name" msgstr "Nombre del grupo de funci?n" #: ../../ipalib/plugins/rolegroup.py:53 #: ../../ipalib/plugins/host.py:77 #: ../../ipalib/plugins/group.py:59 #: ../../ipalib/plugins/hbac.py:91 #: ../../ipalib/plugins/automount.py:230 #: ../../ipalib/plugins/netgroup.py:58 #: ../../ipalib/plugins/taskgroup.py:54 #: ../../ipalib/plugins/hostgroup.py:55 msgid "Description" msgstr "Descripci?n" #: ../../ipalib/plugins/rolegroup.py:54 msgid "A description of this role-group" msgstr "Una descripci?n de este grupo de funciones" #: ../../ipalib/plugins/rolegroup.py:57 #: ../../ipalib/plugins/group.py:68 #: ../../ipalib/plugins/taskgroup.py:58 msgid "Member groups" msgstr "Grupos de miembros" #: ../../ipalib/plugins/rolegroup.py:61 #: ../../ipalib/plugins/group.py:72 #: ../../ipalib/plugins/taskgroup.py:62 msgid "Member users" msgstr "Usuarios miembros" #: ../../ipalib/plugins/rolegroup.py:65 msgid "Member of task-groups" msgstr "Miembros de los grupos de tareas" #: ../../ipalib/plugins/rolegroup.py:78 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "Ha sido agregado el grupo de funciones \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:88 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "Ha sido eliminado el grupo de funciones \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:98 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "Ha sido modificado el grupo de funciones \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:109 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "%(count)d grupo de roles coincidente" msgstr[1] "%(count)d grupo de roles coincidentes" #: ../../ipalib/plugins/host.py:66 msgid "Hosts" msgstr "Equipos" #: ../../ipalib/plugins/host.py:71 msgid "Host name" msgstr "Nombre del equipo" #: ../../ipalib/plugins/host.py:78 msgid "A description of this host" msgstr "Una descripci?n de este equipo" #: ../../ipalib/plugins/host.py:82 msgid "Locality" msgstr "Localidad" #: ../../ipalib/plugins/host.py:83 msgid "Host locality (e.g. \"Baltimore, MD\")" msgstr "Localidad del equipo (p.ej. \"Barrio latino, Par?s\") " #: ../../ipalib/plugins/host.py:87 #: ../../ipalib/plugins/automount.py:107 msgid "Location" msgstr "Ubicaci?n" #: ../../ipalib/plugins/host.py:88 msgid "Host location (e.g. \"Lab 2\")" msgstr "Ubicaci?n del equipo (p. ej. \"Laboratorio\")" #: ../../ipalib/plugins/host.py:92 msgid "Platform" msgstr "Plataforma" #: ../../ipalib/plugins/host.py:93 msgid "Host hardware platform (e.g. \"Lenovo T61\")" msgstr "Plataforma de hardware del equipo (p. ej. \"Lenovo T61\")" #: ../../ipalib/plugins/host.py:97 msgid "Operating system" msgstr "Sistema operativo" #: ../../ipalib/plugins/host.py:98 msgid "Host operating system and version (e.g. \"Fedora 9\")" msgstr "Sistema operativo que utiliza el equipo y versi?n (p.ej. \"Fedora 11\")" #: ../../ipalib/plugins/host.py:102 msgid "User password" msgstr "Contrase?a de usuario" #: ../../ipalib/plugins/host.py:103 msgid "Password used in bulk enrollment" msgstr "Contrase?a utilizada en el registro bruto" #: ../../ipalib/plugins/host.py:107 #: ../../ipalib/plugins/service.py:128 #: ../../ipalib/plugins/cert.py:188 #: ../../ipalib/plugins/cert.py:370 msgid "Certificate" msgstr "Certificado" #: ../../ipalib/plugins/host.py:108 #: ../../ipalib/plugins/service.py:129 msgid "Base-64 encoded server certificate" msgstr "Certificado del servidor codificado con base-64" #: ../../ipalib/plugins/host.py:111 #: ../../ipalib/plugins/host.py:214 msgid "Principal name" msgstr "Nombre principal" #: ../../ipalib/plugins/host.py:115 #: ../../ipalib/plugins/hostgroup.py:67 msgid "Member of host-groups" msgstr "Miembro de los grupos de equipo" #: ../../ipalib/plugins/host.py:119 msgid "Member of net-groups" msgstr "Miembro de los grupos de red" #: ../../ipalib/plugins/host.py:123 msgid "Member of role-groups" msgstr "Miembro de los grupos de funci?n" #: ../../ipalib/plugins/host.py:152 #, python-format msgid "Added host \"%(value)s\"" msgstr "Ha sido agregado el equipo \"%(value)s\"" #: ../../ipalib/plugins/host.py:181 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "Ha sido eliminado el equipo \"%(value)s\"" #: ../../ipalib/plugins/host.py:209 #, python-format msgid "Modified host \"%(value)s\"" msgstr "Ha sido modificado el equipo \"%(value)s\"" #: ../../ipalib/plugins/host.py:215 msgid "Kerberos principal name for this host" msgstr "Nombre del prinicpal de Kerberos para este equipo" #: ../../ipalib/plugins/host.py:259 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "%(count)d equipo coincidente" msgstr[1] "%(count)d equipos coincidentes" #: ../../ipalib/plugins/group.py:48 msgid "User Groups" msgstr "Grupos de usuarios" #: ../../ipalib/plugins/group.py:53 msgid "Group name" msgstr "Nombre del grupo" #: ../../ipalib/plugins/group.py:60 msgid "Group description" msgstr "Descripci?n del grupo" #: ../../ipalib/plugins/group.py:64 msgid "GID" msgstr "GID" #: ../../ipalib/plugins/group.py:65 msgid "GID (use this option to set it manually)" msgstr "GID (utilice esta opci?n para definirlo manualmente)" #: ../../ipalib/plugins/group.py:76 msgid "Failed members" msgstr "Miembros fallidos" #: ../../ipalib/plugins/group.py:80 #: ../../ipalib/plugins/user.py:48 msgid "Users" msgstr "Usuarios" #: ../../ipalib/plugins/group.py:84 #: ../../ipalib/plugins/user.py:109 msgid "Groups" msgstr "Grupos" #: ../../ipalib/plugins/group.py:97 #, python-format msgid "Added group \"%(value)s\"" msgstr "Ha sido agregado el grupo \"%(value)s\"" #: ../../ipalib/plugins/group.py:102 msgid "Create as posix group?" msgstr "?Crear como un grupo posix?" #: ../../ipalib/plugins/group.py:120 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "Ha sido eliminado el grupo \"%(value)s\"" #: ../../ipalib/plugins/group.py:146 #, python-format msgid "Modified group \"%(value)s\"" msgstr "Ha sido modificado el grupo \"%(value)s\"" #: ../../ipalib/plugins/group.py:151 msgid "change to posix group" msgstr "trasladarse al grupo posix" #: ../../ipalib/plugins/group.py:175 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "%(count)d grupo coincidente" msgstr[1] "%(count)d grupos coincidentes" #: ../../ipalib/plugins/migration.py:40 #, python-format msgid "Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually." msgstr "El principal %s de Kerberos ya existe. Utilice 'ipa user-mod' para definirlo manualmente." #: ../../ipalib/plugins/migration.py:41 msgid "Failed to add user to the default group. Use 'ipa group-add-member' to add manually." msgstr "Fall? al intenatar agregar al usuario al grupo predeterminado. Utilice 'ipa group-add-member' para agregarlo manualmente. " #: ../../ipalib/plugins/migration.py:165 msgid "LDAP URI" msgstr "LDAP URI" #: ../../ipalib/plugins/migration.py:166 msgid "LDAP URI of DS server to migrate from" msgstr "LDAP URI del servidor DS desde donde realizar la migraci?n" #: ../../ipalib/plugins/migration.py:170 msgid "bind password" msgstr "asociar contrase?a" #: ../../ipalib/plugins/migration.py:177 msgid "Bind DN" msgstr "Asociar DN" #: ../../ipalib/plugins/migration.py:183 msgid "User container" msgstr "Contenedor de usuario" #: ../../ipalib/plugins/migration.py:184 msgid "RDN of container for users in DS" msgstr "RDN de contenedor para los usuarios en DS" #: ../../ipalib/plugins/migration.py:190 msgid "Group container" msgstr "Contenedor de grupoi" #: ../../ipalib/plugins/migration.py:191 msgid "RDN of container for groups in DS" msgstr "RDN del contenedor para grups en DS" #: ../../ipalib/plugins/migration.py:200 msgid "Lists of objects migrated; categorized by type." msgstr "Lista de objetos migrados; categorizados por tipo." #: ../../ipalib/plugins/migration.py:204 msgid "Lists of objects that could not be migrated; categorized by type." msgstr "Lista de objetos que no pueden ser migrados; categorizados por tipo." #: ../../ipalib/plugins/migration.py:208 msgid "False if migration mode was disabled." msgstr "\"False\", si el modo de migraci?n fue deshabilitado." #: ../../ipalib/plugins/migration.py:212 #, python-format msgid "comma-separated list of %s to exclude from migration" msgstr "lista de %s separada por comas a ser excluida de la migraci?n" #: ../../ipalib/plugins/migration.py:214 msgid "" "search results for objects to be migrated\n" "have been truncated by the server;\n" "migration process might be uncomplete\n" msgstr "" "los resultados de la b?squeda de objetos a ser migrados\n" "ha sido truncada por el servidor;\n" "el proceso de migraci?n podr?a estar incompleto\n" #: ../../ipalib/plugins/migration.py:219 msgid "Migration mode is disabled. Use 'ipa config-mod' to enable it." msgstr "El modo de migraci?n se encuentra deshabilitado. Utilice 'ipa config-mod' para habilitarlo." #: ../../ipalib/plugins/migration.py:222 msgid "" "Passwords have been migrated in pre-hashed format.\n" "IPA is unable to generate Kerberos keys unless provided\n" "with clear text passwords. All migrated users need to\n" "login at https://your.domain/ipa/migration/ before they\n" "can use their Kerberos accounts." msgstr "" "Las contrase?as han sido migradas en formato pre-hasheado.\n" "IPA es incapaz de generar llaves Kerberos a menos que le sean\n" "provistas contrase?as de texto claras. Todos los usuarios migrados\n" "necesitan registrarse en https://su.dominio/ipa/migration/ antes de\n" "poder utilizar sus respectivas cuentas Kerberos." #: ../../ipalib/plugins/service.py:116 msgid "Services" msgstr "Servicios" #: ../../ipalib/plugins/service.py:121 #: ../../ipalib/plugins/cert.py:175 msgid "Principal" msgstr "Principal" #: ../../ipalib/plugins/service.py:122 msgid "Service principal" msgstr "Servicio principal" #: ../../ipalib/plugins/service.py:140 #, python-format msgid "Added service \"%(value)s\"" msgstr "Ha sido agregado el servicio \"%(value)s\"" #: ../../ipalib/plugins/service.py:144 msgid "force principal name even if not in DNS" msgstr "fuerza el nombre del prinicpal, a?n si no se encuentra en DNS" #: ../../ipalib/plugins/service.py:187 #, python-format msgid "Deleted service \"%(value)s\"" msgstr "Ha sido eliminado el servicio \"%(value)s\"" #: ../../ipalib/plugins/passwd.py:37 #: ../../ipalib/plugins/krbtpolicy.py:47 msgid "User name" msgstr "Nombre de usuario" #: ../../ipalib/plugins/hbac.py:48 msgid "HBAC" msgstr "HBAC" #: ../../ipalib/plugins/hbac.py:53 msgid "Rule name" msgstr "Nombre de la regla" #: ../../ipalib/plugins/hbac.py:58 msgid "Rule type (allow or deny)" msgstr "Tipo de regla (permitir o negar)" #: ../../ipalib/plugins/hbac.py:63 msgid "Service name" msgstr "Nombre del servicio" #: ../../ipalib/plugins/hbac.py:64 msgid "Name of service the rule applies to (e.g. ssh)" msgstr "Nombre del servicio al que se aplica la regla (p.ej. ssh)" #: ../../ipalib/plugins/hbac.py:69 msgid "User category" msgstr "Categor?a de usuario" #: ../../ipalib/plugins/hbac.py:70 msgid "User category the rule applies to" msgstr "Categor?a de usuario al que se aplica la regla" #: ../../ipalib/plugins/hbac.py:75 msgid "Host category" msgstr "Categor?a del equipo" #: ../../ipalib/plugins/hbac.py:76 msgid "Host category the rule applies to" msgstr "Categor?a del equipo al que se aplica la regla" #: ../../ipalib/plugins/hbac.py:81 msgid "Source host category" msgstr "Categor?a del equipo de origen" #: ../../ipalib/plugins/hbac.py:82 msgid "Source host category the rule applies to" msgstr "Categor?a del equipo de origen al que se aplica la regla" #: ../../ipalib/plugins/hbac.py:87 #: ../../ipalib/plugins/hbac.py:221 #: ../../ipalib/plugins/hbac.py:259 msgid "Access time" msgstr "Hora de acceso" #: ../../ipalib/plugins/cert.py:62 #: ../../ipalib/plugins/cert.py:83 msgid "Unable to decode certificate in entry" msgstr "No es posible decodificar el certificado en la entrada" #: ../../ipalib/plugins/cert.py:105 #: ../../ipalib/plugins/cert.py:119 #: ../../ipalib/plugins/cert.py:136 msgid "Failure decoding Certificate Signing Request" msgstr "Falla al intentar decodificar la petici?n de identificaci?n de certificado" #: ../../ipalib/plugins/cert.py:138 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "Falla al intentar decodificar la petici?n de identificaci?n de certificado: %s" #: ../../ipalib/plugins/cert.py:176 msgid "Service principal for this certificate (e.g. HTTP/test.example.com)" msgstr "Principal del servicio para este certificado (p.ej. HTTP/prueba.ejemplo.com)" #: ../../ipalib/plugins/cert.py:183 msgid "automatically add the principal if it doesn't exist" msgstr "si no existe, agregar autom?ticamente el principal" #: ../../ipalib/plugins/cert.py:192 #: ../../ipalib/plugins/cert.py:374 msgid "Subject" msgstr "Asunto" #: ../../ipalib/plugins/cert.py:196 #: ../../ipalib/plugins/cert.py:357 msgid "Serial number" msgstr "N?mero de serie" #: ../../ipalib/plugins/cert.py:204 #: ../../ipalib/plugins/misc.py:46 msgid "Dictionary mapping variable name to value" msgstr "Nombre de la variable de mapeo de dicionario a valorizar " #: ../../ipalib/plugins/cert.py:334 msgid "Request id" msgstr "Id de la petici?n" #: ../../ipalib/plugins/cert.py:340 msgid "Request status" msgstr "Estado de la petici?n" #: ../../ipalib/plugins/cert.py:358 msgid "Serial number in decimal or if prefixed with 0x in hexadecimal" msgstr "N?mero de serie en decimales, o hexadecimales, si tiene un prefijo 0x" #: ../../ipalib/plugins/cert.py:378 msgid "Revocation reason" msgstr "Motivo de la revocaci?n" #: ../../ipalib/plugins/cert.py:403 msgid "Revoked" msgstr "Revocado" #: ../../ipalib/plugins/cert.py:412 msgid "Reason" msgstr "Motivo" #: ../../ipalib/plugins/cert.py:413 msgid "Reason for revoking the certificate (0-10)" msgstr "Motivo por el cual el certificado ha sido revocado (0-10)" #: ../../ipalib/plugins/cert.py:438 msgid "Unrevoked" msgstr "No revocado" #: ../../ipalib/plugins/cert.py:442 msgid "Error" msgstr "Error" #: ../../ipalib/plugins/baseldap.py:74 #, python-format msgid "container entry (%(container)s) not found" msgstr "no se encuentra la entrada (%(container)s) de contenedor" #: ../../ipalib/plugins/baseldap.py:75 #, python-format msgid "%(parent)s: %(oname)s not found" msgstr "%(parent)s: no se encuentra %(oname)s" #: ../../ipalib/plugins/baseldap.py:76 #, python-format msgid "%(pkey)s: %(oname)s not found" msgstr "%(pkey)s: no se encuentra %(oname)s" #: ../../ipalib/plugins/baseldap.py:126 msgid "Add an attribute/value pair. Format is attr=value" msgstr "Agregar un par de atributo/valor. El formato es attr=value" #: ../../ipalib/plugins/baseldap.py:131 msgid "Set an attribute to an name/value pair. Format is attr=value" msgstr "Define un atributo a un par nombre/valor. El formato es attr=value" #: ../../ipalib/plugins/baseldap.py:318 msgid "the entry was deleted while being modified" msgstr "la entrada fue eliminada mientras estaba siendo modificada" #: ../../ipalib/plugins/baseldap.py:426 msgid "Members that could not be added" msgstr "Miembros que no han podido ser a?adidos" #: ../../ipalib/plugins/baseldap.py:430 msgid "Number of members added" msgstr "Cantidad de miembros a?adidos" #: ../../ipalib/plugins/baseldap.py:502 msgid "Number of members removed" msgstr "Cantidad de miembros eliminados" #: ../../ipalib/plugins/baseldap.py:506 msgid "Members that could not be removed" msgstr "Miembros que no han podido ser eliminados" #: ../../ipalib/plugins/aci.py:81 msgid "A list of ACI values" msgstr "Una lista de valores ACI" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "tipo, filtro, sub?rbol y grupo de destino, se excluyen mutuamente" #: ../../ipalib/plugins/aci.py:112 msgid "at least one of: type, filter, subtree, targetgroup, attrs or memberof are required" msgstr "es necesario como m?nimo alguno de: tipo, filtro, sub?rbol, grupo de destino, atributos, o miembro de " #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "grupo y grupo de tareas se excluyen mutuamente" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "Es necesario grupo o grupo de tareas" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "El grupo '%s' no existe" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "No se encuentra un ACI cuyo nombre sea \"%s\"" #: ../../ipalib/plugins/aci.py:201 msgid "ACIs" msgstr "ACIs" #: ../../ipalib/plugins/aci.py:206 msgid "ACI name" msgstr "Nombre de ACI" #: ../../ipalib/plugins/aci.py:211 msgid "Taskgroup" msgstr "Grupo de tareas" #: ../../ipalib/plugins/aci.py:212 msgid "Taskgroup ACI grants access to" msgstr "El grupo de tareas ACI permite el acceso a " #: ../../ipalib/plugins/aci.py:216 msgid "User group" msgstr "Grupo de usuarios" #: ../../ipalib/plugins/aci.py:217 msgid "User group ACI grants access to" msgstr "El grupo de usuarios ACI permite el acceso a" #: ../../ipalib/plugins/aci.py:221 msgid "Permissions" msgstr "Permisos" #: ../../ipalib/plugins/aci.py:222 msgid "comma-separated list of permissions to grant(read, write, add, delete, selfwrite, all)" msgstr "lista separada por comas de la concesi?n de permisos (leer, escribir, agregar, eliminar, auto escribirse, todos) " #: ../../ipalib/plugins/aci.py:228 msgid "Attributes" msgstr "Atributos" #: ../../ipalib/plugins/aci.py:229 msgid "Comma-separated list of attributes" msgstr "Lista de atributos separada por comas" #: ../../ipalib/plugins/aci.py:233 msgid "Type" msgstr "Tipo" #: ../../ipalib/plugins/aci.py:234 msgid "type of IPA object (user, group, host)" msgstr "tipo de objeto IPA (usuario, grupo, equipo)" #: ../../ipalib/plugins/aci.py:239 msgid "Member of" msgstr "Miembro de" #: ../../ipalib/plugins/aci.py:240 msgid "Member of a group" msgstr "Miembro de un grupo" #: ../../ipalib/plugins/aci.py:244 msgid "Filter" msgstr "Filtro" #: ../../ipalib/plugins/aci.py:245 msgid "Legal LDAP filter (e.g. ou=Engineering)" msgstr "Filtro legal LDAP (p.ej. ou=Ingenier?a)" #: ../../ipalib/plugins/aci.py:249 msgid "Subtree" msgstr "Sub?rbol" #: ../../ipalib/plugins/aci.py:250 msgid "Subtree to apply ACI to" msgstr "Sub?rbol al que aplicar ACI" #: ../../ipalib/plugins/aci.py:254 msgid "Target group" msgstr "Grupo elegido" #: ../../ipalib/plugins/aci.py:255 msgid "Group to apply ACI to" msgstr "Grupo al que aplicar API" #: ../../ipalib/plugins/aci.py:267 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "Ha sido creado ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:317 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "Ha sido eliminado ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:357 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "Ha sido modificado ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:417 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "%(count)d ACI coincidente" msgstr[1] "%(count)d ACIs coincidentes" #: ../../ipalib/plugins/krbtpolicy.py:48 msgid "Manage ticket policy for specific user" msgstr "Administra pol?tica de ticket para un usuario espec?fico" #: ../../ipalib/plugins/krbtpolicy.py:53 msgid "Max life" msgstr "Vida m?xima" #: ../../ipalib/plugins/krbtpolicy.py:54 msgid "Maximum ticket life" msgstr "Vida m?xima del ticket" #: ../../ipalib/plugins/krbtpolicy.py:58 msgid "Max renew" msgstr "Renovaci?n m?xima" #: ../../ipalib/plugins/krbtpolicy.py:59 msgid "Maximum renewable age" msgstr "Duraci?n m?xima renovable" #: ../../ipalib/plugins/dns.py:113 msgid "DNS" msgstr "DNS" #: ../../ipalib/plugins/dns.py:118 msgid "Zone" msgstr "Zona" #: ../../ipalib/plugins/dns.py:119 msgid "Zone name (FQDN)" msgstr "Nombre de la zona (FQDN)" #: ../../ipalib/plugins/dns.py:125 msgid "Authoritative name server" msgstr "Servidor de nombres de autoridad" #: ../../ipalib/plugins/dns.py:129 msgid "administrator e-mail address" msgstr "direcci?n de correo electr?nico del administrador" #: ../../ipalib/plugins/dns.py:135 msgid "SOA serial" msgstr "Serie SOA" #: ../../ipalib/plugins/dns.py:139 msgid "SOA refresh" msgstr "Actualizar SOA" #: ../../ipalib/plugins/dns.py:143 msgid "SOA retry" msgstr "Reintentar SOA" #: ../../ipalib/plugins/dns.py:147 msgid "SOA expire" msgstr "Expirar SOA" #: ../../ipalib/plugins/dns.py:151 msgid "SOA minimum" msgstr "M?nimo SOA" #: ../../ipalib/plugins/dns.py:155 msgid "SOA time to live" msgstr "Tiempo para abandonar SOA" #: ../../ipalib/plugins/dns.py:159 msgid "SOA class" msgstr "Clase SOA" #: ../../ipalib/plugins/dns.py:164 msgid "allow dynamic update?" msgstr "?permitir actualizaci?n din?mica?" #: ../../ipalib/plugins/dns.py:168 msgid "BIND update policy" msgstr "Pol?tica de actualizaci?n de BIND" #: ../../ipalib/plugins/dns.py:393 #: ../../ipalib/plugins/dns.py:427 #: ../../ipalib/plugins/dns.py:462 #: ../../ipalib/plugins/dns.py:577 #: ../../ipalib/plugins/dns.py:662 #: ../../ipalib/plugins/dns.py:786 msgid "Zone name" msgstr "Nombre de la zona" #: ../../ipalib/plugins/dns.py:467 msgid "resource name" msgstr "nombre del recurso" #: ../../ipalib/plugins/dns.py:472 #: ../../ipalib/plugins/dns.py:587 #: ../../ipalib/plugins/dns.py:678 msgid "Record type" msgstr "Tipo de registro" #: ../../ipalib/plugins/dns.py:476 #: ../../ipalib/plugins/dns.py:591 msgid "Data" msgstr "Datos" #: ../../ipalib/plugins/dns.py:477 #: ../../ipalib/plugins/dns.py:592 msgid "Type-specific data" msgstr "Datos de tipo espec?fico" #: ../../ipalib/plugins/dns.py:484 msgid "Time to live" msgstr "Tiempo para abandonar" #: ../../ipalib/plugins/dns.py:489 msgid "Class" msgstr "Clase" #: ../../ipalib/plugins/dns.py:582 #: ../../ipalib/plugins/dns.py:674 #: ../../ipalib/plugins/dns.py:791 msgid "Resource name" msgstr "Nombre del recurso" #: ../../ipalib/plugins/dns.py:667 msgid "Search criteria" msgstr "Criterio de b?squeda" #: ../../ipalib/plugins/dns.py:682 msgid "type-specific data" msgstr "datos de tipo espec?fico" #: ../../ipalib/plugins/automount.py:108 msgid "Automount location name" msgstr "Nombre de la ubicaci?n de automontaje" #: ../../ipalib/plugins/automount.py:224 msgid "Map" msgstr "Mapeo" #: ../../ipalib/plugins/automount.py:225 msgid "Automount map name" msgstr "Nombre de mapeo de automontaje" #: ../../ipalib/plugins/automount.py:234 msgid "Automount Maps" msgstr "Mapeos de automontaje" #: ../../ipalib/plugins/automount.py:306 msgid "Key" msgstr "Llave" #: ../../ipalib/plugins/automount.py:307 msgid "Automount key name" msgstr "Nombre de llave de automontaje" #: ../../ipalib/plugins/automount.py:312 msgid "Mount information" msgstr "Informaci?n de montaje" #: ../../ipalib/plugins/automount.py:316 msgid "description" msgstr "descripci?n" #: ../../ipalib/plugins/automount.py:320 msgid "Automount Keys" msgstr "Llaves de automontaje" #: ../../ipalib/plugins/automount.py:340 msgid "Mount point" msgstr "Punto de montaje" #: ../../ipalib/plugins/automount.py:344 msgid "Parent map" msgstr "Mapeo del padre" #: ../../ipalib/plugins/automount.py:345 msgid "Name of parent automount map (default: auto.master)" msgstr "Nombre del mapeo del automontaje padre (predeterminado: auto.master)" #: ../../ipalib/plugins/netgroup.py:47 msgid "Net Groups" msgstr "Grupos de red" #: ../../ipalib/plugins/netgroup.py:52 msgid "Netgroup name" msgstr "Nombre de grupo de red" #: ../../ipalib/plugins/netgroup.py:59 msgid "Netgroup description" msgstr "Descripci?n del grupo de red" #: ../../ipalib/plugins/netgroup.py:63 msgid "NIS domain name" msgstr "Nombre del dominio NIS" #: ../../ipalib/plugins/netgroup.py:68 msgid "IPA unique ID" msgstr "ID unico de IPA" #: ../../ipalib/plugins/netgroup.py:80 msgid "Member host" msgstr "Equipo miembro" #: ../../ipalib/plugins/netgroup.py:88 msgid "External host" msgstr "Equipo externo" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "%(count)d variables" #: ../../ipalib/plugins/misc.py:50 msgid "Total number of variables env (>= count)" msgstr "Cantidad total de variables env (>= count)" #: ../../ipalib/plugins/misc.py:54 msgid "Number of variables returned (<= total)" msgstr "Cantidad de variables devueltas (<= total)" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "%(count)d complemento cargado" msgstr[1] "%(count)d complementos cargados" #: ../../ipalib/plugins/misc.py:103 msgid "Number of plugins loaded" msgstr "Cantidad de complementos cargados" #: ../../ipalib/plugins/user.py:53 msgid "User login" msgstr "Ingreso de usuario" #: ../../ipalib/plugins/user.py:60 msgid "First name" msgstr "Nombre" #: ../../ipalib/plugins/user.py:64 msgid "Last name" msgstr "Apellido" #: ../../ipalib/plugins/user.py:72 msgid "GECOS field" msgstr "Campo GECOS" #: ../../ipalib/plugins/user.py:78 msgid "Login shell" msgstr "Shel de ingreso" #: ../../ipalib/plugins/user.py:83 msgid "Kerberos principal" msgstr "Principal kerberos" #: ../../ipalib/plugins/user.py:89 msgid "Email address" msgstr "Direcci?n de correo electr?nico" #: ../../ipalib/plugins/user.py:93 msgid "Password" msgstr "Contrase?a" #: ../../ipalib/plugins/user.py:94 msgid "Set the user password" msgstr "Definir la contrase?a de usuario" #: ../../ipalib/plugins/user.py:101 msgid "UID" msgstr "UID" #: ../../ipalib/plugins/user.py:102 msgid "UID (use this option to set it manually)" msgstr "UID (utilice esta opci?n para definir manualmente)" #: ../../ipalib/plugins/user.py:106 msgid "Street address" msgstr "Direcci?n postal" #: ../../ipalib/plugins/user.py:113 msgid "Netgroups" msgstr "Grupos de red" #: ../../ipalib/plugins/user.py:117 msgid "Rolegroups" msgstr "Grupos de funciones" #: ../../ipalib/plugins/user.py:121 msgid "Taskgroups" msgstr "Grupos de tareas" #: ../../ipalib/plugins/user.py:134 #, python-format msgid "Added user \"%(value)s\"" msgstr "Ha sido agregado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:179 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "Ha sido eliminado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:198 #, python-format msgid "Modified user \"%(value)s\"" msgstr "Ha sido modificado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:209 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "%(count)d usuario coincidente" msgstr[1] "%(count)d usuarios coincidentes" #: ../../ipalib/plugins/user.py:229 #, python-format msgid "Locked user \"%(value)s\"" msgstr "Ha sido bloqueado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:255 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "Ha sido desbloqueado el usuario \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:43 msgid "Task Groups" msgstr "Grupos de tareas" #: ../../ipalib/plugins/taskgroup.py:48 msgid "Task-group name" msgstr "Nombre de grupos de tareas" #: ../../ipalib/plugins/taskgroup.py:55 msgid "Task-group description" msgstr "Descrici?n del grupo de tareas" #: ../../ipalib/plugins/taskgroup.py:66 msgid "Member role-groups" msgstr "Grupos de funci?n miembro" #: ../../ipalib/plugins/taskgroup.py:79 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "Ha sido agregado el grupo de tareas \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:89 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "Ha sido eliminado el grupo de tareas \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:99 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "Ha sido modificado el grupo de tareas \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:110 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "%(count)d grupo de tarea coincidente" msgstr[1] "%(count)d grupos de tarea coincidentes" #: ../../ipalib/plugins/hostgroup.py:43 msgid "Host Groups" msgstr "Grupos de equipo" #: ../../ipalib/plugins/hostgroup.py:48 msgid "Host-group" msgstr "Grupo de equipo" #: ../../ipalib/plugins/hostgroup.py:49 msgid "Name of host-group" msgstr "Nombre del grupo de equipo" #: ../../ipalib/plugins/hostgroup.py:56 msgid "A description of this host-group" msgstr "Una descripci?n de este grupo de equipo" #: ../../ipalib/plugins/hostgroup.py:59 msgid "Member hosts" msgstr "Equipos miembro" #: ../../ipalib/plugins/hostgroup.py:63 msgid "Member host-groups" msgstr "Grupos de equipo miembro" #: ../../ipalib/plugins/hostgroup.py:80 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "Ha sido agregado el grupo de equipo \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:90 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "Ha sido eliminado el grupo de equipo \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:100 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "Ha sido modificado el grupo de equipo \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:111 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "%(count)d grupo de equipos coincidente" msgstr[1] "%(count)d grupos de equipos coincidentes" #: ../../ipalib/plugins/pwpolicy.py:121 #: ../../ipalib/plugins/pwpolicy.py:173 #: ../../ipalib/plugins/pwpolicy.py:225 #: ../../ipalib/plugins/pwpolicy.py:321 msgid "Group" msgstr "Grupo" #: ../../ipalib/plugins/pwpolicy.py:126 msgid "Max lifetime (days)" msgstr "Vida m?xima (d?as)" #: ../../ipalib/plugins/pwpolicy.py:127 msgid "Maximum password lifetime (in days)" msgstr "Vida m?xima de la contrase?a (d?as)" #: ../../ipalib/plugins/pwpolicy.py:133 msgid "Min lifetime (hours)" msgstr "Vida m?nima (horas)" #: ../../ipalib/plugins/pwpolicy.py:134 msgid "Minimum password lifetime (in hours)" msgstr "Vida m?nima de la contrase?a (en horas)" #: ../../ipalib/plugins/pwpolicy.py:140 msgid "History size" msgstr "Tama?o del historial" #: ../../ipalib/plugins/pwpolicy.py:141 msgid "Password history size" msgstr "Tama?o del historial de la contrase?a" #: ../../ipalib/plugins/pwpolicy.py:147 msgid "Character classes" msgstr "Clases de caracteres" #: ../../ipalib/plugins/pwpolicy.py:148 msgid "Minimum number of character classes" msgstr "Cantidad m?nima de clases de caracteres" #: ../../ipalib/plugins/pwpolicy.py:154 msgid "Min length" msgstr "Longitud m?nima" #: ../../ipalib/plugins/pwpolicy.py:155 msgid "Minimum length of password" msgstr "Longitud m?nima de la contrase?a" #: ../../ipalib/plugins/pwpolicy.py:169 #, python-format msgid "Added policy for group \"%(value)s\"" msgstr "Ha sido agregada pol?tica para el grupo \"%(value)s\"" #: ../../ipalib/plugins/pwpolicy.py:174 #: ../../ipalib/plugins/pwpolicy.py:226 msgid "Group to set policy for" msgstr "Grupo al que definir la pol?tica" #: ../../ipalib/plugins/pwpolicy.py:179 #: ../../ipalib/plugins/pwpolicy.py:230 msgid "Priority" msgstr "Prioridad" #: ../../ipalib/plugins/pwpolicy.py:180 #: ../../ipalib/plugins/pwpolicy.py:231 msgid "Priority of the policy (higher number equals lower priority)" msgstr "Prioridad de la pol?tica (a mayor n?mero corresponde una pol?tica menor)" #: ../../ipalib/plugins/pwpolicy.py:222 #, python-format msgid "Modified policy for group \"%(value)s\"" msgstr "Ha sido modificada la pol?tica para grupo \"%(value)s\"" #: ../../ipalib/plugins/pwpolicy.py:244 msgid "priority cannot be set on global policy" msgstr "la prioridad no puede ser definida en una pl?tica global" #: ../../ipalib/plugins/pwpolicy.py:277 #, python-format msgid "Deleted policy for group \"%(value)s\"" msgstr "Ha sido eliminada la pol?tica para el grupo \"%(value)s\"" #: ../../ipalib/plugins/pwpolicy.py:280 msgid "Group to remove policy from" msgstr "Grupo desde donde eliminar la pol?tica" #: ../../ipalib/plugins/pwpolicy.py:322 msgid "Group to display policy" msgstr "Grupo al que mostrar la pol?tica" #: ../../ipalib/plugins/pwpolicy.py:325 msgid "User" msgstr "Usuario" #: ../../ipalib/plugins/pwpolicy.py:326 msgid "Display policy applied to a given user" msgstr "Mostrar la pol?tica aplicada a un usuario determinado" #: ../../ipaserver/install/certs.py:576 #: ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "No es posible comunicarse con CMS (%s)" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "Request subject \"%(request_subject)s\" does not match the form \"%(subject_base)s\"" msgstr "El asunto solicitado \"%(request_subject)s\" no coincide con la forma \"%(subject_base)s\"" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "no es posible decodificar csr: %s" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "operaci?n de archivo" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "no es posible obtener el pr?ximo n?mero de serie" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "falla de certutil" #: ../../ipaserver/plugins/join.py:54 msgid "The hostname to register as" msgstr "El nombre del equipo a ser registrado como" #: ../../ipaserver/plugins/join.py:62 msgid "The IPA realm" msgstr "El reinado IPA" #: ../../ipaserver/plugins/join.py:68 msgid "Hardware platform of the host (e.g. Lenovo T61)" msgstr "Plataforma de hardware del equipo (p. ej. Lenovo T61)" #: ../../ipaserver/plugins/join.py:72 msgid "Operating System and version of the host (e.g. Fedora 9)" msgstr "Sistema operativo que utiliza el equipo y versi?n (p.ej. Fedora 9)" From jdennis at redhat.com Fri Apr 9 23:04:13 2010 From: jdennis at redhat.com (John Dennis) Date: Fri, 9 Apr 2010 19:04:13 -0400 Subject: [Freeipa-devel] [PATCH 14/14] Update Spanish translations Message-ID: <201004092304.o39N4D3h024453@int-mx03.intmail.prod.int.phx2.redhat.com> -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0014-Update-Spanish-translations.patch Type: text/x-patch Size: 12396 bytes Desc: not available URL: From pzuna at redhat.com Mon Apr 12 14:42:31 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Mon, 12 Apr 2010 16:42:31 +0200 Subject: [Freeipa-devel] [PATCH] Fix DNS plugin: proper output definitions, --all, dns-add-rr overwritting Message-ID: <4BC33157.5000606@redhat.com> The DNS plugin is getting old, tired and already looking forward to his pension in the Carribean. It will be replaced soon by a younger, faster, safer, shorter (in terms of code) and more maintainable version. Until that happens, here's some medicine for the old guy: - proper output definitions: the DNS plugin was created before we had the has_output attribute in place - --all: this is related to the output definitions as Command.get_options() adds the --all and --raw options automatically if has_output contains entries - dns-add-rr overwritting: missing .lower() caused records to be overwritten every time a new one was added from the CLI Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-DNS-plugin-proper-output-definitions-all-dns-add.patch Type: application/mbox Size: 5360 bytes Desc: not available URL: From pzuna at redhat.com Mon Apr 12 15:49:20 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Mon, 12 Apr 2010 17:49:20 +0200 Subject: [Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts. In-Reply-To: <4BB25EA5.20702@redhat.com> References: <4B9F9B50.7070103@redhat.com> <4BA9273B.9030004@redhat.com> <4BB2092D.9090306@redhat.com> <4BB25EA5.20702@redhat.com> Message-ID: <4BC34100.8060303@redhat.com> On 03/30/2010 10:27 PM, Rob Crittenden wrote: > Pavel Zuna wrote: >> On 03/23/2010 09:40 PM, Rob Crittenden wrote: >>> Pavel Zuna wrote: >>>> This is the first in a series of patches, that replace all the legacy >>>> code from v1 related to LDAP. I did some limited testing of the >>>> installer after this patch and nothing seems to break, but I didn't do >>>> replicas etc... >>>> >>>> Pavel >>> >>> nack. This breaks at least ipa-replica-manage, ipa-replica-prepare, >>> ipa-server-certinstall and ipa-replica-install. >>> >>> rob >> Fixed patch attached. >> >> Pavel > > I'm not sure if you attached the wrong patch or not (it's dated 3/24) > but things are still not working: > > # ipa-replica-install replica-info-tiger.example.com.gpg > Directory Manager (existing master) password: > > creation of replica failed: 'Env' object has no attribute 'basedn' > > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > rob Sorry for a late reply. Here's a patch that should finally work. I did a lot more testing and setting up a replica went smoothly every time. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Use-ldap2-instead-of-legacy-LDAP-code-from-v1-in-ins.patch Type: application/mbox Size: 25538 bytes Desc: not available URL: From rcritten at redhat.com Tue Apr 13 17:59:20 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 13 Apr 2010 13:59:20 -0400 Subject: [Freeipa-devel] [PATCH 14/14] Update Spanish translations In-Reply-To: <201004092304.o39N4D3h024453@int-mx03.intmail.prod.int.phx2.redhat.com> References: <201004092304.o39N4D3h024453@int-mx03.intmail.prod.int.phx2.redhat.com> Message-ID: <4BC4B0F8.1090707@redhat.com> John Dennis wrote: > pushed to master From rcritten at redhat.com Tue Apr 13 20:51:05 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 13 Apr 2010 16:51:05 -0400 Subject: [Freeipa-devel] [PATCH] Fix DNS plugin: proper output definitions, --all, dns-add-rr overwritting In-Reply-To: <4BC33157.5000606@redhat.com> References: <4BC33157.5000606@redhat.com> Message-ID: <4BC4D939.80509@redhat.com> Pavel Zuna wrote: > The DNS plugin is getting old, tired and already looking forward to his > pension in the Carribean. It will be replaced soon by a younger, faster, > safer, shorter (in terms of code) and more maintainable version. > Until that happens, here's some medicine for the old guy: > > - proper output definitions: the DNS plugin was created before we > had the has_output attribute in place > > - --all: this is related to the output definitions as > Command.get_options() adds the --all and --raw options automatically > if has_output contains entries > > - dns-add-rr overwritting: missing .lower() caused records to be > overwritten every time a new one was added from the CLI > > Pavel This looks ok but I wonder why you are defining your own Output definition instead of using the standard? The only difference seems to be that your custom one doesn't have a summary. rob From pzuna at redhat.com Wed Apr 14 13:24:46 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Wed, 14 Apr 2010 15:24:46 +0200 Subject: [Freeipa-devel] [PATCH] Fix DNS plugin: proper output definitions, --all, dns-add-rr overwritting In-Reply-To: <4BC4D939.80509@redhat.com> References: <4BC33157.5000606@redhat.com> <4BC4D939.80509@redhat.com> Message-ID: <4BC5C21E.3090603@redhat.com> On 4/13/2010 10:51 PM, Rob Crittenden wrote: > Pavel Zuna wrote: >> The DNS plugin is getting old, tired and already looking forward to his >> pension in the Carribean. It will be replaced soon by a younger, faster, >> safer, shorter (in terms of code) and more maintainable version. >> Until that happens, here's some medicine for the old guy: >> >> - proper output definitions: the DNS plugin was created before we >> had the has_output attribute in place >> >> - --all: this is related to the output definitions as >> Command.get_options() adds the --all and --raw options automatically >> if has_output contains entries >> >> - dns-add-rr overwritting: missing .lower() caused records to be >> overwritten every time a new one was added from the CLI >> >> Pavel > > This looks ok but I wonder why you are defining your own Output > definition instead of using the standard? The only difference seems to > be that your custom one doesn't have a summary. > > rob Because the standard output definitions with entries make Command plugins automatically add the --all and --raw options. dns-*-rr commands aren't comfortable with it. Pavel From rcritten at redhat.com Wed Apr 14 14:35:02 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 14 Apr 2010 10:35:02 -0400 Subject: [Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts. In-Reply-To: <4BC34100.8060303@redhat.com> References: <4B9F9B50.7070103@redhat.com> <4BA9273B.9030004@redhat.com> <4BB2092D.9090306@redhat.com> <4BB25EA5.20702@redhat.com> <4BC34100.8060303@redhat.com> Message-ID: <4BC5D296.4070200@redhat.com> Pavel Zuna wrote: > On 03/30/2010 10:27 PM, Rob Crittenden wrote: >> Pavel Zuna wrote: >>> On 03/23/2010 09:40 PM, Rob Crittenden wrote: >>>> Pavel Zuna wrote: >>>>> This is the first in a series of patches, that replace all the legacy >>>>> code from v1 related to LDAP. I did some limited testing of the >>>>> installer after this patch and nothing seems to break, but I didn't do >>>>> replicas etc... >>>>> >>>>> Pavel >>>> >>>> nack. This breaks at least ipa-replica-manage, ipa-replica-prepare, >>>> ipa-server-certinstall and ipa-replica-install. >>>> >>>> rob >>> Fixed patch attached. >>> >>> Pavel >> >> I'm not sure if you attached the wrong patch or not (it's dated 3/24) >> but things are still not working: >> >> # ipa-replica-install replica-info-tiger.example.com.gpg >> Directory Manager (existing master) password: >> >> creation of replica failed: 'Env' object has no attribute 'basedn' >> >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> rob > Sorry for a late reply. Here's a patch that should finally work. I did a > lot more testing and setting up a replica went smoothly every time. > > Pavel Lots better. I was able to create and manage replicas but ipa-dns-install isn't working: # ipa-dns-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup DNS for the FreeIPA Server. This includes: * Configure DNS (bind) To accept the default shown in brackets, press the Enter key. Existing BIND configuration detected, overwrite? [no]: y Do you wish to configure DNS forwarders? [no]: No DNS forwarders configured Directory Manager password: Unexpected error - see ipaserver-install.log for details: 'API' object has no attribute 'env_host' From rcritten at redhat.com Wed Apr 14 15:36:33 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 14 Apr 2010 11:36:33 -0400 Subject: [Freeipa-devel] [PATCH] Fix DNS plugin: proper output definitions, --all, dns-add-rr overwritting In-Reply-To: <4BC5C21E.3090603@redhat.com> References: <4BC33157.5000606@redhat.com> <4BC4D939.80509@redhat.com> <4BC5C21E.3090603@redhat.com> Message-ID: <4BC5E101.2000704@redhat.com> Pavel Z?na wrote: > On 4/13/2010 10:51 PM, Rob Crittenden wrote: >> Pavel Zuna wrote: >>> The DNS plugin is getting old, tired and already looking forward to his >>> pension in the Carribean. It will be replaced soon by a younger, faster, >>> safer, shorter (in terms of code) and more maintainable version. >>> Until that happens, here's some medicine for the old guy: >>> >>> - proper output definitions: the DNS plugin was created before we >>> had the has_output attribute in place >>> >>> - --all: this is related to the output definitions as >>> Command.get_options() adds the --all and --raw options automatically >>> if has_output contains entries >>> >>> - dns-add-rr overwritting: missing .lower() caused records to be >>> overwritten every time a new one was added from the CLI >>> >>> Pavel >> >> This looks ok but I wonder why you are defining your own Output >> definition instead of using the standard? The only difference seems to >> be that your custom one doesn't have a summary. >> >> rob > Because the standard output definitions with entries make Command > plugins automatically add the --all and --raw options. dns-*-rr commands > aren't comfortable with it. Can you be more specific? What doesn't work? rob From pzuna at redhat.com Wed Apr 14 16:12:18 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Wed, 14 Apr 2010 18:12:18 +0200 Subject: [Freeipa-devel] [PATCH] Fix DNS plugin: proper output definitions, --all, dns-add-rr overwritting In-Reply-To: <4BC5E101.2000704@redhat.com> References: <4BC33157.5000606@redhat.com> <4BC4D939.80509@redhat.com> <4BC5C21E.3090603@redhat.com> <4BC5E101.2000704@redhat.com> Message-ID: <4BC5E962.7080008@redhat.com> On 4/14/2010 5:36 PM, Rob Crittenden wrote: > Pavel Z?na wrote: >> On 4/13/2010 10:51 PM, Rob Crittenden wrote: >>> Pavel Zuna wrote: >>>> The DNS plugin is getting old, tired and already looking forward to his >>>> pension in the Carribean. It will be replaced soon by a younger, >>>> faster, >>>> safer, shorter (in terms of code) and more maintainable version. >>>> Until that happens, here's some medicine for the old guy: >>>> >>>> - proper output definitions: the DNS plugin was created before we >>>> had the has_output attribute in place >>>> >>>> - --all: this is related to the output definitions as >>>> Command.get_options() adds the --all and --raw options automatically >>>> if has_output contains entries >>>> >>>> - dns-add-rr overwritting: missing .lower() caused records to be >>>> overwritten every time a new one was added from the CLI >>>> >>>> Pavel >>> >>> This looks ok but I wonder why you are defining your own Output >>> definition instead of using the standard? The only difference seems to >>> be that your custom one doesn't have a summary. >>> >>> rob >> Because the standard output definitions with entries make Command >> plugins automatically add the --all and --raw options. dns-*-rr >> commands aren't comfortable with it. > > Can you be more specific? What doesn't work? > > rob There were conflicts with --all being defined explicitly by some of the commands. Also, dns-del-rr didn't expect any options and raised an exception when it received the automatically added --all/--raw. Anyway, I fixed those issues, so that we can use the standard definitions from ipalib/output.py. I guess I got lazy before or just wasn't thinking about it too much. :) Modified patch attached. Pavel -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Fix-DNS-plugin-proper-output-definitions-all-dns-add.patch URL: From pzuna at redhat.com Wed Apr 14 16:58:22 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Wed, 14 Apr 2010 18:58:22 +0200 Subject: [Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts. In-Reply-To: <4BC5D296.4070200@redhat.com> References: <4B9F9B50.7070103@redhat.com> <4BA9273B.9030004@redhat.com> <4BB2092D.9090306@redhat.com> <4BB25EA5.20702@redhat.com> <4BC34100.8060303@redhat.com> <4BC5D296.4070200@redhat.com> Message-ID: <4BC5F42E.5000909@redhat.com> On 4/14/2010 4:35 PM, Rob Crittenden wrote: > Pavel Zuna wrote: >> On 03/30/2010 10:27 PM, Rob Crittenden wrote: >>> Pavel Zuna wrote: >>>> On 03/23/2010 09:40 PM, Rob Crittenden wrote: >>>>> Pavel Zuna wrote: >>>>>> This is the first in a series of patches, that replace all the legacy >>>>>> code from v1 related to LDAP. I did some limited testing of the >>>>>> installer after this patch and nothing seems to break, but I >>>>>> didn't do >>>>>> replicas etc... >>>>>> >>>>>> Pavel >>>>> >>>>> nack. This breaks at least ipa-replica-manage, ipa-replica-prepare, >>>>> ipa-server-certinstall and ipa-replica-install. >>>>> >>>>> rob >>>> Fixed patch attached. >>>> >>>> Pavel >>> >>> I'm not sure if you attached the wrong patch or not (it's dated 3/24) >>> but things are still not working: >>> >>> # ipa-replica-install replica-info-tiger.example.com.gpg >>> Directory Manager (existing master) password: >>> >>> creation of replica failed: 'Env' object has no attribute 'basedn' >>> >>> Your system may be partly configured. >>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>> >>> rob >> Sorry for a late reply. Here's a patch that should finally work. I did >> a lot more testing and setting up a replica went smoothly every time. >> >> Pavel > > Lots better. I was able to create and manage replicas but > ipa-dns-install isn't working: > > # ipa-dns-install > > The log file for this installation can be found in > /var/log/ipaserver-install.log > ============================================================================== > > This program will setup DNS for the FreeIPA Server. > > This includes: > * Configure DNS (bind) > > To accept the default shown in brackets, press the Enter key. > > Existing BIND configuration detected, overwrite? [no]: y > Do you wish to configure DNS forwarders? [no]: > No DNS forwarders configured > Directory Manager password: > > Unexpected error - see ipaserver-install.log for details: > 'API' object has no attribute 'env_host' Ouch, sorry about that. New patch attached. Pavel -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Use-ldap2-instead-of-legacy-LDAP-code-from-v1-in-ins.patch URL: From pzuna at redhat.com Wed Apr 14 17:18:04 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Wed, 14 Apr 2010 19:18:04 +0200 Subject: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling. Message-ID: <4BC5F8CC.40907@redhat.com> I noticed a few bugs when DNS was reinstalling: - Service.move_service returned None, because the service entry was already in the right place - BindInstance didn't expect that. - We were passing a unicode string to python-ldap although we know it hates that. - We were catching all exception alike when modifying the "dnsserver" role group. It's no longer an error if the DNS principal is already present. I think Martin has some work in progess on the bindinstance.py file, so please don't push until he acks it. He might want to included these changes in his own patch. I had to fix these to test my own code in the installer and posted the patch to point out the bugs. Pavel -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Fix-ipa-dns-install.-It-was-failing-when-DNS-was-rei.patch URL: From rcritten at redhat.com Wed Apr 14 17:35:42 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 14 Apr 2010 13:35:42 -0400 Subject: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling. In-Reply-To: <4BC5F8CC.40907@redhat.com> References: <4BC5F8CC.40907@redhat.com> Message-ID: <4BC5FCEE.80105@redhat.com> Pavel Z?na wrote: > I noticed a few bugs when DNS was reinstalling: > > - Service.move_service returned None, because the service entry was > already in the right place - BindInstance didn't expect that. > > - We were passing a unicode string to python-ldap although we know it > hates that. > > - We were catching all exception alike when modifying the "dnsserver" > role group. It's no longer an error if the DNS principal is already > present. > > I think Martin has some work in progess on the bindinstance.py file, so > please don't push until he acks it. He might want to included these > changes in his own patch. I had to fix these to test my own code in the > installer and posted the patch to point out the bugs. Interesting. Do we want to support re-installing the DNS server? Or should we catch it and exit? Not crashing is definitely a good way to start though :-) rob From rcritten at redhat.com Thu Apr 15 18:18:19 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 15 Apr 2010 14:18:19 -0400 Subject: [Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts. In-Reply-To: <4BC5F42E.5000909@redhat.com> References: <4B9F9B50.7070103@redhat.com> <4BA9273B.9030004@redhat.com> <4BB2092D.9090306@redhat.com> <4BB25EA5.20702@redhat.com> <4BC34100.8060303@redhat.com> <4BC5D296.4070200@redhat.com> <4BC5F42E.5000909@redhat.com> Message-ID: <4BC7586B.6020508@redhat.com> Pavel Z?na wrote: > On 4/14/2010 4:35 PM, Rob Crittenden wrote: >> Pavel Zuna wrote: >>> On 03/30/2010 10:27 PM, Rob Crittenden wrote: >>>> Pavel Zuna wrote: >>>>> On 03/23/2010 09:40 PM, Rob Crittenden wrote: >>>>>> Pavel Zuna wrote: >>>>>>> This is the first in a series of patches, that replace all the >>>>>>> legacy >>>>>>> code from v1 related to LDAP. I did some limited testing of the >>>>>>> installer after this patch and nothing seems to break, but I >>>>>>> didn't do >>>>>>> replicas etc... >>>>>>> >>>>>>> Pavel >>>>>> >>>>>> nack. This breaks at least ipa-replica-manage, ipa-replica-prepare, >>>>>> ipa-server-certinstall and ipa-replica-install. >>>>>> >>>>>> rob >>>>> Fixed patch attached. >>>>> >>>>> Pavel >>>> >>>> I'm not sure if you attached the wrong patch or not (it's dated 3/24) >>>> but things are still not working: >>>> >>>> # ipa-replica-install replica-info-tiger.example.com.gpg >>>> Directory Manager (existing master) password: >>>> >>>> creation of replica failed: 'Env' object has no attribute 'basedn' >>>> >>>> Your system may be partly configured. >>>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>>> >>>> rob >>> Sorry for a late reply. Here's a patch that should finally work. I did >>> a lot more testing and setting up a replica went smoothly every time. >>> >>> Pavel >> >> Lots better. I was able to create and manage replicas but >> ipa-dns-install isn't working: >> >> # ipa-dns-install >> >> The log file for this installation can be found in >> /var/log/ipaserver-install.log >> ============================================================================== >> >> >> This program will setup DNS for the FreeIPA Server. >> >> This includes: >> * Configure DNS (bind) >> >> To accept the default shown in brackets, press the Enter key. >> >> Existing BIND configuration detected, overwrite? [no]: y >> Do you wish to configure DNS forwarders? [no]: >> No DNS forwarders configured >> Directory Manager password: >> >> Unexpected error - see ipaserver-install.log for details: >> 'API' object has no attribute 'env_host' > Ouch, sorry about that. New patch attached. > > Pavel > Still not working: root : CRITICAL Could not modify principal's krbprincipalname=DNS/lion.greyoak.com at GREYOAK.COM,cn=services,cn=accounts,dc=greyoak,dc=com entry Unexpected error - see ipaserver-install.log for details: The backtrace is: File "/usr/sbin/ipa-dns-install", line 172, in sys.exit(main()) File "/usr/sbin/ipa-dns-install", line 158, in main bind.create_instance() File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 195, in create_instance self.start_creation("Configuring named:") File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 237, in start_creation method() File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 293, in __setup_principal raise e ('expected a string in the list', u'k') rob From pzuna at redhat.com Fri Apr 16 09:39:17 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Fri, 16 Apr 2010 11:39:17 +0200 Subject: [Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts. In-Reply-To: <4BC7586B.6020508@redhat.com> References: <4B9F9B50.7070103@redhat.com> <4BA9273B.9030004@redhat.com> <4BB2092D.9090306@redhat.com> <4BB25EA5.20702@redhat.com> <4BC34100.8060303@redhat.com> <4BC5D296.4070200@redhat.com> <4BC5F42E.5000909@redhat.com> <4BC7586B.6020508@redhat.com> Message-ID: <4BC83045.4060302@redhat.com> On 4/15/2010 8:18 PM, Rob Crittenden wrote: > Pavel Z?na wrote: >> On 4/14/2010 4:35 PM, Rob Crittenden wrote: >>> Pavel Zuna wrote: >>>> On 03/30/2010 10:27 PM, Rob Crittenden wrote: >>>>> Pavel Zuna wrote: >>>>>> On 03/23/2010 09:40 PM, Rob Crittenden wrote: >>>>>>> Pavel Zuna wrote: >>>>>>>> This is the first in a series of patches, that replace all the >>>>>>>> legacy >>>>>>>> code from v1 related to LDAP. I did some limited testing of the >>>>>>>> installer after this patch and nothing seems to break, but I >>>>>>>> didn't do >>>>>>>> replicas etc... >>>>>>>> >>>>>>>> Pavel >>>>>>> >>>>>>> nack. This breaks at least ipa-replica-manage, ipa-replica-prepare, >>>>>>> ipa-server-certinstall and ipa-replica-install. >>>>>>> >>>>>>> rob >>>>>> Fixed patch attached. >>>>>> >>>>>> Pavel >>>>> >>>>> I'm not sure if you attached the wrong patch or not (it's dated 3/24) >>>>> but things are still not working: >>>>> >>>>> # ipa-replica-install replica-info-tiger.example.com.gpg >>>>> Directory Manager (existing master) password: >>>>> >>>>> creation of replica failed: 'Env' object has no attribute 'basedn' >>>>> >>>>> Your system may be partly configured. >>>>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>>>> >>>>> rob >>>> Sorry for a late reply. Here's a patch that should finally work. I did >>>> a lot more testing and setting up a replica went smoothly every time. >>>> >>>> Pavel >>> >>> Lots better. I was able to create and manage replicas but >>> ipa-dns-install isn't working: >>> >>> # ipa-dns-install >>> >>> The log file for this installation can be found in >>> /var/log/ipaserver-install.log >>> ============================================================================== >>> >>> >>> This program will setup DNS for the FreeIPA Server. >>> >>> This includes: >>> * Configure DNS (bind) >>> >>> To accept the default shown in brackets, press the Enter key. >>> >>> Existing BIND configuration detected, overwrite? [no]: y >>> Do you wish to configure DNS forwarders? [no]: >>> No DNS forwarders configured >>> Directory Manager password: >>> >>> Unexpected error - see ipaserver-install.log for details: >>> 'API' object has no attribute 'env_host' >> Ouch, sorry about that. New patch attached. >> >> Pavel >> > > Still not working: > > root : CRITICAL Could not modify principal's > krbprincipalname=DNS/lion.greyoak.com at GREYOAK.COM,cn=services,cn=accounts,dc=greyoak,dc=com > entry > Unexpected error - see ipaserver-install.log for details: > > The backtrace is: > File "/usr/sbin/ipa-dns-install", line 172, in > sys.exit(main()) > File "/usr/sbin/ipa-dns-install", line 158, in main > bind.create_instance() > File > "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", > line 195, in create_instance > self.start_creation("Configuring named:") > File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", > line 237, in start_creation > method() > File > "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", > line 293, in __setup_principal > raise e > ('expected a string in the list', u'k') > > rob This is fixed in the ipa-dns-install patch I posted yesterday. I thought this wasn't caused by the changes made by the "Use ldap2..." patch. The problem here is that we call python-ldap with a unicode string. The string is generated from api.env constants that have become unicode a month or two ago. Anyway, I can always move the fix to this problem from the ipa-dns-install patch into this one. However I need to talk to Martin about the bindinstance.py file - I'll make sure to resolve this by the end of today. Pavel From rcritten at redhat.com Fri Apr 16 14:50:51 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 16 Apr 2010 10:50:51 -0400 Subject: [Freeipa-devel] [PATCH] strip .po file suffix in translation statistics In-Reply-To: <4B7EA333.2070202@redhat.com> References: <4B7EA333.2070202@redhat.com> Message-ID: <4BC8794B.9090807@redhat.com> John Dennis wrote: > The goal is to get the statistics to line up in > columns and not exceed an 80 character line which might > cause wrapping. Removing .po suffix from the translation > name gives us 3 extra characters. Formatting problems were > observed when bn_IN.po was added. > > Instead of: > > ipa.pot has 133 messages > bn_IN.po: 14/133 10.5% 106 po untranslated, 13 missing, 119 > untranslated > id.po: 107/133 80.5% 13 po untranslated, 13 missing, 26 > untranslated > kn.po: 4/133 3.0% 116 po untranslated, 13 missing, 129 > untranslated > pl.po: 120/133 90.2% 0 po untranslated, 13 missing, 13 > untranslated > [jdennis at jdennis po]$ make msg-stats > > the statistics now read: > > ipa.pot has 133 messages > bn_IN: 14/133 10.5% 106 po untranslated, 13 missing, 119 > untranslated > id: 107/133 80.5% 13 po untranslated, 13 missing, 26 > untranslated > kn: 4/133 3.0% 116 po untranslated, 13 missing, 129 > untranslated > pl: 120/133 90.2% 0 po untranslated, 13 missing, 13 > untranslated I don't see any specific ACK or push messages for this patch but the changes are applied in any case. Just closing the loop. rob From rcritten at redhat.com Fri Apr 16 14:59:28 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 16 Apr 2010 10:59:28 -0400 Subject: [Freeipa-devel] [PATCH 10/10] Add gettext translation test using test language. In-Reply-To: <4B9AAD79.9090106@redhat.com> References: <201003121809.o2CI9RX4012890@int-mx05.intmail.prod.int.phx2.redhat.com> <4B9AA2EF.7080305@redhat.com> <4B9AAD79.9090106@redhat.com> Message-ID: <4BC87B50.9010803@redhat.com> John Dennis wrote: > On 03/12/2010 03:24 PM, Stephen Gallagher wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 03/12/2010 01:09 PM, John Dennis wrote: >>> >>> >>> >> >> Just a minor nitpick, but it's more traditional to use the notation >> $(MAKE) -C install/po test_lang >> rather than explicitly changing into that directory first. If I remember >> correctly, make will log it to the screen explicitly this way. > > O.K. good suggestion. Whoever applies the patch can make this edit under > the 1 line rule, or I'll tweak it later. > pushed to master From rcritten at redhat.com Fri Apr 16 15:04:07 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 16 Apr 2010 11:04:07 -0400 Subject: [Freeipa-devel] [PATCH] 409 configure CRL URI In-Reply-To: <4BA909EF.504@redhat.com> References: <4BA12790.9030102@redhat.com> <4BA909EF.504@redhat.com> Message-ID: <4BC87C67.70106@redhat.com> John Dennis wrote: > On 03/17/2010 03:03 PM, Rob Crittenden wrote: >> Configure the CRL URI in dogtag. >> >> Also print out a restart message after applying the custom subject. >> It takes a while to restart dogtag and this lets the user know things >> are moving forward. > > ACK > pushed to master From rcritten at redhat.com Fri Apr 16 15:05:38 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 16 Apr 2010 11:05:38 -0400 Subject: [Freeipa-devel] [PATCH] 410 enable anonymous VLV In-Reply-To: <4BA917C0.1020700@redhat.com> References: <4BA149C5.3000209@redhat.com> <4BA3C595.70601@redhat.com> <4BA3E4F9.7060007@redhat.com> <4BA917C0.1020700@redhat.com> Message-ID: <4BC87CC2.50201@redhat.com> John Dennis wrote: > On 03/19/2010 04:56 PM, Rob Crittenden wrote: >> Rob Crittenden wrote: >>> Rob Crittenden wrote: >>>> Modify the VLV aci to allow anonymous searches. This will allow >>>> Solaris clients to function properly. >>>> >>>> A similar patch will need to be committed to the freeipa-1.2 branch. >>>> >>>> rob >>> >>> I'm going to withdraw this patch and do it another way. We don't need >>> to enable this by default, only when the compat plugin is enabled. >>> >>> rob >> >> Revised patch attached. I don't see a need to enable this in all cases, >> just when the compat plugin is enabled. > > Looks harmless, ACK > pushed to master From rcritten at redhat.com Fri Apr 16 15:07:11 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 16 Apr 2010 11:07:11 -0400 Subject: [Freeipa-devel] [PATCH] Fix output of env plugin. It displayed more than it should. In-Reply-To: <4BA9F7B0.4060905@redhat.com> References: <4BA9F7B0.4060905@redhat.com> Message-ID: <4BC87D1F.2050903@redhat.com> Pavel Z?na wrote: > Some outputs were missing the 'no_display' flag. > > Pavel > ack, pushed to master From rcritten at redhat.com Fri Apr 16 17:43:39 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 16 Apr 2010 13:43:39 -0400 Subject: [Freeipa-devel] [PATCH] Add interface for baseldap plugins to register additional callbacks. In-Reply-To: <4B901053.7050203@redhat.com> References: <4B8FCE87.7080901@redhat.com> <4B8FE62D.6040101@redhat.com> <4B901053.7050203@redhat.com> Message-ID: <4BC8A1CB.70809@redhat.com> Pavel Z?na wrote: > Rob Crittenden wrote: >> Pavel Z?na wrote: >>> This is somewhat of a tech-preview patch. It works, but the whole >>> concept might need some more work/thinking done. >>> >>> It adds another way to extend plugins without resorting to the >>> versioning system. >>> >>> Until now, every baseldap command had two callbacks. The pre-callback >>> called before data was passed to python-ldap and the post-callback >>> called after. >>> >>> This patch introduces class methods, that enable the registration of >>> new pre/post callbacks. It supports top level functions as well, so >>> you don't have to touch the original class at all. >>> >>> It works likes this: >>> >>> from ipalib.plugins.user import user_show >>> >>> def test_callback(inst, ldap, dn, attrs_list, *keys, **options): >>> inst.log.info('hello callback world!') >>> attrs_list = ['uid'] # only retrieve the user name >>> return dn >>> >>> user_show.register_pre_callback(test_callback) >>> >>> The original callbacks defined in the class are always called first. >>> >>> Pavel >> >> I think I'd like another registration argument, sort of a hint on >> where you'd like this plugin registered: first or last (defaulting to >> last). We wouldn't necessarily guarantee where the plugin would get >> registered but we could easily handle prepending or appending the new >> registration. > The argument is already there, but as you said, it doesn't guarantee a > specific order. The "in-class" callback is added when the plugin > instance is created and is inserted at the beginning of the list. More > callbacks could be theoretically added later before this one, but that > probably won't happen. > >> Not sure how complicated we want this to be but we could also add a >> dependency system, so that if some other callback is registered, then >> this one comes first (or registration fails), etc. > A priority system might be better and easier to implement in this case. > I'm also thinking of making the callback signature common for all > commands (even though they have different "needs") and adding a context > variable callbacks could use to pass data to each other. > >> rob > > By the way, the approach with class methods and class attributes I'm > using is 100% compatible with the versioning system I proposed before. > You can do this for example: > > class user_show(...): > VERSION = (1, 0) > ... > > user_show.register_pre_callback(some_callback) > user.show_register_pre_callback(some_other_callback) > > class user_show(user_show): > VERSION = (1, 1) > ... > > And the new user_show class will have all the callbacks for the previous > version. Isn't that cool? Man, I love python. It's the hackers holy > grail. :D > > Pavel ack, pushed to master From pzuna at redhat.com Fri Apr 16 17:50:56 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Fri, 16 Apr 2010 19:50:56 +0200 Subject: [Freeipa-devel] [PATCH] Use escapes in DNs instead of quoting. In-Reply-To: <4BC87DC3.2000909@redhat.com> References: <4BACB040.4000206@redhat.com> <4BC87DC3.2000909@redhat.com> Message-ID: <4BC8A380.5020005@redhat.com> On 4/16/2010 5:09 PM, Rob Crittenden wrote: > Pavel Zuna wrote: >> This patch effectively removes all LDAPv2 style quoted DNs and makes >> sure we don't use them anymore. >> >> KDC doesn't seem to have any problems with LDAPv3 style DNs, but I >> kept the option to disable DN normalization for now. >> >> I also had to add a new dollar variable for LDIF files: >> $ESCAPED_SUFFIX. We need it to create entries that contain the DN of >> another entry in their own, like the account activated/inactivated CoS >> entries. >> >> what I tested: >> - playing around with password policies and CoS entries using both >> pwpolicy and pwpolicy2 >> - changing user passwords to see if the policies apply >> - re-installing IPA to see if the activated/inactived CoS entries >> where OK >> - user-lock/user-unlock >> >> The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on >> it, but won't apply without. I didn't realize before committing and >> couldn't get it back by re-basing, so... >> >> Pavel > > This fails to apply because the pwpolicy2 plugin hasn't been committed > yet. You had suggested that this patch shouldn't be applied yet. Should > I remove the pwpolicy2 part of this patch and push, rebase it, or what? > > rob I rebased the patch - attached. It no longer depends on pwpolicy2. I'm going to release an updated pwpolicy2 patch with quoting gone along with this one. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Use-escapes-in-DNs-instead-of-quoting.patch Type: application/mbox Size: 7150 bytes Desc: not available URL: From pzuna at redhat.com Fri Apr 16 17:58:54 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Fri, 16 Apr 2010 19:58:54 +0200 Subject: [Freeipa-devel] [PATCH] Add new pwpolicy plugin based on baseldap classes Message-ID: <4BC8A55E.1010204@redhat.com> Don't mind the numbering. This is a completely independent patch. It adds a new pwpolicy plugin based on baseldap.py classes. It has the same functionality as the current pwpolicy plugin, but a more clean and consistent interface, fine grained search capabilities, etc. This is actually an updated version of a patch I released some time ago, but it never got fully reviewed. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Add-new-pwpolicy-plugin-based-on-baseldap-classes.patch Type: application/mbox Size: 18697 bytes Desc: not available URL: From rcritten at redhat.com Fri Apr 16 18:24:44 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 16 Apr 2010 14:24:44 -0400 Subject: [Freeipa-devel] [PATCH] Enable LDAPObject subclasses to disable DN normalization in their methods. In-Reply-To: <4BA23201.5040208@redhat.com> References: <4B9F9AC3.9070100@redhat.com> <4B9FCD62.20301@redhat.com> <4BA23201.5040208@redhat.com> Message-ID: <4BC8AB6C.5050802@redhat.com> Pavel Z?na wrote: > Rob Crittenden wrote: >> Pavel Zuna wrote: >>> New attribute in LDAPObject: normalize_dn >>> >>> Defaults to True. If False, LDAP* methods won't normalize DNs before >>> passing them to python-ldap. >>> >>> Pavel >>> >> >> This also makes entries returned by LDAPSearch a list instead of a >> tuple. What is the purpose of that? > It enables *-find plugins to easily add/remove entries in post_callback. > >> rob > > Pavel > Ok, ack, pushed to master From rcritten at redhat.com Fri Apr 16 20:25:47 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 16 Apr 2010 16:25:47 -0400 Subject: [Freeipa-devel] [PATCH] Use escapes in DNs instead of quoting. In-Reply-To: <4BC8A380.5020005@redhat.com> References: <4BACB040.4000206@redhat.com> <4BC87DC3.2000909@redhat.com> <4BC8A380.5020005@redhat.com> Message-ID: <4BC8C7CB.9010101@redhat.com> Pavel Z?na wrote: > On 4/16/2010 5:09 PM, Rob Crittenden wrote: >> Pavel Zuna wrote: >>> This patch effectively removes all LDAPv2 style quoted DNs and makes >>> sure we don't use them anymore. >>> >>> KDC doesn't seem to have any problems with LDAPv3 style DNs, but I >>> kept the option to disable DN normalization for now. >>> >>> I also had to add a new dollar variable for LDIF files: >>> $ESCAPED_SUFFIX. We need it to create entries that contain the DN of >>> another entry in their own, like the account activated/inactivated CoS >>> entries. >>> >>> what I tested: >>> - playing around with password policies and CoS entries using both >>> pwpolicy and pwpolicy2 >>> - changing user passwords to see if the policies apply >>> - re-installing IPA to see if the activated/inactived CoS entries >>> where OK >>> - user-lock/user-unlock >>> >>> The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on >>> it, but won't apply without. I didn't realize before committing and >>> couldn't get it back by re-basing, so... >>> >>> Pavel >> >> This fails to apply because the pwpolicy2 plugin hasn't been committed >> yet. You had suggested that this patch shouldn't be applied yet. Should >> I remove the pwpolicy2 part of this patch and push, rebase it, or what? >> >> rob > I rebased the patch - attached. It no longer depends on pwpolicy2. I'm > going to release an updated pwpolicy2 patch with quoting gone along with > this one. > > Pavel I made a couple of changes to the patch: - added ESCAPED_SUFFIX to the dsinstance sub_dict so installations work - added back some extra lines to pwpolicy_del() that actually deleted the entries rob -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Use-escapes-in-DNs-instead-of-quoting.patch Type: application/mbox Size: 8302 bytes Desc: not available URL: From rcritten at redhat.com Fri Apr 16 21:39:44 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 16 Apr 2010 17:39:44 -0400 Subject: [Freeipa-devel] [PATCH] 422 reorder some things in client installer Message-ID: <4BC8D920.5060303@redhat.com> Reorder some things in the client installer - Fetch the CA cert before running certmonger - Delete entries from the keytab before removing /etc/krb5.conf - Add and remove the IPA CA to /etc/pki/nssdb rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-422-install.patch Type: application/mbox Size: 4888 bytes Desc: not available URL: From pzuna at redhat.com Mon Apr 19 09:28:07 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Mon, 19 Apr 2010 11:28:07 +0200 Subject: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling. In-Reply-To: <4BC5FCEE.80105@redhat.com> References: <4BC5F8CC.40907@redhat.com> <4BC5FCEE.80105@redhat.com> Message-ID: <4BCC2227.5040105@redhat.com> On 04/14/2010 07:35 PM, Rob Crittenden wrote: > Pavel Z?na wrote: >> I noticed a few bugs when DNS was reinstalling: >> >> - Service.move_service returned None, because the service entry was >> already in the right place - BindInstance didn't expect that. >> >> - We were passing a unicode string to python-ldap although we know it >> hates that. >> >> - We were catching all exception alike when modifying the "dnsserver" >> role group. It's no longer an error if the DNS principal is already >> present. >> >> I think Martin has some work in progess on the bindinstance.py file, >> so please don't push until he acks it. He might want to included these >> changes in his own patch. I had to fix these to test my own code in >> the installer and posted the patch to point out the bugs. > > Interesting. Do we want to support re-installing the DNS server? Or > should we catch it and exit? Not crashing is definitely a good way to > start though :-) > > rob Improved version of the patch attached. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-ipa-dns-install.-It-was-failing-when-DNS-was-rei.patch Type: application/mbox Size: 1827 bytes Desc: not available URL: From pzuna at redhat.com Mon Apr 19 12:10:27 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Mon, 19 Apr 2010 14:10:27 +0200 Subject: [Freeipa-devel] [PATCH] Use escapes in DNs instead of quoting. In-Reply-To: <4BC8C7CB.9010101@redhat.com> References: <4BACB040.4000206@redhat.com> <4BC87DC3.2000909@redhat.com> <4BC8A380.5020005@redhat.com> <4BC8C7CB.9010101@redhat.com> Message-ID: <4BCC4833.7030102@redhat.com> On 04/16/2010 10:25 PM, Rob Crittenden wrote: > Pavel Z?na wrote: >> On 4/16/2010 5:09 PM, Rob Crittenden wrote: >>> Pavel Zuna wrote: >>>> This patch effectively removes all LDAPv2 style quoted DNs and makes >>>> sure we don't use them anymore. >>>> >>>> KDC doesn't seem to have any problems with LDAPv3 style DNs, but I >>>> kept the option to disable DN normalization for now. >>>> >>>> I also had to add a new dollar variable for LDIF files: >>>> $ESCAPED_SUFFIX. We need it to create entries that contain the DN of >>>> another entry in their own, like the account activated/inactivated CoS >>>> entries. >>>> >>>> what I tested: >>>> - playing around with password policies and CoS entries using both >>>> pwpolicy and pwpolicy2 >>>> - changing user passwords to see if the policies apply >>>> - re-installing IPA to see if the activated/inactived CoS entries >>>> where OK >>>> - user-lock/user-unlock >>>> >>>> The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on >>>> it, but won't apply without. I didn't realize before committing and >>>> couldn't get it back by re-basing, so... >>>> >>>> Pavel >>> >>> This fails to apply because the pwpolicy2 plugin hasn't been committed >>> yet. You had suggested that this patch shouldn't be applied yet. Should >>> I remove the pwpolicy2 part of this patch and push, rebase it, or what? >>> >>> rob >> I rebased the patch - attached. It no longer depends on pwpolicy2. I'm >> going to release an updated pwpolicy2 patch with quoting gone along >> with this one. >> >> Pavel > > I made a couple of changes to the patch: > - added ESCAPED_SUFFIX to the dsinstance sub_dict so installations work > - added back some extra lines to pwpolicy_del() that actually deleted > the entries Oups, probably deleted those by mistake. Anyway, nice catch. Just tested it - ACK. > rob Pavel From mnagy at redhat.com Mon Apr 19 12:43:29 2010 From: mnagy at redhat.com (Martin Nagy) Date: Mon, 19 Apr 2010 14:43:29 +0200 Subject: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling. In-Reply-To: <4BCC2227.5040105@redhat.com> References: <4BC5F8CC.40907@redhat.com> <4BC5FCEE.80105@redhat.com> <4BCC2227.5040105@redhat.com> Message-ID: <1271681009.7366.415.camel@wolverine.englab.brq.redhat.com> On Mon, 2010-04-19 at 11:28 +0200, Pavel Zuna wrote: > On 04/14/2010 07:35 PM, Rob Crittenden wrote: > > Pavel Z?na wrote: > >> I noticed a few bugs when DNS was reinstalling: > >> > >> - Service.move_service returned None, because the service entry was > >> already in the right place - BindInstance didn't expect that. > >> > >> - We were passing a unicode string to python-ldap although we know it > >> hates that. > >> > >> - We were catching all exception alike when modifying the "dnsserver" > >> role group. It's no longer an error if the DNS principal is already > >> present. > >> > >> I think Martin has some work in progess on the bindinstance.py file, > >> so please don't push until he acks it. He might want to included these > >> changes in his own patch. I had to fix these to test my own code in > >> the installer and posted the patch to point out the bugs. > > > > Interesting. Do we want to support re-installing the DNS server? Or > > should we catch it and exit? Not crashing is definitely a good way to > > start though :-) > > > > rob > Improved version of the patch attached. > > Pavel Ack, pushed to master. Martin From mnagy at redhat.com Mon Apr 19 12:43:31 2010 From: mnagy at redhat.com (Martin Nagy) Date: Mon, 19 Apr 2010 14:43:31 +0200 Subject: [Freeipa-devel] [PATCH] Fix DNS plugin: proper output definitions, --all, dns-add-rr overwritting In-Reply-To: <4BC5E962.7080008@redhat.com> References: <4BC33157.5000606@redhat.com> <4BC4D939.80509@redhat.com> <4BC5C21E.3090603@redhat.com> <4BC5E101.2000704@redhat.com> <4BC5E962.7080008@redhat.com> Message-ID: <1271681011.7366.416.camel@wolverine.englab.brq.redhat.com> On Wed, 2010-04-14 at 18:12 +0200, Pavel Z?na wrote: > On 4/14/2010 5:36 PM, Rob Crittenden wrote: > > Pavel Z?na wrote: > >> On 4/13/2010 10:51 PM, Rob Crittenden wrote: > >>> Pavel Zuna wrote: > >>>> The DNS plugin is getting old, tired and already looking forward to his > >>>> pension in the Carribean. It will be replaced soon by a younger, > >>>> faster, > >>>> safer, shorter (in terms of code) and more maintainable version. > >>>> Until that happens, here's some medicine for the old guy: > >>>> > >>>> - proper output definitions: the DNS plugin was created before we > >>>> had the has_output attribute in place > >>>> > >>>> - --all: this is related to the output definitions as > >>>> Command.get_options() adds the --all and --raw options automatically > >>>> if has_output contains entries > >>>> > >>>> - dns-add-rr overwritting: missing .lower() caused records to be > >>>> overwritten every time a new one was added from the CLI > >>>> > >>>> Pavel > >>> > >>> This looks ok but I wonder why you are defining your own Output > >>> definition instead of using the standard? The only difference seems to > >>> be that your custom one doesn't have a summary. > >>> > >>> rob > >> Because the standard output definitions with entries make Command > >> plugins automatically add the --all and --raw options. dns-*-rr > >> commands aren't comfortable with it. > > > > Can you be more specific? What doesn't work? > > > > rob > There were conflicts with --all being defined explicitly by some of the > commands. Also, dns-del-rr didn't expect any options and raised an > exception when it received the automatically added --all/--raw. > > Anyway, I fixed those issues, so that we can use the standard > definitions from ipalib/output.py. I guess I got lazy before or just > wasn't thinking about it too much. :) Modified patch attached. > > Pavel Ack, pushed to master. Martin From mnagy at redhat.com Mon Apr 19 12:56:21 2010 From: mnagy at redhat.com (Martin Nagy) Date: Mon, 19 Apr 2010 14:56:21 +0200 Subject: [Freeipa-devel] [PATCHES] Delete old SRV and NS records during uninstallation Message-ID: <1271681781.7366.427.camel@wolverine.englab.brq.redhat.com> Hi, 0001 is pretty straightforward, I need it for 0002. 0002 introduces a new class DnsBackup that makes sure that any records that we might want to potentially remove (SRV and NS right now) are properly saved using sysrestore. It also takes care of removing them during the uninstallation. 0003 makes 0002 useful by allowing the user to input the admin password to ipa-server-install --uninstall and connecting to ldap. I've tested these quite a lot so hopefully there won't be any major problems with them. Thanks Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Accept-unicode-for-sysrestore.patch Type: text/x-patch Size: 976 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Delete-old-SRV-records-during-uninstallation.patch Type: text/x-patch Size: 5392 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0003-Connect-to-the-ldap-during-the-uninstallation.patch Type: text/x-patch Size: 3535 bytes Desc: not available URL: From mnagy at redhat.com Mon Apr 19 12:59:43 2010 From: mnagy at redhat.com (Martin Nagy) Date: Mon, 19 Apr 2010 14:59:43 +0200 Subject: [Freeipa-devel] [PATCH] Some more changes for DNS forwarders prompt Message-ID: <1271681983.7366.430.camel@wolverine.englab.brq.redhat.com> Hi, as per comments from David, here is the patch. David, do you think this is acceptable? Let me know if you have any more suggestions. Martin From mnagy at redhat.com Mon Apr 19 13:03:21 2010 From: mnagy at redhat.com (Martin Nagy) Date: Mon, 19 Apr 2010 15:03:21 +0200 Subject: [Freeipa-devel] [PATCH] Add forgotten trailing dots in DNS records Message-ID: <1271682201.7366.434.camel@wolverine.englab.brq.redhat.com> Hi, some of the dns records were added without the trailing '.'. Thanks to Oliver Burtchen for reporting this. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-forgotten-trailing-dots-in-DNS-records.patch Type: text/x-patch Size: 2581 bytes Desc: not available URL: From mnagy at redhat.com Mon Apr 19 13:03:57 2010 From: mnagy at redhat.com (Martin Nagy) Date: Mon, 19 Apr 2010 15:03:57 +0200 Subject: [Freeipa-devel] [PATCH] Some more changes for DNS forwarders prompt In-Reply-To: <1271681983.7366.430.camel@wolverine.englab.brq.redhat.com> References: <1271681983.7366.430.camel@wolverine.englab.brq.redhat.com> Message-ID: <1271682237.7366.435.camel@wolverine.englab.brq.redhat.com> On Mon, 2010-04-19 at 14:59 +0200, Martin Nagy wrote: > Hi, > as per comments from David, here is the patch. David, do you think this > is acceptable? Let me know if you have any more suggestions. Oops, forgot the patch, sorry. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Some-more-changes-for-DNS-forwarders-prompt.patch Type: text/x-patch Size: 1441 bytes Desc: not available URL: From pzuna at redhat.com Mon Apr 19 13:44:50 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Mon, 19 Apr 2010 15:44:50 +0200 Subject: [Freeipa-devel] [PATCH] 414 MITM compatibility fixes for dogtag In-Reply-To: <4BB2551E.3020602@redhat.com> References: <4BB2551E.3020602@redhat.com> Message-ID: <4BCC5E52.3090106@redhat.com> On 03/30/2010 09:46 PM, Rob Crittenden wrote: > dogtag has its final nss MITM fixes committed into 1.3.3. This patch > reverses the previous fixes we used, they are no longer needed. We just > need to configure an additional port (that we don't use ourselves). > > This also changes the mechanism we use to determine which security > database to use. I'm not sure why I relied on api.env.home instead of > api.env.in_tree up to now. > > rob > ack. Pavel From rcritten at redhat.com Mon Apr 19 14:04:37 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 19 Apr 2010 10:04:37 -0400 Subject: [Freeipa-devel] [PATCH] 414 MITM compatibility fixes for dogtag In-Reply-To: <4BCC5E52.3090106@redhat.com> References: <4BB2551E.3020602@redhat.com> <4BCC5E52.3090106@redhat.com> Message-ID: <4BCC62F5.7070304@redhat.com> Pavel Zuna wrote: > On 03/30/2010 09:46 PM, Rob Crittenden wrote: >> dogtag has its final nss MITM fixes committed into 1.3.3. This patch >> reverses the previous fixes we used, they are no longer needed. We just >> need to configure an additional port (that we don't use ourselves). >> >> This also changes the mechanism we use to determine which security >> database to use. I'm not sure why I relied on api.env.home instead of >> api.env.in_tree up to now. >> >> rob >> > ack. > > Pavel pushed to master From rcritten at redhat.com Mon Apr 19 14:06:21 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 19 Apr 2010 10:06:21 -0400 Subject: [Freeipa-devel] [PATCH] Use escapes in DNs instead of quoting. In-Reply-To: <4BCC4833.7030102@redhat.com> References: <4BACB040.4000206@redhat.com> <4BC87DC3.2000909@redhat.com> <4BC8A380.5020005@redhat.com> <4BC8C7CB.9010101@redhat.com> <4BCC4833.7030102@redhat.com> Message-ID: <4BCC635D.6020301@redhat.com> Pavel Zuna wrote: > On 04/16/2010 10:25 PM, Rob Crittenden wrote: >> Pavel Z?na wrote: >>> On 4/16/2010 5:09 PM, Rob Crittenden wrote: >>>> Pavel Zuna wrote: >>>>> This patch effectively removes all LDAPv2 style quoted DNs and makes >>>>> sure we don't use them anymore. >>>>> >>>>> KDC doesn't seem to have any problems with LDAPv3 style DNs, but I >>>>> kept the option to disable DN normalization for now. >>>>> >>>>> I also had to add a new dollar variable for LDIF files: >>>>> $ESCAPED_SUFFIX. We need it to create entries that contain the DN of >>>>> another entry in their own, like the account activated/inactivated CoS >>>>> entries. >>>>> >>>>> what I tested: >>>>> - playing around with password policies and CoS entries using both >>>>> pwpolicy and pwpolicy2 >>>>> - changing user passwords to see if the policies apply >>>>> - re-installing IPA to see if the activated/inactived CoS entries >>>>> where OK >>>>> - user-lock/user-unlock >>>>> >>>>> The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on >>>>> it, but won't apply without. I didn't realize before committing and >>>>> couldn't get it back by re-basing, so... >>>>> >>>>> Pavel >>>> >>>> This fails to apply because the pwpolicy2 plugin hasn't been committed >>>> yet. You had suggested that this patch shouldn't be applied yet. Should >>>> I remove the pwpolicy2 part of this patch and push, rebase it, or what? >>>> >>>> rob >>> I rebased the patch - attached. It no longer depends on pwpolicy2. I'm >>> going to release an updated pwpolicy2 patch with quoting gone along >>> with this one. >>> >>> Pavel >> >> I made a couple of changes to the patch: >> - added ESCAPED_SUFFIX to the dsinstance sub_dict so installations work >> - added back some extra lines to pwpolicy_del() that actually deleted >> the entries > Oups, probably deleted those by mistake. Anyway, nice catch. > > Just tested it - ACK. > >> rob > > Pavel pushed to master From rcritten at redhat.com Mon Apr 19 15:27:58 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 19 Apr 2010 11:27:58 -0400 Subject: [Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts. In-Reply-To: <4BC83045.4060302@redhat.com> References: <4B9F9B50.7070103@redhat.com> <4BA9273B.9030004@redhat.com> <4BB2092D.9090306@redhat.com> <4BB25EA5.20702@redhat.com> <4BC34100.8060303@redhat.com> <4BC5D296.4070200@redhat.com> <4BC5F42E.5000909@redhat.com> <4BC7586B.6020508@redhat.com> <4BC83045.4060302@redhat.com> Message-ID: <4BCC767E.5010002@redhat.com> Pavel Z?na wrote: > On 4/15/2010 8:18 PM, Rob Crittenden wrote: >> Pavel Z?na wrote: >>> On 4/14/2010 4:35 PM, Rob Crittenden wrote: >>>> Pavel Zuna wrote: >>>>> On 03/30/2010 10:27 PM, Rob Crittenden wrote: >>>>>> Pavel Zuna wrote: >>>>>>> On 03/23/2010 09:40 PM, Rob Crittenden wrote: >>>>>>>> Pavel Zuna wrote: >>>>>>>>> This is the first in a series of patches, that replace all the >>>>>>>>> legacy >>>>>>>>> code from v1 related to LDAP. I did some limited testing of the >>>>>>>>> installer after this patch and nothing seems to break, but I >>>>>>>>> didn't do >>>>>>>>> replicas etc... >>>>>>>>> >>>>>>>>> Pavel >>>>>>>> >>>>>>>> nack. This breaks at least ipa-replica-manage, ipa-replica-prepare, >>>>>>>> ipa-server-certinstall and ipa-replica-install. >>>>>>>> >>>>>>>> rob >>>>>>> Fixed patch attached. >>>>>>> >>>>>>> Pavel >>>>>> >>>>>> I'm not sure if you attached the wrong patch or not (it's dated 3/24) >>>>>> but things are still not working: >>>>>> >>>>>> # ipa-replica-install replica-info-tiger.example.com.gpg >>>>>> Directory Manager (existing master) password: >>>>>> >>>>>> creation of replica failed: 'Env' object has no attribute 'basedn' >>>>>> >>>>>> Your system may be partly configured. >>>>>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>>>>> >>>>>> rob >>>>> Sorry for a late reply. Here's a patch that should finally work. I did >>>>> a lot more testing and setting up a replica went smoothly every time. >>>>> >>>>> Pavel >>>> >>>> Lots better. I was able to create and manage replicas but >>>> ipa-dns-install isn't working: >>>> >>>> # ipa-dns-install >>>> >>>> The log file for this installation can be found in >>>> /var/log/ipaserver-install.log >>>> ============================================================================== >>>> >>>> >>>> >>>> This program will setup DNS for the FreeIPA Server. >>>> >>>> This includes: >>>> * Configure DNS (bind) >>>> >>>> To accept the default shown in brackets, press the Enter key. >>>> >>>> Existing BIND configuration detected, overwrite? [no]: y >>>> Do you wish to configure DNS forwarders? [no]: >>>> No DNS forwarders configured >>>> Directory Manager password: >>>> >>>> Unexpected error - see ipaserver-install.log for details: >>>> 'API' object has no attribute 'env_host' >>> Ouch, sorry about that. New patch attached. >>> >>> Pavel >>> >> >> Still not working: >> >> root : CRITICAL Could not modify principal's >> krbprincipalname=DNS/lion.greyoak.com at GREYOAK.COM,cn=services,cn=accounts,dc=greyoak,dc=com >> >> entry >> Unexpected error - see ipaserver-install.log for details: >> >> The backtrace is: >> File "/usr/sbin/ipa-dns-install", line 172, in >> sys.exit(main()) >> File "/usr/sbin/ipa-dns-install", line 158, in main >> bind.create_instance() >> File >> "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", >> line 195, in create_instance >> self.start_creation("Configuring named:") >> File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", >> line 237, in start_creation >> method() >> File >> "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", >> line 293, in __setup_principal >> raise e >> ('expected a string in the list', u'k') >> >> rob > This is fixed in the ipa-dns-install patch I posted yesterday. I thought > this wasn't caused by the changes made by the "Use ldap2..." patch. > > The problem here is that we call python-ldap with a unicode string. The > string is generated from api.env constants that have become unicode a > month or two ago. > > Anyway, I can always move the fix to this problem from the > ipa-dns-install patch into this one. However I need to talk to Martin > about the bindinstance.py file - I'll make sure to resolve this by the > end of today. > > Pavel With the DNS patches also applied this seems to be working ok. pushed to master From rcritten at redhat.com Mon Apr 19 20:37:02 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 19 Apr 2010 16:37:02 -0400 Subject: [Freeipa-devel] [PATCH] 396 with verbose print XML-RPC output In-Reply-To: <4B950AF8.6050405@redhat.com> References: <4B915132.9060804@redhat.com> <4B939073.1030108@redhat.com> <4B950AF8.6050405@redhat.com> Message-ID: <4BCCBEEE.3070607@redhat.com> Rob Crittenden wrote: > Martin Nagy wrote: >> On 03/05/2010 07:45 PM, Rob Crittenden wrote: >>> Connect the -v flag in the ipa command to including the XML-RPC >>> conversation in the output: >>> >>> % ipa -v user-show admin >> [snip] >> >> Rob, do you think we could use something like -vv for this? The >> XML-RPC conversation seems to be a little bit too verbose. >> >> Martin > > Hmm, maybe. verbose is currently a boolean. We could switch the option > to be a 'count' and return the number of v's. So 0 is still False, 1 is > still True and anything higher we can compare against a number. I think > that would work, I'll take a look. > > I switched the boolean -v to a counter. A single -v enables more verbose logging Two -v's enables printing the XML-RPC request rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-396-2-verbose.patch Type: application/mbox Size: 3592 bytes Desc: not available URL: From mnagy at redhat.com Tue Apr 20 05:57:01 2010 From: mnagy at redhat.com (Martin Nagy) Date: Tue, 20 Apr 2010 07:57:01 +0200 Subject: [Freeipa-devel] [PATCH] 396 with verbose print XML-RPC output In-Reply-To: <4BCCBEEE.3070607@redhat.com> References: <4B915132.9060804@redhat.com> <4B939073.1030108@redhat.com> <4B950AF8.6050405@redhat.com> <4BCCBEEE.3070607@redhat.com> Message-ID: <1271743021.7366.446.camel@wolverine.englab.brq.redhat.com> On Mon, 2010-04-19 at 16:37 -0400, Rob Crittenden wrote: > Rob Crittenden wrote: > > Martin Nagy wrote: > >> On 03/05/2010 07:45 PM, Rob Crittenden wrote: > >>> Connect the -v flag in the ipa command to including the XML-RPC > >>> conversation in the output: > >>> > >>> % ipa -v user-show admin > >> [snip] > >> > >> Rob, do you think we could use something like -vv for this? The > >> XML-RPC conversation seems to be a little bit too verbose. > >> > >> Martin > > > > Hmm, maybe. verbose is currently a boolean. We could switch the option > > to be a 'count' and return the number of v's. So 0 is still False, 1 is > > still True and anything higher we can compare against a number. I think > > that would work, I'll take a look. > > > > > > I switched the boolean -v to a counter. > > A single -v enables more verbose logging > Two -v's enables printing the XML-RPC request > > rob The patch looks good, but I think you should also modify the default in constants.py Martin From rmeggins at redhat.com Tue Apr 20 15:53:06 2010 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 20 Apr 2010 09:53:06 -0600 Subject: [Freeipa-devel] New version of 389 1.2.6.a3 available for testing Message-ID: <4BCDCDE2.1030703@redhat.com> 389 1.2.6.a3 is in the Fedora and EPEL testing repos. Please test and give us some karma if you have a chance. http://port389.org/wiki/Release_Notes Thanks! From pzuna at redhat.com Tue Apr 20 16:38:55 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Tue, 20 Apr 2010 18:38:55 +0200 Subject: [Freeipa-devel] [PATCH] Add file with example plugins/tutorial. Message-ID: <4BCDD89F.1070300@redhat.com> Note that this is still work in progress and will be finished in another patch. Specifically, it currently doesn't cover baseldap.py classes. Pavel -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Add-file-with-example-plugins-tutorial.patch URL: From rcritten at redhat.com Thu Apr 22 18:04:48 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 22 Apr 2010 14:04:48 -0400 Subject: [Freeipa-devel] [PATCH] Add file with example plugins/tutorial. In-Reply-To: <4BCDD89F.1070300@redhat.com> References: <4BCDD89F.1070300@redhat.com> Message-ID: <4BD08FC0.9080607@redhat.com> Pavel Z?na wrote: > Note that this is still work in progress and will be finished > in another patch. Specifically, it currently doesn't cover baseldap.py > classes. > > Pavel The content of this is fine and it's a great start, but do we want to put this into the plugins directory? I think we should put it into doc/examples instead. I can modify the location in the patch before I push this, just want to get some agreement before I do so. rob From jderose at redhat.com Fri Apr 23 11:16:53 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 23 Apr 2010 05:16:53 -0600 Subject: [Freeipa-devel] [PATCH] 413 fix ca location In-Reply-To: <4BB254B3.2020207@redhat.com> References: <4BB254B3.2020207@redhat.com> Message-ID: <1272021413.20450.0.camel@jgd-dsk> On Tue, 2010-03-30 at 15:44 -0400, Rob Crittenden wrote: > For consistency I had changed ca.p12 to cacert.p12 in a few places. I > missed two in ipa-replica-install. > > rob ack. pushed to master. From jderose at redhat.com Fri Apr 23 11:17:17 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 23 Apr 2010 05:17:17 -0600 Subject: [Freeipa-devel] [PATCH] 419 fix external CA installation In-Reply-To: <4BB50F3A.8020408@redhat.com> References: <4BB50F3A.8020408@redhat.com> Message-ID: <1272021437.20450.1.camel@jgd-dsk> On Thu, 2010-04-01 at 17:25 -0400, Rob Crittenden wrote: > I guess I did all my testing by passing in all arguments on the > command-line. We weren't caching them properly. > > Also fix handling of cached boolean values and require an absolute path > on the CA and certificate files passed in. > > I updated the documentation on doing an install wiht an > externally-signed CA at http://freeipa.org/page/Certificate_Authority > > rob ack. pushed to master. From jderose at redhat.com Fri Apr 23 11:17:26 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 23 Apr 2010 05:17:26 -0600 Subject: [Freeipa-devel] [PATCH] 420 use proper subject when requesting certs using certmonger In-Reply-To: <4BBA4D61.6030305@redhat.com> References: <4BBA4D61.6030305@redhat.com> Message-ID: <1272021446.20450.2.camel@jgd-dsk> On Mon, 2010-04-05 at 16:51 -0400, Rob Crittenden wrote: > When using the dogtag CA we can control what the subject of an issued > certificate is regardless of what is in the CSR, we just use the CN > value. The selfsign CA does not have this capability. The subject format > must match the configured format or certificate requests are rejected. > > The default format is CN=%s,O=IPA. certmonger by default issues requests > with just CN so all requests would fail if using the selfsign CA. > > This subject base is stored in cn=ipaconfig so we can just fetch that > value in the enrollment process and pass it to certmonger to request the > right thing. > > Note that this also fixes ipa-join to work with the new argument passing > mechanism. > > rob ack. pushed to master. From rcritten at redhat.com Fri Apr 23 14:34:14 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 23 Apr 2010 10:34:14 -0400 Subject: [Freeipa-devel] [PATCH] 423 better error messages for LDAP_OPERATION_ERRORs Message-ID: <4BD1AFE6.5030708@redhat.com> Pass around an errMesg argument so more specific errors can bubble up in the password ext operation. This will return more specific errors to users. Addresses bug 472332. e.g. $ ldapmodify -x -D "cn=directory manager" -w password < user.ldif adding new entry "uid=tuser,cn=users,cn=accounts,dc=example,dc=com" ldap_add: Operations error (1) additional info: no krbPrincipalName present in this entry rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-423-errors.patch Type: application/mbox Size: 5117 bytes Desc: not available URL: From rcritten at redhat.com Fri Apr 23 15:40:51 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 23 Apr 2010 11:40:51 -0400 Subject: [Freeipa-devel] [PATCH] 424 don't require kerberos attrs on all password changes Message-ID: <4BD1BF83.2000101@redhat.com> One could not set a password on a non-kerberos entry using ldappasswd. The password plugin was always trying to set the kerberos key as well as kerberos password policy attributes (lastpwdchange, etc). Add a test to see if the entry has kerberos objectclasses and if not then skip the kerberos code. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-424-password.patch Type: application/mbox Size: 5694 bytes Desc: not available URL: From ssorce at redhat.com Fri Apr 23 17:25:07 2010 From: ssorce at redhat.com (Simo Sorce) Date: Fri, 23 Apr 2010 13:25:07 -0400 Subject: [Freeipa-devel] [PATCH] 424 don't require kerberos attrs on all password changes In-Reply-To: <4BD1BF83.2000101@redhat.com> References: <4BD1BF83.2000101@redhat.com> Message-ID: <20100423132507.70802a28@willson.li.ssimo.org> On Fri, 23 Apr 2010 11:40:51 -0400 Rob Crittenden wrote: > One could not set a password on a non-kerberos entry using > ldappasswd. The password plugin was always trying to set the kerberos > key as well as kerberos password policy attributes (lastpwdchange, > etc). > > Add a test to see if the entry has kerberos objectclasses and if not > then skip the kerberos code. > > rob Ack, looks good. Simo. -- Simo Sorce * Red Hat, Inc * New York From ssorce at redhat.com Fri Apr 23 17:26:29 2010 From: ssorce at redhat.com (Simo Sorce) Date: Fri, 23 Apr 2010 13:26:29 -0400 Subject: [Freeipa-devel] [PATCH] 423 better error messages for LDAP_OPERATION_ERRORs In-Reply-To: <4BD1AFE6.5030708@redhat.com> References: <4BD1AFE6.5030708@redhat.com> Message-ID: <20100423132629.07456758@willson.li.ssimo.org> On Fri, 23 Apr 2010 10:34:14 -0400 Rob Crittenden wrote: > Pass around an errMesg argument so more specific errors can bubble up > in the password ext operation. This will return more specific > errors to users. Addresses bug 472332. > > e.g. > > $ ldapmodify -x -D "cn=directory manager" -w password < user.ldif > adding new entry "uid=tuser,cn=users,cn=accounts,dc=example,dc=com" > ldap_add: Operations error (1) > additional info: no krbPrincipalName present in this entry Ack Simo. -- Simo Sorce * Red Hat, Inc * New York From rcritten at redhat.com Fri Apr 23 19:22:39 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 23 Apr 2010 15:22:39 -0400 Subject: [Freeipa-devel] [PATCH] 424 don't require kerberos attrs on all password changes In-Reply-To: <20100423132507.70802a28@willson.li.ssimo.org> References: <4BD1BF83.2000101@redhat.com> <20100423132507.70802a28@willson.li.ssimo.org> Message-ID: <4BD1F37F.4020703@redhat.com> Simo Sorce wrote: > On Fri, 23 Apr 2010 11:40:51 -0400 > Rob Crittenden wrote: > >> One could not set a password on a non-kerberos entry using >> ldappasswd. The password plugin was always trying to set the kerberos >> key as well as kerberos password policy attributes (lastpwdchange, >> etc). >> >> Add a test to see if the entry has kerberos objectclasses and if not >> then skip the kerberos code. >> >> rob > > Ack, looks good. > > Simo. > > pushed to master From rcritten at redhat.com Fri Apr 23 19:22:47 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 23 Apr 2010 15:22:47 -0400 Subject: [Freeipa-devel] [PATCH] 423 better error messages for LDAP_OPERATION_ERRORs In-Reply-To: <20100423132629.07456758@willson.li.ssimo.org> References: <4BD1AFE6.5030708@redhat.com> <20100423132629.07456758@willson.li.ssimo.org> Message-ID: <4BD1F387.8020502@redhat.com> Simo Sorce wrote: > On Fri, 23 Apr 2010 10:34:14 -0400 > Rob Crittenden wrote: > >> Pass around an errMesg argument so more specific errors can bubble up >> in the password ext operation. This will return more specific >> errors to users. Addresses bug 472332. >> >> e.g. >> >> $ ldapmodify -x -D "cn=directory manager" -w password < user.ldif >> adding new entry "uid=tuser,cn=users,cn=accounts,dc=example,dc=com" >> ldap_add: Operations error (1) >> additional info: no krbPrincipalName present in this entry > > Ack > Simo. > pushed to master From rcritten at redhat.com Fri Apr 23 19:27:13 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 23 Apr 2010 15:27:13 -0400 Subject: [Freeipa-devel] [PATCH] Add forgotten trailing dots in DNS records In-Reply-To: <1271682201.7366.434.camel@wolverine.englab.brq.redhat.com> References: <1271682201.7366.434.camel@wolverine.englab.brq.redhat.com> Message-ID: <4BD1F491.4020500@redhat.com> Martin Nagy wrote: > Hi, > some of the dns records were added without the trailing '.'. Thanks to > Oliver Burtchen for reporting this. > > Martin The patch looks ok but doesn't apply to master. One question though, should we validate somewhere that api.env.host doesn't already have a trailing dot? I'm not terribly worried about this but would it badly blow things up if it did? rob From o.burtchen at gmx.de Fri Apr 23 20:15:08 2010 From: o.burtchen at gmx.de (Oliver Burtchen) Date: Fri, 23 Apr 2010 22:15:08 +0200 Subject: [Freeipa-devel] [PATCH] Add forgotten trailing dots in DNS records In-Reply-To: <4BD1F491.4020500@redhat.com> References: <1271682201.7366.434.camel@wolverine.englab.brq.redhat.com> <4BD1F491.4020500@redhat.com> Message-ID: <201004232215.09013.o.burtchen@gmx.de> Am Freitag, 23. April 2010 21:27:13 schrieb Rob Crittenden: > Martin Nagy wrote: > > Hi, > > some of the dns records were added without the trailing '.'. Thanks to > > Oliver Burtchen for reporting this. > > > > Martin > > The patch looks ok but doesn't apply to master. > > One question though, should we validate somewhere that api.env.host > doesn't already have a trailing dot? I'm not terribly worried about this > but would it badly blow things up if it did? > > rob I had the same problems. Patch does not apply to what I get here http://jdennis.fedorapeople.org/ipa- devel/fedora/12/source/SRPMS/ipa-1.91-0.2010042310git1d63509.fc12.src.rpm but if i git clone freeipa, it applys. There is a difference at least in file ipaserver/install/bindinstance.py at line 118. Hope this helps, best regards, Oli -- Oliver Burtchen, Berlin From rcritten at redhat.com Fri Apr 23 20:30:20 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 23 Apr 2010 16:30:20 -0400 Subject: [Freeipa-devel] [PATCH] Add forgotten trailing dots in DNS records In-Reply-To: <201004232215.09013.o.burtchen@gmx.de> References: <1271682201.7366.434.camel@wolverine.englab.brq.redhat.com> <4BD1F491.4020500@redhat.com> <201004232215.09013.o.burtchen@gmx.de> Message-ID: <4BD2035C.7070605@redhat.com> Oliver Burtchen wrote: > Am Freitag, 23. April 2010 21:27:13 schrieb Rob Crittenden: >> Martin Nagy wrote: >>> Hi, >>> some of the dns records were added without the trailing '.'. Thanks to >>> Oliver Burtchen for reporting this. >>> >>> Martin >> The patch looks ok but doesn't apply to master. >> >> One question though, should we validate somewhere that api.env.host >> doesn't already have a trailing dot? I'm not terribly worried about this >> but would it badly blow things up if it did? >> >> rob > > I had the same problems. Patch does not apply to what I get here > > http://jdennis.fedorapeople.org/ipa- > devel/fedora/12/source/SRPMS/ipa-1.91-0.2010042310git1d63509.fc12.src.rpm > > but if i git clone freeipa, it applys. > > There is a difference at least in file ipaserver/install/bindinstance.py at line > 118. > > Hope this helps, > best regards, > Oli > > This is due to some previous patches it relies on. I'm reviewing those now. rob From rcritten at redhat.com Fri Apr 23 21:20:26 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 23 Apr 2010 17:20:26 -0400 Subject: [Freeipa-devel] [PATCHES] Delete old SRV and NS records during uninstallation In-Reply-To: <1271681781.7366.427.camel@wolverine.englab.brq.redhat.com> References: <1271681781.7366.427.camel@wolverine.englab.brq.redhat.com> Message-ID: <4BD20F1A.7020504@redhat.com> Martin Nagy wrote: > Hi, > 0001 is pretty straightforward, I need it for 0002. > 0002 introduces a new class DnsBackup that makes sure that any records > that we might want to potentially remove (SRV and NS right now) are > properly saved using sysrestore. It also takes care of removing them > during the uninstallation. > 0003 makes 0002 useful by allowing the user to input the admin password > to ipa-server-install --uninstall and connecting to ldap. > > I've tested these quite a lot so hopefully there won't be any major > problems with them. > > Thanks > Martin ack x3 pushed to master From rcritten at redhat.com Fri Apr 23 21:20:59 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 23 Apr 2010 17:20:59 -0400 Subject: [Freeipa-devel] [PATCH] Add forgotten trailing dots in DNS records In-Reply-To: <4BD2035C.7070605@redhat.com> References: <1271682201.7366.434.camel@wolverine.englab.brq.redhat.com> <4BD1F491.4020500@redhat.com> <201004232215.09013.o.burtchen@gmx.de> <4BD2035C.7070605@redhat.com> Message-ID: <4BD20F3B.8040509@redhat.com> Rob Crittenden wrote: > Oliver Burtchen wrote: >> Am Freitag, 23. April 2010 21:27:13 schrieb Rob Crittenden: >>> Martin Nagy wrote: >>>> Hi, >>>> some of the dns records were added without the trailing '.'. Thanks to >>>> Oliver Burtchen for reporting this. >>>> >>>> Martin >>> The patch looks ok but doesn't apply to master. >>> >>> One question though, should we validate somewhere that api.env.host >>> doesn't already have a trailing dot? I'm not terribly worried about this >>> but would it badly blow things up if it did? >>> >>> rob >> >> I had the same problems. Patch does not apply to what I get here >> >> http://jdennis.fedorapeople.org/ipa- >> devel/fedora/12/source/SRPMS/ipa-1.91-0.2010042310git1d63509.fc12.src.rpm >> >> but if i git clone freeipa, it applys. >> >> There is a difference at least in file >> ipaserver/install/bindinstance.py at line 118. >> >> Hope this helps, >> best regards, >> Oli >> >> > > This is due to some previous patches it relies on. I'm reviewing those now. > It applies now, ack, pushed to master. rob From rcritten at redhat.com Fri Apr 23 21:22:07 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 23 Apr 2010 17:22:07 -0400 Subject: [Freeipa-devel] [PATCH] Some more changes for DNS forwarders prompt In-Reply-To: <1271682237.7366.435.camel@wolverine.englab.brq.redhat.com> References: <1271681983.7366.430.camel@wolverine.englab.brq.redhat.com> <1271682237.7366.435.camel@wolverine.englab.brq.redhat.com> Message-ID: <4BD20F7F.7060700@redhat.com> Martin Nagy wrote: > On Mon, 2010-04-19 at 14:59 +0200, Martin Nagy wrote: >> Hi, >> as per comments from David, here is the patch. David, do you think this >> is acceptable? Let me know if you have any more suggestions. > > Oops, forgot the patch, sorry. > Martin > Ack, pushed to master. From rcritten at redhat.com Mon Apr 26 19:53:52 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 26 Apr 2010 15:53:52 -0400 Subject: [Freeipa-devel] [PATCH] 425 client installer fixes Message-ID: <4BD5EF50.3090201@redhat.com> This addresses a couple of minor client issues I discovered: - Don't run nscd with sssd. nscd conflicts with the sssd caching - Set the minimum version of sssd to 1.1.1 to pick up a needed hbac fix. I did some basic hbac testing and it seems to work ok. - Don't try to read the IPA configuration if the server is passed on the command-line. Chances are this file doesn't exist so an error will be displayed. So no need to confuse things if we already have the data we need to enroll. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-425-client.patch Type: application/mbox Size: 5801 bytes Desc: not available URL: From rcritten at redhat.com Mon Apr 26 21:43:01 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 26 Apr 2010 17:43:01 -0400 Subject: [Freeipa-devel] [PATCH] 426 fix output Message-ID: <4BD608E5.2020708@redhat.com> Summaries were printing as "Gettext(...)". Embedded dictionaries were just a dump because we weren't passing in the list of labels. Now things like -add-member looks right again. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-426-output.patch Type: application/mbox Size: 1711 bytes Desc: not available URL: From pzuna at redhat.com Tue Apr 27 12:12:34 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Tue, 27 Apr 2010 14:12:34 +0200 Subject: [Freeipa-devel] [PATCH] Add file with example plugins/tutorial. In-Reply-To: <4BD08FC0.9080607@redhat.com> References: <4BCDD89F.1070300@redhat.com> <4BD08FC0.9080607@redhat.com> Message-ID: <4BD6D4B2.7090409@redhat.com> On 04/22/2010 08:04 PM, Rob Crittenden wrote: > Pavel Z?na wrote: >> Note that this is still work in progress and will be finished >> in another patch. Specifically, it currently doesn't cover baseldap.py >> classes. >> >> Pavel > > The content of this is fine and it's a great start, but do we want to > put this into the plugins directory? > > I think we should put it into doc/examples instead. > > I can modify the location in the patch before I push this, just want to > get some agreement before I do so. > > rob Hmm. Not sure about this. It doesn't matter that much to me, but it makes sense to put it in the plugins directory, so that potential plugin authors can just uncomment the api.register(...) lines and try to run example plugins without additional work. Either way is fine with me. Pavel From pzuna at redhat.com Tue Apr 27 14:46:25 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Tue, 27 Apr 2010 16:46:25 +0200 Subject: [Freeipa-devel] [PATCH] Replace a new instance of IPAdmin use in ipa-server-install. Message-ID: <4BD6F8C1.2020202@redhat.com> This patch removes a new instance of IPAdmin use in ipa-server-install introduced by a recent patch. It also fixes exception handling in ldap2.create_connection. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: pzuna-freeipa-0001-install.patch Type: application/mbox Size: 3743 bytes Desc: not available URL: From rcritten at redhat.com Tue Apr 27 19:49:59 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 27 Apr 2010 15:49:59 -0400 Subject: [Freeipa-devel] [PATCH] Add new pwpolicy plugin based on baseldap classes In-Reply-To: <4BC8A55E.1010204@redhat.com> References: <4BC8A55E.1010204@redhat.com> Message-ID: <4BD73FE7.6050508@redhat.com> Pavel Z?na wrote: > Don't mind the numbering. This is a completely independent patch. > > It adds a new pwpolicy plugin based on baseldap.py classes. It has the > same functionality as the current pwpolicy plugin, but a more clean and > consistent interface, fine grained search capabilities, etc. > > This is actually an updated version of a patch I released some time ago, > but it never got fully reviewed. > > Pavel The original pwpolicy module took group policy via the --group option, yours takes group as the first argument (if any). My thought on this was that at some point someone would want per-user password policy so we could add a --user option. If this isn't forseen as needed then using the first argument for group is probably easier to grok. Had a failure: $ ./ipa pwpolicy2-mod g1 --priority=2 ipa: ERROR: an internal error has occurred File "/home/rcrit/redhat/freeipa-ca/ipalib/plugins/pwpolicy2.py", line 99, in pre_callback del entry_attrs['cn'] KeyError: 'cn' rob From dpal at redhat.com Tue Apr 27 20:27:41 2010 From: dpal at redhat.com (Dmitri Pal) Date: Tue, 27 Apr 2010 16:27:41 -0400 Subject: [Freeipa-devel] [PATCH] Add new pwpolicy plugin based on baseldap classes In-Reply-To: <4BD73FE7.6050508@redhat.com> References: <4BC8A55E.1010204@redhat.com> <4BD73FE7.6050508@redhat.com> Message-ID: <4BD748BD.2060700@redhat.com> Rob Crittenden wrote: > Pavel Z?na wrote: >> Don't mind the numbering. This is a completely independent patch. >> >> It adds a new pwpolicy plugin based on baseldap.py classes. It has >> the same functionality as the current pwpolicy plugin, but a more >> clean and consistent interface, fine grained search capabilities, etc. >> >> This is actually an updated version of a patch I released some time >> ago, but it never got fully reviewed. >> >> Pavel > > The original pwpolicy module took group policy via the --group option, > yours takes group as the first argument (if any). My thought on this > was that at some point someone would want per-user password policy so > we could add a --user option. If this isn't forseen as needed then > using the first argument for group is probably easier to grok. > I agree with Rob's approach. We migh want to have a more granular pwd policy in future. > Had a failure: > $ ./ipa pwpolicy2-mod g1 --priority=2 > ipa: ERROR: an internal error has occurred > > File "/home/rcrit/redhat/freeipa-ca/ipalib/plugins/pwpolicy2.py", > line 99, in pre_callback > del entry_attrs['cn'] > KeyError: 'cn' > > rob > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From rcritten at redhat.com Tue Apr 27 20:28:54 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 27 Apr 2010 16:28:54 -0400 Subject: [Freeipa-devel] [PATCH] Replace a new instance of IPAdmin use in ipa-server-install. In-Reply-To: <4BD6F8C1.2020202@redhat.com> References: <4BD6F8C1.2020202@redhat.com> Message-ID: <4BD74906.5000507@redhat.com> Pavel Zuna wrote: > This patch removes a new instance of IPAdmin use in ipa-server-install > introduced by a recent patch. It also fixes exception handling in > ldap2.create_connection. > > Pavel > ack, pushed to master From rcritten at redhat.com Tue Apr 27 20:33:55 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 27 Apr 2010 16:33:55 -0400 Subject: [Freeipa-devel] [PATCH] Add file with example plugins/tutorial. In-Reply-To: <4BD6D4B2.7090409@redhat.com> References: <4BCDD89F.1070300@redhat.com> <4BD08FC0.9080607@redhat.com> <4BD6D4B2.7090409@redhat.com> Message-ID: <4BD74A33.5070807@redhat.com> Pavel Zuna wrote: > On 04/22/2010 08:04 PM, Rob Crittenden wrote: >> Pavel Z?na wrote: >>> Note that this is still work in progress and will be finished >>> in another patch. Specifically, it currently doesn't cover baseldap.py >>> classes. >>> >>> Pavel >> >> The content of this is fine and it's a great start, but do we want to >> put this into the plugins directory? >> >> I think we should put it into doc/examples instead. >> >> I can modify the location in the patch before I push this, just want to >> get some agreement before I do so. >> >> rob > Hmm. Not sure about this. It doesn't matter that much to me, but it > makes sense to put it in the plugins directory, so that potential plugin > authors can just uncomment the api.register(...) lines and try to run > example plugins without additional work. > > Either way is fine with me. > > Pavel Moved to doc/examples, pushed to master From rcritten at redhat.com Wed Apr 28 14:24:01 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 28 Apr 2010 10:24:01 -0400 Subject: [Freeipa-devel] [PATCH] 427 remove duplicate schema Message-ID: <4BD84501.9050408@redhat.com> Newer versions of 389-ds provide this certificate schema so we don't need to provide it any more. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-427-schema.patch Type: application/mbox Size: 3408 bytes Desc: not available URL: From rmeggins at redhat.com Wed Apr 28 15:23:42 2010 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 28 Apr 2010 09:23:42 -0600 Subject: [Freeipa-devel] [PATCH] 427 remove duplicate schema In-Reply-To: <4BD84501.9050408@redhat.com> References: <4BD84501.9050408@redhat.com> Message-ID: <4BD852FE.2050209@redhat.com> Rob Crittenden wrote: > Newer versions of 389-ds provide this certificate schema so we don't > need to provide it any more. > > rob ack > ------------------------------------------------------------------------ > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From rcritten at redhat.com Thu Apr 29 21:38:18 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 29 Apr 2010 17:38:18 -0400 Subject: [Freeipa-devel] [PATCH] 428 set socket reuse Message-ID: <4BD9FC4A.7080808@redhat.com> Set SO_REUSEADDR when determining socket availability The old perl DS code for detection didn't set this so was often confused about port availability. We had to match their behavior so the installation didn't blow up. They fixed this a while ago, this catches us up. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-428-install.patch Type: application/mbox Size: 1361 bytes Desc: not available URL: From rcritten at redhat.com Thu Apr 29 21:38:56 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 29 Apr 2010 17:38:56 -0400 Subject: [Freeipa-devel] [PATCH] 429 enhance installer/uninstaller Message-ID: <4BD9FC70.5040603@redhat.com> We have had a state file for quite some time that is used to return the system to its pre-install state. We can use that to determine what has been configured. This patch: - uses the state file to determine if dogtag was installed - prevents someone from trying to re-install an installed server - displays some output when uninstalling - re-arranges the ipa_kpasswd installation so the state is properly saved - removes pkiuser if it was added by the installer - fetches and installs the CA on both masters and clients rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-429-install.patch Type: application/mbox Size: 11543 bytes Desc: not available URL: From rcritten at redhat.com Fri Apr 30 14:08:20 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 30 Apr 2010 10:08:20 -0400 Subject: [Freeipa-devel] [PATCH] 427 remove duplicate schema In-Reply-To: <4BD852FE.2050209@redhat.com> References: <4BD84501.9050408@redhat.com> <4BD852FE.2050209@redhat.com> Message-ID: <4BDAE454.10806@redhat.com> Rich Megginson wrote: > Rob Crittenden wrote: >> Newer versions of 389-ds provide this certificate schema so we don't >> need to provide it any more. >> >> rob > ack >> pushed to master From rcritten at redhat.com Fri Apr 30 16:04:35 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 30 Apr 2010 12:04:35 -0400 Subject: [Freeipa-devel] [PATCH] 430 AccessTime tests Message-ID: <4BDAFF93.8040101@redhat.com> I added some tests for the AccessTime parameter type. During test development I fixed a few bugs in the parameter and hopefully added some improved error messages to nudge the user in the right direction. The time syntax is quite difficult to understand. I noticed that the 'weekly' periodic type wasn't implemented. I'm not sure if this was an oversight or not. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-430-access.patch Type: application/mbox Size: 5254 bytes Desc: not available URL: