From nalin at redhat.com Wed Sep 1 14:42:41 2010 From: nalin at redhat.com (Nalin Dahyabhai) Date: Wed, 1 Sep 2010 10:42:41 -0400 Subject: [Freeipa-devel] [patch] syntax error fix Message-ID: <20100901144241.GA2834@redhat.com> We've got a syntax error in ipapython/ipautil.py that's being caught by the byte-compile policy in Fedora: SyntaxError: ('invalid syntax', ('/usr/lib/python2.6/site-packages/ipapython/ipautil.py', 126, 5, ' * to log. Run through the nolog items.\n')) Nalin -------------- next part -------------- diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 4d07bb6..9a3e8a6 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -123,7 +123,7 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None): stdout,stderr = p.communicate() # The command and its output may include passwords that we don't want - * to log. Run through the nolog items. + # to log. Run through the nolog items. args = ' '.join(args) for value in nolog: args = args.replace(value, 'XXXXXXXX') From ayoung at redhat.com Wed Sep 1 15:35:02 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 01 Sep 2010 11:35:02 -0400 Subject: [Freeipa-devel] [patch] syntax error fix In-Reply-To: <20100901144241.GA2834@redhat.com> References: <20100901144241.GA2834@redhat.com> Message-ID: <4C7E72A6.3030406@redhat.com> On 09/01/2010 10:42 AM, Nalin Dahyabhai wrote: > We've got a syntax error in ipapython/ipautil.py that's being caught by > the byte-compile policy in Fedora: > > SyntaxError: ('invalid syntax', ('/usr/lib/python2.6/site-packages/ipapython/ipautil.py', 126, 5, ' * to log. Run through the nolog items.\n')) > > Nalin > > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel Ack -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Wed Sep 1 15:37:02 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 01 Sep 2010 11:37:02 -0400 Subject: [Freeipa-devel] [PATCH] 519 make ipactl smarter In-Reply-To: <4C7D74F3.5070507@redhat.com> References: <4C7D74F3.5070507@redhat.com> Message-ID: <4C7E731E.9050808@redhat.com> On 08/31/2010 05:32 PM, Rob Crittenden wrote: > ipactl was a quickie thing I threw together at the end of v1 and it > wasn't all too bright. This tries to fix things up and work around > some init script issues. > > The init scripts returns a 1 both if the service isn't running and if > it is not running but there is a pid file lying around. I check for > this and make a new return value, 4, to represent stopped. > > Using this I can better tell what the current state of affairs is and > just stop/start those services that are actually running. > > I added named to the list of services we track. > > rob > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel Probably shouldn't be using magic constants. I'd recommend replacing them with strings. Other than that, Ack -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Wed Sep 1 15:41:56 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 01 Sep 2010 11:41:56 -0400 Subject: [Freeipa-devel] [PATCH] 518 handle errors in uninstall better In-Reply-To: <4C7D73D4.1000804@redhat.com> References: <4C7D73D4.1000804@redhat.com> Message-ID: <4C7E7444.9080603@redhat.com> On 08/31/2010 05:27 PM, Rob Crittenden wrote: > # Always start certmonger. We can't untrack something if it isn't > Is this really necessary? This is the only thing that jumped out at me in the patch. Assuming it really is: Ack From ayoung at redhat.com Wed Sep 1 16:04:01 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 01 Sep 2010 12:04:01 -0400 Subject: [Freeipa-devel] [patch] syntax error fix In-Reply-To: <4C7E72A6.3030406@redhat.com> References: <20100901144241.GA2834@redhat.com> <4C7E72A6.3030406@redhat.com> Message-ID: <4C7E7971.4000601@redhat.com> On 09/01/2010 11:35 AM, Adam Young wrote: > On 09/01/2010 10:42 AM, Nalin Dahyabhai wrote: >> We've got a syntax error in ipapython/ipautil.py that's being caught by >> the byte-compile policy in Fedora: >> >> SyntaxError: ('invalid syntax', ('/usr/lib/python2.6/site-packages/ipapython/ipautil.py', 126, 5, ' * to log. Run through the nolog items.\n')) >> >> Nalin >> >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > Ack > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel Pushed to master -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Wed Sep 1 16:28:01 2010 From: dpal at redhat.com (Dmitri Pal) Date: Wed, 01 Sep 2010 12:28:01 -0400 Subject: [Freeipa-devel] [PATCH] 518 handle errors in uninstall better In-Reply-To: <4C7E7444.9080603@redhat.com> References: <4C7D73D4.1000804@redhat.com> <4C7E7444.9080603@redhat.com> Message-ID: <4C7E7F11.7010407@redhat.com> Adam Young wrote: > On 08/31/2010 05:27 PM, Rob Crittenden wrote: >> # Always start certmonger. We can't untrack something if it isn't > Is this really necessary? This is the only thing that jumped out at me > in the patch. > > Assuming it really is: Ack > I have not looked at the patch but I suspect that it is related to the fact that we plan to automatically track the expiration of the certs issued to the server itself. So yes we need to have certmonger running all the time thus comment makes sense to me. > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From ayoung at redhat.com Thu Sep 2 17:29:07 2010 From: ayoung at redhat.com (Adam Young) Date: Thu, 02 Sep 2010 13:29:07 -0400 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0019-associations.patch Message-ID: <4C7FDEE3.30203@redhat.com> This patch is primarily concerned with getting associations to work, but all contains some refactorings: Associations work for hostgroups->hosts groups->users and continue to work for users->groups The name of the sampledata file is implied from the ipa command method. Since a missing sampledata file means that the ipa command fails, this patch contains smaple data for the 'adds' and 'assign' calls that we could skip before. Started pulling the various facets into an object structure to simplify and reduce the chances of bugs in dispatch. Visual diff is here: https://fedorahosted.org/freeipa/attachment/ticket/104/admiyo-freeipa-0019-associations.patch -------------- next part -------------- A non-text attachment was scrubbed... Name: admiyo-freeipa-0019-associations.patch Type: text/x-patch Size: 52166 bytes Desc: not available URL: From ayoung at redhat.com Fri Sep 3 15:25:49 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 03 Sep 2010 11:25:49 -0400 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0019-associations.patch In-Reply-To: <4C7FDEE3.30203@redhat.com> References: <4C7FDEE3.30203@redhat.com> Message-ID: <4C81137D.9030104@redhat.com> Updated version that provides the means to overload the method called. This was requested by edewata to support services. I also simplified some of the internal code . https://fedorahosted.org/freeipa/attachment/ticket/104/admiyo-freeipa-0019-2-associations.patch -------------- next part -------------- A non-text attachment was scrubbed... Name: admiyo-freeipa-0019-2-associations.patch Type: text/x-patch Size: 52643 bytes Desc: not available URL: From edewata at redhat.com Fri Sep 3 21:20:09 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Fri, 3 Sep 2010 17:20:09 -0400 (EDT) Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0019-associations.patch In-Reply-To: <807091592.1368241283548771152.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <1731996620.1368291283548809399.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Hi Adam, Thanks for the update. I found a problem, the "this.pkey" in the callback function below is undefined so it won't load the values back in the details page. diff --git a/install/static/associate.js b/install/static/associate.js index dabc76c..ae1f4af 100644 --- a/install/static/associate.js +++ b/install/static/associate.js @@ -90,10 +90,10 @@ function BulkAssociator(form, pkey, manyObjPkeys){ function(response){ var qs = ipa_parse_qs(); if (response.error){ - alert("error adding memeber"); + alert("error adding member"); }else{ location.hash="tab=" +form.oneObj - +"&facet=details&pkey="+this.pkey; + +"&facet=details&pkey="+pkey; } }, function(response){ Attached is the service tab I've been working on. Sometimes the enrollment page doesn't work quite right. When I click "Find" it will show the available hosts, but sometimes it would replace the list immediately with the list of available users. Probably the previous "click" handler still got called somehow. -- Endi S. Dewata ----- "Adam Young" wrote: > Updated version that provides the means to overload the method called. > > This was requested by edewata to support services. I also simplified > > some of the internal code . > > https://fedorahosted.org/freeipa/attachment/ticket/104/admiyo-freeipa-0019-2-associations.patch > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Added-Services-tab.patch Type: text/x-patch Size: 10207 bytes Desc: not available URL: From ayoung at redhat.com Sat Sep 4 01:55:28 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 03 Sep 2010 21:55:28 -0400 Subject: [Freeipa-devel] [PATCH] gettext proof of concept Message-ID: <4C81A710.9050307@redhat.com> These translations were done by Google translate, and have not been reviewed by people who speak the languages. Only the user search page has been translated http://admiyo.fedorapeople.org/ipa/static/index.xhtml http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=es http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=he http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=id http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=ru You might need to his ctrl-shift-r to see the different languages. -------------- next part -------------- A non-text attachment was scrubbed... Name: admiyo-freeipa-0020-gettext.patch Type: text/x-patch Size: 17232 bytes Desc: not available URL: From ayoung at redhat.com Sat Sep 4 02:29:26 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 03 Sep 2010 22:29:26 -0400 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0019-associations.patch In-Reply-To: <1731996620.1368291283548809399.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <1731996620.1368291283548809399.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C81AF06.2060206@redhat.com> You are right. the 'this' pointer always gets overridden, so it has to be assigtned to a nother variable name in order to get used in a closure. Here's an updated patch On 09/03/2010 05:20 PM, Endi Sukma Dewata wrote: > Hi Adam, > > Thanks for the update. I found a problem, the "this.pkey" in the > callback function below is undefined so it won't load the values back > in the details page. > > diff --git a/install/static/associate.js b/install/static/associate.js > index dabc76c..ae1f4af 100644 > --- a/install/static/associate.js > +++ b/install/static/associate.js > @@ -90,10 +90,10 @@ function BulkAssociator(form, pkey, manyObjPkeys){ > function(response){ > var qs = ipa_parse_qs(); > if (response.error){ > - alert("error adding memeber"); > + alert("error adding member"); > }else{ > location.hash="tab=" +form.oneObj > - +"&facet=details&pkey="+this.pkey; > + +"&facet=details&pkey="+pkey; > } > }, > function(response){ > > Attached is the service tab I've been working on. Sometimes the > enrollment page doesn't work quite right. When I click "Find" it > will show the available hosts, but sometimes it would replace the > list immediately with the list of available users. Probably the > previous "click" handler still got called somehow. > > -- > Endi S. Dewata > > ----- "Adam Young" wrote: > > >> Updated version that provides the means to overload the method called. >> >> This was requested by edewata to support services. I also simplified >> >> some of the internal code . >> >> https://fedorahosted.org/freeipa/attachment/ticket/104/admiyo-freeipa-0019-2-associations.patch >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel >> -------------- next part -------------- A non-text attachment was scrubbed... Name: admiyo-freeipa-0019-3-associations.patch Type: text/x-patch Size: 370737 bytes Desc: not available URL: From ayoung at redhat.com Tue Sep 7 01:55:52 2010 From: ayoung at redhat.com (Adam Young) Date: Mon, 06 Sep 2010 21:55:52 -0400 Subject: [Freeipa-devel] gettext proof of concept : My hovercraft is full of eels In-Reply-To: <4C81A710.9050307@redhat.com> References: <4C81A710.9050307@redhat.com> Message-ID: <4C859BA8.7020305@redhat.com> On 09/03/2010 09:55 PM, Adam Young wrote: > These translations were done by Google translate, and have not been > reviewed by people who speak the languages. > Only the user search page has been translated > > http://admiyo.fedorapeople.org/ipa/static/index.xhtml > http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=es > http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=he > http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=id > http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=ru > > > You might need to his ctrl-shift-r to see the different languages. > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel When I think about I18N, I tend to try to cover a couple types of language. The set of languages covered above covers: English as a default, Spanish, as a Language that falls primarily into the latin character set, but with difference. (Indonesian falls into this as well.) Russian using the Cyrillic Character set Hebrew as a Right to left language with a completly non-latin character set Chinese as A multibyte character set. I typoed the two character code as cz. It should be zh. http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=cz I find I have to do a ctrl-shift-r to see the new language. Each language is basically a hashmap, with a top level hashmap key on the language name as a two letter code: hence the lang=es. A couple comments on jquery.gettext.js: It makes you load in all of the languages up front. I'de prefer to do this on demand, as the number of languages we can potentially support could be fairly high, and there is no reason to make the user wait through the lengthy file-per-languages fetch. Instead, the logic should be something like: load the index.xhtml page. User might see the keys for fields like "logged in as", or we can use the Engliash values as defaults. The "whoami" plugin should return the users role and language preference. With these two pieces of informtaion, we can properly render the tabs. If we really wanted to optimize, we could send the language map down at this point as well. This starts to step on the toes of the json-metadata call. Since that seems to be necessary at all times, I wonder if we can change that from a JSON call to something like: Instead of waiting for it to finish fetching at the ipa_init time. Of course, we could do something similar with the whoami call. In jquery.gettext.js the language selection is driven off the language set in the document. I've overridden this by explicitly setting the language based on the query param, although this is not how we should be getting this value. If the value is not set by the user preferences, then it should be a default for the site, and the user should be able to over ride it as a settable preference. Once we have the value, we can cache it in a cookie along with the other whoami info. gettext does not seem to have a default language implementation. I see some reference in the code to a "C" locale, but there doesn't seem to be any further documentation about how to specify the values for this locale. NOte: since the language is currently specified with a two letter code, we have no way of distinguishing between traditional and simplified chinese. I know that typically this is done via the country specifier in the locale, with Taiwan using traditional and PRC using simplified. I don't know if this is what Scott is implying we do when he says we need to suport traditional and simplified Chinese. If so, we'll need to expand the implementation to cover the country code. There are a slew of I18N libraries for Javascript. gettext may not be the best choice, but there is no clean leader at this point. We can generate just about all of en.json from the code and documentation. We might even be able to automate this. Once we get this project trnaslated, this will be a very valuable set of translations, sort of a Rosetta stone for computer systems. Actually, this might have been done by other projects, and we could possibly leverage the work done on them. Making it easy for Fedora users to specify a better translation, or translation for another language would be a great way to pull less technical community members in to be contributors. Aside from the set of languages that we need for RHEL 6 we should be able to support the set of languages I listed above either inside the team, or with minimal help from people outside the team but on related projects. Obviously, If you are a team member and speak a language other than English, you should help out with the translation for that language. I can "own" getting people to cover Hebrew -------------- next part -------------- An HTML attachment was scrubbed... URL: From davido at redhat.com Tue Sep 7 09:41:36 2010 From: davido at redhat.com (David O'Brien) Date: Tue, 07 Sep 2010 19:41:36 +1000 Subject: [Freeipa-devel] gettext proof of concept : My hovercraft is full of eels In-Reply-To: <4C859BA8.7020305@redhat.com> References: <4C81A710.9050307@redhat.com> <4C859BA8.7020305@redhat.com> Message-ID: <4C8608D0.3020309@redhat.com> Adam Young wrote: > On 09/03/2010 09:55 PM, Adam Young wrote: >> These translations were done by Google translate, and have not been >> reviewed by people who speak the languages. >> Only the user search page has been translated >> >> http://admiyo.fedorapeople.org/ipa/static/index.xhtml >> http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=es >> http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=he >> http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=id >> http://admiyo.fedorapeople.org/ipa/static/index.xhtml#lang=ru >> > > NOte: since the language is currently specified with a two letter code, > we have no way of distinguishing between traditional and simplified > chinese. I know that typically this is done via the country specifier in > the locale, with Taiwan using traditional and PRC using simplified. I > don't know if this is what Scott is implying we do when he says we need > to suport traditional and simplified Chinese. If so, we'll need to > expand the implementation to cover the country code. This is what we do in doc land, so I for one would support this. This is the format our publishing system (publican) uses to generate our books in the various langs we support. We distinguish between trad and simp Chinese with zh-TW and zh-CN, and between (e.g.), varieties of English with en-US and en-AU. > > There are a slew of I18N libraries for Javascript. gettext may not be > the best choice, but there is no clean leader at this point. > > We can generate just about all of en.json from the code and > documentation. We might even be able to automate this. Once we get > this project trnaslated, this will be a very valuable set of > translations, sort of a Rosetta stone for computer systems. Actually, > this might have been done by other projects, and we could possibly > leverage the work done on them. Making it easy for Fedora users to > specify a better translation, or translation for another language would > be a great way to pull less technical community members in to be > contributors. > > > Aside from the set of languages that we need for RHEL 6 we should be > able to support the set of languages I listed above either inside the > team, or with minimal help from people outside the team but on related > projects. Obviously, If you are a team member and speak a language > other than English, you should help out with the translation for that > language. > > I can "own" getting people to cover Hebrew > > > -- David O'Brien Red Hat APAC Pty Ltd "We couldn't care less about comfort. We make you feel good." Federico Minoli CEO Ducati Motor S.p.A. From pzuna at redhat.com Tue Sep 7 12:45:49 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Tue, 07 Sep 2010 14:45:49 +0200 Subject: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!] Message-ID: <4C8633FD.1080306@redhat.com> Last week I started working on integrating the jQuery UI and jQuery BBQ libraries into the project. I played around with them a little bit and it turned out, that they are really great and bring a lot of value. jQuery UI is a library of widgets like tabs, dialogs, tree views and a lots of other cool stuff. jQuery BBQ is a plugin for URL query string manipulation. It's main advantage to us, is that it enables to get/push states (URL fragment changes). This means that we don't have to reconstruct the whole state every time. It is also friendly to the Back button and other standard features of internet browsers. Both libraries are mature and easy to use. At first, I though "OK, that's cool! I'll just rewrite the navigation file and we're set." In the end, I had to rewrite almost everything due to not very well defined interfaces and dependencies. It took me more than a week including the week-end, but I had one of those creative blasts and I had fun doing it. :) I thought this is a good opportunity to restructure the webUI code. We are at the point were we've identified a great deal of emerging patterns in the code and we aren't too far yet. It was only about 2000 lines or so. Since I'm probably going back to IPA backend work with Rob in the upcoming weeks, I thought it would be nice to reach a certain milestone in the webUI. This is my shot at it. Anyway, here's the design I propose (and have already implemented, so that you can see the benefits for yourselves): Take a look at the diagram I attached to this mail. Basically I split the code into two parts. One specific to our project and one with re-usable code, that goes on top the of IPA framework (ipalib; plugable architecture and all that). Module dependencies (arrows with holes in them) and roles are now clearly defined. I'm going to create another diagram depicting the code flow for better understanding. I'm also going to privately send everyone on the team a link to a live demo. I don't feel like it should be on this public list. You can of course checkout the whole code there. Now, how does the code work and how do we use/modify it for feature XYZ? ------------------------------------------------------------------------ Everything is tied together in the webui.js file. This file includes basically only two functions and a definition list used to generate tabs. The functions are the application entry point (the document ready event handler), where all initialization is performed, and the "main loop" (the document hashchange event handler) used to track changes in the state of the webUI. The definition list contains a list of tabs and callbacks to generate their content. Callback for generating tab content take only one parameter: the div that represent the tab content. They shouldn't care about anything else than their own tab! The div should be enough to identify everything, that's required (for example what kind of IPA business object is handled there). The only callback currently used is the `ipa_entity_setup` function from entity.js. It is a generic wrapper, that takes information from entity specific files (user.js, group.js, ...) + metadata and uses it to create facets. It basically glues functionality of all CRUD widgets files. The entity specific files are the place to make modifications like adding/removing attributes to an object, change the order of attributes, change what attributes are listed in a search, generate special input elements for attributes that require them (attribute callbacks). Some examples: * We need a new attribute for object X, that displays a calendar for selecting dates. => add attribute to details definition list of object X, define attribute callback to generate the calendar * We need a new field to be displayed in the dialog when adding object Y. => add attribute to add definition list of object Y, define attribute callback to generate the field if it has some special requirements * We need to handle a new state in the webUI => Modify the "main loop" in webui.js * We need a whole new tab with something different that what we have now => add tab to navigation definition list in webui.js, create a callback, that generates what's supposed to be the tabs content And so on... Everything is customizable, but the defaults are good enough for 90% of cases. What is a webUI state? ---------------------- It's a certain combination of values in the URL fragment (that's the portion of URLs after the # sign). Using the URL fragment saves us from reloading the web pages (and all those bulky javascript files) every time the user does something. We're going fully AJAX. How to change a webUI state in the code? ---------------------------------------- Before we always had to reconstruct the whole URL. Doing ugly things like: document.location = document.location - fragmet + something + '&thisandthat=' something_else + // and more Now we can just do: $.bbq.pushState({something: somevalue}); And to retrieve: something = $.bbq.getState('something'); Much nicer and we don't have to worry about overwriting states by mistake. How does this whole thing integrate with what we have in master? ---------------------------------------------------------------- If we decide to adopt it, I'm going to create a patch that goes over the current master branch. It shouldn't be a big problem; a matter of 2-3 hours of work. I already integrated some of Adam's latest patches (associations, automatic sampledata retrieval, ...). So is this just code restructuring or does it have some new features? --------------------------------------------------------------------- It has better transisions between webUI states. All the advantages of jQuery UI and jQuery BBQ. We have nice dialogs for adding new objects. The content of different tabs is independent. You can click on Group, check something and click back to user without loosing the user tab state. All webUI states are bookmarkable! You can save your session by simply creating a bookmark. What to do, if this is adopted? ------------------------------- I think there will be 4 main areas, where most work will be distributed. - It's almost time to add CSS styles to make the UI look usable - Callbacks for all kinds of special attributes and adding new IPA objects to the UI - Maintenance of core scripts - Adding completely new features like work-flows, wizards, localization, ... If I'm to go back to IPA backend work with Rob in the upcoming weeks. I suggest we let Andy handle the CSS, callbacks and adding new objects (at least for now). Adam could work closely with the UXD team on new features. I don't want to drop the UI work completely, so I could take maintenance and helping out with whatever is needed. This is just a suggestion btw. Enough text. Waiting for comments. :) Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: pzuna_ipa_webui_module_diagram.png Type: image/png Size: 92829 bytes Desc: not available URL: From pzuna at redhat.com Tue Sep 7 12:59:25 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Tue, 07 Sep 2010 14:59:25 +0200 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0019-associations.patch In-Reply-To: <4C81AF06.2060206@redhat.com> References: <1731996620.1368291283548809399.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> <4C81AF06.2060206@redhat.com> Message-ID: <4C86372D.4080906@redhat.com> On 09/04/2010 04:29 AM, Adam Young wrote: > You are right. the 'this' pointer always gets overridden, so it has to > be assigtned to a nother variable name in order to get used in a closure. > > Here's an updated patch > > > > On 09/03/2010 05:20 PM, Endi Sukma Dewata wrote: >> Hi Adam, >> >> Thanks for the update. I found a problem, the "this.pkey" in the >> callback function below is undefined so it won't load the values back >> in the details page. >> >> diff --git a/install/static/associate.js b/install/static/associate.js >> index dabc76c..ae1f4af 100644 >> --- a/install/static/associate.js >> +++ b/install/static/associate.js >> @@ -90,10 +90,10 @@ function BulkAssociator(form, pkey, manyObjPkeys){ >> function(response){ >> var qs = ipa_parse_qs(); >> if (response.error){ >> - alert("error adding memeber"); >> + alert("error adding member"); >> }else{ >> location.hash="tab=" +form.oneObj >> - +"&facet=details&pkey="+this.pkey; >> + +"&facet=details&pkey="+pkey; >> } >> }, >> function(response){ >> >> Attached is the service tab I've been working on. Sometimes the >> enrollment page doesn't work quite right. When I click "Find" it >> will show the available hosts, but sometimes it would replace the >> list immediately with the list of available users. Probably the >> previous "click" handler still got called somehow. >> >> -- >> Endi S. Dewata >> >> ----- "Adam Young" wrote: >> >>> Updated version that provides the means to overload the method called. >>> >>> This was requested by edewata to support services. I also simplified >>> >>> some of the internal code . >>> >>> https://fedorahosted.org/freeipa/attachment/ticket/104/admiyo-freeipa-0019-2-associations.patch >>> >>> Let's get this in. ACK. There are some white-space warnings, remove them before pushing. Pavel From pzuna at redhat.com Tue Sep 7 13:03:37 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Tue, 07 Sep 2010 15:03:37 +0200 Subject: [Freeipa-devel] [PATCH] 514 make ldap2 class work with clients In-Reply-To: <4C6C67DB.1000109@redhat.com> References: <4C6C67DB.1000109@redhat.com> Message-ID: <4C863829.5010505@redhat.com> On 08/19/2010 01:08 AM, Rob Crittenden wrote: > Make ldap2 class work as a client library as well. > > Move the user-private group caching code out of the global config and > determine the value the first time it is needed. > > Renamed global_init() back to get_schema() and make it take an optional > connection. This solves the problem of being able to do all operations > with a simple bind instead of GSSAPI. > > Moved the global get_syntax() into a class method so that a schema can > be passed in. > > If a schema wasn't loaded during the module import then it is loaded > when the connection is created (so we have the credntials needed for > binding). > > ticket 63 > > rob > Sorry it took me so long to review this patch. ACK! Pavel From ayoung at redhat.com Tue Sep 7 13:25:09 2010 From: ayoung at redhat.com (Adam Young) Date: Tue, 07 Sep 2010 09:25:09 -0400 Subject: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!] In-Reply-To: <4C8633FD.1080306@redhat.com> References: <4C8633FD.1080306@redhat.com> Message-ID: <4C863D35.5040206@redhat.com> On 09/07/2010 08:45 AM, Pavel Zuna wrote: > Last week I started working on integrating the jQuery UI and jQuery > BBQ libraries into the project. I played around with them a little bit > and it turned out, that they are really great and bring a lot of value. > > jQuery UI is a library of widgets like tabs, dialogs, tree views and a > lots of other cool stuff. > > jQuery BBQ is a plugin for URL query string manipulation. It's main > advantage to us, is that it enables to get/push states (URL fragment > changes). This means that we don't have to reconstruct the whole state > every time. It is also friendly to the Back button and other standard > features of internet browsers. > > Both libraries are mature and easy to use. > > At first, I though "OK, that's cool! I'll just rewrite the navigation > file and we're set." In the end, I had to rewrite almost everything > due to not very well defined interfaces and dependencies. It took me > more than a week including the week-end, but I had one of those > creative blasts and I had fun doing it. :) > > I thought this is a good opportunity to restructure the webUI code. We > are at the point were we've identified a great deal of emerging > patterns in the code and we aren't too far yet. It was only about 2000 > lines or so. > > Since I'm probably going back to IPA backend work with Rob in the > upcoming weeks, I thought it would be nice to reach a certain > milestone in the webUI. This is my shot at it. > > Anyway, here's the design I propose (and have already implemented, so > that you can see the benefits for yourselves): > > Take a look at the diagram I attached to this mail. Looks dead on. Those were roughly the splits I was thinking about. I'm not surpruised it took you this long: I've put off making changes like these due to the time commitment and the need top keep showing features. Well done. > > Basically I split the code into two parts. One specific to our project > and one with re-usable code, that goes on top the of IPA framework > (ipalib; plugable architecture and all that). Module dependencies > (arrows with holes in them) and roles are now clearly defined. > > I'm going to create another diagram depicting the code flow for better > understanding. That will be useful. Once we push this patch, we should post these on the site. > > I'm also going to privately send everyone on the team a link to a live > demo. I don't feel like it should be on this public list. You can of > course checkout the whole code there. > > > Now, how does the code work and how do we use/modify it for feature XYZ? > ------------------------------------------------------------------------ > > Everything is tied together in the webui.js file. This file includes > basically only two functions and a definition list used to generate > tabs. The functions are the application entry point (the document > ready event handler), where all initialization is performed, and the > "main loop" (the document hashchange event handler) used to track > changes in the state of the webUI. The definition list contains a list > of tabs and callbacks to generate their content. > > Callback for generating tab content take only one parameter: the div > that represent the tab content. They shouldn't care about anything > else than their own tab! The div should be enough to identify > everything, that's required (for example what kind of IPA business > object is handled there). > > The only callback currently used is the `ipa_entity_setup` function > from entity.js. It is a generic wrapper, that takes information from > entity specific files (user.js, group.js, ...) + metadata and uses it > to create facets. It basically glues functionality of all CRUD widgets > files. > > The entity specific files are the place to make modifications like > adding/removing attributes to an object, change the order of > attributes, change what attributes are listed in a search, generate > special input elements for attributes that require them (attribute > callbacks). > > Some examples: > * We need a new attribute for object X, that displays a calendar for > selecting dates. > => add attribute to details definition list of object X, define > attribute callback to generate the calendar > * We need a new field to be displayed in the dialog when adding object Y. > => add attribute to add definition list of object Y, define attribute > callback > to generate the field if it has some special requirements > * We need to handle a new state in the webUI > => Modify the "main loop" in webui.js > * We need a whole new tab with something different that what we have now > => add tab to navigation definition list in webui.js, create a > callback, that > generates what's supposed to be the tabs content > > And so on... > > Everything is customizable, but the defaults are good enough for 90% > of cases. This should be the tagline of the UI code. > > > What is a webUI state? > ---------------------- > It's a certain combination of values in the URL fragment (that's the > portion of URLs after the # sign). Using the URL fragment saves us > from reloading the web pages (and all those bulky javascript files) > every time the user does something. We're going fully AJAX. > > > How to change a webUI state in the code? > ---------------------------------------- > Before we always had to reconstruct the whole URL. Doing ugly things > like: > document.location = document.location - fragmet + something + > '&thisandthat=' something_else + // and more > > Now we can just do: > $.bbq.pushState({something: somevalue}); > And to retrieve: > something = $.bbq.getState('something'); You'll have to explain how it keeps everything straight and separate. > > Much nicer and we don't have to worry about overwriting states by > mistake. > > > How does this whole thing integrate with what we have in master? > ---------------------------------------------------------------- > If we decide to adopt it, I'm going to create a patch that goes over > the current master branch. It shouldn't be a big problem; a matter of > 2-3 hours of work. > > I already integrated some of Adam's latest patches (associations, > automatic sampledata retrieval, ...). Should I commit the associations patch first? > > > So is this just code restructuring or does it have some new features? > --------------------------------------------------------------------- > It has better transisions between webUI states. All the advantages of > jQuery UI and jQuery BBQ. > > We have nice dialogs for adding new objects. > > The content of different tabs is independent. You can click on Group, > check something and click back to user without loosing the user tab > state. > > All webUI states are bookmarkable! You can save your session by simply > creating a bookmark. Nice! > > > What to do, if this is adopted? > ------------------------------- > I think there will be 4 main areas, where most work will be distributed. > > - It's almost time to add CSS styles to make the UI look usable > - Callbacks for all kinds of special attributes and adding new IPA > objects to the UI > - Maintenance of core scripts > - Adding completely new features like work-flows, wizards, > localization, ... > > If I'm to go back to IPA backend work with Rob in the upcoming weeks. > I suggest we let Andy handle the CSS, callbacks and adding new objects > (at least for now). Adam could work closely with the UXD team on new > features. I don't want to drop the UI work completely, so I could take > maintenance and helping out with whatever is needed. > > This is just a suggestion btw. > > > > Enough text. Waiting for comments. :) > > Pavel I'm impressed. I had hoped that this would be the end state. Thanks for seeing it through. I'll review the patch top priority. From ayoung at redhat.com Tue Sep 7 14:10:31 2010 From: ayoung at redhat.com (Adam Young) Date: Tue, 07 Sep 2010 10:10:31 -0400 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0019-associations.patch In-Reply-To: <4C86372D.4080906@redhat.com> References: <1731996620.1368291283548809399.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> <4C81AF06.2060206@redhat.com> <4C86372D.4080906@redhat.com> Message-ID: <4C8647D7.60102@redhat.com> On 09/07/2010 08:59 AM, Pavel Zuna wrote: > On 09/04/2010 04:29 AM, Adam Young wrote: >> You are right. the 'this' pointer always gets overridden, so it has to >> be assigtned to a nother variable name in order to get used in a >> closure. >> >> Here's an updated patch >> >> >> >> On 09/03/2010 05:20 PM, Endi Sukma Dewata wrote: >>> Hi Adam, >>> >>> Thanks for the update. I found a problem, the "this.pkey" in the >>> callback function below is undefined so it won't load the values back >>> in the details page. >>> >>> diff --git a/install/static/associate.js b/install/static/associate.js >>> index dabc76c..ae1f4af 100644 >>> --- a/install/static/associate.js >>> +++ b/install/static/associate.js >>> @@ -90,10 +90,10 @@ function BulkAssociator(form, pkey, manyObjPkeys){ >>> function(response){ >>> var qs = ipa_parse_qs(); >>> if (response.error){ >>> - alert("error adding memeber"); >>> + alert("error adding member"); >>> }else{ >>> location.hash="tab=" +form.oneObj >>> - +"&facet=details&pkey="+this.pkey; >>> + +"&facet=details&pkey="+pkey; >>> } >>> }, >>> function(response){ >>> >>> Attached is the service tab I've been working on. Sometimes the >>> enrollment page doesn't work quite right. When I click "Find" it >>> will show the available hosts, but sometimes it would replace the >>> list immediately with the list of available users. Probably the >>> previous "click" handler still got called somehow. >>> >>> -- >>> Endi S. Dewata >>> >>> ----- "Adam Young" wrote: >>> >>>> Updated version that provides the means to overload the method called. >>>> >>>> This was requested by edewata to support services. I also simplified >>>> >>>> some of the internal code . >>>> >>>> https://fedorahosted.org/freeipa/attachment/ticket/104/admiyo-freeipa-0019-2-associations.patch >>>> >>>> >>>> > > Let's get this in. ACK. > > There are some white-space warnings, remove them before pushing. > > Pavel Pushed to master From ayoung at redhat.com Tue Sep 7 17:17:07 2010 From: ayoung at redhat.com (Adam Young) Date: Tue, 07 Sep 2010 13:17:07 -0400 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0021-local-param-for-this-in-closure Message-ID: <4C867393.30102@redhat.com> This addresses Endi's comment regarding the 'this' pointer from path admiyo-0019. This patch is required to get the associations working. -------------- next part -------------- A non-text attachment was scrubbed... Name: admiyo-freeipa-0021-local-param-for-this-in-closure.patch Type: text/x-patch Size: 1216 bytes Desc: not available URL: From edewata at redhat.com Tue Sep 7 17:53:56 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 7 Sep 2010 13:53:56 -0400 (EDT) Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0021-local-param-for-this-in-closure In-Reply-To: <2063942430.1530391283881880860.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <230704137.1531241283882036361.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> ----- "Adam Young" wrote: > This addresses Endi's comment regarding the 'this' pointer from path > admiyo-0019. This patch is required to get the associations working. ACK. Thanks! -- Endi S. Dewata From ayoung at redhat.com Tue Sep 7 17:58:56 2010 From: ayoung at redhat.com (Adam Young) Date: Tue, 07 Sep 2010 13:58:56 -0400 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0021-local-param-for-this-in-closure In-Reply-To: <230704137.1531241283882036361.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <230704137.1531241283882036361.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C867D60.6010401@redhat.com> On 09/07/2010 01:53 PM, Endi Sukma Dewata wrote: > ----- "Adam Young" wrote: > > >> This addresses Endi's comment regarding the 'this' pointer from path >> admiyo-0019. This patch is required to get the associations working. >> > ACK. Thanks! > > -- > Endi S. Dewata > Pushed to master From rcritten at redhat.com Tue Sep 7 19:39:35 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 07 Sep 2010 15:39:35 -0400 Subject: [Freeipa-devel] [PATCH] 514 make ldap2 class work with clients In-Reply-To: <4C863829.5010505@redhat.com> References: <4C6C67DB.1000109@redhat.com> <4C863829.5010505@redhat.com> Message-ID: <4C8694F7.6090500@redhat.com> Pavel Zuna wrote: > On 08/19/2010 01:08 AM, Rob Crittenden wrote: >> Make ldap2 class work as a client library as well. >> >> Move the user-private group caching code out of the global config and >> determine the value the first time it is needed. >> >> Renamed global_init() back to get_schema() and make it take an optional >> connection. This solves the problem of being able to do all operations >> with a simple bind instead of GSSAPI. >> >> Moved the global get_syntax() into a class method so that a schema can >> be passed in. >> >> If a schema wasn't loaded during the module import then it is loaded >> when the connection is created (so we have the credntials needed for >> binding). >> >> ticket 63 >> >> rob >> > > Sorry it took me so long to review this patch. ACK! > > Pavel pushed to master From rcritten at redhat.com Tue Sep 7 19:40:25 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 07 Sep 2010 15:40:25 -0400 Subject: [Freeipa-devel] [PATCH] 519 make ipactl smarter In-Reply-To: <4C7E731E.9050808@redhat.com> References: <4C7D74F3.5070507@redhat.com> <4C7E731E.9050808@redhat.com> Message-ID: <4C869529.4010907@redhat.com> Adam Young wrote: > On 08/31/2010 05:32 PM, Rob Crittenden wrote: >> ipactl was a quickie thing I threw together at the end of v1 and it >> wasn't all too bright. This tries to fix things up and work around >> some init script issues. >> >> The init scripts returns a 1 both if the service isn't running and if >> it is not running but there is a pid file lying around. I check for >> this and make a new return value, 4, to represent stopped. >> >> Using this I can better tell what the current state of affairs is and >> just stop/start those services that are actually running. >> >> I added named to the list of services we track. >> >> rob >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > Probably shouldn't be using magic constants. I'd recommend replacing > them with strings. Other than that, Ack Well, the magic constants are the same as in initscripts and documented in-line so I think its probably ok. This is a pretty small script and nothing else uses (or probably will use) the values. Pushed to master rob From rcritten at redhat.com Tue Sep 7 19:41:42 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 07 Sep 2010 15:41:42 -0400 Subject: [Freeipa-devel] [PATCH] 518 handle errors in uninstall better In-Reply-To: <4C7E7F11.7010407@redhat.com> References: <4C7D73D4.1000804@redhat.com> <4C7E7444.9080603@redhat.com> <4C7E7F11.7010407@redhat.com> Message-ID: <4C869576.2040508@redhat.com> Dmitri Pal wrote: > Adam Young wrote: >> On 08/31/2010 05:27 PM, Rob Crittenden wrote: >>> # Always start certmonger. We can't untrack something if it isn't >> Is this really necessary? This is the only thing that jumped out at me >> in the patch. >> >> Assuming it really is: Ack >> > I have not looked at the patch but I suspect that it is related to the > fact that we plan to automatically track the expiration of the certs > issued to the server itself. So yes we need to have certmonger running > all the time thus comment makes sense to me. I did this in case the user has stopped certmonger. If we try to use the ipa-getcert command with the certmonger service stopped a DBUS error will be thrown. Trying to start a running service is a no-op so it doesn't hurt anything. This patch relies on unreviewed patch 512, I need to get that one acked before I can push this one. rob From dpal at redhat.com Tue Sep 7 20:00:38 2010 From: dpal at redhat.com (Dmitri Pal) Date: Tue, 07 Sep 2010 16:00:38 -0400 Subject: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!] In-Reply-To: <4C8633FD.1080306@redhat.com> References: <4C8633FD.1080306@redhat.com> Message-ID: <4C8699E6.2000403@redhat.com> Pavel Zuna wrote: > Last week I started working on integrating the jQuery UI and jQuery > BBQ libraries into the project. I played around with them a little bit > and it turned out, that they are really great and bring a lot of value. > > jQuery UI is a library of widgets like tabs, dialogs, tree views and a > lots of other cool stuff. > > jQuery BBQ is a plugin for URL query string manipulation. It's main > advantage to us, is that it enables to get/push states (URL fragment > changes). This means that we don't have to reconstruct the whole state > every time. It is also friendly to the Back button and other standard > features of internet browsers. > > Both libraries are mature and easy to use. > > At first, I though "OK, that's cool! I'll just rewrite the navigation > file and we're set." In the end, I had to rewrite almost everything > due to not very well defined interfaces and dependencies. It took me > more than a week including the week-end, but I had one of those > creative blasts and I had fun doing it. :) > > I thought this is a good opportunity to restructure the webUI code. We > are at the point were we've identified a great deal of emerging > patterns in the code and we aren't too far yet. It was only about 2000 > lines or so. > > Since I'm probably going back to IPA backend work with Rob in the > upcoming weeks, I thought it would be nice to reach a certain > milestone in the webUI. This is my shot at it. > > Anyway, here's the design I propose (and have already implemented, so > that you can see the benefits for yourselves): > > Take a look at the diagram I attached to this mail. > > Basically I split the code into two parts. One specific to our project > and one with re-usable code, that goes on top the of IPA framework > (ipalib; plugable architecture and all that). Module dependencies > (arrows with holes in them) and roles are now clearly defined. > > I'm going to create another diagram depicting the code flow for better > understanding. > > I'm also going to privately send everyone on the team a link to a live > demo. I don't feel like it should be on this public list. You can of > course checkout the whole code there. > > > Now, how does the code work and how do we use/modify it for feature XYZ? > ------------------------------------------------------------------------ > > Everything is tied together in the webui.js file. This file includes > basically only two functions and a definition list used to generate > tabs. The functions are the application entry point (the document > ready event handler), where all initialization is performed, and the > "main loop" (the document hashchange event handler) used to track > changes in the state of the webUI. The definition list contains a list > of tabs and callbacks to generate their content. > > Callback for generating tab content take only one parameter: the div > that represent the tab content. They shouldn't care about anything > else than their own tab! The div should be enough to identify > everything, that's required (for example what kind of IPA business > object is handled there). > > The only callback currently used is the `ipa_entity_setup` function > from entity.js. It is a generic wrapper, that takes information from > entity specific files (user.js, group.js, ...) + metadata and uses it > to create facets. It basically glues functionality of all CRUD widgets > files. > > The entity specific files are the place to make modifications like > adding/removing attributes to an object, change the order of > attributes, change what attributes are listed in a search, generate > special input elements for attributes that require them (attribute > callbacks). > > Some examples: > * We need a new attribute for object X, that displays a calendar for > selecting dates. > => add attribute to details definition list of object X, define > attribute callback to generate the calendar > * We need a new field to be displayed in the dialog when adding object Y. > => add attribute to add definition list of object Y, define attribute > callback > to generate the field if it has some special requirements > * We need to handle a new state in the webUI > => Modify the "main loop" in webui.js > * We need a whole new tab with something different that what we have now > => add tab to navigation definition list in webui.js, create a > callback, that > generates what's supposed to be the tabs content > > And so on... > > Everything is customizable, but the defaults are good enough for 90% > of cases. > > > What is a webUI state? > ---------------------- > It's a certain combination of values in the URL fragment (that's the > portion of URLs after the # sign). Using the URL fragment saves us > from reloading the web pages (and all those bulky javascript files) > every time the user does something. We're going fully AJAX. > > > How to change a webUI state in the code? > ---------------------------------------- > Before we always had to reconstruct the whole URL. Doing ugly things > like: > document.location = document.location - fragmet + something + > '&thisandthat=' something_else + // and more > > Now we can just do: > $.bbq.pushState({something: somevalue}); > And to retrieve: > something = $.bbq.getState('something'); > > Much nicer and we don't have to worry about overwriting states by > mistake. > > > How does this whole thing integrate with what we have in master? > ---------------------------------------------------------------- > If we decide to adopt it, I'm going to create a patch that goes over > the current master branch. It shouldn't be a big problem; a matter of > 2-3 hours of work. > > I already integrated some of Adam's latest patches (associations, > automatic sampledata retrieval, ...). > > > So is this just code restructuring or does it have some new features? > --------------------------------------------------------------------- > It has better transisions between webUI states. All the advantages of > jQuery UI and jQuery BBQ. > > We have nice dialogs for adding new objects. > > The content of different tabs is independent. You can click on Group, > check something and click back to user without loosing the user tab > state. > > All webUI states are bookmarkable! You can save your session by simply > creating a bookmark. > > > What to do, if this is adopted? > ------------------------------- > I think there will be 4 main areas, where most work will be distributed. > > - It's almost time to add CSS styles to make the UI look usable > - Callbacks for all kinds of special attributes and adding new IPA > objects to the UI > - Maintenance of core scripts > - Adding completely new features like work-flows, wizards, > localization, ... > > If I'm to go back to IPA backend work with Rob in the upcoming weeks. > I suggest we let Andy handle the CSS, callbacks and adding new objects > (at least for now). Adam could work closely with the UXD team on new > features. I don't want to drop the UI work completely, so I could take > maintenance and helping out with whatever is needed. > > This is just a suggestion btw. > > > > Enough text. Waiting for comments. :) > > Pavel > > ------------------------------------------------------------------------ > Very impressive! -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From edewata at redhat.com Tue Sep 7 21:54:38 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 7 Sep 2010 17:54:38 -0400 (EDT) Subject: [Freeipa-devel] [PATCH] 0001-Added-Services-tab.patch In-Reply-To: <1846318992.1562911283896337188.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <1630640313.1563091283896478553.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Hi, This patch adds the Service tab using Adam's association classes. It also contains the sample data for some service operations. Thanks! -- Endi S. Dewata -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Added-Services-tab.patch Type: text/x-patch Size: 12432 bytes Desc: not available URL: From ayoung at redhat.com Wed Sep 8 02:39:05 2010 From: ayoung at redhat.com (Adam Young) Date: Tue, 07 Sep 2010 22:39:05 -0400 Subject: [Freeipa-devel] [PATCH] 0001-Added-Services-tab.patch In-Reply-To: <1630640313.1563091283896478553.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <1630640313.1563091283896478553.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C86F749.2070002@redhat.com> On 09/07/2010 05:54 PM, Endi Sukma Dewata wrote: > Hi, > > This patch adds the Service tab using Adam's association classes. > It also contains the sample data for some service operations. > > Thanks! > > -- > Endi S. Dewata > > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel I get an error "associate failure" when clicking the Enroll Button on the associations page. You need to add sampledata/service_add_host.json Whitespace issues in b/install/static/sampledata/service_add.json When I tested on the live server, add failed silently. We need to report to the user the error message. This is something that we don't do on other pages yet, but we need to. The success closure needs to have code along the lines of: if (result.error){ // report errors }else{ //current functionality } For now just populate an alert message. I'll add a task to integrate per field error reporting into the add and details pages. Since the principal is of the form service/host, we should use two fields for these. I think that the service tab should be a combo-box: free form text is allowed, but it should be prepopulated with known services like httpd, ftpd ,etc. Since the host portion of the principal has to be a registered host in the system, I suspect we need to use the association style finder for that. For now make it a text box with the label of Host name. Pavel and I have been using a patch labeling scheme -freeipa--description.patch. I've renamed this one to: edewata-freeipa-0001-Added-Services-tab.patch When you update it, please name the new one: edewata-freeipa-0001-2-Added-Services-tab.patch -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Wed Sep 8 14:08:36 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 10:08:36 -0400 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0022-netgroup-associations.patch Message-ID: <4C8798E4.4090800@redhat.com> Netgroup associations: netgroups -> users, groups,hosts,hostgroups https://fedorahosted.org/freeipa/attachment/ticket/96/admiyo-freeipa-0022-netgroup-associations.patch -------------- next part -------------- A non-text attachment was scrubbed... Name: admiyo-freeipa-0022-netgroup-associations.patch Type: text/x-patch Size: 10057 bytes Desc: not available URL: From ssorce at redhat.com Wed Sep 8 18:47:18 2010 From: ssorce at redhat.com (Simo Sorce) Date: Wed, 8 Sep 2010 14:47:18 -0400 Subject: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!] In-Reply-To: <4C8633FD.1080306@redhat.com> References: <4C8633FD.1080306@redhat.com> Message-ID: <20100908144718.1c780fbf@willson.li.ssimo.org> On Tue, 07 Sep 2010 14:45:49 +0200 Pavel Zuna wrote: > Enough text. Waiting for comments. :) I have one question. Have you made any consideration wrt security ? For example you say that you can push a complete state in a URL so that you can bookmark it. How does this cope with authentication ? Is there any way to validate the state is legit server side, or does it mean we make it an easy target for XSS exploits ? Last thing I want to see is an admin clicking a link and finding out that link actually granted some permission to the malicious user that sent him an carefully crafted email ... Simo. -- Simo Sorce * Red Hat, Inc * New York From dpal at redhat.com Wed Sep 8 19:02:12 2010 From: dpal at redhat.com (Dmitri Pal) Date: Wed, 08 Sep 2010 15:02:12 -0400 Subject: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!] In-Reply-To: <20100908144718.1c780fbf@willson.li.ssimo.org> References: <4C8633FD.1080306@redhat.com> <20100908144718.1c780fbf@willson.li.ssimo.org> Message-ID: <4C87DDB4.1050909@redhat.com> Simo Sorce wrote: > On Tue, 07 Sep 2010 14:45:49 +0200 > Pavel Zuna wrote: > > >> Enough text. Waiting for comments. :) >> > > I have one question. > Have you made any consideration wrt security ? > > For example you say that you can push a complete state in a URL so that > you can bookmark it. > How does this cope with authentication ? > Is there any way to validate the state is legit server side, or does it > mean we make it an easy target for XSS exploits ? > Last thing I want to see is an admin clicking a link and finding out > that link actually granted some permission to the malicious user that > sent him an carefully crafted email ... > > Currently each request is authenticated via GSSAPI but with some planned changes we will switch to using cookies which would speed up things. A forged URL will not help if you do not have the cookie. If you have the cookie there is no URL you can't go to. You will be denied if you submit something you are not allowed to submit. This is checked on the server side. > Simo. > > -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From ayoung at redhat.com Wed Sep 8 19:21:06 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 15:21:06 -0400 Subject: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!] In-Reply-To: <20100908144718.1c780fbf@willson.li.ssimo.org> References: <4C8633FD.1080306@redhat.com> <20100908144718.1c780fbf@willson.li.ssimo.org> Message-ID: <4C87E222.3010402@redhat.com> On 09/08/2010 02:47 PM, Simo Sorce wrote: > On Tue, 07 Sep 2010 14:45:49 +0200 > Pavel Zuna wrote: > > >> Enough text. Waiting for comments. :) >> > I have one question. > Have you made any consideration wrt security ? > > For example you say that you can push a complete state in a URL so that > you can bookmark it. > How does this cope with authentication ? > Is there any way to validate the state is legit server side, or does it > mean we make it an easy target for XSS exploits ? > Last thing I want to see is an admin clicking a link and finding out > that link actually granted some permission to the malicious user that > sent him an carefully crafted email ... > > Simo. > > Simo, Two different concepts here, the state in the URL, and the security model. The state is completely a client side concept, it manages the values used to repopulate the webui. The existing security model prevents calls against the server if you don't have a Kerberos key set. We are providing no more access than is already availble to the server. Kerberos is our friend here, as it obviates what seem to be the most common JSON attacks. Bascially, the state only tells the web ui what to execute. It hasthings like :current tab is user, currrent facet is search, search criteria was 'Ada'. No code, it is not interprested as code. The security model is a different beast. We are doing nothing with the web server that you canot do already using the https/xml APIs. So if there is aproblem, it is out there today. I make no judgements on that, as I am not a security expert. An early problem with JSON was that it was basically just a block of code processed with an 'eval' statmet. THe browser now handles the parsing for us, with the exception of older browsers, where we use a code library. In either case, we avoid the eval issues. Also, since we own both the client and server side of the equasion, we don't have to worry about a maliciosu third party injecting code into our stream. The tunnel between client and server is encrypted, and we only send JSON requests back to the server of origin. In fact, as far as I know, the same origin policy is still in effect, and (Fedora/RHEL/Mozilla) does nothing to circumvent it. From ssorce at redhat.com Wed Sep 8 19:37:32 2010 From: ssorce at redhat.com (Simo Sorce) Date: Wed, 8 Sep 2010 15:37:32 -0400 Subject: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!] In-Reply-To: <4C87DDB4.1050909@redhat.com> References: <4C8633FD.1080306@redhat.com> <20100908144718.1c780fbf@willson.li.ssimo.org> <4C87DDB4.1050909@redhat.com> Message-ID: <20100908153732.771bbd4b@willson.li.ssimo.org> On Wed, 08 Sep 2010 15:02:12 -0400 Dmitri Pal wrote: > Simo Sorce wrote: > > On Tue, 07 Sep 2010 14:45:49 +0200 > > Pavel Zuna wrote: > > > > > >> Enough text. Waiting for comments. :) > >> > > > > I have one question. > > Have you made any consideration wrt security ? > > > > For example you say that you can push a complete state in a URL so > > that you can bookmark it. > > How does this cope with authentication ? > > Is there any way to validate the state is legit server side, or > > does it mean we make it an easy target for XSS exploits ? > > Last thing I want to see is an admin clicking a link and finding out > > that link actually granted some permission to the malicious user > > that sent him an carefully crafted email ... > > > > > > Currently each request is authenticated via GSSAPI but with some > planned changes we will switch to using cookies which would speed up > things. A forged URL will not help if you do not have the cookie. If > you have the cookie there is no URL you can't go to. You will be > denied if you submit something you are not allowed to submit. This is > checked on the server side. Yes, that's not the issue. The scenario is this: - Admin use Joe, goes on http://my.ipa.domain.dom/ and does some administration, his browser has a cookie. - Admin Joe sees a pop-up from his MUA, open mail and sees user Foo asking for some help, and see screenshot here: - Admin Joe clicks the link which actually performs an action against the ipa server. Is this prevented? how ? Simo. -- Simo Sorce * Red Hat, Inc * New York From ayoung at redhat.com Wed Sep 8 19:56:40 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 15:56:40 -0400 Subject: [Freeipa-devel] webUI code restructuring [wall of text, diagrams, ... you've been warned!] In-Reply-To: <20100908153732.771bbd4b@willson.li.ssimo.org> References: <4C8633FD.1080306@redhat.com> <20100908144718.1c780fbf@willson.li.ssimo.org> <4C87DDB4.1050909@redhat.com> <20100908153732.771bbd4b@willson.li.ssimo.org> Message-ID: <4C87EA78.5010302@redhat.com> On 09/08/2010 03:37 PM, Simo Sorce wrote: > On Wed, 08 Sep 2010 15:02:12 -0400 > Dmitri Pal wrote: > > >> Simo Sorce wrote: >> >>> On Tue, 07 Sep 2010 14:45:49 +0200 >>> Pavel Zuna wrote: >>> >>> >>> >>>> Enough text. Waiting for comments. :) >>>> >>>> >>> I have one question. >>> Have you made any consideration wrt security ? >>> >>> For example you say that you can push a complete state in a URL so >>> that you can bookmark it. >>> How does this cope with authentication ? >>> Is there any way to validate the state is legit server side, or >>> does it mean we make it an easy target for XSS exploits ? >>> Last thing I want to see is an admin clicking a link and finding out >>> that link actually granted some permission to the malicious user >>> that sent him an carefully crafted email ... >>> >>> >>> >> Currently each request is authenticated via GSSAPI but with some >> planned changes we will switch to using cookies which would speed up >> things. A forged URL will not help if you do not have the cookie. If >> you have the cookie there is no URL you can't go to. You will be >> denied if you submit something you are not allowed to submit. This is >> checked on the server side. >> > Yes, that's not the issue. > > The scenario is this: > > - Admin use Joe, goes on http://my.ipa.domain.dom/ and does some > administration, his browser has a cookie. > - Admin Joe sees a pop-up from his MUA, open mail and sees user Foo > asking for some help, and see screenshot here: > - Admin Joe clicks the link which actually performs an action against > the ipa server. > The browser prevents it ins straight URL attacks, using the policy of same server of origin. Flash might be a potential attack vector. I am not sure if browser cache poisoning is a real concern. > Is this prevented? how ? > > Simo. > > From rcritten at redhat.com Wed Sep 8 21:19:03 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 08 Sep 2010 17:19:03 -0400 Subject: [Freeipa-devel] [PATCH] 520 fix install with --setup-dns Message-ID: <4C87FDC7.90508@redhat.com> Allow the schema to be set once an ldap connection is locked. When making LDAP calls via api.Backend.ldap2 the ldap2 object will already be locked by the api.finalize() call. So the first time that api.Backend.ldap2.connect() is called an error would be thrown that self.schema cannot be set because the object is ReadOnly. This uses the documented procedure for working around this lock. This was preventing the DNS installation to proceed. ticket #188 rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-520-ldap.patch Type: text/x-patch Size: 1358 bytes Desc: not available URL: From edewata at redhat.com Wed Sep 8 22:07:08 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 8 Sep 2010 18:07:08 -0400 (EDT) Subject: [Freeipa-devel] [PATCH] 0001-Added-Services-tab.patch In-Reply-To: <401871928.1684461283983584487.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <649644085.1684491283983628359.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Hi Adam, Thanks for the review. Attached is the revised patch. ----- "Adam Young" wrote: > I get an error > "associate failure" when clicking the Enroll Button on the > associations page. You need to add sampledata/service_add_host.json This is fixed, I forgot to do git add. > Whitespace issues in b/install/static/sampledata/service_add.json This is fixed, they are coming from the IPA server. > When I tested on the live server, add failed silently. We need to > report to the user the error message. This is something that we don't > do on other pages yet, but we need to. The success closure needs to > have code along the lines of: > > if (result.error){ > // report errors > }else{ > //current functionality > } > > For now just populate an alert message. I'll add a task to integrate > per field error reporting into the add and details pages. This is fixed in add.js. > Since the principal is of the form service/host, we should use two > fields for these. I think that the service tab should be a combo-box: > free form text is allowed, but it should be prepopulated with known > services like httpd, ftpd ,etc. Since the host portion of the > principal has to be a registered host in the system, I suspect we need > to use the association style finder for that. For now make it a text > box with the label of Host name. Per our discussion, I'm submitting a patch with a single text field for principal. I will create another patch to refactor the EntityBuilder class and subclass it to combine the service & host fields into principal. As we discovered, the standard HTML combobox is not editable and 3rd party editable comboboxes have some issues. We will address this next time. > Pavel and I have been using a patch labeling scheme > -freeipa--description.patch. I've renamed this one > to: > > edewata-freeipa-0001-Added-Services-tab.patch > > When you update it, please name the new one: > edewata-freeipa-0001-2-Added-Services-tab.patch The new patch has been renamed as such. Thanks! -- Endi S. Dewata -------------- next part -------------- A non-text attachment was scrubbed... Name: edewata-freeipa-0001-2-Added-Services-tab.patch Type: text/x-patch Size: 13974 bytes Desc: not available URL: From ayoung at redhat.com Wed Sep 8 23:19:12 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 19:19:12 -0400 Subject: [Freeipa-devel] Need to be able to commit Endi's patches with him as author Message-ID: <4C8819F0.5050100@redhat.com> I tried to commit to my local Repo with: git commit --author edewata But got the message:No existing author found with 'edewata' I can fix this for my local repo, but we'll need it in the Fedorahosted repo. From ayoung at redhat.com Wed Sep 8 23:27:04 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 19:27:04 -0400 Subject: [Freeipa-devel] Need to be able to commit Endi's patches with him as author In-Reply-To: <4C8819F0.5050100@redhat.com> References: <4C8819F0.5050100@redhat.com> Message-ID: <4C881BC8.4070101@redhat.com> On 09/08/2010 07:19 PM, Adam Young wrote: > I tried to commit to my local Repo with: > > git commit --author edewata > > But got the message:No existing author found with 'edewata' > > I can fix this for my local repo, but we'll need it in the > Fedorahosted repo. > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel Disregard. I RTFManpage for git-commit. From ayoung at redhat.com Wed Sep 8 23:27:20 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 19:27:20 -0400 Subject: [Freeipa-devel] [PATCH] 0001-Added-Services-tab.patch In-Reply-To: <649644085.1684491283983628359.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <649644085.1684491283983628359.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C881BD8.30107@redhat.com> On 09/08/2010 06:07 PM, Endi Sukma Dewata wrote: > Hi Adam, > > Thanks for the review. Attached is the revised patch. > > ----- "Adam Young" wrote: > >> I get an error >> "associate failure" when clicking the Enroll Button on the >> associations page. You need to add sampledata/service_add_host.json >> > This is fixed, I forgot to do git add. > > >> Whitespace issues in b/install/static/sampledata/service_add.json >> > This is fixed, they are coming from the IPA server. > > >> When I tested on the live server, add failed silently. We need to >> report to the user the error message. This is something that we don't >> do on other pages yet, but we need to. The success closure needs to >> have code along the lines of: >> >> if (result.error){ >> // report errors >> }else{ >> //current functionality >> } >> >> For now just populate an alert message. I'll add a task to integrate >> per field error reporting into the add and details pages. >> > This is fixed in add.js. > > >> Since the principal is of the form service/host, we should use two >> fields for these. I think that the service tab should be a combo-box: >> free form text is allowed, but it should be prepopulated with known >> services like httpd, ftpd ,etc. Since the host portion of the >> principal has to be a registered host in the system, I suspect we need >> to use the association style finder for that. For now make it a text >> box with the label of Host name. >> > Per our discussion, I'm submitting a patch with a single text field for > principal. I will create another patch to refactor the EntityBuilder > class and subclass it to combine the service& host fields into principal. > > As we discovered, the standard HTML combobox is not editable and 3rd party > editable comboboxes have some issues. We will address this next time. > > >> Pavel and I have been using a patch labeling scheme >> -freeipa--description.patch. I've renamed this one >> to: >> >> edewata-freeipa-0001-Added-Services-tab.patch >> >> When you update it, please name the new one: >> edewata-freeipa-0001-2-Added-Services-tab.patch >> > The new patch has been renamed as such. > > Thanks! > > -- > Endi S. Dewata > ACK. Pushed to master From ayoung at redhat.com Thu Sep 9 00:40:37 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 20:40:37 -0400 Subject: [Freeipa-devel] [PATCH] 520 fix install with --setup-dns In-Reply-To: <4C87FDC7.90508@redhat.com> References: <4C87FDC7.90508@redhat.com> Message-ID: <4C882D05.5000603@redhat.com> On 09/08/2010 05:19 PM, Rob Crittenden wrote: > Allow the schema to be set once an ldap connection is locked. > > When making LDAP calls via api.Backend.ldap2 the ldap2 object will > already be locked by the api.finalize() call. So the first time that > api.Backend.ldap2.connect() is called an error would be thrown that > self.schema cannot be set because the object is ReadOnly. This uses > the documented procedure for working around this lock. > > This was preventing the DNS installation to proceed. > > ticket #188 > > rob > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel Is this the behaviour it is supposed to fix? 2010-09-08 10:46:18,776 DEBUG locked: cannot set ldap2.schema to File "/usr/sbin/ipa-server-install", line 835, in sys.exit(main()) File "/usr/sbin/ipa-server-install", line 773, in main api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 62, in connect conn = self.create_connection(*args, **kw) File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, in new_f return f(*new_args, **kwargs) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 295, in create_connection self.schema = get_schema(self.ldap_uri, conn) File "/usr/lib/python2.6/site-packages/ipalib/base.py", line 131, in __setattr__ SET_ERROR % (self.__class__.__name__, name, value) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Thu Sep 9 00:50:48 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 20:50:48 -0400 Subject: [Freeipa-devel] [PATCH] 520 fix install with --setup-dns In-Reply-To: <4C882D05.5000603@redhat.com> References: <4C87FDC7.90508@redhat.com> <4C882D05.5000603@redhat.com> Message-ID: <4C882F68.2010105@redhat.com> On 09/08/2010 08:40 PM, Adam Young wrote: > On 09/08/2010 05:19 PM, Rob Crittenden wrote: >> Allow the schema to be set once an ldap connection is locked. >> >> When making LDAP calls via api.Backend.ldap2 the ldap2 object will >> already be locked by the api.finalize() call. So the first time that >> api.Backend.ldap2.connect() is called an error would be thrown that >> self.schema cannot be set because the object is ReadOnly. This uses >> the documented procedure for working around this lock. >> >> This was preventing the DNS installation to proceed. >> >> ticket #188 >> >> rob >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > > Is this the behaviour it is supposed to fix? > > 2010-09-08 10:46:18,776 DEBUG locked: cannot set ldap2.schema to > > File "/usr/sbin/ipa-server-install", line 835, in > sys.exit(main()) > > File "/usr/sbin/ipa-server-install", line 773, in main > api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", > bind_pw=dm_password) > > File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 62, > in connect > conn = self.create_connection(*args, **kw) > > File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, > in new_f > return f(*new_args, **kwargs) > > File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", > line 295, in create_connection > self.schema = get_schema(self.ldap_uri, conn) > > File "/usr/lib/python2.6/site-packages/ipalib/base.py", line 131, in > __setattr__ > SET_ERROR % (self.__class__.__name__, name, value) > > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel I'll ACK, as it seems to get past the previous problem, but I don't think it is 100% yet. My install failed with Unexpected error - see ipaserver-install.log for details: 'getpwnam(): name not found: named' getent passwd named returns nothing. THis was the second time I ran through the install after install bind. Is it possible that we remove the named user from /etc/passwd and don't re-add it? -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Thu Sep 9 01:02:39 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 21:02:39 -0400 Subject: [Freeipa-devel] [PATCH] 520 fix install with --setup-dns In-Reply-To: <4C882F68.2010105@redhat.com> References: <4C87FDC7.90508@redhat.com> <4C882D05.5000603@redhat.com> <4C882F68.2010105@redhat.com> Message-ID: <4C88322F.3040309@redhat.com> On 09/08/2010 08:50 PM, Adam Young wrote: > On 09/08/2010 08:40 PM, Adam Young wrote: >> On 09/08/2010 05:19 PM, Rob Crittenden wrote: >>> Allow the schema to be set once an ldap connection is locked. >>> >>> When making LDAP calls via api.Backend.ldap2 the ldap2 object will >>> already be locked by the api.finalize() call. So the first time that >>> api.Backend.ldap2.connect() is called an error would be thrown that >>> self.schema cannot be set because the object is ReadOnly. This uses >>> the documented procedure for working around this lock. >>> >>> This was preventing the DNS installation to proceed. >>> >>> ticket #188 >>> >>> rob >>> >>> >>> _______________________________________________ >>> Freeipa-devel mailing list >>> Freeipa-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-devel >> >> Is this the behaviour it is supposed to fix? >> >> 2010-09-08 10:46:18,776 DEBUG locked: cannot set ldap2.schema to >> >> File "/usr/sbin/ipa-server-install", line 835, in >> sys.exit(main()) >> >> File "/usr/sbin/ipa-server-install", line 773, in main >> api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", >> bind_pw=dm_password) >> >> File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 62, >> in connect >> conn = self.create_connection(*args, **kw) >> >> File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line >> 188, in new_f >> return f(*new_args, **kwargs) >> >> File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", >> line 295, in create_connection >> self.schema = get_schema(self.ldap_uri, conn) >> >> File "/usr/lib/python2.6/site-packages/ipalib/base.py", line 131, >> in __setattr__ >> SET_ERROR % (self.__class__.__name__, name, value) >> >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > I'll ACK, as it seems to get past the previous problem, but I don't > think it is 100% yet. My install failed with > Unexpected error - see ipaserver-install.log for details: > 'getpwnam(): name not found: named' > > > getent passwd named returns nothing. > > > THis was the second time I ran through the install after install > bind. Is it possible that we remove the named user from /etc/passwd > and don't re-add it? > > > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel And now I see that when I do an install (on F13) of bind and bind-dyndb-ldap.x86_64 I get a slew of errors: Warning: RPMDB altered outside of yum. Installing : 32:bind-9.7.1-2.P2.fc13.x86_64 1/2 warning: group named does not exist - using root warning: group named does not exist - using root warning: group named does not exist - using root warning: group named does not exist - using root warning: group named does not exist - using root warning: group named does not exist - using root warning: user named does not exist - using root warning: group named does not exist - using root warning: user named does not exist - using root warning: group named does not exist - using root warning: group named does not exist - using root warning: group named does not exist - using root warning: group named does not exist - using root warning: group named does not exist - using root warning: user named does not exist - using root warning: group named does not exist - using root warning: user named does not exist - using root warning: group named does not exist - using root chown: invalid group: `root:named' Installing : bind-dyndb-ldap-0.1.0-0.9.a1.20091210git.fc13.x86_64 So it isn't strictly our problem, except that it is. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Thu Sep 9 01:14:44 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 21:14:44 -0400 Subject: [Freeipa-devel] [PATCH] 520 fix install with --setup-dns In-Reply-To: <4C88322F.3040309@redhat.com> References: <4C87FDC7.90508@redhat.com> <4C882D05.5000603@redhat.com> <4C882F68.2010105@redhat.com> <4C88322F.3040309@redhat.com> Message-ID: <4C883504.8090805@redhat.com> On 09/08/2010 09:02 PM, Adam Young wrote: > On 09/08/2010 08:50 PM, Adam Young wrote: >> On 09/08/2010 08:40 PM, Adam Young wrote: >>> On 09/08/2010 05:19 PM, Rob Crittenden wrote: >>>> Allow the schema to be set once an ldap connection is locked. >>>> >>>> When making LDAP calls via api.Backend.ldap2 the ldap2 object will >>>> already be locked by the api.finalize() call. So the first time >>>> that api.Backend.ldap2.connect() is called an error would be thrown >>>> that self.schema cannot be set because the object is ReadOnly. This >>>> uses the documented procedure for working around this lock. >>>> >>>> This was preventing the DNS installation to proceed. >>>> >>>> ticket #188 >>>> >>>> rob >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-devel mailing list >>>> Freeipa-devel at redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-devel >>> >>> Is this the behaviour it is supposed to fix? >>> >>> 2010-09-08 10:46:18,776 DEBUG locked: cannot set ldap2.schema to >>> >>> File "/usr/sbin/ipa-server-install", line 835, in >>> sys.exit(main()) >>> >>> File "/usr/sbin/ipa-server-install", line 773, in main >>> api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", >>> bind_pw=dm_password) >>> >>> File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line >>> 62, in connect >>> conn = self.create_connection(*args, **kw) >>> >>> File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line >>> 188, in new_f >>> return f(*new_args, **kwargs) >>> >>> File >>> "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line >>> 295, in create_connection >>> self.schema = get_schema(self.ldap_uri, conn) >>> >>> File "/usr/lib/python2.6/site-packages/ipalib/base.py", line 131, >>> in __setattr__ >>> SET_ERROR % (self.__class__.__name__, name, value) >>> >>> >>> >>> _______________________________________________ >>> Freeipa-devel mailing list >>> Freeipa-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-devel >> I'll ACK, as it seems to get past the previous problem, but I don't >> think it is 100% yet. My install failed with >> Unexpected error - see ipaserver-install.log for details: >> 'getpwnam(): name not found: named' >> >> >> getent passwd named returns nothing. >> >> >> THis was the second time I ran through the install after install >> bind. Is it possible that we remove the named user from /etc/passwd >> and don't re-add it? >> >> >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > And now I see that when I do an install (on F13) of bind and > bind-dyndb-ldap.x86_64 I get a slew of errors: > Warning: RPMDB altered outside of yum. > Installing : > 32:bind-9.7.1-2.P2.fc13.x86_64 > 1/2 > warning: group named does not exist - using root > warning: group named does not exist - using root > warning: group named does not exist - using root > warning: group named does not exist - using root > warning: group named does not exist - using root > warning: group named does not exist - using root > warning: user named does not exist - using root > warning: group named does not exist - using root > warning: user named does not exist - using root > warning: group named does not exist - using root > warning: group named does not exist - using root > warning: group named does not exist - using root > warning: group named does not exist - using root > warning: group named does not exist - using root > warning: user named does not exist - using root > warning: group named does not exist - using root > warning: user named does not exist - using root > warning: group named does not exist - using root > chown: invalid group: `root:named' > Installing : bind-dyndb-ldap-0.1.0-0.9.a1.20091210git.fc13.x86_64 > > So it isn't strictly our problem, except that it is. > > > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel OK, it was an artifact of a lock file on my system. Install now goes fine. I can ACK this with no reservations. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Thu Sep 9 01:50:34 2010 From: ayoung at redhat.com (Adam Young) Date: Wed, 08 Sep 2010 21:50:34 -0400 Subject: [Freeipa-devel] Fwd: [Freeipa-users] [PATCH] 512 track server certs with certmonger In-Reply-To: <4C69B4E1.9000606@redhat.com> References: <4C65A959.4010100@redhat.com> <4C69B4E1.9000606@redhat.com> Message-ID: <4C883D6A.8080204@redhat.com> On 08/16/2010 06:00 PM, Rob Crittenden wrote: > Rob Crittenden wrote: >> I did it again :-( > > Updated patch that should apply cleanly. > > rob > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel ImportError: No module named certmonger. Need whatever provides that as an rpm dependency. This system has certmonger on it, but I see no python files in it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Thu Sep 9 02:13:50 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 08 Sep 2010 22:13:50 -0400 Subject: [Freeipa-devel] Fwd: [Freeipa-users] [PATCH] 512 track server certs with certmonger In-Reply-To: <4C883D6A.8080204@redhat.com> References: <4C65A959.4010100@redhat.com> <4C69B4E1.9000606@redhat.com> <4C883D6A.8080204@redhat.com> Message-ID: <4C8842DE.9010605@redhat.com> Adam Young wrote: > On 08/16/2010 06:00 PM, Rob Crittenden wrote: >> Rob Crittenden wrote: >>> I did it again :-( >> >> Updated patch that should apply cleanly. >> >> rob >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > > ImportError: No module named certmonger. Need whatever provides that as > an rpm dependency. This system has certmonger on it, but I see no python > files in it. I forgot to re-add certmonger.py when I rebased it last time. I've re-based the patch again and included certmonger.py, it should work this time. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-512-3-cert.patch Type: text/x-patch Size: 20361 bytes Desc: not available URL: From dpal at redhat.com Thu Sep 9 02:48:43 2010 From: dpal at redhat.com (Dmitri Pal) Date: Wed, 08 Sep 2010 22:48:43 -0400 Subject: [Freeipa-devel] [PATCH] 2. Enabling SUDO support Message-ID: <4C884B0B.3030200@redhat.com> See patch comment for more details. -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001--SUDO-Enabling-SUDO-support.patch Type: text/x-patch Size: 8997 bytes Desc: not available URL: From rcritten at redhat.com Thu Sep 9 13:05:52 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 09 Sep 2010 09:05:52 -0400 Subject: [Freeipa-devel] [PATCH] 520 fix install with --setup-dns In-Reply-To: <4C883504.8090805@redhat.com> References: <4C87FDC7.90508@redhat.com> <4C882D05.5000603@redhat.com> <4C882F68.2010105@redhat.com> <4C88322F.3040309@redhat.com> <4C883504.8090805@redhat.com> Message-ID: <4C88DBB0.1040608@redhat.com> Adam Young wrote: > On 09/08/2010 09:02 PM, Adam Young wrote: >> On 09/08/2010 08:50 PM, Adam Young wrote: >>> On 09/08/2010 08:40 PM, Adam Young wrote: >>>> On 09/08/2010 05:19 PM, Rob Crittenden wrote: >>>>> Allow the schema to be set once an ldap connection is locked. >>>>> >>>>> When making LDAP calls via api.Backend.ldap2 the ldap2 object will >>>>> already be locked by the api.finalize() call. So the first time >>>>> that api.Backend.ldap2.connect() is called an error would be thrown >>>>> that self.schema cannot be set because the object is ReadOnly. This >>>>> uses the documented procedure for working around this lock. >>>>> >>>>> This was preventing the DNS installation to proceed. >>>>> >>>>> ticket #188 >>>>> >>>>> rob >>>>> >>>>> >>>>> _______________________________________________ >>>>> Freeipa-devel mailing list >>>>> Freeipa-devel at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel >>>> >>>> Is this the behaviour it is supposed to fix? >>>> >>>> 2010-09-08 10:46:18,776 DEBUG locked: cannot set ldap2.schema to >>>> >>>> File "/usr/sbin/ipa-server-install", line 835, in >>>> sys.exit(main()) >>>> >>>> File "/usr/sbin/ipa-server-install", line 773, in main >>>> api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", >>>> bind_pw=dm_password) >>>> >>>> File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 62, >>>> in connect >>>> conn = self.create_connection(*args, **kw) >>>> >>>> File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, >>>> in new_f >>>> return f(*new_args, **kwargs) >>>> >>>> File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", >>>> line 295, in create_connection >>>> self.schema = get_schema(self.ldap_uri, conn) >>>> >>>> File "/usr/lib/python2.6/site-packages/ipalib/base.py", line 131, in >>>> __setattr__ >>>> SET_ERROR % (self.__class__.__name__, name, value) >>>> >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-devel mailing list >>>> Freeipa-devel at redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-devel >>> I'll ACK, as it seems to get past the previous problem, but I don't >>> think it is 100% yet. My install failed with >>> Unexpected error - see ipaserver-install.log for details: >>> 'getpwnam(): name not found: named' >>> >>> >>> getent passwd named returns nothing. >>> >>> >>> THis was the second time I ran through the install after install >>> bind. Is it possible that we remove the named user from /etc/passwd >>> and don't re-add it? >>> >>> >>> >>> >>> _______________________________________________ >>> Freeipa-devel mailing list >>> Freeipa-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-devel >> And now I see that when I do an install (on F13) of bind and >> bind-dyndb-ldap.x86_64 I get a slew of errors: >> Warning: RPMDB altered outside of yum. >> Installing : 32:bind-9.7.1-2.P2.fc13.x86_64 1/2 >> warning: group named does not exist - using root >> warning: group named does not exist - using root >> warning: group named does not exist - using root >> warning: group named does not exist - using root >> warning: group named does not exist - using root >> warning: group named does not exist - using root >> warning: user named does not exist - using root >> warning: group named does not exist - using root >> warning: user named does not exist - using root >> warning: group named does not exist - using root >> warning: group named does not exist - using root >> warning: group named does not exist - using root >> warning: group named does not exist - using root >> warning: group named does not exist - using root >> warning: user named does not exist - using root >> warning: group named does not exist - using root >> warning: user named does not exist - using root >> warning: group named does not exist - using root >> chown: invalid group: `root:named' >> Installing : bind-dyndb-ldap-0.1.0-0.9.a1.20091210git.fc13.x86_64 >> >> So it isn't strictly our problem, except that it is. >> >> >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > > OK, it was an artifact of a lock file on my system. Install now goes > fine. I can ACK this with no reservations. > > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel pushed to master From ayoung at redhat.com Thu Sep 9 15:17:53 2010 From: ayoung at redhat.com (Adam Young) Date: Thu, 09 Sep 2010 11:17:53 -0400 Subject: [Freeipa-devel] Fwd: [Freeipa-users] [PATCH] 512 track server certs with certmonger In-Reply-To: <4C8842DE.9010605@redhat.com> References: <4C65A959.4010100@redhat.com> <4C69B4E1.9000606@redhat.com> <4C883D6A.8080204@redhat.com> <4C8842DE.9010605@redhat.com> Message-ID: <4C88FAA1.4070009@redhat.com> On 09/08/2010 10:13 PM, Rob Crittenden wrote: > Adam Young wrote: >> On 08/16/2010 06:00 PM, Rob Crittenden wrote: >>> Rob Crittenden wrote: >>>> I did it again :-( >>> >>> Updated patch that should apply cleanly. >>> >>> rob >>> >>> >>> _______________________________________________ >>> Freeipa-devel mailing list >>> Freeipa-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-devel >> >> ImportError: No module named certmonger. Need whatever provides that as >> an rpm dependency. This system has certmonger on it, but I see no python >> files in it. > > I forgot to re-add certmonger.py when I rebased it last time. I've > re-based the patch again and included certmonger.py, it should work > this time. > > rob ACK From edewata at redhat.com Thu Sep 9 16:36:38 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 9 Sep 2010 12:36:38 -0400 (EDT) Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0022-netgroup-associations.patch In-Reply-To: <884731174.1760551284050071241.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <1524618051.1760671284050198252.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> ----- "Adam Young" wrote: > Netgroup associations: > netgroups -> users, groups,hosts,hostgroups > > https://fedorahosted.org/freeipa/attachment/ticket/96/admiyo-freeipa-0022-netgroup-associations.patch ACK, but there are typos on lines 153, 167, 180 in the patch. Thanks! -- Endi S. Dewata From ayoung at redhat.com Thu Sep 9 16:43:07 2010 From: ayoung at redhat.com (Adam Young) Date: Thu, 09 Sep 2010 12:43:07 -0400 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0022-netgroup-associations.patch In-Reply-To: <1524618051.1760671284050198252.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <1524618051.1760671284050198252.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C890E9B.4010901@redhat.com> On 09/09/2010 12:36 PM, Endi Sukma Dewata wrote: > ----- "Adam Young" wrote: > > >> Netgroup associations: >> netgroups -> users, groups,hosts,hostgroups >> >> https://fedorahosted.org/freeipa/attachment/ticket/96/admiyo-freeipa-0022-netgroup-associations.patch >> > ACK, but there are typos on lines 153, 167, 180 in the patch. > Thanks! > > -- > Endi S. Dewata > Fixed types and pushed to master From ayoung at redhat.com Thu Sep 9 19:03:37 2010 From: ayoung at redhat.com (Adam Young) Date: Thu, 09 Sep 2010 15:03:37 -0400 Subject: [Freeipa-devel] Optimizing for the common case: automount and DNS Message-ID: <4C892F89.7040506@redhat.com> Both Automount and DNS are heirarchical entities. DNS starts with a zone. Usually, a zone is a domain name, like redhat.com. It might be more specific, like devel.redhat.com. A DNS setup is going to have at a minimum one zone, and is likely to only have a single zone. A Zone is pretty much just a name, and then a collection of records. The records are owned by the zone. THere will be very little or no crossover between zones. Thus, I'm thinking that the most common thing people are going to want to do is to manage the records for a single zone. So the question becomes, one tab or two? If we go two, we have DNS zones and DNS records, with an association facet on the zone that points to the record. The difference that doesn't map to existing use cases is that a given record is always associated with a zone, so creating a records, and then later associating it with a zone does not make sense. We could put a UI element like the finder on the associations page on the record page. So to create a record, one of the steps you'd do would be to run a zone search. This seems awkward. I'm thinking instead that we should have a single DNS tab. If we have a single zone, this tab defaults to the finder page for records for that zone. Clicking add creates a new record form, with the zone hardcoded already to be the default one. In the case where there are more than one zone, the default facet is the zone search. I suspect that this search should be automatically executed with a blank filter upon load so that the set of zones is available. Selecting a zone then goes to the finder page for the records , again, with the search pre-executed, and the name of the zone hyperlinked at the top. This approach also works with automounts. The default case for automounts is a single location. There are two entities beyond location to manage: maps and keys. These two are hierarchical: location owns map, map owns key. For this entity, I think the default page should be the search page for maps, with a search that specifies the default location. Each map entry has a hyperlink to its keys page, again a search pre-executed. Once multiple locations are defined, the default page for automount should be the location search page, pre-executed. Here is the criticisms I've thought of so far. It requires multiple calls to the server to determine what to display. The second is that it is more complicated, and will take somewhat more time to implement. The user will not expect the content of a tab to change out from under them. An alternative approach is that we can make DNS and Automount top level tabs, with zone and records tabs under DNS, and locations, maps and keys as tabs under Automount. Then, all we do is change which is the default tab based on the above logic. That would make the top level tabs: Identity DNS Automount Config I'm not sure if this is a scalable approach, once we add entitlements, sudo, hbac, hci, and so on. From rcritten at redhat.com Thu Sep 9 20:05:38 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 09 Sep 2010 16:05:38 -0400 Subject: [Freeipa-devel] [PATCH] 2. Enabling SUDO support In-Reply-To: <4C884B0B.3030200@redhat.com> References: <4C884B0B.3030200@redhat.com> Message-ID: <4C893E12.3000001@redhat.com> Dmitri Pal wrote: > See patch comment for more details. > ACK with these exceptions: I made a few minor changes in the ldif syntax: - remove blank lines - add missing dn: cn=schema - move SYNTAX to just before X-ORIGIN in hostMask I also fixed the SUDO service group entry, it was missing the ipauniqueid attribute. If these changes are ok then I can go ahead and push this. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001--SUDO-Enabling-SUDO-support-2.patch Type: text/x-patch Size: 8680 bytes Desc: not available URL: From rcritten at redhat.com Thu Sep 9 20:18:37 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 09 Sep 2010 16:18:37 -0400 Subject: [Freeipa-devel] [PATCH] 521 fix updater tests Message-ID: <4C89411D.10502@redhat.com> Fix the updater tests. These are not normally run, you need to put the DM password into a file in ~/.ipa. We dropped some schema that these tests were using which caused the failure. Should work now. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-521-tests.patch Type: text/x-patch Size: 828 bytes Desc: not available URL: From rcritten at redhat.com Thu Sep 9 20:38:20 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 09 Sep 2010 16:38:20 -0400 Subject: [Freeipa-devel] [PATCH] 522 add some ldap2 Backend tests Message-ID: <4C8945BC.3020101@redhat.com> Add some tests for using the ldap2 Backend. Fix a logic problem in ldap2:get_schema() for determining if it can fetch the schema or not. Normally we only want to do this for servers but if you pass in your own connection it will use that. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-522-tests.patch Type: text/x-patch Size: 6043 bytes Desc: not available URL: From rcritten at redhat.com Thu Sep 9 20:55:33 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 09 Sep 2010 16:55:33 -0400 Subject: [Freeipa-devel] Fwd: [Freeipa-users] [PATCH] 512 track server certs with certmonger In-Reply-To: <4C88FAA1.4070009@redhat.com> References: <4C65A959.4010100@redhat.com> <4C69B4E1.9000606@redhat.com> <4C883D6A.8080204@redhat.com> <4C8842DE.9010605@redhat.com> <4C88FAA1.4070009@redhat.com> Message-ID: <4C8949C5.3050302@redhat.com> Adam Young wrote: > On 09/08/2010 10:13 PM, Rob Crittenden wrote: >> Adam Young wrote: >>> On 08/16/2010 06:00 PM, Rob Crittenden wrote: >>>> Rob Crittenden wrote: >>>>> I did it again :-( >>>> >>>> Updated patch that should apply cleanly. >>>> >>>> rob >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-devel mailing list >>>> Freeipa-devel at redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-devel >>> >>> ImportError: No module named certmonger. Need whatever provides that as >>> an rpm dependency. This system has certmonger on it, but I see no python >>> files in it. >> >> I forgot to re-add certmonger.py when I rebased it last time. I've >> re-based the patch again and included certmonger.py, it should work >> this time. >> >> rob > ACK pushed to master From rcritten at redhat.com Thu Sep 9 20:55:49 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 09 Sep 2010 16:55:49 -0400 Subject: [Freeipa-devel] [PATCH] 518 handle errors in uninstall better In-Reply-To: <4C869576.2040508@redhat.com> References: <4C7D73D4.1000804@redhat.com> <4C7E7444.9080603@redhat.com> <4C7E7F11.7010407@redhat.com> <4C869576.2040508@redhat.com> Message-ID: <4C8949D5.8050503@redhat.com> Rob Crittenden wrote: > Dmitri Pal wrote: >> Adam Young wrote: >>> On 08/31/2010 05:27 PM, Rob Crittenden wrote: >>>> # Always start certmonger. We can't untrack something if it isn't >>> Is this really necessary? This is the only thing that jumped out at me >>> in the patch. >>> >>> Assuming it really is: Ack >>> >> I have not looked at the patch but I suspect that it is related to the >> fact that we plan to automatically track the expiration of the certs >> issued to the server itself. So yes we need to have certmonger running >> all the time thus comment makes sense to me. > > I did this in case the user has stopped certmonger. If we try to use the > ipa-getcert command with the certmonger service stopped a DBUS error > will be thrown. Trying to start a running service is a no-op so it > doesn't hurt anything. > > This patch relies on unreviewed patch 512, I need to get that one acked > before I can push this one. > pushed to master From ayoung at redhat.com Thu Sep 9 20:59:34 2010 From: ayoung at redhat.com (Adam Young) Date: Thu, 09 Sep 2010 16:59:34 -0400 Subject: [Freeipa-devel] [PATCH] 521 fix updater tests In-Reply-To: <4C89411D.10502@redhat.com> References: <4C89411D.10502@redhat.com> Message-ID: <4C894AB6.8070500@redhat.com> On 09/09/2010 04:18 PM, Rob Crittenden wrote: > Fix the updater tests. These are not normally run, you need to put the > DM password into a file in ~/.ipa. We dropped some schema that these > tests were using which caused the failure. Should work now. > > rob > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel ACK -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Thu Sep 9 22:00:33 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 09 Sep 2010 18:00:33 -0400 Subject: [Freeipa-devel] [PATCH] 523 add 2 missing man pages Message-ID: <4C895901.3010501@redhat.com> Add missing man pages for ipa-dns-install and ipa-upgradeconfig. tickets 130 and 131 rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-523-man.patch Type: text/x-patch Size: 4541 bytes Desc: not available URL: From rcritten at redhat.com Thu Sep 9 22:13:39 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 09 Sep 2010 18:13:39 -0400 Subject: [Freeipa-devel] [PATCH] 524 spec file cleanup Message-ID: <4C895C13.8090309@redhat.com> Clean up the spec file, add Requires for nss-pam-ldapd for F14+ Also do the following: - Remove conflicts on mod_ssl - Remove a lot of version checking for EOL'd Fedora versions - Add a few conditionals for rhel6 - Add Requires of nss-tools on ipa-client tickets 62, 153 rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-524-spec.patch Type: text/x-patch Size: 3437 bytes Desc: not available URL: From edewata at redhat.com Thu Sep 9 23:00:13 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 9 Sep 2010 19:00:13 -0400 (EDT) Subject: [Freeipa-devel] [PATCH] Splitting service principal into service name and hostname. In-Reply-To: <1810163217.1798661284073135472.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <301148013.1798681284073213582.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Hi, Please review the attached patch. Thanks! The EntityBuilder has been modified to obtain the pkey value by invoking getPKey(). This function can be overriden for different entities. The addOptionsFunction() has been renamed to getOptions() and it can be overriden for different entities. Each entity that uses this function has been modified accordingly. The addEdit(), addAnother(), add_fail() has been moved into the EntityBuilder class. The global builders is no longer needed because a reference to the builder object can be obtained via enclosure. The ServiceForms has been modified to take service name and hostname and combine them to generate the service principal by overriding the getPKey(). -- Endi S. Dewata -------------- next part -------------- A non-text attachment was scrubbed... Name: edewata-freeipa-0002-Splitting-service-principal-into-service-name-and-ho.patch Type: text/x-patch Size: 9604 bytes Desc: not available URL: From ayoung at redhat.com Fri Sep 10 01:27:42 2010 From: ayoung at redhat.com (Adam Young) Date: Thu, 09 Sep 2010 21:27:42 -0400 Subject: [Freeipa-devel] [PATCH] Splitting service principal into service name and hostname. In-Reply-To: <301148013.1798681284073213582.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <301148013.1798681284073213582.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C89898E.9070204@redhat.com> On 09/09/2010 07:00 PM, Endi Sukma Dewata wrote: > Hi, > > Please review the attached patch. Thanks! > > The EntityBuilder has been modified to obtain the pkey value by > invoking getPKey(). This function can be overriden for different > entities. > > The addOptionsFunction() has been renamed to getOptions() and it > can be overriden for different entities. Each entity that uses this > function has been modified accordingly. > > The addEdit(), addAnother(), add_fail() has been moved into the > EntityBuilder class. The global builders is no longer needed because > a reference to the builder object can be obtained via enclosure. > > The ServiceForms has been modified to take service name and > hostname and combine them to generate the service principal by > overriding the getPKey(). > > -- > Endi S. Dewata > > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel ACK, although please add the following error check in add.js line 67ish if (response.error){ if (response.error.message){ alert(response.error.message); }else{ alert("error adding entry"); } return; } -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Fri Sep 10 14:14:58 2010 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 10 Sep 2010 10:14:58 -0400 Subject: [Freeipa-devel] Optimizing for the common case: automount and DNS In-Reply-To: <4C892F89.7040506@redhat.com> References: <4C892F89.7040506@redhat.com> Message-ID: <4C8A3D62.9090005@redhat.com> Adam Young wrote: > Both Automount and DNS are heirarchical entities. > > > DNS starts with a zone. Usually, a zone is a domain name, like > redhat.com. It might be more specific, like devel.redhat.com. > > A DNS setup is going to have at a minimum one zone, and is likely to > only have a single zone. > > A Zone is pretty much just a name, and then a collection of records. > The records are owned by the zone. THere will be very little or no > crossover between zones. Thus, I'm thinking that the most common > thing people are going to want to do is to manage the records for a > single zone. > > > So the question becomes, one tab or two? If we go two, we have DNS > zones and DNS records, with an association facet on the zone that > points to the record. The difference that doesn't map to existing use > cases is that a given record is always associated with a zone, so > creating a records, and then later associating it with a zone does not > make sense. > > We could put a UI element like the finder on the associations page on > the record page. So to create a record, one of the steps you'd do > would be to run a zone search. This seems awkward. > > I'm thinking instead that we should have a single DNS tab. If we have > a single zone, this tab defaults to the finder page for records for > that zone. Clicking add creates a new record form, with the zone > hardcoded already to be the default one. > > In the case where there are more than one zone, the default facet is > the zone search. I suspect that this search should be automatically > executed with a blank filter upon load so that the set of zones is > available. Selecting a zone then goes to the finder page for the > records , again, with the search pre-executed, and the name of the > zone hyperlinked at the top. > > > This approach also works with automounts. The default case for > automounts is a single location. There are two entities beyond > location to manage: maps and keys. These two are hierarchical: > location owns map, map owns key. > > For this entity, I think the default page should be the search page > for maps, with a search that specifies the default location. Each map > entry has a hyperlink to its keys page, again a search pre-executed. > > Once multiple locations are defined, the default page for automount > should be the location search page, pre-executed. > > > Here is the criticisms I've thought of so far. It requires multiple > calls to the server to determine what to display. The second is that > it is more complicated, and will take somewhat more time to > implement. The user will not expect the content of a tab to change > out from under them. > > > An alternative approach is that we can make DNS and Automount top > level tabs, with zone and records tabs under DNS, and locations, maps > and keys as tabs under Automount. Then, all we do is change which is > the default tab based on the above logic. That would make the top > level tabs: > > Identity DNS Automount Config > > I'm not sure if this is a scalable approach, once we add entitlements, > sudo, hbac, hci, and so on. > > I think we need to run this by Ben and make sure we are in agreement. Is this blocking you? I do not like the ideas of DNS and Automount on the top level, sorry. May be we should look at the DNS zones (Z) and automount locations (L) in the following way: 1) The fist page you get two when you go for DNS or Automount is search for Z or L as in all other places. But... 2) At the beginning there are no Z or L so the code instead of displaying the search page will redirect user to the non modal "add Z" or "add L" page respectfully automatically. 3) If there is just one Z or L entry the search page will automatically redirect user to the Z or L contents page 4) On the Z or L content page we will have a button "add another Z" or "add another L". This will be the way to add second Z or L in the first place. 5) As soon as there are more than 1 Z or L the search page will present the list rather than do automatic redirect. This seems to be a pretty logical and consistent approach. Now if we agree to this one it might make sense to consider doing the same thing for some of the objects that by default will not be prepopulated in the LDAP. For example netgroups or host groups. I am not sure it makes sense for users and groups since there will be at least one user and one group from the installation moment. > > > > > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From dpal at redhat.com Fri Sep 10 14:15:41 2010 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 10 Sep 2010 10:15:41 -0400 Subject: [Freeipa-devel] [PATCH] 2. Enabling SUDO support In-Reply-To: <4C893E12.3000001@redhat.com> References: <4C884B0B.3030200@redhat.com> <4C893E12.3000001@redhat.com> Message-ID: <4C8A3D8D.6060301@redhat.com> Rob Crittenden wrote: > Dmitri Pal wrote: >> See patch comment for more details. >> > > ACK with these exceptions: > > I made a few minor changes in the ldif syntax: > - remove blank lines > - add missing dn: cn=schema > - move SYNTAX to just before X-ORIGIN in hostMask > > I also fixed the SUDO service group entry, it was missing the > ipauniqueid attribute. > > If these changes are ok then I can go ahead and push this. > > rob Thank you Rob! -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From ayoung at redhat.com Fri Sep 10 14:22:02 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 10 Sep 2010 10:22:02 -0400 Subject: [Freeipa-devel] [PATCH] 524 spec file cleanup In-Reply-To: <4C895C13.8090309@redhat.com> References: <4C895C13.8090309@redhat.com> Message-ID: <4C8A3F0A.4080609@redhat.com> On 09/09/2010 06:13 PM, Rob Crittenden wrote: > Clean up the spec file, add Requires for nss-pam-ldapd for F14+ > > Also do the following: > - Remove conflicts on mod_ssl > - Remove a lot of version checking for EOL'd Fedora versions > - Add a few conditionals for rhel6 > - Add Requires of nss-tools on ipa-client > > tickets 62, 153 > > rob > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel ACK -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Fri Sep 10 14:24:33 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 10 Sep 2010 10:24:33 -0400 Subject: [Freeipa-devel] Optimizing for the common case: automount and DNS In-Reply-To: <4C8A3D62.9090005@redhat.com> References: <4C892F89.7040506@redhat.com> <4C8A3D62.9090005@redhat.com> Message-ID: <4C8A3FA1.4080301@redhat.com> Dmitri Pal wrote: > Adam Young wrote: >> Both Automount and DNS are heirarchical entities. >> >> >> DNS starts with a zone. Usually, a zone is a domain name, like >> redhat.com. It might be more specific, like devel.redhat.com. >> >> A DNS setup is going to have at a minimum one zone, and is likely to >> only have a single zone. >> >> A Zone is pretty much just a name, and then a collection of records. >> The records are owned by the zone. THere will be very little or no >> crossover between zones. Thus, I'm thinking that the most common >> thing people are going to want to do is to manage the records for a >> single zone. >> >> >> So the question becomes, one tab or two? If we go two, we have DNS >> zones and DNS records, with an association facet on the zone that >> points to the record. The difference that doesn't map to existing use >> cases is that a given record is always associated with a zone, so >> creating a records, and then later associating it with a zone does not >> make sense. >> >> We could put a UI element like the finder on the associations page on >> the record page. So to create a record, one of the steps you'd do >> would be to run a zone search. This seems awkward. >> >> I'm thinking instead that we should have a single DNS tab. If we have >> a single zone, this tab defaults to the finder page for records for >> that zone. Clicking add creates a new record form, with the zone >> hardcoded already to be the default one. >> >> In the case where there are more than one zone, the default facet is >> the zone search. I suspect that this search should be automatically >> executed with a blank filter upon load so that the set of zones is >> available. Selecting a zone then goes to the finder page for the >> records , again, with the search pre-executed, and the name of the >> zone hyperlinked at the top. >> >> >> This approach also works with automounts. The default case for >> automounts is a single location. There are two entities beyond >> location to manage: maps and keys. These two are hierarchical: >> location owns map, map owns key. >> >> For this entity, I think the default page should be the search page >> for maps, with a search that specifies the default location. Each map >> entry has a hyperlink to its keys page, again a search pre-executed. >> >> Once multiple locations are defined, the default page for automount >> should be the location search page, pre-executed. >> >> >> Here is the criticisms I've thought of so far. It requires multiple >> calls to the server to determine what to display. The second is that >> it is more complicated, and will take somewhat more time to >> implement. The user will not expect the content of a tab to change >> out from under them. >> >> >> An alternative approach is that we can make DNS and Automount top >> level tabs, with zone and records tabs under DNS, and locations, maps >> and keys as tabs under Automount. Then, all we do is change which is >> the default tab based on the above logic. That would make the top >> level tabs: >> >> Identity DNS Automount Config >> >> I'm not sure if this is a scalable approach, once we add entitlements, >> sudo, hbac, hci, and so on. >> >> > > I think we need to run this by Ben and make sure we are in agreement. > Is this blocking you? > > I do not like the ideas of DNS and Automount on the top level, sorry. I'm not sure about this either. I think that as the project continues we'll quickly run out of room if we do this. > May be we should look at the DNS zones (Z) and automount locations (L) > in the following way: > 1) The fist page you get two when you go for DNS or Automount is search > for Z or L as in all other places. But... > 2) At the beginning there are no Z or L so the code instead of > displaying the search page will redirect user to the non modal "add Z" > or "add L" page respectfully automatically. Actually there will always be both a Z and an L. The Z is created when the server is installed, though we do probably need to handle the case where all zones are deleted. Same for L. We provide one named "default". > 3) If there is just one Z or L entry the search page will automatically > redirect user to the Z or L contents page > 4) On the Z or L content page we will have a button "add another Z" or > "add another L". This will be the way to add second Z or L in the first > place. > 5) As soon as there are more than 1 Z or L the search page will present > the list rather than do automatic redirect. > > This seems to be a pretty logical and consistent approach. > Now if we agree to this one it might make sense to consider doing the > same thing for some of the objects that by default will not be > prepopulated in the LDAP. For example netgroups or host groups. I am not > sure it makes sense for users and groups since there will be at least > one user and one group from the installation moment. The thing is this is like a .0001% case. You probably will ever only see it once during an install. Assuming it doesn't take a lot of work to do it I'm fine with it, otherwise the search box where there is nothing to be found is fine by me. rob From ayoung at redhat.com Fri Sep 10 14:29:13 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 10 Sep 2010 10:29:13 -0400 Subject: [Freeipa-devel] Optimizing for the common case: automount and DNS In-Reply-To: <4C8A3FA1.4080301@redhat.com> References: <4C892F89.7040506@redhat.com> <4C8A3D62.9090005@redhat.com> <4C8A3FA1.4080301@redhat.com> Message-ID: <4C8A40B9.5050909@redhat.com> On 09/10/2010 10:24 AM, Rob Crittenden wrote: > Dmitri Pal wrote: >> Adam Young wrote: >>> Both Automount and DNS are heirarchical entities. >>> >>> >>> DNS starts with a zone. Usually, a zone is a domain name, like >>> redhat.com. It might be more specific, like devel.redhat.com. >>> >>> A DNS setup is going to have at a minimum one zone, and is likely to >>> only have a single zone. >>> >>> A Zone is pretty much just a name, and then a collection of records. >>> The records are owned by the zone. THere will be very little or no >>> crossover between zones. Thus, I'm thinking that the most common >>> thing people are going to want to do is to manage the records for a >>> single zone. >>> >>> >>> So the question becomes, one tab or two? If we go two, we have DNS >>> zones and DNS records, with an association facet on the zone that >>> points to the record. The difference that doesn't map to existing use >>> cases is that a given record is always associated with a zone, so >>> creating a records, and then later associating it with a zone does not >>> make sense. >>> >>> We could put a UI element like the finder on the associations page on >>> the record page. So to create a record, one of the steps you'd do >>> would be to run a zone search. This seems awkward. >>> >>> I'm thinking instead that we should have a single DNS tab. If we have >>> a single zone, this tab defaults to the finder page for records for >>> that zone. Clicking add creates a new record form, with the zone >>> hardcoded already to be the default one. >>> >>> In the case where there are more than one zone, the default facet is >>> the zone search. I suspect that this search should be automatically >>> executed with a blank filter upon load so that the set of zones is >>> available. Selecting a zone then goes to the finder page for the >>> records , again, with the search pre-executed, and the name of the >>> zone hyperlinked at the top. >>> >>> >>> This approach also works with automounts. The default case for >>> automounts is a single location. There are two entities beyond >>> location to manage: maps and keys. These two are hierarchical: >>> location owns map, map owns key. >>> >>> For this entity, I think the default page should be the search page >>> for maps, with a search that specifies the default location. Each map >>> entry has a hyperlink to its keys page, again a search pre-executed. >>> >>> Once multiple locations are defined, the default page for automount >>> should be the location search page, pre-executed. >>> >>> >>> Here is the criticisms I've thought of so far. It requires multiple >>> calls to the server to determine what to display. The second is that >>> it is more complicated, and will take somewhat more time to >>> implement. The user will not expect the content of a tab to change >>> out from under them. >>> >>> >>> An alternative approach is that we can make DNS and Automount top >>> level tabs, with zone and records tabs under DNS, and locations, maps >>> and keys as tabs under Automount. Then, all we do is change which is >>> the default tab based on the above logic. That would make the top >>> level tabs: >>> >>> Identity DNS Automount Config >>> >>> I'm not sure if this is a scalable approach, once we add entitlements, >>> sudo, hbac, hci, and so on. >>> >>> >> >> I think we need to run this by Ben and make sure we are in agreement. >> Is this blocking you? >> >> I do not like the ideas of DNS and Automount on the top level, sorry. > > I'm not sure about this either. I think that as the project continues > we'll quickly run out of room if we do this. Yeah, I don't either. I was just offereing it as an alternative. > >> May be we should look at the DNS zones (Z) and automount locations (L) >> in the following way: >> 1) The fist page you get two when you go for DNS or Automount is search >> for Z or L as in all other places. But... >> 2) At the beginning there are no Z or L so the code instead of >> displaying the search page will redirect user to the non modal "add Z" > > or "add L" page respectfully automatically. > > Actually there will always be both a Z and an L. The Z is created when > the server is installed, though we do probably need to handle the case > where all zones are deleted. > > Same for L. We provide one named "default". > >> 3) If there is just one Z or L entry the search page will automatically >> redirect user to the Z or L contents page >> 4) On the Z or L content page we will have a button "add another Z" or >> "add another L". This will be the way to add second Z or L in the first >> place. >> 5) As soon as there are more than 1 Z or L the search page will present >> the list rather than do automatic redirect. That sounds pretty much like what I was recommending. I think we are in "violent agreement" >> >> This seems to be a pretty logical and consistent approach. >> Now if we agree to this one it might make sense to consider doing the >> same thing for some of the objects that by default will not be >> prepopulated in the LDAP. For example netgroups or host groups. I am not >> sure it makes sense for users and groups since there will be at least >> one user and one group from the installation moment. Those cases are different, in that the searches will just return 0 results. I say we leave those as is. > > The thing is this is like a .0001% case. You probably will ever only > see it once during an install. Assuming it doesn't take a lot of work > to do it I'm fine with it, otherwise the search box where there is > nothing to be found is fine by me. Agreed > > rob From dpal at redhat.com Fri Sep 10 14:40:55 2010 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 10 Sep 2010 10:40:55 -0400 Subject: [Freeipa-devel] Optimizing for the common case: automount and DNS In-Reply-To: <4C8A40B9.5050909@redhat.com> References: <4C892F89.7040506@redhat.com> <4C8A3D62.9090005@redhat.com> <4C8A3FA1.4080301@redhat.com> <4C8A40B9.5050909@redhat.com> Message-ID: <4C8A4377.1050202@redhat.com> Adam Young wrote: > On 09/10/2010 10:24 AM, Rob Crittenden wrote: >> Dmitri Pal wrote: >>> Adam Young wrote: >>>> Both Automount and DNS are heirarchical entities. >>>> >>>> >>>> DNS starts with a zone. Usually, a zone is a domain name, like >>>> redhat.com. It might be more specific, like devel.redhat.com. >>>> >>>> A DNS setup is going to have at a minimum one zone, and is likely to >>>> only have a single zone. >>>> >>>> A Zone is pretty much just a name, and then a collection of records. >>>> The records are owned by the zone. THere will be very little or no >>>> crossover between zones. Thus, I'm thinking that the most common >>>> thing people are going to want to do is to manage the records for a >>>> single zone. >>>> >>>> >>>> So the question becomes, one tab or two? If we go two, we have DNS >>>> zones and DNS records, with an association facet on the zone that >>>> points to the record. The difference that doesn't map to existing use >>>> cases is that a given record is always associated with a zone, so >>>> creating a records, and then later associating it with a zone does not >>>> make sense. >>>> >>>> We could put a UI element like the finder on the associations page on >>>> the record page. So to create a record, one of the steps you'd do >>>> would be to run a zone search. This seems awkward. >>>> >>>> I'm thinking instead that we should have a single DNS tab. If we have >>>> a single zone, this tab defaults to the finder page for records for >>>> that zone. Clicking add creates a new record form, with the zone >>>> hardcoded already to be the default one. >>>> >>>> In the case where there are more than one zone, the default facet is >>>> the zone search. I suspect that this search should be automatically >>>> executed with a blank filter upon load so that the set of zones is >>>> available. Selecting a zone then goes to the finder page for the >>>> records , again, with the search pre-executed, and the name of the >>>> zone hyperlinked at the top. >>>> >>>> >>>> This approach also works with automounts. The default case for >>>> automounts is a single location. There are two entities beyond >>>> location to manage: maps and keys. These two are hierarchical: >>>> location owns map, map owns key. >>>> >>>> For this entity, I think the default page should be the search page >>>> for maps, with a search that specifies the default location. Each map >>>> entry has a hyperlink to its keys page, again a search pre-executed. >>>> >>>> Once multiple locations are defined, the default page for automount >>>> should be the location search page, pre-executed. >>>> >>>> >>>> Here is the criticisms I've thought of so far. It requires multiple >>>> calls to the server to determine what to display. The second is that >>>> it is more complicated, and will take somewhat more time to >>>> implement. The user will not expect the content of a tab to change >>>> out from under them. >>>> >>>> >>>> An alternative approach is that we can make DNS and Automount top >>>> level tabs, with zone and records tabs under DNS, and locations, maps >>>> and keys as tabs under Automount. Then, all we do is change which is >>>> the default tab based on the above logic. That would make the top >>>> level tabs: >>>> >>>> Identity DNS Automount Config >>>> >>>> I'm not sure if this is a scalable approach, once we add entitlements, >>>> sudo, hbac, hci, and so on. >>>> >>>> >>> >>> I think we need to run this by Ben and make sure we are in agreement. >>> Is this blocking you? >>> >>> I do not like the ideas of DNS and Automount on the top level, sorry. >> >> I'm not sure about this either. I think that as the project continues >> we'll quickly run out of room if we do this. > Yeah, I don't either. I was just offereing it as an alternative. > >> >>> May be we should look at the DNS zones (Z) and automount locations (L) >>> in the following way: >>> 1) The fist page you get two when you go for DNS or Automount is search >>> for Z or L as in all other places. But... >>> 2) At the beginning there are no Z or L so the code instead of >>> displaying the search page will redirect user to the non modal "add Z" >> > or "add L" page respectfully automatically. >> >> Actually there will always be both a Z and an L. The Z is created >> when the server is installed, though we do probably need to handle >> the case where all zones are deleted. >> >> Same for L. We provide one named "default". Then it even reduces the logic to handling one and more than one and not having to have case for 0. >> >>> 3) If there is just one Z or L entry the search page will automatically >>> redirect user to the Z or L contents page >>> 4) On the Z or L content page we will have a button "add another Z" or >>> "add another L". This will be the way to add second Z or L in the first >>> place. >>> 5) As soon as there are more than 1 Z or L the search page will present >>> the list rather than do automatic redirect. > > That sounds pretty much like what I was recommending. I think we are > in "violent agreement" We were in agreement from the very beginning. It is just that I tried to use the wording that makes more sense for me and present the case in a more algorithmic way. >>> >>> This seems to be a pretty logical and consistent approach. >>> Now if we agree to this one it might make sense to consider doing the >>> same thing for some of the objects that by default will not be >>> prepopulated in the LDAP. For example netgroups or host groups. I am >>> not >>> sure it makes sense for users and groups since there will be at least >>> one user and one group from the installation moment. > Those cases are different, in that the searches will just return 0 > results. I say we leave those as is. > >> >> The thing is this is like a .0001% case. You probably will ever only >> see it once during an install. Assuming it doesn't take a lot of work >> to do it I'm fine with it, otherwise the search box where there is >> nothing to be found is fine by me. > Agreed > >> >> rob > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From ayoung at redhat.com Fri Sep 10 16:45:45 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 10 Sep 2010 12:45:45 -0400 Subject: [Freeipa-devel] Javascript coding standards Message-ID: <4C8A60B9.9090508@redhat.com> I started a page on the Trac wiki for Javascrpt coding standards. The old wiki does not accept my userid and password, otherwise, I would have put it next to the standards for C and Python. https://fedorahosted.org/freeipa/wiki/Javascript_Coding_Standards The standards are pretty meagre thus far. Please submit suggestions and references. From edewata at redhat.com Fri Sep 10 16:49:51 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Fri, 10 Sep 2010 12:49:51 -0400 (EDT) Subject: [Freeipa-devel] [PATCH] Splitting service principal into service name and hostname. In-Reply-To: <1682611548.1863351284137351337.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <1557130937.1863401284137391364.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> ----- "Adam Young" wrote: > ACK, although > please add the following error check in add.js line 67ish > if (response.error){ > if (response.error.message){ > alert(response.error.message); > }else{ > alert("error adding entry"); > } > return; > } OK, fixed in the new attachment. Thanks! -- Endi S. Dewata -------------- next part -------------- A non-text attachment was scrubbed... Name: edewata-freeipa-0002-2-Splitting-service-principal-into-service-name-and-ho.patch Type: text/x-patch Size: 9964 bytes Desc: not available URL: From ayoung at redhat.com Fri Sep 10 17:00:24 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 10 Sep 2010 13:00:24 -0400 Subject: [Freeipa-devel] [PATCH] Splitting service principal into service name and hostname. In-Reply-To: <1557130937.1863401284137391364.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <1557130937.1863401284137391364.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C8A6428.3060007@redhat.com> On 09/10/2010 12:49 PM, Endi Sukma Dewata wrote: > Splitting service principal into service name and hostname. > > The EntityBuilder has been modified to obtain the pkey value by > invoking getPKey(). This function can be overriden for different > entities. > > The addOptionsFunction() has been renamed to getOptions() and it > can be overriden for different entities. Each entity that uses this > function has been modified accordingly. > > The addEdit(), addAnother(), add_fail() has been moved into the > EntityBuilder class. The global builders is no longer needed because > a reference to the builder object can be obtained via enclosure. > > The ServiceForms has been modified to take service name and > hostname and combine them to generate the service principal by > overriding the getPKey(). > pushed to master From rcritten at redhat.com Fri Sep 10 20:06:47 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 10 Sep 2010 16:06:47 -0400 Subject: [Freeipa-devel] [PATCH] 525 remove a few more krbV references from ipa-client Message-ID: <4C8A8FD7.7020209@redhat.com> Remove some additional instances of krbV from ipa-client Make two krbV imports conditional. These aren't used during a client install so should cause no problems. Also fix the client installer to use the new env option in ipautil.run. We weren't getting the krb5 configuration set in the environment because we were overriding the environment to set the PATH. ticket 136 rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-525-krbv.patch Type: text/x-patch Size: 4575 bytes Desc: not available URL: From ayoung at redhat.com Fri Sep 10 20:37:51 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 10 Sep 2010 16:37:51 -0400 Subject: [Freeipa-devel] [PATCH] 525 remove a few more krbV references from ipa-client In-Reply-To: <4C8A8FD7.7020209@redhat.com> References: <4C8A8FD7.7020209@redhat.com> Message-ID: <4C8A971F.5070402@redhat.com> On 09/10/2010 04:06 PM, Rob Crittenden wrote: > + env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"} > ACK From rcritten at redhat.com Fri Sep 10 20:52:48 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 10 Sep 2010 16:52:48 -0400 Subject: [Freeipa-devel] [PATCH] 521 fix updater tests In-Reply-To: <4C894AB6.8070500@redhat.com> References: <4C89411D.10502@redhat.com> <4C894AB6.8070500@redhat.com> Message-ID: <4C8A9AA0.4080600@redhat.com> Adam Young wrote: > On 09/09/2010 04:18 PM, Rob Crittenden wrote: >> Fix the updater tests. These are not normally run, you need to put the >> DM password into a file in ~/.ipa. We dropped some schema that these >> tests were using which caused the failure. Should work now. >> >> rob >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > ACK pushed to master From rcritten at redhat.com Fri Sep 10 21:17:05 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 10 Sep 2010 17:17:05 -0400 Subject: [Freeipa-devel] [PATCH] 526 be smarter about checking for bind package requirements Message-ID: <4C8AA051.4070609@redhat.com> Show all missing packages when setting up bind, not one at a time. We used to check for these one at a time so you'd run it once and find out you're missing the bind package. Install that and run the installer again and you'd discover you're missing bind-dyndb-ldap. We don't do this with rpm Requires because DNS is an optional component. ticket 140 rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-526-bind.patch Type: text/x-patch Size: 2178 bytes Desc: not available URL: From rcritten at redhat.com Fri Sep 10 21:56:20 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 10 Sep 2010 17:56:20 -0400 Subject: [Freeipa-devel] [PATCH] 527 add --no-host-dns option to ipa-replica-install Message-ID: <4C8AA984.7050406@redhat.com> ipa-server-install has a --no-host-dns option but ipa-replica-install didn't. This evens the playing field. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-527-install.patch Type: text/x-patch Size: 4549 bytes Desc: not available URL: From ayoung at redhat.com Fri Sep 10 23:16:58 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 10 Sep 2010 19:16:58 -0400 Subject: [Freeipa-devel] [PATCH] 527 add --no-host-dns option to ipa-replica-install In-Reply-To: <4C8AA984.7050406@redhat.com> References: <4C8AA984.7050406@redhat.com> Message-ID: <4C8ABC6A.70201@redhat.com> On 09/10/2010 05:56 PM, Rob Crittenden wrote: > ipa-server-install has a --no-host-dns option but ipa-replica-install > didn't. This evens the playing field. > > rob > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel ACK -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Fri Sep 10 23:17:48 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 10 Sep 2010 19:17:48 -0400 Subject: [Freeipa-devel] [PATCH] 526 be smarter about checking for bind package requirements In-Reply-To: <4C8AA051.4070609@redhat.com> References: <4C8AA051.4070609@redhat.com> Message-ID: <4C8ABC9C.7040308@redhat.com> On 09/10/2010 05:17 PM, Rob Crittenden wrote: > Show all missing packages when setting up bind, not one at a time. > > We used to check for these one at a time so you'd run it once and find > out you're missing the bind package. Install that and run the > installer again and you'd discover you're missing bind-dyndb-ldap. > > We don't do this with rpm Requires because DNS is an optional component. > > ticket 140 > > rob > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel ACK -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Sat Sep 11 01:29:17 2010 From: ayoung at redhat.com (Adam Young) Date: Fri, 10 Sep 2010 21:29:17 -0400 Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0023-user-whoami.patch Message-ID: <4C8ADB6D.9060809@redhat.com> user whoami Added a whoami option to the user, allows the user to query their own information based on their Kerberos principal https://fedorahosted.org/freeipa/attachment/ticket/47/admiyo-freeipa-0023-user-whoami.patch This will be used to return the users principal and rolegroups. Test with : curl -H "Content-Type:application/json" -H "Accept:applicaton/json" -H "Accept-Language:es" --negotiate -u : --cacert /etc/ipa/ca.crt -d '{"method:"user_find","params":[[],{ "all":true,"whoami":"True" } ],"id":0}' -X POST http://127.0.0.1:8888/ipa/json as well as ipa user-find --whoami --all -------------- next part -------------- A non-text attachment was scrubbed... Name: admiyo-freeipa-0023-user-whoami.patch Type: text/x-patch Size: 1356 bytes Desc: not available URL: From ayoung at redhat.com Mon Sep 13 13:03:44 2010 From: ayoung at redhat.com (Adam Young) Date: Mon, 13 Sep 2010 09:03:44 -0400 Subject: [Freeipa-devel] QUnit and unit testing Message-ID: <4C8E2130.6030303@redhat.com> I've started playing around with QUnit. I think it is the right too for Unit testing in q JQuery based application. One thing that has become clear pretty quickly is that most of our code is dependant upon ipa_cmd. We are going to need to have a more flexible scheme for specifying whether we want a success, an semantic failure, or an RPC failure from each call. I think the sampledata scheme that we have thus far will get us started, but I think maybe it is time to start teasing apart concerns for the various objects. I'd like to make ipa_cmd and object instead of just a flat function call. The API should be something like: Constructor takes the success, error, and failure callbacks, object name, and method. The execute method takes the params and args. The various Entities will have the logic for how to create their own IPA Commands. Search, details, and the other UI pieces will take a Command object as one of the constructor params. Thus, the first focus of the unit testing framework will be to test the UI pieces. One place where JavaScript is weak is in enforcing design by contract. We need to use JUnit to catch for us the places where the contract is or is no met. I'm not sure how we can catch things like "The details object has changed its API from 'exec' to 'execute' but we are still calling exec" and catch it in Unit tests. I suspect that what we will find is that much of the callback logic defined in the various structures will get extracted out to helper classes instead. What I've found working in C, Java, and C++ is that a good Inversion of Control approach greatly improves reuse and maintainability of your project. I am still working out how to apply the concept to Javascript. As far as scopes go, I figure we pretty much have two: application and hashchange. Our eneity files are pretty much the configuration for the system. As such, we want to minimize the behaviour defined in them. A function should be defined in an entity file only if it truly is a one time deal. Even then, they should be a s small as possible, really to pull together two aspects from the rest of the system: wiring things up. From rcritten at redhat.com Mon Sep 13 14:06:02 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 13 Sep 2010 10:06:02 -0400 Subject: [Freeipa-devel] [PATCH] 524 spec file cleanup In-Reply-To: <4C8A3F0A.4080609@redhat.com> References: <4C895C13.8090309@redhat.com> <4C8A3F0A.4080609@redhat.com> Message-ID: <4C8E2FCA.2000601@redhat.com> Adam Young wrote: > On 09/09/2010 06:13 PM, Rob Crittenden wrote: >> Clean up the spec file, add Requires for nss-pam-ldapd for F14+ >> >> Also do the following: >> - Remove conflicts on mod_ssl >> - Remove a lot of version checking for EOL'd Fedora versions >> - Add a few conditionals for rhel6 >> - Add Requires of nss-tools on ipa-client >> >> tickets 62, 153 >> >> rob >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > ACK pushed to master From ayoung at redhat.com Mon Sep 13 15:44:53 2010 From: ayoung at redhat.com (Adam Young) Date: Mon, 13 Sep 2010 11:44:53 -0400 Subject: [Freeipa-devel] Proposed Javascript coding standards Message-ID: <4C8E46F5.5050001@redhat.com> I've updated the page. Bascially, I took the python coding standards and aaplied them to our code. THis seems to be the path of least resistance. People used to Camel case will have to get used to underscores People used to putting underscores before private variables will go through withdrawal There is something here for everyone to learn. Please review and provide feedback. https://fedorahosted.org/freeipa/wiki/Javascript_Coding_Standards From edewata at redhat.com Mon Sep 13 16:51:09 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Mon, 13 Sep 2010 12:51:09 -0400 (EDT) Subject: [Freeipa-devel] QUnit and unit testing In-Reply-To: <260586201.1989211284393573010.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <1955264466.1996191284396669197.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> ----- "Adam Young" wrote: > I've started playing around with QUnit. I think it is the right too > for Unit testing in q JQuery based application. > > One thing that has become clear pretty quickly is that most of our > code is dependant upon ipa_cmd. We are going to need to have a more > flexible scheme for specifying whether we want a success, an semantic failure, > or an RPC failure from each call. I think the sampledata scheme that we > have thus far will get us started, but I think maybe it is time to > start teasing apart concerns for the various objects. > > I'd like to make ipa_cmd and object instead of just a flat function > call. The API should be something like: Constructor takes the > success, error, and failure callbacks, object name, and method. The > execute method takes the params and args. +1 on converting ipa_cmd into a class, but I have a sligtly different suggestion on the class interface: IPA class: - IPA(path, type): Construct IPA object given a path to server's JSON-RPC or static files. - success(): Default success handler. - error(): Default error handler. - failure(): Default failure handler. - execute(methodName, params, options, [success], [error], [failure]): Execute a method with optional handlers. The methodName should include the object name. For the Web UI we could create a global IPA object that points to JSON-RPC or sample data based on the current URL. The IPA object can be reused, each entity only needs to invoke the execute() method and provides necessary handlers. For each test we could create IPA object that points to specific test data. > The various Entities will have the logic for how to create their own > IPA Commands. Search, details, and the other UI pieces will take a > Command object as one of the constructor params. Thus, the first focus of > the unit testing framework will be to test the UI pieces. > > One place where JavaScript is weak is in enforcing design by contract. > We need to use JUnit to catch for us the places where the contract is > or is no met. I'm not sure how we can catch things like > "The details object has changed its API from 'exec' to 'execute' > > but we are still calling exec" > and catch it in Unit tests. We might be able to call alert() in the old interface. Once the test is completed without any errors we could remove the old interface. > I suspect that what we will find is that > much of the callback logic defined in the various structures will get > extracted out to helper classes instead. > > What I've found working in C, Java, and C++ is that a good Inversion > of Control approach greatly improves reuse and maintainability of your > project. I am still working out how to apply the concept to > Javascript. As far as scopes go, I figure we pretty much have two: > application and hashchange. Our eneity files are pretty much the > configuration for the system. As such, we want to minimize the > behaviour defined in them. A function should be defined in an entity > file only if it truly is a one time deal. Even then, they should be a > s small as possible, really to pull together two aspects from the rest > of the system: wiring things up. -- Endi S. Dewata From ayoung at redhat.com Mon Sep 13 17:36:30 2010 From: ayoung at redhat.com (Adam Young) Date: Mon, 13 Sep 2010 13:36:30 -0400 Subject: [Freeipa-devel] QUnit and unit testing In-Reply-To: <1955264466.1996191284396669197.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <1955264466.1996191284396669197.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C8E611E.3050206@redhat.com> On 09/13/2010 12:51 PM, Endi Sukma Dewata wrote: > ----- "Adam Young" wrote: > > >> I've started playing around with QUnit. I think it is the right too >> for Unit testing in q JQuery based application. >> >> One thing that has become clear pretty quickly is that most of our >> code is dependant upon ipa_cmd. We are going to need to have a more >> flexible scheme for specifying whether we want a success, an semantic failure, >> or an RPC failure from each call. I think the sampledata scheme that we >> have thus far will get us started, but I think maybe it is time to >> start teasing apart concerns for the various objects. >> >> I'd like to make ipa_cmd and object instead of just a flat function >> call. The API should be something like: Constructor takes the >> success, error, and failure callbacks, object name, and method. The >> execute method takes the params and args. >> > +1 on converting ipa_cmd into a class, but I have a sligtly different > suggestion on the class interface: > > IPA class: > - IPA(path, type): Construct IPA object given a path to server's JSON-RPC or > static files. > - success(): Default success handler. > - error(): Default error handler. > - failure(): Default failure handler. > - execute(methodName, params, options, [success], [error], [failure]): > Execute a method with optional handlers. The methodName should include > the object name. > > For the Web UI we could create a global IPA object that points to JSON-RPC > or sample data based on the current URL. The IPA object can be reused, each > entity only needs to invoke the execute() method and provides necessary > handlers. > execute has a lot of parameters. I think I would prefer a simple execute(args, options,caller) It could then be called cmd.execute(args, options,this) The constructor can take a spec like this var cmd = command({entity: e, method:m, succes:s , error: e, failure f}); and then we can check for the presence of each of the parameters. The inline case would be command({entity: e, method:m, succes:s , error: e, failure f}).execute(args, options); caller would be an object that respects the contract { on _error = function(){...} on_success = function(){...} on_failure= function(){...} } With each of these functions being optional. If set, they get called in place of the Command members. The prototype for command should have a default implementation for error, success, and failure. New instance should be created using a clone, with the default as the prototype. > For each test we could create IPA object that points to specific test data. > > >> The various Entities will have the logic for how to create their own >> IPA Commands. Search, details, and the other UI pieces will take a >> Command object as one of the constructor params. Thus, the first focus of >> the unit testing framework will be to test the UI pieces. >> >> One place where JavaScript is weak is in enforcing design by contract. >> We need to use JUnit to catch for us the places where the contract is >> or is no met. I'm not sure how we can catch things like >> "The details object has changed its API from 'exec' to 'execute' >> >> but we are still calling exec" >> and catch it in Unit tests. >> > We might be able to call alert() in the old interface. Once the test > is completed without any errors we could remove the old interface. > > >> I suspect that what we will find is that >> much of the callback logic defined in the various structures will get >> extracted out to helper classes instead. >> >> What I've found working in C, Java, and C++ is that a good Inversion >> of Control approach greatly improves reuse and maintainability of your >> project. I am still working out how to apply the concept to >> Javascript. As far as scopes go, I figure we pretty much have two: >> application and hashchange. Our eneity files are pretty much the >> configuration for the system. As such, we want to minimize the >> behaviour defined in them. A function should be defined in an entity >> file only if it truly is a one time deal. Even then, they should be a >> s small as possible, really to pull together two aspects from the rest >> of the system: wiring things up. >> > -- > Endi S. Dewata > From edewata at redhat.com Mon Sep 13 18:44:26 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Mon, 13 Sep 2010 14:44:26 -0400 (EDT) Subject: [Freeipa-devel] QUnit and unit testing In-Reply-To: <143878210.2008331284402387701.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <522981784.2011211284403466041.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> ----- "Adam Young" wrote: > > IPA class: > > - IPA(path, type): Construct IPA object given a path to server's JSON-RPC or > > static files. > > - success(): Default success handler. > > - error(): Default error handler. > > - failure(): Default failure handler. > > - execute(methodName, params, options, [success], [error], [failure]): > > Execute a method with optional handlers. The methodName should include > > the object name. > > For the Web UI we could create a global IPA object that points to JSON-RPC > > or sample data based on the current URL. The IPA object can be reused, each > > entity only needs to invoke the execute() method and provides necessary > > handlers. This class could still be used in addition to your class below to provide global settings for the entire application or test suite. For example we can implement a default handler for insufficient access error. > execute has a lot of parameters. I think I would prefer a simple > execute(args, options,caller) > It could then be called > cmd.execute(args, options,this) > > The constructor can take a spec like this > var cmd = command({entity: e, method:m, succes:s , error: e, > failure f}); > > and then we can check for the presence of each of the parameters. > > The inline case would be > command({entity: e, method:m, succes:s , error: e, failure > f}).execute(args, options); I guess this class probably can be called IPACommand or something like that. This class could be instantiated by invoking createCommand() in the above IPA class. I'd ask though that the entity & method be combined into a single parameter. This is just in case in the future we will have a command that doesn't have an associated entity. > caller would be an object that respects the contract > { > on _error = function(){...} > on_success = function(){...} > on_failure= function(){...} > } > > With each of these functions being optional. If set, they get called > in place of the Command members. I'm not sure about this, there's a potential of conflict if the caller wants to use several different IPA commands. > The prototype for command should have a default implementation for > error, success, and failure. New instance should be created using a > clone, with the default as the prototype. I'd rather override the default function with a custom one as needed. So in the application initialization we could do this: var ipa; if (window.location.protocol == "file:") { ipa = new IPA("sampledata", IPA_JSON_FOLDER); } else { ipa = new IPA("/ipa/json", IPA_JSON_RPC); } ipa.error = function() { if (insufficient access) { do something } } In the entity initialization we could do this: var addCmd = ipa.createCommand("user-add"); addCmd.success = function() {...}; addCmd.error = function() {...}; In the button handler we could do this: addCmd.execute(params, options); Just my $.02. Thanks. -- Endi S. Dewata From edewata at redhat.com Mon Sep 13 19:18:16 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Mon, 13 Sep 2010 15:18:16 -0400 (EDT) Subject: [Freeipa-devel] QUnit and unit testing In-Reply-To: <857025456.2014761284405475144.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <2027206315.2014781284405496924.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> ----- "Endi Sukma Dewata" wrote: > var addCmd = ipa.createCommand("user-add"); The createCommand() could be implemented like this: ipa.createCommand = function(method) { return new IPACommand(this, method); } The QUnit test could be implemented like this: test("test01", function() { var ipa = new IPA("test/test01", IPA_JSON_FOLDER); ... do something ... ok(true, "PASSED"); }); -- Endi S. Dewata From edewata at redhat.com Mon Sep 13 19:33:59 2010 From: edewata at redhat.com (Endi Sukma Dewata) Date: Mon, 13 Sep 2010 15:33:59 -0400 (EDT) Subject: [Freeipa-devel] Proposed Javascript coding standards In-Reply-To: <89041718.2016371284406363669.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <1873717260.2016601284406439808.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Hi Adam, ----- "Adam Young" wrote: > https://fedorahosted.org/freeipa/wiki/Javascript_Coding_Standards Whitespace: Do we put a space in function definition between the () and {}? function(){...} vs. function() {...} Or does it matter? Compound statement: This is probably Python syntax. if foo == 'blah': do_blah_thing() Comments: Should use // or /* ... */ instead of #. Thanks! -- Endi S. Dewata > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From ayoung at redhat.com Mon Sep 13 19:44:42 2010 From: ayoung at redhat.com (Adam Young) Date: Mon, 13 Sep 2010 15:44:42 -0400 Subject: [Freeipa-devel] QUnit and unit testing In-Reply-To: <522981784.2011211284403466041.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <522981784.2011211284403466041.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C8E7F2A.9040209@redhat.com> On 09/13/2010 02:44 PM, Endi Sukma Dewata wrote: > ----- "Adam Young" wrote: > >>> IPA class: >>> - IPA(path, type): Construct IPA object given a path to server's JSON-RPC or >>> static files. >>> - success(): Default success handler. >>> - error(): Default error handler. >>> - failure(): Default failure handler. >>> - execute(methodName, params, options, [success], [error], [failure]): >>> Execute a method with optional handlers. The methodName should include >>> the object name. >>> > >>> For the Web UI we could create a global IPA object that points to JSON-RPC >>> or sample data based on the current URL. The IPA object can be reused, each >>> entity only needs to invoke the execute() method and provides necessary >>> handlers. >>> > This class could still be used in addition to your class below to provide > global settings for the entire application or test suite. For example we can > implement a default handler for insufficient access error. > > >> execute has a lot of parameters. I think I would prefer a simple >> execute(args, options,caller) >> It could then be called >> cmd.execute(args, options,this) >> >> The constructor can take a spec like this >> var cmd = command({entity: e, method:m, succes:s , error: e, >> failure f}); >> >> and then we can check for the presence of each of the parameters. >> >> The inline case would be >> command({entity: e, method:m, succes:s , error: e, failure >> f}).execute(args, options); >> > I guess this class probably can be called IPACommand or something like > that. This class could be instantiated by invoking createCommand() > in the above IPA class. I'd ask though that the entity& method be > combined into a single parameter. This is just in case in the future > we will have a command that doesn't have an associated entity. > We'll keep the current logic which is that entity is only appended to the method if it is set, otherwise, use method as is. There are no classes in JavaScript, just objects. Either we create it through new Command(){...} or using the functional approach var addUserComand = command(){ that = {}; ...; return that ;} There is a lot to recommend the second approach. > >> caller would be an object that respects the contract >> { >> on _error = function(){...} >> on_success = function(){...} >> on_failure= function(){...} >> } >> >> With each of these functions being optional. If set, they get called >> in place of the Command members. >> > I'm not sure about this, there's a potential of conflict if the caller > wants to use several different IPA commands. > Should not be too hard in the case where one caller wants to have multiple commands to write a simple adapter that calls the appropriate methods on the caller, or to split the caller along appropriate lines. > >> The prototype for command should have a default implementation for >> error, success, and failure. New instance should be created using a >> clone, with the default as the prototype. >> > I'd rather override the default function with a custom one as needed. > > So in the application initialization we could do this: > var ipa; > if (window.location.protocol == "file:") { > ipa = new IPA("sampledata", IPA_JSON_FOLDER); > } else { > ipa = new IPA("/ipa/json", IPA_JSON_RPC); > } > ipa.error = function() { > if (insufficient access) { > do something > } > } > > In the entity initialization we could do this: > var addCmd = ipa.createCommand("user-add"); > addCmd.success = function() {...}; > addCmd.error = function() {...}; > There is a slightly better way to do this. A trick from Javascript: the good parts: Object.beget = function(o){ ar F = function(){ F.prototype = o; return new F(); }; Bascially a clone function, which set up the prototype, and thus the default behavior. Then, we have a Default command object: IPA.command = function(){ var that = {}; execute(args, params){ //pretty much the same logic we have now; } function set_error(on_error){ this.error = error; return this; } function set_success(on_success){ this.success = on_success; return this; } function set_failure(on_fail){ this.success = on_fail; return this; } function clone(){ return Object.beget(that); } //THis is the public interface that.execute = execute; that.set_failure = set_error; that.set_success = set_error; that.set_error= set_error; return that; } TO make new command that over rides just the success method: IPA.command.clone(). set_success(funcion(){...}); Over ride sucess and failure: IPA.command.clone(). set_success(function(){...}). set_failure(function(){...}); > In the button handler we could do this: > addCmd.execute(params, options); > > Just my $.02. Thanks. > > -- > Endi S. Dewata > From pzuna at redhat.com Mon Sep 13 19:48:38 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Mon, 13 Sep 2010 21:48:38 +0200 Subject: [Freeipa-devel] [PATCH] Big webUI patch. Message-ID: <4C8E8016.6080900@redhat.com> very simplified summary: - introduce jQuery UI and jQuery BBQ libraries to the project - code restructuring There are so many changes, there's no place to list them here. See freeipa-devel list: "webUI code restructuring [wall of text, diagrams, ... you have been warned!]" on 2010-09-07. This is the first shot. The patch is gigantic. I'll try to integrate Endi's service patch(es) into the new code tomorrow. I didn't manage to do it today and it's getting a bit late, sorry. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: pzuna-freeipa-0022-BIG.patch Type: application/mbox Size: 363093 bytes Desc: not available URL: From ayoung at redhat.com Mon Sep 13 19:53:56 2010 From: ayoung at redhat.com (Adam Young) Date: Mon, 13 Sep 2010 15:53:56 -0400 Subject: [Freeipa-devel] Proposed Javascript coding standards In-Reply-To: <1873717260.2016601284406439808.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> References: <1873717260.2016601284406439808.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com> Message-ID: <4C8E8154.7050502@redhat.com> On 09/13/2010 03:33 PM, Endi Sukma Dewata wrote: > Hi Adam, > > ----- "Adam Young" wrote: > >> https://fedorahosted.org/freeipa/wiki/Javascript_Coding_Standards >> > Whitespace: Do we put a space in function definition between the () and {}? > function(){...} > vs. > function() {...} > Or does it matter? > I say lets go with the first. > Compound statement: This is probably Python syntax. > if foo == 'blah': > do_blah_thing() > Fixed. Thanks > Comments: Should use // or /* ... */ instead of #. > Yep. Also, we should only use // to comment out lines, as a regex can casue premature end of comment-out. /* .... */ will be reserved for documenting comments > Thanks! > > -- > Endi S. Dewata > > >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel >> From ayoung at redhat.com Mon Sep 13 20:24:41 2010 From: ayoung at redhat.com (Adam Young) Date: Mon, 13 Sep 2010 16:24:41 -0400 Subject: [Freeipa-devel] [PATCH] Big webUI patch. In-Reply-To: <4C8E8016.6080900@redhat.com> References: <4C8E8016.6080900@redhat.com> Message-ID: <4C8E8889.60605@redhat.com> On 09/13/2010 03:48 PM, Pavel Z?na wrote: > very simplified summary: > - introduce jQuery UI and jQuery BBQ libraries to the project > - code restructuring > > There are so many changes, there's no place to list them here. > > See freeipa-devel list: > "webUI code restructuring [wall of text, diagrams, ... you have been > warned!]" on 2010-09-07. > > > This is the first shot. The patch is gigantic. I'll try to integrate > Endi's service patch(es) into the new code tomorrow. I didn't manage > to do it today and it's getting a bit late, sorry. > > Pavel Here is a version of the patch that should apply. I've removed the reference to services.js and made a couple other minor tweaks, including making the sampledata work again. -------------- next part -------------- A non-text attachment was scrubbed... Name: pzuna-freeipa-0022-2-BIG.patch Type: text/x-patch Size: 355586 bytes Desc: not available URL: From ssorce at redhat.com Mon Sep 13 20:49:42 2010 From: ssorce at redhat.com (Simo Sorce) Date: Mon, 13 Sep 2010 16:49:42 -0400 Subject: [Freeipa-devel] Proposed Javascript coding standards In-Reply-To: <4C8E46F5.5050001@redhat.com> References: <4C8E46F5.5050001@redhat.com> Message-ID: <20100913164942.760a5548@willson.li.ssimo.org> On Mon, 13 Sep 2010 11:44:53 -0400 Adam Young wrote: > I've updated the page. Bascially, I took the python coding standards > and aaplied them to our code. THis seems to be the path of least > resistance. > > People used to Camel case will have to get used to underscores > > People used to putting underscores before private variables will go > through withdrawal > > There is something here for everyone to learn. > > Please review and provide feedback. > > https://fedorahosted.org/freeipa/wiki/Javascript_Coding_Standards The examples of "More than one space around an assignment (or other) operator to align it with another. " are undistinguishable from each other, I guess using 
 in the markup around examples would be
useful :-)

I am not sure about:
    Between a function declaration and the opening brace:

        yes: function(){...} no: function() {...}


In C code we have a policy of never opening the brace on the function
declaration line, ie:
	function(arg) {
is bad while we recommend
	function(arg)
	{

Does this work for javascript ?

We also forbid putting more than one statement on the same line, but I
saw examples where you did do_one() do_two() do_three() on the same
line after a parens close ... was that intended or is it a
wiki formatting issue ?

We also banned C++ style comments in C code, /* */ is preferred and
should never be added on the same line of code but only on the previous
line.

The rest seems reasonable to me.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



From ayoung at redhat.com  Mon Sep 13 21:02:19 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 13 Sep 2010 17:02:19 -0400
Subject: [Freeipa-devel] Proposed Javascript coding standards
In-Reply-To: <20100913164942.760a5548@willson.li.ssimo.org>
References: <4C8E46F5.5050001@redhat.com>
	<20100913164942.760a5548@willson.li.ssimo.org>
Message-ID: <4C8E915B.9010300@redhat.com>

On 09/13/2010 04:49 PM, Simo Sorce wrote:
> On Mon, 13 Sep 2010 11:44:53 -0400
> Adam Young  wrote:
>
>    
>> I've updated the page.  Bascially, I took the python coding standards
>> and aaplied them to our code.  THis seems to be the path of least
>> resistance.
>>
>> People used to Camel case will have to get used to underscores
>>
>> People used to putting underscores before private variables will go
>> through withdrawal
>>
>> There is something here for everyone to learn.
>>
>> Please review and provide feedback.
>>
>> https://fedorahosted.org/freeipa/wiki/Javascript_Coding_Standards
>>      
> The examples of "More than one space around an assignment (or other)
> operator to align it with another. " are undistinguishable from each
> other, I guess using
  in the markup around examples would be
> useful :-)
>
> I am not sure about:
>      Between a function declaration and the opening brace:
>
>          yes: function(){...} no: function() {...}
>
>
> In C code we have a policy of never opening the brace on the function
> declaration line, ie:
> 	function(arg) {
> is bad while we recommend
> 	function(arg)
> 	{
>
> Does this work for javascript ?
>    

The is a really nasty bug that the "same line" policy avoids.  
Javascript often attempts to guess where you meant to put semicolons, 
and puts the in for you, without telling you.

return
{
     status: true;
};


actually returns undefined.  I fully acknowledge that this is brain 
dead.  There are some really brain-dead "features" in JavaScript.

It is easier to be consistent here, hence the rule "always put it on the 
opening statement line.


> We also forbid putting more than one statement on the same line, but I
> saw examples where you did do_one() do_two() do_three() on the same
> line after a parens close ... was that intended or is it a
> wiki formatting issue ?
>    

Either formatting issues or just there as part of emphasising a 
different aspect.  Putting more that one statment on a line is against 
the convention.  I'll try to clean up the examples.

> We also banned C++ style comments in C code, /* */ is preferred and
> should never be added on the same line of code but only on the previous
> line.
>    

I'm OK with that rule.  C++ style comments are only to be used for 
commenting out code, which probably shouldn't get checked in anyway.


> The rest seems reasonable to me.
>
> Simo.
>
>    



From ssorce at redhat.com  Mon Sep 13 21:46:39 2010
From: ssorce at redhat.com (Simo Sorce)
Date: Mon, 13 Sep 2010 17:46:39 -0400
Subject: [Freeipa-devel] Proposed Javascript coding standards
In-Reply-To: <4C8E915B.9010300@redhat.com>
References: <4C8E46F5.5050001@redhat.com>
	<20100913164942.760a5548@willson.li.ssimo.org>
	<4C8E915B.9010300@redhat.com>
Message-ID: <20100913174639.1ea4ccdc@willson.li.ssimo.org>

On Mon, 13 Sep 2010 17:02:19 -0400
Adam Young  wrote:
 
> The is a really nasty bug that the "same line" policy avoids.  
> Javascript often attempts to guess where you meant to put semicolons, 
> and puts the in for you, without telling you.
> 
> return
> {
>      status: true;
> };
> 
> 
> actually returns undefined.  I fully acknowledge that this is brain 
> dead.  There are some really brain-dead "features" in JavaScript.
> 
> It is easier to be consistent here, hence the rule "always put it on
> the opening statement line.

Ok, in that case please note the rationale in the coding style.
Also though in that case I think function() { (with the space) is
better than function(){, unless the sapce is what causes javascript to
put in the automatic ';'. If that's the case I hate it :)

> > We also banned C++ style comments in C code, /* */ is preferred and
> > should never be added on the same line of code but only on the
> > previous line.
> >    
> 
> I'm OK with that rule.  C++ style comments are only to be used for 
> commenting out code, which probably shouldn't get checked in anyway.

Given space matters in javascript I say that the git history is where
you put unused code, not in comments :)

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



From ayoung at redhat.com  Tue Sep 14 00:02:31 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 13 Sep 2010 20:02:31 -0400
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C8E8889.60605@redhat.com>
References: <4C8E8016.6080900@redhat.com> <4C8E8889.60605@redhat.com>
Message-ID: <4C8EBB97.4040809@redhat.com>

On 09/13/2010 04:24 PM, Adam Young wrote:
> On 09/13/2010 03:48 PM, Pavel Z?na wrote:
>> very simplified summary:
>> - introduce jQuery UI and jQuery BBQ libraries to the project
>> - code restructuring
>>
>> There are so many changes, there's no place to list them here.
>>
>> See freeipa-devel list:
>> "webUI code restructuring [wall of text, diagrams, ... you have been 
>> warned!]" on 2010-09-07.
>>
>>
>> This is the first shot. The patch is gigantic. I'll try to integrate 
>> Endi's service patch(es) into the new code tomorrow. I didn't manage 
>> to do it today and it's getting a bit late, sorry.
>>
>> Pavel
>
> Here is a version of the patch that should apply.  I've removed the 
> reference to services.js and made a couple other minor tweaks, 
> including making the sampledata work again.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Please use the non minimized versions, and only include the jquery files 
we care about: at a minimum jquery.ui.core, modal, and tabs, probably a 
fe more.  We'll check those in in their own commit, and this patch can 
shrink down to just our code.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Tue Sep 14 02:24:50 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 13 Sep 2010 22:24:50 -0400
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C8EBB97.4040809@redhat.com>
References: <4C8E8016.6080900@redhat.com> <4C8E8889.60605@redhat.com>
	<4C8EBB97.4040809@redhat.com>
Message-ID: <4C8EDCF2.6080206@redhat.com>

Feedback:


First of all, let me say that this is a tremendous effort.  I'm 
impressed.  Lots of good work here.

Don't include the full state of the application, just the current tab.  
The URL gets too long, and the application becomes confused.  When 
transitioning betwen tabs, if you want to keep the state of other tabs, 
save the whole pre hashchange state in a hashtable, keyed on the tab 
name.  It won't be bookmarked, but it will live as long as the user 
doesn't do a reload.

Facets are specific to the entity, not a generalizable list.  The code 
that manages the set of facets should take a list from the entity 
object.  Take a look at how the most recent netgroup.js file manages them:

this.setup = function(facet){
         
if (this[facet]){
             
this[facet].setup();
         }else{
             
this.unspecified.setup();
         }
     }

But we also maintain an array:   
this.facets = ["details","users","groups","hosts","hostgroups"];

(I've removed the assign factets, as they are going to be modals 
just like 'add' is for 'details')

This is one place where JavaScript falls down.  We should be able to 
enumerate through the property names of the object, but JavaScript 
enumeration does not honor order.

The CSS is broken and needs to be redone for:
     toplevel tabs
     subtabs
     facets
     list tables

As you mentioned, we need to add services back in.

I get an error on an undefined variable  associationsList.  Need to hunt 
that code down and remove it.


In navigation.js

      I'm not a fan of the template approach.  I prefer the $jquery way, 
as it at least validates the nodes.  Please replace code like


var _nav_li_tab_template = '
  • N
    • ';

function nav_insert_tab_li(jobj, id, name)
{
     jobj.append(_nav_li_tab_template.replace('I', id).replace('N', name));
}


with $("
  • " {
html = $("",{
     id=id,
     href=name
}




Don't prepend functions with ipa_ or nav_.  We should not be creating 
new global variables.  Instead, create a single global var ipa= {};

And then the global variables and functions go under that as:

ipa.entity={
     search_list: {};

     set_search_definition: function(obj_name, data)
     {
         search_list[obj_name] = data;
     }

     function tab_on_click(obj)
     {
         var jobj = $(this);
         var state = {};
         var id = jobj.closest('.tabs').attr('id');
         var index = jobj.parent().prevAll().length;

         state[id] = index;
         $.bbq.pushState(state);
     }

}

functions like tab_on_click that you want to be local should not be 
exposed in the public interface, just leave them like this and the other 
members of ipa.entity have access to them, but nothing else.


Don't repeat long parameter lists.  Create a spec object, and pass it in 
to the functions.  thus:

function nav_create(nls, container, tabclass)

becomes
/ *spec must have nls, container, tabclass*/
function nav_create(spec);

Then it can be called

nav_create({nls : blah, container : that, tabclass: "tabclass"});

Ideally this is done for factories and Constructors.


webui.js has the javascript function that kicks off all of the loigic, 
but it might get executed too early.  It gets executed when the webui.js 
file is parsed, which might be before the index.xhtml file is fully 
loaded.  It doesn't seem to be a problem, but one way to make sure is to 
put it at the end of the index.xhtml file, or to put an onload event 
hander lin the index.xhtml file that then calls the code in 
webui.xhtml.  It is OK to start JS processing prior to the load of the 
main page, so long as it doesn't modify the dom of the main page.  I 
suspect that the reason this works so far is  because of the additional 
json calls for init and for whoami.

Again, delegate the code of the form "if (facet)..." to the tab  object, 
just like the setup code above.

add.js: Add/ Add Edit should be Add and Edit /Add and Add Another.  The 
logic looks OK, just the labels are off, I think

associate.js : The H1 tag is rendereing both above and below the 
enrollments.

We should change obj_name to entity, but not in this patch.

groups.js:  f_posix should probably be if_posix










-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Tue Sep 14 13:22:24 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 14 Sep 2010 09:22:24 -0400
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C8EDCF2.6080206@redhat.com>
References: <4C8E8016.6080900@redhat.com>
	<4C8E8889.60605@redhat.com>	<4C8EBB97.4040809@redhat.com>
	<4C8EDCF2.6080206@redhat.com>
Message-ID: <4C8F7710.2090204@redhat.com>

Of all this feedback, the only things I consider necessary prior to a 
checkin are:

CSS
Facet list

Everything else can wait, I just wanted to get the full analysis recorded.



On 09/13/2010 10:24 PM, Adam Young wrote:
> Feedback:
>
>
> First of all, let me say that this is a tremendous effort.  I'm 
> impressed.  Lots of good work here.
>
> Don't include the full state of the application, just the current 
> tab.  The URL gets too long, and the application becomes confused.  
> When transitioning betwen tabs, if you want to keep the state of other 
> tabs, save the whole pre hashchange state in a hashtable, keyed on the 
> tab name.  It won't be bookmarked, but it will live as long as the 
> user doesn't do a reload.
>
> Facets are specific to the entity, not a generalizable list.  The code 
> that manages the set of facets should take a list from the entity 
> object.  Take a look at how the most recent netgroup.js file manages them:
>
> this.setup = function(facet){
>          
> if (this[facet]){
>              
> this[facet].setup();
>          }else{
>              
> this.unspecified.setup();
>          }
>      }
>
> But we also maintain an array:   
> this.facets = ["details","users","groups","hosts","hostgroups"];
>
> (I've removed the assign factets, as they are going to be 
> modals just like 'add' is for 'details')
>
> This is one place where JavaScript falls down.  We should be able to 
> enumerate through the property names of the object, but JavaScript 
> enumeration does not honor order.
>
> The CSS is broken and needs to be redone for:
>     toplevel tabs
>     subtabs
>     facets
>     list tables
>
> As you mentioned, we need to add services back in.
>
> I get an error on an undefined variable  associationsList.  Need to 
> hunt that code down and remove it.
>
>
> In navigation.js
>
>      I'm not a fan of the template approach.  I prefer the $jquery 
> way, as it at least validates the nodes.  Please replace code like
>
>
> var _nav_li_tab_template = '
  • N
    • ';
>
> function nav_insert_tab_li(jobj, id, name)
> {
>     jobj.append(_nav_li_tab_template.replace('I', id).replace('N', name));
> }
>
>
> with $("
  • " {
> html = $("",{
>     id=id,
>     href=name
> }
>
>
>
>
> Don't prepend functions with ipa_ or nav_.  We should not be creating 
> new global variables.  Instead, create a single global var ipa= {};
>
> And then the global variables and functions go under that as:
>
> ipa.entity={
>     search_list: {};
>
>     set_search_definition: function(obj_name, data)
>     {
>         search_list[obj_name] = data;
>     }
>
>     function tab_on_click(obj)
>     {
>         var jobj = $(this);
>         var state = {};
>         var id = jobj.closest('.tabs').attr('id');
>         var index = jobj.parent().prevAll().length;
>
>         state[id] = index;
>         $.bbq.pushState(state);
>     }
>
> }
>
> functions like tab_on_click that you want to be local should not be 
> exposed in the public interface, just leave them like this and the 
> other members of ipa.entity have access to them, but nothing else.
>
>
> Don't repeat long parameter lists.  Create a spec object, and pass it 
> in to the functions.  thus:
>
> function nav_create(nls, container, tabclass)
>
> becomes
> / *spec must have nls, container, tabclass*/
> function nav_create(spec);
>
> Then it can be called
>
> nav_create({nls : blah, container : that, tabclass: "tabclass"});
>
> Ideally this is done for factories and Constructors.
>
>
> webui.js has the javascript function that kicks off all of the loigic, 
> but it might get executed too early.  It gets executed when the 
> webui.js file is parsed, which might be before the index.xhtml file is 
> fully loaded.  It doesn't seem to be a problem, but one way to make 
> sure is to put it at the end of the index.xhtml file, or to put an 
> onload event hander lin the index.xhtml file that then calls the code 
> in webui.xhtml.  It is OK to start JS processing prior to the load of 
> the main page, so long as it doesn't modify the dom of the main page.  
> I suspect that the reason this works so far is  because of the 
> additional json calls for init and for whoami.
>
> Again, delegate the code of the form "if (facet)..." to the tab  
> object, just like the setup code above.
>
> add.js: Add/ Add Edit should be Add and Edit /Add and Add Another.  
> The logic looks OK, just the labels are off, I think
>
> associate.js : The H1 tag is rendereing both above and below the 
> enrollments.
>
> We should change obj_name to entity, but not in this patch.
>
> groups.js:  f_posix should probably be if_posix
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From pzuna at redhat.com  Tue Sep 14 14:52:54 2010
From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=)
Date: Tue, 14 Sep 2010 16:52:54 +0200
Subject: [Freeipa-devel] Proposed Javascript coding standards
In-Reply-To: <20100913174639.1ea4ccdc@willson.li.ssimo.org>
References: <4C8E46F5.5050001@redhat.com>	<20100913164942.760a5548@willson.li.ssimo.org>	<4C8E915B.9010300@redhat.com>
	<20100913174639.1ea4ccdc@willson.li.ssimo.org>
Message-ID: <4C8F8C46.9090903@redhat.com>

On 2010-09-13 23:46, Simo Sorce wrote:
> On Mon, 13 Sep 2010 17:02:19 -0400
> Adam Young  wrote:
>
>> The is a really nasty bug that the "same line" policy avoids.
>> Javascript often attempts to guess where you meant to put semicolons,
>> and puts the in for you, without telling you.
>>
>> return
>> {
>>       status: true;
>> };
>>
>>
>> actually returns undefined.  I fully acknowledge that this is brain
>> dead.  There are some really brain-dead "features" in JavaScript.
>>
>> It is easier to be consistent here, hence the rule "always put it on
>> the opening statement line.
>
> Ok, in that case please note the rationale in the coding style.
> Also though in that case I think function() { (with the space) is
> better than function(){, unless the sapce is what causes javascript to
> put in the automatic ';'. If that's the case I hate it :)
>

For functions I also prefer:
func()
{
}
but only use it for file scope (thus global) functions in Javascript.

For nested functions and every other compound statement:
func() {
}

I wouldn't mind switching to the second variant for everything for 
consistency.

>>> We also banned C++ style comments in C code, /* */ is preferred and
>>> should never be added on the same line of code but only on the
>>> previous line.
>>>
>>
>> I'm OK with that rule.  C++ style comments are only to be used for
>> commenting out code, which probably shouldn't get checked in anyway.
>
> Given space matters in javascript I say that the git history is where
> you put unused code, not in comments :)
>
> Simo.
>

I don't like the 'spec' object to be used instead of naming each 
variable separately for parameter lists of functions. I think it's very 
artificial. I do agree, that being able to do this:

function some_func(spec) {
    return (spec.param1 + spec.param2);
}

var some_var = some_func({'param1': 'value1', 'param2': 'value2'})

is nice, but it makes the code less readable. You can't tell directly 
what parameters the function takes.

The rest is almost 100% compatible with my coding style, so naturally I 
agree. :D

Pavel



From edewata at redhat.com  Tue Sep 14 16:49:23 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Tue, 14 Sep 2010 12:49:23 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0023-user-whoami.patch
In-Reply-To: <2146166983.2106941284482689326.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1876290203.2107301284482963640.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> user whoami
>      Added a whoami option to the user, allows the user to query their
> own information based on their Kerberos principal
> https://fedorahosted.org/freeipa/attachment/ticket/47/admiyo-freeipa-0023-user-whoami.patch
> 
> This will be used to return the users principal and rolegroups.
> 
> Test with :
> 
> curl   -H "Content-Type:application/json"          -H 
> "Accept:applicaton/json" -H "Accept-Language:es"        --negotiate -u
> 
> :          --cacert /etc/ipa/ca.crt           -d  
> '{"method:"user_find","params":[[],{ "all":true,"whoami":"True" } 
> ],"id":0}'          -X POST       http://127.0.0.1:8888/ipa/json
> 
> as well as
> ipa user-find --whoami --all

ACK, but as we discussed there's an existing bug with the whoami operation
which causes it to fetch the wrong principal:

[root at dev scripts]# kdestroy
[root at dev scripts]# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
[root at dev scripts]# kinit edewata
Password for edewata at DEV.EXAMPLE.COM:
[root at dev scripts]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: edewata at DEV.EXAMPLE.COM

Valid starting     Expires            Service principal
09/14/10 14:42:02  09/15/10 14:41:59  krbtgt/DEV.EXAMPLE.COM at DEV.EXAMPLE.COM
[root at dev scripts]# ipa user-find --whoami
--------------
1 user matched
--------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  Groups: admins
  Rolegroups: replicaadmin
  Taskgroups: managereplica, deletereplica
----------------------------
Number of entries returned 1
----------------------------
[root at dev scripts]# ipa user-find --whoami
--------------
1 user matched
--------------
  User login: edewata
  First name: Endi
  Last name: Dewata
  Home directory: /home/edewata
  Login shell: /bin/sh
  Groups: ipausers
----------------------------
Number of entries returned 1
----------------------------

--
Endi S. Dewata



From ayoung at redhat.com  Tue Sep 14 17:59:12 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 14 Sep 2010 13:59:12 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0023-user-whoami.patch
In-Reply-To: <1876290203.2107301284482963640.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1876290203.2107301284482963640.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C8FB7F0.7020506@redhat.com>

On 09/14/2010 12:49 PM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> user whoami
>>       Added a whoami option to the user, allows the user to query their
>> own information based on their Kerberos principal
>> https://fedorahosted.org/freeipa/attachment/ticket/47/admiyo-freeipa-0023-user-whoami.patch
>>
>> This will be used to return the users principal and rolegroups.
>>
>> Test with :
>>
>> curl   -H "Content-Type:application/json"          -H
>> "Accept:applicaton/json" -H "Accept-Language:es"        --negotiate -u
>>
>> :          --cacert /etc/ipa/ca.crt           -d
>> '{"method:"user_find","params":[[],{ "all":true,"whoami":"True" }
>> ],"id":0}'          -X POST       http://127.0.0.1:8888/ipa/json
>>
>> as well as
>> ipa user-find --whoami --all
>>      
> ACK, but as we discussed there's an existing bug with the whoami operation
> which causes it to fetch the wrong principal:
>
> [root at dev scripts]# kdestroy
> [root at dev scripts]# klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
> [root at dev scripts]# kinit edewata
> Password for edewata at DEV.EXAMPLE.COM:
> [root at dev scripts]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: edewata at DEV.EXAMPLE.COM
>
> Valid starting     Expires            Service principal
> 09/14/10 14:42:02  09/15/10 14:41:59  krbtgt/DEV.EXAMPLE.COM at DEV.EXAMPLE.COM
> [root at dev scripts]# ipa user-find --whoami
> --------------
> 1 user matched
> --------------
>    User login: admin
>    Last name: Administrator
>    Home directory: /home/admin
>    Login shell: /bin/bash
>    Groups: admins
>    Rolegroups: replicaadmin
>    Taskgroups: managereplica, deletereplica
> ----------------------------
> Number of entries returned 1
> ----------------------------
> [root at dev scripts]# ipa user-find --whoami
> --------------
> 1 user matched
> --------------
>    User login: edewata
>    First name: Endi
>    Last name: Dewata
>    Home directory: /home/edewata
>    Login shell: /bin/sh
>    Groups: ipausers
> ----------------------------
> Number of entries returned 1
> ----------------------------
>
> --
> Endi S. Dewata
>    
pushed to master



From ayoung at redhat.com  Tue Sep 14 21:49:05 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 14 Sep 2010 17:49:05 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0024-user-whoami.patch
In-Reply-To: <4C8ADB6D.9060809@redhat.com>
References: <4C8ADB6D.9060809@redhat.com>
Message-ID: <4C8FEDD1.5060203@redhat.com>

  admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a 
missing return statement.  It has been reverted.  Here is the corrected one.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0024-user-whoami.patch
Type: text/x-patch
Size: 1337 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Tue Sep 14 21:57:11 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 14 Sep 2010 17:57:11 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0024-user-whoami.patch
In-Reply-To: <4C8FEDD1.5060203@redhat.com>
References: <4C8ADB6D.9060809@redhat.com> <4C8FEDD1.5060203@redhat.com>
Message-ID: <4C8FEFB7.70305@redhat.com>

Adam Young wrote:
> admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a
> missing return statement. It has been reverted. Here is the corrected one.

NACK.

I think you want to use false for options.get:
   if options.get('whoami', False):

Otherwise it will always return the whoami version.

I'm not sure which is most efficient when building a string but it is 
easier to read the filter this way IMHO:

     return "(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
        util.get_current_principal()

rob



From rcritten at redhat.com  Tue Sep 14 22:27:28 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 14 Sep 2010 18:27:28 -0400
Subject: [Freeipa-devel] [PATCH] 528 make some hbac options mutually
	exclusive
Message-ID: <4C8FF6D0.8000906@redhat.com>

If an HBAC category is 'all' don't allow individual objects to be added.

Basically, make 'all' mutually exclusive. This makes debugging lots 
easier. If say usercat='all' there is no point adding specific users to 
the rule because it will always apply to everyone.

ticket 164

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-528-hbac.patch
Type: text/x-patch
Size: 9282 bytes
Desc: not available
URL: 

From edewata at redhat.com  Tue Sep 14 22:45:23 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Tue, 14 Sep 2010 18:45:23 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Adding quick links in user and group search
	results.
In-Reply-To: <1548190047.2142491284504299184.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1767929381.2142511284504323961.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

Please review the attached patch. This patch requires pzuna-freeipa-0022-2-BIG.patch.

Should we create a branch in the main repository for this redesign? I
think we will need to make a number of changes before we could merge
this to master. Once the redesigned code is the same level as the old
one we could merge it back to master.

Thanks!

Patch description:

The render_call() signature has been modified to pass the entry_attrs
so each callback function can construct the appropriate quick links
using any attributes from the search results.

The callback function has been implemented for user and group entities.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0003-Adding-quick-links-in-user-and-group-search-results.patch
Type: text/x-patch
Size: 5082 bytes
Desc: not available
URL: 

From admin at transifex.net  Wed Sep 15 00:01:35 2010
From: admin at transifex.net (admin at transifex.net)
Date: Wed, 15 Sep 2010 00:01:35 -0000
Subject: [Freeipa-devel] [www.transifex.net] Team Creation Requested: French
Message-ID: <20100915000135.1931.91254@web1.transifex.net>

Hello freeipa, this is Transifex at http://www.transifex.net.

A translation team for 'French' has been required to the 'FreeIPA' project.

Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/teams/ in order to manage the teams of the project.

Always at your service.

--
Transifex -- Open Translation Platform

To change your notification settings, please visit your profile page at http://www.transifex.net/notices/.



From dpal at redhat.com  Wed Sep 15 00:42:11 2010
From: dpal at redhat.com (Dmitri Pal)
Date: Tue, 14 Sep 2010 20:42:11 -0400
Subject: [Freeipa-devel] [PATCH] 528 make some hbac options
	mutually	exclusive
In-Reply-To: <4C8FF6D0.8000906@redhat.com>
References: <4C8FF6D0.8000906@redhat.com>
Message-ID: <4C901663.8010603@redhat.com>

Rob Crittenden wrote:
> If an HBAC category is 'all' don't allow individual objects to be added.
>
> Basically, make 'all' mutually exclusive. This makes debugging lots
> easier. If say usercat='all' there is no point adding specific users
> to the rule because it will always apply to everyone.
>
> ticket 164
>
>

Comparison to 'all' should be case insensitive.
I do not know Python syntax but from general experience I assume it is a
NACK.

> rob
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



From ayoung at redhat.com  Wed Sep 15 01:27:17 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 14 Sep 2010 21:27:17 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0024-user-whoami.patch
In-Reply-To: <4C8FEFB7.70305@redhat.com>
References: <4C8ADB6D.9060809@redhat.com> <4C8FEDD1.5060203@redhat.com>
	<4C8FEFB7.70305@redhat.com>
Message-ID: <4C9020F5.9000205@redhat.com>

On 09/14/2010 05:57 PM, Rob Crittenden wrote:
> Adam Young wrote:
>> admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a
>> missing return statement. It has been reverted. Here is the corrected 
>> one.
>
> NACK.
>
> I think you want to use false for options.get:
>   if options.get('whoami', False):
>
> Otherwise it will always return the whoami version.

Doesn't seem to be working that way.

If I kinit as kfrog:

ipa user-find pdawn
--------------
1 user matched
--------------
   User login: pdawn
   First name: Prairie
   Last name: Dawn
   Home directory: /home/pdawn
   Login shell: /bin/sh
   Groups: ipausers, muppets
----------------------------
Number of entries returned 1

[ayoung at ipa ~]$ ipa user-find
---------------
7 users matched
---------------
...

>
> I'm not sure which is most efficient when building a string but it is 
> easier to read the filter this way IMHO:
>
>     return "(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
>        util.get_current_principal()

If you still NACK after the previous comment, I'll do the printf style.


>
> rob



From ayoung at redhat.com  Wed Sep 15 01:44:22 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 14 Sep 2010 21:44:22 -0400
Subject: [Freeipa-devel] [PATCH] Adding quick links in user and group
 search	results.
In-Reply-To: <1767929381.2142511284504323961.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1767929381.2142511284504323961.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C9024F6.7050801@redhat.com>

On 09/14/2010 06:45 PM, Endi Sukma Dewata wrote:
> Hi,
>
> Please review the attached patch. This patch requires pzuna-freeipa-0022-2-BIG.patch.
>
> Should we create a branch in the main repository for this redesign? I
> think we will need to make a number of changes before we could merge
> this to master. Once the redesigned code is the same level as the old
> one we could merge it back to master.
>
> Thanks!
>
> Patch description:
>
> The render_call() signature has been modified to pass the entry_attrs
> so each callback function can construct the appropriate quick links
> using any attributes from the search results.
>
> The callback function has been implemented for user and group entities.
>
> --
> Endi S. Dewata
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

ACK, but change the Column heading to Quick Links first
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From admin at transifex.net  Wed Sep 15 11:46:57 2010
From: admin at transifex.net (admin at transifex.net)
Date: Wed, 15 Sep 2010 11:46:57 -0000
Subject: [Freeipa-devel] [www.transifex.net] New Team Added: French
Message-ID: <20100915114657.31979.98049@web1.transifex.net>

Hello freeipa, this is Transifex at http://www.transifex.net.

A new translation team called 'French' has been added to the 'FreeIPA' project.

Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/fr/ in order to see this new team.

Always at your service.

--
Transifex -- Open Translation Platform

To change your notification settings, please visit your profile page at http://www.transifex.net/notices/.



From pzuna at redhat.com  Wed Sep 15 12:46:44 2010
From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=)
Date: Wed, 15 Sep 2010 14:46:44 +0200
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C8F7710.2090204@redhat.com>
References: <4C8E8016.6080900@redhat.com>	<4C8E8889.60605@redhat.com>	<4C8EBB97.4040809@redhat.com>	<4C8EDCF2.6080206@redhat.com>
	<4C8F7710.2090204@redhat.com>
Message-ID: <4C90C034.4050303@redhat.com>

Re-based version of the patch attached, that should apply on the current 
master. It doesn't have the Javascript library files (BBQ, jQ-UI). This 
makes the patch a lot smaller and easier to process.

I'm going to post another patch that does nothing, but adds the library 
files.

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pzuna-freeipa-0022-3-BIG.patch
Type: application/mbox
Size: 119591 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Wed Sep 15 13:24:39 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 15 Sep 2010 09:24:39 -0400
Subject: [Freeipa-devel] [PATCH] 528 make some hbac options
	mutually	exclusive
In-Reply-To: <4C901663.8010603@redhat.com>
References: <4C8FF6D0.8000906@redhat.com> <4C901663.8010603@redhat.com>
Message-ID: <4C90C917.60604@redhat.com>

Dmitri Pal wrote:
> Rob Crittenden wrote:
>> If an HBAC category is 'all' don't allow individual objects to be added.
>>
>> Basically, make 'all' mutually exclusive. This makes debugging lots
>> easier. If say usercat='all' there is no point adding specific users
>> to the rule because it will always apply to everyone.
>>
>> ticket 164
>>
>>
>
> Comparison to 'all' should be case insensitive.
> I do not know Python syntax but from general experience I assume it is a
> NACK.
>

Using our tools the only available option is lower-case 'all':

$ ipa hbac-add test --usercat=ALL --type=allow
ipa: ERROR: invalid 'usercategory': must be one of (u'all',)

In any case, better to be robust. Updated patch attached.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-528-2-hbac.patch
Type: text/x-patch
Size: 9347 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Wed Sep 15 13:41:30 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 15 Sep 2010 09:41:30 -0400
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C90C034.4050303@redhat.com>
References: <4C8E8016.6080900@redhat.com>	<4C8E8889.60605@redhat.com>	<4C8EBB97.4040809@redhat.com>	<4C8EDCF2.6080206@redhat.com>
	<4C8F7710.2090204@redhat.com> <4C90C034.4050303@redhat.com>
Message-ID: <4C90CD0A.60507@redhat.com>

On 09/15/2010 08:46 AM, Pavel Z?na wrote:
> Re-based version of the patch attached, that should apply on the 
> current master. It doesn't have the Javascript library files (BBQ, 
> jQ-UI). This makes the patch a lot smaller and easier to process.
>
> I'm going to post another patch that does nothing, but adds the 
> library files.
>
> Pavel


Things to add to the to do list before this can go in:

Netgroups is missing most of their associations
netgroup_show.json has unmerged changes.  We should revert to the 
version in the top of tree
You have removed the author from several files and replaced it with only 
your own.


I posted the diff:


https://fedorahosted.org/freeipa/attachment/ticket/41/pzuna-freeipa-0022-3-BIG.patch



From rcritten at redhat.com  Wed Sep 15 13:42:20 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 15 Sep 2010 09:42:20 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0024-user-whoami.patch
In-Reply-To: <4C9020F5.9000205@redhat.com>
References: <4C8ADB6D.9060809@redhat.com> <4C8FEDD1.5060203@redhat.com>
	<4C8FEFB7.70305@redhat.com> <4C9020F5.9000205@redhat.com>
Message-ID: <4C90CD3C.2020402@redhat.com>

Adam Young wrote:
> On 09/14/2010 05:57 PM, Rob Crittenden wrote:
>> Adam Young wrote:
>>> admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a
>>> missing return statement. It has been reverted. Here is the corrected
>>> one.
>>
>> NACK.
>>
>> I think you want to use false for options.get:
>> if options.get('whoami', False):
>>
>> Otherwise it will always return the whoami version.
>
> Doesn't seem to be working that way.
>
> If I kinit as kfrog:
>
> ipa user-find pdawn
> --------------
> 1 user matched
> --------------
> User login: pdawn
> First name: Prairie
> Last name: Dawn
> Home directory: /home/pdawn
> Login shell: /bin/sh
> Groups: ipausers, muppets
> ----------------------------
> Number of entries returned 1
>
> [ayoung at ipa ~]$ ipa user-find
> ---------------
> 7 users matched
> ---------------
> ...
>

You're relying on the fact that the CLI always includes whoami in the 
options list. If whoami isn't sent it will default to True and return 
the wrong thing.

>>
>> I'm not sure which is most efficient when building a string but it is
>> easier to read the filter this way IMHO:
>>
>> return "(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
>> util.get_current_principal()
>
> If you still NACK after the previous comment, I'll do the printf style.
>
>
>>
>> rob
>

rob



From ayoung at redhat.com  Wed Sep 15 15:31:24 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 15 Sep 2010 11:31:24 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0024-user-whoami.patch
In-Reply-To: <4C90CD3C.2020402@redhat.com>
References: <4C8ADB6D.9060809@redhat.com> <4C8FEDD1.5060203@redhat.com>
	<4C8FEFB7.70305@redhat.com> <4C9020F5.9000205@redhat.com>
	<4C90CD3C.2020402@redhat.com>
Message-ID: <4C90E6CC.8030606@redhat.com>

On 09/15/2010 09:42 AM, Rob Crittenden wrote:
> Adam Young wrote:
>> On 09/14/2010 05:57 PM, Rob Crittenden wrote:
>>> Adam Young wrote:
>>>> admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a
>>>> missing return statement. It has been reverted. Here is the corrected
>>>> one.
>>>
>>> NACK.
>>>
>>> I think you want to use false for options.get:
>>> if options.get('whoami', False):
>>>
>>> Otherwise it will always return the whoami version.
>>
>> Doesn't seem to be working that way.
>>
>> If I kinit as kfrog:
>>
>> ipa user-find pdawn
>> --------------
>> 1 user matched
>> --------------
>> User login: pdawn
>> First name: Prairie
>> Last name: Dawn
>> Home directory: /home/pdawn
>> Login shell: /bin/sh
>> Groups: ipausers, muppets
>> ----------------------------
>> Number of entries returned 1
>>
>> [ayoung at ipa ~]$ ipa user-find
>> ---------------
>> 7 users matched
>> ---------------
>> ...
>>
>
> You're relying on the fact that the CLI always includes whoami in the 
> options list. If whoami isn't sent it will default to True and return 
> the wrong thing.
Setting it to false does not work:

[root at ipa ~]# ipa user-find --whoami
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------

>
>>>
>>> I'm not sure which is most efficient when building a string but it is
>>> easier to read the filter this way IMHO:
>>>
>>> return "(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
>>> util.get_current_principal()
>>
>> If you still NACK after the previous comment, I'll do the printf style.
>>
>>
>>>
>>> rob
>>
>
> rob



From dpal at redhat.com  Wed Sep 15 16:02:09 2010
From: dpal at redhat.com (Dmitri Pal)
Date: Wed, 15 Sep 2010 12:02:09 -0400
Subject: [Freeipa-devel] [PATCH] 2. Enabling SUDO support
In-Reply-To: <4C893E12.3000001@redhat.com>
References: <4C884B0B.3030200@redhat.com> <4C893E12.3000001@redhat.com>
Message-ID: <4C90EE01.8030102@redhat.com>

Rob Crittenden wrote:
> Dmitri Pal wrote:
>> See patch comment for more details.
>>
>
> ACK with these exceptions:
>
> I made a few minor changes in the ldif syntax:
> - remove blank lines
> - add missing dn: cn=schema
> - move SYNTAX to just before X-ORIGIN in hostMask
>
> I also fixed the SUDO service group entry, it was missing the
> ipauniqueid attribute.
>
> If these changes are ok then I can go ahead and push this.
>
> rob

I reviewed the changes.
ACK.

> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



From ayoung at redhat.com  Wed Sep 15 16:21:57 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 15 Sep 2010 12:21:57 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0024-user-whoami.patch
In-Reply-To: <4C90E6CC.8030606@redhat.com>
References: <4C8ADB6D.9060809@redhat.com>
	<4C8FEDD1.5060203@redhat.com>	<4C8FEFB7.70305@redhat.com>
	<4C9020F5.9000205@redhat.com>	<4C90CD3C.2020402@redhat.com>
	<4C90E6CC.8030606@redhat.com>
Message-ID: <4C90F2A5.6040309@redhat.com>

On 09/15/2010 11:31 AM, Adam Young wrote:
> On 09/15/2010 09:42 AM, Rob Crittenden wrote:
>> Adam Young wrote:
>>> On 09/14/2010 05:57 PM, Rob Crittenden wrote:
>>>> Adam Young wrote:
>>>>> admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a
>>>>> missing return statement. It has been reverted. Here is the corrected
>>>>> one.
>>>>
>>>> NACK.
>>>>
>>>> I think you want to use false for options.get:
>>>> if options.get('whoami', False):
>>>>
>>>> Otherwise it will always return the whoami version.
>>>
>>> Doesn't seem to be working that way.
>>>
>>> If I kinit as kfrog:
>>>
>>> ipa user-find pdawn
>>> --------------
>>> 1 user matched
>>> --------------
>>> User login: pdawn
>>> First name: Prairie
>>> Last name: Dawn
>>> Home directory: /home/pdawn
>>> Login shell: /bin/sh
>>> Groups: ipausers, muppets
>>> ----------------------------
>>> Number of entries returned 1
>>>
>>> [ayoung at ipa ~]$ ipa user-find
>>> ---------------
>>> 7 users matched
>>> ---------------
>>> ...
>>>
>>
>> You're relying on the fact that the CLI always includes whoami in the 
>> options list. If whoami isn't sent it will default to True and return 
>> the wrong thing.
> Setting it to false does not work:
>
> [root at ipa ~]# ipa user-find --whoami
> ---------------
> 0 users matched
> ---------------
> ----------------------------
> Number of entries returned 0
> ----------------------------
>
>>
>>>>
>>>> I'm not sure which is most efficient when building a string but it is
>>>> easier to read the filter this way IMHO:
>>>>
>>>> return "(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
>>>> util.get_current_principal()
>>>
>>> If you still NACK after the previous comment, I'll do the printf style.
>>>
>>>
>>>>
>>>> rob
>>>
>>
>> rob
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Fixed.  Problem was a typo in the filter.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0024-2-user-whoami.patch
Type: text/x-patch
Size: 1394 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Wed Sep 15 17:23:43 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 15 Sep 2010 13:23:43 -0400
Subject: [Freeipa-devel] [PATCH] 529 ipaUniqueId enforcement
Message-ID: <4C91011F.4080108@redhat.com>

Enforce that ipaUniqueId is a unique attribute via the DS uniqueness 
plugin and prevent updates to the attribute once it is written.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-529-unique.patch
Type: text/x-patch
Size: 5830 bytes
Desc: not available
URL: 

From edewata at redhat.com  Wed Sep 15 17:48:14 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Wed, 15 Sep 2010 13:48:14 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Adding quick links in user and group
 search	results.
In-Reply-To: <29337022.2224451284572832077.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1885894465.2224491284572894924.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> ACK, but change the Column heading to Quick Links first

OK, fixed. Thanks.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0003-2-Adding-quick-links-in-user-and-group-search-results.patch
Type: text/x-patch
Size: 5114 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Wed Sep 15 18:14:41 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 15 Sep 2010 14:14:41 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0024-user-whoami.patch
In-Reply-To: <4C90F2A5.6040309@redhat.com>
References: <4C8ADB6D.9060809@redhat.com>	<4C8FEDD1.5060203@redhat.com>	<4C8FEFB7.70305@redhat.com>	<4C9020F5.9000205@redhat.com>	<4C90CD3C.2020402@redhat.com>	<4C90E6CC.8030606@redhat.com>
	<4C90F2A5.6040309@redhat.com>
Message-ID: <4C910D11.8060703@redhat.com>

Adam Young wrote:
> On 09/15/2010 11:31 AM, Adam Young wrote:
>> On 09/15/2010 09:42 AM, Rob Crittenden wrote:
>>> Adam Young wrote:
>>>> On 09/14/2010 05:57 PM, Rob Crittenden wrote:
>>>>> Adam Young wrote:
>>>>>> admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a
>>>>>> missing return statement. It has been reverted. Here is the corrected
>>>>>> one.
>>>>>
>>>>> NACK.
>>>>>
>>>>> I think you want to use false for options.get:
>>>>> if options.get('whoami', False):
>>>>>
>>>>> Otherwise it will always return the whoami version.
>>>>
>>>> Doesn't seem to be working that way.
>>>>
>>>> If I kinit as kfrog:
>>>>
>>>> ipa user-find pdawn
>>>> --------------
>>>> 1 user matched
>>>> --------------
>>>> User login: pdawn
>>>> First name: Prairie
>>>> Last name: Dawn
>>>> Home directory: /home/pdawn
>>>> Login shell: /bin/sh
>>>> Groups: ipausers, muppets
>>>> ----------------------------
>>>> Number of entries returned 1
>>>>
>>>> [ayoung at ipa ~]$ ipa user-find
>>>> ---------------
>>>> 7 users matched
>>>> ---------------
>>>> ...
>>>>
>>>
>>> You're relying on the fact that the CLI always includes whoami in the
>>> options list. If whoami isn't sent it will default to True and return
>>> the wrong thing.
>> Setting it to false does not work:
>>
>> [root at ipa ~]# ipa user-find --whoami
>> ---------------
>> 0 users matched
>> ---------------
>> ----------------------------
>> Number of entries returned 0
>> ----------------------------
>>
>>>
>>>>>
>>>>> I'm not sure which is most efficient when building a string but it is
>>>>> easier to read the filter this way IMHO:
>>>>>
>>>>> return "(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
>>>>> util.get_current_principal()
>>>>
>>>> If you still NACK after the previous comment, I'll do the printf style.
>>>>
>>>>
>>>>>
>>>>> rob
>>>>
>>>
>>> rob
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> Fixed. Problem was a typo in the filter.

ack



From ayoung at redhat.com  Wed Sep 15 19:04:06 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 15 Sep 2010 15:04:06 -0400
Subject: [Freeipa-devel] [PATCH] Adding quick links in user and group
 search	results.
In-Reply-To: <1885894465.2224491284572894924.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1885894465.2224491284572894924.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C9118A6.2060403@redhat.com>

On 09/15/2010 01:48 PM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> ACK, but change the Column heading to Quick Links first
>>      
> OK, fixed. Thanks.
>
> --
> Endi S. Dewata
>    


I've pushed my version of Pavel's patch to my Fedora people repo:  THe 
branch is called tabs-modal and the patch is commit 
de85ed06855a2a5b17b4d80bae9445eb3fec6275.  Note that I havea bunch of 
other work in that branch as well, but it should not affect you, and you 
don't want those commits.

Please fetch this, cherry pick just that commit, and then add your 
commit on top of it, and push to a branch your repo.  We'll start to 
craft the end state of the patch as a group.

I expect to see an updated patch from Pavel shortly, with the JQuery 
assets in it.  Once we get that, we can rebase our work on top of that 
patch and the one he sent out earlier today.



From ayoung at redhat.com  Wed Sep 15 19:05:27 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 15 Sep 2010 15:05:27 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0024-user-whoami.patch
In-Reply-To: <4C910D11.8060703@redhat.com>
References: <4C8ADB6D.9060809@redhat.com>	<4C8FEDD1.5060203@redhat.com>	<4C8FEFB7.70305@redhat.com>	<4C9020F5.9000205@redhat.com>	<4C90CD3C.2020402@redhat.com>	<4C90E6CC.8030606@redhat.com>
	<4C90F2A5.6040309@redhat.com> <4C910D11.8060703@redhat.com>
Message-ID: <4C9118F7.70903@redhat.com>

On 09/15/2010 02:14 PM, Rob Crittenden wrote:
> Adam Young wrote:
>> On 09/15/2010 11:31 AM, Adam Young wrote:
>>> On 09/15/2010 09:42 AM, Rob Crittenden wrote:
>>>> Adam Young wrote:
>>>>> On 09/14/2010 05:57 PM, Rob Crittenden wrote:
>>>>>> Adam Young wrote:
>>>>>>> admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a
>>>>>>> missing return statement. It has been reverted. Here is the 
>>>>>>> corrected
>>>>>>> one.
>>>>>>
>>>>>> NACK.
>>>>>>
>>>>>> I think you want to use false for options.get:
>>>>>> if options.get('whoami', False):
>>>>>>
>>>>>> Otherwise it will always return the whoami version.
>>>>>
>>>>> Doesn't seem to be working that way.
>>>>>
>>>>> If I kinit as kfrog:
>>>>>
>>>>> ipa user-find pdawn
>>>>> --------------
>>>>> 1 user matched
>>>>> --------------
>>>>> User login: pdawn
>>>>> First name: Prairie
>>>>> Last name: Dawn
>>>>> Home directory: /home/pdawn
>>>>> Login shell: /bin/sh
>>>>> Groups: ipausers, muppets
>>>>> ----------------------------
>>>>> Number of entries returned 1
>>>>>
>>>>> [ayoung at ipa ~]$ ipa user-find
>>>>> ---------------
>>>>> 7 users matched
>>>>> ---------------
>>>>> ...
>>>>>
>>>>
>>>> You're relying on the fact that the CLI always includes whoami in the
>>>> options list. If whoami isn't sent it will default to True and return
>>>> the wrong thing.
>>> Setting it to false does not work:
>>>
>>> [root at ipa ~]# ipa user-find --whoami
>>> ---------------
>>> 0 users matched
>>> ---------------
>>> ----------------------------
>>> Number of entries returned 0
>>> ----------------------------
>>>
>>>>
>>>>>>
>>>>>> I'm not sure which is most efficient when building a string but 
>>>>>> it is
>>>>>> easier to read the filter this way IMHO:
>>>>>>
>>>>>> return "(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
>>>>>> util.get_current_principal()
>>>>>
>>>>> If you still NACK after the previous comment, I'll do the printf 
>>>>> style.
>>>>>
>>>>>
>>>>>>
>>>>>> rob
>>>>>
>>>>
>>>> rob
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> Fixed. Problem was a typo in the filter.
>
> ack
Pushed to master



From pzuna at redhat.com  Thu Sep 16 10:53:21 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Thu, 16 Sep 2010 12:53:21 +0200
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C90CD0A.60507@redhat.com>
References: <4C8E8016.6080900@redhat.com>	<4C8E8889.60605@redhat.com>	<4C8EBB97.4040809@redhat.com>	<4C8EDCF2.6080206@redhat.com>
	<4C8F7710.2090204@redhat.com> <4C90C034.4050303@redhat.com>
	<4C90CD0A.60507@redhat.com>
Message-ID: <4C91F721.1020902@redhat.com>

On 09/15/2010 03:41 PM, Adam Young wrote:
> On 09/15/2010 08:46 AM, Pavel Z?na wrote:
>> Re-based version of the patch attached, that should apply on the
>> current master. It doesn't have the Javascript library files (BBQ,
>> jQ-UI). This makes the patch a lot smaller and easier to process.
>>
>> I'm going to post another patch that does nothing, but adds the
>> library files.
>>
>> Pavel
>
>
> Things to add to the to do list before this can go in:
>
> Netgroups is missing most of their associations
Fixed.

The menu leading to associations was only generated using the 'memberof' 
attribute. Now it uses all attributes in LDAPObject.attribute_members.

> netgroup_show.json has unmerged changes. We should revert to the version
> in the top of tree
Fixed.

netgroup_show.json changes got in by mistake.

> You have removed the author from several files and replaced it with only
> your own.

Only in two files were it made sense:
1) add.js, because I had to rewrite it from scratch completely.
2) details.js, because I started on a reverted version, that didn't have your 
changes (and name) yet. The changes I'm talking about were the addition of 
DetailsForm function, about 20 lines of code (out of witch 10 were copy pasted 
from somewhere else).

I added you as the author on search.js even though it's also pretty much a 
complete rewrite, but I felt that it was based on your ideas. I also didn't 
touch authorship info on associations even though I made more or less
significant changes to it.

I just acted naturally without thinking about it when adding the file headers. 
If you think it's unfair and I forgot to mention you or Endi somewhere, I'm 
sorry and we can fix it no prob.

>
> I posted the diff:
>
>
> https://fedorahosted.org/freeipa/attachment/ticket/41/pzuna-freeipa-0022-3-BIG.patch
>

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pzuna-freeipa-0022-4-BIG.patch
Type: text/x-patch
Size: 108059 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Thu Sep 16 13:20:49 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 16 Sep 2010 09:20:49 -0400
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C91F721.1020902@redhat.com>
References: <4C8E8016.6080900@redhat.com>	<4C8E8889.60605@redhat.com>	<4C8EBB97.4040809@redhat.com>	<4C8EDCF2.6080206@redhat.com>
	<4C8F7710.2090204@redhat.com> <4C90C034.4050303@redhat.com>
	<4C90CD0A.60507@redhat.com> <4C91F721.1020902@redhat.com>
Message-ID: <4C9219B1.8020100@redhat.com>

On 09/16/2010 06:53 AM, Pavel Zuna wrote:
> On 09/15/2010 03:41 PM, Adam Young wrote:
>> On 09/15/2010 08:46 AM, Pavel Z?na wrote:
>>> Re-based version of the patch attached, that should apply on the
>>> current master. It doesn't have the Javascript library files (BBQ,
>>> jQ-UI). This makes the patch a lot smaller and easier to process.
>>>
>>> I'm going to post another patch that does nothing, but adds the
>>> library files.
>>>
>>> Pavel
>>
>>
>> Things to add to the to do list before this can go in:
>>
>> Netgroups is missing most of their associations
> Fixed.
>
> The menu leading to associations was only generated using the 
> 'memberof' attribute. Now it uses all attributes in 
> LDAPObject.attribute_members.


Ha:  You probably just made things both easier and harder in a single 
stroke.  Easier for implementing new associations, but harder in that 
many of the existing associations had strange rules.  We also have 
several associations that we hadn't implemented yes, like the 
association between users and roles, as we don't have roles.  We'll need 
a way to hide stuff until we work out the kinks.  Endi, take note.


>
>> netgroup_show.json has unmerged changes. We should revert to the version
>> in the top of tree
> Fixed.
>
> netgroup_show.json changes got in by mistake.
>
>> You have removed the author from several files and replaced it with only
>> your own.
>
> Only in two files were it made sense:
> 1) add.js, because I had to rewrite it from scratch completely.
> 2) details.js, because I started on a reverted version, that didn't 
> have your changes (and name) yet. The changes I'm talking about were 
> the addition of DetailsForm function, about 20 lines of code (out of 
> witch 10 were copy pasted from somewhere else).
>
> I added you as the author on search.js even though it's also pretty 
> much a complete rewrite, but I felt that it was based on your ideas. I 
> also didn't touch authorship info on associations even though I made 
> more or less
> significant changes to it.
>
> I just acted naturally without thinking about it when adding the file 
> headers. If you think it's unfair and I forgot to mention you or Endi 
> somewhere, I'm sorry and we can fix it no prob.

No problem.

You should feel comfortable adding your name as an author to 
associations.  You've made significant contributions there.

Details is pretty much your work, so I feel comfortable letting you take 
complete bla^H^H^Hownership.  I suspect that if we look really closely 
at add.js, we can incorperate it into details, as it really should be a 
minor variation in functionality.  Long term, it would be a logical 
pattern to have  add and edit for things in the same file.  We already 
do that with associations.

The ones that were a refactoring of our work should still contain us as 
authors.  I think that is goingto be a fairly common pattern moving 
forward:  as we get better and better understand of stuff, we should 
feel comfortable simplifying the implementations.  Most refactorings can 
be automated (at least in som languages) and don't constitute a major 
change in the conceptual underpinnings.  Just like when the the US 
version of Harry POtter comes out, and they CHange "Jumper" to "Sweater" 
and "Garden" to "Back-yard."   I don't want to make anyone wary of 
making necessary changes due to authorship issues.  Once someone's name 
goes on a file as author, we should leave it there unless there are 
legal reasons to remove it.


You have a good point that you make in the comments about the use of 
stuff from seearch.js inside of associations.   PLaces where we come up 
with our own UI patterns should get pulled out into JQuery plugins, 
especially in the case where they get reused.  The file search.js  is 
really the union of two distinct things:  a business object for querying 
the server for lists of things based on a filter, and a results table.  
Moving forward, we might want to split it along these fault lines, and 
then the logic for binding them together goes into the webui.js file.






>
>>
>> I posted the diff:
>>
>>
>> https://fedorahosted.org/freeipa/attachment/ticket/41/pzuna-freeipa-0022-3-BIG.patch 
>>

New Diff posted here 
https://fedorahosted.org/freeipa/attachment/ticket/41/pzuna-freeipa-0022-4-BIG.patch
>>
>
> Pavel

Going through the new patch now.  I found one more issue since this 
review:  You need to add new files to Makefile.am in install/static.  
Specifially, entity.js is not there.



From pzuna at redhat.com  Thu Sep 16 15:10:30 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Thu, 16 Sep 2010 17:10:30 +0200
Subject: [Freeipa-devel] [PATCH] Add jQuery UI and jQuery BBQ libraries to
	the project
Message-ID: <4C923366.8000506@redhat.com>

This adds the minimized version - the ones we want to ship to the end user. For 
development you can still use the non-minimized versions just by renaming files 
in your index.

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pzuna-freeipa-0023-libraries.patch
Type: text/x-patch
Size: 209005 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Thu Sep 16 15:31:46 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 16 Sep 2010 11:31:46 -0400
Subject: [Freeipa-devel] [PATCH] 2. Enabling SUDO support
In-Reply-To: <4C90EE01.8030102@redhat.com>
References: <4C884B0B.3030200@redhat.com> <4C893E12.3000001@redhat.com>
	<4C90EE01.8030102@redhat.com>
Message-ID: <4C923862.6030208@redhat.com>

Dmitri Pal wrote:
> Rob Crittenden wrote:
>> Dmitri Pal wrote:
>>> See patch comment for more details.
>>>
>>
>> ACK with these exceptions:
>>
>> I made a few minor changes in the ldif syntax:
>> - remove blank lines
>> - add missing dn: cn=schema
>> - move SYNTAX to just before X-ORIGIN in hostMask
>>
>> I also fixed the SUDO service group entry, it was missing the
>> ipauniqueid attribute.
>>
>> If these changes are ok then I can go ahead and push this.
>>
>> rob
>
> I reviewed the changes.
> ACK.

pushed to master



From rcritten at redhat.com  Thu Sep 16 15:33:51 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 16 Sep 2010 11:33:51 -0400
Subject: [Freeipa-devel] [PATCH] 526 be smarter about checking for bind
 package requirements
In-Reply-To: <4C8ABC9C.7040308@redhat.com>
References: <4C8AA051.4070609@redhat.com> <4C8ABC9C.7040308@redhat.com>
Message-ID: <4C9238DF.3060809@redhat.com>

Adam Young wrote:
> On 09/10/2010 05:17 PM, Rob Crittenden wrote:
>> Show all missing packages when setting up bind, not one at a time.
>>
>> We used to check for these one at a time so you'd run it once and find
>> out you're missing the bind package. Install that and run the
>> installer again and you'd discover you're missing bind-dyndb-ldap.
>>
>> We don't do this with rpm Requires because DNS is an optional component.
>>
>> ticket 140
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Thu Sep 16 15:54:54 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 16 Sep 2010 11:54:54 -0400
Subject: [Freeipa-devel] [PATCH] 527 add --no-host-dns
	option	to	ipa-replica-install
In-Reply-To: <4C8ABC6A.70201@redhat.com>
References: <4C8AA984.7050406@redhat.com> <4C8ABC6A.70201@redhat.com>
Message-ID: <4C923DCE.1030607@redhat.com>

Adam Young wrote:
> On 09/10/2010 05:56 PM, Rob Crittenden wrote:
>> ipa-server-install has a --no-host-dns option but ipa-replica-install
>> didn't. This evens the playing field.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Thu Sep 16 17:23:08 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 16 Sep 2010 13:23:08 -0400
Subject: [Freeipa-devel] [PATCH] 525 remove a few more krbV references
 from	ipa-client
In-Reply-To: <4C8A971F.5070402@redhat.com>
References: <4C8A8FD7.7020209@redhat.com> <4C8A971F.5070402@redhat.com>
Message-ID: <4C92527C.6020801@redhat.com>

Adam Young wrote:
> On 09/10/2010 04:06 PM, Rob Crittenden wrote:
>> +
>> env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
>>
> ACK

I must have pushed this to master and not sent the e-mail follow up, 
it's there.

rob



From rcritten at redhat.com  Thu Sep 16 17:41:48 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 16 Sep 2010 13:41:48 -0400
Subject: [Freeipa-devel] [PATCH] Pushed 1-liner for ipactl
Message-ID: <4C9256DC.6050705@redhat.com>

I was starting the services in the wrong order. The KDC needs to start 
before named. This was causing named to not start because it couldn't 
authenticate to the KDC (which wasn't running).

Pushed as a 1-liner.

rob

diff --git a/install/tools/ipactl b/install/tools/ipactl
index fa86511..596f07f 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -26,7 +26,7 @@ IFS=";"

  # start and stop are basically a reverse of each other
  services_stop="ipa_kpasswd;httpd;krb5kdc;dirsrv;ntpd;named;pki-cad pki-ca"
-services_start="dirsrv;ntpd;named;krb5kdc;ipa_kpasswd;httpd;pki-cad pki-ca"
+services_start="dirsrv;ntpd;krb5kdc;named;ipa_kpasswd;httpd;pki-cad pki-ca"

  function is_running() {
      # $1 = service to check on



From rcritten at redhat.com  Thu Sep 16 17:56:38 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 16 Sep 2010 13:56:38 -0400
Subject: [Freeipa-devel] [PATCH] contributed patch to fix compiling on
	non-Fedora systems
Message-ID: <4C925A56.30909@redhat.com>

I committed the attached patch which addresses some include file 
locations on non-Fedora systems (Gentoo and Ubuntu/Debian).

https://bugzilla.redhat.com/show_bug.cgi?id=633996

Note that we've been allowed to drop the requirement for signing a CLA 
to contribute to the freeIPA project. Let the patches flow...

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: daemons_configure.ac.patch
Type: text/x-patch
Size: 2899 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Thu Sep 16 18:00:20 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 16 Sep 2010 14:00:20 -0400
Subject: [Freeipa-devel] default stance for posix/non-posix groups
Message-ID: <4C925B34.2080705@redhat.com>

When we implemented groups in v2 long ago the default was that new 
groups would be non-POSIX unless specifically requested. It was possible 
to convert a non-POSIX group to POSIX later (but not the other way around).

The SSSD guys have asked that this be reversed, that the default stance 
by all groups are POSIX unless otherwise requested.

Any objectsion?

rob



From ayoung at redhat.com  Thu Sep 16 18:27:10 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 16 Sep 2010 14:27:10 -0400
Subject: [Freeipa-devel] default stance for posix/non-posix groups
In-Reply-To: <4C925B34.2080705@redhat.com>
References: <4C925B34.2080705@redhat.com>
Message-ID: <4C92617E.6040303@redhat.com>

On 09/16/2010 02:00 PM, Rob Crittenden wrote:
> When we implemented groups in v2 long ago the default was that new 
> groups would be non-POSIX unless specifically requested. It was 
> possible to convert a non-POSIX group to POSIX later (but not the 
> other way around).
>
> The SSSD guys have asked that this be reversed, that the default 
> stance by all groups are POSIX unless otherwise requested.
>
> Any objectsion?
>
> rob
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel



I support this request.  Least surprise and all that.  What was the 
argument for them being non-posix by default?



From ayoung at redhat.com  Thu Sep 16 18:32:08 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 16 Sep 2010 14:32:08 -0400
Subject: [Freeipa-devel] bbq-tabs-modal
Message-ID: <4C9262A8.6010805@redhat.com>

I've pushed Pavel's changes to my repo.  The branch is bbq-tabs-modal



In order to get it to build, you need to modify Makefile.am.  I pushed a 
commit for that:


you should be able to get it with:

git fetch admiyo
git cherry-pick a9b3b5aaeeb82222a8ab7ade02bba9feb4051987



From dpal at redhat.com  Thu Sep 16 21:19:45 2010
From: dpal at redhat.com (Dmitri Pal)
Date: Thu, 16 Sep 2010 17:19:45 -0400
Subject: [Freeipa-devel] default stance for posix/non-posix groups
In-Reply-To: <4C925B34.2080705@redhat.com>
References: <4C925B34.2080705@redhat.com>
Message-ID: <4C9289F1.1080308@redhat.com>

Rob Crittenden wrote:
> When we implemented groups in v2 long ago the default was that new
> groups would be non-POSIX unless specifically requested. It was
> possible to convert a non-POSIX group to POSIX later (but not the
> other way around).
>
> The SSSD guys have asked that this be reversed, that the default
> stance by all groups are POSIX unless otherwise requested.
>
> Any objectsion?

makes sense

>
> rob
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



From ayoung at redhat.com  Fri Sep 17 14:28:30 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:28:30 -0400
Subject: [Freeipa-devel] A lazy programmer gets tired of git format-patch
Message-ID: <4C937B0E.10803@redhat.com>


Here?s a little ditty I wrote to et patches in the format we use for the 
FreeIPA mailing list:

http://adam.younglogic.com/2010/09/preparing-patches-for-submission-to-the-freeipa-mailing-list/ 



From ayoung at redhat.com  Fri Sep 17 14:32:31 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:32:31 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0025-remove-pagaparams.patch
Message-ID: <4C937BFF.2020209@redhat.com>

Fixes a minor glitch in  pzuna-freeipa-0022-4-BIG which re-introduced 
the  pageparams.js entry into the Makefile.am
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0025-remove-pagaparams.patch
Type: text/x-patch
Size: 647 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 14:33:50 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:33:50 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0026-fixed-formatting-of-search-table.patch
Message-ID: <4C937C4E.6080603@redhat.com>

admiyo-freeipa-0026-fixed-formatting-of-search-table.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0026-fixed-formatting-of-search-table.patch
Type: text/x-patch
Size: 1689 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 14:34:35 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:34:35 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0027-fix-sampledata.patch
Message-ID: <4C937C7B.9030003@redhat.com>

URL needs to be relative, not absolute in order for in tree development

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0027-fix-sampledata.patch
Type: text/x-patch
Size: 716 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 14:35:44 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:35:44 -0400
Subject: [Freeipa-devel] [PATCH] theme
Message-ID: <4C937CC0.9070600@redhat.com>

  Use customized theme and images that is closer to the UX suggested 
look and feel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0028-theme.patch
Type: text/x-patch
Size: 56343 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 14:36:50 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:36:50 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0029-css-tabs-and-facets.patch
Message-ID: <4C937D02.4090401@redhat.com>

css tabs and facets
  includes Makfile changes to get images to deploy


Note that the Makefile changes are undone by a later patch.



From ayoung at redhat.com  Fri Sep 17 14:38:31 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:38:31 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0030-moved-images-up.patch
Message-ID: <4C937D67.3030402@redhat.com>

  moved images up
  Adding an 'images' subdir was proliferating changes throughout the 
build system
  this seemed easier

Submitted as a separate patch to signify where wea re departing from 
what is generated by theme-roller

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0030-moved-images-up.patch
Type: text/x-patch
Size: 93506 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 14:39:18 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:39:18 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0029-css-tabs-and-facets.patch
In-Reply-To: <4C937D02.4090401@redhat.com>
References: <4C937D02.4090401@redhat.com>
Message-ID: <4C937D96.5030906@redhat.com>

On 09/17/2010 10:36 AM, Adam Young wrote:
> css tabs and facets
>  includes Makfile changes to get images to deploy
>
>
> Note that the Makefile changes are undone by a later patch.
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0029-css-tabs-and-facets.patch
Type: text/x-patch
Size: 7125 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 14:41:09 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:41:09 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0031-unbroke-the-facets-link.patch
Message-ID: <4C937E05.6020203@redhat.com>

This has a fix for a previous patch which turned the facets into a 
hortizontal list, but broke the clickability.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0031-unbroke-the-facets-link.patch
Type: text/x-patch
Size: 1588 bytes
Desc: not available
URL: 

From jdennis at redhat.com  Fri Sep 17 14:40:45 2010
From: jdennis at redhat.com (John Dennis)
Date: Fri, 17 Sep 2010 10:40:45 -0400
Subject: [Freeipa-devel] A lazy programmer gets tired of git format-patch
In-Reply-To: <4C937B0E.10803@redhat.com>
References: <4C937B0E.10803@redhat.com>
Message-ID: <4C937DED.3010605@redhat.com>

On 09/17/2010 10:28 AM, Adam Young wrote:
>
> Here?s a little ditty I wrote to et patches in the format we use for the
> FreeIPA mailing list:

Attached is my python script to do something similar. It keeps all the 
patches I've generated in a patch directory, numbers them, sends them as 
a properly formatted email (optional).

-- 
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: format-patch
URL: 

From ayoung at redhat.com  Fri Sep 17 14:42:29 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:42:29 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0032-css-cleanup.patch
Message-ID: <4C937E55.6000909@redhat.com>

Fixes many of the CSS issues introduced by jquery.ui.tabs.  Not all, but 
it looks a lot better
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0032-css-cleanup.patch
Type: text/x-patch
Size: 1856 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 14:43:36 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:43:36 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0033-pointer-cursor-for-facets.patch
Message-ID: <4C937E98.9090904@redhat.com>

Changes the mouse icon for facets to a the pointer, signifying clickability
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0033-pointer-cursor-for-facets.patch
Type: text/x-patch
Size: 554 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 14:57:48 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 10:57:48 -0400
Subject: [Freeipa-devel] A lazy programmer gets tired of git format-patch
In-Reply-To: <4C937DED.3010605@redhat.com>
References: <4C937B0E.10803@redhat.com> <4C937DED.3010605@redhat.com>
Message-ID: <4C9381EC.1040608@redhat.com>

On 09/17/2010 10:40 AM, John Dennis wrote:
> On 09/17/2010 10:28 AM, Adam Young wrote:
>>
>> Here?s a little ditty I wrote to et patches in the format we use for the
>> FreeIPA mailing list:
>
> Attached is my python script to do something similar. It keeps all the 
> patches I've generated in a patch directory, numbers them, sends them 
> as a properly formatted email (optional).
>



Thanks, John.  I'll make it non 'John Dennis Specific' and post online, 
if you don't mind.



From jdennis at redhat.com  Fri Sep 17 15:12:08 2010
From: jdennis at redhat.com (John Dennis)
Date: Fri, 17 Sep 2010 11:12:08 -0400
Subject: [Freeipa-devel] A lazy programmer gets tired of git format-patch
In-Reply-To: <4C9381EC.1040608@redhat.com>
References: <4C937B0E.10803@redhat.com> <4C937DED.3010605@redhat.com>
	<4C9381EC.1040608@redhat.com>
Message-ID: <4C938548.9010003@redhat.com>

On 09/17/2010 10:57 AM, Adam Young wrote:
> On 09/17/2010 10:40 AM, John Dennis wrote:
>> On 09/17/2010 10:28 AM, Adam Young wrote:
>>>
>>> Here?s a little ditty I wrote to et patches in the format we use for the
>>> FreeIPA mailing list:
>>
>> Attached is my python script to do something similar. It keeps all the
>> patches I've generated in a patch directory, numbers them, sends them
>> as a properly formatted email (optional).

> Thanks, John.  I'll make it non 'John Dennis Specific' and post online,
> if you don't mind.

Sure, no problem. I think the only jdennis stuff is in the config table, 
the thinking was someone else could just edit the default config values 
for their private copy. But if you were feeling ambitious maybe it could 
read the config from a .ini file in $HOME using Python's config parser 
module.

Also I noticed a cut-n-paste error in the usage function, the example 
was left over from something else, should be deleted.

-- 
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



From ayoung at redhat.com  Fri Sep 17 15:26:12 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 11:26:12 -0400
Subject: [Freeipa-devel] A lazy programmer gets tired of git format-patch
In-Reply-To: <4C938548.9010003@redhat.com>
References: <4C937B0E.10803@redhat.com> <4C937DED.3010605@redhat.com>
	<4C9381EC.1040608@redhat.com> <4C938548.9010003@redhat.com>
Message-ID: <4C938894.1020805@redhat.com>

On 09/17/2010 11:12 AM, John Dennis wrote:
> On 09/17/2010 10:57 AM, Adam Young wrote:
>> On 09/17/2010 10:40 AM, John Dennis wrote:
>>> On 09/17/2010 10:28 AM, Adam Young wrote:
>>>>
>>>> Here?s a little ditty I wrote to et patches in the format we use 
>>>> for the
>>>> FreeIPA mailing list:
>>>
>>> Attached is my python script to do something similar. It keeps all the
>>> patches I've generated in a patch directory, numbers them, sends them
>>> as a properly formatted email (optional).
>
>> Thanks, John.  I'll make it non 'John Dennis Specific' and post online,
>> if you don't mind.
>
> Sure, no problem. I think the only jdennis stuff is in the config 
> table, the thinking was someone else could just edit the default 
> config values for their private copy. But if you were feeling 
> ambitious maybe it could read the config from a .ini file in $HOME 
> using Python's config parser module.
>
> Also I noticed a cut-n-paste error in the usage function, the example 
> was left over from something else, should be deleted.
>

Think I'll let you hack it, as I am not in Python mode at the moment:

Most of the values should be accessable from git config, or via reading 
the git config file

git config --get user.email

You can get the home directory from $HOME,
$HOME/.gitconfig


So I started playing with thuis, and you can do:

$ git config --add user.patchnum 5
$ git config --get user.patchnum
5







From pzuna at redhat.com  Fri Sep 17 17:27:45 2010
From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=)
Date: Fri, 17 Sep 2010 19:27:45 +0200
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C9219B1.8020100@redhat.com>
References: <4C8E8016.6080900@redhat.com>	<4C8E8889.60605@redhat.com>	<4C8EBB97.4040809@redhat.com>	<4C8EDCF2.6080206@redhat.com>
	<4C8F7710.2090204@redhat.com> <4C90C034.4050303@redhat.com>
	<4C90CD0A.60507@redhat.com> <4C91F721.1020902@redhat.com>
	<4C9219B1.8020100@redhat.com>
Message-ID: <4C93A511.20700@redhat.com>

On 2010-09-16 15:20, Adam Young wrote:
> On 09/16/2010 06:53 AM, Pavel Zuna wrote:
>> On 09/15/2010 03:41 PM, Adam Young wrote:
>>> On 09/15/2010 08:46 AM, Pavel Z?na wrote:
>>>> Re-based version of the patch attached, that should apply on the
>>>> current master. It doesn't have the Javascript library files (BBQ,
>>>> jQ-UI). This makes the patch a lot smaller and easier to process.
>>>>
>>>> I'm going to post another patch that does nothing, but adds the
>>>> library files.
>>>>
>>>> Pavel
>>>
>>>
>>> Things to add to the to do list before this can go in:
>>>
>>> Netgroups is missing most of their associations
>> Fixed.
>>
>> The menu leading to associations was only generated using the
>> 'memberof' attribute. Now it uses all attributes in
>> LDAPObject.attribute_members.
>
>
> Ha: You probably just made things both easier and harder in a single
> stroke. Easier for implementing new associations, but harder in that
> many of the existing associations had strange rules. We also have
> several associations that we hadn't implemented yes, like the
> association between users and roles, as we don't have roles. We'll need
> a way to hide stuff until we work out the kinks. Endi, take note.
>
>
>>
>>> netgroup_show.json has unmerged changes. We should revert to the version
>>> in the top of tree
>> Fixed.
>>
>> netgroup_show.json changes got in by mistake.
>>
>>> You have removed the author from several files and replaced it with only
>>> your own.
>>
>> Only in two files were it made sense:
>> 1) add.js, because I had to rewrite it from scratch completely.
>> 2) details.js, because I started on a reverted version, that didn't
>> have your changes (and name) yet. The changes I'm talking about were
>> the addition of DetailsForm function, about 20 lines of code (out of
>> witch 10 were copy pasted from somewhere else).
>>
>> I added you as the author on search.js even though it's also pretty
>> much a complete rewrite, but I felt that it was based on your ideas. I
>> also didn't touch authorship info on associations even though I made
>> more or less
>> significant changes to it.
>>
>> I just acted naturally without thinking about it when adding the file
>> headers. If you think it's unfair and I forgot to mention you or Endi
>> somewhere, I'm sorry and we can fix it no prob.
>
> No problem.
>
> You should feel comfortable adding your name as an author to
> associations. You've made significant contributions there.
>
> Details is pretty much your work, so I feel comfortable letting you take
> complete bla^H^H^Hownership. I suspect that if we look really closely at
> add.js, we can incorperate it into details, as it really should be a
> minor variation in functionality. Long term, it would be a logical
> pattern to have add and edit for things in the same file. We already do
> that with associations.
>
> The ones that were a refactoring of our work should still contain us as
> authors. I think that is goingto be a fairly common pattern moving
> forward: as we get better and better understand of stuff, we should feel
> comfortable simplifying the implementations. Most refactorings can be
> automated (at least in som languages) and don't constitute a major
> change in the conceptual underpinnings. Just like when the the US
> version of Harry POtter comes out, and they CHange "Jumper" to "Sweater"
> and "Garden" to "Back-yard." I don't want to make anyone wary of making
> necessary changes due to authorship issues. Once someone's name goes on
> a file as author, we should leave it there unless there are legal
> reasons to remove it.
>
>
> You have a good point that you make in the comments about the use of
> stuff from seearch.js inside of associations. PLaces where we come up
> with our own UI patterns should get pulled out into JQuery plugins,
> especially in the case where they get reused. The file search.js is
> really the union of two distinct things: a business object for querying
> the server for lists of things based on a filter, and a results table.
> Moving forward, we might want to split it along these fault lines, and
> then the logic for binding them together goes into the webui.js file.
>
>
>
>
>
>
>>
>>>
>>> I posted the diff:
>>>
>>>
>>> https://fedorahosted.org/freeipa/attachment/ticket/41/pzuna-freeipa-0022-3-BIG.patch
>>>
>
> New Diff posted here
> https://fedorahosted.org/freeipa/attachment/ticket/41/pzuna-freeipa-0022-4-BIG.patch
>
>>>
>>
>> Pavel
>
> Going through the new patch now. I found one more issue since this
> review: You need to add new files to Makefile.am in install/static.
> Specifially, entity.js is not there.
>

Latest version attached.

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pzuna-freeipa-0022-5-BIG.patch
Type: application/mbox
Size: 119053 bytes
Desc: not available
URL: 

From pzuna at redhat.com  Fri Sep 17 17:28:28 2010
From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=)
Date: Fri, 17 Sep 2010 19:28:28 +0200
Subject: [Freeipa-devel] [PATCH] Add jQuery UI and jQuery BBQ libraries
	to the project
In-Reply-To: <4C923366.8000506@redhat.com>
References: <4C923366.8000506@redhat.com>
Message-ID: <4C93A53C.2050703@redhat.com>

On 2010-09-16 17:10, Pavel Zuna wrote:
> This adds the minimized version - the ones we want to ship to the end
> user. For development you can still use the non-minimized versions just
> by renaming files in your index.
>
> Pavel

Latest version attached.

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pzuna-freeipa-0023-2-libraries.patch
Type: application/mbox
Size: 244293 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 18:24:23 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 14:24:23 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0034-Metadata-I18N.patch
Message-ID: <4C93B257.1040007@redhat.com>

Metadata I18N

     Created a clone of the json_metadata plugin called plugin_metadata
     It is identical in all reagards to the json_metadata plugin, except it
     performs the gettext transalation based on the 'language' parameter

     Once this is accepted, the next step is to change over to using 
this plugin,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0034-Metadata-I18N.patch
Type: text/x-patch
Size: 2462 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 18:25:37 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 14:25:37 -0400
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C93A511.20700@redhat.com>
References: <4C8E8016.6080900@redhat.com>	<4C8E8889.60605@redhat.com>	<4C8EBB97.4040809@redhat.com>	<4C8EDCF2.6080206@redhat.com>
	<4C8F7710.2090204@redhat.com> <4C90C034.4050303@redhat.com>
	<4C90CD0A.60507@redhat.com> <4C91F721.1020902@redhat.com>
	<4C9219B1.8020100@redhat.com> <4C93A511.20700@redhat.com>
Message-ID: <4C93B2A1.4050100@redhat.com>

On 09/17/2010 01:27 PM, Pavel Z?na wrote:
> Latest version attached. 
Assuming that this matches wwhat you have in your Git Repo:  ACK, but 
hold until we've got an ACK for all of the follow on patches.



From ayoung at redhat.com  Fri Sep 17 18:27:07 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 14:27:07 -0400
Subject: [Freeipa-devel] [PATCH] Add jQuery UI and jQuery BBQ libraries
	to the project
In-Reply-To: <4C93A53C.2050703@redhat.com>
References: <4C923366.8000506@redhat.com> <4C93A53C.2050703@redhat.com>
Message-ID: <4C93B2FB.9040707@redhat.com>

On 09/17/2010 01:28 PM, Pavel Z?na wrote:
> On 2010-09-16 17:10, Pavel Zuna wrote:
>> This adds the minimized version - the ones we want to ship to the end
>> user. For development you can still use the non-minimized versions just
>> by renaming files in your index.
>>
>> Pavel
>
> Latest version attached.
>
> Pavel
ACK, same caveats as the BIG web patch.



From ayoung at redhat.com  Fri Sep 17 18:29:11 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 14:29:11 -0400
Subject: [Freeipa-devel] Git Flow
Message-ID: <4C93B377.5010808@redhat.com>

THese are a couple links from a discussion on a mailing list for the Pulp project


http://jeffkreeftmeijer.com/2010/why-arent-you-using-git-flow/
http://nvie.com/posts/a-successful-git-branching-model/



It seems like a decent naming convention.  I'm not suggesting that we do it for the cerntral git repo, but it might make it easier to do collaborative work on big patches like we just had for the web ui.  Regardless, it is an interesting read.



From ayoung at redhat.com  Fri Sep 17 18:55:55 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 14:55:55 -0400
Subject: [Freeipa-devel] [PATCH] 529 ipaUniqueId enforcement
In-Reply-To: <4C91011F.4080108@redhat.com>
References: <4C91011F.4080108@redhat.com>
Message-ID: <4C93B9BB.6030507@redhat.com>

On 09/15/2010 01:23 PM, Rob Crittenden wrote:
> Enforce that ipaUniqueId is a unique attribute via the DS uniqueness 
> plugin and prevent updates to the attribute once it is written.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 17 18:57:36 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 14:57:36 -0400
Subject: [Freeipa-devel] [PATCH] 523 add 2 missing man pages
In-Reply-To: <4C895901.3010501@redhat.com>
References: <4C895901.3010501@redhat.com>
Message-ID: <4C93BA20.3000803@redhat.com>

On 09/09/2010 06:00 PM, Rob Crittenden wrote:
> Add missing man pages for ipa-dns-install and ipa-upgradeconfig.
>
> tickets 130 and 131
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 17 18:58:30 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 14:58:30 -0400
Subject: [Freeipa-devel] [PATCH] 522 add some ldap2 Backend tests
In-Reply-To: <4C8945BC.3020101@redhat.com>
References: <4C8945BC.3020101@redhat.com>
Message-ID: <4C93BA56.4090103@redhat.com>

On 09/09/2010 04:38 PM, Rob Crittenden wrote:
> Add some tests for using the ldap2 Backend.
>
> Fix a logic problem in ldap2:get_schema() for determining if it can 
> fetch the schema or not. Normally we only want to do this for servers 
> but if you pass in your own connection it will use that.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 17 19:42:07 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 15:42:07 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0034-2-Metadata-I18N.patch
In-Reply-To: <4C93B257.1040007@redhat.com>
References: <4C93B257.1040007@redhat.com>
Message-ID: <4C93C48F.4060606@redhat.com>

On 09/17/2010 02:24 PM, Adam Young wrote:
> Metadata I18N
>
>     Created a clone of the json_metadata plugin called plugin_metadata
>     It is identical in all reagards to the json_metadata plugin, 
> except it
>     performs the gettext transalation based on the 'language' parameter
>
>     Once this is accepted, the next step is to change over to using 
> this plugin,
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
I was doing an improper check for the presence of a key in the 
dictionary of env vars
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0034-2-Metadata-I18N.patch
Type: text/x-patch
Size: 2464 bytes
Desc: not available
URL: 

From edewata at redhat.com  Fri Sep 17 19:41:56 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Fri, 17 Sep 2010 15:41:56 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Restoring Services tab
In-Reply-To: <246162913.2463741284752505188.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <2055468798.2463811284752516484.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

This patch is based on Adam's bbq-tabs-modal branch.

The add.js has been modified to support adding new entry with
dynamically generated pkey.

The index.xhtml has been modified to include service.js.

The service.js has been modified to use the new API to define
the search, add, and details fields. Callbacks are used to
add quick links and generate pkey dynamically.

The webui.js has been modified to add the Services tab.

Thanks!

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0005-Restoring-Services-tab.patch
Type: text/x-patch
Size: 7944 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 19:55:29 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 15:55:29 -0400
Subject: [Freeipa-devel] [PATCH] Restoring Services tab
In-Reply-To: <2055468798.2463811284752516484.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <2055468798.2463811284752516484.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C93C7B1.9090807@redhat.com>

On 09/17/2010 03:41 PM, Endi Sukma Dewata wrote:
> Hi,
>
> This patch is based on Adam's bbq-tabs-modal branch.
>
> The add.js has been modified to support adding new entry with
> dynamically generated pkey.
>
> The index.xhtml has been modified to include service.js.
>
> The service.js has been modified to use the new API to define
> the search, add, and details fields. Callbacks are used to
> add quick links and generate pkey dynamically.
>
> The webui.js has been modified to add the Services tab.
>
> Thanks!
>
> --
> Endi S. Dewata
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From edewata at redhat.com  Fri Sep 17 20:03:19 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Fri, 17 Sep 2010 16:03:19 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH]
 admiyo-freeipa-0025-remove-pagaparams.patch
In-Reply-To: <4C937BFF.2020209@redhat.com>
Message-ID: <1149593532.2465691284753799252.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> Fixes a minor glitch in  pzuna-freeipa-0022-4-BIG which re-introduced
> 
> the  pageparams.js entry into the Makefile.am

ACK

--
Endi S. Dewata



From rcritten at redhat.com  Fri Sep 17 20:36:23 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 17 Sep 2010 16:36:23 -0400
Subject: [Freeipa-devel] [PATCH] 530 make client machine cert nickname more
	unique
Message-ID: <4C93D147.6030208@redhat.com>

We issue a server certificate into /etc/pki/nssdb when a client is 
enrolled. Use a more unique nickname of 'IPA Machine Certificate - 
' rather than Server-Cert.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-530-nickname.patch
Type: text/x-patch
Size: 3108 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 17 20:58:43 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 16:58:43 -0400
Subject: [Freeipa-devel] [PATCH] 530 make client machine cert nickname
 more	unique
In-Reply-To: <4C93D147.6030208@redhat.com>
References: <4C93D147.6030208@redhat.com>
Message-ID: <4C93D683.8040005@redhat.com>

On 09/17/2010 04:36 PM, Rob Crittenden wrote:
> We issue a server certificate into /etc/pki/nssdb when a client is 
> enrolled. Use a more unique nickname of 'IPA Machine Certificate - 
> ' rather than Server-Cert.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK, but you should consider a follow on patch that only sleeps on the 
failure case
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From rcritten at redhat.com  Fri Sep 17 21:21:52 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 17 Sep 2010 17:21:52 -0400
Subject: [Freeipa-devel] [PATCH] 530 make client machine cert nickname
 more	unique
In-Reply-To: <4C93D683.8040005@redhat.com>
References: <4C93D147.6030208@redhat.com> <4C93D683.8040005@redhat.com>
Message-ID: <4C93DBF0.7070006@redhat.com>

Adam Young wrote:
> On 09/17/2010 04:36 PM, Rob Crittenden wrote:
>> We issue a server certificate into /etc/pki/nssdb when a client is
>> enrolled. Use a more unique nickname of 'IPA Machine Certificate -
>> ' rather than Server-Cert.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK, but you should consider a follow on patch that only sleeps on the
> failure case

I used a while loop instead. The problem is that it takes some cycles to 
bring sssd (or make the nss_ldap connection) so sometimes the 'getent 
passwd admin' fails.

Pushed to master.

rob



From ayoung at redhat.com  Sat Sep 18 00:35:33 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 20:35:33 -0400
Subject: [Freeipa-devel] [PATCH] Icons
Message-ID: <4C940955.9050506@redhat.com>

THese are just place holder icons until we get the offical ones from 
UXD.  They look roughly like the finished product, with have some rough 
points.  They will be used by the next patch to Generate the quick links 
and facets.

THis is a huga patch, but it is all binary files.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0035-placeholder-icons.patch
Type: text/x-patch
Size: 31899 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Sat Sep 18 00:36:23 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 17 Sep 2010 20:36:23 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0036-links-and-facet-icons.patch
Message-ID: <4C940987.7090701@redhat.com>

This patch makes use of the previous patch to put the icons in the 
facets and quick links
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0036-links-and-facet-icons.patch
Type: text/x-patch
Size: 5773 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Sat Sep 18 01:33:37 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 17 Sep 2010 21:33:37 -0400
Subject: [Freeipa-devel] [PATCH] 531 make DNS autodiscovery smarter
Message-ID: <4C9416F1.5020006@redhat.com>

Better distinguish between when DNS discovery works and search more domains.

Passing domain and server on the command-line used to be considered as 
DNS autodiscovery worked. This was problematic if there was in fact no 
SRV records because krb5.conf would be configured without a specific KDC 
causing all Kerberos ops to fail.

Now if you pass in a domain/server it still tries to see if they are 
discoverable and if so won't hardcode a server, but will fall back to 
doing so if necessary.

Also be a lot more aggressive on looking for the SRV records. Use the 
search and domain values from /etc/resolv.conf on the chance that the 
SRV records aren't in the domain of the hostname of the machine.

An example of this would be if your laptop is in dhcp.example.com and 
your company's SRV records are in corp.example.com. Searching 
dhcp.example.com and example.com won't find the SRV records but the user 
is likely to have corp.redhat.com in the search list, at least.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-531-discovery.patch
Type: text/x-patch
Size: 7001 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Sat Sep 18 01:44:58 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 17 Sep 2010 21:44:58 -0400
Subject: [Freeipa-devel] [PATCH] 532 unenroll when a client is uninstalled
Message-ID: <4C94199A.5070202@redhat.com>

Unenroll a host when a client is uninstalled. This means we bind using 
the host credentials and disable our own keytab. This will let the 
client be re-enrolled without requiring admin input (used to have to 
either delete the host or disable the keytab as admin).

I also did some other cleanup in ipa-join and added a fair bit of info 
to the ipa-getkeytab and ipa-join man pages.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-532-unenroll.patch
Type: text/x-patch
Size: 29690 bytes
Desc: not available
URL: 

From pzuna at redhat.com  Mon Sep 20 11:22:50 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Mon, 20 Sep 2010 13:22:50 +0200
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0026-fixed-formatting-of-search-table.patch
In-Reply-To: <4C937C4E.6080603@redhat.com>
References: <4C937C4E.6080603@redhat.com>
Message-ID: <4C97440A.8050004@redhat.com>

On 09/17/2010 04:33 PM, Adam Young wrote:
> admiyo-freeipa-0026-fixed-formatting-of-search-table.patch
>
>

ACK.

Pavel



From pzuna at redhat.com  Mon Sep 20 11:23:23 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Mon, 20 Sep 2010 13:23:23 +0200
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0027-fix-sampledata.patch
In-Reply-To: <4C937C7B.9030003@redhat.com>
References: <4C937C7B.9030003@redhat.com>
Message-ID: <4C97442B.7080908@redhat.com>

On 09/17/2010 04:34 PM, Adam Young wrote:
> URL needs to be relative, not absolute in order for in tree development
>
>

ACK.

Pavel



From pzuna at redhat.com  Mon Sep 20 11:57:14 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Mon, 20 Sep 2010 13:57:14 +0200
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0031-unbroke-the-facets-link.patch
In-Reply-To: <4C937E05.6020203@redhat.com>
References: <4C937E05.6020203@redhat.com>
Message-ID: <4C974C1A.70900@redhat.com>

On 09/17/2010 04:41 PM, Adam Young wrote:
> This has a fix for a previous patch which turned the facets into a
> hortizontal list, but broke the clickability.
>
>

ACK.

Pavel



From pzuna at redhat.com  Mon Sep 20 11:57:51 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Mon, 20 Sep 2010 13:57:51 +0200
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0032-css-cleanup.patch
In-Reply-To: <4C937E55.6000909@redhat.com>
References: <4C937E55.6000909@redhat.com>
Message-ID: <4C974C3F.4070705@redhat.com>

On 09/17/2010 04:42 PM, Adam Young wrote:
> Fixes many of the CSS issues introduced by jquery.ui.tabs.  Not all, but
> it looks a lot better
>
>

ACK.

Pavel



From pzuna at redhat.com  Mon Sep 20 11:58:09 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Mon, 20 Sep 2010 13:58:09 +0200
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0033-pointer-cursor-for-facets.patch
In-Reply-To: <4C937E98.9090904@redhat.com>
References: <4C937E98.9090904@redhat.com>
Message-ID: <4C974C51.2000005@redhat.com>

On 09/17/2010 04:43 PM, Adam Young wrote:
> Changes the mouse icon for facets to a the pointer, signifying clickability
>
>

ACK.

Pavel



From pzuna at redhat.com  Mon Sep 20 11:59:37 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Mon, 20 Sep 2010 13:59:37 +0200
Subject: [Freeipa-devel] [PATCH] Icons
In-Reply-To: <4C940955.9050506@redhat.com>
References: <4C940955.9050506@redhat.com>
Message-ID: <4C974CA9.8020604@redhat.com>

On 09/18/2010 02:35 AM, Adam Young wrote:
> THese are just place holder icons until we get the offical ones from
> UXD.  They look roughly like the finished product, with have some rough
> points. They will be used by the next patch to Generate the quick links
> and facets.
>
> THis is a huga patch, but it is all binary files.
>

ACK.

Pavel



From pzuna at redhat.com  Mon Sep 20 12:10:53 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Mon, 20 Sep 2010 14:10:53 +0200
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0030-moved-images-up.patch
In-Reply-To: <4C937D67.3030402@redhat.com>
References: <4C937D67.3030402@redhat.com>
Message-ID: <4C974F4D.3020006@redhat.com>

On 09/17/2010 04:38 PM, Adam Young wrote:
> moved images up
> Adding an 'images' subdir was proliferating changes throughout the build
> system
> this seemed easier
>
> Submitted as a separate patch to signify where wea re departing from
> what is generated by theme-roller
>

Doesn't apply for me. Missing some image files and doesn't apply on jquery-ui.css.

I applied all your patches I could find before this one, but I can't find number 
28 on the list. Maybe that's the reason.

Pavel



From pzuna at redhat.com  Mon Sep 20 12:29:54 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Mon, 20 Sep 2010 14:29:54 +0200
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0036-links-and-facet-icons.patch
In-Reply-To: <4C940987.7090701@redhat.com>
References: <4C940987.7090701@redhat.com>
Message-ID: <4C9753C2.3080607@redhat.com>

On 09/18/2010 02:36 AM, Adam Young wrote:
> This patch makes use of the previous patch to put the icons in the
> facets and quick links
>

It looks OK, but I can't test it because the required patch 30 doesn't apply for me.

Pavel



From ayoung at redhat.com  Mon Sep 20 13:19:00 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 09:19:00 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0028-theme.patch
Message-ID: <4C975F44.5070701@redhat.com>

admiyo-freeipa-0028-theme.patch

Use customized theme and images that is closer to the UX suggested look 
and feel
This is required to get patch 30 to apply as well.



From ayoung at redhat.com  Mon Sep 20 13:19:18 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 09:19:18 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0030-moved-images-up.patch
In-Reply-To: <4C974F4D.3020006@redhat.com>
References: <4C937D67.3030402@redhat.com> <4C974F4D.3020006@redhat.com>
Message-ID: <4C975F56.8030003@redhat.com>

On 09/20/2010 08:10 AM, Pavel Zuna wrote:
> On 09/17/2010 04:38 PM, Adam Young wrote:
>> moved images up
>> Adding an 'images' subdir was proliferating changes throughout the build
>> system
>> this seemed easier
>>
>> Submitted as a separate patch to signify where wea re departing from
>> what is generated by theme-roller
>>
>
> Doesn't apply for me. Missing some image files and doesn't apply on 
> jquery-ui.css.
>
> I applied all your patches I could find before this one, but I can't 
> find number 28 on the list. Maybe that's the reason.
>
> Pavel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0028-theme.patch
Type: text/x-patch
Size: 56343 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Mon Sep 20 13:33:31 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 09:33:31 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0028-theme.patch
In-Reply-To: <4C975F44.5070701@redhat.com>
References: <4C975F44.5070701@redhat.com>
Message-ID: <4C9762AB.80109@redhat.com>

On 09/20/2010 09:19 AM, Adam Young wrote:
> admiyo-freeipa-0028-theme.patch
>
> Use customized theme and images that is closer to the UX suggested 
> look and feel
> This is required to get patch 30 to apply as well.
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


Posted the patch in the wrong email, sse the thread about patch 30



From rcritten at redhat.com  Mon Sep 20 14:07:46 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 10:07:46 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0034-2-Metadata-I18N.patch
In-Reply-To: <4C93C48F.4060606@redhat.com>
References: <4C93B257.1040007@redhat.com> <4C93C48F.4060606@redhat.com>
Message-ID: <4C976AB2.9070902@redhat.com>

Adam Young wrote:
> On 09/17/2010 02:24 PM, Adam Young wrote:
>> Metadata I18N
>>
>> Created a clone of the json_metadata plugin called plugin_metadata
>> It is identical in all reagards to the json_metadata plugin, except it
>> performs the gettext transalation based on the 'language' parameter
>>
>> Once this is accepted, the next step is to change over to using this
>> plugin,
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> I was doing an improper check for the presence of a key in the
> dictionary of env vars
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

It would be nice to be able to use the Accept-Language header provided 
by the browser.

The wsgi environ variable holds the headers as a dictionary and it'll 
look something like:

'HTTP_ACCEPT_LANGUAGE': 'en-us,en;q=0.5'

So this means my browser accepts en-us and en (and prefer en-us over 
en). See full definition at 
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4

We should be able to stick the accepts-language value into the request 
context and evaluate it later. See in ipaserver/rpcserver.py the call to 
create_context().

How is the javascript call going to know what language to request?

And a small nit. The help for the argument says 2-character language 
code. This ignores the language subtags (e.g. en-US).

rob



From ayoung at redhat.com  Mon Sep 20 14:19:23 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 10:19:23 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0034-2-Metadata-I18N.patch
In-Reply-To: <4C976AB2.9070902@redhat.com>
References: <4C93B257.1040007@redhat.com> <4C93C48F.4060606@redhat.com>
	<4C976AB2.9070902@redhat.com>
Message-ID: <4C976D6B.6020706@redhat.com>

On 09/20/2010 10:07 AM, Rob Crittenden wrote:
> Adam Young wrote:
>> On 09/17/2010 02:24 PM, Adam Young wrote:
>>> Metadata I18N
>>>
>>> Created a clone of the json_metadata plugin called plugin_metadata
>>> It is identical in all reagards to the json_metadata plugin, except it
>>> performs the gettext transalation based on the 'language' parameter
>>>
>>> Once this is accepted, the next step is to change over to using this
>>> plugin,
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> I was doing an improper check for the presence of a key in the
>> dictionary of env vars
>>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> It would be nice to be able to use the Accept-Language header provided 
> by the browser.
>
> The wsgi environ variable holds the headers as a dictionary and it'll 
> look something like:
>
> 'HTTP_ACCEPT_LANGUAGE': 'en-us,en;q=0.5'
>
> So this means my browser accepts en-us and en (and prefer en-us over 
> en). See full definition at 
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4

I'm aware, I just wasn't certain if this info was available to the plugins

>
> We should be able to stick the accepts-language value into the request 
> context and evaluate it later. See in ipaserver/rpcserver.py the call 
> to create_context().
>
> How is the javascript call going to know what language to request?

JS has acces to the header info, and could also let the user save their 
preference in a cookie.  I'd like to have both options, and so think we 
should only evaluate the parameter if it is present, and use the header 
info as the default.

>
> And a small nit. The help for the argument says 2-character language 
> code. This ignores the language subtags (e.g. en-US).

If we get to the point that we are differentiating between en_US and 
en_AS, we will have won this battle.  I'll update the Docs once we start 
doing locale specific files!

>
> rob







From rcritten at redhat.com  Mon Sep 20 14:23:56 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 10:23:56 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0034-2-Metadata-I18N.patch
In-Reply-To: <4C976D6B.6020706@redhat.com>
References: <4C93B257.1040007@redhat.com> <4C93C48F.4060606@redhat.com>
	<4C976AB2.9070902@redhat.com> <4C976D6B.6020706@redhat.com>
Message-ID: <4C976E7C.7030203@redhat.com>

Adam Young wrote:
> On 09/20/2010 10:07 AM, Rob Crittenden wrote:
>> Adam Young wrote:
>>> On 09/17/2010 02:24 PM, Adam Young wrote:
>>>> Metadata I18N
>>>>
>>>> Created a clone of the json_metadata plugin called plugin_metadata
>>>> It is identical in all reagards to the json_metadata plugin, except it
>>>> performs the gettext transalation based on the 'language' parameter
>>>>
>>>> Once this is accepted, the next step is to change over to using this
>>>> plugin,
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>> I was doing an improper check for the presence of a key in the
>>> dictionary of env vars
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> It would be nice to be able to use the Accept-Language header provided
>> by the browser.
>>
>> The wsgi environ variable holds the headers as a dictionary and it'll
>> look something like:
>>
>> 'HTTP_ACCEPT_LANGUAGE': 'en-us,en;q=0.5'
>>
>> So this means my browser accepts en-us and en (and prefer en-us over
>> en). See full definition at
>> http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4
>
> I'm aware, I just wasn't certain if this info was available to the plugins

It isn't yet, you need to add it to the request context.

>
>>
>> We should be able to stick the accepts-language value into the request
>> context and evaluate it later. See in ipaserver/rpcserver.py the call
>> to create_context().
>>
>> How is the javascript call going to know what language to request?
>
> JS has acces to the header info, and could also let the user save their
> preference in a cookie. I'd like to have both options, and so think we
> should only evaluate the parameter if it is present, and use the header
> info as the default.

I'd prefer to leave it a preference for the browser, this is what tha 
languages support is for.

>
>>
>> And a small nit. The help for the argument says 2-character language
>> code. This ignores the language subtags (e.g. en-US).
>
> If we get to the point that we are differentiating between en_US and
> en_AS, we will have won this battle. I'll update the Docs once we start
> doing locale specific files!

We have one now, zh_CN.

rob



From jdennis at redhat.com  Mon Sep 20 14:44:51 2010
From: jdennis at redhat.com (John Dennis)
Date: Mon, 20 Sep 2010 10:44:51 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0034-2-Metadata-I18N.patch
In-Reply-To: <4C976D6B.6020706@redhat.com>
References: <4C93B257.1040007@redhat.com>
	<4C93C48F.4060606@redhat.com>	<4C976AB2.9070902@redhat.com>
	<4C976D6B.6020706@redhat.com>
Message-ID: <4C977363.8090305@redhat.com>

On 09/20/2010 10:19 AM, Adam Young wrote:
> On 09/20/2010 10:07 AM, Rob Crittenden wrote:
>> And a small nit. The help for the argument says 2-character language
>> code. This ignores the language subtags (e.g. en-US).
>
> If we get to the point that we are differentiating between en_US and
> en_AS, we will have won this battle.  I'll update the Docs once we start
> doing locale specific files!

FYI, I have seen i18n fail when the country code (i.e. dialect) is 
omitted and only the language code is used. One might expect simply 
setting the language code would be sufficient and a default country code 
would be selected by default but there seem to parts of the system which 
can't deal with this. I saw the problem when setting the LANG 
environment variable and glibc's locale function failed to work 
correctly. Not sure if the same problem would exist in GNU gettext when 
selecting the message catalog, but why take the chance?

-- 
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



From edewata at redhat.com  Mon Sep 20 15:30:59 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Mon, 20 Sep 2010 11:30:59 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH]
 admiyo-freeipa-0030-moved-images-up.patch
In-Reply-To: <4C975F56.8030003@redhat.com>
Message-ID: <664812804.2568331284996659869.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> On 09/20/2010 08:10 AM, Pavel Zuna wrote:
> > On 09/17/2010 04:38 PM, Adam Young wrote:
> >> moved images up
> >> Adding an 'images' subdir was proliferating changes throughout the
> build
> >> system
> >> this seemed easier
> >>
> >> Submitted as a separate patch to signify where wea re departing
> from
> >> what is generated by theme-roller
> >>
> >
> > Doesn't apply for me. Missing some image files and doesn't apply on
> 
> > jquery-ui.css.
> >
> > I applied all your patches I could find before this one, but I can't
> 
> > find number 28 on the list. Maybe that's the reason.
> >
> > Pavel

admiyo-freeipa-0028-theme.patch
ACK.

--
Endi S. Dewata



From ayoung at redhat.com  Mon Sep 20 16:13:28 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:13:28 -0400
Subject: [Freeipa-devel] [PATCH] Adding quick links in user and group
 search	results.
In-Reply-To: <4C9118A6.2060403@redhat.com>
References: <1885894465.2224491284572894924.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
	<4C9118A6.2060403@redhat.com>
Message-ID: <4C978828.40002@redhat.com>

On 09/15/2010 03:04 PM, Adam Young wrote:
> On 09/15/2010 01:48 PM, Endi Sukma Dewata wrote:
>> ----- "Adam Young"  wrote:
>>
>>> ACK, but change the Column heading to Quick Links first
>> OK, fixed. Thanks.
>>
>> -- 
>> Endi S. Dewata
>
>
> I've pushed my version of Pavel's patch to my Fedora people repo:  THe 
> branch is called tabs-modal and the patch is commit 
> de85ed06855a2a5b17b4d80bae9445eb3fec6275.  Note that I havea bunch of 
> other work in that branch as well, but it should not affect you, and 
> you don't want those commits.
>
> Please fetch this, cherry pick just that commit, and then add your 
> commit on top of it, and push to a branch your repo.  We'll start to 
> craft the end state of the patch as a group.
>
> I expect to see an updated patch from Pavel shortly, with the JQuery 
> assets in it.  Once we get that, we can rebase our work on top of that 
> patch and the one he sent out earlier today.
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
pushed to master



From ayoung at redhat.com  Mon Sep 20 16:14:14 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:14:14 -0400
Subject: [Freeipa-devel] [PATCH] Add jQuery UI and jQuery BBQ libraries
	to the project
In-Reply-To: <4C93A53C.2050703@redhat.com>
References: <4C923366.8000506@redhat.com> <4C93A53C.2050703@redhat.com>
Message-ID: <4C978856.8090806@redhat.com>

On 09/17/2010 01:28 PM, Pavel Z?na wrote:
> On 2010-09-16 17:10, Pavel Zuna wrote:
>> This adds the minimized version - the ones we want to ship to the end
>> user. For development you can still use the non-minimized versions just
>> by renaming files in your index.
>>
>> Pavel
>
> Latest version attached.
>
> Pavel
Pushed to master



From ayoung at redhat.com  Mon Sep 20 16:15:15 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:15:15 -0400
Subject: [Freeipa-devel] [PATCH] Big webUI patch.
In-Reply-To: <4C8E8016.6080900@redhat.com>
References: <4C8E8016.6080900@redhat.com>
Message-ID: <4C978893.40005@redhat.com>

On 09/13/2010 03:48 PM, Pavel Z?na wrote:
> very simplified summary:
> - introduce jQuery UI and jQuery BBQ libraries to the project
> - code restructuring
>
> There are so many changes, there's no place to list them here.
>
> See freeipa-devel list:
> "webUI code restructuring [wall of text, diagrams, ... you have been 
> warned!]" on 2010-09-07.
>
>
> This is the first shot. The patch is gigantic. I'll try to integrate 
> Endi's service patch(es) into the new code tomorrow. I didn't manage 
> to do it today and it's getting a bit late, sorry.
>
> Pavel
Updated version pushed to master



From edewata at redhat.com  Mon Sep 20 16:14:20 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Mon, 20 Sep 2010 12:14:20 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH]
 admiyo-freeipa-0030-moved-images-up.patch
In-Reply-To: <1723170256.2573951284999118303.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1064588218.2574251284999260895.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> moved images up
>   Adding an 'images' subdir was proliferating changes throughout the 
> build system
>   this seemed easier
> 
> Submitted as a separate patch to signify where wea re departing from 
> what is generated by theme-roller

admiyo-freeipa-0030-moved-images-up.patch

ACK with a few notes:
- If the number of images is getting large, it's better to use a separate
  folder for images.
- If the theme needs to be regenerated, the files need to be modified &
  rearranged again.
- To support customizable UI, the file needs to be modified & rearranged
  again.

--
Endi S. Dewata



From ayoung at redhat.com  Mon Sep 20 16:15:53 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:15:53 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0030-moved-images-up.patch
In-Reply-To: <1064588218.2574251284999260895.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1064588218.2574251284999260895.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C9788B9.6010707@redhat.com>

On 09/20/2010 12:14 PM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> moved images up
>>    Adding an 'images' subdir was proliferating changes throughout the
>> build system
>>    this seemed easier
>>
>> Submitted as a separate patch to signify where wea re departing from
>> what is generated by theme-roller
>>      
> admiyo-freeipa-0030-moved-images-up.patch
>
> ACK with a few notes:
> - If the number of images is getting large, it's better to use a separate
>    folder for images.
> - If the theme needs to be regenerated, the files need to be modified&
>    rearranged again.
> - To support customizable UI, the file needs to be modified&  rearranged
>    again.
>
> --
> Endi S. Dewata
>    
Pushed to master.



From ayoung at redhat.com  Mon Sep 20 16:16:15 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:16:15 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0026-fixed-formatting-of-search-table.patch
In-Reply-To: <4C97440A.8050004@redhat.com>
References: <4C937C4E.6080603@redhat.com> <4C97440A.8050004@redhat.com>
Message-ID: <4C9788CF.90305@redhat.com>

On 09/20/2010 07:22 AM, Pavel Zuna wrote:
> On 09/17/2010 04:33 PM, Adam Young wrote:
>> admiyo-freeipa-0026-fixed-formatting-of-search-table.patch
>>
>>
>
> ACK.
>
> Pavel
Pushed to Master



From ayoung at redhat.com  Mon Sep 20 16:16:51 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:16:51 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0025-remove-pagaparams.patch
In-Reply-To: <1149593532.2465691284753799252.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1149593532.2465691284753799252.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C9788F3.4030105@redhat.com>

On 09/17/2010 04:03 PM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> Fixes a minor glitch in  pzuna-freeipa-0022-4-BIG which re-introduced
>>
>> the  pageparams.js entry into the Makefile.am
>>      
> ACK
>
> --
> Endi S. Dewata
>    
Pushed top master



From ayoung at redhat.com  Mon Sep 20 16:17:39 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:17:39 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0028-theme.patch
In-Reply-To: <4C9762AB.80109@redhat.com>
References: <4C975F44.5070701@redhat.com> <4C9762AB.80109@redhat.com>
Message-ID: <4C978923.6050709@redhat.com>

On 09/20/2010 09:33 AM, Adam Young wrote:
> On 09/20/2010 09:19 AM, Adam Young wrote:
>> admiyo-freeipa-0028-theme.patch
>>
>> Use customized theme and images that is closer to the UX suggested 
>> look and feel
>> This is required to get patch 30 to apply as well.
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
> Posted the patch in the wrong email, sse the thread about patch 30
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
pushed to master



From ayoung at redhat.com  Mon Sep 20 16:18:21 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:18:21 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0029-css-tabs-and-facets.patch
In-Reply-To: <4C937D96.5030906@redhat.com>
References: <4C937D02.4090401@redhat.com> <4C937D96.5030906@redhat.com>
Message-ID: <4C97894D.3000800@redhat.com>

On 09/17/2010 10:39 AM, Adam Young wrote:
> On 09/17/2010 10:36 AM, Adam Young wrote:
>> css tabs and facets
>>  includes Makfile changes to get images to deploy
>>
>>
>> Note that the Makefile changes are undone by a later patch.
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
pushed to master

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Mon Sep 20 16:20:19 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:20:19 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0027-fix-sampledata.patch
In-Reply-To: <4C97442B.7080908@redhat.com>
References: <4C937C7B.9030003@redhat.com> <4C97442B.7080908@redhat.com>
Message-ID: <4C9789C3.2080400@redhat.com>

On 09/20/2010 07:23 AM, Pavel Zuna wrote:
> On 09/17/2010 04:34 PM, Adam Young wrote:
>> URL needs to be relative, not absolute in order for in tree development
>>
>>
>
> ACK.
>
> Pavel
Pushed to master



From ayoung at redhat.com  Mon Sep 20 16:20:38 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:20:38 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0031-unbroke-the-facets-link.patch
In-Reply-To: <4C974C1A.70900@redhat.com>
References: <4C937E05.6020203@redhat.com> <4C974C1A.70900@redhat.com>
Message-ID: <4C9789D6.9070202@redhat.com>

On 09/20/2010 07:57 AM, Pavel Zuna wrote:
> On 09/17/2010 04:41 PM, Adam Young wrote:
>> This has a fix for a previous patch which turned the facets into a
>> hortizontal list, but broke the clickability.
>>
>>
>
> ACK.
>
> Pavel
Pushed to master



From ayoung at redhat.com  Mon Sep 20 16:20:57 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:20:57 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0032-css-cleanup.patch
In-Reply-To: <4C974C3F.4070705@redhat.com>
References: <4C937E55.6000909@redhat.com> <4C974C3F.4070705@redhat.com>
Message-ID: <4C9789E9.2080405@redhat.com>

On 09/20/2010 07:57 AM, Pavel Zuna wrote:
> On 09/17/2010 04:42 PM, Adam Young wrote:
>> Fixes many of the CSS issues introduced by jquery.ui.tabs.  Not all, but
>> it looks a lot better
>>
>>
>
> ACK.
>
> Pavel
Pushed to master



From ayoung at redhat.com  Mon Sep 20 16:21:13 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:21:13 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0033-pointer-cursor-for-facets.patch
In-Reply-To: <4C974C51.2000005@redhat.com>
References: <4C937E98.9090904@redhat.com> <4C974C51.2000005@redhat.com>
Message-ID: <4C9789F9.7060304@redhat.com>

On 09/20/2010 07:58 AM, Pavel Zuna wrote:
> On 09/17/2010 04:43 PM, Adam Young wrote:
>> Changes the mouse icon for facets to a the pointer, signifying 
>> clickability
>>
>>
>
> ACK.
>
> Pavel
Pushed to master



From ayoung at redhat.com  Mon Sep 20 16:21:39 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:21:39 -0400
Subject: [Freeipa-devel] [PATCH] Icons
In-Reply-To: <4C940955.9050506@redhat.com>
References: <4C940955.9050506@redhat.com>
Message-ID: <4C978A13.6030109@redhat.com>

On 09/17/2010 08:35 PM, Adam Young wrote:
> THese are just place holder icons until we get the offical ones from 
> UXD.  They look roughly like the finished product, with have some 
> rough points.  They will be used by the next patch to Generate the 
> quick links and facets.
>
> THis is a huga patch, but it is all binary files.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Pushed to master

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Mon Sep 20 16:21:58 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:21:58 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0030-moved-images-up.patch
In-Reply-To: <664812804.2568331284996659869.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <664812804.2568331284996659869.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C978A26.6010308@redhat.com>

On 09/20/2010 11:30 AM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> On 09/20/2010 08:10 AM, Pavel Zuna wrote:
>>      
>>> On 09/17/2010 04:38 PM, Adam Young wrote:
>>>        
>>>> moved images up
>>>> Adding an 'images' subdir was proliferating changes throughout the
>>>>          
>> build
>>      
>>>> system
>>>> this seemed easier
>>>>
>>>> Submitted as a separate patch to signify where wea re departing
>>>>          
>> from
>>      
>>>> what is generated by theme-roller
>>>>
>>>>          
>>> Doesn't apply for me. Missing some image files and doesn't apply on
>>>        
>>      
>>> jquery-ui.css.
>>>
>>> I applied all your patches I could find before this one, but I can't
>>>        
>>      
>>> find number 28 on the list. Maybe that's the reason.
>>>
>>> Pavel
>>>        
> admiyo-freeipa-0028-theme.patch
> ACK.
>
> --
> Endi S. Dewata
>    
Pushed to master



From ayoung at redhat.com  Mon Sep 20 16:22:55 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:22:55 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0036-links-and-facet-icons.patch
In-Reply-To: <4C9753C2.3080607@redhat.com>
References: <4C940987.7090701@redhat.com> <4C9753C2.3080607@redhat.com>
Message-ID: <4C978A5F.4050006@redhat.com>

On 09/20/2010 08:29 AM, Pavel Zuna wrote:
> On 09/18/2010 02:36 AM, Adam Young wrote:
>> This patch makes use of the previous patch to put the icons in the
>> facets and quick links
>>
>
> It looks OK, but I can't test it because the required patch 30 doesn't 
> apply for me.
>
> Pavel
ACKed in IRC by edewata, pushed to master



From ayoung at redhat.com  Mon Sep 20 16:47:50 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 12:47:50 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0034-2-Metadata-I18N.patch
In-Reply-To: <4C977363.8090305@redhat.com>
References: <4C93B257.1040007@redhat.com>
	<4C93C48F.4060606@redhat.com>	<4C976AB2.9070902@redhat.com>
	<4C976D6B.6020706@redhat.com> <4C977363.8090305@redhat.com>
Message-ID: <4C979036.80700@redhat.com>

On 09/20/2010 10:44 AM, John Dennis wrote:
> On 09/20/2010 10:19 AM, Adam Young wrote:
>> On 09/20/2010 10:07 AM, Rob Crittenden wrote:
>>> And a small nit. The help for the argument says 2-character language
>>> code. This ignores the language subtags (e.g. en-US).
>>
>> If we get to the point that we are differentiating between en_US and
>> en_AS, we will have won this battle.  I'll update the Docs once we start
>> doing locale specific files!
>
> FYI, I have seen i18n fail when the country code (i.e. dialect) is 
> omitted and only the language code is used. One might expect simply 
> setting the language code would be sufficient and a default country 
> code would be selected by default but there seem to parts of the 
> system which can't deal with this. I saw the problem when setting the 
> LANG environment variable and glibc's locale function failed to work 
> correctly. Not sure if the same problem would exist in GNU gettext 
> when selecting the message catalog, but why take the chance?
>
This covers the doc string
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0037-Locale-for-language.patch
Type: text/x-patch
Size: 854 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Mon Sep 20 16:52:47 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 12:52:47 -0400
Subject: [Freeipa-devel] [PATCH] 533 add hostname resolver
Message-ID: <4C97915F.6090104@redhat.com>

Basic "here is a hostname see if it is in DNS" resolver. I put it as 
part of the DNS plugin because it seemed more of a natural fit there. It 
will work whether IPA is configured with a DNS server or not. It uses a 
pure DNS resolver library to find a host.

It will append the default IPA domain name if one appears to not be 
included but it doesn't do anything smarter than that.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-533-lookup.patch
Type: application/mbox
Size: 2500 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Mon Sep 20 16:59:08 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 12:59:08 -0400
Subject: [Freeipa-devel] [PATCH] 534 updates to spec file
Message-ID: <4C9792DC.60505@redhat.com>

Drop Requires on python-configobj. It is a leftover from TurboGears.

Remove ipa-ldap-updater message. It was meant to detect when an upgrade 
is required, we're doing this differently in v2.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-534-spec.patch
Type: application/mbox
Size: 1719 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Mon Sep 20 17:11:15 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 13:11:15 -0400
Subject: [Freeipa-devel] [PATCH] 535 add hbac example of creating service
	and service group
Message-ID: <4C9795B3.9020602@redhat.com>

Try to tie together the hbac and hbacsvc/hbacsvcgroup plugins better via 
an example.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-535-example.patch
Type: application/mbox
Size: 1182 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Mon Sep 20 17:38:19 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 13:38:19 -0400
Subject: [Freeipa-devel] [PATCH] 536 throw and catch
 CertificateOperationError properly in replica preparer
Message-ID: <4C979C0B.3090204@redhat.com>

Properly handle CertificateOperationErrors in replication prepration.

The problem here was two-fold: the certs manager was raising an error it 
didn't know about and ipa-replica-prepare wasn't catching it.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-536-certs.patch
Type: application/mbox
Size: 2266 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Mon Sep 20 18:19:02 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 14:19:02 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0038-I18N-of-RPC.patch
In-Reply-To: <4C979036.80700@redhat.com>
References: <4C93B257.1040007@redhat.com>	<4C93C48F.4060606@redhat.com>	<4C976AB2.9070902@redhat.com>	<4C976D6B.6020706@redhat.com>
	<4C977363.8090305@redhat.com> <4C979036.80700@redhat.com>
Message-ID: <4C97A596.5080808@redhat.com>

This is the simplest, most global approach to I18N.  It does complete 
I18N on the server side by setting the locale on each request, based on 
the value in the http header.

If we go this route, I can remove the parameter as a parameter on the 
metadata plugin



To test this:

curl   -H "Content-Type:application/json"          -H 
"Accept:applicaton/json" -H "Accept-Language:uk"        --negotiate -u 
:          --cacert /etc/ipa/ca.crt           -d  
'{"method":"plugin_metadata","params":[[""],{"all":true}],"id":6}'          
-X POST       http://localhost:8888/ipa/json  | grep label


And note that is should work for any RPC.  For example


:"user_find","params":[[""],{"all":true}],"id":6}'          -X 
POST       http://localhost:8888/ipa/json  | grep summary
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  
Current
                                  Dload  Upload   Total   Spent    Left  
Speed
100 13114    0 13114    0    58  42902    189 --:--:-- --:--:-- --:--:-- 
42996
         "summary": 
"\u0432\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e 
\u0432\u0456\u0434\u043f\u043e\u0432\u0456\u0434\u043d\u0456\u0441\u0442\u044c 
7 
\u043a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0447\u0456\u0432",
[ayoung at ipa freeipa]$ curl   -H "Content-Type:application/json"          
-H "Accept:applicaton/json" -H "Accept-Language:es"        --negotiate 
-u :          --cacert /etc/ipa/ca.crt           -d  
'{"method":"user_find","params":[[""],{"all":true}],"id":6}'          -X 
POST       http://localhost:8888/ipa/json  | grep summary
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  
Current
                                  Dload  Upload   Total   Spent    Left  
Speed
100 12917    0 12917    0    58  48572    218 --:--:-- --:--:-- --:--:-- 
48743
         "summary": "7 usuarios coincidentes",
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0038-I18N-of-RPC.patch
Type: text/x-patch
Size: 1574 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Mon Sep 20 18:25:42 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 14:25:42 -0400
Subject: [Freeipa-devel] [PATCH] 531 make DNS autodiscovery smarter
In-Reply-To: <4C9416F1.5020006@redhat.com>
References: <4C9416F1.5020006@redhat.com>
Message-ID: <4C97A726.50209@redhat.com>

On 09/17/2010 09:33 PM, Rob Crittenden wrote:
> Better distinguish between when DNS discovery works and search more 
> domains.
>
> Passing domain and server on the command-line used to be considered as 
> DNS autodiscovery worked. This was problematic if there was in fact no 
> SRV records because krb5.conf would be configured without a specific 
> KDC causing all Kerberos ops to fail.
>
> Now if you pass in a domain/server it still tries to see if they are 
> discoverable and if so won't hardcode a server, but will fall back to 
> doing so if necessary.
>
> Also be a lot more aggressive on looking for the SRV records. Use the 
> search and domain values from /etc/resolv.conf on the chance that the 
> SRV records aren't in the domain of the hostname of the machine.
>
> An example of this would be if your laptop is in dhcp.example.com and 
> your company's SRV records are in corp.example.com. Searching 
> dhcp.example.com and example.com won't find the SRV records but the 
> user is likely to have corp.redhat.com in the search list, at least.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Mon Sep 20 18:27:21 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 14:27:21 -0400
Subject: [Freeipa-devel] [PATCH] 532 unenroll when a client is
	uninstalled
In-Reply-To: <4C94199A.5070202@redhat.com>
References: <4C94199A.5070202@redhat.com>
Message-ID: <4C97A789.30403@redhat.com>

On 09/17/2010 09:44 PM, Rob Crittenden wrote:
> Unenroll a host when a client is uninstalled. This means we bind using 
> the host credentials and disable our own keytab. This will let the 
> client be re-enrolled without requiring admin input (used to have to 
> either delete the host or disable the keytab as admin).
>
> I also did some other cleanup in ipa-join and added a fair bit of info 
> to the ipa-getkeytab and ipa-join man pages.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From rcritten at redhat.com  Mon Sep 20 19:18:42 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 15:18:42 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0038-I18N-of-RPC.patch
In-Reply-To: <4C97A596.5080808@redhat.com>
References: <4C93B257.1040007@redhat.com>	<4C93C48F.4060606@redhat.com>	<4C976AB2.9070902@redhat.com>	<4C976D6B.6020706@redhat.com>	<4C977363.8090305@redhat.com>
	<4C979036.80700@redhat.com> <4C97A596.5080808@redhat.com>
Message-ID: <4C97B392.3000207@redhat.com>

Adam Young wrote:
> This is the simplest, most global approach to I18N.  It does complete
> I18N on the server side by setting the locale on each request, based on
> the value in the http header.
>
> If we go this route, I can remove the parameter as a parameter on the
> metadata plugin
>
>
>
> To test this:
>
> curl -H "Content-Type:application/json" -H "Accept:applicaton/json" -H
> "Accept-Language:uk" --negotiate -u : --cacert /etc/ipa/ca.crt -d
> '{"method":"plugin_metadata","params":[[""],{"all":true}],"id":6}' -X
> POST http://localhost:8888/ipa/json | grep label
>
>
> And note that is should work for any RPC. For example
>
>
> :"user_find","params":[[""],{"all":true}],"id":6}' -X POST
> http://localhost:8888/ipa/json | grep summary
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 100 13114 0 13114 0 58 42902 189 --:--:-- --:--:-- --:--:-- 42996
> "summary":
> "\u0432\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e
> \u0432\u0456\u0434\u043f\u043e\u0432\u0456\u0434\u043d\u0456\u0441\u0442\u044c
> 7
> \u043a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0447\u0456\u0432",
> [ayoung at ipa freeipa]$ curl -H "Content-Type:application/json" -H
> "Accept:applicaton/json" -H "Accept-Language:es" --negotiate -u :
> --cacert /etc/ipa/ca.crt -d
> '{"method":"user_find","params":[[""],{"all":true}],"id":6}' -X POST
> http://localhost:8888/ipa/json | grep summary
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 100 12917 0 12917 0 58 48572 218 --:--:-- --:--:-- --:--:-- 48743
> "summary": "7 usuarios coincidentes",
>

ack. We'll need to ensure that Apache is running in forking mode to be 
safe, we have a separate ticket open on that.

rob



From ayoung at redhat.com  Mon Sep 20 19:22:18 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 15:22:18 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0038-I18N-of-RPC.patch
In-Reply-To: <4C97B392.3000207@redhat.com>
References: <4C93B257.1040007@redhat.com>	<4C93C48F.4060606@redhat.com>	<4C976AB2.9070902@redhat.com>	<4C976D6B.6020706@redhat.com>	<4C977363.8090305@redhat.com>
	<4C979036.80700@redhat.com> <4C97A596.5080808@redhat.com>
	<4C97B392.3000207@redhat.com>
Message-ID: <4C97B46A.6070306@redhat.com>

On 09/20/2010 03:18 PM, Rob Crittenden wrote:
> Adam Young wrote:
>> This is the simplest, most global approach to I18N.  It does complete
>> I18N on the server side by setting the locale on each request, based on
>> the value in the http header.
>>
>> If we go this route, I can remove the parameter as a parameter on the
>> metadata plugin
>>
>>
>>
>> To test this:
>>
>> curl -H "Content-Type:application/json" -H "Accept:applicaton/json" -H
>> "Accept-Language:uk" --negotiate -u : --cacert /etc/ipa/ca.crt -d
>> '{"method":"plugin_metadata","params":[[""],{"all":true}],"id":6}' -X
>> POST http://localhost:8888/ipa/json | grep label
>>
>>
>> And note that is should work for any RPC. For example
>>
>>
>> :"user_find","params":[[""],{"all":true}],"id":6}' -X POST
>> http://localhost:8888/ipa/json | grep summary
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>> 100 13114 0 13114 0 58 42902 189 --:--:-- --:--:-- --:--:-- 42996
>> "summary":
>> "\u0432\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e
>> \u0432\u0456\u0434\u043f\u043e\u0432\u0456\u0434\u043d\u0456\u0441\u0442\u044c 
>>
>> 7
>> \u043a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0447\u0456\u0432", 
>>
>> [ayoung at ipa freeipa]$ curl -H "Content-Type:application/json" -H
>> "Accept:applicaton/json" -H "Accept-Language:es" --negotiate -u :
>> --cacert /etc/ipa/ca.crt -d
>> '{"method":"user_find","params":[[""],{"all":true}],"id":6}' -X POST
>> http://localhost:8888/ipa/json | grep summary
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>> 100 12917 0 12917 0 58 48572 218 --:--:-- --:--:-- --:--:-- 48743
>> "summary": "7 usuarios coincidentes",
>>
>
> ack. We'll need to ensure that Apache is running in forking mode to be 
> safe, we have a separate ticket open on that.
>
> rob
0038 pushed to master.  I'll redo the original patch without the 
expliciet I18N support



From rcritten at redhat.com  Mon Sep 20 19:43:20 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 15:43:20 -0400
Subject: [Freeipa-devel] [PATCH] 537 add --zonemgr option to installer
Message-ID: <4C97B958.9060809@redhat.com>

Add option to set the zone mgr e-mail address during install.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-537-zonemgr.patch
Type: application/mbox
Size: 8595 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Mon Sep 20 19:57:42 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 15:57:42 -0400
Subject: [Freeipa-devel] [PATCH] 523 add 2 missing man pages
In-Reply-To: <4C93BA20.3000803@redhat.com>
References: <4C895901.3010501@redhat.com> <4C93BA20.3000803@redhat.com>
Message-ID: <4C97BCB6.1060508@redhat.com>

Adam Young wrote:
> On 09/09/2010 06:00 PM, Rob Crittenden wrote:
>> Add missing man pages for ipa-dns-install and ipa-upgradeconfig.
>>
>> tickets 130 and 131
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Mon Sep 20 20:00:31 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 16:00:31 -0400
Subject: [Freeipa-devel] [PATCH] 529 ipaUniqueId enforcement
In-Reply-To: <4C93B9BB.6030507@redhat.com>
References: <4C91011F.4080108@redhat.com> <4C93B9BB.6030507@redhat.com>
Message-ID: <4C97BD5F.2000309@redhat.com>

Adam Young wrote:
> On 09/15/2010 01:23 PM, Rob Crittenden wrote:
>> Enforce that ipaUniqueId is a unique attribute via the DS uniqueness
>> plugin and prevent updates to the attribute once it is written.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Mon Sep 20 20:04:45 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 16:04:45 -0400
Subject: [Freeipa-devel] [PATCH] 531 make DNS autodiscovery smarter
In-Reply-To: <4C97A726.50209@redhat.com>
References: <4C9416F1.5020006@redhat.com> <4C97A726.50209@redhat.com>
Message-ID: <4C97BE5D.1080105@redhat.com>

Adam Young wrote:
> On 09/17/2010 09:33 PM, Rob Crittenden wrote:
>> Better distinguish between when DNS discovery works and search more
>> domains.
>>
>> Passing domain and server on the command-line used to be considered as
>> DNS autodiscovery worked. This was problematic if there was in fact no
>> SRV records because krb5.conf would be configured without a specific
>> KDC causing all Kerberos ops to fail.
>>
>> Now if you pass in a domain/server it still tries to see if they are
>> discoverable and if so won't hardcode a server, but will fall back to
>> doing so if necessary.
>>
>> Also be a lot more aggressive on looking for the SRV records. Use the
>> search and domain values from /etc/resolv.conf on the chance that the
>> SRV records aren't in the domain of the hostname of the machine.
>>
>> An example of this would be if your laptop is in dhcp.example.com and
>> your company's SRV records are in corp.example.com. Searching
>> dhcp.example.com and example.com won't find the SRV records but the
>> user is likely to have corp.redhat.com in the search list, at least.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Mon Sep 20 20:07:55 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 16:07:55 -0400
Subject: [Freeipa-devel] [PATCH] 532 unenroll when a client
	is	uninstalled
In-Reply-To: <4C97A789.30403@redhat.com>
References: <4C94199A.5070202@redhat.com> <4C97A789.30403@redhat.com>
Message-ID: <4C97BF1B.1050503@redhat.com>

Adam Young wrote:
> On 09/17/2010 09:44 PM, Rob Crittenden wrote:
>> Unenroll a host when a client is uninstalled. This means we bind using
>> the host credentials and disable our own keytab. This will let the
>> client be re-enrolled without requiring admin input (used to have to
>> either delete the host or disable the keytab as admin).
>>
>> I also did some other cleanup in ipa-join and added a fair bit of info
>> to the ipa-getkeytab and ipa-join man pages.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From edewata at redhat.com  Mon Sep 20 20:40:22 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Mon, 20 Sep 2010 16:40:22 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Rolegroups tab.
In-Reply-To: <979992244.2603771285015166982.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1015303481.2603941285015222273.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

Please review the attached patch. Thanks.

The Makefile.am and index.xhtml has been modified to include
rolegroup.js. The webui.js has been modified to register the
rolegroup tab.

The rolegroup.js defines the rolegroup's search, add, and details
pages. Sample data for some rolegroup operations have been added.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0006-Rolegroups-tab.patch
Type: text/x-patch
Size: 16635 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Mon Sep 20 20:47:57 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 16:47:57 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0039-language-as-a-list.patch
Message-ID: <4C97C87D.7040608@redhat.com>

The previous I18N patch only works if a single language is set in the 
headers.  Typically, this header is a list, comma separated.  THis 
version parsese the list and selects the first language.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0039-language-as-a-list.patch
Type: text/x-patch
Size: 1212 bytes
Desc: not available
URL: 

From tonysk8 at gmail.com  Mon Sep 20 17:15:41 2010
From: tonysk8 at gmail.com (Tony G.)
Date: Mon, 20 Sep 2010 12:15:41 -0500
Subject: [Freeipa-devel] SUDOer LDIFs
Message-ID: 

Hi Dmitri,

Here some of the ldap rules I have in an openldap server, hope you find them
useful.

Thanks.
-- 
Tony
http://blog.tonyskapunk.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sudo_example.ldif
Type: application/octet-stream
Size: 3951 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Mon Sep 20 21:04:42 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 17:04:42 -0400
Subject: [Freeipa-devel] [PATCH] Rolegroups tab.
In-Reply-To: <1015303481.2603941285015222273.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1015303481.2603941285015222273.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C97CC6A.8030005@redhat.com>

On 09/20/2010 04:40 PM, Endi Sukma Dewata wrote:
> Hi,
>
> Please review the attached patch. Thanks.
>
> The Makefile.am and index.xhtml has been modified to include
> rolegroup.js. The webui.js has been modified to register the
> rolegroup tab.
>
> The rolegroup.js defines the rolegroup's search, add, and details
> pages. Sample data for some rolegroup operations have been added.
>
> --
> Endi S. Dewata
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Mon Sep 20 21:06:03 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 20 Sep 2010 17:06:03 -0400
Subject: [Freeipa-devel] [PATCH] Rolegroups tab.
In-Reply-To: <1015303481.2603941285015222273.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1015303481.2603941285015222273.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C97CCBB.7060706@redhat.com>

On 09/20/2010 04:40 PM, Endi Sukma Dewata wrote:
> Hi,
>
> Please review the attached patch. Thanks.
>
> The Makefile.am and index.xhtml has been modified to include
> rolegroup.js. The webui.js has been modified to register the
> rolegroup tab.
>
> The rolegroup.js defines the rolegroup's search, add, and details
> pages. Sample data for some rolegroup operations have been added.
>
> --
> Endi S. Dewata
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From rcritten at redhat.com  Mon Sep 20 21:10:01 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 20 Sep 2010 17:10:01 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0039-language-as-a-list.patch
In-Reply-To: <4C97C87D.7040608@redhat.com>
References: <4C97C87D.7040608@redhat.com>
Message-ID: <4C97CDA9.6050000@redhat.com>

Adam Young wrote:
> The previous I18N patch only works if a single language is set in the
> headers. Typically, this header is a list, comma separated. THis version
> parsese the list and selects the first language.
>

nack. You should make sure there isn't a weight on the language too.

 >>> lang='en-us,en;q=0.5'
 >>> lang.split(',')[0].split(';')[0]
'en-us'

 >>> lang='en-us;q=1.0,en;q=0.5'
 >>> lang.split(',')[0].split(';')[0]
'en-us'

rob



From ayoung at redhat.com  Tue Sep 21 14:44:42 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 21 Sep 2010 10:44:42 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0039-language-as-a-list.patch
In-Reply-To: <4C97CDA9.6050000@redhat.com>
References: <4C97C87D.7040608@redhat.com> <4C97CDA9.6050000@redhat.com>
Message-ID: <4C98C4DA.6020900@redhat.com>

On 09/20/2010 05:10 PM, Rob Crittenden wrote:
> Adam Young wrote:
>> The previous I18N patch only works if a single language is set in the
>> headers. Typically, this header is a list, comma separated. THis version
>> parsese the list and selects the first language.
>>
>
> nack. You should make sure there isn't a weight on the language too.
>
> >>> lang='en-us,en;q=0.5'
> >>> lang.split(',')[0].split(';')[0]
> 'en-us'
>
> >>> lang='en-us;q=1.0,en;q=0.5'
> >>> lang.split(',')[0].split(';')[0]
> 'en-us'
>
> rob
Nice catch.  Thanks.  Here's the updated
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0039-2-language-as-a-list.patch
Type: text/x-patch
Size: 1254 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Tue Sep 21 19:09:06 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 21 Sep 2010 15:09:06 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0040-rolegroups-to-config-tab.patch
Message-ID: <4C9902D2.2070201@redhat.com>

Role groups should be under config tab, not identity, according to the 
UXD document.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0040-rolegroups-to-config-tab.patch
Type: text/x-patch
Size: 950 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Tue Sep 21 20:00:56 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 21 Sep 2010 16:00:56 -0400
Subject: [Freeipa-devel] [PATCH] 538 start of PKINIT support
Message-ID: <4C990EF8.2020700@redhat.com>

Add minimal client configuration for when we eventually get to PKINIT

Also move the unenroll to clients only. This isn't necessary on the master

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-538-pkinit.patch
Type: application/mbox
Size: 2459 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Tue Sep 21 20:05:19 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 21 Sep 2010 16:05:19 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0039-language-as-a-list.patch
In-Reply-To: <4C98C4DA.6020900@redhat.com>
References: <4C97C87D.7040608@redhat.com> <4C97CDA9.6050000@redhat.com>
	<4C98C4DA.6020900@redhat.com>
Message-ID: <4C990FFF.1050803@redhat.com>

Adam Young wrote:
> On 09/20/2010 05:10 PM, Rob Crittenden wrote:
>> Adam Young wrote:
>>> The previous I18N patch only works if a single language is set in the
>>> headers. Typically, this header is a list, comma separated. THis version
>>> parsese the list and selects the first language.
>>>
>>
>> nack. You should make sure there isn't a weight on the language too.
>>
>> >>> lang='en-us,en;q=0.5'
>> >>> lang.split(',')[0].split(';')[0]
>> 'en-us'
>>
>> >>> lang='en-us;q=1.0,en;q=0.5'
>> >>> lang.split(',')[0].split(';')[0]
>> 'en-us'
>>
>> rob
> Nice catch. Thanks. Here's the updated

ack



From rcritten at redhat.com  Tue Sep 21 20:10:39 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 21 Sep 2010 16:10:39 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0040-rolegroups-to-config-tab.patch
In-Reply-To: <4C9902D2.2070201@redhat.com>
References: <4C9902D2.2070201@redhat.com>
Message-ID: <4C99113F.9090900@redhat.com>

Adam Young wrote:
> Role groups should be under config tab, not identity, according to the
> UXD document.

ack



From rcritten at redhat.com  Tue Sep 21 20:21:09 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 21 Sep 2010 16:21:09 -0400
Subject: [Freeipa-devel] [PATCH] 539 slightly improve help system
Message-ID: <4C9913B5.2090404@redhat.com>

Rename 'Related commands' to 'Topic commands'. This was confusing with 
the hbac plugin because there really *are* related commands that aren't 
included in the list.

If a plugin only provides a single command then don't include the 
Topic/Related commands at all.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-539-help.patch
Type: application/mbox
Size: 1012 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Tue Sep 21 20:25:03 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 21 Sep 2010 16:25:03 -0400
Subject: [Freeipa-devel] [PATCH]admiyo-freeipa-0041-self-service.patch
Message-ID: <4C99149F.1030603@redhat.com>

self-service
     Selects the site map based on the presence or absense of rolegroups for
     the current user.  If the user has no rolegroups, UI defaults to 
the Details page for that user.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0041-self-service.patch
Type: text/x-patch
Size: 2956 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Tue Sep 21 20:26:29 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 21 Sep 2010 16:26:29 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0040-rolegroups-to-config-tab.patch
In-Reply-To: <4C99113F.9090900@redhat.com>
References: <4C9902D2.2070201@redhat.com> <4C99113F.9090900@redhat.com>
Message-ID: <4C9914F5.9040200@redhat.com>

On 09/21/2010 04:10 PM, Rob Crittenden wrote:
> Adam Young wrote:
>> Role groups should be under config tab, not identity, according to the
>> UXD document.
>
> ack
Pushed to master



From ayoung at redhat.com  Tue Sep 21 20:27:28 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 21 Sep 2010 16:27:28 -0400
Subject: [Freeipa-devel] [PATCH] 539 slightly improve help system
In-Reply-To: <4C9913B5.2090404@redhat.com>
References: <4C9913B5.2090404@redhat.com>
Message-ID: <4C991530.9000107@redhat.com>

On 09/21/2010 04:21 PM, Rob Crittenden wrote:
> Rename 'Related commands' to 'Topic commands'. This was confusing with 
> the hbac plugin because there really *are* related commands that 
> aren't included in the list.
>
> If a plugin only provides a single command then don't include the 
> Topic/Related commands at all.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Tue Sep 21 20:27:46 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 21 Sep 2010 16:27:46 -0400
Subject: [Freeipa-devel]
	[PATCH]	admiyo-freeipa-0040-rolegroups-to-config-tab.patch
In-Reply-To: <4C99113F.9090900@redhat.com>
References: <4C9902D2.2070201@redhat.com> <4C99113F.9090900@redhat.com>
Message-ID: <4C991542.9050206@redhat.com>

On 09/21/2010 04:10 PM, Rob Crittenden wrote:
> Adam Young wrote:
>> Role groups should be under config tab, not identity, according to the
>> UXD document.
>
> ack
Pushed to master



From ayoung at redhat.com  Tue Sep 21 20:28:28 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 21 Sep 2010 16:28:28 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0039-language-as-a-list.patch
In-Reply-To: <4C990FFF.1050803@redhat.com>
References: <4C97C87D.7040608@redhat.com> <4C97CDA9.6050000@redhat.com>
	<4C98C4DA.6020900@redhat.com> <4C990FFF.1050803@redhat.com>
Message-ID: <4C99156C.504@redhat.com>

On 09/21/2010 04:05 PM, Rob Crittenden wrote:
> Adam Young wrote:
>> On 09/20/2010 05:10 PM, Rob Crittenden wrote:
>>> Adam Young wrote:
>>>> The previous I18N patch only works if a single language is set in the
>>>> headers. Typically, this header is a list, comma separated. THis 
>>>> version
>>>> parsese the list and selects the first language.
>>>>
>>>
>>> nack. You should make sure there isn't a weight on the language too.
>>>
>>> >>> lang='en-us,en;q=0.5'
>>> >>> lang.split(',')[0].split(';')[0]
>>> 'en-us'
>>>
>>> >>> lang='en-us;q=1.0,en;q=0.5'
>>> >>> lang.split(',')[0].split(';')[0]
>>> 'en-us'
>>>
>>> rob
>> Nice catch. Thanks. Here's the updated
>
> ack
pushed to master



From ayoung at redhat.com  Tue Sep 21 21:05:55 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 21 Sep 2010 17:05:55 -0400
Subject: [Freeipa-devel] [PATCH] 538 start of PKINIT support
In-Reply-To: <4C990EF8.2020700@redhat.com>
References: <4C990EF8.2020700@redhat.com>
Message-ID: <4C991E33.1090005@redhat.com>

On 09/21/2010 04:00 PM, Rob Crittenden wrote:
> Add minimal client configuration for when we eventually get to PKINIT
>
> Also move the unenroll to clients only. This isn't necessary on the 
> master
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Wed Sep 22 13:44:28 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 22 Sep 2010 09:44:28 -0400
Subject: [Freeipa-devel] [PATCH] 537 add --zonemgr option to installer
In-Reply-To: <4C97B958.9060809@redhat.com>
References: <4C97B958.9060809@redhat.com>
Message-ID: <4C9A083C.2060801@redhat.com>

On 09/20/2010 03:43 PM, Rob Crittenden wrote:
> Add option to set the zone mgr e-mail address during install.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Wed Sep 22 13:45:52 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 22 Sep 2010 09:45:52 -0400
Subject: [Freeipa-devel] [PATCH] 535 add hbac example of creating
 service and service group
In-Reply-To: <4C9795B3.9020602@redhat.com>
References: <4C9795B3.9020602@redhat.com>
Message-ID: <4C9A0890.9080107@redhat.com>

On 09/20/2010 01:11 PM, Rob Crittenden wrote:
> Try to tie together the hbac and hbacsvc/hbacsvcgroup plugins better 
> via an example.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Wed Sep 22 13:46:20 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 22 Sep 2010 09:46:20 -0400
Subject: [Freeipa-devel] [PATCH] 534 updates to spec file
In-Reply-To: <4C9792DC.60505@redhat.com>
References: <4C9792DC.60505@redhat.com>
Message-ID: <4C9A08AC.4020508@redhat.com>

On 09/20/2010 12:59 PM, Rob Crittenden wrote:
> Drop Requires on python-configobj. It is a leftover from TurboGears.
>
> Remove ipa-ldap-updater message. It was meant to detect when an 
> upgrade is required, we're doing this differently in v2.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Wed Sep 22 13:47:35 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 22 Sep 2010 09:47:35 -0400
Subject: [Freeipa-devel] [PATCH] 533 add hostname resolver
In-Reply-To: <4C97915F.6090104@redhat.com>
References: <4C97915F.6090104@redhat.com>
Message-ID: <4C9A08F7.8020405@redhat.com>

On 09/20/2010 12:52 PM, Rob Crittenden wrote:
> Basic "here is a hostname see if it is in DNS" resolver. I put it as 
> part of the DNS plugin because it seemed more of a natural fit there. 
> It will work whether IPA is configured with a DNS server or not. It 
> uses a pure DNS resolver library to find a host.
>
> It will append the default IPA domain name if one appears to not be 
> included but it doesn't do anything smarter than that.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Wed Sep 22 13:48:03 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 22 Sep 2010 09:48:03 -0400
Subject: [Freeipa-devel] [PATCH] theme
In-Reply-To: <4C937CC0.9070600@redhat.com>
References: <4C937CC0.9070600@redhat.com>
Message-ID: <4C9A0913.7090505@redhat.com>

On 09/17/2010 10:35 AM, Adam Young wrote:
>  Use customized theme and images that is closer to the UX suggested 
> look and feel
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
THis has been ACKed and has been pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From edewata at redhat.com  Wed Sep 22 23:04:56 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Wed, 22 Sep 2010 19:04:56 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Modal dialog for enrollment
In-Reply-To: <1326909401.105851285196625748.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1621809363.105891285196696790.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

Please review the attached patch. Thanks!

The enroll facet has been converted into a dialog box. This dialog
box will appear when the user clicks the enroll button above the
association list. When the user clicks the enroll button in the
dialog box, the new associations will be created, then the list will
be refreshed to show the changes.

The SerialAssociator and BulkAssociator have been modified to accept
an on_success function which will be called when the whole operation
is completed successfully. This is used to refresh the list and close
the dialog box appropriately.

Some other changes were also made to improve code clarity.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0007-Modal-dialog-for-enrollment.patch
Type: text/x-patch
Size: 14650 bytes
Desc: not available
URL: 

From pzuna at redhat.com  Thu Sep 23 13:18:43 2010
From: pzuna at redhat.com (Pavel Zuna)
Date: Thu, 23 Sep 2010 15:18:43 +0200
Subject: [Freeipa-devel] [PATCH] Modal dialog for enrollment
In-Reply-To: <1621809363.105891285196696790.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1621809363.105891285196696790.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C9B53B3.4030705@redhat.com>

On 09/23/2010 01:04 AM, Endi Sukma Dewata wrote:
> Hi,
>
> Please review the attached patch. Thanks!
>
> The enroll facet has been converted into a dialog box. This dialog
> box will appear when the user clicks the enroll button above the
> association list. When the user clicks the enroll button in the
> dialog box, the new associations will be created, then the list will
> be refreshed to show the changes.
>
> The SerialAssociator and BulkAssociator have been modified to accept
> an on_success function which will be called when the whole operation
> is completed successfully. This is used to refresh the list and close
> the dialog box appropriately.
>
> Some other changes were also made to improve code clarity.
>
> --
> Endi S. Dewata
>

ACK.

Pavel



From rcritten at redhat.com  Thu Sep 23 15:50:26 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 11:50:26 -0400
Subject: [Freeipa-devel] [PATCH] 533 add hostname resolver
In-Reply-To: <4C9A08F7.8020405@redhat.com>
References: <4C97915F.6090104@redhat.com> <4C9A08F7.8020405@redhat.com>
Message-ID: <4C9B7742.9000003@redhat.com>

Adam Young wrote:
> On 09/20/2010 12:52 PM, Rob Crittenden wrote:
>> Basic "here is a hostname see if it is in DNS" resolver. I put it as
>> part of the DNS plugin because it seemed more of a natural fit there.
>> It will work whether IPA is configured with a DNS server or not. It
>> uses a pure DNS resolver library to find a host.
>>
>> It will append the default IPA domain name if one appears to not be
>> included but it doesn't do anything smarter than that.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Thu Sep 23 15:53:59 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 11:53:59 -0400
Subject: [Freeipa-devel] [PATCH] 534 updates to spec file
In-Reply-To: <4C9A08AC.4020508@redhat.com>
References: <4C9792DC.60505@redhat.com> <4C9A08AC.4020508@redhat.com>
Message-ID: <4C9B7817.6030000@redhat.com>

Adam Young wrote:
> On 09/20/2010 12:59 PM, Rob Crittenden wrote:
>> Drop Requires on python-configobj. It is a leftover from TurboGears.
>>
>> Remove ipa-ldap-updater message. It was meant to detect when an
>> upgrade is required, we're doing this differently in v2.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Thu Sep 23 15:59:26 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 11:59:26 -0400
Subject: [Freeipa-devel] [PATCH] 535 add hbac example of creating
 service and service group
In-Reply-To: <4C9A0890.9080107@redhat.com>
References: <4C9795B3.9020602@redhat.com> <4C9A0890.9080107@redhat.com>
Message-ID: <4C9B795E.7050504@redhat.com>

Adam Young wrote:
> On 09/20/2010 01:11 PM, Rob Crittenden wrote:
>> Try to tie together the hbac and hbacsvc/hbacsvcgroup plugins better
>> via an example.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK
>

pushed to master



From rcritten at redhat.com  Thu Sep 23 16:00:31 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 12:00:31 -0400
Subject: [Freeipa-devel] [PATCH] 537 add --zonemgr option to installer
In-Reply-To: <4C9A083C.2060801@redhat.com>
References: <4C97B958.9060809@redhat.com> <4C9A083C.2060801@redhat.com>
Message-ID: <4C9B799F.4060909@redhat.com>

Adam Young wrote:
> On 09/20/2010 03:43 PM, Rob Crittenden wrote:
>> Add option to set the zone mgr e-mail address during install.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Thu Sep 23 16:03:19 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 12:03:19 -0400
Subject: [Freeipa-devel] [PATCH] 538 start of PKINIT support
In-Reply-To: <4C991E33.1090005@redhat.com>
References: <4C990EF8.2020700@redhat.com> <4C991E33.1090005@redhat.com>
Message-ID: <4C9B7A47.7070801@redhat.com>

Adam Young wrote:
> On 09/21/2010 04:00 PM, Rob Crittenden wrote:
>> Add minimal client configuration for when we eventually get to PKINIT
>>
>> Also move the unenroll to clients only. This isn't necessary on the
>> master
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Thu Sep 23 16:04:30 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 12:04:30 -0400
Subject: [Freeipa-devel] [PATCH] 539 slightly improve help system
In-Reply-To: <4C991530.9000107@redhat.com>
References: <4C9913B5.2090404@redhat.com> <4C991530.9000107@redhat.com>
Message-ID: <4C9B7A8E.7020307@redhat.com>

Adam Young wrote:
> On 09/21/2010 04:21 PM, Rob Crittenden wrote:
>> Rename 'Related commands' to 'Topic commands'. This was confusing with
>> the hbac plugin because there really *are* related commands that
>> aren't included in the list.
>>
>> If a plugin only provides a single command then don't include the
>> Topic/Related commands at all.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Thu Sep 23 16:06:43 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 12:06:43 -0400
Subject: [Freeipa-devel] [PATCH] 540 fix server install
Message-ID: <4C9B7B13.9080207@redhat.com>

ipa-server-install was picking up random SRV records when configuring 
its own client (via ipa-client-install). A change in patch 531 caused 
the server install to fail if it found a SRV record elsewhere in the 
domain. This fix forces the client installer to use the data we provide.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-540-client.patch
Type: application/mbox
Size: 1744 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Thu Sep 23 16:12:43 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 23 Sep 2010 12:12:43 -0400
Subject: [Freeipa-devel] [PATCH] 540 fix server install
In-Reply-To: <4C9B7B13.9080207@redhat.com>
References: <4C9B7B13.9080207@redhat.com>
Message-ID: <4C9B7C7B.2070408@redhat.com>

On 09/23/2010 12:06 PM, Rob Crittenden wrote:
> ipa-server-install was picking up random SRV records when configuring 
> its own client (via ipa-client-install). A change in patch 531 caused 
> the server install to fail if it found a SRV record elsewhere in the 
> domain. This fix forces the client installer to use the data we provide.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From rcritten at redhat.com  Thu Sep 23 16:17:19 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 12:17:19 -0400
Subject: [Freeipa-devel] [PATCH] 541 convert ca_serialno
Message-ID: <4C9B7D8F.5010504@redhat.com>

The file format of ca_serialno changed between v1 and v2. We won't 
support direct upgrades of v1 to v2 but as a developer I install them 
both from time to time and its annoying to have the v2 install fail 
because of this file. This patch converts it to v2 style.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-541-serialno.patch
Type: application/mbox
Size: 1840 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Thu Sep 23 16:18:42 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 12:18:42 -0400
Subject: [Freeipa-devel] [PATCH] 542 remove bogus uninstall error
Message-ID: <4C9B7DE2.1020305@redhat.com>

Remove spurious error in server uninstaller about client uninstall failure.

This was meant to catch the case where the client wasn't configured and
it missed the most obvious one: the client was installed and is now
uninstalled.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-542-uninstall.patch
Type: application/mbox
Size: 1143 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Thu Sep 23 16:34:24 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 23 Sep 2010 12:34:24 -0400
Subject: [Freeipa-devel] [PATCH] 541 convert ca_serialno
In-Reply-To: <4C9B7D8F.5010504@redhat.com>
References: <4C9B7D8F.5010504@redhat.com>
Message-ID: <4C9B8190.305@redhat.com>

On 09/23/2010 12:17 PM, Rob Crittenden wrote:
> The file format of ca_serialno changed between v1 and v2. We won't 
> support direct upgrades of v1 to v2 but as a developer I install them 
> both from time to time and its annoying to have the v2 install fail 
> because of this file. This patch converts it to v2 style.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Thu Sep 23 16:35:04 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 23 Sep 2010 12:35:04 -0400
Subject: [Freeipa-devel] [PATCH] 542 remove bogus uninstall error
In-Reply-To: <4C9B7DE2.1020305@redhat.com>
References: <4C9B7DE2.1020305@redhat.com>
Message-ID: <4C9B81B8.5060706@redhat.com>

On 09/23/2010 12:18 PM, Rob Crittenden wrote:
> Remove spurious error in server uninstaller about client uninstall 
> failure.
>
> This was meant to catch the case where the client wasn't configured and
> it missed the most obvious one: the client was installed and is now
> uninstalled.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From edewata at redhat.com  Thu Sep 23 18:51:13 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Thu, 23 Sep 2010 14:51:13 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH]admiyo-freeipa-0041-self-service.patch
In-Reply-To: <294558128.223411285267281087.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <106756988.225621285267873191.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> self-service
>      Selects the site map based on the presence or absense of rolegroups for
>      the current user.  If the user has no rolegroups, UI defaults to 
>      the Details page for that user.

NACK. The window_hashchange() is expecting 2 levels of tabs:

var admin_tabs_lists = [
    ['identity', 'IDENTITY', [
        ['user', 'Users', ipa_entity_setup],
    ]]
];

but the self-service tab is only 1 level:

var self_serv_tabs_lists =
    [['user', 'Users', ipa_entity_setup]];

Currently window_hashchange()will ignore if there's no 2nd level
tabs defined:

for (var i = 0; i < nav_tabs_lists.length; ++i) {
    var t = nav_tabs_lists[i]; // 1st level tab

    // if no 2nd level tabs -> skip
    if (typeof t[2] != 'function' && t[2].length) {
        for (var j = 0; j < t[2].length; ++j) {
            var tt = t[2][j]; // 2nd level tab

There's also a typo on line 44, the variable name should
have been nav_tabs_lists instead of nav_tabs_list. But the
code will still work anyway.

--
Endi S. Dewata



From JR.Aquino at citrixonline.com  Thu Sep 23 18:58:12 2010
From: JR.Aquino at citrixonline.com (JR Aquino)
Date: Thu, 23 Sep 2010 11:58:12 -0700
Subject: [Freeipa-devel] sudo schema
Message-ID: <59791772-0250-4438-B829-9A749F75C38F@citrixonline.com>

I believe there is an oversight in the schema for the ipaSudoCmdGrp object class.

The current listing has it using 'groupOfUniqueNames...

I found that in this format, I could not actually assign a member to reference an ipaSudoCmd DN...

After some digging, it appears that the other 'group' objects in the schema are set to for nestedGroup

Swapping those values allowed me to make the member adding successfully.

< objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP groupOfUniqueNames MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' )
---
> objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP nestedGroup MUST ( ipaUniqueID  ) STRUCTURAL X-ORIGIN 'IPA v2' )


Also, there appears to be a compatibility problem with the syntax for hostMask:
[23/Sep/2010:11:20:40 -0700] attr_syntax_create - Error: the EQUALITY matching rule [caseIgnoreIA5Match] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [hostMask]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 6500 Hollister Avenue | Goleta, CA 93117
T:  +1 805.690.3478
jr.aquino at citrixonline.com
http://www.citrixonline.com



From ayoung at redhat.com  Thu Sep 23 19:30:14 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 23 Sep 2010 15:30:14 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0042-I18N-for-web.patch
Message-ID: <4C9BAAC6.7030209@redhat.com>

I18N for web

     Performing I18N completely on the server, to leverage the existing 
gettext a

     Added the additional po files for a set of required languages



-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0042-I18N-for-web.patch
Type: text/x-patch
Size: 940815 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Thu Sep 23 19:31:52 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 23 Sep 2010 15:31:52 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0042-I18N-for-web.patch
In-Reply-To: <4C9BAAC6.7030209@redhat.com>
References: <4C9BAAC6.7030209@redhat.com>
Message-ID: <4C9BAB28.5070708@redhat.com>

On 09/23/2010 03:30 PM, Adam Young wrote:
> I18N for web
>
>     Performing I18N completely on the server, to leverage the existing 
> gettext a
>
>     Added the additional po files for a set of required languages
>
>
>
Sorry for messing up your filters.  I've been beating on this for a 
while, and was excited to finally get it out for review.



From rcritten at redhat.com  Thu Sep 23 20:12:29 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 16:12:29 -0400
Subject: [Freeipa-devel] [PATCH] 540 fix server install
In-Reply-To: <4C9B7C7B.2070408@redhat.com>
References: <4C9B7B13.9080207@redhat.com> <4C9B7C7B.2070408@redhat.com>
Message-ID: <4C9BB4AD.2000801@redhat.com>

Adam Young wrote:
> On 09/23/2010 12:06 PM, Rob Crittenden wrote:
>> ipa-server-install was picking up random SRV records when configuring
>> its own client (via ipa-client-install). A change in patch 531 caused
>> the server install to fail if it found a SRV record elsewhere in the
>> domain. This fix forces the client installer to use the data we provide.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From ayoung at redhat.com  Thu Sep 23 20:32:23 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 23 Sep 2010 16:32:23 -0400
Subject: [Freeipa-devel] [PATCH]admiyo-freeipa-0041-self-service.patch
In-Reply-To: <106756988.225621285267873191.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <106756988.225621285267873191.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C9BB957.1080804@redhat.com>

On 09/23/2010 02:51 PM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> self-service
>>       Selects the site map based on the presence or absense of rolegroups for
>>       the current user.  If the user has no rolegroups, UI defaults to
>>       the Details page for that user.
>>      
> NACK. The window_hashchange() is expecting 2 levels of tabs:
>
> var admin_tabs_lists = [
>      ['identity', 'IDENTITY', [
>          ['user', 'Users', ipa_entity_setup],
>      ]]
> ];
>
> but the self-service tab is only 1 level:
>
> var self_serv_tabs_lists =
>      [['user', 'Users', ipa_entity_setup]];
>
> Currently window_hashchange()will ignore if there's no 2nd level
> tabs defined:
>
> for (var i = 0; i<  nav_tabs_lists.length; ++i) {
>      var t = nav_tabs_lists[i]; // 1st level tab
>
>      // if no 2nd level tabs ->  skip
>      if (typeof t[2] != 'function'&&  t[2].length) {
>          for (var j = 0; j<  t[2].length; ++j) {
>              var tt = t[2][j]; // 2nd level tab
>    

OK, put back the identity tab

> There's also a typo on line 44, the variable name should
> have been nav_tabs_lists instead of nav_tabs_list. But the
> code will still work anyway.
>    

Yeah, that variable was ignored, and it made an implicit Global.  Fixed.
> --
> Endi S. Dewata
>    

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0041-2-self-service.patch
Type: text/x-patch
Size: 2999 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Thu Sep 23 20:38:40 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 23 Sep 2010 16:38:40 -0400
Subject: [Freeipa-devel] [PATCH]admiyo-freeipa-0041-self-service.patch
In-Reply-To: <4C9BB957.1080804@redhat.com>
References: <106756988.225621285267873191.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
	<4C9BB957.1080804@redhat.com>
Message-ID: <4C9BBAD0.90903@redhat.com>

On 09/23/2010 04:32 PM, Adam Young wrote:
> On 09/23/2010 02:51 PM, Endi Sukma Dewata wrote:
>> ----- "Adam Young"  wrote:
>>
>>> self-service
>>>       Selects the site map based on the presence or absense of 
>>> rolegroups for
>>>       the current user.  If the user has no rolegroups, UI defaults to
>>>       the Details page for that user.
>> NACK. The window_hashchange() is expecting 2 levels of tabs:
>>
>> var admin_tabs_lists = [
>>      ['identity', 'IDENTITY', [
>>          ['user', 'Users', ipa_entity_setup],
>>      ]]
>> ];
>>
>> but the self-service tab is only 1 level:
>>
>> var self_serv_tabs_lists =
>>      [['user', 'Users', ipa_entity_setup]];
>>
>> Currently window_hashchange()will ignore if there's no 2nd level
>> tabs defined:
>>
>> for (var i = 0; i<  nav_tabs_lists.length; ++i) {
>>      var t = nav_tabs_lists[i]; // 1st level tab
>>
>>      // if no 2nd level tabs ->  skip
>>      if (typeof t[2] != 'function'&&  t[2].length) {
>>          for (var j = 0; j<  t[2].length; ++j) {
>>              var tt = t[2][j]; // 2nd level tab
>
> OK, put back the identity tab
>
>> There's also a typo on line 44, the variable name should
>> have been nav_tabs_lists instead of nav_tabs_list. But the
>> code will still work anyway.
>
> Yeah, that variable was ignored, and it made an implicit Global.  Fixed.
>> -- 
>> Endi S. Dewata
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACKed on IRC, pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Thu Sep 23 20:57:45 2010
From: ayoung at redhat.com (Adam Young)
Date: Thu, 23 Sep 2010 16:57:45 -0400
Subject: [Freeipa-devel] [PATCH] Modal dialog for enrollment
In-Reply-To: <1621809363.105891285196696790.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1621809363.105891285196696790.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C9BBF49.9080403@redhat.com>

On 09/22/2010 07:04 PM, Endi Sukma Dewata wrote:
> Modal dialog for enrollment
>
> The enroll facet has been converted into a dialog box. This dialog
> box will appear when the user clicks the enroll button above the
> association list. When the user clicks the enroll button in the
> dialog box, the new associations will be created, then the list will
> be refreshed to show the changes.
>
> The SerialAssociator and BulkAssociator have been modified to accept
> an on_success function which will be called when the whole operation
> is completed successfully. This is used to refresh the list and close
> the dialog box appropriately.
>
> Some other changes were also made to improve code clarity.
>    
Pushed to master



From dpal at redhat.com  Thu Sep 23 21:08:53 2010
From: dpal at redhat.com (Dmitri Pal)
Date: Thu, 23 Sep 2010 17:08:53 -0400
Subject: [Freeipa-devel] sudo schema
In-Reply-To: <59791772-0250-4438-B829-9A749F75C38F@citrixonline.com>
References: <59791772-0250-4438-B829-9A749F75C38F@citrixonline.com>
Message-ID: <4C9BC1E5.3040502@redhat.com>

JR Aquino wrote:
> I believe there is an oversight in the schema for the ipaSudoCmdGrp object class.
>
> The current listing has it using 'groupOfUniqueNames...
>
> I found that in this format, I could not actually assign a member to reference an ipaSudoCmd DN...
>
> After some digging, it appears that the other 'group' objects in the schema are set to for nestedGroup
>
> Swapping those values allowed me to make the member adding successfully.
>
> < objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP groupOfUniqueNames MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' )
> ---
>   
>> objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP nestedGroup MUST ( ipaUniqueID  ) STRUCTURAL X-ORIGIN 'IPA v2' )
>>     
>
>
> Also, there appears to be a compatibility problem with the syntax for hostMask:
> [23/Sep/2010:11:20:40 -0700] attr_syntax_create - Error: the EQUALITY matching rule [caseIgnoreIA5Match] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [hostMask]
>
>   

Investigating both issues. Stay tuned.


> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jr Aquino, GCIH | Information Security Specialist
> Citrix Online | 6500 Hollister Avenue | Goleta, CA 93117
> T:  +1 805.690.3478
> jr.aquino at citrixonline.com
> http://www.citrixonline.com
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>   


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



From rcritten at redhat.com  Fri Sep 24 02:38:06 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 23 Sep 2010 22:38:06 -0400
Subject: [Freeipa-devel] [PATCH] 543 fix whoami plugin
Message-ID: <4C9C0F0E.8010303@redhat.com>

Use the principal from the request context. 
ipalib.util.get_current_principal() is designed to work from a client, 
not within the server. I should have noticed this earlier.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-543-whoami.patch
Type: application/mbox
Size: 1127 bytes
Desc: not available
URL: 

From dpal at redhat.com  Fri Sep 24 11:47:19 2010
From: dpal at redhat.com (Dmitri Pal)
Date: Fri, 24 Sep 2010 07:47:19 -0400
Subject: [Freeipa-devel] [PATCH] 2 Addressing issues found in SUDO schema
Message-ID: <4C9C8FC7.4030406@redhat.com>

$Subj

JR, please give it a try.
I will update the page accordingly...

-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001--SUDO-Addressing-issues-found-in-shema.patch
Type: text/x-patch
Size: 2667 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Fri Sep 24 13:54:17 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 09:54:17 -0400
Subject: [Freeipa-devel] [PATCH] 543 fix whoami plugin
In-Reply-To: <4C9C0F0E.8010303@redhat.com>
References: <4C9C0F0E.8010303@redhat.com>
Message-ID: <4C9CAD89.6080005@redhat.com>

On 09/23/2010 10:38 PM, Rob Crittenden wrote:
> Use the principal from the request context. 
> ipalib.util.get_current_principal() is designed to work from a client, 
> not within the server. I should have noticed this earlier.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 24 13:55:36 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 09:55:36 -0400
Subject: [Freeipa-devel] [PATCH] 543 fix whoami plugin
In-Reply-To: <4C9C0F0E.8010303@redhat.com>
References: <4C9C0F0E.8010303@redhat.com>
Message-ID: <4C9CADD8.9050902@redhat.com>

On 09/23/2010 10:38 PM, Rob Crittenden wrote:
> Use the principal from the request context. 
> ipalib.util.get_current_principal() is designed to work from a client, 
> not within the server. I should have noticed this earlier.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 24 14:07:48 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 10:07:48 -0400
Subject: [Freeipa-devel] [PATCH] 536 throw and catch
 CertificateOperationError properly in replica preparer
In-Reply-To: <4C979C0B.3090204@redhat.com>
References: <4C979C0B.3090204@redhat.com>
Message-ID: <4C9CB0B4.5020807@redhat.com>

On 09/20/2010 01:38 PM, Rob Crittenden wrote:
> Properly handle CertificateOperationErrors in replication prepration.
>
> The problem here was two-fold: the certs manager was raising an error 
> it didn't know about and ipa-replica-prepare wasn't catching it.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Is this one still outstanding?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 24 14:08:36 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 10:08:36 -0400
Subject: [Freeipa-devel] [PATCH] 536 throw and catch
 CertificateOperationError properly in replica preparer
In-Reply-To: <4C979C0B.3090204@redhat.com>
References: <4C979C0B.3090204@redhat.com>
Message-ID: <4C9CB0E4.9000600@redhat.com>

On 09/20/2010 01:38 PM, Rob Crittenden wrote:
> Properly handle CertificateOperationErrors in replication prepration.
>
> The problem here was two-fold: the certs manager was raising an error 
> it didn't know about and ipa-replica-prepare wasn't catching it.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 24 14:09:31 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 10:09:31 -0400
Subject: [Freeipa-devel] [PATCH] Restoring Services tab
In-Reply-To: <4C93C7B1.9090807@redhat.com>
References: <2055468798.2463811284752516484.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
	<4C93C7B1.9090807@redhat.com>
Message-ID: <4C9CB11B.1080309@redhat.com>

On 09/17/2010 03:55 PM, Adam Young wrote:
> On 09/17/2010 03:41 PM, Endi Sukma Dewata wrote:
>> Hi,
>>
>> This patch is based on Adam's bbq-tabs-modal branch.
>>
>> The add.js has been modified to support adding new entry with
>> dynamically generated pkey.
>>
>> The index.xhtml has been modified to include service.js.
>>
>> The service.js has been modified to use the new API to define
>> the search, add, and details fields. Callbacks are used to
>> add quick links and generate pkey dynamically.
>>
>> The webui.js has been modified to add the Services tab.
>>
>> Thanks!
>>
>> --
>> Endi S. Dewata
>>    
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 24 14:10:21 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 10:10:21 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0014-remove-user-html
In-Reply-To: <4C729C56.9050006@redhat.com>
References: <4C729C56.9050006@redhat.com>
Message-ID: <4C9CB14D.3080409@redhat.com>

On 08/23/2010 12:05 PM, Adam Young wrote:
> This file has not been used for a long time.  I wanted to remove it in 
> its own patch.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From JR.Aquino at citrixonline.com  Fri Sep 24 14:46:12 2010
From: JR.Aquino at citrixonline.com (JR Aquino)
Date: Fri, 24 Sep 2010 07:46:12 -0700
Subject: [Freeipa-devel] [PATCH] 2 Addressing issues found in SUDO schema
In-Reply-To: <4C9C8FC7.4030406@redhat.com>
References: <4C9C8FC7.4030406@redhat.com>
Message-ID: <242F4E88-4389-4CEE-AEE0-7034E3851F6F@citrixonline.com>

Looks like there was a typo in the hostMask. The others were correct.

-attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreIA5Match ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )


On Sep 24, 2010, at 4:47 AM, Dmitri Pal wrote:

$Subj

JR, please give it a try.
I will update the page accordingly...

--
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

<0001--SUDO-Addressing-issues-found-in-shema.patch>




From ayoung at redhat.com  Fri Sep 24 14:53:06 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 10:53:06 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
Message-ID: <4C9CBB52.40002@redhat.com>

Whoami link
     The 'logged in as' message in the header into an active hypoerlink 
that loads the details page for the current user.
     Also fixed a bug where, when reloading, the search page would fail 
due to scl being undefined



From ayoung at redhat.com  Fri Sep 24 15:09:43 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 11:09:43 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
In-Reply-To: <4C9CBB52.40002@redhat.com>
References: <4C9CBB52.40002@redhat.com>
Message-ID: <4C9CBF37.8010108@redhat.com>

On 09/24/2010 10:53 AM, Adam Young wrote:
> Whoami link
>     The 'logged in as' message in the header into an active hypoerlink 
> that loads the details page for the current user.
>     Also fixed a bug where, when reloading, the search page would fail 
> due to scl being undefined
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Now with patch attached
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0043-Whoami-link.patch
Type: text/x-patch
Size: 3355 bytes
Desc: not available
URL: 

From dpal at redhat.com  Fri Sep 24 15:14:01 2010
From: dpal at redhat.com (Dmitri Pal)
Date: Fri, 24 Sep 2010 11:14:01 -0400
Subject: [Freeipa-devel] [PATCH] 2 Addressing issues found in SUDO schema
In-Reply-To: <242F4E88-4389-4CEE-AEE0-7034E3851F6F@citrixonline.com>
References: <4C9C8FC7.4030406@redhat.com>
	<242F4E88-4389-4CEE-AEE0-7034E3851F6F@citrixonline.com>
Message-ID: <4C9CC039.6040700@redhat.com>

JR Aquino wrote:
> Looks like there was a typo in the hostMask. The others were correct.
>
> -attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreIA5Match ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
> +attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
>
>   

You are right. Definitely my skills with git are yet not that good. I
assumed that I have thrown my patch away when rebased but instead the
added changes into the middle of the incomplete rebase.
Lessons learned. New patch attached. Sorry for the inconvenience.
New patch attached.


> On Sep 24, 2010, at 4:47 AM, Dmitri Pal wrote:
>
> $Subj
>
> JR, please give it a try.
> I will update the page accordingly...
>
> --
> Thank you,
> Dmitri Pal
>
> Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
> <0001--SUDO-Addressing-issues-found-in-shema.patch>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
>   


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001--SUDO-Addressing-issues-found-in-shema.patch
Type: text/x-patch
Size: 2747 bytes
Desc: not available
URL: 

From dpal at redhat.com  Fri Sep 24 18:39:33 2010
From: dpal at redhat.com (Dmitri Pal)
Date: Fri, 24 Sep 2010 14:39:33 -0400
Subject: [Freeipa-devel] [PATCH] 2 Addressing issues found in SUDO schema
In-Reply-To: <4C9CC039.6040700@redhat.com>
References: <4C9C8FC7.4030406@redhat.com>	<242F4E88-4389-4CEE-AEE0-7034E3851F6F@citrixonline.com>
	<4C9CC039.6040700@redhat.com>
Message-ID: <4C9CF065.402@redhat.com>

Dmitri Pal wrote:
> JR Aquino wrote:
>   
>> Looks like there was a typo in the hostMask. The others were correct.
>>
>> -attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreIA5Match ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
>> +attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
>>
>>   
>>     
>
> You are right. Definitely my skills with git are yet not that good. I
> assumed that I have thrown my patch away when rebased but instead the
> added changes into the middle of the incomplete rebase.
> Lessons learned. New patch attached. Sorry for the inconvenience.
> New patch attached.
>
>   

Does it work for you now?

>   
>> On Sep 24, 2010, at 4:47 AM, Dmitri Pal wrote:
>>
>> $Subj
>>
>> JR, please give it a try.
>> I will update the page accordingly...
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Engineering Manager IPA project,
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?
>> www.redhat.com/carveoutcosts/
>>
>> <0001--SUDO-Addressing-issues-found-in-shema.patch>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>>
>>   
>>     
>
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



From JR.Aquino at citrixonline.com  Fri Sep 24 18:42:44 2010
From: JR.Aquino at citrixonline.com (JR Aquino)
Date: Fri, 24 Sep 2010 11:42:44 -0700
Subject: [Freeipa-devel] [PATCH] 2 Addressing issues found in SUDO schema
In-Reply-To: <4C9CF065.402@redhat.com>
References: <4C9C8FC7.4030406@redhat.com>
	<242F4E88-4389-4CEE-AEE0-7034E3851F6F@citrixonline.com>
	<4C9CC039.6040700@redhat.com> <4C9CF065.402@redhat.com>
Message-ID: <8895D673-D562-4C9E-92E6-43276CFD915B@citrixonline.com>

Everything appears to be working now. 

Thanks Dmitri!



From rcritten at redhat.com  Fri Sep 24 19:25:24 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 24 Sep 2010 15:25:24 -0400
Subject: [Freeipa-devel] [PATCH] 544 add import to automount
Message-ID: <4C9CFB24.7070400@redhat.com>

Add ability to import automount files from the command-line.

Support is fairly basic right now and will only work on the CLI. All the 
work is done on the client side.

To continue past errors use the --continue option.

Fixed a bug where direct mounts weren't always added properly.

Added real user documentation to the plugin.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-544-automount.patch
Type: application/mbox
Size: 12801 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Fri Sep 24 19:30:55 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 24 Sep 2010 15:30:55 -0400
Subject: [Freeipa-devel] [PATCH] 536 throw and catch
 CertificateOperationError properly in replica preparer
In-Reply-To: <4C9CB0E4.9000600@redhat.com>
References: <4C979C0B.3090204@redhat.com> <4C9CB0E4.9000600@redhat.com>
Message-ID: <4C9CFC6F.5000602@redhat.com>

Adam Young wrote:
> On 09/20/2010 01:38 PM, Rob Crittenden wrote:
>> Properly handle CertificateOperationErrors in replication prepration.
>>
>> The problem here was two-fold: the certs manager was raising an error
>> it didn't know about and ipa-replica-prepare wasn't catching it.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Fri Sep 24 19:31:35 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 24 Sep 2010 15:31:35 -0400
Subject: [Freeipa-devel] [PATCH] 541 convert ca_serialno
In-Reply-To: <4C9B8190.305@redhat.com>
References: <4C9B7D8F.5010504@redhat.com> <4C9B8190.305@redhat.com>
Message-ID: <4C9CFC97.60505@redhat.com>

Adam Young wrote:
> On 09/23/2010 12:17 PM, Rob Crittenden wrote:
>> The file format of ca_serialno changed between v1 and v2. We won't
>> support direct upgrades of v1 to v2 but as a developer I install them
>> both from time to time and its annoying to have the v2 install fail
>> because of this file. This patch converts it to v2 style.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Fri Sep 24 19:31:55 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 24 Sep 2010 15:31:55 -0400
Subject: [Freeipa-devel] [PATCH] 542 remove bogus uninstall error
In-Reply-To: <4C9B81B8.5060706@redhat.com>
References: <4C9B7DE2.1020305@redhat.com> <4C9B81B8.5060706@redhat.com>
Message-ID: <4C9CFCAB.2000309@redhat.com>

Adam Young wrote:
> On 09/23/2010 12:18 PM, Rob Crittenden wrote:
>> Remove spurious error in server uninstaller about client uninstall
>> failure.
>>
>> This was meant to catch the case where the client wasn't configured and
>> it missed the most obvious one: the client was installed and is now
>> uninstalled.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Fri Sep 24 19:34:05 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 24 Sep 2010 15:34:05 -0400
Subject: [Freeipa-devel] [PATCH] 545 ignore success exception
Message-ID: <4C9CFD2D.8070202@redhat.com>

A call to search_ext() in ipa-replica-prepare was returning the 
exception ldap.SUCCESS. We actually got the right data back but this 
exception was confusing things. It should be ignored.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-545-success.patch
Type: application/mbox
Size: 1037 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Fri Sep 24 19:41:11 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 24 Sep 2010 15:41:11 -0400
Subject: [Freeipa-devel] [PATCH] 522 add some ldap2 Backend tests
In-Reply-To: <4C93BA56.4090103@redhat.com>
References: <4C8945BC.3020101@redhat.com> <4C93BA56.4090103@redhat.com>
Message-ID: <4C9CFED7.2080508@redhat.com>

Adam Young wrote:
> On 09/09/2010 04:38 PM, Rob Crittenden wrote:
>> Add some tests for using the ldap2 Backend.
>>
>> Fix a logic problem in ldap2:get_schema() for determining if it can
>> fetch the schema or not. Normally we only want to do this for servers
>> but if you pass in your own connection it will use that.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Fri Sep 24 20:12:07 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 24 Sep 2010 16:12:07 -0400
Subject: [Freeipa-devel] [PATCH] 2 Addressing issues found in SUDO schema
In-Reply-To: <8895D673-D562-4C9E-92E6-43276CFD915B@citrixonline.com>
References: <4C9C8FC7.4030406@redhat.com>	<242F4E88-4389-4CEE-AEE0-7034E3851F6F@citrixonline.com>	<4C9CC039.6040700@redhat.com>
	<4C9CF065.402@redhat.com>
	<8895D673-D562-4C9E-92E6-43276CFD915B@citrixonline.com>
Message-ID: <4C9D0617.8030604@redhat.com>

JR Aquino wrote:
> Everything appears to be working now.
>
> Thanks Dmitri!

Ack here too. Pushed to master.

rob



From ayoung at redhat.com  Fri Sep 24 20:32:46 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 16:32:46 -0400
Subject: [Freeipa-devel] UI mockups for DNS, AUtomount, and Password Policy
Message-ID: <4C9D0AEE.10001@redhat.com>

I'm going to post these for comments before I sink too much more time 
into them:

I've mocked up the pages under policy.

http://admiyo.fedorapeople.org/ipa/jquery.ui/

Note:

The default is the Dertails page of DNS.  THis is just a develpoment 
thing, not something that will be part of the end produce

Facets are using Tabs.  There is some olor issue with the non-active 
facets, but they click fine.

Something is wonky in the layouts of the dl tags used for the details 
page.  His won't be a problem on the live site.

I've include modal dialogs for delete.


Password policy shows the graphics for field validations.  IN the  
application The Undo button will be clickable and will reset the value 
of the field to its origianl value






From ayoung at redhat.com  Fri Sep 24 20:34:16 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 16:34:16 -0400
Subject: [Freeipa-devel] [PATCH] 545 ignore success exception
In-Reply-To: <4C9CFD2D.8070202@redhat.com>
References: <4C9CFD2D.8070202@redhat.com>
Message-ID: <4C9D0B48.7080005@redhat.com>

On 09/24/2010 03:34 PM, Rob Crittenden wrote:
> A call to search_ext() in ipa-replica-prepare was returning the 
> exception ldap.SUCCESS. We actually got the right data back but this 
> exception was confusing things. It should be ignored.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From edewata at redhat.com  Fri Sep 24 20:50:55 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Fri, 24 Sep 2010 16:50:55 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Test suite for ipa.js and entity.js.
In-Reply-To: <1721298717.350881285361289886.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1169509919.351101285361455135.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

Please review the attached patch. It was created based on Adam's
sample test files. More test cases will be added later. Thanks!

Test suite for Web UI has been created in install/static/test using
qUnit. The main page is index.html which contains links to the test
pages (xxx_test.html). The test cases are stored in xxx_test.js. The
test data is stored in data folder.

Some variables and functions in ipa.js have been modified to accomodate
unit testing. The develop.js and webui.js also have been modified
accordingly.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0008-Test-suite-for-ipa.js-and-entity.js.patch
Type: text/x-patch
Size: 191069 bytes
Desc: not available
URL: 

From JR.Aquino at citrixonline.com  Fri Sep 24 20:58:35 2010
From: JR.Aquino at citrixonline.com (JR Aquino)
Date: Fri, 24 Sep 2010 13:58:35 -0700
Subject: [Freeipa-devel] [PATCH] Adding SUDO Plugins and Test Suites
Message-ID: 

Attached are the plugins for creating:

* IPA Sudo Commands
* IPA Sudo Command Groups
* IPA Sudo Rules

Also included are the accompanying test suites, container pointers, and tests/test_xmlrpc/objectclasses.py definitions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 6500 Hollister Avenue | Goleta, CA 93117
T:  +1 805.690.3478
jr.aquino at citrixonline.com
http://www.citrixonline.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-SudoPlugins.patch
Type: application/octet-stream
Size: 51118 bytes
Desc: 0001-SudoPlugins.patch
URL: 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From edewata at redhat.com  Fri Sep 24 22:34:36 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Fri, 24 Sep 2010 18:34:36 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Test suite for ipa.js and entity.js.
In-Reply-To: <595315896.355291285367622287.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1153759228.355331285367676941.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

The patch has been modified based on Adam's feedback. Thanks!

Test framework for Web UI has been created using qUnit. The test files
are located in install/static/test. The main page is index.html which
contains links to all test suites (xxx_tests.html). The test cases are
stored in xxx_tests.js. All test suites can be executed at once using
all_tests.html. The test data is stored in data folder. This patch
includes test suites for ipa.js and entity.js.

Some variables and functions in ipa.js have been modified to accomodate
testing (e.g. JSON URL, error handler, synchronous operation). The
sampledata has been moved to test/data. The develop.js and webui.js also
have been modified accordingly.

--
Endi S. Dewata

----- "Endi Sukma Dewata"  wrote:

> Hi,
> 
> Please review the attached patch. It was created based on Adam's
> sample test files. More test cases will be added later. Thanks!
> 
> Test suite for Web UI has been created in install/static/test using
> qUnit. The main page is index.html which contains links to the test
> pages (xxx_test.html). The test cases are stored in xxx_test.js. The
> test data is stored in data folder.
> 
> Some variables and functions in ipa.js have been modified to
> accomodate
> unit testing. The develop.js and webui.js also have been modified
> accordingly.
> 
> --
> Endi S. Dewata
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0008-2-Test-framework-for-Web-UI.patch
Type: text/x-patch
Size: 438009 bytes
Desc: not available
URL: 

From edewata at redhat.com  Fri Sep 24 22:57:59 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Fri, 24 Sep 2010 18:57:59 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
In-Reply-To: <310873775.355751285368886353.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1327405514.355791285369079462.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> On 09/24/2010 10:53 AM, Adam Young wrote:
> > Whoami link
> >     The 'logged in as' message in the header into an active hypoerlink 
> > that loads the details page for the current user.
> >     Also fixed a bug where, when reloading, the search page would fail 
> > due to scl being undefined

NACK. There's a small problem, it should use user-pkey instead of pkey:

diff --git a/install/static/webui.js b/install/static/webui.js
index b537938..a3d354b 100644
--- a/install/static/webui.js
+++ b/install/static/webui.js
@@ -57,7 +57,7 @@ $(function() {
             whoami_pkey=whoami.uid[0];
             $('#loggedinas').find('strong').text(whoami.krbprincipalname[0]);
             $('#loggedinas a').fragment(
-                {'user-facet':'details', 'pkey':whoami_pkey},2);
+                {'user-facet':'details', 'user-pkey':whoami_pkey},2);
             if (whoami.hasOwnProperty('memberof_rolegroup') &&
                 whoami.memberof_rolegroup.length > 0){
                 nav_tabs_lists = admin_tabs_lists;

--
Endi S. Dewata



From ayoung at redhat.com  Fri Sep 24 23:49:34 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 19:49:34 -0400
Subject: [Freeipa-devel] [PATCH] Test suite for ipa.js and entity.js.
In-Reply-To: <1153759228.355331285367676941.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1153759228.355331285367676941.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C9D390E.8090509@redhat.com>

On 09/24/2010 06:34 PM, Endi Sukma Dewata wrote:
> Hi,
>
> The patch has been modified based on Adam's feedback. Thanks!
>
> Test framework for Web UI has been created using qUnit. The test files
> are located in install/static/test. The main page is index.html which
> contains links to all test suites (xxx_tests.html). The test cases are
> stored in xxx_tests.js. All test suites can be executed at once using
> all_tests.html. The test data is stored in data folder. This patch
> includes test suites for ipa.js and entity.js.
>
> Some variables and functions in ipa.js have been modified to accomodate
> testing (e.g. JSON URL, error handler, synchronous operation). The
> sampledata has been moved to test/data. The develop.js and webui.js also
> have been modified accordingly.
>
> --
> Endi S. Dewata
>
> ----- "Endi Sukma Dewata"  wrote:
>
>    
>> Hi,
>>
>> Please review the attached patch. It was created based on Adam's
>> sample test files. More test cases will be added later. Thanks!
>>
>> Test suite for Web UI has been created in install/static/test using
>> qUnit. The main page is index.html which contains links to the test
>> pages (xxx_test.html). The test cases are stored in xxx_test.js. The
>> test data is stored in data folder.
>>
>> Some variables and functions in ipa.js have been modified to
>> accomodate
>> unit testing. The develop.js and webui.js also have been modified
>> accordingly.
>>
>> --
>> Endi S. Dewata
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>      
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 24 23:51:48 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 19:51:48 -0400
Subject: [Freeipa-devel] [PATCH] Test suite for ipa.js and entity.js.
In-Reply-To: <4C9D390E.8090509@redhat.com>
References: <1153759228.355331285367676941.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
	<4C9D390E.8090509@redhat.com>
Message-ID: <4C9D3994.7060803@redhat.com>

On 09/24/2010 07:49 PM, Adam Young wrote:
> On 09/24/2010 06:34 PM, Endi Sukma Dewata wrote:
>> Hi,
>>
>> The patch has been modified based on Adam's feedback. Thanks!
>>
>> Test framework for Web UI has been created using qUnit. The test files
>> are located in install/static/test. The main page is index.html which
>> contains links to all test suites (xxx_tests.html). The test cases are
>> stored in xxx_tests.js. All test suites can be executed at once using
>> all_tests.html. The test data is stored in data folder. This patch
>> includes test suites for ipa.js and entity.js.
>>
>> Some variables and functions in ipa.js have been modified to accomodate
>> testing (e.g. JSON URL, error handler, synchronous operation). The
>> sampledata has been moved to test/data. The develop.js and webui.js also
>> have been modified accordingly.
>>
>> --
>> Endi S. Dewata
>>
>> ----- "Endi Sukma Dewata"  wrote:
>>
>>    
>>> Hi,
>>>
>>> Please review the attached patch. It was created based on Adam's
>>> sample test files. More test cases will be added later. Thanks!
>>>
>>> Test suite for Web UI has been created in install/static/test using
>>> qUnit. The main page is index.html which contains links to the test
>>> pages (xxx_test.html). The test cases are stored in xxx_test.js. The
>>> test data is stored in data folder.
>>>
>>> Some variables and functions in ipa.js have been modified to
>>> accomodate
>>> unit testing. The develop.js and webui.js also have been modified
>>> accordingly.
>>>
>>> --
>>> Endi S. Dewata
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>      
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Fri Sep 24 23:57:29 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 19:57:29 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
In-Reply-To: <1327405514.355791285369079462.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1327405514.355791285369079462.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4C9D3AE9.5060806@redhat.com>

On 09/24/2010 06:57 PM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> On 09/24/2010 10:53 AM, Adam Young wrote:
>>      
>>> Whoami link
>>>      The 'logged in as' message in the header into an active hypoerlink
>>> that loads the details page for the current user.
>>>      Also fixed a bug where, when reloading, the search page would fail
>>> due to scl being undefined
>>>        
> NACK. There's a small problem, it should use user-pkey instead of pkey:
>
> diff --git a/install/static/webui.js b/install/static/webui.js
> index b537938..a3d354b 100644
> --- a/install/static/webui.js
> +++ b/install/static/webui.js
> @@ -57,7 +57,7 @@ $(function() {
>               whoami_pkey=whoami.uid[0];
>               $('#loggedinas').find('strong').text(whoami.krbprincipalname[0]);
>               $('#loggedinas a').fragment(
> -                {'user-facet':'details', 'pkey':whoami_pkey},2);
> +                {'user-facet':'details', 'user-pkey':whoami_pkey},2);
>               if (whoami.hasOwnProperty('memberof_rolegroup')&&
>                   whoami.memberof_rolegroup.length>  0){
>                   nav_tabs_lists = admin_tabs_lists;
>
> --
> Endi S. Dewata
>    
Fixed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0043-2-Whoami-link.patch
Type: text/x-patch
Size: 3519 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Sat Sep 25 00:00:03 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 20:00:03 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
In-Reply-To: <4C9D3AE9.5060806@redhat.com>
References: <1327405514.355791285369079462.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
	<4C9D3AE9.5060806@redhat.com>
Message-ID: <4C9D3B83.2080202@redhat.com>

On 09/24/2010 07:57 PM, Adam Young wrote:
> On 09/24/2010 06:57 PM, Endi Sukma Dewata wrote:
>> ----- "Adam Young"  wrote:
>>
>>> On 09/24/2010 10:53 AM, Adam Young wrote:
>>>> Whoami link
>>>>      The 'logged in as' message in the header into an active 
>>>> hypoerlink
>>>> that loads the details page for the current user.
>>>>      Also fixed a bug where, when reloading, the search page would 
>>>> fail
>>>> due to scl being undefined
>> NACK. There's a small problem, it should use user-pkey instead of pkey:
>>
>> diff --git a/install/static/webui.js b/install/static/webui.js
>> index b537938..a3d354b 100644
>> --- a/install/static/webui.js
>> +++ b/install/static/webui.js
>> @@ -57,7 +57,7 @@ $(function() {
>>               whoami_pkey=whoami.uid[0];
>>               
>> $('#loggedinas').find('strong').text(whoami.krbprincipalname[0]);
>>               $('#loggedinas a').fragment(
>> -                {'user-facet':'details', 'pkey':whoami_pkey},2);
>> +                {'user-facet':'details', 'user-pkey':whoami_pkey},2);
>>               if (whoami.hasOwnProperty('memberof_rolegroup')&&
>>                   whoami.memberof_rolegroup.length>  0){
>>                   nav_tabs_lists = admin_tabs_lists;
>>
>> -- 
>> Endi S. Dewata
> Fixed
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-develF


Forgot that crucial "git add" step before committing. Fix is in this patch.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0043-3-Whoami-link.patch
Type: text/x-patch
Size: 3716 bytes
Desc: not available
URL: 

From edewata at redhat.com  Sat Sep 25 00:27:18 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Fri, 24 Sep 2010 20:27:18 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
In-Reply-To: <360935303.357081285374391682.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <2056895046.357101285374438750.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:
> >>> Whoami link
> >>>      The 'logged in as' message in the header into an active hypoerlink
> >>> that loads the details page for the current user.
> >>>      Also fixed a bug where, when reloading, the search page would fail
> >>> due to scl being undefined
> >>>        
> > NACK. There's a small problem, it should use user-pkey instead of
> pkey:

> Fixed

Err.. NACK, it looks like the code is still the same. :)

--
Endi S. Dewata



From edewata at redhat.com  Sat Sep 25 00:32:48 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Fri, 24 Sep 2010 20:32:48 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
In-Reply-To: <2096824854.357171285374709389.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <2081045342.357191285374768808.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:
> Fixed

admiyo-freeipa-0043-3-Whoami-link.patch

ACK, sorry didn't see this one before replying.

--
Endi S. Dewata



From ayoung at redhat.com  Sat Sep 25 01:43:17 2010
From: ayoung at redhat.com (Adam Young)
Date: Fri, 24 Sep 2010 21:43:17 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0044-I18N-for-web.patch
Message-ID: <4C9D53B5.7090006@redhat.com>

  I18N for web

Performing I18N completely on the server, to leverage the existing 
gettext architecture.
Also, the browser does not have access to the Language header.

Added the additional po files for a set of required languages

conflict with install/static/ipa.js was resolved.



Note that the addition of the .po files in this patch is necessary.
In order to get Transifex support, we need to update the LINGUAS file 
with the languages for which we want support.

If we don't add the .po files in, they get automatically generated by 
the rpmbuild process.

Our implementation of gettext has a bug in it (It might be F13 thing) 
where the the Plurals line is not getting correctly transformed, which 
causes a build failure.  However, since the RPM would have the .po 
files  anyway, we should revision control the ones we have, even if they 
are empty.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0044-I18N-for-web.patch
Type: text/x-patch
Size: 940826 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Mon Sep 27 14:35:35 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 27 Sep 2010 10:35:35 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0044-I18N-for-web.patch
In-Reply-To: <4C9D53B5.7090006@redhat.com>
References: <4C9D53B5.7090006@redhat.com>
Message-ID: <4CA0ABB7.5070206@redhat.com>

On 09/24/2010 09:43 PM, Adam Young wrote:
>  I18N for web
>
> Performing I18N completely on the server, to leverage the existing 
> gettext architecture.
> Also, the browser does not have access to the Language header.
>
> Added the additional po files for a set of required languages
>
> conflict with install/static/ipa.js was resolved.
>
>
>
> Note that the addition of the .po files in this patch is necessary.
> In order to get Transifex support, we need to update the LINGUAS file 
> with the languages for which we want support.
>
> If we don't add the .po files in, they get automatically generated by 
> the rpmbuild process.
>
> Our implementation of gettext has a bug in it (It might be F13 thing) 
> where the the Plurals line is not getting correctly transformed, which 
> causes a build failure.  However, since the RPM would have the .po 
> files  anyway, we should revision control the ones we have, even if 
> they are empty.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Returned the Bug reporting URL to its origianl value.  Looks like 
another bug in the gettext mechanims.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0044-2-I18N-for-web.patch
Type: text/x-patch
Size: 941802 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Mon Sep 27 15:04:21 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 27 Sep 2010 11:04:21 -0400
Subject: [Freeipa-devel] [PATCH] Test suite for ipa.js and entity.js.
In-Reply-To: <4C9D3994.7060803@redhat.com>
References: <1153759228.355331285367676941.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>	<4C9D390E.8090509@redhat.com>
	<4C9D3994.7060803@redhat.com>
Message-ID: <4CA0B275.50406@redhat.com>

Adam Young wrote:
> On 09/24/2010 07:49 PM, Adam Young wrote:
>> On 09/24/2010 06:34 PM, Endi Sukma Dewata wrote:
>>> Hi,
>>>
>>> The patch has been modified based on Adam's feedback. Thanks!
>>>
>>> Test framework for Web UI has been created using qUnit. The test files
>>> are located in install/static/test. The main page is index.html which
>>> contains links to all test suites (xxx_tests.html). The test cases are
>>> stored in xxx_tests.js. All test suites can be executed at once using
>>> all_tests.html. The test data is stored in data folder. This patch
>>> includes test suites for ipa.js and entity.js.
>>>
>>> Some variables and functions in ipa.js have been modified to accomodate
>>> testing (e.g. JSON URL, error handler, synchronous operation). The
>>> sampledata has been moved to test/data. The develop.js and webui.js also
>>> have been modified accordingly.
>>>
>>> --
>>> Endi S. Dewata
>>>
>>> ----- "Endi Sukma Dewata"  wrote:
>>>
>>>
>>>> Hi,
>>>>
>>>> Please review the attached patch. It was created based on Adam's
>>>> sample test files. More test cases will be added later. Thanks!
>>>>
>>>> Test suite for Web UI has been created in install/static/test using
>>>> qUnit. The main page is index.html which contains links to the test
>>>> pages (xxx_test.html). The test cases are stored in xxx_test.js. The
>>>> test data is stored in data folder.
>>>>
>>>> Some variables and functions in ipa.js have been modified to
>>>> accomodate
>>>> unit testing. The develop.js and webui.js also have been modified
>>>> accordingly.
>>>>
>>>> --
>>>> Endi S. Dewata
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> ACK
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Pushed to master

Is there any documentation on how to run the tests?

rob



From ayoung at redhat.com  Mon Sep 27 15:20:19 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 27 Sep 2010 11:20:19 -0400
Subject: [Freeipa-devel] [PATCH] Test suite for ipa.js and entity.js.
In-Reply-To: <4CA0B275.50406@redhat.com>
References: <1153759228.355331285367676941.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>	<4C9D390E.8090509@redhat.com>
	<4C9D3994.7060803@redhat.com> <4CA0B275.50406@redhat.com>
Message-ID: <4CA0B633.6030201@redhat.com>

On 09/27/2010 11:04 AM, Rob Crittenden wrote:
> Adam Young wrote:
>> On 09/24/2010 07:49 PM, Adam Young wrote:
>>> On 09/24/2010 06:34 PM, Endi Sukma Dewata wrote:
>>>> Hi,
>>>>
>>>> The patch has been modified based on Adam's feedback. Thanks!
>>>>
>>>> Test framework for Web UI has been created using qUnit. The test files
>>>> are located in install/static/test. The main page is index.html which
>>>> contains links to all test suites (xxx_tests.html). The test cases are
>>>> stored in xxx_tests.js. All test suites can be executed at once using
>>>> all_tests.html. The test data is stored in data folder. This patch
>>>> includes test suites for ipa.js and entity.js.
>>>>
>>>> Some variables and functions in ipa.js have been modified to 
>>>> accomodate
>>>> testing (e.g. JSON URL, error handler, synchronous operation). The
>>>> sampledata has been moved to test/data. The develop.js and webui.js 
>>>> also
>>>> have been modified accordingly.
>>>>
>>>> -- 
>>>> Endi S. Dewata
>>>>
>>>> ----- "Endi Sukma Dewata"  wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> Please review the attached patch. It was created based on Adam's
>>>>> sample test files. More test cases will be added later. Thanks!
>>>>>
>>>>> Test suite for Web UI has been created in install/static/test using
>>>>> qUnit. The main page is index.html which contains links to the test
>>>>> pages (xxx_test.html). The test cases are stored in xxx_test.js. The
>>>>> test data is stored in data folder.
>>>>>
>>>>> Some variables and functions in ipa.js have been modified to
>>>>> accomodate
>>>>> unit testing. The develop.js and webui.js also have been modified
>>>>> accordingly.
>>>>>
>>>>> -- 
>>>>> Endi S. Dewata
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>> ACK
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Pushed to master
>
> Is there any documentation on how to run the tests?
>
> rob
Not yet, but for now, just view the html pages in the browser, and you 
will se the test results as they are run.



From edewata at redhat.com  Mon Sep 27 15:21:38 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Mon, 27 Sep 2010 11:21:38 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Test suite for ipa.js and entity.js.
In-Reply-To: <8888434.451741285600852055.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1689580040.451951285600898588.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Rob Crittenden"  wrote:

> Is there any documentation on how to run the tests?

You just need to open install/static/test/index.html
in the browser and click the test you want to run.

--
Endi S. Dewata



From rcritten at redhat.com  Mon Sep 27 15:33:48 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 27 Sep 2010 11:33:48 -0400
Subject: [Freeipa-devel] [PATCH] Test suite for ipa.js and entity.js.
In-Reply-To: <4CA0B633.6030201@redhat.com>
References: <1153759228.355331285367676941.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>	<4C9D390E.8090509@redhat.com>
	<4C9D3994.7060803@redhat.com> <4CA0B275.50406@redhat.com>
	<4CA0B633.6030201@redhat.com>
Message-ID: <4CA0B95C.3070306@redhat.com>

Adam Young wrote:
> On 09/27/2010 11:04 AM, Rob Crittenden wrote:
>> Adam Young wrote:
>>> On 09/24/2010 07:49 PM, Adam Young wrote:
>>>> On 09/24/2010 06:34 PM, Endi Sukma Dewata wrote:
>>>>> Hi,
>>>>>
>>>>> The patch has been modified based on Adam's feedback. Thanks!
>>>>>
>>>>> Test framework for Web UI has been created using qUnit. The test files
>>>>> are located in install/static/test. The main page is index.html which
>>>>> contains links to all test suites (xxx_tests.html). The test cases are
>>>>> stored in xxx_tests.js. All test suites can be executed at once using
>>>>> all_tests.html. The test data is stored in data folder. This patch
>>>>> includes test suites for ipa.js and entity.js.
>>>>>
>>>>> Some variables and functions in ipa.js have been modified to
>>>>> accomodate
>>>>> testing (e.g. JSON URL, error handler, synchronous operation). The
>>>>> sampledata has been moved to test/data. The develop.js and webui.js
>>>>> also
>>>>> have been modified accordingly.
>>>>>
>>>>> --
>>>>> Endi S. Dewata
>>>>>
>>>>> ----- "Endi Sukma Dewata" wrote:
>>>>>
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Please review the attached patch. It was created based on Adam's
>>>>>> sample test files. More test cases will be added later. Thanks!
>>>>>>
>>>>>> Test suite for Web UI has been created in install/static/test using
>>>>>> qUnit. The main page is index.html which contains links to the test
>>>>>> pages (xxx_test.html). The test cases are stored in xxx_test.js. The
>>>>>> test data is stored in data folder.
>>>>>>
>>>>>> Some variables and functions in ipa.js have been modified to
>>>>>> accomodate
>>>>>> unit testing. The develop.js and webui.js also have been modified
>>>>>> accordingly.
>>>>>>
>>>>>> --
>>>>>> Endi S. Dewata
>>>>>>
>>>>>> _______________________________________________
>>>>>> Freeipa-devel mailing list
>>>>>> Freeipa-devel at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Freeipa-devel mailing list
>>>>>> Freeipa-devel at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>> ACK
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>> Pushed to master
>>
>> Is there any documentation on how to run the tests?
>>
>> rob
> Not yet, but for now, just view the html pages in the browser, and you
> will se the test results as they are run.

Ok, how will someone know what pages to visit, etc? There is a Testing 
page on the wiki now, it would be helpful to include a reference to this 
there.

rob



From ayoung at redhat.com  Mon Sep 27 15:38:45 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 27 Sep 2010 11:38:45 -0400
Subject: [Freeipa-devel] [PATCH] Test suite for ipa.js and entity.js.
In-Reply-To: <4CA0B95C.3070306@redhat.com>
References: <1153759228.355331285367676941.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>	<4C9D390E.8090509@redhat.com>
	<4C9D3994.7060803@redhat.com> <4CA0B275.50406@redhat.com>
	<4CA0B633.6030201@redhat.com> <4CA0B95C.3070306@redhat.com>
Message-ID: <4CA0BA85.6040403@redhat.com>

On 09/27/2010 11:33 AM, Rob Crittenden wrote:
> Adam Young wrote:
>> On 09/27/2010 11:04 AM, Rob Crittenden wrote:
>>> Adam Young wrote:
>>>> On 09/24/2010 07:49 PM, Adam Young wrote:
>>>>> On 09/24/2010 06:34 PM, Endi Sukma Dewata wrote:
>>>>>> Hi,
>>>>>>
>>>>>> The patch has been modified based on Adam's feedback. Thanks!
>>>>>>
>>>>>> Test framework for Web UI has been created using qUnit. The test 
>>>>>> files
>>>>>> are located in install/static/test. The main page is index.html 
>>>>>> which
>>>>>> contains links to all test suites (xxx_tests.html). The test 
>>>>>> cases are
>>>>>> stored in xxx_tests.js. All test suites can be executed at once 
>>>>>> using
>>>>>> all_tests.html. The test data is stored in data folder. This patch
>>>>>> includes test suites for ipa.js and entity.js.
>>>>>>
>>>>>> Some variables and functions in ipa.js have been modified to
>>>>>> accomodate
>>>>>> testing (e.g. JSON URL, error handler, synchronous operation). The
>>>>>> sampledata has been moved to test/data. The develop.js and webui.js
>>>>>> also
>>>>>> have been modified accordingly.
>>>>>>
>>>>>> -- 
>>>>>> Endi S. Dewata
>>>>>>
>>>>>> ----- "Endi Sukma Dewata" wrote:
>>>>>>
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Please review the attached patch. It was created based on Adam's
>>>>>>> sample test files. More test cases will be added later. Thanks!
>>>>>>>
>>>>>>> Test suite for Web UI has been created in install/static/test using
>>>>>>> qUnit. The main page is index.html which contains links to the test
>>>>>>> pages (xxx_test.html). The test cases are stored in xxx_test.js. 
>>>>>>> The
>>>>>>> test data is stored in data folder.
>>>>>>>
>>>>>>> Some variables and functions in ipa.js have been modified to
>>>>>>> accomodate
>>>>>>> unit testing. The develop.js and webui.js also have been modified
>>>>>>> accordingly.
>>>>>>>
>>>>>>> -- 
>>>>>>> Endi S. Dewata
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Freeipa-devel mailing list
>>>>>>> Freeipa-devel at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Freeipa-devel mailing list
>>>>>>> Freeipa-devel at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>> ACK
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>> Pushed to master
>>>
>>> Is there any documentation on how to run the tests?
>>>
>>> rob
>> Not yet, but for now, just view the html pages in the browser, and you
>> will se the test results as they are run.
>
> Ok, how will someone know what pages to visit, etc? There is a Testing 
> page on the wiki now, it would be helpful to include a reference to 
> this there.
>
> rob

I figure we need to get a little bit of momentum with the tests 
themselves first.  The framework is in place, but I'm not sure we want 
to advertise the few tests we have yet as being that significant.  More 
valuable is to identify what aspects of the JS codebase are in most need 
of unit test coverage, and getting bugs in for those.

That being said, I think that we want Qunit to be a significatn part of 
our extension strategy, and as such, we should have more than just a doc 
page, but guidelines for writing tests downstream .

I'll post a ticket for the Test page update.




From ayoung at redhat.com  Mon Sep 27 16:45:18 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 27 Sep 2010 12:45:18 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0044-I18N-for-web.patch
In-Reply-To: <4CA0ABB7.5070206@redhat.com>
References: <4C9D53B5.7090006@redhat.com> <4CA0ABB7.5070206@redhat.com>
Message-ID: <4CA0CA1E.1010508@redhat.com>

On 09/27/2010 10:35 AM, Adam Young wrote:
> On 09/24/2010 09:43 PM, Adam Young wrote:
>>  I18N for web
>>
>> Performing I18N completely on the server, to leverage the existing 
>> gettext architecture.
>> Also, the browser does not have access to the Language header.
>>
>> Added the additional po files for a set of required languages
>>
>> conflict with install/static/ipa.js was resolved.
>>
>>
>>
>> Note that the addition of the .po files in this patch is necessary.
>> In order to get Transifex support, we need to update the LINGUAS file 
>> with the languages for which we want support.
>>
>> If we don't add the .po files in, they get automatically generated by 
>> the rpmbuild process.
>>
>> Our implementation of gettext has a bug in it (It might be F13 thing) 
>> where the the Plurals line is not getting correctly transformed, 
>> which causes a build failure.  However, since the RPM would have the 
>> .po files  anyway, we should revision control the ones we have, even 
>> if they are empty.
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Returned the Bug reporting URL to its origianl value.  Looks like 
> another bug in the gettext mechanims.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Corrected 'Plurals' lines in regenerated PO files.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0044-3-I18N-for-web.patch
Type: text/x-patch
Size: 952552 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Mon Sep 27 17:32:27 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 27 Sep 2010 13:32:27 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0044-I18N-for-web.patch
In-Reply-To: <4CA0CA1E.1010508@redhat.com>
References: <4C9D53B5.7090006@redhat.com> <4CA0ABB7.5070206@redhat.com>
	<4CA0CA1E.1010508@redhat.com>
Message-ID: <4CA0D52B.603@redhat.com>

On 09/27/2010 12:45 PM, Adam Young wrote:
> On 09/27/2010 10:35 AM, Adam Young wrote:
>> On 09/24/2010 09:43 PM, Adam Young wrote:
>>>  I18N for web
>>>
>>> Performing I18N completely on the server, to leverage the existing 
>>> gettext architecture.
>>> Also, the browser does not have access to the Language header.
>>>
>>> Added the additional po files for a set of required languages
>>>
>>> conflict with install/static/ipa.js was resolved.
>>>
>>>
>>>
>>> Note that the addition of the .po files in this patch is necessary.
>>> In order to get Transifex support, we need to update the LINGUAS 
>>> file with the languages for which we want support.
>>>
>>> If we don't add the .po files in, they get automatically generated 
>>> by the rpmbuild process.
>>>
>>> Our implementation of gettext has a bug in it (It might be F13 
>>> thing) where the the Plurals line is not getting correctly 
>>> transformed, which causes a build failure.  However, since the RPM 
>>> would have the .po files  anyway, we should revision control the 
>>> ones we have, even if they are empty.
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Returned the Bug reporting URL to its origianl value.  Looks like 
>> another bug in the gettext mechanims.
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Corrected 'Plurals' lines in regenerated PO files.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACKed in IRC by edewata and pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From rcritten at redhat.com  Mon Sep 27 17:56:05 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 27 Sep 2010 13:56:05 -0400
Subject: [Freeipa-devel] [PATCH] 546 make migration work again
Message-ID: <4CA0DAB5.9050007@redhat.com>

Handle an empty base_dn and no cn=ipaconfig in the ldap2 backend.

We lacked good error messages if the user/group container you used 
doesn't exist.

Add a --continue option so things can continue if you use a bad 
user/group container. This has the side-effect of letting you migrate 
just users or groups by using a bad container for the one you don't want.

Fix a Gettext() error when displaying the migrated password message.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-546-migration.patch
Type: application/mbox
Size: 4256 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Mon Sep 27 20:17:03 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 27 Sep 2010 16:17:03 -0400
Subject: [Freeipa-devel] [PATCH] Adding SUDO Plugins and Test Suites
In-Reply-To: 
References: 
Message-ID: <4CA0FBBF.30702@redhat.com>

JR Aquino wrote:
> Attached are the plugins for creating:
>
> * IPA Sudo Commands
> * IPA Sudo Command Groups
> * IPA Sudo Rules
>
> Also included are the accompanying test suites, container pointers, and tests/test_xmlrpc/objectclasses.py definitions.

A very good first try, just needs a little more work.

You need to create the 3 containers in 
install/share/bootstrap-template.ldif so they get created when a server 
is installed.

In sudocmd.py you need to:
- remove imports for Flag, Bytes and base64
- Don't define a pre_callback if it isn't doing any work

In sudocmdgroup.py you need to:
- Fix the doc example at the top. It starts with sudocmdgroup examples 
then switches to group examples.
- Drop the Int import

In sudorule.py you need to:
- Drop AccessTime and Password from imports
- Should membercmd_sudocmd use the label "Sudo Commands" to be 
consistent with Sudo Group Commands?
- I'm not entirely sure what you are doing with cn in the dn, can you 
add some documentation explaining what is going on?

I haven't run the tests yet because I didn't create the container 
entries but a brief look-see and they look fine.

I noted on the imports just because you'll already be in the files, they 
alone wouldn't be a reason to nack the patch.

rob



From ayoung at redhat.com  Mon Sep 27 20:51:52 2010
From: ayoung at redhat.com (Adam Young)
Date: Mon, 27 Sep 2010 16:51:52 -0400
Subject: [Freeipa-devel] [PATCH] 546 make migration work again
In-Reply-To: <4CA0DAB5.9050007@redhat.com>
References: <4CA0DAB5.9050007@redhat.com>
Message-ID: <4CA103E8.3030503@redhat.com>

On 09/27/2010 01:56 PM, Rob Crittenden wrote:
> Handle an empty base_dn and no cn=ipaconfig in the ldap2 backend.
>
> We lacked good error messages if the user/group container you used 
> doesn't exist.
>
> Add a --continue option so things can continue if you use a bad 
> user/group container. This has the side-effect of letting you migrate 
> just users or groups by using a bad container for the one you don't want.
>
> Fix a Gettext() error when displaying the migrated password message.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From JR.Aquino at citrixonline.com  Mon Sep 27 20:58:11 2010
From: JR.Aquino at citrixonline.com (JR Aquino)
Date: Mon, 27 Sep 2010 13:58:11 -0700
Subject: [Freeipa-devel] [PATCH] Adding SUDO Plugins and Test Suites
In-Reply-To: <4CA0FBBF.30702@redhat.com>
References: 
	<4CA0FBBF.30702@redhat.com>
Message-ID: 

Let me know how it looks now.


On Sep 27, 2010, at 1:17 PM, Rob Crittenden wrote:

A very good first try, just needs a little more work.

You need to create the 3 containers in
install/share/bootstrap-template.ldif so they get created when a server
is installed.

Done

In sudocmd.py you need to:
- remove imports for Flag, Bytes and base64
- Don't define a pre_callback if it isn't doing any work

Done

In sudocmdgroup.py you need to:
- Fix the doc example at the top. It starts with sudocmdgroup examples
then switches to group examples.
- Drop the Int import

Done

In sudorule.py you need to:
- Drop AccessTime and Password from imports

Done

- Should membercmd_sudocmd use the label "Sudo Commands" to be
consistent with Sudo Group Commands?

Done (yes, you are right)

- I'm not entirely sure what you are doing with cn in the dn, can you
add some documentation explaining what is going on?

It was cruft and has been removed.  Was originally there due to confusion about how the compat piece was going to work and wasn't sure if the dn would be defined by the cn or a different identifier.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Attached-are-the-Corrected-plugins-for-creating.patch
Type: application/octet-stream
Size: 51211 bytes
Desc: 0001-Attached-are-the-Corrected-plugins-for-creating.patch
URL: 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From edewata at redhat.com  Mon Sep 27 22:27:03 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Mon, 27 Sep 2010 18:27:03 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Test suite for association.
In-Reply-To: <1090923708.508181285626386391.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <528449379.508231285626423973.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

Please review the attached patch. Thanks!

New test cases have been added to test SerialAssociator and
BulkAssociator using mockup objects. Also fixed a bug in BulkAssociator.

Moved switch_view() out of ipa_entity_generate_views() in entity.js
to allow unit testing using mockup objects. Updated the test case
to validate click event on facets.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0009-Test-suite-for-association.patch
Type: text/x-patch
Size: 11822 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Tue Sep 28 02:16:19 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 27 Sep 2010 22:16:19 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0044-I18N-for-web.patch
In-Reply-To: <4CA0D52B.603@redhat.com>
References: <4C9D53B5.7090006@redhat.com>
	<4CA0ABB7.5070206@redhat.com>	<4CA0CA1E.1010508@redhat.com>
	<4CA0D52B.603@redhat.com>
Message-ID: <4CA14FF3.5070800@redhat.com>

Adam Young wrote:
> On 09/27/2010 12:45 PM, Adam Young wrote:
>> On 09/27/2010 10:35 AM, Adam Young wrote:
>>> On 09/24/2010 09:43 PM, Adam Young wrote:
>>>> I18N for web
>>>>
>>>> Performing I18N completely on the server, to leverage the existing
>>>> gettext architecture.
>>>> Also, the browser does not have access to the Language header.
>>>>
>>>> Added the additional po files for a set of required languages
>>>>
>>>> conflict with install/static/ipa.js was resolved.
>>>>
>>>>
>>>>
>>>> Note that the addition of the .po files in this patch is necessary.
>>>> In order to get Transifex support, we need to update the LINGUAS
>>>> file with the languages for which we want support.
>>>>
>>>> If we don't add the .po files in, they get automatically generated
>>>> by the rpmbuild process.
>>>>
>>>> Our implementation of gettext has a bug in it (It might be F13
>>>> thing) where the the Plurals line is not getting correctly
>>>> transformed, which causes a build failure. However, since the RPM
>>>> would have the .po files anyway, we should revision control the ones
>>>> we have, even if they are empty.
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>> Returned the Bug reporting URL to its origianl value. Looks like
>>> another bug in the gettext mechanims.
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Corrected 'Plurals' lines in regenerated PO files.
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACKed in IRC by edewata and pushed to master

This patch includes install/po/Makefile which is supposed to be an 
auto-generated file. Can you remove it?

rob



From rcritten at redhat.com  Tue Sep 28 02:39:40 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 27 Sep 2010 22:39:40 -0400
Subject: [Freeipa-devel] [PATCH] Adding SUDO Plugins and Test Suites
In-Reply-To: 
References: 
	<4CA0FBBF.30702@redhat.com>
	
Message-ID: <4CA1556C.60102@redhat.com>

JR Aquino wrote:
> Let me know how it looks now.

Ack, pushed to master. I made one minor change. You had duplicated 
adding the container for sudocmds to bootstrap-template.ldif but that 
was trivial enough to fix myself.

Thanks for the huge contribution.

I also added you to the Contributors file and pushed that under the 
1-liner rule.

rob

>
>
> On Sep 27, 2010, at 1:17 PM, Rob Crittenden wrote:
>
> A very good first try, just needs a little more work.
>
> You need to create the 3 containers in
> install/share/bootstrap-template.ldif so they get created when a server
> is installed.
>
> Done
>
> In sudocmd.py you need to:
> - remove imports for Flag, Bytes and base64
> - Don't define a pre_callback if it isn't doing any work
>
> Done
>
> In sudocmdgroup.py you need to:
> - Fix the doc example at the top. It starts with sudocmdgroup examples
> then switches to group examples.
> - Drop the Int import
>
> Done
>
> In sudorule.py you need to:
> - Drop AccessTime and Password from imports
>
> Done
>
> - Should membercmd_sudocmd use the label "Sudo Commands" to be
> consistent with Sudo Group Commands?
>
> Done (yes, you are right)
>
> - I'm not entirely sure what you are doing with cn in the dn, can you
> add some documentation explaining what is going on?
>
> It was cruft and has been removed.  Was originally there due to confusion about how the compat piece was going to work and wasn't sure if the dn would be defined by the cn or a different identifier.



From ayoung at redhat.com  Tue Sep 28 13:58:24 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 09:58:24 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0044-I18N-for-web.patch
In-Reply-To: <4CA14FF3.5070800@redhat.com>
References: <4C9D53B5.7090006@redhat.com>
	<4CA0ABB7.5070206@redhat.com>	<4CA0CA1E.1010508@redhat.com>
	<4CA0D52B.603@redhat.com> <4CA14FF3.5070800@redhat.com>
Message-ID: <4CA1F480.3060403@redhat.com>

On 09/27/2010 10:16 PM, Rob Crittenden wrote:
> Adam Young wrote:
>> On 09/27/2010 12:45 PM, Adam Young wrote:
>>> On 09/27/2010 10:35 AM, Adam Young wrote:
>>>> On 09/24/2010 09:43 PM, Adam Young wrote:
>>>>> I18N for web
>>>>>
>>>>> Performing I18N completely on the server, to leverage the existing
>>>>> gettext architecture.
>>>>> Also, the browser does not have access to the Language header.
>>>>>
>>>>> Added the additional po files for a set of required languages
>>>>>
>>>>> conflict with install/static/ipa.js was resolved.
>>>>>
>>>>>
>>>>>
>>>>> Note that the addition of the .po files in this patch is necessary.
>>>>> In order to get Transifex support, we need to update the LINGUAS
>>>>> file with the languages for which we want support.
>>>>>
>>>>> If we don't add the .po files in, they get automatically generated
>>>>> by the rpmbuild process.
>>>>>
>>>>> Our implementation of gettext has a bug in it (It might be F13
>>>>> thing) where the the Plurals line is not getting correctly
>>>>> transformed, which causes a build failure. However, since the RPM
>>>>> would have the .po files anyway, we should revision control the ones
>>>>> we have, even if they are empty.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>> Returned the Bug reporting URL to its origianl value. Looks like
>>>> another bug in the gettext mechanims.
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>> Corrected 'Plurals' lines in regenerated PO files.
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> ACKed in IRC by edewata and pushed to master
>
> This patch includes install/po/Makefile which is supposed to be an 
> auto-generated file. Can you remove it?
>
> rob
Will do



From ayoung at redhat.com  Tue Sep 28 14:07:29 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 10:07:29 -0400
Subject: [Freeipa-devel] [PATCH] admiyo-freeipa-0045-Fix-the-add-button.patch
Message-ID: <4CA1F6A1.3060005@redhat.com>

Fix the 'add' button

     The Add button was located using the Dom, and the scheme used to 
find it was fragile enough to be broken by the I18N approach.  This is a 
little more robust, using a JQuery selector based on the class of the 
controls, and the entity name.

     Also remove  Makefile, which should be autogenerated.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0045-Fix-the-add-button.patch
Type: text/x-patch
Size: 12762 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Tue Sep 28 14:17:53 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 10:17:53 -0400
Subject: [Freeipa-devel] [PATCH] Test suite for association.
In-Reply-To: <528449379.508231285626423973.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <528449379.508231285626423973.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4CA1F911.5080500@redhat.com>

On 09/27/2010 06:27 PM, Endi Sukma Dewata wrote:
> Hi,
>
> Please review the attached patch. Thanks!
>
> New test cases have been added to test SerialAssociator and
> BulkAssociator using mockup objects. Also fixed a bug in BulkAssociator.
>
> Moved switch_view() out of ipa_entity_generate_views() in entity.js
> to allow unit testing using mockup objects. Updated the test case
> to validate click event on facets.
>
> --
> Endi S. Dewata
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Tue Sep 28 14:20:45 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 10:20:45 -0400
Subject: [Freeipa-devel] [PATCH] Test suite for association.
In-Reply-To: <4CA1F911.5080500@redhat.com>
References: <528449379.508231285626423973.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
	<4CA1F911.5080500@redhat.com>
Message-ID: <4CA1F9BD.2000606@redhat.com>

On 09/28/2010 10:17 AM, Adam Young wrote:
> On 09/27/2010 06:27 PM, Endi Sukma Dewata wrote:
>> Hi,
>>
>> Please review the attached patch. Thanks!
>>
>> New test cases have been added to test SerialAssociator and
>> BulkAssociator using mockup objects. Also fixed a bug in BulkAssociator.
>>
>> Moved switch_view() out of ipa_entity_generate_views() in entity.js
>> to allow unit testing using mockup objects. Updated the test case
>> to validate click event on facets.
>>
>> --
>> Endi S. Dewata
>>    
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From admin at transifex.net  Tue Sep 28 15:06:47 2010
From: admin at transifex.net (admin at transifex.net)
Date: Tue, 28 Sep 2010 15:06:47 -0000
Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA |
	master
Message-ID: <20100928150647.16171.99688@web1.transifex.net>

Hello freeipa, this is Transifex at http://www.transifex.net.

The following attached files were submitted to FreeIPA | master by yurchor  

Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page.

Thank you,
Transifex
-------------- next part --------------
# Copyright (C) YEAR Red Hat
# This file is distributed under the same license as the PACKAGE package.
#
# Yuri Chornoivan , 2010.
msgid ""
msgstr ""
"Project-Id-Version: ipa\n"
"Report-Msgid-Bugs-To: https://hosted.fedoraproject."
"org/projects/freeipa/newticket\n"
"POT-Creation-Date: 2010-09-27 10:25-0400\n"
"PO-Revision-Date: 2010-09-28 18:04+0300\n"
"Last-Translator: Yuri Chornoivan \n"
"Language-Team: Ukrainian \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: uk\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
"X-Generator: Lokalize 1.1\n"

#: ../../ipalib/parameters.py:295
msgid "incorrect type"
msgstr "?????????? ???"

#: ../../ipalib/parameters.py:298
msgid "Only one value is allowed"
msgstr "????? ??????????????? ???? ???? ????????"

#: ../../ipalib/parameters.py:877
msgid "must be True or False"
msgstr "??? ??????????? True ??? False"

#: ../../ipalib/parameters.py:978
msgid "must be an integer"
msgstr "??? ???? ????? ??????"

#: ../../ipalib/parameters.py:1029
#, python-format
msgid "must be at least %(minvalue)d"
msgstr "??? ???? ??????, ?? ?????? ?? %(minvalue)d"

#: ../../ipalib/parameters.py:1039
#, python-format
msgid "can be at most %(maxvalue)d"
msgstr "?? ???? ???????????? %(maxvalue)d"

#: ../../ipalib/parameters.py:1049
msgid "must be a decimal number"
msgstr "??? ???? ?????????? ??????"

#: ../../ipalib/parameters.py:1071
#, python-format
msgid "must be at least %(minvalue)f"
msgstr "??? ???? ??????, ?? ?????? ?? %(minvalue)f"

#: ../../ipalib/parameters.py:1081
#, python-format
msgid "can be at most %(maxvalue)f"
msgstr "?? ???? ???????????? %(maxvalue)f"

#: ../../ipalib/parameters.py:1145
#, python-format
msgid "must match pattern \"%(pattern)s\""
msgstr "??? ??????????? ??????? ?%(pattern)s?"

#: ../../ipalib/parameters.py:1163
msgid "must be binary data"
msgstr "??? ???? ????????? ??????"

#: ../../ipalib/parameters.py:1179
#, python-format
msgid "must be at least %(minlength)d bytes"
msgstr "??? ???? ????????, ?? ????? ?? %(minlength)d ??????"

#: ../../ipalib/parameters.py:1189
#, python-format
msgid "can be at most %(maxlength)d bytes"
msgstr "?? ??????? ???????????? ?? ???????? %(maxlength)d ??????"

#: ../../ipalib/parameters.py:1199
#, python-format
msgid "must be exactly %(length)d bytes"
msgstr "??? ???? ???????? ????? ? %(length)d ??????"

#: ../../ipalib/parameters.py:1217
msgid "must be Unicode text"
msgstr "??? ???? ??????? ? Unicode"

#: ../../ipalib/parameters.py:1248
#, python-format
msgid "must be at least %(minlength)d characters"
msgstr "??? ???? ?? ?????? ?? %(minlength)d ???????? ????????"

#: ../../ipalib/parameters.py:1258
#, python-format
msgid "can be at most %(maxlength)d characters"
msgstr "?? ??????? ???????????? %(maxlength)d ???????? ? ???????"

#: ../../ipalib/parameters.py:1268
#, python-format
msgid "must be exactly %(length)d characters"
msgstr "??? ???? ????? %(length)d ???????? ? ???????"

#: ../../ipalib/parameters.py:1307
#, python-format
msgid "must be one of %(values)r"
msgstr "??? ???? ????? ?? ????? ???????: %(values)r"

#: ../../ipalib/output.py:92
msgid "A dictionary representing an LDAP entry"
msgstr "???????, ?? ?????????? ?????? LDAP"

#: ../../ipalib/output.py:100
msgid "A list of LDAP entries"
msgstr "?????? ??????? LDAP"

#: ../../ipalib/output.py:111
msgid "All commands should at least have a result"
msgstr "????????? ???? ?????? ??? ?????????? ?? ??????? ??????????"

#: ../../ipalib/cli.py:507
#, python-format
msgid "Enter %(label)s again to verify: "
msgstr "??????? %(label)s ?? ??? ??? ?????????: "

#: ../../ipalib/cli.py:511
msgid "Passwords do not match!"
msgstr "?????? ?? ??????????!"

#: ../../ipalib/cli.py:516
msgid "Cancelled."
msgstr "?????????."

#: ../../ipalib/frontend.py:380
msgid "Results are truncated, try a more specific search"
msgstr ""
"?????? ??????????? ????????. ????????? ??????? ????????? ???????? ??????."

#: ../../ipalib/frontend.py:797 ../../ipalib/plugins/misc.py:47
msgid "retrieve all attributes"
msgstr "???????? ??? ????????"

#: ../../ipalib/frontend.py:803
msgid "print entries as stored on the server"
msgstr "??????? ?????? ? ?????, ? ???? ???? ???????????? ?? ???????"

#: ../../ipalib/frontend.py:914
msgid "Forward to server instead of running locally"
msgstr "?????????????? ?? ?????? ??????? ?????????? ?????????"

#: ../../ipalib/errors.py:297
#, python-format
msgid "%(cver)s client incompatible with %(sver)s server at %(server)r"
msgstr "?????? %(cver)s ? ?????????? ? ???????? %(sver)s ?? %(server)r"

#: ../../ipalib/errors.py:315
#, python-format
msgid "unknown error %(code)d from %(server)s: %(error)s"
msgstr "%(server)s ?????????? ??? ???????? ??????? %(code)d: %(error)s"

#: ../../ipalib/errors.py:331
msgid "an internal error has occurred"
msgstr "??????? ????????? ???????"

#: ../../ipalib/errors.py:353
#, python-format
msgid "an internal error has occurred on server at %(server)r"
msgstr "?? ??????? %(server)r ??????? ????????? ???????"

#: ../../ipalib/errors.py:369
#, python-format
msgid "unknown command %(name)r"
msgstr "???????? ??????? %(name)r"

#: ../../ipalib/errors.py:386 ../../ipalib/errors.py:411
#, python-format
msgid "error on server %(server)r: %(error)s"
msgstr "??????? ?? ??????? %(server)r: %(error)s"

#: ../../ipalib/errors.py:402
#, python-format
msgid "cannot connect to %(uri)r: %(error)s"
msgstr "?? ??????? ?????????? ????????? ? %(uri)r: %(error)s"

#: ../../ipalib/errors.py:420
#, python-format
msgid "Invalid JSON-RPC request: %(error)s"
msgstr "??????????? ????? JSON-RPC: %(error)s"

#: ../../ipalib/errors.py:448
#, python-format
msgid "Kerberos error: %(major)s/%(minor)s"
msgstr "??????? Kerberos: %(major)s/%(minor)s"

#: ../../ipalib/errors.py:465
msgid "did not receive Kerberos credentials"
msgstr "?? ???????? ????????????? ????? Kerberos"

#: ../../ipalib/errors.py:481
#, python-format
msgid "Service %(service)r not found in Kerberos database"
msgstr "? ???? ????? Kerberos ?? ???????? ?????? %(service)r"

#: ../../ipalib/errors.py:497
msgid "No credentials cache found"
msgstr "?? ???????? ???? ????????????? ?????"

#: ../../ipalib/errors.py:513
msgid "Ticket expired"
msgstr "????? ????? ??? ??????"

#: ../../ipalib/errors.py:529
msgid "Credentials cache permissions incorrect"
msgstr "????????? ????? ??????? ?? ???? ????????????? ?????"

#: ../../ipalib/errors.py:545
msgid "Bad format in credentials cache"
msgstr "?????????? ?????? ???? ????????????? ?????"

#: ../../ipalib/errors.py:561
msgid "Cannot resolve KDC for requested realm"
msgstr "?? ??????? ????????? KDC ??? ??????? ??????? (realm)"

#: ../../ipalib/errors.py:580
#, python-format
msgid "Insufficient access: %(info)s"
msgstr "?????????? ????? ??? ???????: %(info)s"

#: ../../ipalib/errors.py:624
#, python-format
msgid "command %(name)r takes no arguments"
msgstr "??????? %(name)r ?? ??????? ?????? ??????????"

#: ../../ipalib/errors.py:644
#, python-format
msgid "command %(name)r takes at most %(count)d argument"
msgid_plural "command %(name)r takes at most %(count)d arguments"
msgstr[0] "??????? %(name)r ??????? ?? ?????? %(count)d ?????????"
msgstr[1] "??????? %(name)r ??????? ?? ?????? %(count)d ??????????"
msgstr[2] "??????? %(name)r ??????? ?? ?????? %(count)d ??????????"

#: ../../ipalib/errors.py:674
#, python-format
msgid "overlapping arguments and options: %(names)r"
msgstr "?????????? ?????????? ? ??????????: %(names)r"

#: ../../ipalib/errors.py:690
#, python-format
msgid "%(name)r is required"
msgstr "???? ??????? %(name)r"

#: ../../ipalib/errors.py:706 ../../ipalib/errors.py:722
#, python-format
msgid "invalid %(name)r: %(error)s"
msgstr "?????????? %(name)r: %(error)s"

#: ../../ipalib/errors.py:738
#, python-format
msgid "api has no such namespace: %(name)r"
msgstr "api ?? ????? ?????? ???????? ????: %(name)r"

#: ../../ipalib/errors.py:747
msgid "Passwords do not match"
msgstr "?????? ?? ??????????"

#: ../../ipalib/errors.py:755
msgid "Command not implemented"
msgstr "??????? ?? ???????????"

#: ../../ipalib/errors.py:783 ../../ipalib/errors.py:1023
#, python-format
msgid "%(reason)s"
msgstr "%(reason)s"

#: ../../ipalib/errors.py:799
msgid "This entry already exists"
msgstr "??? ????? ??? ?????"

#: ../../ipalib/errors.py:815
msgid "You must enroll a host in order to create a host service"
msgstr "??? ???????? ?????? ?????, ??? ???? ????????????? ?????"

#: ../../ipalib/errors.py:831
#, python-format
msgid ""
"Service principal is not of the form: service/fully-qualified host name: %"
"(reason)s"
msgstr ""
"????????????? ????? ?????? ??????? ? ?????, ????????? ???: ??????/????? "
"????? "
"?????: %(reason)s"

#: ../../ipalib/errors.py:847
msgid ""
"The realm for the principal does not match the realm for this IPA server"
msgstr ""
"??????? ??? ?????????????? ?????? ?? ?????????? ? ??????? ????? ??????? IPA"

#: ../../ipalib/errors.py:863
msgid "This command requires root access"
msgstr "??? ????????? ???? ??????? ???????? ????? ??????? ??????????? root"

#: ../../ipalib/errors.py:879
msgid "This is already a posix group"
msgstr "??? ? posix-??????"

#: ../../ipalib/errors.py:895
#, python-format
msgid "Principal is not of the form user at REALM: %(principal)r"
msgstr ""
"????????????? ????? ??????? ? ?????, ????????? ??? ??????????@???????: %"
"(principal)r"

#: ../../ipalib/errors.py:911
msgid "This entry is already unlocked"
msgstr "??? ????? ??? ????????????"

#: ../../ipalib/errors.py:927
msgid "This entry is already locked"
msgstr "??? ????? ??? ???????????"

#: ../../ipalib/errors.py:943
msgid "This entry has nsAccountLock set, it cannot be locked or unlocked"
msgstr ""
"??? ????? ?????? ??????????? ??????? nsAccountLock, ????? ?? ????? "
"??????????? ??? ????????????"

#: ../../ipalib/errors.py:959
msgid "This entry is not a member of the group"
msgstr "??? ????? ?? ? ????????? ?????"

#: ../../ipalib/errors.py:975
msgid "A group may not be a member of itself"
msgstr "????? ?? ???? ???? ????????? ????? ????"

#: ../../ipalib/errors.py:991
msgid "This entry is already a member of the group"
msgstr "??? ????? ??? ? ????????? ?????"

#: ../../ipalib/errors.py:1007
#, python-format
msgid "Base64 decoding failed: %(reason)s"
msgstr "??????? ??????????? Base64: %(reason)s"

#: ../../ipalib/errors.py:1039
msgid "A group may not be added as a member of itself"
msgstr "????? ?? ???? ???? ?????? ?? ??????? ????? ????"

#: ../../ipalib/errors.py:1055
msgid "The default users group cannot be removed"
msgstr "?? ????? ???????? ?????? ????? ????????????"

#: ../../ipalib/errors.py:1071
msgid "Host does not have corresponding DNS A record"
msgstr "????? ?? ??? ???????????? ?????? DNS A"

#: ../../ipalib/errors.py:1086
msgid "Deleting a managed group is not allowed. It must be detached first."
msgstr "????????? ????????? ???? ??????????. ???????? ????? ???? ??????????."

#: ../../ipalib/errors.py:1109
#, python-format
msgid "no command nor help topic %(topic)r"
msgstr "?? ???????? ?? ???????, ?? ?????? ??????? %(topic)r"

#: ../../ipalib/errors.py:1133
msgid "change collided with another change"
msgstr "????? ?????????? ? ????? ???????? ??????"

#: ../../ipalib/errors.py:1149
msgid "no modifications to be performed"
msgstr "???? ?? ???????"

#: ../../ipalib/errors.py:1165
#, python-format
msgid "%(desc)s:%(info)s"
msgstr "%(desc)s:%(info)s"

#: ../../ipalib/errors.py:1181
msgid "limits exceeded for this query"
msgstr "??? ??????? ?????????? ?????????"

#: ../../ipalib/errors.py:1196
#, python-format
msgid "%(info)s"
msgstr "%(info)s"

#: ../../ipalib/errors.py:1221
#, python-format
msgid "Certificate operation cannot be completed: %(error)s"
msgstr "?? ??????? ????????? ??? ? ????????????: %(error)s"

#: ../../ipalib/plugins/config.py:73
msgid "Configuration"
msgstr "????????????"

#: ../../ipalib/plugins/config.py:78
msgid "Max username length"
msgstr "????. ??????? ????? ???????????"

#: ../../ipalib/plugins/config.py:83
msgid "Home directory base"
msgstr "?????? ???????? ?????????"

#: ../../ipalib/plugins/config.py:84
msgid "Default location of home directories"
msgstr "?????? ?????? ???????? ?????????"

#: ../../ipalib/plugins/config.py:88
msgid "Default shell"
msgstr "?????? ????????"

#: ../../ipalib/plugins/config.py:89
msgid "Default shell for new users"
msgstr "?????? ???????? ??? ????? ????????????"

#: ../../ipalib/plugins/config.py:93
msgid "Default users group"
msgstr "?????? ????? ????????????"

#: ../../ipalib/plugins/config.py:94
msgid "Default group for new users"
msgstr "?????? ????? ??? ????? ????????????"

#: ../../ipalib/plugins/config.py:98
msgid "Default e-mail domain"
msgstr "??????? ????? ??. ?????"

#: ../../ipalib/plugins/config.py:99
msgid "Default e-mail domain new users"
msgstr "??????? ????? ??????????? ????? ??? ????? ????????????"

#: ../../ipalib/plugins/config.py:103
msgid "Search time limit"
msgstr "????????? ???? ??????"

#: ../../ipalib/plugins/config.py:104
msgid "Max. amount of time (sec.) for a search (-1 is unlimited)"
msgstr ""
"???????????? ???????? ???? (? ????????) ??? ????????? ?????? ??? ? ?????? (-"
"1 ? ??? ????????)"

#: ../../ipalib/plugins/config.py:109
msgid "Search size limit"
msgstr "????????? ??????? ??????"

#: ../../ipalib/plugins/config.py:110
msgid "Max. number of records to search (-1 is unlimited)"
msgstr "??????????? ????????? ??????? ??????????? ?????? (-1 ? ??? ????????)"

#: ../../ipalib/plugins/config.py:115
msgid "User search fields"
msgstr "???? ?????? ????????????"

#: ../../ipalib/plugins/config.py:116
msgid "A comma-separated list of fields to search when searching for users"
msgstr ""
"????????????? ?????? ?????? ?????, ?? ????? ???????????????? ????? "
"????????????"

#: ../../ipalib/plugins/config.py:121
msgid "A comma-separated list of fields to search when searching for groups"
msgstr ""
"????????????? ?????? ?????? ?????, ?? ????? ???????????????? ????? ????"

#: ../../ipalib/plugins/config.py:125
msgid "Migration mode"
msgstr "????? ????????"

#: ../../ipalib/plugins/config.py:126
msgid "Enable migration mode"
msgstr "????????? ????? ????????"

#: ../../ipalib/plugins/config.py:130
msgid "Certificate Subject base"
msgstr "??????? ?????? ????????????"

#: ../../ipalib/plugins/config.py:131
msgid "Base for certificate subjects (OU=Test,O=Example)"
msgstr "?????? ??? ????????? ??????? ???????? ???????????? (OU=Test,O=Example)"

#: ../../ipalib/plugins/rolegroup.py:79
msgid "Role Groups"
msgstr "????? ?????"

#: ../../ipalib/plugins/rolegroup.py:84
msgid "Role-group name"
msgstr "????? ????? ?????"

#: ../../ipalib/plugins/rolegroup.py:90 ../../ipalib/plugins/host.py:124
#: ../../ipalib/plugins/group.py:108 ../../ipalib/plugins/hbac.py:151
#: ../../ipalib/plugins/automount.py:230 ../../ipalib/plugins/netgroup.py:96
#: ../../ipalib/plugins/taskgroup.py:62 ../../ipalib/plugins/hostgroup.py:81
msgid "Description"
msgstr "????"

#: ../../ipalib/plugins/rolegroup.py:91
msgid "A description of this role-group"
msgstr "???? ???? ????? ?????"

#: ../../ipalib/plugins/rolegroup.py:94 ../../ipalib/plugins/group.py:117
#: ../../ipalib/plugins/taskgroup.py:66
msgid "Member groups"
msgstr "?????-????????"

#: ../../ipalib/plugins/rolegroup.py:98 ../../ipalib/plugins/group.py:121
#: ../../ipalib/plugins/taskgroup.py:70
msgid "Member users"
msgstr "???????????-????????"

#: ../../ipalib/plugins/rolegroup.py:102
msgid "Member of task-groups"
msgstr "??????? ????? ???????"

#: ../../ipalib/plugins/rolegroup.py:115
#, python-format
msgid "Added rolegroup \"%(value)s\""
msgstr "?????? ????? ????? ?%(value)s?"

#: ../../ipalib/plugins/rolegroup.py:125
#, python-format
msgid "Deleted rolegroup \"%(value)s\""
msgstr "???????? ????? ????? ?%(value)s?"

#: ../../ipalib/plugins/rolegroup.py:135
#, python-format
msgid "Modified rolegroup \"%(value)s\""
msgstr "??????? ????? ????? ?%(value)s?"

#: ../../ipalib/plugins/rolegroup.py:146
#, python-format
msgid "%(count)d rolegroup matched"
msgid_plural "%(count)d rolegroups matched"
msgstr[0] "??????????? ????????????? %(count)d ????? ?????"
msgstr[1] "??????????? ????????????? %(count)d ???? ?????"
msgstr[2] "??????????? ????????????? %(count)d ???? ?????"

#: ../../ipalib/plugins/host.py:86
msgid "Fully-qualified hostname required"
msgstr "???? ??????? ????? ????? ????????"

#: ../../ipalib/plugins/host.py:113 ../../ipalib/plugins/hbac.py:162
msgid "Hosts"
msgstr "?????"

#: ../../ipalib/plugins/host.py:118
msgid "Host name"
msgstr "????? ?????"

#: ../../ipalib/plugins/host.py:125
msgid "A description of this host"
msgstr "???? ????? ?????"

#: ../../ipalib/plugins/host.py:129
msgid "Locality"
msgstr "??????"

#: ../../ipalib/plugins/host.py:130
msgid "Host locality (e.g. \"Baltimore, MD\")"
msgstr "?????? ???????????? ????? (?????????, ?????, ????????)"

#: ../../ipalib/plugins/host.py:134 ../../ipalib/plugins/automount.py:107
msgid "Location"
msgstr "????????????"

#: ../../ipalib/plugins/host.py:135
msgid "Host location (e.g. \"Lab 2\")"
msgstr "???????????? ????? (?????????, ?Lab 2?)"

#: ../../ipalib/plugins/host.py:139
msgid "Platform"
msgstr "?????????"

#: ../../ipalib/plugins/host.py:140
msgid "Host hardware platform (e.g. \"Lenovo T61\")"
msgstr "???????? ????????? ????? (?????????, ?Lenovo T61?)"

#: ../../ipalib/plugins/host.py:144
msgid "Operating system"
msgstr "?????????? ???????"

#: ../../ipalib/plugins/host.py:145
msgid "Host operating system and version (e.g. \"Fedora 9\")"
msgstr "?????????? ??????? ????? ? ?? ?????? (?????????, ?Fedora 9\")"

#: ../../ipalib/plugins/host.py:149
msgid "User password"
msgstr "?????? ???????????"

#: ../../ipalib/plugins/host.py:150
msgid "Password used in bulk enrollment"
msgstr "?????? ??? ?????????? ????????? ?????????????? ????????"

#: ../../ipalib/plugins/host.py:154 ../../ipalib/plugins/service.py:185
#: ../../ipalib/plugins/service.py:265 ../../ipalib/plugins/service.py:304
#: ../../ipalib/plugins/service.py:343 ../../ipalib/plugins/cert.py:187
#: ../../ipalib/plugins/cert.py:392
msgid "Certificate"
msgstr "??????????"

#: ../../ipalib/plugins/host.py:155 ../../ipalib/plugins/service.py:186
#: ../../ipalib/plugins/service.py:266 ../../ipalib/plugins/service.py:305
#: ../../ipalib/plugins/service.py:344
msgid "Base-64 encoded server certificate"
msgstr "?????????? ??????? ? ????????? Base-64"

#: ../../ipalib/plugins/host.py:158 ../../ipalib/plugins/host.py:274
msgid "Principal name"
msgstr "????? ?????????????? ??????"

#: ../../ipalib/plugins/host.py:162 ../../ipalib/plugins/hostgroup.py:93
msgid "Member of host-groups"
msgstr "??????? ????? ??????"

#: ../../ipalib/plugins/host.py:166
msgid "Member of net-groups"
msgstr "??????? ????????? ?????"

#: ../../ipalib/plugins/host.py:170
msgid "Member of role-groups"
msgstr "??????? ????? ?????"

#: ../../ipalib/plugins/host.py:199
#, python-format
msgid "Added host \"%(value)s\""
msgstr "?????? ????? ?%(value)s?"

#: ../../ipalib/plugins/host.py:202
msgid "force host name even if not in DNS"
msgstr "????????? ???????? ????? ?????, ?????? ???? ????? ????? ? DNS"

#: ../../ipalib/plugins/host.py:235
#, python-format
msgid "Deleted host \"%(value)s\""
msgstr "???????? ????? ?%(value)s?"

#: ../../ipalib/plugins/host.py:269
#, python-format
msgid "Modified host \"%(value)s\""
msgstr "??????? ????? ?%(value)s?"

#: ../../ipalib/plugins/host.py:275
msgid "Kerberos principal name for this host"
msgstr "????? ?????????????? ?????? Kerberos ??? ????? ?????"

#: ../../ipalib/plugins/host.py:319
#, python-format
msgid "%(count)d host matched"
msgid_plural "%(count)d hosts matched"
msgstr[0] "??????????? ????????????? %(count)d ?????"
msgstr[1] "??????????? ????????????? %(count)d ??????"
msgstr[2] "??????????? ????????????? %(count)d ??????"

#: ../../ipalib/plugins/host.py:337 ../../ipalib/plugins/service.py:83
msgid "Keytab"
msgstr "??????? ??????"

#: ../../ipalib/plugins/host.py:359 ../../ipalib/plugins/service.py:386
#, python-format
msgid "Removed kerberos key from \"%(value)s\""
msgstr "???????? ???? kerberos ? ?%(value)s?"

#: ../../ipalib/plugins/host.py:368
msgid "Host principal has no kerberos key"
msgstr "? ?????????????? ?????? ????? ????? ????? kerberos"

#: ../../ipalib/plugins/group.py:94
msgid "User Groups"
msgstr "????? ????????????"

#: ../../ipalib/plugins/group.py:102
msgid "Group name"
msgstr "????? ?????"

#: ../../ipalib/plugins/group.py:109
msgid "Group description"
msgstr "???? ?????"

#: ../../ipalib/plugins/group.py:113
msgid "GID"
msgstr "GID"

#: ../../ipalib/plugins/group.py:114
msgid "GID (use this option to set it manually)"
msgstr "GID (?? ????????? ????? ????????? ????? ?????????? ???????? ??????)"

#: ../../ipalib/plugins/group.py:134
#, python-format
msgid "Added group \"%(value)s\""
msgstr "?????? ????? ?%(value)s?"

#: ../../ipalib/plugins/group.py:139
msgid "Create as posix group?"
msgstr "???????? ?? ????? posix?"

#: ../../ipalib/plugins/group.py:159
#, python-format
msgid "Deleted group \"%(value)s\""
msgstr "???????? ????? ?%(value)s?"

#: ../../ipalib/plugins/group.py:188
#, python-format
msgid "Modified group \"%(value)s\""
msgstr "??????? ????? ?%(value)s?"

#: ../../ipalib/plugins/group.py:193
msgid "change to posix group"
msgstr "??????? ?? ????? posix"

#: ../../ipalib/plugins/group.py:219
#, python-format
msgid "%(count)d group matched"
msgid_plural "%(count)d groups matched"
msgstr[0] "??????????? ????????????? %(count)d ?????"
msgstr[1] "??????????? ????????????? %(count)d ????"
msgstr[2] "??????????? ????????????? %(count)d ????"

#: ../../ipalib/plugins/group.py:254
#, python-format
msgid "Detached group \"%(value)s\" from user \"%(value)s\""
msgstr "?????????? ????? ?%(value)s? ??? ??????????? ?%(value)s?"

#: ../../ipalib/plugins/group.py:270
msgid "not allowed to modify user entries"
msgstr "?????????? ????????? ?????? ????????????"

#: ../../ipalib/plugins/group.py:274
msgid "not allowed to modify group entries"
msgstr "?????????? ????????? ?????? ????"

#: ../../ipalib/plugins/group.py:281 ../../ipalib/plugins/group.py:292
msgid "Not a managed group"
msgstr "?? ? ????????? ??????"

#: ../../ipalib/plugins/migration.py:44
#, python-format
msgid ""
"Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually."
msgstr ""
"????????????? ????? Kerberos %s ??? ?????. ????????????? ???????? ?ipa user-"
"mod?, ??? ?????????? ???? ????????? ??????."

#: ../../ipalib/plugins/migration.py:45
msgid ""
"Failed to add user to the default group. Use 'ipa group-add-member' to add "
"manually."
msgstr ""
"?? ??????? ?????? ??????????? ?? ??????? ?????. ?????? ??????????? ?????? "
"????? ?? ????????? ??????? ?ipa group-add-member?."

#: ../../ipalib/plugins/migration.py:169
msgid "LDAP URI"
msgstr "URI LDAP"

#: ../../ipalib/plugins/migration.py:170
msgid "LDAP URI of DS server to migrate from"
msgstr "URI LDAP ??????? DS, ? ????? ????????????????? ????????"

#: ../../ipalib/plugins/migration.py:174
msgid "bind password"
msgstr "?????? ?????????"

#: ../../ipalib/plugins/migration.py:181
msgid "Bind DN"
msgstr "DN ??? ????'????"

#: ../../ipalib/plugins/migration.py:187
msgid "User container"
msgstr "????????? ????????????"

#: ../../ipalib/plugins/migration.py:188
msgid "RDN of container for users in DS"
msgstr "RDN ?????????? ???????????? ? DS"

#: ../../ipalib/plugins/migration.py:194
msgid "Group container"
msgstr "????????? ????"

#: ../../ipalib/plugins/migration.py:195
msgid "RDN of container for groups in DS"
msgstr "RDN ?????????? ???? ? DS"

#: ../../ipalib/plugins/migration.py:204
msgid "Lists of objects migrated; categorized by type."
msgstr "?????? ????????, ???????? ???? ????????; ????????????? ?? ??????."

#: ../../ipalib/plugins/migration.py:208
msgid "Lists of objects that could not be migrated; categorized by type."
msgstr ""
"?????? ????????, ???????? ???? ?? ??????? ????????; ????????????? ?? ??????."

#: ../../ipalib/plugins/migration.py:212
msgid "False if migration mode was disabled."
msgstr "False, ???? ????? ???????? ???? ????????."

#: ../../ipalib/plugins/migration.py:216
#, python-format
msgid "comma-separated list of %s to exclude from migration"
msgstr "?????? %s, ????????????? ??????, ??? ???? ????????? ? ??????? ????????"

#: ../../ipalib/plugins/migration.py:218
msgid ""
"search results for objects to be migrated\n"
"have been truncated by the server;\n"
"migration process might be uncomplete\n"
msgstr ""
"?????? ??????????? ?????? ???????? ????????\n"
"???? ???????? ????????; ????????,\n"
"?????? ???????? ?? ?????????\n"

#: ../../ipalib/plugins/migration.py:223
msgid "Migration mode is disabled. Use 'ipa config-mod' to enable it."
msgstr ""
"????? ???????? ????????. ????????????? ???????? ?ipa config-mod?, ??? "
"????????? ????."

#: ../../ipalib/plugins/migration.py:226
msgid ""
"Passwords have been migrated in pre-hashed format.\n"
"IPA is unable to generate Kerberos keys unless provided\n"
"with clear text passwords. All migrated users need to\n"
"login at https://your.domain/ipa/migration/ before they\n"
"can use their Kerberos accounts."
msgstr ""
"???????? ??????? ??????? ????????? ? ??????? ?? ?????????.\n"
"IPA ?? ???????? ???????? ????? Kerberos, ???? ?? ????\n"
"?????? ????????? ???????. ???? ???????????? ? ????????????\n"
"????????, ?????????? ?????? ????????????? ??\n"
"https://your.domain/ipa/migration/ ?? ????, ?? ???? ???????\n"
"???????????? ?????????? ???????? Kerberos."

#: ../../ipalib/plugins/service.py:157 ../../ipalib/plugins/hbac.py:174
msgid "Services"
msgstr "??????"

#: ../../ipalib/plugins/service.py:162 ../../ipalib/plugins/cert.py:171
msgid "Principal"
msgstr "????????????? ?????"

#: ../../ipalib/plugins/service.py:163
msgid "Service principal"
msgstr "????????????? ????? ??????"

#: ../../ipalib/plugins/service.py:176
#, python-format
msgid "Added service \"%(value)s\""
msgstr "?????? ?????? ?%(value)s?"

#: ../../ipalib/plugins/service.py:181
msgid "force principal name even if not in DNS"
msgstr ""
"????????? ???????? ????? ?????????????? ??????, ?????? ???? ????? ????? ? DNS"

#: ../../ipalib/plugins/service.py:224
#, python-format
msgid "Deleted service \"%(value)s\""
msgstr "???????? ?????? ?%(value)s?"

#: ../../ipalib/plugins/service.py:261
#, python-format
msgid "Modified service \"%(value)s\""
msgstr "??????? ?????? ?%(value)s?"

#: ../../ipalib/plugins/service.py:298
#, python-format
msgid "%(count)d service matched"
msgid_plural "%(count)d services matched"
msgstr[0] "??????????? ????????????? %(count)d ??????"
msgstr[1] "??????????? ????????????? %(count)d ?????"
msgstr[2] "??????????? ????????????? %(count)d ?????"

#: ../../ipalib/plugins/service.py:396
msgid "Service principal has no kerberos key"
msgstr "????????????? ????? ?????? ?? ??? ????? kerberos"

#: ../../ipalib/plugins/passwd.py:52 ../../ipalib/plugins/krbtpolicy.py:62
msgid "User name"
msgstr "??'? ???????????"

#: ../../ipalib/plugins/hbac.py:106
msgid "HBAC"
msgstr "HBAC"

#: ../../ipalib/plugins/hbac.py:111
msgid "Rule name"
msgstr "????? ???????"

#: ../../ipalib/plugins/hbac.py:116
msgid "Rule type (allow or deny)"
msgstr "??? ??????? (????????? (allow) ?? ?????????? (deny))"

#: ../../ipalib/plugins/hbac.py:117
msgid "Rule type"
msgstr "??? ???????"

#: ../../ipalib/plugins/hbac.py:123
msgid "User category"
msgstr "????????? ????????????"

#: ../../ipalib/plugins/hbac.py:124
msgid "User category the rule applies to"
msgstr "????????? ????????????, ?? ???? ?????????????? ???????"

#: ../../ipalib/plugins/hbac.py:129
msgid "Host category"
msgstr "????????? ??????"

#: ../../ipalib/plugins/hbac.py:130
msgid "Host category the rule applies to"
msgstr "????????? ??????, ?? ???? ?????????????? ???????"

#: ../../ipalib/plugins/hbac.py:135
msgid "Source host category"
msgstr "????????? ?????? ???????? ?????"

#: ../../ipalib/plugins/hbac.py:136
msgid "Source host category the rule applies to"
msgstr "????????? ?????? ???????? ?????, ?? ???? ?????????????? ???????"

#: ../../ipalib/plugins/hbac.py:141
msgid "Service category"
msgstr "????????? ?????"

#: ../../ipalib/plugins/hbac.py:142
msgid "Service category the rule applies to"
msgstr "????????? ?????, ?? ???? ?????????????? ???????"

#: ../../ipalib/plugins/hbac.py:147 ../../ipalib/plugins/hbac.py:309
#: ../../ipalib/plugins/hbac.py:347
msgid "Access time"
msgstr "??? ???????"

#: ../../ipalib/plugins/hbac.py:154
msgid "Enabled"
msgstr "?????????"

#: ../../ipalib/plugins/hbac.py:158 ../../ipalib/plugins/user.py:76
msgid "Users"
msgstr "???????????"

#: ../../ipalib/plugins/hbac.py:166 ../../ipalib/plugins/hostgroup.py:69
msgid "Host Groups"
msgstr "????? ??????"

#: ../../ipalib/plugins/hbac.py:170
msgid "Source hosts"
msgstr "????? ???????? ?????"

#: ../../ipalib/plugins/hbac.py:178
msgid "Service Groups"
msgstr "????? ?????"

#: ../../ipalib/plugins/cert.py:93
msgid "Failure decoding Certificate Signing Request:"
msgstr "??????? ??? ??? ??????????? ?????? ?? ???????????? ??????????? (CSR):"

#: ../../ipalib/plugins/cert.py:106 ../../ipalib/plugins/cert.py:118
msgid "Failure decoding Certificate Signing Request"
msgstr "??????? ??? ??? ??????????? ?????? ?? ???????????? ??????????? (CSR)"

#: ../../ipalib/plugins/cert.py:120
#, python-format
msgid "Failure decoding Certificate Signing Request: %s"
msgstr ""
"??????? ??? ??? ??????????? ?????? ?? ???????????? ??????????? (CSR): %s"

#: ../../ipalib/plugins/cert.py:172
msgid "Service principal for this certificate (e.g. HTTP/test.example.com)"
msgstr ""
"????????????? ????? ?????? ??? ????? ??????????? (????????? HTTP/test."
"example.com)"

#: ../../ipalib/plugins/cert.py:179
msgid "automatically add the principal if it doesn't exist"
msgstr "??????????? ?????? ????????????? ?????, ???? ???? ?? ?????"

#: ../../ipalib/plugins/cert.py:191 ../../ipalib/plugins/cert.py:395
msgid "Subject"
msgstr "??????"

#: ../../ipalib/plugins/cert.py:195 ../../ipalib/plugins/cert.py:398
msgid "Issuer"
msgstr "????????"

#: ../../ipalib/plugins/cert.py:199 ../../ipalib/plugins/cert.py:401
msgid "Not Before"
msgstr "?? ??????"

#: ../../ipalib/plugins/cert.py:203 ../../ipalib/plugins/cert.py:404
msgid "Not After"
msgstr "?? ???????"

#: ../../ipalib/plugins/cert.py:207 ../../ipalib/plugins/cert.py:407
msgid "Fingerprint (MD5)"
msgstr "???????? (MD5)"

#: ../../ipalib/plugins/cert.py:211 ../../ipalib/plugins/cert.py:410
msgid "Fingerprint (SHA1)"
msgstr "???????? (SHA1)"

#: ../../ipalib/plugins/cert.py:215 ../../ipalib/plugins/cert.py:379
msgid "Serial number"
msgstr "???????? ?????"

#: ../../ipalib/plugins/cert.py:223 ../../ipalib/plugins/misc.py:57
msgid "Dictionary mapping variable name to value"
msgstr "???????????? ????? ??????? ?? ???????? ?? ?????????"

#: ../../ipalib/plugins/cert.py:357
msgid "Request id"
msgstr "??. ??????"

#: ../../ipalib/plugins/cert.py:363
msgid "Request status"
msgstr "???? ??????"

#: ../../ipalib/plugins/cert.py:380
msgid "Serial number in decimal or if prefixed with 0x in hexadecimal"
msgstr "???????? ?????????? ????? ??? ??????????????? ????? ? ????????? 0x"

#: ../../ipalib/plugins/cert.py:413
msgid "Revocation reason"
msgstr "??????? ???????????"

#: ../../ipalib/plugins/cert.py:458
msgid "Revoked"
msgstr "???????????"

#: ../../ipalib/plugins/cert.py:466
msgid "Reason"
msgstr "????????"

#: ../../ipalib/plugins/cert.py:467
msgid "Reason for revoking the certificate (0-10)"
msgstr "??????? ??????????? ??????????? (0-10)"

#: ../../ipalib/plugins/cert.py:502
msgid "Unrevoked"
msgstr "??????????? ?????????"

#: ../../ipalib/plugins/cert.py:505
msgid "Error"
msgstr "???????"

#: ../../ipalib/plugins/baseldap.py:79
#, python-format
msgid "container entry (%(container)s) not found"
msgstr "?? ???????? ????? ?????????? (%(container)s)"

#: ../../ipalib/plugins/baseldap.py:80
#, python-format
msgid "%(parent)s: %(oname)s not found"
msgstr "%(parent)s: ?? ???????? %(oname)s"

#: ../../ipalib/plugins/baseldap.py:81
#, python-format
msgid "%(pkey)s: %(oname)s not found"
msgstr "%(pkey)s: ?? ???????? %(oname)s"

#: ../../ipalib/plugins/baseldap.py:150
msgid "Add an attribute/value pair. Format is attr=value"
msgstr "?????? ???? ???????-????????. ??????: ???????=????????"

#: ../../ipalib/plugins/baseldap.py:155
msgid "Set an attribute to an name/value pair. Format is attr=value"
msgstr "?????????? ??? ???????? ???? ?????-????????. ??????: ???????=????????"

#: ../../ipalib/plugins/baseldap.py:491
msgid "the entry was deleted while being modified"
msgstr "????? ???? ???????? ??? ??? ???????? ????"

#: ../../ipalib/plugins/baseldap.py:627
msgid "Members that could not be added"
msgstr "????????, ?????? ???? ?? ??????? ??????"

#: ../../ipalib/plugins/baseldap.py:631
msgid "Number of members added"
msgstr "????????? ??????? ?????????"

#: ../../ipalib/plugins/baseldap.py:637 ../../ipalib/plugins/baseldap.py:742
msgid "Failed members"
msgstr "????????? ????????"

#: ../../ipalib/plugins/baseldap.py:732
msgid "Members that could not be removed"
msgstr "????????, ?????? ???? ?? ??????? ????????"

#: ../../ipalib/plugins/baseldap.py:736
msgid "Number of members removed"
msgstr "????????? ????????? ?????????"

#: ../../ipalib/plugins/baseldap.py:833
msgid "Time Limit"
msgstr "????????? ????"

#: ../../ipalib/plugins/baseldap.py:834
msgid "Time limit of search in seconds"
msgstr "????????? ???? ?????? ? ????????"

#: ../../ipalib/plugins/baseldap.py:840
msgid "Size Limit"
msgstr "????????? ???????"

#: ../../ipalib/plugins/baseldap.py:841
msgid "Maximum number of entries returned"
msgstr "??????????? ????????? ?????????? ???????"

#: ../../ipalib/plugins/aci.py:111
msgid "A list of ACI values"
msgstr "?????? ??????? ACI"

#: ../../ipalib/plugins/aci.py:142
msgid "type, filter, subtree and targetgroup are mutually exclusive"
msgstr "type, filter, subtree ? targetgroup ? ????????????????"

#: ../../ipalib/plugins/aci.py:145
msgid ""
"at least one of: type, filter, subtree, targetgroup, attrs or memberof are "
"required"
msgstr ""
"???? ??????? ???? ? ???? ?: type, filter, subtree, targetgroup, attrs ??? "
"memberof"

#: ../../ipalib/plugins/aci.py:151
msgid "group, taskgroup and self are mutually exclusive"
msgstr "group, taskgroup ? self ? ????????????????"

#: ../../ipalib/plugins/aci.py:153
msgid "One of group, taskgroup or self is required"
msgstr "???? ??????? group, taskgroup ??? self"

#: ../../ipalib/plugins/aci.py:172
#, python-format
msgid "Group '%s' does not exist"
msgstr "????? ? ?????? ?%s? ?? ?????"

#: ../../ipalib/plugins/aci.py:269
#, python-format
msgid "ACI with name \"%s\" not found"
msgstr "?? ???????? ACI ? ?????? ?%s?"

#: ../../ipalib/plugins/aci.py:286
msgid "ACIs"
msgstr "ACI"

#: ../../ipalib/plugins/aci.py:291
msgid "ACI name"
msgstr "????? ACI"

#: ../../ipalib/plugins/aci.py:296
msgid "Taskgroup"
msgstr "????? ???????"

#: ../../ipalib/plugins/aci.py:297
msgid "Taskgroup ACI grants access to"
msgstr "????? ???????, ?? ???? ????? ?????? ACI"

#: ../../ipalib/plugins/aci.py:301
msgid "User group"
msgstr "????? ????????????"

#: ../../ipalib/plugins/aci.py:302
msgid "User group ACI grants access to"
msgstr "????? ????????????, ?? ???? ????? ?????? ACI"

#: ../../ipalib/plugins/aci.py:306
msgid "Permissions"
msgstr "????? ???????"

#: ../../ipalib/plugins/aci.py:307
msgid ""
"comma-separated list of permissions to grant(read, write, add, delete, all)"
msgstr ""
"????????????? ?????? ?????? ???? ???????, ??? ???? ?????? (read, write, add, "
"delete, all)"

#: ../../ipalib/plugins/aci.py:313
msgid "Attributes"
msgstr "????????"

#: ../../ipalib/plugins/aci.py:314
msgid "Comma-separated list of attributes"
msgstr "?????? ?????????, ????????????? ??????"

#: ../../ipalib/plugins/aci.py:318
msgid "Type"
msgstr "???"

#: ../../ipalib/plugins/aci.py:319
msgid "type of IPA object (user, group, host)"
msgstr "??? ??????? IPA (??????????, ?????, ?????)"

#: ../../ipalib/plugins/aci.py:324
msgid "Member of"
msgstr "???????"

#: ../../ipalib/plugins/aci.py:325
msgid "Member of a group"
msgstr "??????? ?????"

#: ../../ipalib/plugins/aci.py:329
msgid "Filter"
msgstr "??????"

#: ../../ipalib/plugins/aci.py:330
msgid "Legal LDAP filter (e.g. ou=Engineering)"
msgstr "??????????? ?????? LDAP (?????????, ou=Engineering)"

#: ../../ipalib/plugins/aci.py:334
msgid "Subtree"
msgstr "?????????"

#: ../../ipalib/plugins/aci.py:335
msgid "Subtree to apply ACI to"
msgstr "?????????, ?? ????? ???? ??????????? ACI"

#: ../../ipalib/plugins/aci.py:339
msgid "Target group"
msgstr "??????? ?????"

#: ../../ipalib/plugins/aci.py:340
msgid "Group to apply ACI to"
msgstr "?????, ?? ???? ???? ??????????? ACI"

#: ../../ipalib/plugins/aci.py:344
msgid "Target your own entry (self)"
msgstr "???????? ??? ??????? ??????? (self)"

#: ../../ipalib/plugins/aci.py:345
msgid "Apply ACI to your own entry (self)"
msgstr "??????????? ACI ?? ?????? ???????? ?????? (self)"

#: ../../ipalib/plugins/aci.py:357
#, python-format
msgid "Created ACI \"%(value)s\""
msgstr "???????? ACI ?%(value)s?"

#: ../../ipalib/plugins/aci.py:407
#, python-format
msgid "Deleted ACI \"%(value)s\""
msgstr "???????? ACI ?%(value)s?"

#: ../../ipalib/plugins/aci.py:447
#, python-format
msgid "Modified ACI \"%(value)s\""
msgstr "??????? ACI ?%(value)s?"

#: ../../ipalib/plugins/aci.py:519
#, python-format
msgid "%(count)d ACI matched"
msgid_plural "%(count)d ACIs matched"
msgstr[0] "??????????? ????????????? %(count)d ACI"
msgstr[1] "??????????? ????????????? %(count)d ACI"
msgstr[2] "??????????? ????????????? %(count)d ACI"

#: ../../ipalib/plugins/krbtpolicy.py:63
msgid "Manage ticket policy for specific user"
msgstr "????????? ????????? ??????? ??????? ??????? ???????????"

#: ../../ipalib/plugins/krbtpolicy.py:68
msgid "Max life"
msgstr "????. ????? ???"

#: ../../ipalib/plugins/krbtpolicy.py:69
msgid "Maximum ticket life (seconds)"
msgstr "???????????? ????? ??? ?????? (? ????????)"

#: ../../ipalib/plugins/krbtpolicy.py:73
msgid "Max renew"
msgstr "????. ??? ??????????"

#: ../../ipalib/plugins/krbtpolicy.py:74
msgid "Maximum renewable age (seconds)"
msgstr "???????????? ???, ???????? ????? ??????? ?????????? (? ????????)"

#: ../../ipalib/plugins/dns.py:131
msgid "DNS"
msgstr "DNS"

#: ../../ipalib/plugins/dns.py:136
msgid "Zone"
msgstr "????"

#: ../../ipalib/plugins/dns.py:137
msgid "Zone name (FQDN)"
msgstr "????? ???? (FQDN)"

#: ../../ipalib/plugins/dns.py:143
msgid "Authoritative name server"
msgstr "???????? ?????? ????"

#: ../../ipalib/plugins/dns.py:147
msgid "administrator e-mail address"
msgstr "?????? ??????????? ????? ??????????????"

#: ../../ipalib/plugins/dns.py:153
msgid "SOA serial"
msgstr "???????? ????? SOA"

#: ../../ipalib/plugins/dns.py:157
msgid "SOA refresh"
msgstr "????????? SOA"

#: ../../ipalib/plugins/dns.py:161
msgid "SOA retry"
msgstr "?????????? ?????? SOA"

#: ../../ipalib/plugins/dns.py:165
msgid "SOA expire"
msgstr "???????????? SOA"

#: ../../ipalib/plugins/dns.py:169
msgid "SOA minimum"
msgstr "??????????? SOA"

#: ../../ipalib/plugins/dns.py:173
msgid "SOA time to live"
msgstr "????? ??? SOA"

#: ../../ipalib/plugins/dns.py:177
msgid "SOA class"
msgstr "???? SOA"

#: ../../ipalib/plugins/dns.py:182
msgid "allow dynamic update?"
msgstr "????????? ????????? ??????????"

#: ../../ipalib/plugins/dns.py:186
msgid "BIND update policy"
msgstr "??????? ????????? BIND"

#: ../../ipalib/plugins/dns.py:411 ../../ipalib/plugins/dns.py:445
#: ../../ipalib/plugins/dns.py:480 ../../ipalib/plugins/dns.py:595
#: ../../ipalib/plugins/dns.py:680 ../../ipalib/plugins/dns.py:804
msgid "Zone name"
msgstr "????? ????"

#: ../../ipalib/plugins/dns.py:485
msgid "resource name"
msgstr "????? ???????"

#: ../../ipalib/plugins/dns.py:490 ../../ipalib/plugins/dns.py:605
#: ../../ipalib/plugins/dns.py:696
msgid "Record type"
msgstr "??? ??????"

#: ../../ipalib/plugins/dns.py:494 ../../ipalib/plugins/dns.py:609
msgid "Data"
msgstr "????"

#: ../../ipalib/plugins/dns.py:495 ../../ipalib/plugins/dns.py:610
msgid "Type-specific data"
msgstr "?????????? ??? ???? ????"

#: ../../ipalib/plugins/dns.py:502
msgid "Time to live"
msgstr "????? ???"

#: ../../ipalib/plugins/dns.py:507
msgid "Class"
msgstr "????"

#: ../../ipalib/plugins/dns.py:600 ../../ipalib/plugins/dns.py:692
#: ../../ipalib/plugins/dns.py:809
msgid "Resource name"
msgstr "????? ???????"

#: ../../ipalib/plugins/dns.py:685
msgid "Search criteria"
msgstr "???????? ??????"

#: ../../ipalib/plugins/dns.py:700
msgid "type-specific data"
msgstr "?????????? ??? ???? ????"

#: ../../ipalib/plugins/dns.py:850
#, python-format
msgid "Found '%(value)s'"
msgstr "???????? ?%(value)s?"

#: ../../ipalib/plugins/dns.py:854
msgid "Hostname"
msgstr "????? ?????"

#: ../../ipalib/plugins/dns.py:867
#, python-format
msgid "Host '%(host)s' not found"
msgstr "????? ?%(host)s? ?? ????????"

#: ../../ipalib/plugins/automount.py:108
msgid "Automount location name"
msgstr "?????? ??????????????"

#: ../../ipalib/plugins/automount.py:224
msgid "Map"
msgstr "?????"

#: ../../ipalib/plugins/automount.py:225
msgid "Automount map name"
msgstr "????? ????? ????????????? ??????????"

#: ../../ipalib/plugins/automount.py:234
msgid "Automount Maps"
msgstr "????? ????????????? ??????????"

#: ../../ipalib/plugins/automount.py:306
msgid "Key"
msgstr "????"

#: ../../ipalib/plugins/automount.py:307
msgid "Automount key name"
msgstr "????? ????? ????????????? ??????????"

#: ../../ipalib/plugins/automount.py:312
msgid "Mount information"
msgstr "?????????? ???? ??????????"

#: ../../ipalib/plugins/automount.py:316
msgid "description"
msgstr "????"

#: ../../ipalib/plugins/automount.py:320
msgid "Automount Keys"
msgstr "????? ??????????????"

#: ../../ipalib/plugins/automount.py:340
msgid "Mount point"
msgstr "????? ??????????"

#: ../../ipalib/plugins/automount.py:344
msgid "Parent map"
msgstr "??????????? ?????"

#: ../../ipalib/plugins/automount.py:345
msgid "Name of parent automount map (default: auto.master)"
msgstr "????? ???????????? ????? ?????????????? (?????? ????????: auto.master)"

#: ../../ipalib/plugins/netgroup.py:57
msgid "Member Host"
msgstr "?????-???????"

#: ../../ipalib/plugins/netgroup.py:63
msgid "External host"
msgstr "????????? ?????"

#: ../../ipalib/plugins/netgroup.py:85
msgid "Net Groups"
msgstr "???????? ?????"

#: ../../ipalib/plugins/netgroup.py:90
msgid "Netgroup name"
msgstr "????? ????????? ?????"

#: ../../ipalib/plugins/netgroup.py:97
msgid "Netgroup description"
msgstr "???? ????????? ?????"

#: ../../ipalib/plugins/netgroup.py:101
msgid "NIS domain name"
msgstr "????? ?????? NIS"

#: ../../ipalib/plugins/netgroup.py:106
msgid "IPA unique ID"
msgstr "?????????? ??. IPA"

#: ../../ipalib/plugins/misc.py:38
#, python-format
msgid "%(count)d variables"
msgstr "%(count)d ???????"

#: ../../ipalib/plugins/misc.py:61
msgid "Total number of variables env (>= count)"
msgstr "????????? ??????? env (>= count)"

#: ../../ipalib/plugins/misc.py:66
msgid "Number of variables returned (<= total)"
msgstr "????????? ?????????? ??????? (<= ?????????)"

#: ../../ipalib/plugins/misc.py:109
#, python-format
msgid "%(count)d plugin loaded"
msgid_plural "%(count)d plugins loaded"
msgstr[0] "??????????? %(count)d ???????"
msgstr[1] "??????????? %(count)d ???????"
msgstr[2] "??????????? %(count)d ????????"

#: ../../ipalib/plugins/misc.py:116
msgid "Number of plugins loaded"
msgstr "????????? ???????????? ????????"

#: ../../ipalib/plugins/user.py:84
msgid "User login"
msgstr "??????????"

#: ../../ipalib/plugins/user.py:91
msgid "First name"
msgstr "??'?"

#: ../../ipalib/plugins/user.py:95
msgid "Last name"
msgstr "????????"

#: ../../ipalib/plugins/user.py:103
msgid "GECOS field"
msgstr "???? GECOS"

#: ../../ipalib/plugins/user.py:109
msgid "Login shell"
msgstr "???????? ?????"

#: ../../ipalib/plugins/user.py:114
msgid "Kerberos principal"
msgstr "????????????? ????? Kerberos"

#: ../../ipalib/plugins/user.py:120
msgid "Email address"
msgstr "?????? ??. ?????"

#: ../../ipalib/plugins/user.py:124
msgid "Password"
msgstr "??????"

#: ../../ipalib/plugins/user.py:125
msgid "Set the user password"
msgstr "?????????? ?????? ???????????"

#: ../../ipalib/plugins/user.py:132
msgid "UID"
msgstr "UID"

#: ../../ipalib/plugins/user.py:133
msgid "User ID Number (system will assign one if not provided)"
msgstr ""
"???????????????? ????? ??????????? (??????? ?????????? ????, ???? ?? ???? "
"???????)"

#: ../../ipalib/plugins/user.py:139
msgid "Street address"
msgstr "?????? ? ???????"

#: ../../ipalib/plugins/user.py:142
msgid "Groups"
msgstr "?????"

#: ../../ipalib/plugins/user.py:146
msgid "Netgroups"
msgstr "???????? ?????"

#: ../../ipalib/plugins/user.py:150
msgid "Rolegroups"
msgstr "????? ?????"

#: ../../ipalib/plugins/user.py:154
msgid "Taskgroups"
msgstr "????? ???????"

#: ../../ipalib/plugins/user.py:167
#, python-format
msgid "Added user \"%(value)s\""
msgstr "?????? ??????????? ?%(value)s?"

#: ../../ipalib/plugins/user.py:216
#, python-format
msgid "Deleted user \"%(value)s\""
msgstr "???????? ??????????? ?%(value)s?"

#: ../../ipalib/plugins/user.py:235
#, python-format
msgid "Modified user \"%(value)s\""
msgstr "??????? ??????????? ?%(value)s?"

#: ../../ipalib/plugins/user.py:247
msgid "Self"
msgstr "Self"

#: ../../ipalib/plugins/user.py:248
msgid "Display user record for current Kerberos principal"
msgstr ""
"???????? ????? ??????????? ??? ????????? ?????????????? ?????? Kerberos"

#: ../../ipalib/plugins/user.py:258
#, python-format
msgid "%(count)d user matched"
msgid_plural "%(count)d users matched"
msgstr[0] "??????????? ????????????? %(count)d ???????????"
msgstr[1] "??????????? ????????????? %(count)d ????????????"
msgstr[2] "??????????? ????????????? %(count)d ????????????"

#: ../../ipalib/plugins/user.py:278
#, python-format
msgid "Locked user \"%(value)s\""
msgstr "??????????? ??????????? ?%(value)s?"

#: ../../ipalib/plugins/user.py:304
#, python-format
msgid "Unlocked user \"%(value)s\""
msgstr "???????????? ??????????? ?%(value)s?"

#: ../../ipalib/plugins/taskgroup.py:51
msgid "Task Groups"
msgstr "????? ???????"

#: ../../ipalib/plugins/taskgroup.py:56
msgid "Task-group name"
msgstr "????? ????? ???????"

#: ../../ipalib/plugins/taskgroup.py:63
msgid "Task-group description"
msgstr "???? ????? ???????"

#: ../../ipalib/plugins/taskgroup.py:74
msgid "Member role-groups"
msgstr "????? ?????-????????"

#: ../../ipalib/plugins/taskgroup.py:87
#, python-format
msgid "Added taskgroup \"%(value)s\""
msgstr "?????? ????? ??????? ?%(value)s?"

#: ../../ipalib/plugins/taskgroup.py:97
#, python-format
msgid "Deleted taskgroup \"%(value)s\""
msgstr "???????? ????? ??????? ?%(value)s?"

#: ../../ipalib/plugins/taskgroup.py:107
#, python-format
msgid "Modified taskgroup \"%(value)s\""
msgstr "??????? ????? ??????? ?%(value)s?"

#: ../../ipalib/plugins/taskgroup.py:118
#, python-format
msgid "%(count)d taskgroup matched"
msgid_plural "%(count)d taskgroups matched"
msgstr[0] "??????????? ????????????? %(count)d ????? ???????"
msgstr[1] "??????????? ????????????? %(count)d ???? ???????"
msgstr[2] "??????????? ????????????? %(count)d ???? ???????"

#: ../../ipalib/plugins/hostgroup.py:74
msgid "Host-group"
msgstr "????? ??????"

#: ../../ipalib/plugins/hostgroup.py:75
msgid "Name of host-group"
msgstr "????? ????? ??????"

#: ../../ipalib/plugins/hostgroup.py:82
msgid "A description of this host-group"
msgstr "???? ???? ????? ??????"

#: ../../ipalib/plugins/hostgroup.py:85
msgid "Member hosts"
msgstr "?????-????????"

#: ../../ipalib/plugins/hostgroup.py:89
msgid "Member host-groups"
msgstr "????? ??????-????????"

#: ../../ipalib/plugins/hostgroup.py:106
#, python-format
msgid "Added hostgroup \"%(value)s\""
msgstr "?????? ????? ?????? ?%(value)s?"

#: ../../ipalib/plugins/hostgroup.py:116
#, python-format
msgid "Deleted hostgroup \"%(value)s\""
msgstr "???????? ????? ?????? ?%(value)s?"

#: ../../ipalib/plugins/hostgroup.py:126
#, python-format
msgid "Modified hostgroup \"%(value)s\""
msgstr "??????? ????? ?????? ?%(value)s?"

#: ../../ipalib/plugins/hostgroup.py:137
#, python-format
msgid "%(count)d hostgroup matched"
msgid_plural "%(count)d hostgroups matched"
msgstr[0] "??????????? ????????????? %(count)d ????? ??????"
msgstr[1] "??????????? ????????????? %(count)d ???? ??????"
msgstr[2] "??????????? ????????????? %(count)d ???? ??????"

#: ../../ipalib/plugins/pwpolicy.py:84
#, python-format
msgid "priority must be a unique value (%(prio)d already used by %(gname)s)"
msgstr ""
"????????? ??????? ???? ????????? ???????? (%(prio)d ??? ??????????? ??? "
"%(gname)s)"

#: ../../ipalib/plugins/pwpolicy.py:173
msgid "Group"
msgstr "?????"

#: ../../ipalib/plugins/pwpolicy.py:174
msgid "Manage password policy for specific group"
msgstr "????????? ????????? ??????? ??????? ??? ?????? ?????"

#: ../../ipalib/plugins/pwpolicy.py:179
msgid "Max lifetime (days)"
msgstr "????. ????? ??? (? ????)"

#: ../../ipalib/plugins/pwpolicy.py:180
msgid "Maximum password lifetime (in days)"
msgstr "???????????? ????? ??? ?????? (? ????)"

#: ../../ipalib/plugins/pwpolicy.py:185
msgid "Min lifetime (hours)"
msgstr "???. ????? ??? (? ???????)"

#: ../../ipalib/plugins/pwpolicy.py:186
msgid "Minimum password lifetime (in hours)"
msgstr "??????????? ????? ??? ?????? (? ???????)"

#: ../../ipalib/plugins/pwpolicy.py:191
msgid "History size"
msgstr "?????? ???????"

#: ../../ipalib/plugins/pwpolicy.py:192
msgid "Password history size"
msgstr "?????? ??????? ???????"

#: ../../ipalib/plugins/pwpolicy.py:197
msgid "Character classes"
msgstr "????? ????????"

#: ../../ipalib/plugins/pwpolicy.py:198
msgid "Minimum number of character classes"
msgstr "?????????? ????????? ?????? ????????"

#: ../../ipalib/plugins/pwpolicy.py:204
msgid "Min length"
msgstr "???. ???????"

#: ../../ipalib/plugins/pwpolicy.py:205
msgid "Minimum length of password"
msgstr "?????????? ??????? ??????"

#: ../../ipalib/plugins/pwpolicy.py:210
msgid "Priority"
msgstr "?????????"

#: ../../ipalib/plugins/pwpolicy.py:211
msgid "Priority of the policy (higher number means lower priority"
msgstr "????????? ?????? (?????? ????? ? ?????? ?????????)"

#: ../../ipalib/plugins/pwpolicy.py:263
msgid "Maximum password life must be greater than minimum."
msgstr ""
"???????????? ????? ??? ?????? ??? ???????????? ??????????? ????? ???? ???."

#: ../../ipalib/plugins/pwpolicy.py:326
msgid "priority cannot be set on global policy"
msgstr "??? ????????? ?????? ?? ???? ????????????? ??????????"

#: ../../ipalib/plugins/pwpolicy.py:365
msgid "User"
msgstr "??????????"

#: ../../ipalib/plugins/pwpolicy.py:366
msgid "Display effective policy for a specific user"
msgstr "???????? ??????? ??????? ??? ??????? ???????????"

#: ../../ipalib/plugins/internal.py:39
msgid "Logged In As"
msgstr "???? ?? ??????? ??? ?????"

#: ../../ipalib/plugins/internal.py:41
msgid "Add"
msgstr "??????"

#: ../../ipalib/plugins/internal.py:42
msgid "Find"
msgstr "??????"

#: ../../ipalib/plugins/internal.py:43
msgid "Reset"
msgstr "???????"

#: ../../ipalib/plugins/internal.py:44
msgid "Update"
msgstr "???????"

#: ../../ipalib/plugins/internal.py:45
msgid "Enroll"
msgstr "?????????????"

#: ../../ipalib/plugins/internal.py:48
msgid "Quick Links"
msgstr "?????? ?????????"

#: ../../ipalib/plugins/internal.py:51
msgid "Identity Details"
msgstr "????????? ???????"

#: ../../ipalib/plugins/internal.py:52
msgid "Account Details"
msgstr "????????? ?????????? ??????"

#: ../../ipalib/plugins/internal.py:53
msgid "Contact Details"
msgstr "????????? ????"

#: ../../ipalib/plugins/internal.py:54
msgid "Mailing Address"
msgstr "?????? ??. ?????"

#: ../../ipalib/plugins/internal.py:55
msgid "      Employee Information"
msgstr "      ????????? ???? ??????????"

#: ../../ipalib/plugins/internal.py:56
msgid "Misc. Information"
msgstr "???? ??????????"

#: ../../ipalib/plugins/internal.py:57
msgid "Back to Top"
msgstr "??????????? ?? ???????"

#: ../../ipalib/plugins/internal.py:62
msgid "Name of object to export"
msgstr "????? ???????, ???? ???? ????????????"

#: ../../ipalib/plugins/internal.py:67
msgid "Dict of JSON encoded IPA Objects"
msgstr "??????? ??????????? JSON ???????? IPA"

#: ../../ipalib/plugins/internal.py:68
msgid "Dict of I18N messages"
msgstr "??????? ???????????? ???????????"

#: ../../ipaserver/install/certs.py:603 ../../ipaserver/plugins/dogtag.py:1313
#: ../../ipaserver/plugins/dogtag.py:1398
#: ../../ipaserver/plugins/dogtag.py:1463
#: ../../ipaserver/plugins/dogtag.py:1543
#: ../../ipaserver/plugins/dogtag.py:1602
#, python-format
msgid "Unable to communicate with CMS (%s)"
msgstr "?? ??????? ?????????? ?????? ? CMS (%s)"

#: ../../ipaserver/plugins/selfsign.py:97
#, python-format
msgid ""
"Request subject \"%(request_subject)s\" does not match the form \"%"
"(subject_base)s\""
msgstr ""
"?????? ?????? ?%(request_subject)s? ??????? ? ?????, ????????? ??? ?%"
"(subject_base)s?"

#: ../../ipaserver/plugins/selfsign.py:102
#, python-format
msgid "unable to decode csr: %s"
msgstr "?? ??????? ?????????? csr: %s"

#: ../../ipaserver/plugins/selfsign.py:123
#: ../../ipaserver/plugins/selfsign.py:138
msgid "file operation"
msgstr "??? ??? ???????"

#: ../../ipaserver/plugins/selfsign.py:152
msgid "cannot obtain next serial number"
msgstr "?? ??????? ???????? ????????? ???????? ?????"

#: ../../ipaserver/plugins/selfsign.py:187
msgid "certutil failure"
msgstr "??????? certutil"

#: ../../ipaserver/plugins/join.py:54
msgid "The hostname to register as"
msgstr "????? ????? ??? ??????????"

#: ../../ipaserver/plugins/join.py:62
msgid "The IPA realm"
msgstr "??????? IPA"

#: ../../ipaserver/plugins/join.py:68
msgid "Hardware platform of the host (e.g. Lenovo T61)"
msgstr "???????? ????????? ????? (?????????, ?Lenovo T61?)"

#: ../../ipaserver/plugins/join.py:72
msgid "Operating System and version of the host (e.g. Fedora 9)"
msgstr "?????????? ??????? ????? ? ?? ?????? (?????????, ?Fedora 9?)"

#~ msgid "Service name"
#~ msgstr "????? ??????"

#~ msgid "Name of service the rule applies to (e.g. ssh)"
#~ msgstr "????? ??????, ?? ???? ?????????????? ??????? (?????????, ssh)"

#~ msgid "Unable to decode certificate in entry"
#~ msgstr "?? ??????? ?????????? ?????????? ? ??????"

#~ msgid "UID (use this option to set it manually)"
#~ msgstr "UID (?? ????????? ????? ????????? ????? ?????????? ???????? ??????)"

#~ msgid "Added policy for group \"%(value)s\""
#~ msgstr "?????? ??????? ??? ????? ?%(value)s?"

#~ msgid "Group to set policy for"
#~ msgstr "?????, ??? ???? ?????????????? ???????"

#~ msgid "Modified policy for group \"%(value)s\""
#~ msgstr "??????? ??????? ??? ????? ?%(value)s?"

#~ msgid "Deleted policy for group \"%(value)s\""
#~ msgstr "???????? ??????? ??? ????? ?%(value)s?"

#~ msgid "Group to remove policy from"
#~ msgstr "?????, ??? ???? ??????????? ???????"

#~ msgid "Group to display policy"
#~ msgstr "????? ??? ?????? ??????"

#~ msgid "Display policy applied to a given user"
#~ msgstr "???????? ???????, ??????????? ?? ????????? ???????????"

From edewata at redhat.com  Tue Sep 28 17:33:12 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Tue, 28 Sep 2010 13:33:12 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH]
 admiyo-freeipa-0045-Fix-the-add-button.patch
In-Reply-To: <1431350019.585781285694527114.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <756778138.587111285695192078.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> Fix the 'add' button
> 
>      The Add button was located using the Dom, and the scheme used to
> find it was fragile enough to be broken by the I18N approach.  This is a 
> little more robust, using a JQuery selector based on the class of the
> controls, and the entity name.
> 
>      Also remove  Makefile, which should be autogenerated.

ACK, but there's a trailing whitespace in the patch on line 321.

--
Endi S. Dewata



From rcritten at redhat.com  Tue Sep 28 17:39:13 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 28 Sep 2010 13:39:13 -0400
Subject: [Freeipa-devel] [PATCH] 545 ignore success exception
In-Reply-To: <4C9D0B48.7080005@redhat.com>
References: <4C9CFD2D.8070202@redhat.com> <4C9D0B48.7080005@redhat.com>
Message-ID: <4CA22841.9080809@redhat.com>

Adam Young wrote:
> On 09/24/2010 03:34 PM, Rob Crittenden wrote:
>> A call to search_ext() in ipa-replica-prepare was returning the
>> exception ldap.SUCCESS. We actually got the right data back but this
>> exception was confusing things. It should be ignored.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From rcritten at redhat.com  Tue Sep 28 17:41:36 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 28 Sep 2010 13:41:36 -0400
Subject: [Freeipa-devel] [PATCH] 546 make migration work again
In-Reply-To: <4CA103E8.3030503@redhat.com>
References: <4CA0DAB5.9050007@redhat.com> <4CA103E8.3030503@redhat.com>
Message-ID: <4CA228D0.8040007@redhat.com>

Adam Young wrote:
> On 09/27/2010 01:56 PM, Rob Crittenden wrote:
>> Handle an empty base_dn and no cn=ipaconfig in the ldap2 backend.
>>
>> We lacked good error messages if the user/group container you used
>> doesn't exist.
>>
>> Add a --continue option so things can continue if you use a bad
>> user/group container. This has the side-effect of letting you migrate
>> just users or groups by using a bad container for the one you don't want.
>>
>> Fix a Gettext() error when displaying the migrated password message.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK

pushed to master



From sgallagh at redhat.com  Tue Sep 28 18:17:06 2010
From: sgallagh at redhat.com (Stephen Gallagher)
Date: Tue, 28 Sep 2010 14:17:06 -0400
Subject: [Freeipa-devel] Handling nested netgroups (looking for
	recommendations)
Message-ID: <4CA23122.7050908@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First, a little overview on netgroups. Netgroups in LDAP can contain two
attributes:
 1) nistNetgroupTriple - Contains a literal triple of (host, username,
domain)
 2) memberNisNetgroup - The name (or DN, more on that later) of another
netgroup.

Returning triples are simple, we just return them as-is. However,
returning nested netgroups introduces a bit of additional complexity.

Currently, nss_ldap just returns the name of the memberNisNetgroup
directly to glibc and allows it to handle it. This means that glibc will
make an extra, internal set of setnetgrent(), getnetgrent()
endnetgrent() calls to nss_ldap. Or not: the design of glibc means that
if the nested netgroup appears in an NSS provider listed in
nsswitch.conf before nss_ldap, it will be returned from there, rather
than nss_ldap. This means that it is theoretically possible for a local
file to override the centralized LDAP for a netgroup.

With SSSD, our original plan was that we should always treat the LDAP
server as authoritative. We would internally handle recursive lookups
for nested netgroups and unravel them ourselves before returning them to
glibc. We would only return nested names in this case if the specified
member does not exist on the LDAP server (in this case we will assume
that it's meant to be handled by another netgroup provider).

To illustrate the difference:

With nsswitch.conf:
netgroup files nss_ldap

On LDAP:
ldapnetgroup1: (user1, host1, ldapdomain) extranetgroup2
extranetgroup2: (user2, host2, ldapdomain)

In local files:
extranetgroup2: (localuser, localhost, localdomain)

With nss_ldap, making a request for ldapnetgroup1 would return to the
calling application (after glibc completed all its internal lookups):

ldapnetgroup1: (user1, host1, ldapdomain), (localuser, localhost,
localdomain)

Whereas with the proposed approach for SSSD:
With nssswitch.conf:
netgroup files sss

We would get back from glibc:
ldapnetgroup1: (user1, host1, ldapdomain), (user2, host2, ldapdomain)


So the difference in behavior should be clear now.


The obvious advantage to this approach is that the central server will
always be considered authoritative for its entries. We will assume that
the specified member should use the LDAP representation as its first
option, and fail over to glibc's lookup for other netgroup providers
only if it does not exist in LDAP.

This should provide a more stable environment, however it does differ
from the current expected behavior as defined by nss_ldap.


To enumerate the options we can follow:
1) We can behave exactly as nss_ldap does. If we locate a member
netgroup, we can return that directly to glibc and expect to have it
look it up as needed. Pros: identical behavior to the current state.
Cons: makes additional requests to the SSSD that we could be handling
internally without a lot of back-and-forth to glibc.

2) We can assume that member entries in LDAP refer to LDAP entries
unless we cannot locate them. In this case, we can internally handle the
recursive lookups to LDAP. Any member netgroups that we don't find in
LDAP should be returned to glibc to process. Pros: we can control
nesting limits this way. The memberOf plugin also does a good job with
protecting us against loops. We can parallelize the lookups of multiple
member netgroups for performance. Cons: we are changing the behavior as
described above.

Appendix) There is no formal specification of netgroups. It's possible
for the memberNisNetgroup attribute to contain either a simple name or a
full LDAP distinguished name. If a full DN is provided, we should assume
that this means that it must be in LDAP, and stop processing (and don't
return it) if we get a DN that doesn't match. For entries that are not
complete DN's, we should choose one of the two aforementioned approaches.


Please comment if you have an opinion.


- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkyiMSIACgkQeiVVYja6o6MuxwCghVhG3baFori0Retl6itILvLe
NqkAn3Sn5EZkgP5Yoztuvh/KHudWP48S
=tcYu
-----END PGP SIGNATURE-----



From edewata at redhat.com  Tue Sep 28 18:54:07 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Tue, 28 Sep 2010 14:54:07 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Fixed tab selection on page reload.
In-Reply-To: <1640305459.596371285700035741.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <596842970.596391285700047611.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

Please review the attached patch. Thanks!

jQuery tabs by default will display the first tab, so reloading a page
or opening a page from bookmark may not show the active tab correctly.
The nav_select_tabs() has been added to get the list of active tabs from
the hash values in the URL and then activate the appropriate tabs. It
will be called during page initialization and whenever the hash values
change.

The navigation.js and webui.js has been cleaned up to better utilize
jQuery API. jQuery selectors are used to create DOM objects that can
be used by subsequent codes. Tab selection handler is now added to the
tabs object instead of anchors. The change event no longer needs to be
triggered manually.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0010-Fixed-tab-selection-on-page-reload.patch
Type: text/x-patch
Size: 6437 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Tue Sep 28 21:36:53 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 17:36:53 -0400
Subject: [Freeipa-devel] [PATCH] Fixed tab selection on page reload.
In-Reply-To: <596842970.596391285700047611.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <596842970.596391285700047611.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4CA25FF5.3090906@redhat.com>

On 09/28/2010 02:54 PM, Endi Sukma Dewata wrote:
> Hi,
>
> Please review the attached patch. Thanks!
>
> jQuery tabs by default will display the first tab, so reloading a page
> or opening a page from bookmark may not show the active tab correctly.
> The nav_select_tabs() has been added to get the list of active tabs from
> the hash values in the URL and then activate the appropriate tabs. It
> will be called during page initialization and whenever the hash values
> change.
>
> The navigation.js and webui.js has been cleaned up to better utilize
> jQuery API. jQuery selectors are used to create DOM objects that can
> be used by subsequent codes. Tab selection handler is now added to the
> tabs object instead of anchors. The change event no longer needs to be
> triggered manually.
>
> --
> Endi S. Dewata
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Tue Sep 28 21:37:25 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 17:37:25 -0400
Subject: [Freeipa-devel] [PATCH] Fixed tab selection on page reload.
In-Reply-To: <596842970.596391285700047611.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <596842970.596391285700047611.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4CA26015.9010908@redhat.com>

On 09/28/2010 02:54 PM, Endi Sukma Dewata wrote:
> Hi,
>
> Please review the attached patch. Thanks!
>
> jQuery tabs by default will display the first tab, so reloading a page
> or opening a page from bookmark may not show the active tab correctly.
> The nav_select_tabs() has been added to get the list of active tabs from
> the hash values in the URL and then activate the appropriate tabs. It
> will be called during page initialization and whenever the hash values
> change.
>
> The navigation.js and webui.js has been cleaned up to better utilize
> jQuery API. jQuery selectors are used to create DOM objects that can
> be used by subsequent codes. Tab selection handler is now added to the
> tabs object instead of anchors. The change event no longer needs to be
> triggered manually.
>
> --
> Endi S. Dewata
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Tue Sep 28 21:41:50 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 17:41:50 -0400
Subject: [Freeipa-devel] [PATCH]
	admiyo-freeipa-0046-Corrected-Language-Codes.patch
Message-ID: <4CA2611E.4090109@redhat.com>

Corrected Language Codes
     The Gnu document incorrectly listed Japanese as jp and Hebrew as iw.
     That was why the Plurals line passed through directly from the 
template.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0046-Corrected-Language-Codes.patch
Type: text/x-patch
Size: 167204 bytes
Desc: not available
URL: 

From dpal at redhat.com  Tue Sep 28 22:27:29 2010
From: dpal at redhat.com (Dmitri Pal)
Date: Tue, 28 Sep 2010 18:27:29 -0400
Subject: [Freeipa-devel] [SSSD] Handling nested netgroups (looking for
	recommendations)
In-Reply-To: <4CA23122.7050908@redhat.com>
References: <4CA23122.7050908@redhat.com>
Message-ID: <4CA26BD1.3020908@redhat.com>

Stephen Gallagher wrote:
> First, a little overview on netgroups. Netgroups in LDAP can contain two
> attributes:
>  1) nistNetgroupTriple - Contains a literal triple of (host, username,
> domain)
>  2) memberNisNetgroup - The name (or DN, more on that later) of another
> netgroup.
>
> Returning triples are simple, we just return them as-is. However,
> returning nested netgroups introduces a bit of additional complexity.
>
> Currently, nss_ldap just returns the name of the memberNisNetgroup
> directly to glibc and allows it to handle it. This means that glibc will
> make an extra, internal set of setnetgrent(), getnetgrent()
> endnetgrent() calls to nss_ldap. Or not: the design of glibc means that
> if the nested netgroup appears in an NSS provider listed in
> nsswitch.conf before nss_ldap, it will be returned from there, rather
> than nss_ldap. This means that it is theoretically possible for a local
> file to override the centralized LDAP for a netgroup.
>
> With SSSD, our original plan was that we should always treat the LDAP
> server as authoritative. We would internally handle recursive lookups
> for nested netgroups and unravel them ourselves before returning them to
> glibc. We would only return nested names in this case if the specified
> member does not exist on the LDAP server (in this case we will assume
> that it's meant to be handled by another netgroup provider).
>
> To illustrate the difference:
>
> With nsswitch.conf:
> netgroup files nss_ldap
>
> On LDAP:
> ldapnetgroup1: (user1, host1, ldapdomain) extranetgroup2
> extranetgroup2: (user2, host2, ldapdomain)
>
> In local files:
> extranetgroup2: (localuser, localhost, localdomain)
>
> With nss_ldap, making a request for ldapnetgroup1 would return to the
> calling application (after glibc completed all its internal lookups):
>
> ldapnetgroup1: (user1, host1, ldapdomain), (localuser, localhost,
> localdomain)
>
> Whereas with the proposed approach for SSSD:
> With nssswitch.conf:
> netgroup files sss
>
> We would get back from glibc:
> ldapnetgroup1: (user1, host1, ldapdomain), (user2, host2, ldapdomain)
>
>
> So the difference in behavior should be clear now.
>
>
> The obvious advantage to this approach is that the central server will
> always be considered authoritative for its entries. We will assume that
> the specified member should use the LDAP representation as its first
> option, and fail over to glibc's lookup for other netgroup providers
> only if it does not exist in LDAP.
>
> This should provide a more stable environment, however it does differ
> from the current expected behavior as defined by nss_ldap.
>
>
> To enumerate the options we can follow:
> 1) We can behave exactly as nss_ldap does. If we locate a member
> netgroup, we can return that directly to glibc and expect to have it
> look it up as needed. Pros: identical behavior to the current state.
> Cons: makes additional requests to the SSSD that we could be handling
> internally without a lot of back-and-forth to glibc.
>
> 2) We can assume that member entries in LDAP refer to LDAP entries
> unless we cannot locate them. In this case, we can internally handle the
> recursive lookups to LDAP. Any member netgroups that we don't find in
> LDAP should be returned to glibc to process. Pros: we can control
> nesting limits this way. The memberOf plugin also does a good job with
> protecting us against loops. We can parallelize the lookups of multiple
> member netgroups for performance. Cons: we are changing the behavior as
> described above.


Suggestion:
a) Implement option 2 now
b) File a ticket to add a compatibility mode (controlled by a
configuration switch) later and defer to  post 1.5 release

>
> Appendix) There is no formal specification of netgroups. It's possible
> for the memberNisNetgroup attribute to contain either a simple name or a
> full LDAP distinguished name. If a full DN is provided, we should assume
> that this means that it must be in LDAP, and stop processing (and don't
> return it) if we get a DN that doesn't match. For entries that are not
> complete DN's, we should choose one of the two aforementioned approaches.
>
>
> Please comment if you have an opinion.
>
>
_______________________________________________
sssd-devel mailing list
sssd-devel at lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



From edewata at redhat.com  Tue Sep 28 23:20:11 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Tue, 28 Sep 2010 19:20:11 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Added error handler for ipa_cmd().
In-Reply-To: <1854688161.617441285715921920.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <253753478.617471285716011765.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

Please review the attached patch. It can be tested by moving one of
the JSON files in test/data somewhere else. Thanks!

The ipa_cmd() has been modified such that when an error occurs a
dialog box will appear showing the error message with 2 buttons:
Retry and Cancel. If Retry is clicked, it will attempt to execute
the same operation again. If Cancel is clicked, the operation will
be canceled and the control is returned to the caller.

The associate.js, details.js, entity.js, search.js, and webui.js
have been modified to display the error message inside the page.
This behavior can be changed in the future (e.g. redirect to error
page).

The navigation.js and webui.js have been modified to render only
the visible tabs. This improves the performance and reduce hidden
errors.

Some variables/functions also have been renamed for consistency.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0011-Added-error-handler-for-ipa_cmd.patch
Type: text/x-patch
Size: 16234 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Tue Sep 28 23:23:14 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 19:23:14 -0400
Subject: [Freeipa-devel] [PATCH]admiyo-freeipa-0047-tab-objects.patch
Message-ID: <4CA278E2.3010901@redhat.com>

     tab objects
     Convert the tab lists to arrays of objects with four potential fields:

     tab[0] -> tab.name
     tab[1] -> tab.label
     tab[2] -> tab.setup or tab.children

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0047-tab-objects.patch
Type: text/x-patch
Size: 5456 bytes
Desc: not available
URL: 

From edewata at redhat.com  Tue Sep 28 23:30:56 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Tue, 28 Sep 2010 19:30:56 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH]
 admiyo-freeipa-0046-Corrected-Language-Codes.patch
In-Reply-To: <4CA2611E.4090109@redhat.com>
Message-ID: <1849646725.617771285716656419.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> Corrected Language Codes
>      The Gnu document incorrectly listed Japanese as jp and Hebrew as iw.
>      That was why the Plurals line passed through directly from the template.
> 
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

ACK, one trailing whitespace on line 47.

--
Endi S. Dewata



From ayoung at redhat.com  Wed Sep 29 01:09:33 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 21:09:33 -0400
Subject: [Freeipa-devel] [PATCH] Added error handler for ipa_cmd().
In-Reply-To: <253753478.617471285716011765.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <253753478.617471285716011765.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4CA291CD.3070205@redhat.com>

On 09/28/2010 07:20 PM, Endi Sukma Dewata wrote:
> Hi,
>
> Please review the attached patch. It can be tested by moving one of
> the JSON files in test/data somewhere else. Thanks!
>
> The ipa_cmd() has been modified such that when an error occurs a
> dialog box will appear showing the error message with 2 buttons:
> Retry and Cancel. If Retry is clicked, it will attempt to execute
> the same operation again. If Cancel is clicked, the operation will
> be canceled and the control is returned to the caller.
>
> The associate.js, details.js, entity.js, search.js, and webui.js
> have been modified to display the error message inside the page.
> This behavior can be changed in the future (e.g. redirect to error
> page).
>
> The navigation.js and webui.js have been modified to render only
> the visible tabs. This improves the performance and reduce hidden
> errors.
>
> Some variables/functions also have been renamed for consistency.
>
> --
> Endi S. Dewata
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


Endi, can you add in a Unit test for this?  If need be, extend the 
ipa_cmd so that it looks for an optional command line param that makes 
it try to fetch a .json file that doesn't exist:


Something like
var suffix = $.bbq.get("cmd_suffix");
if (suffix){
method += suffix;
}
method += '.json';

...




-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Wed Sep 29 02:23:43 2010
From: ayoung at redhat.com (Adam Young)
Date: Tue, 28 Sep 2010 22:23:43 -0400
Subject: [Freeipa-devel] [PATCH]admiyo-freeipa-0047-tab-objects.patch
In-Reply-To: <4CA278E2.3010901@redhat.com>
References: <4CA278E2.3010901@redhat.com>
Message-ID: <4CA2A32F.2070106@redhat.com>

On 09/28/2010 07:23 PM, Adam Young wrote:
>     tab objects
>     Convert the tab lists to arrays of objects with four potential 
> fields:
>
>     tab[0] -> tab.name
>     tab[1] -> tab.label
>     tab[2] -> tab.setup or tab.children
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Added unit tests
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0047-tab-objects-2.patch
Type: text/x-patch
Size: 9700 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Wed Sep 29 03:11:06 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 28 Sep 2010 23:11:06 -0400
Subject: [Freeipa-devel] [PATCH] 548 use consistent CA nickname
Message-ID: <4CA2AE4A.1070107@redhat.com>

Use consistent, specific nickname for the IPA CA certificate.

Also fix some imports for sha. We have a compat module for it, use it.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-548-nickname.patch
Type: application/mbox
Size: 5542 bytes
Desc: not available
URL: 

From edewata at redhat.com  Wed Sep 29 04:44:24 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Wed, 29 Sep 2010 00:44:24 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH]admiyo-freeipa-0047-tab-objects.patch
In-Reply-To: <1708074242.627641285735414856.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1324805997.627741285735464920.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> tab objects
> Convert the tab lists to arrays of objects with four potential fields:
> 
> tab[0] -> tab.name
> tab[1] -> tab.label
> tab[2] -> tab.setup or tab.children

> Added unit tests

ACK, but could you add the unit tests into the index.html and all_tests.html?
I'll add unit tests too and rebase my patch on your patch. Thanks.

diff --git a/install/static/test/all_tests.html b/install/static/test/all_tests.html
index 687bea1..93c4de2 100644
--- a/install/static/test/all_tests.html
+++ b/install/static/test/all_tests.html
@@ -5,15 +5,19 @@
     
     
     
+    
+    
     
     
     
     
     
     
+    
     
     
     
+    
 
 
     
    Complete Test Suite
    
diff --git a/install/static/test/index.html b/install/static/test/index.html
index 14ca7f0..581be24 100644
--- a/install/static/test/index.html
+++ b/install/static/test/index.html
@@ -27,6 +27,7 @@
         
  • Core Test Suite
         
  • Entity Test Suite
         
  • Association Test Suite
+        
  • Navigation Test Suite
         
     

--
Endi S. Dewata



From jeffschroeder at computer.org  Tue Sep 28 23:02:23 2010
From: jeffschroeder at computer.org (Jeff Schroeder)
Date: Tue, 28 Sep 2010 16:02:23 -0700
Subject: [Freeipa-devel] [SSSD] Handling nested netgroups (looking for
	recommendations)
In-Reply-To: <4CA23122.7050908@redhat.com>
References: <4CA23122.7050908@redhat.com>
Message-ID: 

On Tue, Sep 28, 2010 at 11:17 AM, Stephen Gallagher  wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> First, a little overview on netgroups. Netgroups in LDAP can contain two
> attributes:
> ?1) nistNetgroupTriple - Contains a literal triple of (host, username,
> domain)
> ?2) memberNisNetgroup - The name (or DN, more on that later) of another
> netgroup.
>
> Returning triples are simple, we just return them as-is. However,
> returning nested netgroups introduces a bit of additional complexity.
>
> Currently, nss_ldap just returns the name of the memberNisNetgroup
> directly to glibc and allows it to handle it. This means that glibc will
> make an extra, internal set of setnetgrent(), getnetgrent()
> endnetgrent() calls to nss_ldap. Or not: the design of glibc means that
> if the nested netgroup appears in an NSS provider listed in
> nsswitch.conf before nss_ldap, it will be returned from there, rather
> than nss_ldap. This means that it is theoretically possible for a local
> file to override the centralized LDAP for a netgroup.
>
> With SSSD, our original plan was that we should always treat the LDAP
> server as authoritative. We would internally handle recursive lookups
> for nested netgroups and unravel them ourselves before returning them to
> glibc. We would only return nested names in this case if the specified
> member does not exist on the LDAP server (in this case we will assume
> that it's meant to be handled by another netgroup provider).

Not for the sake of being argumentative, but for the sake of
completeness, why do you want to change the semantics of what an admin
would expect? Especially when most people using sssd are former
pam_ldap users and expect things like netgroups to work a certain way?
While not disagreeing, I'm just curious as to the reasoning.

-- 
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com



From ayoung at redhat.com  Wed Sep 29 13:25:00 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 09:25:00 -0400
Subject: [Freeipa-devel] [PATCH]admiyo-freeipa-0047-tab-objects.patch
In-Reply-To: <1324805997.627741285735464920.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1324805997.627741285735464920.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4CA33E2C.5050004@redhat.com>

On 09/29/2010 12:44 AM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> tab objects
>> Convert the tab lists to arrays of objects with four potential fields:
>>
>> tab[0] ->  tab.name
>> tab[1] ->  tab.label
>> tab[2] ->  tab.setup or tab.children
>>      
>    
>> Added unit tests
>>      
> ACK, but could you add the unit tests into the index.html and all_tests.html?
> I'll add unit tests too and rebase my patch on your patch. Thanks.
>
> diff --git a/install/static/test/all_tests.html b/install/static/test/all_tests.html
> index 687bea1..93c4de2 100644
> --- a/install/static/test/all_tests.html
> +++ b/install/static/test/all_tests.html
> @@ -5,15 +5,19 @@
>       
>       
>       
> +
> +
>       
>       
>       
>       
>       
>       
> +
>       
>       
>       
> +
>   
>   
>       
    Complete Test Suite
    
> diff --git a/install/static/test/index.html b/install/static/test/index.html
> index 14ca7f0..581be24 100644
> --- a/install/static/test/index.html
> +++ b/install/static/test/index.html
> @@ -27,6 +27,7 @@
>           
  • Core Test Suite
>           
  • Entity Test Suite
>           
  • Association Test Suite
> +
  • Navigation Test Suite
>           
>       
>
> --
> Endi S. Dewata
>    
Yeah.  I'll do that before checkin



From ayoung at redhat.com  Wed Sep 29 13:31:20 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 09:31:20 -0400
Subject: [Freeipa-devel] [PATCH]admiyo-freeipa-0047-tab-objects.patch
In-Reply-To: <1324805997.627741285735464920.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1324805997.627741285735464920.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4CA33FA8.3010800@redhat.com>

On 09/29/2010 12:44 AM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> tab objects
>> Convert the tab lists to arrays of objects with four potential fields:
>>
>> tab[0] ->  tab.name
>> tab[1] ->  tab.label
>> tab[2] ->  tab.setup or tab.children
>>      
>    
>> Added unit tests
>>      
> ACK, but could you add the unit tests into the index.html and all_tests.html?
> I'll add unit tests too and rebase my patch on your patch. Thanks.
>    

Done, and pushed to master.


> diff --git a/install/static/test/all_tests.html b/install/static/test/all_tests.html
> index 687bea1..93c4de2 100644
> --- a/install/static/test/all_tests.html
> +++ b/install/static/test/all_tests.html
> @@ -5,15 +5,19 @@
>       
>       
>       
> +
> +
>       
>       
>       
>       
>       
>       
> +
>       
>       
>       
> +
>   
>   
>       
    Complete Test Suite
    
> diff --git a/install/static/test/index.html b/install/static/test/index.html
> index 14ca7f0..581be24 100644
> --- a/install/static/test/index.html
> +++ b/install/static/test/index.html
> @@ -27,6 +27,7 @@
>           
  • Core Test Suite
>           
  • Entity Test Suite
>           
  • Association Test Suite
> +
  • Navigation Test Suite
>           
>       
>
> --
> Endi S. Dewata
>    



From ayoung at redhat.com  Wed Sep 29 14:00:49 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 10:00:49 -0400
Subject: [Freeipa-devel] [PATCH] 548 use consistent CA nickname
In-Reply-To: <4CA2AE4A.1070107@redhat.com>
References: <4CA2AE4A.1070107@redhat.com>
Message-ID: <4CA34691.40802@redhat.com>

On 09/28/2010 11:11 PM, Rob Crittenden wrote:
> Use consistent, specific nickname for the IPA CA certificate.
>
> Also fix some imports for sha. We have a compat module for it, use it.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From JR.Aquino at citrixonline.com  Wed Sep 29 17:44:53 2010
From: JR.Aquino at citrixonline.com (JR Aquino)
Date: Wed, 29 Sep 2010 10:44:53 -0700
Subject: [Freeipa-devel] Sudo Schema Bug
Message-ID: 

I believe we have made an oversight in the way that sudo processes 'deny' or negations via ldap...

Currently our IPA sudo Schema has ipasudorule objects set to contain an attribute: accessRuleType

Unfortunately, sudo does not have a means to do a 'deny' in this way...

For a command, user, or host to be 'denied' it must be proceeded with an exclamation point: !

Due to the RFC, LDAP will return entries in an arbitrary order, as such sudo will do first match on the "!" negations.  However, this is only true within the same Rule, I.E. if a user belongs to multiple groups, one which allows the command, and separate one which negates the command, sudo can and will pass or fail depending on which object ldap returns back for the search results.

It occurs to me that we have 2 ways to proceed.

0) I suggest we remove the attribute: accessRuleType from ipasudorule.

1) Add the attribute: accessRuleType to ipasudocmdgrp.
    -This has the benefit of not having to duplicate new ipasudocmd's only to prepend a "!" in front of them since an ipasudorule can contain multiple ipasudocmdgrp's.
    I.E. /usr/bin/less can be added to an 'allow' command group and remain unchanged, but when also added to a 'deny' command group, the compat layer should prepend the "!" for us.

Please let me know if anyone has any objections or observations.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 6500 Hollister Avenue | Goleta, CA 93117
T:  +1 805.690.3478
jr.aquino at citrixonline.com
http://www.citrixonline.com



From rcritten at redhat.com  Wed Sep 29 17:55:19 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 29 Sep 2010 13:55:19 -0400
Subject: [Freeipa-devel] [PATCH] 549 remove reliance on admin user
Message-ID: <4CA37D87.2060907@redhat.com>

Change the finals aci so that the login admin is no longer special. The 
group admins is now controls the "super-user" group.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-549-admin.patch
Type: application/mbox
Size: 3341 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Wed Sep 29 17:58:39 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 29 Sep 2010 13:58:39 -0400
Subject: [Freeipa-devel] [PATCH] 550 estimated install times
Message-ID: <4CA37E4F.8030903@redhat.com>

Add estimated install times to the installation. I also log a duration 
for each step in /var/log/ipaserver-install.log if anyone wants to 
compare their times to mine.

ticket 139

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-550-install.patch
Type: application/mbox
Size: 5160 bytes
Desc: not available
URL: 

From rcritten at redhat.com  Wed Sep 29 18:54:05 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 29 Sep 2010 14:54:05 -0400
Subject: [Freeipa-devel] [PATCH] 551 ipa-dns-install updates
Message-ID: <4CA38B4D.1030400@redhat.com>

Detect if DNS is already configured in IPA, or if IPA is not yet installed.

ipa-dns-manage could fail in very odd ways depending on the current 
configuration of the server. Handle things a bit better.

ticket 210

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-551-dns.patch
Type: application/mbox
Size: 2062 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Wed Sep 29 19:16:08 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 15:16:08 -0400
Subject: [Freeipa-devel] [PATCH] 549 remove reliance on admin user
In-Reply-To: <4CA37D87.2060907@redhat.com>
References: <4CA37D87.2060907@redhat.com>
Message-ID: <4CA39078.7010102@redhat.com>

On 09/29/2010 01:55 PM, Rob Crittenden wrote:
> Change the finals aci so that the login admin is no longer special. 
> The group admins is now controls the "super-user" group.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Do I read it right that now you can delete an admin user?  What if there 
is only one Admin user, and you delete that?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From edewata at redhat.com  Wed Sep 29 19:17:24 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Wed, 29 Sep 2010 15:17:24 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Added error handler for ipa_cmd().
In-Reply-To: <2088300039.708831285787706780.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1795368340.709091285787844647.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> Endi, can you add in a Unit test for this? If need be, extend the
> ipa_cmd so that it looks for an optional command line param that makes
> it try to fetch a .json file that doesn't exist:
> 
> 
> Something like
> var suffix = $.bbq.get("cmd_suffix");
> if (suffix){
> method += suffix;
> }
> method += '.json';
> 
> ...

Attached is a new patch based on the latest master with unit tests.
ipa_cmd() error can be simulated by overriding $.ajax with a mockup
function. Thanks!

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0011-2-Added-error-handler-for-ipa_cmd.patch
Type: text/x-patch
Size: 26317 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Wed Sep 29 19:41:22 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 15:41:22 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0048-Item-Level-Undo.patch
Message-ID: <4CA39662.7090004@redhat.com>

Item Level Undo

     Also adding some unit tests for details.
     Using JQuery UI buttons for update and reset


This has the added benefit of letting the user know when the screen has 
been submitted, as the "undo" buttons go away.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0048-Item-Level-Undo.patch
Type: text/x-patch
Size: 14899 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Wed Sep 29 20:53:31 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 16:53:31 -0400
Subject: [Freeipa-devel] [PATCH] Added error handler for ipa_cmd().
In-Reply-To: <1795368340.709091285787844647.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1795368340.709091285787844647.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4CA3A74B.3050200@redhat.com>

On 09/29/2010 03:17 PM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> Endi, can you add in a Unit test for this? If need be, extend the
>> ipa_cmd so that it looks for an optional command line param that makes
>> it try to fetch a .json file that doesn't exist:
>>
>>
>> Something like
>> var suffix = $.bbq.get("cmd_suffix");
>> if (suffix){
>> method += suffix;
>> }
>> method += '.json';
>>
>> ...
>>      
> Attached is a new patch based on the latest master with unit tests.
> ipa_cmd() error can be simulated by overriding $.ajax with a mockup
> function. Thanks!
>
> --
> Endi S. Dewata
>    
ACK



From rcritten at redhat.com  Wed Sep 29 21:03:41 2010
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 29 Sep 2010 17:03:41 -0400
Subject: [Freeipa-devel] [PATCH] 552 handle setattr/addattr better
Message-ID: <4CA3A9AD.7050006@redhat.com>

When doing an addattr check to see if we are creating a multi-value 
attribute and see if that is allowed by the Param and/or the attribute 
in the schema (SINGLE-VALUE).

Pavel, check my fix in the exception callback. It was passing attrs_list 
but that isn't set until later. I decided to send an empty list instead.

Also catch RDN update exceptions and return an error about primary keys 
(which this essentially means).

ticket 230

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-552-mod.patch
Type: application/mbox
Size: 5947 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Wed Sep 29 21:05:32 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 17:05:32 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0048-Item-Level-Undo.patch
In-Reply-To: <4CA39662.7090004@redhat.com>
References: <4CA39662.7090004@redhat.com>
Message-ID: <4CA3AA1C.7000209@redhat.com>

On 09/29/2010 03:41 PM, Adam Young wrote:
> Item Level Undo
>
>     Also adding some unit tests for details.
>     Using JQuery UI buttons for update and reset
>
>
> This has the added benefit of letting the user know when the screen 
> has been submitted, as the "undo" buttons go away.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Rebased on top of Endi's last patch, and added my tests to index and all 
tests
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0048-2-Item-Level-Undo.patch
Type: text/x-patch
Size: 16229 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Wed Sep 29 21:05:46 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 17:05:46 -0400
Subject: [Freeipa-devel] [PATCH] Added error handler for ipa_cmd().
In-Reply-To: <4CA3A74B.3050200@redhat.com>
References: <1795368340.709091285787844647.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
	<4CA3A74B.3050200@redhat.com>
Message-ID: <4CA3AA2A.6030302@redhat.com>

On 09/29/2010 04:53 PM, Adam Young wrote:
> On 09/29/2010 03:17 PM, Endi Sukma Dewata wrote:
>> ----- "Adam Young"  wrote:
>>
>>> Endi, can you add in a Unit test for this? If need be, extend the
>>> ipa_cmd so that it looks for an optional command line param that makes
>>> it try to fetch a .json file that doesn't exist:
>>>
>>>
>>> Something like
>>> var suffix = $.bbq.get("cmd_suffix");
>>> if (suffix){
>>> method += suffix;
>>> }
>>> method += '.json';
>>>
>>> ...
>> Attached is a new patch based on the latest master with unit tests.
>> ipa_cmd() error can be simulated by overriding $.ajax with a mockup
>> function. Thanks!
>>
>> -- 
>> Endi S. Dewata
> ACK
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Pushed to master



From ssorce at redhat.com  Wed Sep 29 22:00:15 2010
From: ssorce at redhat.com (Simo Sorce)
Date: Wed, 29 Sep 2010 18:00:15 -0400
Subject: [Freeipa-devel] [PATCH] split password extop plugin in multiple
	files
Message-ID: <20100929180015.7d2fd044@willson.li.ssimo.org>


I was looking into a few bugs to fix in the plugin and realized it was
so big an messy that it would greatly help readbility if we splitted it
up.

This is a first pass (compiles, but not tested).
Only one function needed some minor refactoring (ipapwd_SetPassword).

Tomorrow I should be able to test it, meanwhile I'd like a generic
ack/nack on the approach.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Split-ipa_pwd_extop-plugin-in-multiple-files.patch
Type: text/x-patch
Size: 214808 bytes
Desc: not available
URL: 

From edewata at redhat.com  Wed Sep 29 22:19:17 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Wed, 29 Sep 2010 18:19:17 -0400 (EDT)
Subject: [Freeipa-devel] admiyo-freeipa-0048-Item-Level-Undo.patch
In-Reply-To: <898112435.725751285798586084.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1668610815.725941285798757282.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> Item Level Undo
> 
> Also adding some unit tests for details.
> Using JQuery UI buttons for update and reset
> 
> This has the added benefit of letting the user know when the screen
> has been submitted, as the "undo" buttons go away.

> Rebased on top
> of Endi's last patch, and added my tests to index and all tests

It doesn't work with attributes that originally don't have any value.
The previous_value will be undefined so the input field wouldn't be reset.

details.js:
406 var previous_value = entry_attrs[key];
407 if (previous_value){
408 this.previousElementSibling.value = previous_value;
409 } 

--
Endi S. Dewata



From edewata at redhat.com  Wed Sep 29 22:23:20 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Wed, 29 Sep 2010 18:23:20 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Checking empty AJAX response in ipa_cmd().
In-Reply-To: <155504844.726161285798961824.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1337721163.726211285799000116.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

Hi,

Please review the attached patch. Thanks!

Some errors (e.g. server down) are reported as AJAX success with
empty data and/or HTTP error code != 200. The ipa_cmd() has been
modified so that it will detect such errors and invoke the error
handler.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0012-Checking-empty-AJAX-response-in-ipa_cmd.patch
Type: text/x-patch
Size: 2500 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Wed Sep 29 23:27:48 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 19:27:48 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0048-Item-Level-Undo.patch
In-Reply-To: <1668610815.725941285798757282.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <1668610815.725941285798757282.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4CA3CB74.2060404@redhat.com>

On 09/29/2010 06:19 PM, Endi Sukma Dewata wrote:
> ----- "Adam Young"  wrote:
>
>    
>> Item Level Undo
>>
>> Also adding some unit tests for details.
>> Using JQuery UI buttons for update and reset
>>
>> This has the added benefit of letting the user know when the screen
>> has been submitted, as the "undo" buttons go away.
>>      
>    
>> Rebased on top
>> of Endi's last patch, and added my tests to index and all tests
>>      
> It doesn't work with attributes that originally don't have any value.
> The previous_value will be undefined so the input field wouldn't be reset.
>
> details.js:
> 406 var previous_value = entry_attrs[key];
> 407 if (previous_value){
> 408 this.previousElementSibling.value = previous_value;
> 409 }
>
> --
> Endi S. Dewata
>    
Ah..good catch.  OK  I'll fix



From ayoung at redhat.com  Thu Sep 30 00:01:14 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 20:01:14 -0400
Subject: [Freeipa-devel] [PATCH] Added error handler for ipa_cmd().
In-Reply-To: <4CA3AA2A.6030302@redhat.com>
References: <1795368340.709091285787844647.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>	<4CA3A74B.3050200@redhat.com>
	<4CA3AA2A.6030302@redhat.com>
Message-ID: <4CA3D34A.9060703@redhat.com>

On 09/29/2010 05:05 PM, Adam Young wrote:
> On 09/29/2010 04:53 PM, Adam Young wrote:
>> On 09/29/2010 03:17 PM, Endi Sukma Dewata wrote:
>>> ----- "Adam Young"  wrote:
>>>
>>>> Endi, can you add in a Unit test for this? If need be, extend the
>>>> ipa_cmd so that it looks for an optional command line param that makes
>>>> it try to fetch a .json file that doesn't exist:
>>>>
>>>>
>>>> Something like
>>>> var suffix = $.bbq.get("cmd_suffix");
>>>> if (suffix){
>>>> method += suffix;
>>>> }
>>>> method += '.json';
>>>>
>>>> ...
>>> Attached is a new patch based on the latest master with unit tests.
>>> ipa_cmd() error can be simulated by overriding $.ajax with a mockup
>>> function. Thanks!
>>>
>>> -- 
>>> Endi S. Dewata
>> ACK
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Pushed to master
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Should have remembered this approach, standard JS way to deal with 
undefined values.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0048-3-Item-Level-Undo.patch
Type: text/x-patch
Size: 16182 bytes
Desc: not available
URL: 

From dpal at redhat.com  Thu Sep 30 00:20:56 2010
From: dpal at redhat.com (Dmitri Pal)
Date: Wed, 29 Sep 2010 20:20:56 -0400
Subject: [Freeipa-devel] Sudo Schema Bug
In-Reply-To: 
References: 
Message-ID: <4CA3D7E8.9070300@redhat.com>

JR Aquino wrote:
> I believe we have made an oversight in the way that sudo processes 'deny' or negations via ldap...
>
> Currently our IPA sudo Schema has ipasudorule objects set to contain an attribute: accessRuleType
>
> Unfortunately, sudo does not have a means to do a 'deny' in this way...
>
> For a command, user, or host to be 'denied' it must be proceeded with an exclamation point: !
>
> Due to the RFC, LDAP will return entries in an arbitrary order, as such sudo will do first match on the "!" negations.  However, this is only true within the same Rule, I.E. if a user belongs to multiple groups, one which allows the command, and separate one which negates the command, sudo can and will pass or fail depending on which object ldap returns back for the search results.
>
> It occurs to me that we have 2 ways to proceed.
>
> 0) I suggest we remove the attribute: accessRuleType from ipasudorule.
>
> 1) Add the attribute: accessRuleType to ipasudocmdgrp.
>     -This has the benefit of not having to duplicate new ipasudocmd's only to prepend a "!" in front of them since an ipasudorule can contain multiple ipasudocmdgrp's.
>     I.E. /usr/bin/less can be added to an 'allow' command group and remain unchanged, but when also added to a 'deny' command group, the compat layer should prepend the "!" for us.
>
> Please let me know if anyone has any objections or observations.
>   

May be I misunderstood how things work but my assumption was that SUDO
will inspect multiple rules not just a rule returned by LDAP. Is this
not the case? If it is the case then you are right that current schema
is different and requires different grouping of the commands than with
the standard schema but end result will be same. Let me try to
illustrate it on example:

Standard schema:
Rule 1 has command A and !B
Rule 2 has command C and !D

In the new schema
Rule X will have A & C
Rule Y will be  negative and have C & D

Of cause Rules 1/2 and X/Y can't apply to the same user groups as the
current rules . The thought was that other set of groups will
potentially used by the records in the new schema.
The new schema directs people to think in better "abstraction" terms :
These users on these hosts can do something.
or
These users on these hosts can't do something.

It is a much cleaner and more intuitive administrative model than what
standard SUDO schema offers.
But if it is a wrong assumption and really does not add a value we
should definitely reconsider.

If proposed approach is really "wrong" then I would rather remove the
accessRuleType and add another attribute memberNotCmd similar to
memberCmd that will point to groups or individual commands that need to
be prohibited. And then support additional  value of cmdCategory equal
"none" that will imply that all sudo commands are prohibited. However I
would argue that this is and overhead that "none" can be accomplished by
totally disabling SUDO via HBAC. I would also argue that memberNotCmd &
memberCmd in one rule are equivalent to two rules using same users/hosts
but one for allowed commands and another for prohibited commands.

So back to the example the assumption currently is that the SUDO will
run through all the rules and match negative commands and then will do
positive commands. In case of existing schema the prohibited commands
will be scattered across multiple entries while in case of new schema
they will be grouped in entries. Does this really matter for the SUDO
usility how they are grouped and in what order they come? Based on the
RFC it should not matter so I really do not see an issue other than
forcing people to change rule definitions to do things in a more
intuitive way.

Please correct me if I am wrong.

Thanks
Dmitri
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jr Aquino, GCIH | Information Security Specialist
> Citrix Online | 6500 Hollister Avenue | Goleta, CA 93117
> T:  +1 805.690.3478
> jr.aquino at citrixonline.com
> http://www.citrixonline.com
>   


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



From ayoung at redhat.com  Thu Sep 30 00:29:28 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 20:29:28 -0400
Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA
 |	master
In-Reply-To: <20100928150647.16171.99688@web1.transifex.net>
References: <20100928150647.16171.99688@web1.transifex.net>
Message-ID: <4CA3D9E8.20108@redhat.com>

On 09/28/2010 11:06 AM, admin at transifex.net wrote:
> Hello freeipa, this is Transifex at http://www.transifex.net.
>
> The following attached files were submitted to FreeIPA | master by yurchor
>
> Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page.
>
> Thank you,
> Transifex
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Merged and pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From edewata at redhat.com  Thu Sep 30 00:34:59 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Wed, 29 Sep 2010 20:34:59 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Checking empty AJAX response in
 ipa_cmd().
In-Reply-To: <1850754195.734681285806685567.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <317791330.734851285806899115.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Endi Sukma Dewata"  wrote:

> Some errors (e.g. server down) are reported as AJAX success with
> empty data and/or HTTP error code != 200. The ipa_cmd() has been
> modified so that it will detect such errors and invoke the error
> handler.

It turns out that pulling local JSON files will result in HTTP error
code 0, so it's not a good indicator for error. I've removed it in
the new patch.

--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edewata-freeipa-0012-2-Checking-empty-AJAX-response-in-ipa_cmd.patch
Type: text/x-patch
Size: 2449 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Thu Sep 30 01:01:20 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 21:01:20 -0400
Subject: [Freeipa-devel] admiyo-freeipa-0049-default-search.patch
Message-ID: <4CA3E160.5030409@redhat.com>

default search
     Populate the entity search pages with the results of a search with 
a blank filter even if no filter has been specified

-------------- next part --------------
A non-text attachment was scrubbed...
Name: admiyo-freeipa-0049-default-search.patch
Type: text/x-patch
Size: 1244 bytes
Desc: not available
URL: 

From ayoung at redhat.com  Thu Sep 30 01:41:02 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 21:41:02 -0400
Subject: [Freeipa-devel] [PATCH] Checking empty AJAX response in
	ipa_cmd().
In-Reply-To: <317791330.734851285806899115.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
References: <317791330.734851285806899115.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <4CA3EAAE.8050108@redhat.com>

On 09/29/2010 08:34 PM, Endi Sukma Dewata wrote:
> ----- "Endi Sukma Dewata"  wrote:
>
>    
>> Some errors (e.g. server down) are reported as AJAX success with
>> empty data and/or HTTP error code != 200. The ipa_cmd() has been
>> modified so that it will detect such errors and invoke the error
>> handler.
>>      
> It turns out that pulling local JSON files will result in HTTP error
> code 0, so it's not a good indicator for error. I've removed it in
> the new patch.
>
> --
> Endi S. Dewata
>    
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From ayoung at redhat.com  Thu Sep 30 01:43:23 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 21:43:23 -0400
Subject: [Freeipa-devel] Need Metadata for phone, email,
 other objects not in json_metadata yet
Message-ID: <4CA3EB3B.9030000@redhat.com>

Rob,

You indicated that there was a way to get the params we needed to 
produce meta-data.  I'm working on the phonenumber issues right now, and 
right now have no way of telling that it is a multi value attribute.  
There is logic in the code, but it relies on the metadata. v Can you 
point me in the right direction?



From ayoung at redhat.com  Thu Sep 30 01:46:43 2010
From: ayoung at redhat.com (Adam Young)
Date: Wed, 29 Sep 2010 21:46:43 -0400
Subject: [Freeipa-devel] [PATCH] Checking empty AJAX response
	in	ipa_cmd().
In-Reply-To: <4CA3EAAE.8050108@redhat.com>
References: <317791330.734851285806899115.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
	<4CA3EAAE.8050108@redhat.com>
Message-ID: <4CA3EC03.6010407@redhat.com>

On 09/29/2010 09:41 PM, Adam Young wrote:
> On 09/29/2010 08:34 PM, Endi Sukma Dewata wrote:
>> ----- "Endi Sukma Dewata"  wrote:
>>
>>    
>>> Some errors (e.g. server down) are reported as AJAX success with
>>> empty data and/or HTTP error code != 200. The ipa_cmd() has been
>>> modified so that it will detect such errors and invoke the error
>>> handler.
>>>      
>> It turns out that pulling local JSON files will result in HTTP error
>> code 0, so it's not a good indicator for error. I've removed it in
>> the new patch.
>>
>> --
>> Endi S. Dewata
>>    
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Pushed to master
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

From edewata at redhat.com  Thu Sep 30 03:07:57 2010
From: edewata at redhat.com (Endi Sukma Dewata)
Date: Wed, 29 Sep 2010 23:07:57 -0400 (EDT)
Subject: [Freeipa-devel] [PATCH] Added error handler for ipa_cmd().
In-Reply-To: <171755975.740581285815573481.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Message-ID: <1253134683.740801285816077938.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>

----- "Adam Young"  wrote:

> Should have remembered this approach, standard JS way to deal with 
> undefined values.

admiyo-freeipa-0048-3-Item-Level-Undo.patch

A few notes:

1. You're replying to the wrong thread :)

2. The undo button will only appear when the input field loses focus. Ideally
it should appear as soon as the value is changed, but I'm not sure if it's
possible to do that in JS. This can be addressed in the future.

3. The hint_span doesn't seem to be used consistently in details.js:272-297:

ipa_insert_first_dd(
    jobj, ipa_create_input(obj_name, attr, value[0],hint_span)
);
ipa_insert_other_dd(
    jobj, ipa_create_input(obj_name, attr, value[i],hint_span)
);
ipa_insert_other_dd(
    jobj.next(), _ipa_a_add_template.replace('A', attr)
);
ipa_insert_first_dd(
    jobj, _ipa_a_add_template.replace('A', attr) /*.append( hint_span)*/
);
ipa_insert_first_dd(
    jobj, ipa_create_input(obj_name, attr, '')/*.append( hint_span)*/
);

4. I think the statement on line 341 should be removed because it redefines
   the input variable:

        var input = $("