Dear guys<br><br><br>my Problem solved about sudoers config and i'm sorry about writer documention of ipa<br><br><br>this section <br><div><font face="courier new, monospace">binddn uid=sudo,cn=sysaccounts,cn=etc,dc=nise,dc=ir</font></div>
<div><font face="courier new, monospace">bindpw password</font></div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">ssl start_tls</font></div><div><font face="courier new, monospace">tls_cacertfile /etc/ipa/ca.crt</font></div>
<div><font face="courier new, monospace">tls_checkpeer yes</font></div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">bind_timelimit 5</font></div><div><font face="courier new, monospace">timelimit 15</font></div>
<div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">uri ldap://<a rel="nofollow" href="http://fs1.wedgeofli.me">fs1.wedgeofli.me</a></font></div><div><font face="courier new, monospace">sudoers_base ou=SUDOers,dc=wedgeofli,dc=me<br>
<br><b>in document write this section must configure in nsld.conf</b><br><b>but at this config file it's not work <br>but when i put this in </b><br></font></div>/etc/sudo.ldap sudo work <br><br><br>please change your document ,,, many peopel same me mybe working 3 week at this problem and not found any solution for this <br>
<br><br>document it's biggest bug in ipa <br><br>regards moeini<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Nov 12, 2012 at 5:49 PM, <span dir="ltr"><<a href="mailto:freeipa-devel-request@redhat.com" target="_blank">freeipa-devel-request@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Freeipa-devel mailing list submissions to<br>
<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:freeipa-devel-owner@redhat.com">freeipa-devel-owner@redhat.com</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Freeipa-devel digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Freeipa-devel Digest, Vol 66, Issue 34 (Dmitri Pal)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 12 Nov 2012 09:19:32 -0500<br>
From: Dmitri Pal <<a href="mailto:dpal@redhat.com">dpal@redhat.com</a>><br>
To: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a><br>
Subject: Re: [Freeipa-devel] Freeipa-devel Digest, Vol 66, Issue 34<br>
Message-ID: <<a href="mailto:50A10574.8050303@redhat.com">50A10574.8050303@redhat.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
On 11/10/2012 09:14 AM, mohammad moeini wrote:<br>
> Dear Guyes<br>
><br>
> i'm AAA Server administrator , I use freeipa for AAA server<br>
> i Have a Centos server and 50 client debian<br>
> i use the ipa v 3 and now have problem with join ipa clients becuse<br>
> not exisixt upper 2.1.4 package in debian distru<br>
> when i want compile ipa client on the folder ipa-client in cource get<br>
> the error krb5.h not exist , please help me anout dependency on the<br>
> freeipa v 3 o r say to me how can i config ipa v 3 for supporting ipa<br>
> client v 2.1.4<br>
><br>
> Another my question is about sudoers i config sudoers seem of the all<br>
> domcumention free ipa and testing many soulution from Ldap or freeipa<br>
> or another way seem nscd.conf or sssd.conf or .... but not working and<br>
> just say to me your user is not is sudoers ,,, i don't know i must<br>
> doing any config in ldap schema or must create suoers group<br>
> please help me ,,, i run freeipa for first time in middle ease and i<br>
> want grow this at this point of world<br>
><br>
<br>
Have you seen couple threads on freeipa-users about SUDO this and last<br>
month? Just search the archives.<br>
They have a lot of hints on how to configure sudo and make sure it works.<br>
SUDO changed the name of its config file recently and that have be a<br>
source of confusion is some cases.<br>
Anyways please read those threads and try to follow the instructions<br>
there (posts from JR are very helpful).<br>
If you still have problems please let us know more details.<br>
<br>
<br>
> Regards Moeini<br>
><br>
><br>
> On Fri, Nov 9, 2012 at 6:40 PM, <<a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a><br>
> <mailto:<a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a>>> wrote:<br>
><br>
> Send Freeipa-devel mailing list submissions to<br>
> <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
><br>
> To subscribe or unsubscribe via the World Wide Web, visit<br>
> <a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a><br>
> or, via email, send a message with subject or body 'help' to<br>
> <a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a><br>
> <mailto:<a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a>><br>
><br>
> You can reach the person managing the list at<br>
> <a href="mailto:freeipa-devel-owner@redhat.com">freeipa-devel-owner@redhat.com</a><br>
> <mailto:<a href="mailto:freeipa-devel-owner@redhat.com">freeipa-devel-owner@redhat.com</a>><br>
><br>
> When replying, please edit your Subject line so it is more specific<br>
> than "Re: Contents of Freeipa-devel digest..."<br>
><br>
><br>
> Today's Topics:<br>
><br>
> 1. [PATCH] Add Beta versioning (Lynn Root)<br>
> 2. Re: [PATCH] Add Beta versioning (Petr Vobornik)<br>
> 3. Re: [PATCH] Add Beta versioning (Lynn Root)<br>
> 4. Re: [PATCH] Add Beta versioning (Martin Kosek)<br>
> 5. Re: [PATCH] 332 Do not require resolvable nameserver in DNS<br>
> install (Alexander Bokovoy)<br>
> 6. Re: [PATCH] 332 Do not require resolvable nameserver in DNS<br>
> install (Martin Kosek)<br>
> 7. Re: [PATCH] Switch %r specifiers to %s in Public errors<br>
> (Jan Cholasta)<br>
> 8. Re: [PATCH] 330 Disable global forwarding per-zone<br>
> (Rob Crittenden)<br>
> 9. Re: [PATCH] 330 Disable global forwarding per-zone (Martin<br>
> Kosek)<br>
><br>
><br>
> ----------------------------------------------------------------------<br>
><br>
> Message: 1<br>
> Date: Fri, 9 Nov 2012 07:43:31 -0500 (EST)<br>
> From: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>><br>
> To: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Subject: [Freeipa-devel] [PATCH] Add Beta versioning<br>
> Message-ID:<br>
> <<a href="mailto:943042161.7794393.1352465011767.JavaMail.root@redhat.com">943042161.7794393.1352465011767.JavaMail.root@redhat.com</a><br>
> <mailto:<a href="mailto:943042161.7794393.1352465011767.JavaMail.root@redhat.com">943042161.7794393.1352465011767.JavaMail.root@redhat.com</a>>><br>
> Content-Type: text/plain; charset="utf-8"<br>
><br>
> The VERSION file and Makefile now handles 'beta' release<br>
> parameters when making s/rpms.<br>
><br>
> Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2893" target="_blank">https://fedorahosted.org/freeipa/ticket/2893</a><br>
><br>
> Lynn Root<br>
> Associate Software Engineer<br>
> Red Hat<br>
><br>
> -------------- next part --------------<br>
> A non-text attachment was scrubbed...<br>
> Name: Add-Beta-versioning.patch<br>
> Type: text/x-patch<br>
> Size: 2522 bytes<br>
> Desc: not available<br>
> URL:<br>
> <<a href="https://www.redhat.com/archives/freeipa-devel/attachments/20121109/17627fbd/attachment.bin" target="_blank">https://www.redhat.com/archives/freeipa-devel/attachments/20121109/17627fbd/attachment.bin</a>><br>
><br>
> ------------------------------<br>
><br>
> Message: 2<br>
> Date: Fri, 09 Nov 2012 13:58:17 +0100<br>
> From: Petr Vobornik <<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a> <mailto:<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a>>><br>
> To: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>><br>
> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning<br>
> Message-ID: <<a href="mailto:509CFDE9.70002@redhat.com">509CFDE9.70002@redhat.com</a><br>
> <mailto:<a href="mailto:509CFDE9.70002@redhat.com">509CFDE9.70002@redhat.com</a>>><br>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
><br>
> On 11/09/2012 01:43 PM, Lynn Root wrote:<br>
> > The VERSION file and Makefile now handles 'beta' release<br>
> parameters when making s/rpms.<br>
> ><br>
> > Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2893" target="_blank">https://fedorahosted.org/freeipa/ticket/2893</a><br>
> ><br>
> > Lynn Root<br>
> > Associate Software Engineer<br>
> > Red Hat<br>
><br>
> Thanks for the patch.<br>
><br>
> In a next patch, I'd suggest to follow patch-naming conventions<br>
> <a href="https://fedorahosted.org/freeipa/wiki/PatchFormat" target="_blank">https://fedorahosted.org/freeipa/wiki/PatchFormat</a> . Also include the<br>
> patch number into a mail subject, it helps to keeping track of<br>
> patches.<br>
><br>
> --<br>
> Petr Vobornik<br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> Message: 3<br>
> Date: Fri, 9 Nov 2012 08:04:43 -0500 (EST)<br>
> From: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>><br>
> To: Petr Vobornik <<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a> <mailto:<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a>>><br>
> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning<br>
> Message-ID:<br>
> <<a href="mailto:1940773203.7804090.1352466283311.JavaMail.root@redhat.com">1940773203.7804090.1352466283311.JavaMail.root@redhat.com</a><br>
> <mailto:<a href="mailto:1940773203.7804090.1352466283311.JavaMail.root@redhat.com">1940773203.7804090.1352466283311.JavaMail.root@redhat.com</a>>><br>
> Content-Type: text/plain; charset=utf-8<br>
><br>
> Ah thank you - was going by the "Submit Changes" portion in<br>
> <a href="http://freeipa.org/page/Contribute#Development_Process" target="_blank">http://freeipa.org/page/Contribute#Development_Process</a>, which has<br>
> less information (but clearly did not notice the Patch Format link<br>
> right above).<br>
><br>
> Lynn Root<br>
> Associate Software Engineer<br>
> Red Hat<br>
><br>
> ----- Original Message -----<br>
> From: "Petr Vobornik" <<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a><br>
> <mailto:<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a>>><br>
> To: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>><br>
> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Sent: Friday, November 9, 2012 1:58:17 PM<br>
> Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning<br>
><br>
> On 11/09/2012 01:43 PM, Lynn Root wrote:<br>
> > The VERSION file and Makefile now handles 'beta' release<br>
> parameters when making s/rpms.<br>
> ><br>
> > Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2893" target="_blank">https://fedorahosted.org/freeipa/ticket/2893</a><br>
> ><br>
> > Lynn Root<br>
> > Associate Software Engineer<br>
> > Red Hat<br>
><br>
> Thanks for the patch.<br>
><br>
> In a next patch, I'd suggest to follow patch-naming conventions<br>
> <a href="https://fedorahosted.org/freeipa/wiki/PatchFormat" target="_blank">https://fedorahosted.org/freeipa/wiki/PatchFormat</a> . Also include the<br>
> patch number into a mail subject, it helps to keeping track of<br>
> patches.<br>
><br>
> --<br>
> Petr Vobornik<br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> Message: 4<br>
> Date: Fri, 09 Nov 2012 14:07:05 +0100<br>
> From: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>><br>
> To: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>><br>
> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning<br>
> Message-ID: <<a href="mailto:509CFFF9.2070906@redhat.com">509CFFF9.2070906@redhat.com</a><br>
> <mailto:<a href="mailto:509CFFF9.2070906@redhat.com">509CFFF9.2070906@redhat.com</a>>><br>
> Content-Type: text/plain; charset=ISO-8859-1<br>
><br>
> Actually, there is a link in the Contribute wiki page for the<br>
> Patch format page:<br>
><br>
> ...<br>
> Patch Format - Guidance about the patch format<br>
> ...<br>
><br>
> We may want to make it more visible...<br>
><br>
> Martin<br>
><br>
> On 11/09/2012 02:04 PM, Lynn Root wrote:<br>
> > Ah thank you - was going by the "Submit Changes" portion in<br>
> <a href="http://freeipa.org/page/Contribute#Development_Process" target="_blank">http://freeipa.org/page/Contribute#Development_Process</a>, which has<br>
> less information (but clearly did not notice the Patch Format link<br>
> right above).<br>
> ><br>
> > Lynn Root<br>
> > Associate Software Engineer<br>
> > Red Hat<br>
> ><br>
> > ----- Original Message -----<br>
> > From: "Petr Vobornik" <<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a><br>
> <mailto:<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a>>><br>
> > To: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>><br>
> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> > Sent: Friday, November 9, 2012 1:58:17 PM<br>
> > Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning<br>
> ><br>
> > On 11/09/2012 01:43 PM, Lynn Root wrote:<br>
> >> The VERSION file and Makefile now handles 'beta' release<br>
> parameters when making s/rpms.<br>
> >><br>
> >> Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2893" target="_blank">https://fedorahosted.org/freeipa/ticket/2893</a><br>
> >><br>
> >> Lynn Root<br>
> >> Associate Software Engineer<br>
> >> Red Hat<br>
> ><br>
> > Thanks for the patch.<br>
> ><br>
> > In a next patch, I'd suggest to follow patch-naming conventions<br>
> > <a href="https://fedorahosted.org/freeipa/wiki/PatchFormat" target="_blank">https://fedorahosted.org/freeipa/wiki/PatchFormat</a> . Also include the<br>
> > patch number into a mail subject, it helps to keeping track of<br>
> patches.<br>
> ><br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> Message: 5<br>
> Date: Fri, 9 Nov 2012 15:15:09 +0200<br>
> From: Alexander Bokovoy <<a href="mailto:abokovoy@redhat.com">abokovoy@redhat.com</a><br>
> <mailto:<a href="mailto:abokovoy@redhat.com">abokovoy@redhat.com</a>>><br>
> To: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>><br>
> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Subject: Re: [Freeipa-devel] [PATCH] 332 Do not require resolvable<br>
> nameserver in DNS install<br>
> Message-ID: <<a href="mailto:20121109131509.GB14850@redhat.com">20121109131509.GB14850@redhat.com</a><br>
> <mailto:<a href="mailto:20121109131509.GB14850@redhat.com">20121109131509.GB14850@redhat.com</a>>><br>
> Content-Type: text/plain; charset=us-ascii; format=flowed<br>
><br>
> On Fri, 09 Nov 2012, Martin Kosek wrote:<br>
> >As named.conf and bind-dyndb-plugin is not set up yet during DNS<br>
> >configuration phase, IPA hostname (i.e. the nameserver) should not<br>
> >be required be to resolvable in this phase.<br>
> ><br>
> ><a href="https://fedorahosted.org/freeipa/ticket/3248" target="_blank">https://fedorahosted.org/freeipa/ticket/3248</a><br>
> ACK.<br>
><br>
> --<br>
> / Alexander Bokovoy<br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> Message: 6<br>
> Date: Fri, 09 Nov 2012 14:26:18 +0100<br>
> From: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>><br>
> To: Alexander Bokovoy <<a href="mailto:abokovoy@redhat.com">abokovoy@redhat.com</a><br>
> <mailto:<a href="mailto:abokovoy@redhat.com">abokovoy@redhat.com</a>>><br>
> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Subject: Re: [Freeipa-devel] [PATCH] 332 Do not require resolvable<br>
> nameserver in DNS install<br>
> Message-ID: <<a href="mailto:509D047A.5030309@redhat.com">509D047A.5030309@redhat.com</a><br>
> <mailto:<a href="mailto:509D047A.5030309@redhat.com">509D047A.5030309@redhat.com</a>>><br>
> Content-Type: text/plain; charset=ISO-8859-1<br>
><br>
> On 11/09/2012 02:15 PM, Alexander Bokovoy wrote:<br>
> > On Fri, 09 Nov 2012, Martin Kosek wrote:<br>
> >> As named.conf and bind-dyndb-plugin is not set up yet during DNS<br>
> >> configuration phase, IPA hostname (i.e. the nameserver) should not<br>
> >> be required be to resolvable in this phase.<br>
> >><br>
> >> <a href="https://fedorahosted.org/freeipa/ticket/3248" target="_blank">https://fedorahosted.org/freeipa/ticket/3248</a><br>
> > ACK.<br>
> ><br>
><br>
> Pushed to master, ipa-3-0.<br>
><br>
> Martin<br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> Message: 7<br>
> Date: Fri, 09 Nov 2012 15:25:20 +0100<br>
> From: Jan Cholasta <<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a> <mailto:<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a>>><br>
> To: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>><br>
> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Subject: Re: [Freeipa-devel] [PATCH] Switch %r specifiers to %s in<br>
> Public errors<br>
> Message-ID: <<a href="mailto:509D1250.5060404@redhat.com">509D1250.5060404@redhat.com</a><br>
> <mailto:<a href="mailto:509D1250.5060404@redhat.com">509D1250.5060404@redhat.com</a>>><br>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
><br>
> On 8.11.2012 17:22, Lynn Root wrote:<br>
> > Hmm I hope I understand well enough this time around.<br>
> ><br>
> > However, when I run the tests, there's this one error message I<br>
> come across from `test_user[97]: user_add: Create u'tuser2'` - it<br>
> throws `DatabaseError: Type or value exists`. I'm a bit lost on<br>
> how to track this down.<br>
> ><br>
> > Once again - thanks for your help!<br>
> ><br>
> > Lynn Root<br>
> > Associate Software Engineer<br>
> > Red Hat<br>
> ><br>
> > ----- Original Message -----<br>
> > From: "Martin Kosek" <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>><br>
> > To: "Jan Cholasta" <<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a><br>
> <mailto:<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a>>><br>
> > Cc: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>>,<br>
> <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> > Sent: Thursday, November 8, 2012 8:46:42 AM<br>
> > Subject: Re: [Freeipa-devel] [PATCH] Switch %r specifiers to %s<br>
> in Public errors<br>
> ><br>
> > On 11/07/2012 06:46 PM, Jan Cholasta wrote:<br>
> >> On 7.11.2012 16:08, Lynn Root wrote:<br>
> >>> Third time is a charm?<br>
> >>><br>
> >>> Lynn Root<br>
> >>> Associate Software Engineer<br>
> >>> Red Hat<br>
> >>><br>
> >>> ----- Original Message -----<br>
> >>> From: "Jan Cholasta" <<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a><br>
> <mailto:<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a>>><br>
> >>> To: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>><br>
> >>> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> >>> Sent: Monday, November 5, 2012 10:25:32 AM<br>
> >>> Subject: Re: [Freeipa-devel] [PATCH] Switch %r specifiers to<br>
> %s in Public errors<br>
> >>><br>
> >>> On 5.11.2012 09:43, Lynn Root wrote:<br>
> >>>> Here's try #2! Adjusted patch attached. Let me know if<br>
> there's anything<br>
> >>>> else I've missed.<br>
> >>>><br>
> >>>> Switched %r specifiers to '%s' in Public errors, and adjusted<br>
> tests to<br>
> >>>> expect no preceding 'u'.<br>
> >>>><br>
> >>>> Tickets: <a href="https://fedorahosted.org/freeipa/ticket/3121" target="_blank">https://fedorahosted.org/freeipa/ticket/3121</a> &<br>
> >>>> <a href="https://fedorahosted.org/freeipa/ticket/2588" target="_blank">https://fedorahosted.org/freeipa/ticket/2588</a><br>
> >>>><br>
> >>>> Lynn Root<br>
> >>>> Associate Software Engineer<br>
> >>>> Red Hat<br>
> >>>><br>
> >>>> ----- Original Message -----<br>
> >>>> From: "Martin Kosek" <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a><br>
> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>><br>
> >>>> To: "Jan Cholasta" <<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a><br>
> <mailto:<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a>>><br>
> >>>> Cc: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>>,<br>
> <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> >>>> Sent: Tuesday, October 30, 2012 9:08:33 AM<br>
> >>>> Subject: Re: [Freeipa-devel] [PATCH] Switch %r specifiers to<br>
> %s in Public<br>
> >>>> errors<br>
> >>>><br>
> >>>> On 10/30/2012 09:04 AM, Jan Cholasta wrote:<br>
> >>>>> Hi,<br>
> >>>>><br>
> >>>>> On 29.10.2012 19:54, Lynn Root wrote:<br>
> >>>>>> Hi all!<br>
> >>>>>><br>
> >>>>>> This switch drops the preceding 'u' from strings in public<br>
> error messages.<br>
> >>>>>><br>
> >>>>>> Ticket: <a href="https://fedorahosted.org/freeipa/ticket/3121" target="_blank">https://fedorahosted.org/freeipa/ticket/3121</a><br>
> >>>>>><br>
> >>>>>> This patch also addresses the unfriendly 'u' from<br>
> re-raising errors from the<br>
> >>>>>> external call to netaddr.IPAddress by passing a bytestring<br>
> to the function.<br>
> >>>>>><br>
> >>>>>> Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2588" target="_blank">https://fedorahosted.org/freeipa/ticket/2588</a><br>
> >>>>>><br>
> >>>>>><br>
> >>>>>> My first patch (and freeipa dev list email) ever! Let me<br>
> know where there's<br>
> >>>>>> room to improve.<br>
> >>>>>><br>
> >>>>>> Lynn Root<br>
> >>>>>> Associate Software Engineer<br>
> >>>>>> Red Hat<br>
> >>>>>><br>
> >>>>><br>
> >>>>> I think it would be nice if you kept the quotes around the<br>
> values, as that is<br>
> >>>>> probably the reason "%r" was used in the first place - i.e.<br>
> use "'%s'" instead<br>
> >>>>> of plain "%s".<br>
> >>>><br>
> >>>> +1<br>
> >>>><br>
> >>>> With current patch, I assume that a lot of unit tests will<br>
> fail as they check<br>
> >>>> exact error message wording. I'd recommend running the whole<br>
> test suite with<br>
> >>>> your second patch revision. There is a short walkthrough how<br>
> to set it up:<br>
> >>>><br>
> >>>> <a href="http://freeipa.org/page/Testing" target="_blank">http://freeipa.org/page/Testing</a><br>
> >>>><br>
> >>>> Martin<br>
> >>>><br>
> >>><br>
> >>> You missed a few:<br>
> >>><br>
> >>> $ git grep -En '%(\(.*?\))?r'<br>
> >>><br>
> >>> Honza<br>
> >>><br>
> >><br>
> >> I think you have gone too far this time :-) It is not necessary<br>
> (or wise) to<br>
> >> get rid of %r *everywhere* in the code.<br>
> ><br>
> > Thanks Honza for pointing that out. It seems I missed that in<br>
> yesterday's<br>
> > review. Now, when I look at it, it indeed is not right.<br>
> ><br>
> >><br>
> >> A few rules to keep in mind:<br>
> >><br>
> >> * If it is not an error message, do not touch it (log<br>
> messages are not error<br>
> >> messages BTW).<br>
> >><br>
> >> * If it is an error message for an exception that does not<br>
> inherit from<br>
> >> errors.PublicError, do not touch it (there might be a few<br>
> exceptions, though).<br>
> ><br>
> > Right. But for example, your netaddr str conversions should be<br>
> fine since the<br>
> > netaddr error is propagated up to the ValidationError.<br>
> ><br>
> > Martin<br>
> ><br>
> >><br>
> >> * Use '%s' (%s with ticks) only for arguments whose value<br>
> can be only str or<br>
> >> unicode.<br>
> >><br>
> >> Honza<br>
> >><br>
> ><br>
><br>
> This is better, thanks.<br>
><br>
> In OverlapError.format, remove the ticks around %s, as we expect a<br>
> list<br>
> here (I think we could make it look prettier, similar to what<br>
> Martin did<br>
> in<br>
> <<a href="https://fedorahosted.org/freeipa/changeset/988ea368272822f2153563ad34554240e3377d60/" target="_blank">https://fedorahosted.org/freeipa/changeset/988ea368272822f2153563ad34554240e3377d60/</a>>,<br>
> but I'm not sure if we want to do it in this ticket/patch).<br>
><br>
> I'm not sure what to do about the ValidationError at<br>
> ipalib/parameters.py:882 and ipalib/parameters.py:1171. I think it<br>
> should be "TypeError(TYPE_ERROR % (<a href="http://self.name" target="_blank">self.name</a> <<a href="http://self.name" target="_blank">http://self.name</a>>,<br>
> self.type, value,<br>
> type(value)))" instead, as by the time parameters are validated<br>
> they are<br>
> the right type.<br>
><br>
> Also there is one %r you missed in ipalib/parameters.py:1554.<br>
><br>
> Honza<br>
><br>
> --<br>
> Jan Cholasta<br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> Message: 8<br>
> Date: Fri, 09 Nov 2012 09:36:20 -0500<br>
> From: Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>><br>
> To: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>><br>
> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Subject: Re: [Freeipa-devel] [PATCH] 330 Disable global forwarding<br>
> per-zone<br>
> Message-ID: <<a href="mailto:509D14E4.70209@redhat.com">509D14E4.70209@redhat.com</a><br>
> <mailto:<a href="mailto:509D14E4.70209@redhat.com">509D14E4.70209@redhat.com</a>>><br>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
><br>
> Martin Kosek wrote:<br>
> > On 11/02/2012 11:08 AM, Martin Kosek wrote:<br>
> >> On 11/02/2012 10:51 AM, Jan Cholasta wrote:<br>
> >>> Hi,<br>
> >>><br>
> >>> On 2.11.2012 09:12, Martin Kosek wrote:<br>
> >>>> On 11/01/2012 09:01 PM, Rob Crittenden wrote:<br>
> >>>>> Martin Kosek wrote:<br>
> >>>>>> bind-dyndb-ldap allows disabling global forwarder per-zone.<br>
> This may<br>
> >>>>>> be useful in a scenario when we do not want requests to<br>
> delegated<br>
> >>>>>> sub-zones (like <a href="http://sub.example.com" target="_blank">sub.example.com</a> <<a href="http://sub.example.com" target="_blank">http://sub.example.com</a>>.<br>
> in zone <a href="http://example.com" target="_blank">example.com</a> <<a href="http://example.com" target="_blank">http://example.com</a>>.) to be routed<br>
> >>>>>> through global forwarder.<br>
> >>>>>><br>
> >>>>>> Few lines to help added to explain the feature to users too.<br>
> >>>>>><br>
> >>>>>> <a href="https://fedorahosted.org/freeipa/ticket/3209" target="_blank">https://fedorahosted.org/freeipa/ticket/3209</a><br>
> >>>>>><br>
> >>>>><br>
> >>>>> Fix two minor problems and you have an ACK.<br>
> >>>>><br>
> >>>>> 1. It needs a minor rebase<br>
> >>>>> 2. The API needs to be updated<br>
> >>>>><br>
> >>>>> rob<br>
> >>>>><br>
> >>>><br>
> >>>> Fixed both. After a short discussion with Petr Spacek I also<br>
> added a<br>
> >>>> possibility to set global dnsconfig to NONE.<br>
> >>>><br>
> >>>> On a different note, I discovered that global forwarders in<br>
> >>>> bind-dyndb-ldap/bind are actually broken with referred<br>
> bind-dyndb-ldap/bind<br>
> >>>> version. Thus, we may want to bump bind-dyndb-ldap version in<br>
> spec when this is<br>
> >>>> resolved. (This should not affect diff in dns.py in any way).<br>
> >>>><br>
> >>>> Martin<br>
> >>>><br>
> >>><br>
> >>> This might be a stupid question, but why is "NONE" in upper<br>
> case and the rest<br>
> >>> of the values in lower case?<br>
> >>><br>
> >>> Honza<br>
> >>><br>
> >><br>
> >> This really doesn't matter function-wise, as bind-dydnb-ldap<br>
> does the<br>
> >> comparison in case insensitive way. My original intention was<br>
> to be consistent<br>
> >> with other NONE values we use across IPA and to distinguish the<br>
> value from<br>
> >> valid BIND values.<br>
> >><br>
> >> But you are right that within dns plugin it makes more sense to<br>
> have it all<br>
> >> lowercase.<br>
> >><br>
> >> Updated patch attached.<br>
> >><br>
> >> Martin<br>
> >><br>
> ><br>
> > bind-dyndb-ldap with fixed forwarding has been released. Sending<br>
> an updated<br>
> > patch for both master and ipa-3-0 branches with its version in<br>
> our spec file.<br>
> ><br>
> > Martin<br>
> ><br>
><br>
> ACK x2<br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> Message: 9<br>
> Date: Fri, 09 Nov 2012 15:40:06 +0100<br>
> From: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>><br>
> To: Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>><br>
> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>><br>
> Subject: Re: [Freeipa-devel] [PATCH] 330 Disable global forwarding<br>
> per-zone<br>
> Message-ID: <<a href="mailto:509D15C6.7090806@redhat.com">509D15C6.7090806@redhat.com</a><br>
> <mailto:<a href="mailto:509D15C6.7090806@redhat.com">509D15C6.7090806@redhat.com</a>>><br>
> Content-Type: text/plain; charset=ISO-8859-1<br>
><br>
> On 11/09/2012 03:36 PM, Rob Crittenden wrote:<br>
> > Martin Kosek wrote:<br>
> >> On 11/02/2012 11:08 AM, Martin Kosek wrote:<br>
> >>> On 11/02/2012 10:51 AM, Jan Cholasta wrote:<br>
> >>>> Hi,<br>
> >>>><br>
> >>>> On 2.11.2012 09:12, Martin Kosek wrote:<br>
> >>>>> On 11/01/2012 09:01 PM, Rob Crittenden wrote:<br>
> >>>>>> Martin Kosek wrote:<br>
> >>>>>>> bind-dyndb-ldap allows disabling global forwarder<br>
> per-zone. This may<br>
> >>>>>>> be useful in a scenario when we do not want requests to<br>
> delegated<br>
> >>>>>>> sub-zones (like <a href="http://sub.example.com" target="_blank">sub.example.com</a> <<a href="http://sub.example.com" target="_blank">http://sub.example.com</a>>.<br>
> in zone <a href="http://example.com" target="_blank">example.com</a> <<a href="http://example.com" target="_blank">http://example.com</a>>.) to be routed<br>
> >>>>>>> through global forwarder.<br>
> >>>>>>><br>
> >>>>>>> Few lines to help added to explain the feature to users too.<br>
> >>>>>>><br>
> >>>>>>> <a href="https://fedorahosted.org/freeipa/ticket/3209" target="_blank">https://fedorahosted.org/freeipa/ticket/3209</a><br>
> >>>>>>><br>
> >>>>>><br>
> >>>>>> Fix two minor problems and you have an ACK.<br>
> >>>>>><br>
> >>>>>> 1. It needs a minor rebase<br>
> >>>>>> 2. The API needs to be updated<br>
> >>>>>><br>
> >>>>>> rob<br>
> >>>>>><br>
> >>>>><br>
> >>>>> Fixed both. After a short discussion with Petr Spacek I also<br>
> added a<br>
> >>>>> possibility to set global dnsconfig to NONE.<br>
> >>>>><br>
> >>>>> On a different note, I discovered that global forwarders in<br>
> >>>>> bind-dyndb-ldap/bind are actually broken with referred<br>
> bind-dyndb-ldap/bind<br>
> >>>>> version. Thus, we may want to bump bind-dyndb-ldap version<br>
> in spec when<br>
> >>>>> this is<br>
> >>>>> resolved. (This should not affect diff in dns.py in any way).<br>
> >>>>><br>
> >>>>> Martin<br>
> >>>>><br>
> >>>><br>
> >>>> This might be a stupid question, but why is "NONE" in upper<br>
> case and the rest<br>
> >>>> of the values in lower case?<br>
> >>>><br>
> >>>> Honza<br>
> >>>><br>
> >>><br>
> >>> This really doesn't matter function-wise, as bind-dydnb-ldap<br>
> does the<br>
> >>> comparison in case insensitive way. My original intention was<br>
> to be consistent<br>
> >>> with other NONE values we use across IPA and to distinguish<br>
> the value from<br>
> >>> valid BIND values.<br>
> >>><br>
> >>> But you are right that within dns plugin it makes more sense<br>
> to have it all<br>
> >>> lowercase.<br>
> >>><br>
> >>> Updated patch attached.<br>
> >>><br>
> >>> Martin<br>
> >>><br>
> >><br>
> >> bind-dyndb-ldap with fixed forwarding has been released.<br>
> Sending an updated<br>
> >> patch for both master and ipa-3-0 branches with its version in<br>
> our spec file.<br>
> >><br>
> >> Martin<br>
> >><br>
> ><br>
> > ACK x2<br>
><br>
> Pushed to master, ipa-3-0.<br>
><br>
> Martin<br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> _______________________________________________<br>
> Freeipa-devel mailing list<br>
> <a href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a> <mailto:<a href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>><br>
> <a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a><br>
><br>
> End of Freeipa-devel Digest, Vol 66, Issue 34<br>
> *********************************************<br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Freeipa-devel mailing list<br>
> <a href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a><br>
<br>
<br>
--<br>
Thank you,<br>
Dmitri Pal<br>
<br>
Sr. Engineering Manager for IdM portfolio<br>
Red Hat Inc.<br>
<br>
<br>
-------------------------------<br>
Looking to carve out IT costs?<br>
<a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a><br>
<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://www.redhat.com/archives/freeipa-devel/attachments/20121112/78f25fec/attachment.html" target="_blank">https://www.redhat.com/archives/freeipa-devel/attachments/20121112/78f25fec/attachment.html</a>><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
Freeipa-devel mailing list<br>
<a href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a><br>
<br>
End of Freeipa-devel Digest, Vol 66, Issue 41<br>
*********************************************<br>
</blockquote></div><br></div>