Dear guys my Problem solved about sudoers config and i'm sorry about writer documention of ipa this section <div>binddn uid=sudo,cn=sysaccounts,cn=etc,dc=nise,dc=ir</div> <div>bindpw password</div><div> </div><div>ssl start_tls</div><div>tls_cacertfile /etc/ipa/ca.crt</div> <div>tls_checkpeer yes</div><div> </div><div>bind_timelimit 5</div><div>timelimit 15</div> <div> </div><div>uri ldap://<a rel="nofollow" href="http://fs1.wedgeofli.me">fs1.wedgeofli.me</a></div><div>sudoers_base ou=SUDOers,dc=wedgeofli,dc=me in document write this section must configure in nsld.conf but at this config file it's not work but when i put this in </div>/etc/sudo.ldap sudo work please change your document ,,, many peopel same me mybe working 3 week at this problem and not found any solution for this document it's biggest bug in ipa regards moeini <div class="gmail_extra"> <div class="gmail_quote">On Mon, Nov 12, 2012 at 5:49 PM, <<a href="mailto:freeipa-devel-request@redhat.com" target="_blank">freeipa-devel-request@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Freeipa-devel mailing list submissions to <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> To subscribe or unsubscribe via the World Wide Web, visit <a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a> or, via email, send a message with subject or body 'help' to <a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a> You can reach the person managing the list at <a href="mailto:freeipa-devel-owner@redhat.com">freeipa-devel-owner@redhat.com</a> When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeipa-devel digest..." Today's Topics: 1. Re: Freeipa-devel Digest, Vol 66, Issue 34 (Dmitri Pal) ---------------------------------------------------------------------- Message: 1 Date: Mon, 12 Nov 2012 09:19:32 -0500 From: Dmitri Pal <<a href="mailto:dpal@redhat.com">dpal@redhat.com</a>> To: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> Subject: Re: [Freeipa-devel] Freeipa-devel Digest, Vol 66, Issue 34 Message-ID: <<a href="mailto:50A10574.8050303@redhat.com">50A10574.8050303@redhat.com</a>> Content-Type: text/plain; charset="iso-8859-1" On 11/10/2012 09:14 AM, mohammad moeini wrote: > Dear Guyes > > i'm AAA Server administrator , I use freeipa for AAA server > i Have a Centos server and 50 client debian > i use the ipa v 3 and now have problem with join ipa clients becuse > not exisixt upper 2.1.4 package in debian distru > when i want compile ipa client on the folder ipa-client in cource get > the error krb5.h not exist , please help me anout dependency on the > freeipa v 3 o r say to me how can i config ipa v 3 for supporting ipa > client v 2.1.4 > > Another my question is about sudoers i config sudoers seem of the all > domcumention free ipa and testing many soulution from Ldap or freeipa > or another way seem nscd.conf or sssd.conf or .... but not working and > just say to me your user is not is sudoers ,,, i don't know i must > doing any config in ldap schema or must create suoers group > please help me ,,, i run freeipa for first time in middle ease and i > want grow this at this point of world > Have you seen couple threads on freeipa-users about SUDO this and last month? Just search the archives. They have a lot of hints on how to configure sudo and make sure it works. SUDO changed the name of its config file recently and that have be a source of confusion is some cases. Anyways please read those threads and try to follow the instructions there (posts from JR are very helpful). If you still have problems please let us know more details. > Regards Moeini > > > On Fri, Nov 9, 2012 at 6:40 PM, <<a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a> > <mailto:<a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a>>> wrote: > > Send Freeipa-devel mailing list submissions to > <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > > To subscribe or unsubscribe via the World Wide Web, visit > <a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a> > or, via email, send a message with subject or body 'help' to > <a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a> > <mailto:<a href="mailto:freeipa-devel-request@redhat.com">freeipa-devel-request@redhat.com</a>> > > You can reach the person managing the list at > <a href="mailto:freeipa-devel-owner@redhat.com">freeipa-devel-owner@redhat.com</a> > <mailto:<a href="mailto:freeipa-devel-owner@redhat.com">freeipa-devel-owner@redhat.com</a>> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeipa-devel digest..." > > > Today's Topics: > > 1. [PATCH] Add Beta versioning (Lynn Root) > 2. Re: [PATCH] Add Beta versioning (Petr Vobornik) > 3. Re: [PATCH] Add Beta versioning (Lynn Root) > 4. Re: [PATCH] Add Beta versioning (Martin Kosek) > 5. Re: [PATCH] 332 Do not require resolvable nameserver in DNS > install (Alexander Bokovoy) > 6. Re: [PATCH] 332 Do not require resolvable nameserver in DNS > install (Martin Kosek) > 7. Re: [PATCH] Switch %r specifiers to %s in Public errors > (Jan Cholasta) > 8. Re: [PATCH] 330 Disable global forwarding per-zone > (Rob Crittenden) > 9. Re: [PATCH] 330 Disable global forwarding per-zone (Martin > Kosek) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 9 Nov 2012 07:43:31 -0500 (EST) > From: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>> > To: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Subject: [Freeipa-devel] [PATCH] Add Beta versioning > Message-ID: > <<a href="mailto:943042161.7794393.1352465011767.JavaMail.root@redhat.com">943042161.7794393.1352465011767.JavaMail.root@redhat.com</a> > <mailto:<a href="mailto:943042161.7794393.1352465011767.JavaMail.root@redhat.com">943042161.7794393.1352465011767.JavaMail.root@redhat.com</a>>> > Content-Type: text/plain; charset="utf-8" > > The VERSION file and Makefile now handles 'beta' release > parameters when making s/rpms. > > Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2893" target="_blank">https://fedorahosted.org/freeipa/ticket/2893</a> > > Lynn Root > Associate Software Engineer > Red Hat > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Add-Beta-versioning.patch > Type: text/x-patch > Size: 2522 bytes > Desc: not available > URL: > <<a href="https://www.redhat.com/archives/freeipa-devel/attachments/20121109/17627fbd/attachment.bin" target="_blank">https://www.redhat.com/archives/freeipa-devel/attachments/20121109/17627fbd/attachment.bin</a>> > > ------------------------------ > > Message: 2 > Date: Fri, 09 Nov 2012 13:58:17 +0100 > From: Petr Vobornik <<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a> <mailto:<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a>>> > To: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning > Message-ID: <<a href="mailto:509CFDE9.70002@redhat.com">509CFDE9.70002@redhat.com</a> > <mailto:<a href="mailto:509CFDE9.70002@redhat.com">509CFDE9.70002@redhat.com</a>>> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 11/09/2012 01:43 PM, Lynn Root wrote: > > The VERSION file and Makefile now handles 'beta' release > parameters when making s/rpms. > > > > Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2893" target="_blank">https://fedorahosted.org/freeipa/ticket/2893</a> > > > > Lynn Root > > Associate Software Engineer > > Red Hat > > Thanks for the patch. > > In a next patch, I'd suggest to follow patch-naming conventions > <a href="https://fedorahosted.org/freeipa/wiki/PatchFormat" target="_blank">https://fedorahosted.org/freeipa/wiki/PatchFormat</a> . Also include the > patch number into a mail subject, it helps to keeping track of > patches. > > -- > Petr Vobornik > > > > ------------------------------ > > Message: 3 > Date: Fri, 9 Nov 2012 08:04:43 -0500 (EST) > From: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>> > To: Petr Vobornik <<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a> <mailto:<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a>>> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning > Message-ID: > <<a href="mailto:1940773203.7804090.1352466283311.JavaMail.root@redhat.com">1940773203.7804090.1352466283311.JavaMail.root@redhat.com</a> > <mailto:<a href="mailto:1940773203.7804090.1352466283311.JavaMail.root@redhat.com">1940773203.7804090.1352466283311.JavaMail.root@redhat.com</a>>> > Content-Type: text/plain; charset=utf-8 > > Ah thank you - was going by the "Submit Changes" portion in > <a href="http://freeipa.org/page/Contribute#Development_Process" target="_blank">http://freeipa.org/page/Contribute#Development_Process</a>, which has > less information (but clearly did not notice the Patch Format link > right above). > > Lynn Root > Associate Software Engineer > Red Hat > > ----- Original Message ----- > From: "Petr Vobornik" <<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a> > <mailto:<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a>>> > To: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Sent: Friday, November 9, 2012 1:58:17 PM > Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning > > On 11/09/2012 01:43 PM, Lynn Root wrote: > > The VERSION file and Makefile now handles 'beta' release > parameters when making s/rpms. > > > > Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2893" target="_blank">https://fedorahosted.org/freeipa/ticket/2893</a> > > > > Lynn Root > > Associate Software Engineer > > Red Hat > > Thanks for the patch. > > In a next patch, I'd suggest to follow patch-naming conventions > <a href="https://fedorahosted.org/freeipa/wiki/PatchFormat" target="_blank">https://fedorahosted.org/freeipa/wiki/PatchFormat</a> . Also include the > patch number into a mail subject, it helps to keeping track of > patches. > > -- > Petr Vobornik > > > > ------------------------------ > > Message: 4 > Date: Fri, 09 Nov 2012 14:07:05 +0100 > From: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>> > To: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning > Message-ID: <<a href="mailto:509CFFF9.2070906@redhat.com">509CFFF9.2070906@redhat.com</a> > <mailto:<a href="mailto:509CFFF9.2070906@redhat.com">509CFFF9.2070906@redhat.com</a>>> > Content-Type: text/plain; charset=ISO-8859-1 > > Actually, there is a link in the Contribute wiki page for the > Patch format page: > > ... > Patch Format - Guidance about the patch format > ... > > We may want to make it more visible... > > Martin > > On 11/09/2012 02:04 PM, Lynn Root wrote: > > Ah thank you - was going by the "Submit Changes" portion in > <a href="http://freeipa.org/page/Contribute#Development_Process" target="_blank">http://freeipa.org/page/Contribute#Development_Process</a>, which has > less information (but clearly did not notice the Patch Format link > right above). > > > > Lynn Root > > Associate Software Engineer > > Red Hat > > > > ----- Original Message ----- > > From: "Petr Vobornik" <<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a> > <mailto:<a href="mailto:pvoborni@redhat.com">pvoborni@redhat.com</a>>> > > To: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>> > > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > > Sent: Friday, November 9, 2012 1:58:17 PM > > Subject: Re: [Freeipa-devel] [PATCH] Add Beta versioning > > > > On 11/09/2012 01:43 PM, Lynn Root wrote: > >> The VERSION file and Makefile now handles 'beta' release > parameters when making s/rpms. > >> > >> Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2893" target="_blank">https://fedorahosted.org/freeipa/ticket/2893</a> > >> > >> Lynn Root > >> Associate Software Engineer > >> Red Hat > > > > Thanks for the patch. > > > > In a next patch, I'd suggest to follow patch-naming conventions > > <a href="https://fedorahosted.org/freeipa/wiki/PatchFormat" target="_blank">https://fedorahosted.org/freeipa/wiki/PatchFormat</a> . Also include the > > patch number into a mail subject, it helps to keeping track of > patches. > > > > > > ------------------------------ > > Message: 5 > Date: Fri, 9 Nov 2012 15:15:09 +0200 > From: Alexander Bokovoy <<a href="mailto:abokovoy@redhat.com">abokovoy@redhat.com</a> > <mailto:<a href="mailto:abokovoy@redhat.com">abokovoy@redhat.com</a>>> > To: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Subject: Re: [Freeipa-devel] [PATCH] 332 Do not require resolvable > nameserver in DNS install > Message-ID: <<a href="mailto:20121109131509.GB14850@redhat.com">20121109131509.GB14850@redhat.com</a> > <mailto:<a href="mailto:20121109131509.GB14850@redhat.com">20121109131509.GB14850@redhat.com</a>>> > Content-Type: text/plain; charset=us-ascii; format=flowed > > On Fri, 09 Nov 2012, Martin Kosek wrote: > >As named.conf and bind-dyndb-plugin is not set up yet during DNS > >configuration phase, IPA hostname (i.e. the nameserver) should not > >be required be to resolvable in this phase. > > > ><a href="https://fedorahosted.org/freeipa/ticket/3248" target="_blank">https://fedorahosted.org/freeipa/ticket/3248</a> > ACK. > > -- > / Alexander Bokovoy > > > > ------------------------------ > > Message: 6 > Date: Fri, 09 Nov 2012 14:26:18 +0100 > From: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>> > To: Alexander Bokovoy <<a href="mailto:abokovoy@redhat.com">abokovoy@redhat.com</a> > <mailto:<a href="mailto:abokovoy@redhat.com">abokovoy@redhat.com</a>>> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Subject: Re: [Freeipa-devel] [PATCH] 332 Do not require resolvable > nameserver in DNS install > Message-ID: <<a href="mailto:509D047A.5030309@redhat.com">509D047A.5030309@redhat.com</a> > <mailto:<a href="mailto:509D047A.5030309@redhat.com">509D047A.5030309@redhat.com</a>>> > Content-Type: text/plain; charset=ISO-8859-1 > > On 11/09/2012 02:15 PM, Alexander Bokovoy wrote: > > On Fri, 09 Nov 2012, Martin Kosek wrote: > >> As named.conf and bind-dyndb-plugin is not set up yet during DNS > >> configuration phase, IPA hostname (i.e. the nameserver) should not > >> be required be to resolvable in this phase. > >> > >> <a href="https://fedorahosted.org/freeipa/ticket/3248" target="_blank">https://fedorahosted.org/freeipa/ticket/3248</a> > > ACK. > > > > Pushed to master, ipa-3-0. > > Martin > > > > ------------------------------ > > Message: 7 > Date: Fri, 09 Nov 2012 15:25:20 +0100 > From: Jan Cholasta <<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a> <mailto:<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a>>> > To: Lynn Root <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Subject: Re: [Freeipa-devel] [PATCH] Switch %r specifiers to %s in > Public errors > Message-ID: <<a href="mailto:509D1250.5060404@redhat.com">509D1250.5060404@redhat.com</a> > <mailto:<a href="mailto:509D1250.5060404@redhat.com">509D1250.5060404@redhat.com</a>>> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 8.11.2012 17:22, Lynn Root wrote: > > Hmm I hope I understand well enough this time around. > > > > However, when I run the tests, there's this one error message I > come across from `test_user[97]: user_add: Create u'tuser2'` - it > throws `DatabaseError: Type or value exists`. I'm a bit lost on > how to track this down. > > > > Once again - thanks for your help! > > > > Lynn Root > > Associate Software Engineer > > Red Hat > > > > ----- Original Message ----- > > From: "Martin Kosek" <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>> > > To: "Jan Cholasta" <<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a> > <mailto:<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a>>> > > Cc: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>>, > <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > > Sent: Thursday, November 8, 2012 8:46:42 AM > > Subject: Re: [Freeipa-devel] [PATCH] Switch %r specifiers to %s > in Public errors > > > > On 11/07/2012 06:46 PM, Jan Cholasta wrote: > >> On 7.11.2012 16:08, Lynn Root wrote: > >>> Third time is a charm? > >>> > >>> Lynn Root > >>> Associate Software Engineer > >>> Red Hat > >>> > >>> ----- Original Message ----- > >>> From: "Jan Cholasta" <<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a> > <mailto:<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a>>> > >>> To: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>> > >>> Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > >>> Sent: Monday, November 5, 2012 10:25:32 AM > >>> Subject: Re: [Freeipa-devel] [PATCH] Switch %r specifiers to > %s in Public errors > >>> > >>> On 5.11.2012 09:43, Lynn Root wrote: > >>>> Here's try #2! Adjusted patch attached. Let me know if > there's anything > >>>> else I've missed. > >>>> > >>>> Switched %r specifiers to '%s' in Public errors, and adjusted > tests to > >>>> expect no preceding 'u'. > >>>> > >>>> Tickets: <a href="https://fedorahosted.org/freeipa/ticket/3121" target="_blank">https://fedorahosted.org/freeipa/ticket/3121</a> & > >>>> <a href="https://fedorahosted.org/freeipa/ticket/2588" target="_blank">https://fedorahosted.org/freeipa/ticket/2588</a> > >>>> > >>>> Lynn Root > >>>> Associate Software Engineer > >>>> Red Hat > >>>> > >>>> ----- Original Message ----- > >>>> From: "Martin Kosek" <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> > <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>> > >>>> To: "Jan Cholasta" <<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a> > <mailto:<a href="mailto:jcholast@redhat.com">jcholast@redhat.com</a>>> > >>>> Cc: "Lynn Root" <<a href="mailto:lroot@redhat.com">lroot@redhat.com</a> <mailto:<a href="mailto:lroot@redhat.com">lroot@redhat.com</a>>>, > <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > >>>> Sent: Tuesday, October 30, 2012 9:08:33 AM > >>>> Subject: Re: [Freeipa-devel] [PATCH] Switch %r specifiers to > %s in Public > >>>> errors > >>>> > >>>> On 10/30/2012 09:04 AM, Jan Cholasta wrote: > >>>>> Hi, > >>>>> > >>>>> On 29.10.2012 19:54, Lynn Root wrote: > >>>>>> Hi all! > >>>>>> > >>>>>> This switch drops the preceding 'u' from strings in public > error messages. > >>>>>> > >>>>>> Ticket: <a href="https://fedorahosted.org/freeipa/ticket/3121" target="_blank">https://fedorahosted.org/freeipa/ticket/3121</a> > >>>>>> > >>>>>> This patch also addresses the unfriendly 'u' from > re-raising errors from the > >>>>>> external call to netaddr.IPAddress by passing a bytestring > to the function. > >>>>>> > >>>>>> Ticket: <a href="https://fedorahosted.org/freeipa/ticket/2588" target="_blank">https://fedorahosted.org/freeipa/ticket/2588</a> > >>>>>> > >>>>>> > >>>>>> My first patch (and freeipa dev list email) ever! Let me > know where there's > >>>>>> room to improve. > >>>>>> > >>>>>> Lynn Root > >>>>>> Associate Software Engineer > >>>>>> Red Hat > >>>>>> > >>>>> > >>>>> I think it would be nice if you kept the quotes around the > values, as that is > >>>>> probably the reason "%r" was used in the first place - i.e. > use "'%s'" instead > >>>>> of plain "%s". > >>>> > >>>> +1 > >>>> > >>>> With current patch, I assume that a lot of unit tests will > fail as they check > >>>> exact error message wording. I'd recommend running the whole > test suite with > >>>> your second patch revision. There is a short walkthrough how > to set it up: > >>>> > >>>> <a href="http://freeipa.org/page/Testing" target="_blank">http://freeipa.org/page/Testing</a> > >>>> > >>>> Martin > >>>> > >>> > >>> You missed a few: > >>> > >>> $ git grep -En '%($.*?$)?r' > >>> > >>> Honza > >>> > >> > >> I think you have gone too far this time :-) It is not necessary > (or wise) to > >> get rid of %r *everywhere* in the code. > > > > Thanks Honza for pointing that out. It seems I missed that in > yesterday's > > review. Now, when I look at it, it indeed is not right. > > > >> > >> A few rules to keep in mind: > >> > >> * If it is not an error message, do not touch it (log > messages are not error > >> messages BTW). > >> > >> * If it is an error message for an exception that does not > inherit from > >> errors.PublicError, do not touch it (there might be a few > exceptions, though). > > > > Right. But for example, your netaddr str conversions should be > fine since the > > netaddr error is propagated up to the ValidationError. > > > > Martin > > > >> > >> * Use '%s' (%s with ticks) only for arguments whose value > can be only str or > >> unicode. > >> > >> Honza > >> > > > > This is better, thanks. > > In OverlapError.format, remove the ticks around %s, as we expect a > list > here (I think we could make it look prettier, similar to what > Martin did > in > <<a href="https://fedorahosted.org/freeipa/changeset/988ea368272822f2153563ad34554240e3377d60/" target="_blank">https://fedorahosted.org/freeipa/changeset/988ea368272822f2153563ad34554240e3377d60/</a>>, > but I'm not sure if we want to do it in this ticket/patch). > > I'm not sure what to do about the ValidationError at > ipalib/parameters.py:882 and ipalib/parameters.py:1171. I think it > should be "TypeError(TYPE_ERROR % (<a href="http://self.name" target="_blank">self.name</a> <<a href="http://self.name" target="_blank">http://self.name</a>>, > self.type, value, > type(value)))" instead, as by the time parameters are validated > they are > the right type. > > Also there is one %r you missed in ipalib/parameters.py:1554. > > Honza > > -- > Jan Cholasta > > > > ------------------------------ > > Message: 8 > Date: Fri, 09 Nov 2012 09:36:20 -0500 > From: Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>> > To: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Subject: Re: [Freeipa-devel] [PATCH] 330 Disable global forwarding > per-zone > Message-ID: <<a href="mailto:509D14E4.70209@redhat.com">509D14E4.70209@redhat.com</a> > <mailto:<a href="mailto:509D14E4.70209@redhat.com">509D14E4.70209@redhat.com</a>>> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Martin Kosek wrote: > > On 11/02/2012 11:08 AM, Martin Kosek wrote: > >> On 11/02/2012 10:51 AM, Jan Cholasta wrote: > >>> Hi, > >>> > >>> On 2.11.2012 09:12, Martin Kosek wrote: > >>>> On 11/01/2012 09:01 PM, Rob Crittenden wrote: > >>>>> Martin Kosek wrote: > >>>>>> bind-dyndb-ldap allows disabling global forwarder per-zone. > This may > >>>>>> be useful in a scenario when we do not want requests to > delegated > >>>>>> sub-zones (like <a href="http://sub.example.com" target="_blank">sub.example.com</a> <<a href="http://sub.example.com" target="_blank">http://sub.example.com</a>>. > in zone <a href="http://example.com" target="_blank">example.com</a> <<a href="http://example.com" target="_blank">http://example.com</a>>.) to be routed > >>>>>> through global forwarder. > >>>>>> > >>>>>> Few lines to help added to explain the feature to users too. > >>>>>> > >>>>>> <a href="https://fedorahosted.org/freeipa/ticket/3209" target="_blank">https://fedorahosted.org/freeipa/ticket/3209</a> > >>>>>> > >>>>> > >>>>> Fix two minor problems and you have an ACK. > >>>>> > >>>>> 1. It needs a minor rebase > >>>>> 2. The API needs to be updated > >>>>> > >>>>> rob > >>>>> > >>>> > >>>> Fixed both. After a short discussion with Petr Spacek I also > added a > >>>> possibility to set global dnsconfig to NONE. > >>>> > >>>> On a different note, I discovered that global forwarders in > >>>> bind-dyndb-ldap/bind are actually broken with referred > bind-dyndb-ldap/bind > >>>> version. Thus, we may want to bump bind-dyndb-ldap version in > spec when this is > >>>> resolved. (This should not affect diff in dns.py in any way). > >>>> > >>>> Martin > >>>> > >>> > >>> This might be a stupid question, but why is "NONE" in upper > case and the rest > >>> of the values in lower case? > >>> > >>> Honza > >>> > >> > >> This really doesn't matter function-wise, as bind-dydnb-ldap > does the > >> comparison in case insensitive way. My original intention was > to be consistent > >> with other NONE values we use across IPA and to distinguish the > value from > >> valid BIND values. > >> > >> But you are right that within dns plugin it makes more sense to > have it all > >> lowercase. > >> > >> Updated patch attached. > >> > >> Martin > >> > > > > bind-dyndb-ldap with fixed forwarding has been released. Sending > an updated > > patch for both master and ipa-3-0 branches with its version in > our spec file. > > > > Martin > > > > ACK x2 > > > > ------------------------------ > > Message: 9 > Date: Fri, 09 Nov 2012 15:40:06 +0100 > From: Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>> > To: Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>> > Cc: <a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a> <mailto:<a href="mailto:freeipa-devel@redhat.com">freeipa-devel@redhat.com</a>> > Subject: Re: [Freeipa-devel] [PATCH] 330 Disable global forwarding > per-zone > Message-ID: <<a href="mailto:509D15C6.7090806@redhat.com">509D15C6.7090806@redhat.com</a> > <mailto:<a href="mailto:509D15C6.7090806@redhat.com">509D15C6.7090806@redhat.com</a>>> > Content-Type: text/plain; charset=ISO-8859-1 > > On 11/09/2012 03:36 PM, Rob Crittenden wrote: > > Martin Kosek wrote: > >> On 11/02/2012 11:08 AM, Martin Kosek wrote: > >>> On 11/02/2012 10:51 AM, Jan Cholasta wrote: > >>>> Hi, > >>>> > >>>> On 2.11.2012 09:12, Martin Kosek wrote: > >>>>> On 11/01/2012 09:01 PM, Rob Crittenden wrote: > >>>>>> Martin Kosek wrote: > >>>>>>> bind-dyndb-ldap allows disabling global forwarder > per-zone. This may > >>>>>>> be useful in a scenario when we do not want requests to > delegated > >>>>>>> sub-zones (like <a href="http://sub.example.com" target="_blank">sub.example.com</a> <<a href="http://sub.example.com" target="_blank">http://sub.example.com</a>>. > in zone <a href="http://example.com" target="_blank">example.com</a> <<a href="http://example.com" target="_blank">http://example.com</a>>.) to be routed > >>>>>>> through global forwarder. > >>>>>>> > >>>>>>> Few lines to help added to explain the feature to users too. > >>>>>>> > >>>>>>> <a href="https://fedorahosted.org/freeipa/ticket/3209" target="_blank">https://fedorahosted.org/freeipa/ticket/3209</a> > >>>>>>> > >>>>>> > >>>>>> Fix two minor problems and you have an ACK. > >>>>>> > >>>>>> 1. It needs a minor rebase > >>>>>> 2. The API needs to be updated > >>>>>> > >>>>>> rob > >>>>>> > >>>>> > >>>>> Fixed both. After a short discussion with Petr Spacek I also > added a > >>>>> possibility to set global dnsconfig to NONE. > >>>>> > >>>>> On a different note, I discovered that global forwarders in > >>>>> bind-dyndb-ldap/bind are actually broken with referred > bind-dyndb-ldap/bind > >>>>> version. Thus, we may want to bump bind-dyndb-ldap version > in spec when > >>>>> this is > >>>>> resolved. (This should not affect diff in dns.py in any way). > >>>>> > >>>>> Martin > >>>>> > >>>> > >>>> This might be a stupid question, but why is "NONE" in upper > case and the rest > >>>> of the values in lower case? > >>>> > >>>> Honza > >>>> > >>> > >>> This really doesn't matter function-wise, as bind-dydnb-ldap > does the > >>> comparison in case insensitive way. My original intention was > to be consistent > >>> with other NONE values we use across IPA and to distinguish > the value from > >>> valid BIND values. > >>> > >>> But you are right that within dns plugin it makes more sense > to have it all > >>> lowercase. > >>> > >>> Updated patch attached. > >>> > >>> Martin > >>> > >> > >> bind-dyndb-ldap with fixed forwarding has been released. > Sending an updated > >> patch for both master and ipa-3-0 branches with its version in > our spec file. > >> > >> Martin > >> > > > > ACK x2 > > Pushed to master, ipa-3-0. > > Martin > > > > ------------------------------ > > _______________________________________________ > Freeipa-devel mailing list > <a href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a> <mailto:<a href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a> > > End of Freeipa-devel Digest, Vol 66, Issue 34 > ********************************************* > > > > > _______________________________________________ > Freeipa-devel mailing list > <a href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a> -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> -------------- next part -------------- An HTML attachment was scrubbed... URL: <<a href="https://www.redhat.com/archives/freeipa-devel/attachments/20121112/78f25fec/attachment.html" target="_blank">https://www.redhat.com/archives/freeipa-devel/attachments/20121112/78f25fec/attachment.html</a>> ------------------------------ _______________________________________________ Freeipa-devel mailing list <a href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a> End of Freeipa-devel Digest, Vol 66, Issue 41 ********************************************* </blockquote></div> </div>