On 12/03/15 17:15, Martin Babinsky wrote:
On 03/12/2015 03:59 PM, Martin Babinsky wrote:
On 03/11/2015 03:13 PM, Martin Basti wrote:
On 11/03/15 13:00, Martin Babinsky wrote:
These patches solve https://fedorahosted.org/freeipa/ticket/4933.
They are to be applied to master branch. I will rebase them for
ipa-4-1 after the review.
Thank you for the patches.
I have a few comments:
Replace simple bind with LDAPI is too big change for 4-1, we should
start TLS if possible to avoid MINSSF>0 error. The LDAPI patches should
go only into IPA master branch.
You can do something like this:
@@ -107,6 +107,10 @@ class Service(object):
if not self.realm:
raise errors.NotFound(reason="realm is missing
%s" % (self))
conn = ipaldap.IPAdmin(ldapi=self.ldapi,
+ elif self.dm_password is not None:
+ conn = ipaldap.IPAdmin(self.fqdn, port=389,
conn = ipaldap.IPAdmin(self.fqdn, port=389)
please add there more chatty commit message about using LDAPI
I do not like much idea of adding 'realm' kwarg into __init__ method of
IIUC, it is because get_masters() method, which requires realm to use
You can just add ods.realm=<realm>, before call get_master() in
dnssec_masters = ods.get_masters()
(Honza will change it anyway during refactoring)
commit message deserves to be more chatty, can you explain there why
removed kerberos cache?
Attaching updated patches.
Patch 0018 should go to both 4.1 and master branches.
Patch 0019 should go only to master.
One more update.
Patch 0018 is for both 4.1 and master.
Patch 0019 is for master only.
Thank for patches
Works for me but needs rebase on master
Please rename the patch/commit message, the patch changes only
ipa-dns-install connections not all DS operations
I have some troubles with applying patch, it needs rebase due 0018
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code