Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
On 10/01/2015 02:48 PM, Martin Basti wrote: On 10/01/2015 02:43 PM, Oleg Fayans wrote: Hi Martin, On 10/01/2015 11:18 AM, Martin Basti wrote: On 09/30/2015 01:24 PM, Martin Basti wrote: On 09/30/2015 12:19 PM, Oleg Fayans wrote: On 09/30/2015 11:46 AM, Petr Spacek wrote: On 29.9.2015 09:12, Oleg Fayans wrote: +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) There is probably no point in specifying --name-from-ip because you did that already by calling get_reverse_zone_default(ip). Agree. Fixed Anyway, I'm not sure that this + prepare_reverse_zone(master, replica.ip) will not break if the reverse zone already exists (think about case where two or more replicas are in the same subnet). That's why I am using the raiseonerr=False here. I did not test the code, I simply do not have time for it right now. LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch ACK, please send rebased version for ipa-4-2 Here it is Pushed to ipa-4-2: c898c968d3979a0d8c2fe0db8e125dfc2268eba0 Pushed to master: 03d696f224642c1c4c4f1a434fecefd1c6270e37 In rebased patch for ipa-4-2 you removed import for function and I didn't noticed that. This breaks builds of ipa-4-2. Patch that fix this attached. From 7c54dd6cd11dca3056bd0decc7bd6f70ce315f49 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Fri, 2 Oct 2015 16:07:02 +0200 Subject: [PATCH] Fix import get_reverse_zone_default in tasks https://fedorahosted.org/freeipa/ticket/5306 --- ipatests/test_integration/tasks.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index 5fc9329d62622eb6157c1e780687b3a2c5ecc4fd..c9ecf2645183d5f368694d3446ddf2853de22a2a 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -37,6 +37,7 @@ from ipapython.ipa_log_manager import log_mgr from ipatests.test_integration import util from ipatests.test_integration.env_config import env_to_script from ipatests.test_integration.host import Host +from ipalib.util import get_reverse_zone_default log = log_mgr.get_logger(__name__) -- 2.4.3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
On 10/02/2015 04:11 PM, Martin Basti wrote: On 10/01/2015 02:48 PM, Martin Basti wrote: On 10/01/2015 02:43 PM, Oleg Fayans wrote: Hi Martin, On 10/01/2015 11:18 AM, Martin Basti wrote: On 09/30/2015 01:24 PM, Martin Basti wrote: On 09/30/2015 12:19 PM, Oleg Fayans wrote: On 09/30/2015 11:46 AM, Petr Spacek wrote: On 29.9.2015 09:12, Oleg Fayans wrote: +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) There is probably no point in specifying --name-from-ip because you did that already by calling get_reverse_zone_default(ip). Agree. Fixed Anyway, I'm not sure that this + prepare_reverse_zone(master, replica.ip) will not break if the reverse zone already exists (think about case where two or more replicas are in the same subnet). That's why I am using the raiseonerr=False here. I did not test the code, I simply do not have time for it right now. LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch ACK, please send rebased version for ipa-4-2 Here it is Pushed to ipa-4-2: c898c968d3979a0d8c2fe0db8e125dfc2268eba0 Pushed to master: 03d696f224642c1c4c4f1a434fecefd1c6270e37 In rebased patch for ipa-4-2 you removed import for function and I didn't noticed that. This breaks builds of ipa-4-2. Patch that fix this attached. ACK -- Milan Kubik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
On 10/02/2015 04:14 PM, Milan Kubík wrote: On 10/02/2015 04:11 PM, Martin Basti wrote: On 10/01/2015 02:48 PM, Martin Basti wrote: On 10/01/2015 02:43 PM, Oleg Fayans wrote: Hi Martin, On 10/01/2015 11:18 AM, Martin Basti wrote: On 09/30/2015 01:24 PM, Martin Basti wrote: On 09/30/2015 12:19 PM, Oleg Fayans wrote: On 09/30/2015 11:46 AM, Petr Spacek wrote: On 29.9.2015 09:12, Oleg Fayans wrote: +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) There is probably no point in specifying --name-from-ip because you did that already by calling get_reverse_zone_default(ip). Agree. Fixed Anyway, I'm not sure that this + prepare_reverse_zone(master, replica.ip) will not break if the reverse zone already exists (think about case where two or more replicas are in the same subnet). That's why I am using the raiseonerr=False here. I did not test the code, I simply do not have time for it right now. LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch ACK, please send rebased version for ipa-4-2 Here it is Pushed to ipa-4-2: c898c968d3979a0d8c2fe0db8e125dfc2268eba0 Pushed to master: 03d696f224642c1c4c4f1a434fecefd1c6270e37 In rebased patch for ipa-4-2 you removed import for function and I didn't noticed that. This breaks builds of ipa-4-2. Patch that fix this attached. ACK -- Milan Kubik Pushed to ipa-4-2: e7a33b71256dbda37308c4fd0ac5394472c753f7 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
On 10/01/2015 02:43 PM, Oleg Fayans wrote: Hi Martin, On 10/01/2015 11:18 AM, Martin Basti wrote: On 09/30/2015 01:24 PM, Martin Basti wrote: On 09/30/2015 12:19 PM, Oleg Fayans wrote: On 09/30/2015 11:46 AM, Petr Spacek wrote: On 29.9.2015 09:12, Oleg Fayans wrote: +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) There is probably no point in specifying --name-from-ip because you did that already by calling get_reverse_zone_default(ip). Agree. Fixed Anyway, I'm not sure that this +prepare_reverse_zone(master, replica.ip) will not break if the reverse zone already exists (think about case where two or more replicas are in the same subnet). That's why I am using the raiseonerr=False here. I did not test the code, I simply do not have time for it right now. LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch ACK, please send rebased version for ipa-4-2 Here it is Pushed to ipa-4-2: c898c968d3979a0d8c2fe0db8e125dfc2268eba0 Pushed to master: 03d696f224642c1c4c4f1a434fecefd1c6270e37 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
Hi Martin, On 10/01/2015 11:18 AM, Martin Basti wrote: On 09/30/2015 01:24 PM, Martin Basti wrote: On 09/30/2015 12:19 PM, Oleg Fayans wrote: On 09/30/2015 11:46 AM, Petr Spacek wrote: On 29.9.2015 09:12, Oleg Fayans wrote: +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) There is probably no point in specifying --name-from-ip because you did that already by calling get_reverse_zone_default(ip). Agree. Fixed Anyway, I'm not sure that this +prepare_reverse_zone(master, replica.ip) will not break if the reverse zone already exists (think about case where two or more replicas are in the same subnet). That's why I am using the raiseonerr=False here. I did not test the code, I simply do not have time for it right now. LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch ACK, please send rebased version for ipa-4-2 Here it is -- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 112c6dca2cc462bb78c568bed12b2a4a51d34ee9 Mon Sep 17 00:00:00 2001 From: Oleg FayansDate: Thu, 1 Oct 2015 14:08:08 +0200 Subject: [PATCH] Added a proper workaround for dnssec test failures in Beaker environment In beaker lab the situation when master and replica have ip addresses from different subnets is quite frequent. When a replica has ip from different subnet than master's, ipa-replica-prepare looks up a proper reverse zone to add a pointer record, and if it does not find it, it asks a user for permission to create it automatically. It breaks the tests adding the unexpected input. The workaround is to always create a reverse zone for a new replica. Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306 --- ipatests/test_integration/tasks.py | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index f579f286826f749a8c5f8433f2a8bf7348664ba9..0fcc860a20865063ffb76b0553eb2c2831321bd1 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -41,6 +41,11 @@ from ipatests.test_integration.host import Host log = log_mgr.get_logger(__name__) +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone], raiseonerr=False) def prepare_host(host): if isinstance(host, Host): env_filename = os.path.join(host.config.test_dir, 'env.sh') @@ -221,17 +226,17 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False): apply_common_fixes(replica) fix_apache_semaphores(replica) - +prepare_reverse_zone(master, replica.ip) master.run_command(['ipa-replica-prepare', '-p', replica.config.dirman_password, -'--ip-address', replica.ip, '--no-reverse', +'--ip-address', replica.ip, replica.hostname]) replica_bundle = master.get_file_contents( paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname) replica_filename = os.path.join(replica.config.test_dir, 'replica-info.gpg') replica.put_file_contents(replica_filename, replica_bundle) -args = ['ipa-replica-install', '-U', '--no-host-dns', +args = ['ipa-replica-install', '-U', '-p', replica.config.dirman_password, '-w', replica.config.admin_password, '--ip-address', replica.ip, -- 2.4.3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
On 09/30/2015 01:24 PM, Martin Basti wrote: On 09/30/2015 12:19 PM, Oleg Fayans wrote: On 09/30/2015 11:46 AM, Petr Spacek wrote: On 29.9.2015 09:12, Oleg Fayans wrote: +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) There is probably no point in specifying --name-from-ip because you did that already by calling get_reverse_zone_default(ip). Agree. Fixed Anyway, I'm not sure that this +prepare_reverse_zone(master, replica.ip) will not break if the reverse zone already exists (think about case where two or more replicas are in the same subnet). That's why I am using the raiseonerr=False here. I did not test the code, I simply do not have time for it right now. LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch ACK, please send rebased version for ipa-4-2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
Guys, could you please review this patch again? I'd like to have this fix in the new ipa-tests package for downstream team On 09/29/2015 09:12 AM, Oleg Fayans wrote: Hi all, On 09/23/2015 09:13 AM, Petr Spacek wrote: On 22.9.2015 10:42, Oleg Fayans wrote: +++ b/ipatests/test_integration/tasks.py @@ -58,6 +58,14 @@ def check_arguments_are(slice, instanceof): return wrapped return wrapper +def prepare_reverse_zone(host, ip): +nums = ip.split('.')[:-1] +zone = ".".join(reversed(nums)) + ".in-addr.arpa." +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) + NACK: - this will break IPv6-only hosts - you should use DNSName class or other functions from python-dns for DNS name manipulation I hope this helps. Thanks, it did :) Used a ipalib.util get_reverse_zone_default function that does just that: creates a reverse zone name. -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
On 09/30/2015 12:19 PM, Oleg Fayans wrote: On 09/30/2015 11:46 AM, Petr Spacek wrote: On 29.9.2015 09:12, Oleg Fayans wrote: +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) There is probably no point in specifying --name-from-ip because you did that already by calling get_reverse_zone_default(ip). Agree. Fixed Anyway, I'm not sure that this +prepare_reverse_zone(master, replica.ip) will not break if the reverse zone already exists (think about case where two or more replicas are in the same subnet). That's why I am using the raiseonerr=False here. I did not test the code, I simply do not have time for it right now. LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
On 29.9.2015 09:12, Oleg Fayans wrote: > +def prepare_reverse_zone(host, ip): > +zone = get_reverse_zone_default(ip) > +host.run_command(["ipa", > + "dnszone-add", > + zone, > + "--name-from-ip=%s" % ip], raiseonerr=False) There is probably no point in specifying --name-from-ip because you did that already by calling get_reverse_zone_default(ip). Anyway, I'm not sure that this > +prepare_reverse_zone(master, replica.ip) will not break if the reverse zone already exists (think about case where two or more replicas are in the same subnet). I did not test the code, I simply do not have time for it right now. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
On 09/30/2015 11:46 AM, Petr Spacek wrote: On 29.9.2015 09:12, Oleg Fayans wrote: +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) There is probably no point in specifying --name-from-ip because you did that already by calling get_reverse_zone_default(ip). Agree. Fixed Anyway, I'm not sure that this +prepare_reverse_zone(master, replica.ip) will not break if the reverse zone already exists (think about case where two or more replicas are in the same subnet). That's why I am using the raiseonerr=False here. I did not test the code, I simply do not have time for it right now. -- Oleg Fayans Quality Engineer FreeIPA team RedHat. From c4e662394ad9b2dd6ce6a6c5aae570724d1028b0 Mon Sep 17 00:00:00 2001 From: Oleg FayansDate: Wed, 30 Sep 2015 12:17:53 +0200 Subject: [PATCH] Added a proper workaround for dnssec test failures in Beaker environment In beaker lab the situation when master and replica have ip addresses from different subnets is quite frequent. When a replica has ip from different subnet than master's, ipa-replica-prepare looks up a proper reverse zone to add a pointer record, and if it does not find it, it asks a user for permission to create it automatically. It breaks the tests adding the unexpected input. The workaround is to always create a reverse zone for a new replica. Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306 --- ipatests/test_integration/tasks.py | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index 06049d4ae01332e0af4d8775b745342406fc868d..63e1018388efbee282f657052f93bb255287d899 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -37,6 +37,7 @@ from ipapython.ipa_log_manager import log_mgr from ipatests.test_integration import util from ipatests.test_integration.env_config import env_to_script from ipatests.test_integration.host import Host +from ipalib.util import get_reverse_zone_default log = log_mgr.get_logger(__name__) @@ -58,6 +59,11 @@ def check_arguments_are(slice, instanceof): return wrapped return wrapper +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone], raiseonerr=False) def prepare_host(host): if isinstance(host, Host): @@ -240,17 +246,17 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False): apply_common_fixes(replica) fix_apache_semaphores(replica) - +prepare_reverse_zone(master, replica.ip) master.run_command(['ipa-replica-prepare', '-p', replica.config.dirman_password, -'--ip-address', replica.ip, '--no-reverse', +'--ip-address', replica.ip, replica.hostname]) replica_bundle = master.get_file_contents( paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname) replica_filename = os.path.join(replica.config.test_dir, 'replica-info.gpg') replica.put_file_contents(replica_filename, replica_bundle) -args = ['ipa-replica-install', '-U', '--no-host-dns', +args = ['ipa-replica-install', '-U', '-p', replica.config.dirman_password, '-w', replica.config.admin_password, '--ip-address', replica.ip, -- 2.4.3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
Hi all, On 09/23/2015 09:13 AM, Petr Spacek wrote: On 22.9.2015 10:42, Oleg Fayans wrote: +++ b/ipatests/test_integration/tasks.py @@ -58,6 +58,14 @@ def check_arguments_are(slice, instanceof): return wrapped return wrapper +def prepare_reverse_zone(host, ip): +nums = ip.split('.')[:-1] +zone = ".".join(reversed(nums)) + ".in-addr.arpa." +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) + NACK: - this will break IPv6-only hosts - you should use DNSName class or other functions from python-dns for DNS name manipulation I hope this helps. Thanks, it did :) Used a ipalib.util get_reverse_zone_default function that does just that: creates a reverse zone name. -- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 931638cf3babd9e1650bbfe24ce01a0e11fead25 Mon Sep 17 00:00:00 2001 From: Oleg FayansDate: Wed, 23 Sep 2015 16:18:50 +0200 Subject: [PATCH] Added a proper workaround for dnssec test failures in Beaker environment In beaker lab the situation when master and replica have ip addresses from different subnets is quite frequent. When a replica has ip from different subnet than master's, ipa-replica-prepare looks up a proper reverse zone to add a pointer record, and if it does not find it, it asks a user for permission to create it automatically. It breaks the tests adding the unexpected input. The workaround is to always create a reverse zone for a new replica. Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306 --- ipatests/test_integration/tasks.py | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index 06049d4ae01332e0af4d8775b745342406fc868d..07a5d592d2f3980cfc521ec0b4f38dba71be87ec 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -37,6 +37,7 @@ from ipapython.ipa_log_manager import log_mgr from ipatests.test_integration import util from ipatests.test_integration.env_config import env_to_script from ipatests.test_integration.host import Host +from ipalib.util import get_reverse_zone_default log = log_mgr.get_logger(__name__) @@ -58,6 +59,13 @@ def check_arguments_are(slice, instanceof): return wrapped return wrapper +def prepare_reverse_zone(host, ip): +zone = get_reverse_zone_default(ip) +host.run_command(["ipa", + "dnszone-add", + zone, + "--name-from-ip=%s" % ip], raiseonerr=False) + def prepare_host(host): if isinstance(host, Host): @@ -240,17 +248,17 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False): apply_common_fixes(replica) fix_apache_semaphores(replica) - +prepare_reverse_zone(master, replica.ip) master.run_command(['ipa-replica-prepare', '-p', replica.config.dirman_password, -'--ip-address', replica.ip, '--no-reverse', +'--ip-address', replica.ip, replica.hostname]) replica_bundle = master.get_file_contents( paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname) replica_filename = os.path.join(replica.config.test_dir, 'replica-info.gpg') replica.put_file_contents(replica_filename, replica_bundle) -args = ['ipa-replica-install', '-U', '--no-host-dns', +args = ['ipa-replica-install', '-U', '-p', replica.config.dirman_password, '-w', replica.config.admin_password, '--ip-address', replica.ip, -- 2.4.3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306
On 22.9.2015 10:42, Oleg Fayans wrote: > +++ b/ipatests/test_integration/tasks.py > @@ -58,6 +58,14 @@ def check_arguments_are(slice, instanceof): > return wrapped > return wrapper > > +def prepare_reverse_zone(host, ip): > +nums = ip.split('.')[:-1] > +zone = ".".join(reversed(nums)) + ".in-addr.arpa." > +host.run_command(["ipa", > + "dnszone-add", > + zone, > + "--name-from-ip=%s" % ip], raiseonerr=False) > + NACK: - this will break IPv6-only hosts - you should use DNSName class or other functions from python-dns for DNS name manipulation I hope this helps. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code