[Freeipa-devel] [TEST][Patch 0020] Enabled recreation of test directory during ipa reinstallation

-- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 31d0abefc54f07e20dc7f5a7b09ca989b9575c5e Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Thu, 21 Jan 2016 12:54:25 +0100 Subject: [PATCH] Enabled recreation of test directory in apply_common_fixes function Without

Re: [Freeipa-devel] [PATCH] 0049 Remove workaround for CA running check

On 20.01.2016 10:52, Fraser Tweedale wrote: On Wed, Jan 20, 2016 at 09:30:29AM +0100, Martin Kosek wrote: On 01/20/2016 08:45 AM, Fraser Tweedale wrote: The attached patch removes a workaround introduced as part of https://fedorahosted.org/freeipa/ticket/4676. Alternatively, if we want to

Re: [Freeipa-devel] [PATCH 0022] topology plugin prevents deletes but does not prevent moddn

On 21.01.2016 11:35, thierry bordaz wrote: On 01/21/2016 11:26 AM, Ludwig Krispenz wrote: On 01/21/2016 11:21 AM, thierry bordaz wrote: On 01/21/2016 10:48 AM, Ludwig Krispenz wrote: On 01/21/2016 10:30 AM, thierry bordaz wrote: Hi, The fix look good. Just a question, the target entry

[Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master

this patch ensures that promoted replicas in CA-less topology have correct settings in their default.conf. I couldn't find any ticket for this issue, should I file one so that this patch can land in 4-3 branch? -- Martin^3 Babinsky From 7953583fffab4de72384d637079790b6fcb4dc16 Mon Sep 17

Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master

On 01/21/2016 01:53 PM, Martin Babinsky wrote: this patch ensures that promoted replicas in CA-less topology have correct settings in their default.conf. I couldn't find any ticket for this issue, should I file one so that this patch can land in 4-3 branch? yes -- Petr Vobornik -- Manage

Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master

On 01/21/2016 02:21 PM, Petr Vobornik wrote: On 01/21/2016 01:53 PM, Martin Babinsky wrote: this patch ensures that promoted replicas in CA-less topology have correct settings in their default.conf. I couldn't find any ticket for this issue, should I file one so that this patch can land in 4-3

Re: [Freeipa-devel] [PATCH] 0751 spec: Split out python-ipap11helper and, python-default_encoding_utf8

On 15.12.2015 16:01, Jan Cholasta wrote: On 15.12.2015 15:53, Petr Viktorin wrote: On 12/14/2015 08:18 AM, Jan Cholasta wrote: On 4.12.2015 14:29, Jan Cholasta wrote: Hi, On 3.12.2015 17:32, Petr Viktorin wrote: Hello, This specfile patch makes python-ipalib noarch, by splitting out the

Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master

On 01/21/2016 02:51 PM, Jan Cholasta wrote: On 21.1.2016 14:45, Martin Babinsky wrote: On 01/21/2016 02:21 PM, Petr Vobornik wrote: On 01/21/2016 01:53 PM, Martin Babinsky wrote: this patch ensures that promoted replicas in CA-less topology have correct settings in their default.conf. I

[Freeipa-devel] [TEST][Patch 0021] Fixed recent replica installation issues in the lab

-- Oleg Fayans Quality Engineer FreeIPA team RedHat. From d7ab06a4dcddb919fda351b983d478f1b6968578 Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Thu, 21 Jan 2016 13:30:02 +0100 Subject: [PATCH] Removed --ip-address option from replica installation Explicitly specifying

Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master

On 21.1.2016 14:45, Martin Babinsky wrote: On 01/21/2016 02:21 PM, Petr Vobornik wrote: On 01/21/2016 01:53 PM, Martin Babinsky wrote: this patch ensures that promoted replicas in CA-less topology have correct settings in their default.conf. I couldn't find any ticket for this issue, should I

Re: [Freeipa-devel] [PATCH 0406] Exclude o=ipaca from syncrepl

On 18.01.2016 17:55, Christian Heimes wrote: On 2016-01-18 17:28, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5538 Patch attached ACK Pushed to: master: 54a91c3ed33c7be54cadb188add802e781893ec9 ipa-4-3: 89c32f2bdaf53a1408ea67fe19c0033cff202dfc Can I revert workaround in

[Freeipa-devel] [PATCH 540] cert renewal: import all external CA certs on IPA CA cert renewal

Hi, the attached patch fixes . Honza -- Jan Cholasta From 0823cc7e740f993a63dd5a81fb1d6c59d557a542 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 21 Jan 2016 08:58:56 +0100 Subject: [PATCH] cert renewal: import all

Re: [Freeipa-devel] [PATCH 0022] topology plugin prevents deletes but does not prevent moddn

Hi, The fix look good. Just a question, the target entry is checked with ipa_topo_check_entry_type. Is it equivalent to call ipa_topo_is_entry_managed ? thanks thierry On 01/21/2016 09:11 AM, Ludwig Krispenz wrote: On 01/20/2016 05:45 PM, Martin Basti wrote: On 11.12.2015 13:56, Ludwig

Re: [Freeipa-devel] [PATCH 0022] topology plugin prevents deletes but does not prevent moddn

On 01/21/2016 11:21 AM, thierry bordaz wrote: On 01/21/2016 10:48 AM, Ludwig Krispenz wrote: On 01/21/2016 10:30 AM, thierry bordaz wrote: Hi, The fix look good. Just a question, the target entry is checked with ipa_topo_check_entry_type. Is it equivalent to call ipa_topo_is_entry_managed

Re: [Freeipa-devel] [PATCH 0022] topology plugin prevents deletes but does not prevent moddn

On 01/20/2016 05:45 PM, Martin Basti wrote: On 11.12.2015 13:56, Ludwig Krispenz wrote: Ticket: https://fedorahosted.org/freeipa/ticket/5536 Patch attached. Patch works, I cannot move entry out of container via moddn operation. I have question, is it expected to be able rename entry? I

Re: [Freeipa-devel] [PATCH 537] ipapython: port p11helper C code to Python

On 20.01.2016 15:36, Jan Cholasta wrote: On 20.1.2016 13:51, Martin Basti wrote: On 19.01.2016 11:43, Jan Cholasta wrote: On 12.1.2016 16:06, Martin Basti wrote: On 12.01.2016 14:44, Jan Cholasta wrote: On 12.1.2016 13:32, Martin Basti wrote: On 12.01.2016 12:24, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH 0022] topology plugin prevents deletes but does not prevent moddn

On 01/21/2016 11:26 AM, Ludwig Krispenz wrote: On 01/21/2016 11:21 AM, thierry bordaz wrote: On 01/21/2016 10:48 AM, Ludwig Krispenz wrote: On 01/21/2016 10:30 AM, thierry bordaz wrote: Hi, The fix look good. Just a question, the target entry is checked with ipa_topo_check_entry_type. Is

Re: [Freeipa-devel] [PATCH 0022] topology plugin prevents deletes but does not prevent moddn

On 01/21/2016 10:30 AM, thierry bordaz wrote: Hi, The fix look good. Just a question, the target entry is checked with ipa_topo_check_entry_type. Is it equivalent to call ipa_topo_is_entry_managed ? no, ipa_topo_check_entry_type() just determines if it is a segment, a host, to decide how to

Re: [Freeipa-devel] [PATCH 0022] topology plugin prevents deletes but does not prevent moddn

On 01/21/2016 10:48 AM, Ludwig Krispenz wrote: On 01/21/2016 10:30 AM, thierry bordaz wrote: Hi, The fix look good. Just a question, the target entry is checked with ipa_topo_check_entry_type. Is it equivalent to call ipa_topo_is_entry_managed ? no, ipa_topo_check_entry_type() just

Re: [Freeipa-devel] [PATCH 0406] Exclude o=ipaca from syncrepl

On 2016-01-21 11:29, Martin Basti wrote: > > > On 18.01.2016 17:55, Christian Heimes wrote: >> On 2016-01-18 17:28, Martin Basti wrote: >>> https://fedorahosted.org/freeipa/ticket/5538 >>> >>> Patch attached >> ACK >> >> > Pushed to: > master: 54a91c3ed33c7be54cadb188add802e781893ec9 > ipa-4-3:

[Freeipa-devel] [PATCH 0030] Modernize mod_nss's cipher suites

The list of supported TLS cipher suites in /etc/httpd/conf.d/nss.conf has been modernized. Insecure or less secure algorithms such as RC4, DES and 3DES are removed. Perfect forward secrecy suites with ephemeral ECDH key exchange have been added. IE 8 on Windows XP is no longer supported. The list

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 01/21/2016 03:46 PM, Martin Kosek wrote: On 01/21/2016 01:37 PM, thierry bordaz wrote: Thanks! Couple comments: I miss ticket number of description. Thanks Martin for looking at it. Ouch... the ticket number is https://fedorahosted.org/freeipa/ticket/4026 Does this patch mean that all

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 01/21/2016 04:22 PM, thierry bordaz wrote: > On 01/21/2016 03:46 PM, Martin Kosek wrote: >> On 01/21/2016 01:37 PM, thierry bordaz wrote: >> Thanks! Couple comments: >> >> I miss ticket number of description. > > Thanks Martin for looking at it. > > Ouch... the ticket number is

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 01/21/2016 01:37 PM, thierry bordaz wrote: > Thanks! Couple comments: I miss ticket number of description. Does this patch mean that all blocker on DS side preventing remote DNA were fixed? If yes, it may be worth updating Requires in the spec file in that case and making sure the backport

Re: [Freeipa-devel] [TEST][Patch 0021] Fixed recent replica installation issues in the lab

Hello, On 21.1.2016 13:42, Oleg Fayans wrote: > freeipa-ofayans-0021-Removed-ip-address-option-from-replica-installation.patch > > > From d7ab06a4dcddb919fda351b983d478f1b6968578 Mon Sep 17 00:00:00 2001 > From: Oleg Fayans > Date: Thu, 21 Jan 2016 13:30:02 +0100 > Subject:

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 01/21/2016 04:23 PM, Martin Kosek wrote: On 01/21/2016 04:22 PM, thierry bordaz wrote: On 01/21/2016 03:46 PM, Martin Kosek wrote: On 01/21/2016 01:37 PM, thierry bordaz wrote: Thanks! Couple comments: I miss ticket number of description. Thanks Martin for looking at it. Ouch... the

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 01/21/2016 05:38 PM, Martin Babinsky wrote: On 01/21/2016 05:22 PM, Rob Crittenden wrote: Martin Babinsky wrote: On 01/21/2016 01:37 PM, thierry bordaz wrote: 6.) +while attempt != MAX_WAIT: +try: +entries = conn.get_entries(sharedcfgdn,

Re: [Freeipa-devel] [PATCH 0121] consider IPA master removed from topology when request for host TGT fails

On 20.01.2016 15:45, Simo Sorce wrote: On Wed, 2016-01-20 at 09:42 +0100, Martin Babinsky wrote: On 01/15/2016 06:29 PM, Martin Babinsky wrote: On 01/15/2016 04:57 PM, Simo Sorce wrote: On Fri, 2016-01-15 at 13:35 +0100, Martin Babinsky wrote: On 01/14/2016 10:31 PM, Simo Sorce wrote: On

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 01/21/2016 05:22 PM, Rob Crittenden wrote: Martin Babinsky wrote: On 01/21/2016 01:37 PM, thierry bordaz wrote: 6.) +while attempt != MAX_WAIT: +try: +entries = conn.get_entries(sharedcfgdn, scope=ldap.SCOPE_ONELEVEL, filter='dnaHostname=%s' %

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

Martin Babinsky wrote: > On 01/21/2016 01:37 PM, thierry bordaz wrote: > 6.) > > +while attempt != MAX_WAIT: > +try: > +entries = conn.get_entries(sharedcfgdn, > scope=ldap.SCOPE_ONELEVEL, filter='dnaHostname=%s' % self.fqdn) > +break > +

[Freeipa-devel] [PATCH] 948 stop installer when setup-ds.pl fail

DS instance install should fail immediately after setup-ds.pl fail. tickets: #2539, #3720, #5607 https://fedorahosted.org/freeipa/ticket/2539 -- Petr Vobornik From 3de95dda405e4679fe55255d6ddb234b011c85e7 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Thu, 21 Jan 2016

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 01/21/2016 01:37 PM, thierry bordaz wrote: Hi Thierry, I have couple of comments to your patch: 1.) there is a number of PEP8 errors in the patch (http://paste.fedoraproject.org/313246/33893701), please fix them. See http://www.freeipa.org/page/Python_Coding_Style for our conventions

Re: [Freeipa-devel] [PATCH 0129] correctly set LDAP bind related attributes when setting up replication

On 19.01.2016 18:04, Martin Babinsky wrote: Fixes https://fedorahosted.org/freeipa/ticket/5412 ACK Pushed to: master: f2b22ec0172243ae2c388dad012112ff0fd843c6 ipa-4-3: 7c8683d26294a6fd33ff3a4e21a67e39576f34ef -- Manage your subscription for the Freeipa-devel mailing list: