Re: [Freeipa-devel] LDAP attributes with incompatible names?

Jeffery Harrell wrote: Hi. I’m trying to find a way to expose via the Python plugin API some non-default LDAP attributes that have hyphens in their names — e.g, "apple-user-homeurl”. Obviously I can’t create a Param with that name. Is there a customary way to handle this kind of situation, or do

Re: [Freeipa-devel] [DESIGN] Lightweight CA renewal

On 05/09/2016 09:35 AM, Jan Cholasta wrote: > Hi, > > On 6.5.2016 08:01, Fraser Tweedale wrote: >> Hullo all, >> >> FreeIPA Lightweight CAs implementation is progressing well. The >> remaining big unknown in the design is how to do renewal. I have >> put my ideas into the design page[1] and

Re: [Freeipa-devel] [PATCH 0393-0398] Unload automatic empty zones only if conflicting forward zone has policy 'only'Add ability to log warningsUnload automatic empty zones which are super/sub/equal d

On 6.5.2016 16:41, Tomas Hozza wrote: > On 04/06/2016 01:42 PM, Petr Spacek wrote: >> Hello, >> >> attached patch set implements >> https://fedorahosted.org/bind-dyndb-ldap/ticket/160 >> described in >> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/AutomaticEmptyZones >> >> It will be

Re: [Freeipa-devel] [PATCH 0391-0392] Add missing return value checks to pthread operations & replace strcmp(var, "") with strlen(var) to workaround Clang bug 20144

On 5.5.2016 16:44, Tomas Hozza wrote: > On 03/01/2016 02:36 PM, Petr Spacek wrote: >> Hello, >> >> Add missing return value checks to pthread operations. >> Detected by clang 3.8 -O2 -Wunused-value. >> >> Replace strcmp(var, "") with strlen(var) to workaround Clang bug 20144. >>

Re: [Freeipa-devel] [PATCH 0399-0402] Do not log warning about empty zones which are already disabled or unloaded & prepare 9.0 release

On 9.5.2016 16:25, Petr Spacek wrote: > Hello, > > following patch should cover most misleading warnings produced by new code > handling empty zones. > > If it is okay I will release version 9.0 with it. > > Please review it ASAP. Thank you very much! ... and here are patches :-) -- Petr^2

Re: [Freeipa-devel] Generate report of user access levels on each system

Thanks Jakub. My goal for the scripts I wrote would be to potentially address both: https://fedorahosted.org/freeipa/ticket/3775 https://fedorahosted.org/sssd/ticket/2840 The scripts could be run centrally from an IdM server and produce a report for all registered systems in under a few

[Freeipa-devel] [PATCH 0399-0402] Do not log warning about empty zones which are already disabled or unloaded & prepare 9.0 release

Hello, following patch should cover most misleading warnings produced by new code handling empty zones. If it is okay I will release version 9.0 with it. Please review it ASAP. Thank you very much! -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [WIP] Thin client

On 6.5.2016 14:32, Martin Basti wrote: On 28.04.2016 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review.

Re: [Freeipa-devel] [PATCH] 0002 New User Role Tests

On 09.05.2016 13:04, Martin Basti wrote: On 09.05.2016 12:19, Peter Lacko wrote: +# pylint: disable=unicode-builtin I'm not doing complete review, just the line above hit my eyes. unicode() is not in Py3 because all strings there are unicode, thus you cannot use it directly, you need

Re: [Freeipa-devel] [PATCH] 0002 New User Role Tests

On 09.05.2016 12:19, Peter Lacko wrote: +# pylint: disable=unicode-builtin I'm not doing complete review, just the line above hit my eyes. unicode() is not in Py3 because all strings there are unicode, thus you cannot use it directly, you need something like if six.PY2: str = unicode

[Freeipa-devel] [PATCH] 0002 New User Role Tests

Hi! New User Role Tests, extending coverage of previous declarative tests are ready for review. Peter Lacko pla...@redhat.com From fcbf0b389041e7051c70b15d6799a446c1f42456 Mon Sep 17 00:00:00 2001 From: placko Date: Fri, 8 Apr 2016 17:01:15 +0200 Subject: [PATCH] New User

Re: [Freeipa-devel] Provisioning throughput

On 05/05/2016 03:44 PM, Petr Vobornik wrote: On 05/04/2016 02:20 PM, thierry bordaz wrote: Hello, I have been doing some tests/measures using https://github.com/freeipa/freeipa-tools/blob/master/create-test-data.py. The tool creates a set of typical users/hosts/groups... to

Re: [Freeipa-devel] [PATCH 0014] Removed custom implementation of CalledProcessError

On 7.5.2016 08:44, Abhijeet Kasurde wrote: > Hi All, > > Please review this patch. ACK, I've verified that CalledProcessError signature in Python 2.7 and in the duplicate code is the same. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0013] Updated ipa-server-install man page for domain-level attribute

On 6.5.2016 07:33, Abhijeet Kasurde wrote: > Please review this patch. Good catch! In general, I believe that man page should explain what domain level means (probably with an example of levels 0 and 1) so the user can actually use the man page to find out what value is needed for his purposes.

Re: [Freeipa-devel] [DESIGN] Lightweight CA renewal

Hi, On 6.5.2016 08:01, Fraser Tweedale wrote: Hullo all, FreeIPA Lightweight CAs implementation is progressing well. The remaining big unknown in the design is how to do renewal. I have put my ideas into the design page[1] and would appreciate any and all feedback! [1]

Re: [Freeipa-devel] Generate report of user access levels on each system

On Sun, May 08, 2016 at 12:14:57PM -0400, Jerel Gilmer wrote: > Hello all - > > I've been using IdM and was tasked by my management with generating two > system reports: > > - List of what users have access to what services on each system > - List of sudo rules for each system The list of

[Freeipa-devel] [TBD] Automated tests, regressions and workarounds

Hi guys, As a result of a situation formed around dnssec tests and one of the long-term bugs in dnssec feature [1], I'd like to share some general considerations with the whole team. First I'll state a couple of obvious things just to eliminate all possible fundamental disagreements. 1. The

[Freeipa-devel] [DESIGN REVIEW] V4/Support of UPN for trusted domains

Hi, design look good, no remarks. Lenka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [DESIGN REVIEW] V4/Thin client

Hi, looks fine, but it would be nice to update the document so that it would reflect changes mentioned on previous email thread. Lenka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] V4/Sub-CAs review

Hi, 1) """ The "upstream" root certificate and intermediate CA certificates would be stored in LDAP for distribution to clients, with the root CA having an ipaKeyTrust value of trusted and intermediate CAs having a

Re: [Freeipa-devel] [DESIGN] Kerberos principal alias handling

On Fri, 06 May 2016, Martin Babinsky wrote: On 05/05/2016 02:58 PM, Milan Kubík wrote: On 04/08/2016 05:10 PM, Martin Babinsky wrote: Hi list, I have put together a draft [1] outlining the effort to reimplement the handling of Kerberos principals in both backend and frontend layers of FreeIPA