Re: [Freeipa-devel] [PATCH] 0052..0054 Configure lightweight CA key replication

On 9.6.2016 06:07, Fraser Tweedale wrote: Updated patches 0053-6 and 0054-6 attached. Comments inline. Thanks, Fraser On Wed, Jun 08, 2016 at 10:31:07AM +0200, Jan Cholasta wrote: Patch 0052: The target of the "Dogtag service principals can search Custodia keys" ACI matches keys in the

Re: [Freeipa-devel] [PATCH] man: Decribe ipa-client-install workaround for broken D-Bus enviroment.

On 02/03/16 11:18, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5694 Sending updated version crafted with Flo's help, thanks. -- David Kupka From a7d878e3922720b03b36a2a3b697f8c6c66cc383 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Wed, 2 Mar 2016

Re: [Freeipa-devel] [PATCH] 0052..0054 Configure lightweight CA key replication

Updated patches 0053-6 and 0054-6 attached. Comments inline. Thanks, Fraser On Wed, Jun 08, 2016 at 10:31:07AM +0200, Jan Cholasta wrote: > Patch 0052: > > The target of the "Dogtag service principals can search Custodia keys" ACI > matches keys in the top-level Custodia container, but not in

Re: [Freeipa-devel] [PATCH] 0042: Fix bad searching of reverse DNS zone

On 06/07/2016 10:30 AM, Pavel Vomacka wrote: > > > On 06/07/2016 09:08 AM, Petr Spacek wrote: >> Hi, >> >> the commit message does not say what was wrong and why and what works >> now. >> Please improve the commit message before pushing this. > Commit message improved. >> >> Petr^2 Spacek >> >>

Re: [Freeipa-devel] git commit message

On (08/06/16 14:09), Petr Vobornik wrote: >On 06/08/2016 10:07 AM, Petr Spacek wrote: >> On 7.6.2016 15:11, Stanislav Laznicka wrote: >>> Hello, >>> >>> Thank you for your patch. As the thin-client patches were pushed in the >>> meantime, the patch won't apply. Could you please send a rebased

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On Wed, Jun 08, 2016 at 01:00:36PM +0200, Jan Cholasta wrote: > On 8.6.2016 05:15, Fraser Tweedale wrote: > > On Tue, Jun 07, 2016 at 03:42:22PM +1000, Fraser Tweedale wrote: > > > On Wed, Jun 01, 2016 at 02:51:04PM +1000, Fraser Tweedale wrote: > > > > Hi team, > > > > > > > > This patchset

Re: [Freeipa-devel] [PATCH] 0039-40: DNS Location: WebUI

On 06/07/2016 10:07 AM, Pavel Vomacka wrote: > > > On 06/06/2016 07:51 PM, Martin Basti wrote: >> >> >> >> On 05.06.2016 18:34, Pavel Vomacka wrote: >>> Hello, >>> >>> please review attached patches which add WebUI part of DNS Locations >>> feature. >>> >>> -- >>> Pavel^3 Vomacka >>> >>> >> >>

Re: [Freeipa-devel] [PATCH] 0036-38 webui: Server roles

On 06/05/2016 07:22 PM, Pavel Vomacka wrote: > > > On 06/03/2016 03:10 PM, Petr Vobornik wrote: >> On 06/02/2016 01:40 PM, Pavel Vomacka wrote: >>> Hello, >>> >>> please review my patches which add webui for server roles. >>> >> Did not test yet. I'm waiting for rebase of backend. >> >> Patch

[Freeipa-devel] [PATCH 0412] Fix interaction between root zone and global forwarders

Hello, Fix interaction between root zone and global forwarders. Finally the following priority order should be respected in all circumstances: - root zone (highest priority) - server config in LDAP - global config in LDAP - named.conf https://fedorahosted.org/bind-dyndb-ldap/ticket/165 This

[Freeipa-devel] [PATCH 0409-0411] Parse idnsServerConfigObject and use its values for forwarder configuration Add LDAP schema for per-server config in LDAP Add server_ldap_settings layer to tree of se

Hello, this patch set implements forwarder configuration in idnsServerConfigObject. https://fedorahosted.org/bind-dyndb-ldap/ticket/162 -- Petr^2 Spacek From 5fc2de3c7e43acc0cb776006b62d8d88a22f2d44 Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Tue, 7 Jun 2016 12:40:03

[Freeipa-devel] [PATCH 0408] Do not apply forwarding configuration for disabled master zones

Hello, Do not apply forwarding configuration for disabled master zones. We have to respect idnsZoneActive attribute when calling fwd_configure_zone(). https://fedorahosted.org/bind-dyndb-ldap/ticket/164 -- Petr^2 Spacek From 1c59eeb30b5a3bf5a1b7626b029f400b86821554 Mon Sep 17 00:00:00 2001

Re: [Freeipa-devel] thin client regressions: otptoken

On Wed, 08 Jun 2016, Jan Cholasta wrote: On 7.6.2016 10:41, Alexander Bokovoy wrote: On Tue, 07 Jun 2016, Jan Cholasta wrote: On 7.6.2016 10:17, Alexander Bokovoy wrote: ipa: ERROR: AttributeError: 'str' object has no attribute 'decode' Traceback (most recent call last): File

Re: [Freeipa-devel] [PATCH 0403-0407] Preparation work for per-server config in LDAP

On 7.6.2016 12:09, Petr Spacek wrote: > Hello, > > this patch set is preparation work for per-server config in LDAP, which is > required for DNS location in IPA. > > This patch set should not cause any user-visible changes. > > https://fedorahosted.org/bind-dyndb-ldap/ticket/162 Here is

Re: [Freeipa-devel] [PATCH] 0041: webui: add create/retrieve keytab tables for hosts

On 06/08/2016 02:20 PM, Petr Vobornik wrote: On 06/06/2016 04:17 PM, Pavel Vomacka wrote: Hello, please review attached patch. Ticket: https://fedorahosted.org/freeipa/ticket/5931 Also tables for host groups are needed. + the same UI should be also on host page. Added, please see

Re: [Freeipa-devel] [PATCH] 0066 Load server plugins in certmonger renewal helper

On 8.6.2016 07:22, Fraser Tweedale wrote: Client/server plugin split apparently broke the certmonger renewal helper (https://fedorahosted.org/freeipa/ticket/5943). Please review attached patch - hopefully it is correct way to fix it. It is the correct way. Thanks for the patch, ACK. Pushed

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

On 06/08/2016 02:09 PM, Petr Vobornik wrote: On 06/08/2016 10:07 AM, Petr Spacek wrote: On 7.6.2016 15:11, Stanislav Laznicka wrote: Hello, Thank you for your patch. As the thin-client patches were pushed in the meantime, the patch won't apply. Could you please send a rebased version? Also,

Re: [Freeipa-devel] thin client regressions: otptoken

On 7.6.2016 10:41, Alexander Bokovoy wrote: On Tue, 07 Jun 2016, Jan Cholasta wrote: On 7.6.2016 10:17, Alexander Bokovoy wrote: ipa: ERROR: AttributeError: 'str' object has no attribute 'decode' Traceback (most recent call last): File "/usr/lib/python3.5/site-packages/ipalib/cli.py", line

Re: [Freeipa-devel] [WIP] Thin client

On 8.6.2016 14:40, Martin Babinsky wrote: On 06/08/2016 02:11 PM, David Kupka wrote: On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for

Re: [Freeipa-devel] [WIP] Thin client

On 06/08/2016 02:11 PM, David Kupka wrote: On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review.

Re: [Freeipa-devel] [PATCH] 0041: webui: add create/retrieve keytab tables for hosts

On 06/06/2016 04:17 PM, Pavel Vomacka wrote: > Hello, > > please review attached patch. > > Ticket: https://fedorahosted.org/freeipa/ticket/5931 > Also tables for host groups are needed. + the same UI should be also on host page. -- Petr Vobornik -- Manage your subscription for the

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 06/07/2016 10:42 AM, Martin Basti wrote: On 07.06.2016 10:43, Jan Cholasta wrote: On 7.6.2016 10:22, Martin Basti wrote: On 07.06.2016 09:07, Jan Cholasta wrote: On 6.6.2016 18:29, Martin Basti wrote: On 03.06.2016 14:28, Stanislav Laznicka wrote: On 06/03/2016 02:19 PM, Martin

Re: [Freeipa-devel] [WIP] Thin client

On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review. The rest is subject to change (WARNING: I

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

On 06/08/2016 10:07 AM, Petr Spacek wrote: > On 7.6.2016 15:11, Stanislav Laznicka wrote: >> Hello, >> >> Thank you for your patch. As the thin-client patches were pushed in the >> meantime, the patch won't apply. Could you please send a rebased version? >> >> Also, I have a few comments to the

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

On 06/08/2016 10:07 AM, Petr Spacek wrote: On 7.6.2016 15:11, Stanislav Laznicka wrote: Hello, Thank you for your patch. As the thin-client patches were pushed in the meantime, the patch won't apply. Could you please send a rebased version? Also, I have a few comments to the patch: 1) I

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On 8.6.2016 13:37, Pavel Vomacka wrote: On 06/08/2016 01:21 PM, Pavel Vomacka wrote: On 06/08/2016 05:15 AM, Fraser Tweedale wrote: On Tue, Jun 07, 2016 at 03:42:22PM +1000, Fraser Tweedale wrote: On Wed, Jun 01, 2016 at 02:51:04PM +1000, Fraser Tweedale wrote: Hi team, This patchset

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On 06/08/2016 01:21 PM, Pavel Vomacka wrote: On 06/08/2016 05:15 AM, Fraser Tweedale wrote: On Tue, Jun 07, 2016 at 03:42:22PM +1000, Fraser Tweedale wrote: On Wed, Jun 01, 2016 at 02:51:04PM +1000, Fraser Tweedale wrote: Hi team, This patchset implements the 'ca' plugin for creating

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On 06/08/2016 05:15 AM, Fraser Tweedale wrote: On Tue, Jun 07, 2016 at 03:42:22PM +1000, Fraser Tweedale wrote: On Wed, Jun 01, 2016 at 02:51:04PM +1000, Fraser Tweedale wrote: Hi team, This patchset implements the 'ca' plugin for creating and managing lightweight sub-CAs, and updates the

Re: [Freeipa-devel] [PATCH] 0006 add context to exception on LdapEntry decode error

On 06/08/2016 01:13 PM, Stanislav Laznicka wrote: On 06/07/2016 05:11 PM, Florence Blanc-Renaud wrote: On 06/07/2016 04:08 PM, Stanislav Laznicka wrote: On 06/06/2016 02:47 PM, Florence Blanc-Renaud wrote: Hi, please find attached the patch for Ticket 5434 add context to exception on

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On 8.6.2016 05:15, Fraser Tweedale wrote: On Tue, Jun 07, 2016 at 03:42:22PM +1000, Fraser Tweedale wrote: On Wed, Jun 01, 2016 at 02:51:04PM +1000, Fraser Tweedale wrote: Hi team, This patchset implements the 'ca' plugin for creating and managing lightweight sub-CAs, and updates the 'caacl'

Re: [Freeipa-devel] [PATCH] 0052..0054 Configure lightweight CA key replication

On 6.6.2016 15:32, Fraser Tweedale wrote: On Wed, Jun 01, 2016 at 02:49:29PM +1000, Fraser Tweedale wrote: Updated patches attached; comments inline. On Thu, May 05, 2016 at 04:52:29PM +1000, Fraser Tweedale wrote: I would rather add a new ACI than have one super-ACI for everything. That way

Re: [Freeipa-devel] [PATCH] 0051 Allow CustodiaClient to be used by arbitrary principals

On 6.6.2016 15:25, Fraser Tweedale wrote: On Wed, Jun 01, 2016 at 02:49:06PM +1000, Fraser Tweedale wrote: Updated patch attached; comments inline below. On Mon, Apr 25, 2016 at 07:55:46AM +0200, Jan Cholasta wrote: I think it would be better to merge the `client` and `client_servicename`

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

On 7.6.2016 15:11, Stanislav Laznicka wrote: > Hello, > > Thank you for your patch. As the thin-client patches were pushed in the > meantime, the patch won't apply. Could you please send a rebased version? > > Also, I have a few comments to the patch: > > 1) I think that the commit message