Re: [Freeipa-devel] [PATCH] 0045-47: webui: Sub-CAs

2016-06-13 Thread Fraser Tweedale
On Mon, Jun 13, 2016 at 07:48:58PM +0200, Pavel Vomacka wrote: > > > On 06/13/2016 06:55 AM, Fraser Tweedale wrote: > > On Fri, Jun 10, 2016 at 04:34:33PM +0200, Pavel Vomacka wrote: > > > Hello, > > > > > > please review these new patches which add WebUI for Sub-CAs. > > > > > >

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

2016-06-13 Thread Fraser Tweedale
On Tue, Jun 14, 2016 at 02:19:27AM +1000, Fraser Tweedale wrote: > On Mon, Jun 13, 2016 at 04:35:54PM +0200, Martin Babinsky wrote: > > > > > > > > > > Hi Fraser, > > > > > > > > > > during functional review I found the following issues: > > > > > > > > > > 1.) > > > > > > > > > > If I create

Re: [Freeipa-devel] [PATCH] 0045-47: webui: Sub-CAs

2016-06-13 Thread Pavel Vomacka
On 06/13/2016 06:55 AM, Fraser Tweedale wrote: On Fri, Jun 10, 2016 at 04:34:33PM +0200, Pavel Vomacka wrote: Hello, please review these new patches which add WebUI for Sub-CAs. https://fedorahosted.org/freeipa/ticket/5939 Hi Pavel, I have reviewed the functionality of the patches.

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

2016-06-13 Thread Fraser Tweedale
On Mon, Jun 13, 2016 at 04:35:54PM +0200, Martin Babinsky wrote: > > > > > > > > Hi Fraser, > > > > > > > > during functional review I found the following issues: > > > > > > > > 1.) > > > > > > > > If I create a CAACL rule tied to a specific sub-CA let's say for user > > > > certificate

Re: [Freeipa-devel] [PATCH 0103-4] installer: Fix single command replica install with --setup-dns

2016-06-13 Thread Martin Basti
On 09.06.2016 16:16, Martin Babinsky wrote: On 06/09/2016 08:16 AM, David Kupka wrote: Should go into master, ipa-4-3 and ipa-4-2. https://fedorahosted.org/freeipa/ticket/5945 Works for me, ACK Pushed to master: * 54318d1a2c5133fc3a735872b7edc3cfacb032f9 installer: positional_arguments

Re: [Freeipa-devel] [PATCH] 0019 ipapwd_extop should take precedence over default DS plugin

2016-06-13 Thread Alexander Bokovoy
On Mon, 13 Jun 2016, thierry bordaz wrote: On 06/13/2016 04:57 PM, Alexander Bokovoy wrote: On Mon, 13 Jun 2016, thierry bordaz wrote: This is the fix for https://fedorahosted.org/freeipa/ticket/5944 From 2838fbfc7a22b9bc0c1c4dfaf3660d1ac7099461 Mon Sep 17 00:00:00 2001 From: Thierry

Re: [Freeipa-devel] [PATCHES 0146-0152] Server Roles v2

2016-06-13 Thread Martin Basti
On 13.06.2016 07:26, Jan Cholasta wrote: On 12.6.2016 17:29, Martin Babinsky wrote: On 06/10/2016 05:42 PM, Martin Babinsky wrote: On 06/10/2016 02:22 PM, Jan Cholasta wrote: On 9.6.2016 17:06, Martin Babinsky wrote: On 06/09/2016 03:54 PM, Petr Vobornik wrote: On 06/09/2016 01:02 PM,

[Freeipa-devel] Updated External EPEL CentOS 7 COPR builds are now available . . .

2016-06-13 Thread Matthew Harmsen
An updated external EPEL CentOS 7 COPR repo is available now available which contains Dogtag 10.3.2 builds: * https://copr.fedorainfracloud.org/coprs/g/pki/10.3.2/repo/epel-7/group_pki-10.3.2-epel-7.repo [group_pki-10.3.2] name=Copr repo for 10.3.2 owned by @pki

Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree

2016-06-13 Thread Alexander Bokovoy
On Mon, 13 Jun 2016, thierry bordaz wrote: From fff11869d8cf3dfe98471e018c10926fc23b13da Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Fri, 10 Jun 2016 15:34:40 +0200 Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop plugin ipapwd_extop allows

Re: [Freeipa-devel] [PATCH] 0019 ipapwd_extop should take precedence over default DS plugin

2016-06-13 Thread Alexander Bokovoy
On Mon, 13 Jun 2016, thierry bordaz wrote: This is the fix for https://fedorahosted.org/freeipa/ticket/5944 From 2838fbfc7a22b9bc0c1c4dfaf3660d1ac7099461 Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Wed, 8 Jun 2016 14:03:42 +0200 Subject: [PATCH] Make sure

Re: [Freeipa-devel] [PATCH 0503-0513] DNS locations

2016-06-13 Thread Petr Spacek
On 13.6.2016 14:57, Martin Basti wrote: > Patches attached. > > https://fedorahosted.org/freeipa/ticket/2008 > > > Missing parts: dns-server config, some warnings from design, some corner, > cleanup of old unused location records cases, this will be covered in future > patches >

[Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree

2016-06-13 Thread thierry bordaz
Hello, In order to support the update of the password (and krbkey) of an entry in the compat tree, it requires that: 1. DS (https://fedorahosted.org/389/ticket/48880) --> already fixed It should support registration of pre/post extended operation and call them upon extended operation

[Freeipa-devel] [PATCH] 0019 ipapwd_extop should take precedence over default DS plugin

2016-06-13 Thread thierry bordaz
This is the fix for https://fedorahosted.org/freeipa/ticket/5944 >From 2838fbfc7a22b9bc0c1c4dfaf3660d1ac7099461 Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Wed, 8 Jun 2016 14:03:42 +0200 Subject: [PATCH] Make sure ipapwd_extop takes precedence over

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-13 Thread thierry bordaz
The fix is good for me. ACK thanks thierry On 06/13/2016 10:04 AM, Ludwig Krispenz wrote: revised patch (v2) attached: changed log level fixed order of statements in freeing host list On 06/10/2016 05:56 PM, Ludwig Krispenz wrote: On 06/10/2016 05:41 PM, thierry bordaz wrote: On

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

2016-06-13 Thread Fraser Tweedale
On Mon, Jun 13, 2016 at 11:17:21PM +1000, Fraser Tweedale wrote: > On Mon, Jun 13, 2016 at 12:48:18PM +0200, Martin Babinsky wrote: > > On 06/13/2016 08:59 AM, Jan Cholasta wrote: > > > On 13.6.2016 08:38, Fraser Tweedale wrote: > > > > On Fri, Jun 10, 2016 at 12:48:00AM +1000, Fraser Tweedale

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

2016-06-13 Thread Fraser Tweedale
On Mon, Jun 13, 2016 at 12:48:18PM +0200, Martin Babinsky wrote: > On 06/13/2016 08:59 AM, Jan Cholasta wrote: > > On 13.6.2016 08:38, Fraser Tweedale wrote: > > > On Fri, Jun 10, 2016 at 12:48:00AM +1000, Fraser Tweedale wrote: > > > > On Thu, Jun 09, 2016 at 12:36:35PM +0200, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH 0503-0513] DNS locations

2016-06-13 Thread Martin Basti
On 13.06.2016 14:57, Martin Basti wrote: Patches attached. https://fedorahosted.org/freeipa/ticket/2008 Missing parts: dns-server config, some warnings from design, some corner, cleanup of old unused location records cases, this will be covered in future patches It should be 'corner

[Freeipa-devel] [PATCH 0503-0513] DNS locations

2016-06-13 Thread Martin Basti
Patches attached. https://fedorahosted.org/freeipa/ticket/2008 Missing parts: dns-server config, some warnings from design, some corner, cleanup of old unused location records cases, this will be covered in future patches From 4d874230246a1b888035b4c723cb15568f11ca80 Mon Sep 17 00:00:00

Re: [Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

2016-06-13 Thread Martin Babinsky
On 06/07/2016 10:14 AM, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5775 Umm, wouldn't it be better to augment the `Service.start()/restart()` methods themselves with parameters that will suppress exception raising and log an error instead of copy-pasting try: ...

Re: [Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

2016-06-13 Thread Florence Blanc-Renaud
On 06/07/2016 10:14 AM, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5775 LGTM, ACK -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [Test][Patch-0043-0045] DNSSec key rotation test

2016-06-13 Thread Oleg Fayans
Hi guys, Here is a test for dnssec key rotation mechanism. The full set of commands works perfectly when run manually (even in the mode of a full copy-pasting from the test). However, when run automatically, the test always fails as `dig +rrcomments test.here DS` does not display zone keytag. I

Re: [Freeipa-devel] [PATCH 0501] Revert: switch /usr/bin/ipa to python3

2016-06-13 Thread Jan Cholasta
On 10.6.2016 10:57, Martin Basti wrote: On 10.06.2016 06:17, Jan Cholasta wrote: On 9.6.2016 20:57, Martin Basti wrote: Py3 support was enabled prematurely, attached patches removes python3 from /usr/bin/ipa Notes: * ipa 4.3.x won't have enabled py3 * master (ipa 4.4+) will have disabled

Re: [Freeipa-devel] [PATCH 0491] Fix: Local variable s_indent might be referenced before defined

2016-06-13 Thread Martin Basti
On 01.06.2016 16:13, Martin Babinsky wrote: On 06/01/2016 03:59 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5921 Patch attached. ACK Pushed to master: 493ae1e5028c6ce8a0888146ee3de6c798caa55f -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] 0051: webui: correct jslint warning

2016-06-13 Thread Martin Basti
On 13.06.2016 13:50, Martin Basti wrote: On 13.06.2016 12:20, Pavel Vomacka wrote: On 06/13/2016 12:00 PM, Pavel Vomacka wrote: Hello, I forgot to run jslint during the last review and there was one warning, so this patch fixes it. -- Pavel^3 Vomacka Added ticket to the commit

Re: [Freeipa-devel] [PATCH] 0051: webui: correct jslint warning

2016-06-13 Thread Martin Basti
On 13.06.2016 12:20, Pavel Vomacka wrote: On 06/13/2016 12:00 PM, Pavel Vomacka wrote: Hello, I forgot to run jslint during the last review and there was one warning, so this patch fixes it. -- Pavel^3 Vomacka Added ticket to the commit message. Would be nice to have covered

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

2016-06-13 Thread Martin Babinsky
On 06/13/2016 08:59 AM, Jan Cholasta wrote: On 13.6.2016 08:38, Fraser Tweedale wrote: On Fri, Jun 10, 2016 at 12:48:00AM +1000, Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 12:36:35PM +0200, Jan Cholasta wrote: On 9.6.2016 11:10, Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 10:12:40AM

Re: [Freeipa-devel] [PATCH 0492] Translations: update ipa-4-3 translations

2016-06-13 Thread Martin Basti
On 13.06.2016 12:25, Martin Babinsky wrote: On 06/13/2016 11:48 AM, Martin Basti wrote: On 13.06.2016 09:33, Lukas Slebodnik wrote: On (09/06/16 12:32), Martin Basti wrote: On 07.06.2016 12:51, Martin Babinsky wrote: On 06/01/2016 05:10 PM, Martin Basti wrote: Patch attached. ACK

Re: [Freeipa-devel] [PATCH 0492] Translations: update ipa-4-3 translations

2016-06-13 Thread Martin Babinsky
On 06/13/2016 11:48 AM, Martin Basti wrote: On 13.06.2016 09:33, Lukas Slebodnik wrote: On (09/06/16 12:32), Martin Basti wrote: On 07.06.2016 12:51, Martin Babinsky wrote: On 06/01/2016 05:10 PM, Martin Basti wrote: Patch attached. ACK Pushed to ipa-4-3:

Re: [Freeipa-devel] [PATCH] 0051: webui: correct jslint warning

2016-06-13 Thread Pavel Vomacka
On 06/13/2016 12:00 PM, Pavel Vomacka wrote: Hello, I forgot to run jslint during the last review and there was one warning, so this patch fixes it. -- Pavel^3 Vomacka Added ticket to the commit message. From 21a8d78e680e06389b17447ecac34fa1042bda2e Mon Sep 17 00:00:00 2001 From:

Re: [Freeipa-devel] [PATCH 0492] Translations: update ipa-4-3 translations

2016-06-13 Thread Martin Basti
On 13.06.2016 09:33, Lukas Slebodnik wrote: On (09/06/16 12:32), Martin Basti wrote: On 07.06.2016 12:51, Martin Babinsky wrote: On 06/01/2016 05:10 PM, Martin Basti wrote: Patch attached. ACK Pushed to ipa-4-3: 22fcf65cd1b674b21496b677818a8c75adcd70a6 I am not sure but it's very

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

2016-06-13 Thread Petr Vobornik
On 06/10/2016 06:31 PM, Stanislav Laznicka wrote: > On 06/08/2016 02:06 PM, Florence Blanc-Renaud wrote: >> On 06/08/2016 10:07 AM, Petr Spacek wrote: >>> On 7.6.2016 15:11, Stanislav Laznicka wrote: Hello, Thank you for your patch. As the thin-client patches were pushed in the

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-13 Thread Ludwig Krispenz
revised patch (v2) attached: changed log level fixed order of statements in freeing host list On 06/10/2016 05:56 PM, Ludwig Krispenz wrote: On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi

Re: [Freeipa-devel] [PATCH 0413-0416] Support fake_mname option in per-server configuration in LDAP

2016-06-13 Thread Petr Spacek
On 11.6.2016 20:36, Petr Spacek wrote: > Hello, > > Support fake_mname option in per-server configuration in LDAP. > > https://fedorahosted.org/bind-dyndb-ldap/ticket/162 > > > Patch set contains necessary infrastructure changes so the configuration is > read before zone loading starts. This

Re: [Freeipa-devel] [PATCH 0492] Translations: update ipa-4-3 translations

2016-06-13 Thread Lukas Slebodnik
On (09/06/16 12:32), Martin Basti wrote: > > >On 07.06.2016 12:51, Martin Babinsky wrote: >> On 06/01/2016 05:10 PM, Martin Basti wrote: >> > Patch attached. >> > >> ACK >> >Pushed to ipa-4-3: 22fcf65cd1b674b21496b677818a8c75adcd70a6 > I am not sure but it's very likely that this patch broke

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

2016-06-13 Thread Jan Cholasta
On 13.6.2016 08:38, Fraser Tweedale wrote: On Fri, Jun 10, 2016 at 12:48:00AM +1000, Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 12:36:35PM +0200, Jan Cholasta wrote: On 9.6.2016 11:10, Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 10:12:40AM +0200, Jan Cholasta wrote: On 9.6.2016 08:44,

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

2016-06-13 Thread Fraser Tweedale
On Fri, Jun 10, 2016 at 12:48:00AM +1000, Fraser Tweedale wrote: > On Thu, Jun 09, 2016 at 12:36:35PM +0200, Jan Cholasta wrote: > > On 9.6.2016 11:10, Fraser Tweedale wrote: > > > On Thu, Jun 09, 2016 at 10:12:40AM +0200, Jan Cholasta wrote: > > > > On 9.6.2016 08:44, Fraser Tweedale wrote: > > >