[Freeipa-devel] beware of 389-ds-base-1.3.5.4-1.fc24.x86_64: weird filter/ACI evaluation

Hello, TL;DR version: Upgrade to 389-ds-base-1.3.5.6-1.fc24. I was facing weird filter/ACI evaluation with 389 DS 389-ds-base-1.3.5.4-1.fc24.x86_64. Here is full story (written before I realized that DS is old one ...): Test First, let's try LDAP search with OR filter consisting of 5

Re: [Freeipa-devel] [PATCH] Fix minor typos

On 15.6.2016 20:57, Yuri Chornoivan wrote: > Hi, > > There are several minor typos in the new portion of FreeIPA code (see the > patch attached). > > Thanks for fixing them. Thank *you* for fixing them! ACK -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [PATCH] Fix minor typos

Hi, There are several minor typos in the new portion of FreeIPA code (see the patch attached). Thanks for fixing them. Best regards, Yuri 0001-Fix-minor-typos.patch Description: Binary data -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] Schema caching for thin client

On 06/15/2016 02:36 PM, David Kupka wrote: > Hello! > Schema caching for thin client is available here: > > https://github.com/dkupka/freeipa/commits/schema_cache > > Comments and reviews welcome. > > Enjoy! Not doing proper review. I'll test by using it. But: 1. lint fails Pylint is

Re: [Freeipa-devel] [PATCH] 0021 slapi-nis should allow password update on a virtual entry

Thanks Alexander for the review. You are right I forgot to remove those lines during the cleanup. thanks thierry On 06/15/2016 05:54 PM, Alexander Bokovoy wrote: On Wed, 15 Jun 2016, thierry bordaz wrote: From 6cd06b9004f8ab72e13c26742d11ee31d30bbc79 Mon Sep 17 00:00:00 2001 From: Thierry

Re: [Freeipa-devel] [PATCH 0041] Increase nsslapd-db-locks

On 14.06.2016 16:27, Martin Basti wrote: On 09.06.2016 12:42, Stanislav Laznicka wrote: On 06/07/2016 08:56 AM, thierry bordaz wrote: On 06/06/2016 07:23 PM, Martin Basti wrote: On 03.06.2016 13:38, Stanislav Laznicka wrote: Hello, The attached patch implements solution to

Re: [Freeipa-devel] [PATCH 0033] Fix CA being presented as running even if it weren't

On 02.06.2016 19:21, Martin Basti wrote: On 31.05.2016 16:32, Stanislav Laznicka wrote: On 05/31/2016 11:40 AM, Stanislav Laznicka wrote: On 05/31/2016 10:22 AM, Stanislav Laznicka wrote: On 05/30/2016 12:54 PM, Jan Cholasta wrote: On 30.5.2016 12:36, Martin Basti wrote: On 26.05.2016

Re: [Freeipa-devel] [PATCH] 0021 slapi-nis should allow password update on a virtual entry

On Wed, 15 Jun 2016, thierry bordaz wrote: From 6cd06b9004f8ab72e13c26742d11ee31d30bbc79 Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Mon, 13 Jun 2016 18:13:04 +0200 Subject: [PATCH] slapi-nis should allow password update on a virtual entry During password

Re: [Freeipa-devel] [PATCH] 0021 slapi-nis should allow password update on a virtual entry

On 15.06.2016 17:19, thierry bordaz wrote: Hello, This patch is for https://fedorahosted.org/freeipa/ticket/5955 Please put this link to commit message This is the last patch related "IdM user password change support for legacy client compat tree" * It requires DS > 1.3.5.5

Re: [Freeipa-devel] [PATCH 0503-0513, 0515-0519] DNS locations

On 15.6.2016 15:45, Martin Basti wrote: > > > On 15.06.2016 14:52, Martin Basti wrote: >> >> Hydra patching: Updated patches attached + new patches for dnsserver-* >> commands attached >>> >>> >> Updated+rebased patches after Honza's interactive review >> >> > Minor nitpick fixed > > >

Re: [Freeipa-devel] [PATCH] 0068 upgrade: do not try to start CA if not configured

On 15.06.2016 17:19, Martin Basti wrote: On 15.06.2016 17:17, Martin Basti wrote: On 15.06.2016 16:41, Petr Spacek wrote: On 15.6.2016 14:18, Fraser Tweedale wrote: Attached patch fixes https://fedorahosted.org/freeipa/ticket/5958. The regression was introduced in fix for

[Freeipa-devel] [PATCH] 0021 slapi-nis should allow password update on a virtual entry

Hello, This patch is for https://fedorahosted.org/freeipa/ticket/5955 This is the last patch related "IdM user password change support for legacy client compat tree" * It requires DS > 1.3.5.5 (https://fedorahosted.org/389/ticket/48880) * PATCH 0020

Re: [Freeipa-devel] [PATCH] 0068 upgrade: do not try to start CA if not configured

On 15.06.2016 17:17, Martin Basti wrote: On 15.06.2016 16:41, Petr Spacek wrote: On 15.6.2016 14:18, Fraser Tweedale wrote: Attached patch fixes https://fedorahosted.org/freeipa/ticket/5958. The regression was introduced in fix for https://fedorahosted.org/freeipa/ticket/5868. It works

Re: [Freeipa-devel] [PATCH] 0068 upgrade: do not try to start CA if not configured

On 15.06.2016 16:41, Petr Spacek wrote: On 15.6.2016 14:18, Fraser Tweedale wrote: Attached patch fixes https://fedorahosted.org/freeipa/ticket/5958. The regression was introduced in fix for https://fedorahosted.org/freeipa/ticket/5868. It works for me, ACK. Pushed to master:

Re: [Freeipa-devel] [freeipa-devel][PATCH] Added missing translation to automount.py method

On 15.06.2016 11:13, Abhijeet Kasurde wrote: Hi All, Please review the attached patch. Fixes: https://fedorahosted.org/freeipa/ticket/5920 Thank you for the patch, Please follow this page for howto create internationalized strings:

[Freeipa-devel] provisioning and RetroCL/Content_Sync

Hello, The subject of provisioning was discussed https://www.redhat.com/archives/freeipa-devel/2016-May/msg00065.html. The documentation of the provisioning procedure is still going on but reviewing it I have a doubt about RetroCL/Content_Sync. Provisioning will be done with high

[Freeipa-devel] [PATCH] 0053: webui: allow to set weight of server without location

Hello, I've found a small bug in locations in WebUI. It is not allowed to set weight of a server with no location (i.e. adding new server). Attached patch allows that. https://fedorahosted.org/freeipa/ticket/5905 -- Pavel^3 Vomacka From 1fc29c625bfcd5fc4a3eb5b6293986d7f9bacb2f Mon Sep 17

[Freeipa-devel] [PATCH] Schema caching for thin client

Hello! Schema caching for thin client is available here: https://github.com/dkupka/freeipa/commits/schema_cache Comments and reviews welcome. Enjoy! -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute

Re: [Freeipa-devel] [PATCH 0153-0158] move ipa-replica-manage del functionality into server-del

On 06/15/2016 10:30 AM, Jan Cholasta wrote: Hi, On 12.6.2016 17:31, Martin Babinsky wrote: On 06/09/2016 08:12 PM, Martin Babinsky wrote: These patches expand `server_del` to a full fledged IPA master killer in domain level 1. Due to 'server uninstallation removed master from topology' use

[Freeipa-devel] [PATCH] 0068 upgrade: do not try to start CA if not configured

Attached patch fixes https://fedorahosted.org/freeipa/ticket/5958. The regression was introduced in fix for https://fedorahosted.org/freeipa/ticket/5868. Thanks, Fraser From 9c6c1e2fb18f87b9e7e64756fd69e10b5949fb82 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 15

Re: [Freeipa-devel] Using JSON for tlog config files

On 15.6.2016 13:52, Nikolai Kondrashov wrote: > On 06/15/2016 02:41 PM, Martin Kosek wrote: >> Removing the secondary list from this discussion. >> >> On 06/15/2016 01:29 PM, Nikolai Kondrashov wrote: >>> Hi Simo, >>> >>> On 06/15/2016 12:25 AM, Simo Sorce wrote: On Tue, 2016-06-14 at 16:40

Re: [Freeipa-devel] [WIP] Thin client

On 15.6.2016 13:56, David Kupka wrote: On 06/15/2016 01:33 PM, David Kupka wrote: On 04/28/2016 02:45 PM, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for

Re: [Freeipa-devel] [WIP] Thin client

On 06/15/2016 01:33 PM, David Kupka wrote: On 04/28/2016 02:45 PM, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for

Re: [Freeipa-devel] [PATCH 0159-0160] emancipate IPA NTP service into role

On 15.06.2016 13:29, Petr Spacek wrote: On 15.6.2016 09:57, Martin Basti wrote: On 15.06.2016 09:55, Petr Vobornik wrote: On 06/14/2016 07:28 PM, Martin Basti wrote: On 14.06.2016 18:58, Martin Babinsky wrote: On 06/14/2016 05:06 PM, Martin Basti wrote: On 12.06.2016 17:37, Martin

Re: [Freeipa-devel] Using JSON for tlog config files

On 06/15/2016 02:41 PM, Martin Kosek wrote: Removing the secondary list from this discussion. On 06/15/2016 01:29 PM, Nikolai Kondrashov wrote: Hi Simo, On 06/15/2016 12:25 AM, Simo Sorce wrote: On Tue, 2016-06-14 at 16:40 +0300, Nikolai Kondrashov wrote: Although this was mentioned several

Re: [Freeipa-devel] Using JSON for tlog config files

Removing the secondary list from this discussion. On 06/15/2016 01:29 PM, Nikolai Kondrashov wrote: > Hi Simo, > > On 06/15/2016 12:25 AM, Simo Sorce wrote: >> On Tue, 2016-06-14 at 16:40 +0300, Nikolai Kondrashov wrote: >>> Although this was mentioned several times before, I'd like to bring

Re: [Freeipa-devel] [WIP] Thin client

On 04/28/2016 02:45 PM, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review. The rest is subject to change (WARNING:

Re: [Freeipa-devel] Using JSON for tlog config files

Hi Simo, On 06/15/2016 12:25 AM, Simo Sorce wrote: On Tue, 2016-06-14 at 16:40 +0300, Nikolai Kondrashov wrote: Although this was mentioned several times before, I'd like to bring additional attention to the idea of using config files written in JSON for tlog, because there were some concerns

Re: [Freeipa-devel] [PATCH 0159-0160] emancipate IPA NTP service into role

On 15.6.2016 09:57, Martin Basti wrote: > > > On 15.06.2016 09:55, Petr Vobornik wrote: >> On 06/14/2016 07:28 PM, Martin Basti wrote: >>> >>> On 14.06.2016 18:58, Martin Babinsky wrote: On 06/14/2016 05:06 PM, Martin Basti wrote: > > On 12.06.2016 17:37, Martin Babinsky wrote:

Re: [Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate

On 14.6.2016 11:44, Jan Cholasta wrote: On 21.4.2016 09:11, Jan Cholasta wrote: On 6.4.2016 15:46, Pavel Vomacka wrote: On 03/16/2016 01:50 PM, Jan Cholasta wrote: Hi, the attached patches implement the server-side part of . Honza Hi, thank

Re: [Freeipa-devel] Another batch of Python 3 patches

On Wed, 15 Jun 2016, Petr Spacek wrote: master: * f753ad322dfdd81907a309827bddfcb1e47917a7 test_xmlrpc: Use absolute imports * 6406c7a5935e9fb9cd41af49f67d6200021b3574 xmlrpc_test: Rename exception instance before working with it * 890f83b0bbd5ec03397e817ed1282fa66efab7da radiusproxy plugin:

Re: [Freeipa-devel] [PATCH 0153-0158] move ipa-replica-manage del functionality into server-del

Hi, On 12.6.2016 17:31, Martin Babinsky wrote: On 06/09/2016 08:12 PM, Martin Babinsky wrote: These patches expand `server_del` to a full fledged IPA master killer in domain level 1. Due to 'server uninstallation removed master from topology' use case, the individual steps are not in the same

Re: [Freeipa-devel] Another batch of Python 3 patches

> master: > * f753ad322dfdd81907a309827bddfcb1e47917a7 test_xmlrpc: Use absolute imports > * 6406c7a5935e9fb9cd41af49f67d6200021b3574 xmlrpc_test: Rename exception > instance before working with it > * 890f83b0bbd5ec03397e817ed1282fa66efab7da radiusproxy plugin: Use str(error) > rather than

Re: [Freeipa-devel] [PATCH] 0206 adtrust optimize forest root LDAP filter

On 15.06.2016 09:02, Martin Babinsky wrote: On 06/14/2016 04:45 PM, Alexander Bokovoy wrote: On Tue, 07 Jun 2016, Alexander Bokovoy wrote: Hi, `ipa trust-find' command should only show trusted forest root domains The child domains should be visible via ipa trustdomain-find forest.root

Re: [Freeipa-devel] [PATCH] 0045-47: webui: Sub-CAs

On 14.06.2016 18:30, Petr Vobornik wrote: On 06/14/2016 10:17 AM, Pavel Vomacka wrote: On 06/14/2016 06:42 AM, Fraser Tweedale wrote: On Mon, Jun 13, 2016 at 07:48:58PM +0200, Pavel Vomacka wrote: On 06/13/2016 06:55 AM, Fraser Tweedale wrote: On Fri, Jun 10, 2016 at 04:34:33PM +0200,

Re: [Freeipa-devel] [PATCH 0159-0160] emancipate IPA NTP service into role

On 15.06.2016 09:55, Petr Vobornik wrote: On 06/14/2016 07:28 PM, Martin Basti wrote: On 14.06.2016 18:58, Martin Babinsky wrote: On 06/14/2016 05:06 PM, Martin Basti wrote: On 12.06.2016 17:37, Martin Babinsky wrote: These two patches turn oft-neglected ntp service into a full fledged

Re: [Freeipa-devel] [PATCH 0159-0160] emancipate IPA NTP service into role

On 06/14/2016 07:28 PM, Martin Basti wrote: > > > On 14.06.2016 18:58, Martin Babinsky wrote: >> On 06/14/2016 05:06 PM, Martin Basti wrote: >>> >>> >>> On 12.06.2016 17:37, Martin Babinsky wrote: These two patches turn oft-neglected ntp service into a full fledged role whose status

Re: [Freeipa-devel] [PATCH] 0206 adtrust optimize forest root LDAP filter

On 06/14/2016 04:45 PM, Alexander Bokovoy wrote: On Tue, 07 Jun 2016, Alexander Bokovoy wrote: Hi, `ipa trust-find' command should only show trusted forest root domains The child domains should be visible via ipa trustdomain-find forest.root The difference between forest root (or external

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On Wed, Jun 15, 2016 at 07:30:26AM +0200, Jan Cholasta wrote: > On 15.6.2016 04:02, Fraser Tweedale wrote: > > On Tue, Jun 14, 2016 at 03:21:24PM +0200, Martin Babinsky wrote: > > > On 06/14/2016 04:55 AM, Fraser Tweedale wrote: > > > > On Tue, Jun 14, 2016 at 02:19:27AM +1000, Fraser Tweedale