Re: [Freeipa-devel] [PATCH 0019][Tests] Fix for failing location tests

On 06/21/2016 06:57 PM, Martin Basti wrote: On 21.06.2016 15:39, Lenka Doudova wrote: Hi, attaching patch for failing location tests (ipatests/test_xmlrpc/test_location_plugin.py). Lenka Hello, 1) +expected_updates={u'ipalocation_location': [location.idnsname_obj],

[Freeipa-devel] [PATCH 0096] Add authentication indicators support to Host objects

https://fedorahosted.org/freeipa/ticket/433 From c7254a9dd182b34665b50c45c5ece42a3cbc56e2 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Tue, 21 Jun 2016 14:19:03 -0400 Subject: [PATCH] Add authentication indicators support to Host objects

Re: [Freeipa-devel] [Test][Patch-0043-0045] DNSSec key rotation test

On 13.06.2016 14:42, Oleg Fayans wrote: Hi guys, Here is a test for dnssec key rotation mechanism. The full set of commands works perfectly when run manually (even in the mode of a full copy-pasting from the test). However, when run automatically, the test always fails as `dig +rrcomments

[Freeipa-devel] Announcing FreeIPA 4.4.0 alpha1

== FreeIPA 4.4.0 Alpha 1 === The FreeIPA team would like to announce FreeIPA v4.4.0 alpha1 release! A tarball can be downloaded from http://www.freeipa.org/page/Downloads == Highlights in 4.4.0 Alpha 1 == Enhancements: * Improved Topology Management

Re: [Freeipa-devel] [PATCH 0019][Tests] Fix for failing location tests

On 21.06.2016 15:39, Lenka Doudova wrote: Hi, attaching patch for failing location tests (ipatests/test_xmlrpc/test_location_plugin.py). Lenka Hello, 1) +expected_updates={u'ipalocation_location': [location.idnsname_obj], +

Re: [Freeipa-devel] [PATCH 0535] Replica promotion: check if IPA domain is the right one

On 21.06.2016 17:08, Petr Spacek wrote: On 21.6.2016 16:27, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5976 Client must have properly set domain to allow install replica Patch attached. ACK The CRITICAL message is awesome :-) master: *

[Freeipa-devel] [patch 0038-0040] Sub CA test patches

Hi Fraser and list, I have made changes to the test plan on the wiki [1] according to the information in "[Testplan review] Sub CAs" thread. I also implemented the tests in the test plan: patch 0038 - CATracker and CA CRUD test patch 0039 - extension to CA ACL test patch 0040 - functional test

Re: [Freeipa-devel] [PATCH] 0056 webui: Counterpart of dnsserver-{find, show, mod}

On 21.06.2016 16:44, Petr Vobornik wrote: On 06/16/2016 01:38 PM, Petr Spacek wrote: On 16.6.2016 12:09, Pavel Vomacka wrote: On 06/16/2016 12:06 PM, Pavel Vomacka wrote: Hello, please review attached patch. https://fedorahosted.org/freeipa/ticket/5905 Fixed commit message LGTM from

Re: [Freeipa-devel] [PATCH] Schema caching for thin client

On 21.06.2016 16:51, Jan Cholasta wrote: On 21.6.2016 16:33, Martin Basti wrote: On 21.06.2016 16:24, Jan Cholasta wrote: On 21.6.2016 15:11, Jan Cholasta wrote: On 16.6.2016 09:12, David Kupka wrote: On 06/15/2016 08:15 PM, Petr Vobornik wrote: On 06/15/2016 02:36 PM, David Kupka

Re: [Freeipa-devel] [PATCH] Schema caching for thin client

On 21.6.2016 16:33, Martin Basti wrote: On 21.06.2016 16:24, Jan Cholasta wrote: On 21.6.2016 15:11, Jan Cholasta wrote: On 16.6.2016 09:12, David Kupka wrote: On 06/15/2016 08:15 PM, Petr Vobornik wrote: On 06/15/2016 02:36 PM, David Kupka wrote: Hello! Schema caching for thin client is

Re: [Freeipa-devel] [PATCH] 0056 webui: Counterpart of dnsserver-{find, show, mod}

On 06/16/2016 01:38 PM, Petr Spacek wrote: > On 16.6.2016 12:09, Pavel Vomacka wrote: >> >> >> On 06/16/2016 12:06 PM, Pavel Vomacka wrote: >>> Hello, >>> >>> please review attached patch. >>> >>> https://fedorahosted.org/freeipa/ticket/5905 >>> >> Fixed commit message > > > LGTM from user's

Re: [Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

On 14.06.2016 17:26, Stanislav Laznicka wrote: -signerd_service.start() +try: +signerd_service.start() +except Exception as e: +root_logger.error("Unable to start '{svcname}': {err}" +

Re: [Freeipa-devel] [PATCH] 497 Update Developers in Contributors.txt

On 16.06.2016 15:55, Martin Kosek wrote: Since we are close to 4.4 release, let's add the latest contributors. (master branch should be enough). ACK Pushed to master: 858b74e66b529f4b7ff1c791e6101445b1d18174 -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] Schema caching for thin client

On 21.06.2016 16:24, Jan Cholasta wrote: On 21.6.2016 15:11, Jan Cholasta wrote: On 16.6.2016 09:12, David Kupka wrote: On 06/15/2016 08:15 PM, Petr Vobornik wrote: On 06/15/2016 02:36 PM, David Kupka wrote: Hello! Schema caching for thin client is available here:

Re: [Freeipa-devel] [PATCH] 0053: webui: allow to set weight of server without location

On 06/15/2016 03:49 PM, Pavel Vomacka wrote: > Hello, > > I've found a small bug in locations in WebUI. It is not allowed to set > weight of a server with no location (i.e. adding new server). Attached > patch allows that. > > https://fedorahosted.org/freeipa/ticket/5905 > > -- > Pavel^3

[Freeipa-devel] [PATCH 0535] Replica promotion: check if IPA domain is the right one

https://fedorahosted.org/freeipa/ticket/5976 Client must have properly set domain to allow install replica Patch attached. From c26362fcdd1e35ed736aeb1ed3d3ac2f6b336c87 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 21 Jun 2016 12:37:26 +0200 Subject: [PATCH]

Re: [Freeipa-devel] [PATCH] 0060: webui: Add dnsdefaultttl field on DNS Zone config page

On 21.06.2016 15:56, Petr Spacek wrote: On 21.6.2016 15:50, Pavel Vomacka wrote: Hello, please review the attached patch. It is counterpart of: https://fedorahosted.org/freeipa/ticket/2956 ACK Pushed to master: 75d2f9fe06f9f7c8d9f1b882b631fed739d35c75 -- Manage your subscription for the

Re: [Freeipa-devel] [PATCH] 0060: webui: Add dnsdefaultttl field on DNS Zone config page

On 21.6.2016 15:50, Pavel Vomacka wrote: > Hello, > > please review the attached patch. > > It is counterpart of: https://fedorahosted.org/freeipa/ticket/2956 ACK -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [PATCH] 0060: webui: Add dnsdefaultttl field on DNS Zone config page

Hello, please review the attached patch. It is counterpart of: https://fedorahosted.org/freeipa/ticket/2956 -- Pavel^3 Vomacka From 9ac60ab982aceff128542c3ca1c91f250347b464 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Tue, 21 Jun 2016 15:43:18 +0200 Subject:

[Freeipa-devel] [PATCH 0019][Tests] Fix for failing location tests

Hi, attaching patch for failing location tests (ipatests/test_xmlrpc/test_location_plugin.py). Lenka From 6fc64ea5574e730c5c4c733e4e1eeb60163f6163 Mon Sep 17 00:00:00 2001 From: Lenka Doudova Date: Tue, 21 Jun 2016 15:29:46 +0200 Subject: [PATCH] Tests: Fix for failing

Re: [Freeipa-devel] [PATCH] Schema caching for thin client

On 16.6.2016 09:12, David Kupka wrote: On 06/15/2016 08:15 PM, Petr Vobornik wrote: On 06/15/2016 02:36 PM, David Kupka wrote: Hello! Schema caching for thin client is available here: https://github.com/dkupka/freeipa/commits/schema_cache Comments and reviews welcome. Enjoy! Not doing

Re: [Freeipa-devel] [PATCH] 0048-50: webui: extend topology graph functionality

On 06/13/2016 10:48 AM, Pavel Vomacka wrote: > Hello, > > please review attached patches which extend topology graph > functionality. First two add possibility to create agreement using mouse > and the third one adds 'Autogenerated' placeholder. > > 0047,48:

Re: [Freeipa-devel] [PATCH] pylint fixes

On 21.06.2016 08:38, Florence Blanc-Renaud wrote: On 06/20/2016 07:08 PM, Martin Basti wrote: On 20.06.2016 19:06, Martin Basti wrote: On 20.06.2016 12:00, Florence Blanc-Renaud wrote: On 06/09/2016 05:10 PM, Petr Spacek wrote: Hello, I've received a bunch of pylint fixes produced by

Re: [Freeipa-devel] [PATCH 0134] DNS: Fix realm domains integration with DNS zone add

On 20.06.2016 19:03, Martin Basti wrote: On 20.06.2016 14:35, Petr Spacek wrote: Hello, DNS: Fix realm domains integration with DNS zone add. Realmdomains integration into DNS commands pre-dates split of DNS forward zones and DNS master zones into two distinct commands. There was an

Re: [Freeipa-devel] [PATCH] 0054-55: WebUI: extend DNS and trust config pages

On 21.06.2016 13:12, Pavel Vomacka wrote: Hello, please review attached patches - they extend DNS and trust config pages. https://fedorahosted.org/freeipa/ticket/5906 -- Pavel^3 Vomacka ACK master: * a7f937e82cd8fdfa457ef9ae7de227d7e2502c3b Extend DNS config page *

Re: [Freeipa-devel] [PATCH] 0059: webui: make 'Actions' strings translatable

On 21.06.2016 13:09, Petr Vobornik wrote: On 06/21/2016 12:34 PM, Martin Basti wrote: On 20.06.2016 20:48, Pavel Vomacka wrote: Hello, please review attached patch. -- Pavel^3 Vomacka Functional ACK Code ACK Pushed to master: 13e0d2e4d1c0da055644d87f1b8a9465b2ef6dfa -- Manage

[Freeipa-devel] [PATCH] 0054-55: WebUI: extend DNS and trust config pages

Hello, please review attached patches - they extend DNS and trust config pages. https://fedorahosted.org/freeipa/ticket/5906 -- Pavel^3 Vomacka From 8b637991feda190c53430d0f281eafab5d6f5250 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Wed, 15 Jun 2016 17:43:13 +0200

Re: [Freeipa-devel] [PATCH] 0059: webui: make 'Actions' strings translatable

On 06/21/2016 12:34 PM, Martin Basti wrote: > > > On 20.06.2016 20:48, Pavel Vomacka wrote: >> Hello, >> >> please review attached patch. >> >> -- >> >> Pavel^3 Vomacka >> >> >> > Functional ACK > > Code ACK -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0162] Do not update result of *-config-show with empty server attributes

On 21.06.2016 12:57, Pavel Vomacka wrote: On 06/20/2016 03:35 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5960 Hello, thank you for the patch, it works for me. But I didn't do the code review. -- Pavel^3 Vomacka code ACK Pushed to master:

Re: [Freeipa-devel] [WIP] Thin client

On 21.06.2016 07:53, Jan Cholasta wrote: On 20.6.2016 19:56, Martin Basti wrote: On 20.06.2016 18:48, Martin Basti wrote: On 20.06.2016 16:42, Jan Cholasta wrote: On 20.6.2016 16:13, David Kupka wrote: On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch

Re: [Freeipa-devel] [PATCH 0162] Do not update result of *-config-show with empty server attributes

On 06/20/2016 03:35 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5960 Hello, thank you for the patch, it works for me. But I didn't do the code review. -- Pavel^3 Vomacka -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0534] Updated translations for future IPA 4.4

On 21.06.2016 11:39, Martin Babinsky wrote: On 06/21/2016 10:48 AM, Martin Basti wrote: Exported from zanata. Patch attached. I found no problem when building from master branch with the updated translations. ACK. Pushed to master: 0787af8d5a1a75e25f73cc632c4c7ebdd212ad02 -- Manage

Re: [Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone

On 21.06.2016 11:55, Petr Spacek wrote: On 21.6.2016 10:00, Petr Spacek wrote: On 20.6.2016 19:15, Martin Basti wrote: On 20.06.2016 18:32, Petr Spacek wrote: On 20.6.2016 18:05, Martin Basti wrote: On 20.06.2016 16:57, Petr Spacek wrote: Hello, DNS: Warn about restart when default TTL

Re: [Freeipa-devel] [PATCH] 0059: webui: make 'Actions' strings translatable

On 20.06.2016 20:48, Pavel Vomacka wrote: Hello, please review attached patch. -- Pavel^3 Vomacka Functional ACK -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] Questions re. 3rd party certificates

Hi, On 21.6.2016 11:03, Florence Blanc-Renaud wrote: Hi, I am working on the following issues and I have questions re. 3rd party certificates: - https://fedorahosted.org/freeipa/ticket/4785 ipa-server-certinstall tracks the 3rd party cert it installs with certmonger -

[Freeipa-devel] [PATCH 0427-0431] Release bind-dyndb-ldap 10.0

Hello, pushed to master: 3d9e6072e6b212b7fa1b54be40bbc1e56941b400 Bump NVR to 10.0. be88f6a9f34c5b1ee0021d9cf0a0e4b4d5ce43ba Update NEWS for upcoming 10.0 release. d0530e6197ef36664e94ee8938b14d83145cfa8a Docs: Descibe record template (idnsTemplateObject). ee1239f79ddfa53619a8901de942ef44127ea67f

Re: [Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone

On 21.6.2016 10:00, Petr Spacek wrote: > On 20.6.2016 19:15, Martin Basti wrote: >> >> >> On 20.06.2016 18:32, Petr Spacek wrote: >>> On 20.6.2016 18:05, Martin Basti wrote: On 20.06.2016 16:57, Petr Spacek wrote: > Hello, > > DNS: Warn about restart when default TTL setting

[Freeipa-devel] [PATCH] 0076 Require Dogtag >= 10.3.3

Dogtag 10.3.3, which fixes a lightweight CA initialisation bug, should land in updates-testing soon[2]. Pursuant to [2], this patch bumps minimum required Dogtag version to 10.3.3. [1] https://bodhi.fedoraproject.org/updates/?packages=pki-core [2]

Re: [Freeipa-devel] [PATCH 0534] Updated translations for future IPA 4.4

On 06/21/2016 10:48 AM, Martin Basti wrote: Exported from zanata. Patch attached. I found no problem when building from master branch with the updated translations. ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] Questions re. 3rd party certificates

Hi, I am working on the following issues and I have questions re. 3rd party certificates: - https://fedorahosted.org/freeipa/ticket/4785 ipa-server-certinstall tracks the 3rd party cert it installs with certmonger - https://fedorahosted.org/freeipa/ticket/4786 ipa-server-certinstall does not

[Freeipa-devel] [PATCH 0018][Tests] Fix some of the failing tests in test_ipalib/test_frontend.py

Hi, attaching patch with fix for a few failing tests in ipatests/test_ipalib/test_frontend.py. Lenka From 31c7c0f792820aedb4429f8a9a4766653f7fa52c Mon Sep 17 00:00:00 2001 From: Lenka Doudova Date: Tue, 21 Jun 2016 08:17:17 +0200 Subject: [PATCH] Tests: Fix failing

Re: [Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone

On 20.6.2016 19:15, Martin Basti wrote: > > > On 20.06.2016 18:32, Petr Spacek wrote: >> On 20.6.2016 18:05, Martin Basti wrote: >>> >>> On 20.06.2016 16:57, Petr Spacek wrote: Hello, DNS: Warn about restart when default TTL setting DNS is changed bind-dyndb-ldap 10.0

Re: [Freeipa-devel] [PATCH] 0069 renew_ca_cert: bootstrap api with in_server=True

On 06/21/2016 09:40 AM, Jan Cholasta wrote: > On 21.6.2016 09:35, Petr Vobornik wrote: >> On 06/21/2016 08:31 AM, Jan Cholasta wrote: >>> On 17.6.2016 16:30, Petr Vobornik wrote: I'm not sure if following is related to thin client or other work, but it should be looked at. Feel free

Re: [Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate

On 21.6.2016 09:40, Pavel Vomacka wrote: On 06/21/2016 08:34 AM, David Kupka wrote: On 21/06/16 07:19, Jan Cholasta wrote: On 20.6.2016 15:31, Jan Cholasta wrote: On 20.6.2016 09:54, Jan Cholasta wrote: On 15.6.2016 12:33, Jan Cholasta wrote: On 14.6.2016 11:44, Jan Cholasta wrote: On

Re: [Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate

On 06/21/2016 08:34 AM, David Kupka wrote: On 21/06/16 07:19, Jan Cholasta wrote: On 20.6.2016 15:31, Jan Cholasta wrote: On 20.6.2016 09:54, Jan Cholasta wrote: On 15.6.2016 12:33, Jan Cholasta wrote: On 14.6.2016 11:44, Jan Cholasta wrote: On 21.4.2016 09:11, Jan Cholasta wrote: On

Re: [Freeipa-devel] [PATCH] 0069 renew_ca_cert: bootstrap api with in_server=True

On 21.6.2016 09:35, Petr Vobornik wrote: On 06/21/2016 08:31 AM, Jan Cholasta wrote: On 17.6.2016 16:30, Petr Vobornik wrote: I'm not sure if following is related to thin client or other work, but it should be looked at. Feel free to open different ticket for it. I was doing some testing

Re: [Freeipa-devel] [PATCH] 0069 renew_ca_cert: bootstrap api with in_server=True

On 06/21/2016 08:31 AM, Jan Cholasta wrote: > On 17.6.2016 16:30, Petr Vobornik wrote: >> >> I'm not sure if following is related to thin client or other work, but >> it should be looked at. Feel free to open different ticket for it. >> >> I was doing some testing yesterday and this was in audit:

Re: [Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate

On 21/06/16 07:19, Jan Cholasta wrote: On 20.6.2016 15:31, Jan Cholasta wrote: On 20.6.2016 09:54, Jan Cholasta wrote: On 15.6.2016 12:33, Jan Cholasta wrote: On 14.6.2016 11:44, Jan Cholasta wrote: On 21.4.2016 09:11, Jan Cholasta wrote: On 6.4.2016 15:46, Pavel Vomacka wrote: On

Re: [Freeipa-devel] [PATCH] 0069 renew_ca_cert: bootstrap api with in_server=True

On 17.6.2016 16:30, Petr Vobornik wrote: On 17.6.2016 08:53, Fraser Tweedale wrote: On Fri, Jun 17, 2016 at 08:35:45AM +0200, Jan Cholasta wrote: Hi, On 17.6.2016 06:55, Fraser Tweedale wrote: Attached patch fixes https://fedorahosted.org/freeipa/ticket/5968 This should be fixed for all

Re: [Freeipa-devel] [PATCH 0047] Fix uninitialized variables in replicainstall

On 06/16/2016 10:16 AM, Stanislav Laznicka wrote: Hello, There was a possible use of uninitialized variables in replicainstall. Discard the patch, Martin sent the same patch yesterday but Honza seems to have already taken care of it. -- Manage your subscription for the Freeipa-devel

[Freeipa-devel] [PATCH] 0072..0075 Lightweight CA renewal

The attached patches add lightweight CA renewal. There are two substantive aspects: 1. The renew_ca_cert updates the serial number in the lightweight CA's entry in the Dogtag database. This causes CA clones to observe the renewal and update the certs in their own NSSDBs. 2. The ipa-certupdate