Re: [Freeipa-devel] [PATCH] 0004 Report missing certificate in external trust chain

2016-06-22 Thread Jan Cholasta
On 2.6.2016 12:38, Florence Blanc-Renaud wrote: Hi, thanks to Jan and Fraser for the review and the suggested error message. Please find the updated patch attached. Flo. On 06/02/2016 08:55 AM, Fraser Tweedale wrote: On Thu, Jun 02, 2016 at 07:54:31AM +0200, Jan Cholasta wrote: Hi, On

Re: [Freeipa-devel] [PATCH 0019][Tests] Fix for failing location tests

2016-06-22 Thread Lenka Doudova
On 06/22/2016 05:11 PM, Lenka Doudova wrote: On 06/22/2016 04:37 PM, Lenka Doudova wrote: On 06/22/2016 08:33 AM, Martin Basti wrote: On 22.06.2016 07:37, Lenka Doudova wrote: On 06/21/2016 06:57 PM, Martin Basti wrote: On 21.06.2016 15:39, Lenka Doudova wrote: Hi,

Re: [Freeipa-devel] [PATCH 0014-0016][Tests] Authentication indicators

2016-06-22 Thread Lenka Doudova
Bump for review. Thanks. On 06/16/2016 03:23 PM, Lenka Doudova wrote: Hi, attached are tests for authentication indicators. Please note: 1. newly created service tracker is not exactly complete, list of unimplemented methods is in doc. These methods can be filled in when existing

Re: [Freeipa-devel] [PATCH] 0156 extdom: add certificate request

2016-06-22 Thread Lukas Slebodnik
On (22/06/16 11:57), Martin Basti wrote: > > >On 09.06.2016 21:02, Martin Basti wrote: >> >> >> On 09.06.2016 14:45, Martin Basti wrote: >> > >> > >> > On 09.06.2016 14:42, Martin Basti wrote: >> > > >> > > >> > > On 09.06.2016 14:38, Lukas Slebodnik wrote: >> > > > On (09/06/16 14:29),

[Freeipa-devel] [PATCH] 0007 Fix ipa-server-certinstall with certs signed by 3rd-party CA

2016-06-22 Thread Florence Blanc-Renaud
Hi, This patch fixes ipa-server-certinstall when used with 3rd-party certs. The scenario is the following: - install the server with an embedded CA - use ipa-cacert-manage to install a 3rd party CA - use ipa-certupdate to put the 3rd party CA cert in the relevant NSS databases (/etc/ipa/nssdb

Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree

2016-06-22 Thread Alexander Bokovoy
On Wed, 22 Jun 2016, thierry bordaz wrote: I think FreeIPA also needs to raise dependency to slapi-nis >= 0.56.0 for this. Testing with slapi-nis 0.56.0-2, successful update of password from compat tree users. Great, ACK! From 034a07211de4d11c6cb998676cc5f7439af981c6 Mon Sep 17

Re: [Freeipa-devel] [PATCHES 0069-0077] support for proper Kerberos principal canonicalization

2016-06-22 Thread Simo Sorce
On Wed, 2016-06-22 at 18:36 +0200, Martin Babinsky wrote: > On 06/22/2016 06:26 PM, Simo Sorce wrote: > > On Wed, 2016-06-22 at 09:46 +0200, Martin Babinsky wrote: > >> On 10/05/2015 03:00 PM, Martin Babinsky wrote: > >>> These patches implement the plumbing required to properly support > >>>

Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree

2016-06-22 Thread thierry bordaz
On 06/20/2016 08:27 PM, Alexander Bokovoy wrote: On Tue, 14 Jun 2016, thierry bordaz wrote: From ac6c0617f618fc609df93dc18ec25255484b533d Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Fri, 10 Jun 2016 15:34:40 +0200 Subject: [PATCH] ipapwd_extop should use TARGET_DN

Re: [Freeipa-devel] [PATCHES 0069-0077] support for proper Kerberos principal canonicalization

2016-06-22 Thread Martin Babinsky
On 06/22/2016 06:26 PM, Simo Sorce wrote: On Wed, 2016-06-22 at 09:46 +0200, Martin Babinsky wrote: On 10/05/2015 03:00 PM, Martin Babinsky wrote: These patches implement the plumbing required to properly support canonicalization of Kerberos principals (

Re: [Freeipa-devel] [PATCHES 0069-0077] support for proper Kerberos principal canonicalization

2016-06-22 Thread Simo Sorce
On Wed, 2016-06-22 at 09:46 +0200, Martin Babinsky wrote: > On 10/05/2015 03:00 PM, Martin Babinsky wrote: > > These patches implement the plumbing required to properly support > > canonicalization of Kerberos principals ( > > https://fedorahosted.org/freeipa/ticket/3864). > > > > Setting multiple

Re: [Freeipa-devel] [PATCH] 0022 Topology plugins sigsev/heap corruption when adding a managed host

2016-06-22 Thread Martin Basti
On 22.06.2016 17:39, Ludwig Krispenz wrote: ACK. good catch, the fix is correct and hopefully fixes the heap corruption issues On 06/22/2016 05:30 PM, thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/5977 -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat:

Re: [Freeipa-devel] [PATCH 0046] Don't fail in find/show methods if userCertificate is invalid

2016-06-22 Thread Martin Basti
On 10.06.2016 13:25, Stanislav Laznicka wrote: On 06/09/2016 04:32 PM, Rob Crittenden wrote: Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 03:07:34PM +0200, Martin Basti wrote: On 09.06.2016 15:03, Martin Basti wrote: On 09.06.2016 15:02, Stanislav Laznicka wrote: On 06/09/2016 02:51 PM,

Re: [Freeipa-devel] [PATCH] 0022 Topology plugins sigsev/heap corruption when adding a managed host

2016-06-22 Thread Ludwig Krispenz
ACK. good catch, the fix is correct and hopefully fixes the heap corruption issues On 06/22/2016 05:30 PM, thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/5977 -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht

[Freeipa-devel] [PATCH] 0022 Topology plugins sigsev/heap corruption when adding a managed host

2016-06-22 Thread thierry bordaz
https://fedorahosted.org/freeipa/ticket/5977 >From e84b475fd863b3dff0af6bcf3b2cb3840bcca1e6 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 22 Jun 2016 16:36:15 +0200 Subject: [PATCH] Topology plugins sigsev/heap corruption when adding a managed

Re: [Freeipa-devel] [PATCH 0163] server-del: handle missing server attributes when checking for last of role

2016-06-22 Thread Martin Basti
On 22.06.2016 15:47, Martin Babinsky wrote: On 06/22/2016 03:29 PM, Martin Babinsky wrote: On 06/22/2016 03:13 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5960 self-NACK, this check needs some more hardening. This patch should fix the issue in more thorough

Re: [Freeipa-devel] [PATCH 0019][Tests] Fix for failing location tests

2016-06-22 Thread Lenka Doudova
On 06/22/2016 04:37 PM, Lenka Doudova wrote: On 06/22/2016 08:33 AM, Martin Basti wrote: On 22.06.2016 07:37, Lenka Doudova wrote: On 06/21/2016 06:57 PM, Martin Basti wrote: On 21.06.2016 15:39, Lenka Doudova wrote: Hi, attaching patch for failing location tests

Re: [Freeipa-devel] [PATCH 0019][Tests] Fix for failing location tests

2016-06-22 Thread Lenka Doudova
On 06/22/2016 08:33 AM, Martin Basti wrote: On 22.06.2016 07:37, Lenka Doudova wrote: On 06/21/2016 06:57 PM, Martin Basti wrote: On 21.06.2016 15:39, Lenka Doudova wrote: Hi, attaching patch for failing location tests (ipatests/test_xmlrpc/test_location_plugin.py). Lenka

[Freeipa-devel] [PATCH 0049] Fix host principal password required in ipa-ca-install

2016-06-22 Thread Stanislav Laznicka
Hello, Please see the patch attached that fixes the issue from https://fedorahosted.org/freeipa/ticket/5965. The patch took me quite a while to create as I thought something was wrong with the SshExec class which actually was where the password was required. The fact is that should

Re: [Freeipa-devel] [PATCH 0163] server-del: handle missing server attributes when checking for last of role

2016-06-22 Thread Martin Babinsky
On 06/22/2016 03:13 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5960 self-NACK, this check needs some more hardening. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH 0163] server-del: handle missing server attributes when checking for last of role

2016-06-22 Thread Martin Babinsky
https://fedorahosted.org/freeipa/ticket/5960 -- Martin^3 Babinsky From b4268f342f27a15156f6bb83c8fb971998c9221c Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Wed, 22 Jun 2016 15:08:43 +0200 Subject: [PATCH] server-del: handle missing server attributes when checking

Re: [Freeipa-devel] [PATCH] 0156 extdom: add certificate request

2016-06-22 Thread Martin Basti
On 09.06.2016 21:02, Martin Basti wrote: On 09.06.2016 14:45, Martin Basti wrote: On 09.06.2016 14:42, Martin Basti wrote: On 09.06.2016 14:38, Lukas Slebodnik wrote: On (09/06/16 14:29), Martin Basti wrote: On 09.06.2016 14:22, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Jakub

Re: [Freeipa-devel] [PATCHES 0069-0077] support for proper Kerberos principal canonicalization

2016-06-22 Thread Martin Babinsky
On 10/05/2015 03:00 PM, Martin Babinsky wrote: These patches implement the plumbing required to properly support canonicalization of Kerberos principals ( https://fedorahosted.org/freeipa/ticket/3864). Setting multiple principal aliases on hosts/services is beyond the scope of this patchset and

Re: [Freeipa-devel] [PATCH 0019][Tests] Fix for failing location tests

2016-06-22 Thread Martin Basti
On 22.06.2016 07:37, Lenka Doudova wrote: On 06/21/2016 06:57 PM, Martin Basti wrote: On 21.06.2016 15:39, Lenka Doudova wrote: Hi, attaching patch for failing location tests (ipatests/test_xmlrpc/test_location_plugin.py). Lenka Hello, 1) +

[Freeipa-devel] Updated External EPEL CentOS 7 COPR builds are now available . . .

2016-06-22 Thread Matthew Harmsen
An updated external EPEL CentOS 7 COPR repo is now available which contains Dogtag 10.3.3 builds: * https://copr.fedorainfracloud.org/coprs/g/pki/10.3.3/repo/epel-7/group_pki-10.3.3-epel-7.repo [group_pki-10.3.3] name=Copr repo for 10.3.3 owned by @pki