[Freeipa-devel] [PATCH] spec: require Dogtag >= 10.3.3-3

On Thu, Jul 07, 2016 at 01:16:04PM +0200, Petr Spacek wrote: > Hello, > > IPA 4.4.0 requires Dogtag >= 10.3.4. Is this version going to be built for > Fedora any time soon? > > Or should I update my scripts to automatically enable > COPR @freeipa/freeipa-master > in my testing VMs? > > Thanks.

Re: [Freeipa-devel] [patch 0038-0040] Sub CA test patches

On Thu, Jul 07, 2016 at 03:46:52PM +0200, Milan Kubík wrote: > On 07/04/2016 08:57 AM, Fraser Tweedale wrote: > > Hi Milan, > > > > Yes, we can :) Two issues, outlined below. > > > > > > 1) > > Running the tests, I get error in > > test_create_subca_with_subject_conflict cleanup:: > > > >

Re: [Freeipa-devel] Proposed patch to resolve #828866 [RFE] enhance --subject option for ipa-server-install

On Thu, Jul 07, 2016 at 04:10:51PM +0200, Sebastian Hetze wrote: > > > On 07/07/2016 03:16 PM, Rob Crittenden wrote: > > Sebastian Hetze wrote: > >> Hi * > >> > >> attached you find a patch that adds new options --subject_cn and > >> --subject_mail to ipa-server-install that make the CA cert

Re: [Freeipa-devel] [PATCH] 0001: Silence sshd messages during install

Thanks for the review! Comments below. On 07/01/2016 07:42 AM, Martin Basti wrote: On 29.06.2016 20:46, Ben Lipton wrote: The attached patch silences some annoying messages I've been getting when upgrading the freeipa-client package on F24: """ WARNING: 'UseLogin yes' is not supported in

Re: [Freeipa-devel] [PATCH] 0010 Show full error message for selinuxusermap-add-hostgroup

On 07/07/2016 01:23 PM, Petr Vobornik wrote: On 07/05/2016 02:38 PM, Florence Blanc-Renaud wrote: Hi, the output of ipa selinuxusermap-add-hostgroup and selinuxusermap-add-user does not display any more the host/host group or user/group that could not be added. This patch fixes this regression

Re: [Freeipa-devel] Proposed patch to resolve #828866 [RFE] enhance --subject option for ipa-server-install

On 07/07/2016 03:16 PM, Rob Crittenden wrote: > Sebastian Hetze wrote: >> Hi * >> >> attached you find a patch that adds new options --subject_cn and >> --subject_mail to ipa-server-install that make the CA cert subject CN >> customizable. >> >> This patch has been tested by a customer in a PoC.

Re: [Freeipa-devel] Proposed patch to resolve #828866 [RFE] enhance --subject option for ipa-server-install

On 07/07/2016 03:16 PM, Rob Crittenden wrote: Sebastian Hetze wrote: Hi * attached you find a patch that adds new options --subject_cn and --subject_mail to ipa-server-install that make the CA cert subject CN customizable. This patch has been tested by a customer in a PoC. However, i assume

Re: [Freeipa-devel] [patch 0038-0040] Sub CA test patches

On 07/04/2016 08:57 AM, Fraser Tweedale wrote: Hi Milan, Yes, we can :) Two issues, outlined below. 1) Running the tests, I get error in test_create_subca_with_subject_conflict cleanup:: ERROR at teardown of TestCAbasicCRUD.test_create_subca_with_subject_conflict

Re: [Freeipa-devel] IPA clients in AD DNS domain & Kerberos referrals

On Thu, 07 Jul 2016, Petr Spacek wrote: Hello, this is probably a silly idea ... I wonder if there is some way to use Kerberos referrals on AD side in a way which would return cross-realm referral to IPA realm. Maybe it could be used in Frankenstein setup where IPA client belongs to a DNS

[Freeipa-devel] IPA clients in AD DNS domain & Kerberos referrals

Hello, this is probably a silly idea ... I wonder if there is some way to use Kerberos referrals on AD side in a way which would return cross-realm referral to IPA realm. Maybe it could be used in Frankenstein setup where IPA client belongs to a DNS domain managed by AD ... I do not know, just

Re: [Freeipa-devel] Proposed patch to resolve #828866 [RFE] enhance --subject option for ipa-server-install

Sebastian Hetze wrote: Hi * attached you find a patch that adds new options --subject_cn and --subject_mail to ipa-server-install that make the CA cert subject CN customizable. This patch has been tested by a customer in a PoC. However, i assume additional testing in different environments is

Re: [Freeipa-devel] [PATCH 0017] Added fix for correct IPA backup file name

Abhijeet Kasurde wrote: Hi Florence, On 07/07/2016 03:30 PM, Florence Blanc-Renaud wrote: On 07/07/2016 10:58 AM, Abhijeet Kasurde wrote: Hi All, Please review the patch. Fixes : https://fedorahosted.org/freeipa/ticket/6031 -- Thanks, Abhijeet Kasurde IRC: akasurde

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

On 01.07.2016 13:25, Petr Spacek wrote: On 1.7.2016 11:43, Petr Spacek wrote: On 1.7.2016 11:17, Petr Spacek wrote: On 1.7.2016 11:04, Christian Heimes wrote: On 2016-07-01 10:59, Petr Spacek wrote: On 1.7.2016 10:55, Christian Heimes wrote: On 2016-07-01 10:48, Petr Spacek wrote: On

Re: [Freeipa-devel] [PATCH] kdb: check for local realm in enterprise principals

On 7.7.2016 13:52, Sumit Bose wrote: > On Thu, Jul 07, 2016 at 01:31:03PM +0200, Petr Vobornik wrote: >> On 07/06/2016 07:01 PM, Sumit Bose wrote: >>> Hi, >>> >>> although enterprise principals for trusted domains now are working as >>> expected they do not work for the local domain: >>> >>> #

Re: [Freeipa-devel] [PATCH] kdb: check for local realm in enterprise principals

On Thu, Jul 07, 2016 at 01:31:03PM +0200, Petr Vobornik wrote: > On 07/06/2016 07:01 PM, Sumit Bose wrote: > > Hi, > > > > although enterprise principals for trusted domains now are working as > > expected they do not work for the local domain: > > > > # kinit -E admin@IPA.DEVEL > >

Re: [Freeipa-devel] [PATCH] kdb: check for local realm in enterprise principals

On 07/06/2016 07:01 PM, Sumit Bose wrote: Hi, although enterprise principals for trusted domains now are working as expected they do not work for the local domain: # kinit -E admin@IPA.DEVEL kinit: Client 'admin\@IPA.DEVEL@IPA.DEVEL' not found in Kerberos database while getting

Re: [Freeipa-devel] [PATCH] 0010 Show full error message for selinuxusermap-add-hostgroup

On 07/05/2016 02:38 PM, Florence Blanc-Renaud wrote: Hi, the output of ipa selinuxusermap-add-hostgroup and selinuxusermap-add-user does not display any more the host/host group or user/group that could not be added. This patch fixes this regression by adding the labels

[Freeipa-devel] Dogtag 10.3.4 in Fedora 24?

Hello, IPA 4.4.0 requires Dogtag >= 10.3.4. Is this version going to be built for Fedora any time soon? Or should I update my scripts to automatically enable COPR @freeipa/freeipa-master in my testing VMs? Thanks. Petr^2 Spacek > commit 45daffa22fcc6c481a8302f1947a5e0ded0b3eb8 > CommitDate:

Re: [Freeipa-devel] [PATCH 0017] Added fix for correct IPA backup file name

Hi Florence, On 07/07/2016 03:30 PM, Florence Blanc-Renaud wrote: On 07/07/2016 10:58 AM, Abhijeet Kasurde wrote: Hi All, Please review the patch. Fixes : https://fedorahosted.org/freeipa/ticket/6031 -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io Hi Abhijeet,

[Freeipa-devel] Proposed patch to resolve #828866 [RFE] enhance --subject option for ipa-server-install

Hi * attached you find a patch that adds new options --subject_cn and --subject_mail to ipa-server-install that make the CA cert subject CN customizable. This patch has been tested by a customer in a PoC. However, i assume additional testing in different environments is required. It would be

Re: [Freeipa-devel] [PATCH 0017] Added fix for correct IPA backup file name

On 07/07/2016 10:58 AM, Abhijeet Kasurde wrote: Hi All, Please review the patch. Fixes : https://fedorahosted.org/freeipa/ticket/6031 -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io Hi Abhijeet, thanks for your patch. I have a comment though: if the filename is

Re: [Freeipa-devel] [Testplan] Support of UPN for trusted domains

On Fri, May 27, 2016 at 11:24:24AM +0300, Alexander Bokovoy wrote: > On Fri, 27 May 2016, Sumit Bose wrote: > > On Fri, May 27, 2016 at 09:57:37AM +0200, Lenka Doudova wrote: > > > Hi all, > > > > > > > > > here [1] is a draft of test plan for V4 RFE Support of UPN for trusted > > > domains. > >

[Freeipa-devel] [PATCH 0017] Added fix for correct IPA backup file name

Hi All, Please review the patch. Fixes : https://fedorahosted.org/freeipa/ticket/6031 -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io From 5cbf144f0157146ef73185b029259f7cdeffb5b9 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Thu, 7 Jul 2016

Re: [Freeipa-devel] [Test][patch-0053] Forced-client-reenrollment test fixed.

Updated version of the patch is attached with the failing tests marked as xfailed (let's make the jenkins green). On 07/04/2016 10:50 PM, Oleg Fayans wrote: 2 out of 7 tests currently fail due to a known issue [1], others pass. [1] https://fedorahosted.org/freeipa/ticket/6029 -- Oleg