[Freeipa-devel] [freeipa PR#49] Don't show error messages in bash completion (+ack)

tomaskrizek's pull request #49: "Don't show error messages in bash completion" label *ack* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/49 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [freeipa PR#49] Don't show error messages in bash completion (comment)

dkupka commented on a pull request """ Works for me. There is nothing better we can do with current bash completion code. """ See the full comment at https://github.com/freeipa/freeipa/pull/49#issuecomment-244298348 -- Manage your subscription for the Freeipa-devel mailing list: https://www.re

Re: [Freeipa-devel] [PATCH] 0014

On 1.9.2016 19:37, Tomas Krizek wrote: On 09/01/2016 03:58 PM, Florence Blanc-Renaud wrote: Hi, please find attached a patch for ipa-certupdate in CA-less deployment. https://fedorahosted.org/freeipa/ticket/6288 Flo. The patch is malformed, but you can simply delete the very first characte

Re: [Freeipa-devel] [PATCH] 0014

On 2.9.2016 05:22, Fraser Tweedale wrote: > On Thu, Sep 01, 2016 at 07:37:53PM +0200, Tomas Krizek wrote: >> On 09/01/2016 03:58 PM, Florence Blanc-Renaud wrote: >>> Hi, >>> >>> please find attached a patch for ipa-certupdate in CA-less deployment. >>> https://fedorahosted.org/freeipa/ticket/6288 >

Re: [Freeipa-devel] [PATCH] 0014

On Thu, Sep 01, 2016 at 07:37:53PM +0200, Tomas Krizek wrote: > On 09/01/2016 03:58 PM, Florence Blanc-Renaud wrote: > > Hi, > > > > please find attached a patch for ipa-certupdate in CA-less deployment. > > https://fedorahosted.org/freeipa/ticket/6288 > > > > Flo. > > > > > > > The patch is m

Re: [Freeipa-devel] [DESIGN] Text-based rules for CSR autogeneration using Jinja2

On 07/27/2016 02:42 PM, Ben Lipton wrote: On 07/21/2016 11:43 AM, Petr Spacek wrote: Besides this nit, http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation/Mapping_Rules#Planned_implementation sounds reasonable. I like how it prevents bad data from template-injection. That'

Re: [Freeipa-devel] [PATCH] 0014

On 09/01/2016 03:58 PM, Florence Blanc-Renaud wrote: Hi, please find attached a patch for ipa-certupdate in CA-less deployment. https://fedorahosted.org/freeipa/ticket/6288 Flo. The patch is malformed, but you can simply delete the very first character to fix it. Other than that, patch wo

[Freeipa-devel] Announcing FreeIPA 4.4.1

The FreeIPA team would like to announce FreeIPA v4.4.1 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 24 will be available in the official COPR repository . == Highlights in 4.4.1 == =

[Freeipa-devel] [freeipa PR#46] Always fetch forest info from root DCs when establishing two-way trust (synchronize)

martbab's pull request #46: "Always fetch forest info from root DCs when establishing two-way trust" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/46 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfr

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

On Thu, 2016-09-01 at 17:48 +0200, Standa Laznicka wrote: > If an admin wants the capabilities of time rules then they should just > upgrade the clients. If that is a problem, it's their choice. They can > either create a special host group for those clients that just won't > upgrade or just revok

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

On 09/01/2016 05:18 PM, Simo Sorce wrote: On Thu, 2016-09-01 at 16:35 +0200, Standa Laznicka wrote: On 09/01/2016 03:06 PM, Simo Sorce wrote: On Thu, 2016-09-01 at 14:09 +0200, Standa Laznicka wrote: The class ipaHBACRuleV2 is dynamically switched to from ipaHBACRule upon addition of a time ru

[Freeipa-devel] [freeipa PR#49] Don't show error messages in bash completion (opened)

tomaskrizek's pull request #49: "Don't show error messages in bash completion" was opened PR body: """ Redirect bash error output to prevent displaying error messages in bash completion for ipa command. https://fedorahosted.org/freeipa/ticket/6273 """ See the full pull-request at https://github

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

On Thu, 2016-09-01 at 16:35 +0200, Standa Laznicka wrote: > On 09/01/2016 03:06 PM, Simo Sorce wrote: > > On Thu, 2016-09-01 at 14:09 +0200, Standa Laznicka wrote: > >> The class ipaHBACRuleV2 is dynamically switched to from ipaHBACRule > >> upon > >> addition of a time rule to a certain HBAC rule.

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

On 09/01/2016 03:06 PM, Simo Sorce wrote: On Thu, 2016-09-01 at 14:09 +0200, Standa Laznicka wrote: The class ipaHBACRuleV2 is dynamically switched to from ipaHBACRule upon addition of a time rule to a certain HBAC rule. Honestly I am against this. If you really want the two objects to be inco

[Freeipa-devel] [bind-dyndb-ldap PR#1] [WIP] Port bind-dyndb-ldap to BIND 9.11 (synchronize)

pspacek's pull request #1: "[WIP] Port bind-dyndb-ldap to BIND 9.11" was synchronize See the full pull-request at https://github.com/freeipa/bind-dyndb-ldap/pull/1 ... or pull the PR as Git branch: git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap git fetch ghbind-dyndb-

[Freeipa-devel] [PATCH] Bump master IPA devel version to 4.4.90

Pushed under oneliner rule Pushed to master: 371254fc4b36cb4d89351edb19c88a85e5a33a1b From 17553b8e5d4a58fda8e9f8ad6427366e17aedb29 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 1 Sep 2016 16:20:41 +0200 Subject: [PATCH] Bump master IPA devel version to 4.4.90 --- VERSION | 2 +- 1

[Freeipa-devel] [PATCH] 0014

Hi, please find attached a patch for ipa-certupdate in CA-less deployment. https://fedorahosted.org/freeipa/ticket/6288 Flo. >From c09f7b9282f82aba28d241be86e773e3b748cd09 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 1 Sep 2016 15:53:38 +0200 Subject: [PATCH] Fix ipa-certupd

[Freeipa-devel] [bind-dyndb-ldap PR#1] [WIP] Port bind-dyndb-ldap to BIND 9.11 (synchronize)

pspacek's pull request #1: "[WIP] Port bind-dyndb-ldap to BIND 9.11" was synchronize See the full pull-request at https://github.com/freeipa/bind-dyndb-ldap/pull/1 ... or pull the PR as Git branch: git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap git fetch ghbind-dyndb-

[Freeipa-devel] [freeipa PR#48] [4.4] Set zanata project-version fo 4.4 branch (opened)

mbasti-rh's pull request #48: "[4.4] Set zanata project-version fo 4.4 branch" was opened PR body: """ """ See the full pull-request at https://github.com/freeipa/freeipa/pull/48 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pu

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

On 09/01/2016 02:14 PM, Petr Spacek wrote: On 1.9.2016 14:09, Standa Laznicka wrote: On 09/01/2016 01:26 PM, Standa Laznicka wrote: On 08/31/2016 12:57 PM, Petr Spacek wrote: On 31.8.2016 12:42, Standa Laznicka wrote: On 08/30/2016 03:34 PM, Simo Sorce wrote: On Tue, 2016-08-30 at 08:47 +020

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

On Thu, 2016-09-01 at 14:09 +0200, Standa Laznicka wrote: > The class ipaHBACRuleV2 is dynamically switched to from ipaHBACRule > upon > addition of a time rule to a certain HBAC rule. Honestly I am against this. If you really want the two objects to be incompatible then you tell the admin he c

[Freeipa-devel] [freeipa PR#47] schema cache: Store and check info for pre-schema servers (opened)

dkupka's pull request #47: "schema cache: Store and check info for pre-schema servers" was opened PR body: """ Cache CommandError answer to schema command to avoid sending the command to pre-schema servers every time. This information expires after some time (1 hour) in order to start using schem

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

On 1.9.2016 14:09, Standa Laznicka wrote: > On 09/01/2016 01:26 PM, Standa Laznicka wrote: >> On 08/31/2016 12:57 PM, Petr Spacek wrote: >>> On 31.8.2016 12:42, Standa Laznicka wrote: On 08/30/2016 03:34 PM, Simo Sorce wrote: > On Tue, 2016-08-30 at 08:47 +0200, Standa Laznicka wrote:

[Freeipa-devel] [freeipa PR#46] Always fetch forest info from root DCs when establishing two-way trust (comment)

abbra commented on a pull request """ The change is incomplete: we need also to handle oddjobd helper because it directly calls to dcerpc.fetch_domains() with explicitly set trusted domain name. """ See the full comment at https://github.com/freeipa/freeipa/pull/46#issuecomment-244059726 -- M

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

On 09/01/2016 01:26 PM, Standa Laznicka wrote: On 08/31/2016 12:57 PM, Petr Spacek wrote: On 31.8.2016 12:42, Standa Laznicka wrote: On 08/30/2016 03:34 PM, Simo Sorce wrote: On Tue, 2016-08-30 at 08:47 +0200, Standa Laznicka wrote: On 08/26/2016 05:37 PM, Simo Sorce wrote: On Fri, 2016-08-2

[Freeipa-devel] [freeipa PR#42] Tests: Avoid skipping tests due to missing files (comment)

mbasti-rh commented on a pull request """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/72d7193ce226eed0e84420cd78bd87cceaf935a9 ipa-4-3: https://fedorahosted.org/freeipa/changeset/d472d26fc06dfe192a5385e620f4c30ca3dcf1be """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#42] Tests: Avoid skipping tests due to missing files (closed)

mirielka's pull request #42: "Tests: Avoid skipping tests due to missing files" was closed See the full pull-request at https://github.com/freeipa/freeipa/pull/42 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/42/head:pr42 gi

[Freeipa-devel] [freeipa PR#42] Tests: Avoid skipping tests due to missing files (+pushed)

mirielka's pull request #42: "Tests: Avoid skipping tests due to missing files" label *pushed* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/42 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-de

[Freeipa-devel] [freeipa PR#46] Always fetch forest info from root DCs when establishing two-way trust (opened)

martbab's pull request #46: "Always fetch forest info from root DCs when establishing two-way trust" was opened PR body: """ Prior To Windows Server 2012R2, the `netr_DsRGetForestTrustInformation` calls performed against non-root forest domain DCs were automatically routed to the root domain DCs

[Freeipa-devel] [freeipa PR#34] dns: prompt for missing record parts in CLI (comment)

mbasti-rh commented on a pull request """ Fix works for me partially, it fixes issues reported in ticket. Do you want to open new ticket for this or should it be part of this ticket? Expected: ``` [root@vm-058-080 ~]# ipa dnsrecord-add test. rec Please choose a type of DNS resource record to be

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

On 08/31/2016 12:57 PM, Petr Spacek wrote: On 31.8.2016 12:42, Standa Laznicka wrote: On 08/30/2016 03:34 PM, Simo Sorce wrote: On Tue, 2016-08-30 at 08:47 +0200, Standa Laznicka wrote: On 08/26/2016 05:37 PM, Simo Sorce wrote: On Fri, 2016-08-26 at 11:26 -0400, Simo Sorce wrote: On Fri, 201

[Freeipa-devel] [freeipa PR#44] rpcserver: fix crash in XML-RPC system commands (+pushed)

jcholast's pull request #44: "rpcserver: fix crash in XML-RPC system commands" label *pushed* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/44 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-dev

[Freeipa-devel] [freeipa PR#44] rpcserver: fix crash in XML-RPC system commands (comment)

dkupka commented on a pull request """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/afcb3bd3c32aa33dcd68cd0a2ca85bda677000a8 """ See the full comment at https://github.com/freeipa/freeipa/pull/44#issuecomment-244049974 -- Manage your subscription for the Freeipa-devel maili

[Freeipa-devel] [freeipa PR#23] Time-Based HBAC Policies (comment)

stlaz commented on a pull request """ I pushed the latest changes of the time rules to this pull request. These changes were made according to the discussion on freeipa-devel mailing list, the main change is cutting off some attributes from the ipaHBACRuleV2 objectclass. Please note that python

[Freeipa-devel] [freeipa PR#44] rpcserver: fix crash in XML-RPC system commands (closed)

jcholast's pull request #44: "rpcserver: fix crash in XML-RPC system commands" was closed See the full pull-request at https://github.com/freeipa/freeipa/pull/44 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/44/head:pr44 git

[Freeipa-devel] [freeipa PR#45] custodia: force reconnect before retrieving CA certs from LDAP (closed)

jcholast's pull request #45: "custodia: force reconnect before retrieving CA certs from LDAP" was closed See the full pull-request at https://github.com/freeipa/freeipa/pull/45 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4

[Freeipa-devel] [freeipa PR#45] custodia: force reconnect before retrieving CA certs from LDAP (comment)

mbasti-rh commented on a pull request """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/17ea4ae6b9007e121ae1ea7748643394fec84ad7 """ See the full comment at https://github.com/freeipa/freeipa/pull/45#issuecomment-244048121 -- Manage your subscription for the Freeipa-devel ma

[Freeipa-devel] [freeipa PR#45] custodia: force reconnect before retrieving CA certs from LDAP (+pushed)

jcholast's pull request #45: "custodia: force reconnect before retrieving CA certs from LDAP" label *pushed* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/45 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listi

[Freeipa-devel] [freeipa PR#23] Time-Based HBAC Policies (synchronize)

stlaz's pull request #23: "Time-Based HBAC Policies" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/23 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/23/head:pr23 git checkout pr23 From 50

[Freeipa-devel] [freeipa PR#42] Tests: Avoid skipping tests due to missing files (+ack)

mirielka's pull request #42: "Tests: Avoid skipping tests due to missing files" label *ack* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/42 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [freeipa PR#45] custodia: force reconnect before retrieving CA certs from LDAP (+ack)

jcholast's pull request #45: "custodia: force reconnect before retrieving CA certs from LDAP" label *ack* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/45 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo

[Freeipa-devel] [freeipa PR#44] rpcserver: fix crash in XML-RPC system commands (+ack)

jcholast's pull request #44: "rpcserver: fix crash in XML-RPC system commands" label *ack* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/44 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [freeipa PR#45] custodia: force reconnect before retrieving CA certs from LDAP (opened)

jcholast's pull request #45: "custodia: force reconnect before retrieving CA certs from LDAP" was opened PR body: """ Force reconnect to LDAP as DS might have been restarted after the connection was opened, rendering the connection invalid. This fixes a crash in ipa-replica-install with --setup-

[Freeipa-devel] [freeipa PR#44] rpcserver: fix crash in XML-RPC system commands (opened)

jcholast's pull request #44: "rpcserver: fix crash in XML-RPC system commands" was opened PR body: """ Fix an AttributeError in XML-RPC methodSignature and methodHelp commands caused by incorrect mangled name usage. https://fedorahosted.org/freeipa/ticket/6217 """ See the full pull-request at h

[Freeipa-devel] [freeipa PR#42] Tests: Avoid skipping tests due to missing files (synchronize)

mirielka's pull request #42: "Tests: Avoid skipping tests due to missing files" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/42 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/42/head:pr