Hi,
To ensure new NIS domain name is loaded after ipa-client-install
even in case when nisdomainname service is already running, we
need to restart the service rather than starting it.
https://fedorahosted.org/freeipa/ticket/4393
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity
this as blocker.
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 06/25/2014 11:45 AM, Petr Viktorin wrote:
On 06/24/2014 08:15 PM, Tomas Babej wrote:
Attaching patch 234, which resolves another ACI issue related to trusts.
On 06/24/2014 02:50 PM, Tomas Babej wrote:
Hi,
this is a follow up patch for 232. Read access to additional attributes
On 06/25/2014 04:01 PM, Tomas Babej wrote:
On 06/25/2014 10:48 AM, Petr Viktorin wrote:
On 06/19/2014 03:52 PM, Tomas Babej wrote:
On 06/19/2014 12:52 PM, Tomas Babej wrote:
On 06/18/2014 10:52 AM, Petr Viktorin wrote:
On 06/17/2014 02:15 PM, Tomas Babej wrote:
On 06/17/2014 12:03 PM
On 06/25/2014 04:13 PM, Tomas Babej wrote:
On 06/25/2014 04:01 PM, Tomas Babej wrote:
On 06/25/2014 10:48 AM, Petr Viktorin wrote:
On 06/19/2014 03:52 PM, Tomas Babej wrote:
On 06/19/2014 12:52 PM, Tomas Babej wrote:
On 06/18/2014 10:52 AM, Petr Viktorin wrote:
On 06/17/2014 02:15 PM
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From f1ec7165b433056aafed8c14babf5033c896fde0 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Tue, 17 Jun 2014 17:17:08 +0200
Subject: [PATCH] ipaldap
On 06/25/2014 04:59 PM, Tomas Babej wrote:
On 06/25/2014 04:13 PM, Tomas Babej wrote:
On 06/25/2014 04:01 PM, Tomas Babej wrote:
On 06/25/2014 10:48 AM, Petr Viktorin wrote:
On 06/19/2014 03:52 PM, Tomas Babej wrote:
On 06/19/2014 12:52 PM, Tomas Babej wrote:
On 06/18/2014 10:52 AM
Hi,
this is a follow up patch for 232. Read access to additional attributes
is required for the trust objects.
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 8a0849d4bf59b61715ba7b055e980cc38a9fcd6a Mon Sep 17 00:00
Attaching patch 234, which resolves another ACI issue related to trusts.
On 06/24/2014 02:50 PM, Tomas Babej wrote:
Hi,
this is a follow up patch for 232. Read access to additional attributes
is required for the trust objects.
___
Freeipa-devel
Hi,
this fixes initial findings of trust-after-aci-refactoring
investigation. Consider this effort still WIP (not this patch though).
https://fedorahosted.org/freeipa/ticket/4385
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej
On 06/19/2014 12:52 PM, Tomas Babej wrote:
On 06/18/2014 10:52 AM, Petr Viktorin wrote:
On 06/17/2014 02:15 PM, Tomas Babej wrote:
On 06/17/2014 12:03 PM, Timo Aaltonen wrote:
On 17.06.2014 11:16, Martin Kosek wrote:
Attached is a new version of patch 226, and a new patch 228, which moves
://fedorahosted.org/freeipa/ticket/4203
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 8149018cfb81a3e9ec9cb164617f1875656d9354 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Tue, 17 Jun 2014 15:18:49 +0200
Subject
Hi,
After setting sudoorder, you are unable to unset it, since the
check for uniqueness of order of sudorules is applied incorrectly.
Fix the behaviour and cover it in the test suite.
https://fedorahosted.org/freeipa/ticket/4360
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity
On 06/17/2014 02:44 PM, Petr Spacek wrote:
On 17.6.2014 14:15, Tomas Babej wrote:
On 06/17/2014 12:03 PM, Timo Aaltonen wrote:
On 17.06.2014 11:16, Martin Kosek wrote:
On 06/16/2014 07:50 PM, Petr Viktorin wrote:
On 06/16/2014 02:53 PM, Tomas Babej wrote:
On 06/10/2014 05:07 PM, Petr
On 06/17/2014 03:12 PM, Petr Spacek wrote:
On 17.6.2014 14:50, Tomas Babej wrote:
On 06/17/2014 02:44 PM, Petr Spacek wrote:
On 17.6.2014 14:15, Tomas Babej wrote:
On 06/17/2014 12:03 PM, Timo Aaltonen wrote:
On 17.06.2014 11:16, Martin Kosek wrote:
On 06/16/2014 07:50 PM, Petr Viktorin
/mailman/listinfo/freeipa-devel
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa
On 06/12/2014 10:45 AM, Martin Kosek wrote:
On 06/11/2014 06:49 PM, Nathaniel McCallum wrote:
On Wed, 2014-06-11 at 11:08 +0200, Tomas Babej wrote:
Hi,
As due to possible race conditions, the preop.pin might not be
written in the CS.cfg at the time installer tries to read it.
In case
On 06/12/2014 02:37 PM, Nathaniel McCallum wrote:
On Thu, 2014-06-12 at 13:29 +0200, Tomas Babej wrote:
On 06/12/2014 10:45 AM, Martin Kosek wrote:
On 06/11/2014 06:49 PM, Nathaniel McCallum wrote:
On Wed, 2014-06-11 at 11:08 +0200, Tomas Babej wrote:
Hi,
As due to possible race conditions
On 06/12/2014 04:27 PM, Nathaniel McCallum wrote:
On Thu, 2014-06-12 at 16:20 +0200, Martin Kosek wrote:
On 06/12/2014 03:15 PM, Tomas Babej wrote:
On 06/12/2014 02:37 PM, Nathaniel McCallum wrote:
On Thu, 2014-06-12 at 13:29 +0200, Tomas Babej wrote:
On 06/12/2014 10:45 AM, Martin Kosek
On 06/12/2014 04:45 PM, Nathaniel McCallum wrote:
On Thu, 2014-06-12 at 16:36 +0200, Tomas Babej wrote:
On 06/12/2014 04:27 PM, Nathaniel McCallum wrote:
On Thu, 2014-06-12 at 16:20 +0200, Martin Kosek wrote:
On 06/12/2014 03:15 PM, Tomas Babej wrote:
On 06/12/2014 02:37 PM, Nathaniel
Hi,
As due to possible race conditions, the preop.pin might not be
written in the CS.cfg at the time installer tries to read it.
In case no value for preop.pin was found, retry until timeout
was reached.
https://fedorahosted.org/freeipa/ticket/3382
(applies on ipa-3-0 branch)
--
Tomas Babej
On 05/07/2014 04:37 PM, Petr Vobornik wrote:
On 7.5.2014 16:30, Tomas Babej wrote:
On 05/07/2014 04:26 PM, Petr Vobornik wrote:
On 7.5.2014 16:01, Tomas Babej wrote:
On 05/07/2014 03:47 PM, Petr Vobornik wrote:
krbpasswordexpiration conversion to number of second since epoch
failed
Hi,
the sudo integration job is already in master, so it's time for the job
to be pushed to the upstream test job repository.
Tomas
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From
).
What do you think?
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 67a1908ef2c6eeab382eb435ad4d41536e7d98e3 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 5 May 2014 17:04:27 +0200
Subject
Hi,
this fixes the problem on builders, which do distro-sync while having
freeipa packages present from previous build run.
This causes unnecessary downgrades., which may result into failures (as
now with the smartproxy pushed).
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity
as well, works fine.
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
())
+if exp = time.time():
to this:
+if expiration = datetime.datetime.now()
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
___
Freeipa-devel mailing
On 05/07/2014 04:26 PM, Petr Vobornik wrote:
On 7.5.2014 16:01, Tomas Babej wrote:
On 05/07/2014 03:47 PM, Petr Vobornik wrote:
krbpasswordexpiration conversion to number of second since epoch failed
because now we get datetime object instead of string.
https://fedorahosted.org/freeipa
On 04/30/2014 02:44 PM, Jakub Hrozek wrote:
On Wed, Apr 30, 2014 at 11:05:52AM +0200, Tomas Babej wrote:
On 03/24/2014 03:27 PM, Jan Pazdziora wrote:
On Mon, Mar 24, 2014 at 02:57:30PM +0100, Martin Kosek wrote:
On 03/24/2014 02:47 PM, Jan Pazdziora wrote:
On Mon, Mar 03, 2014 at 08:24:41PM
ACK.
On 05/06/2014 10:48 AM, Thorsten Scherf wrote:
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE
ACK.
On 05/06/2014 11:05 AM, Thorsten Scherf wrote:
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE
On 05/05/2014 06:08 PM, Alexander Bokovoy wrote:
On Fri, 02 May 2014, Jakub Hrozek wrote:
On Wed, Apr 30, 2014 at 03:59:01PM +0200, Tomas Babej wrote:
Hi,
* patch 180 fixes incorrect hostname usage when connecting to legacy
clients
* patch 181 sets up SSSD in debug_level 7 by default
.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
___
Freeipa
On 03/24/2014 03:27 PM, Jan Pazdziora wrote:
On Mon, Mar 24, 2014 at 02:57:30PM +0100, Martin Kosek wrote:
On 03/24/2014 02:47 PM, Jan Pazdziora wrote:
On Mon, Mar 03, 2014 at 08:24:41PM +0100, Tomas Babej wrote:
Hi,
Makes ipa-client-install configure SSSD as the data provider
for the sudo
Hi,
* patch 180 fixes incorrect hostname usage when connecting to legacy clients
* patch 181 sets up SSSD in debug_level 7 by default
* patch 182 does the same, but on the legacy clients
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej
On 01/07/2014 01:47 PM, Tomas Babej wrote:
On 01/07/2014 07:23 AM, Alexander Bokovoy wrote:
On Mon, 06 Jan 2014, Tomas Babej wrote:
On 01/06/2014 12:16 PM, Tomas Babej wrote:
On 04/15/2013 12:43 PM, Tomas Babej wrote:
On 04/08/2013 03:55 PM, Martin Kosek wrote:
On 04/01/2013 09:52 PM, Rob
On 04/25/2014 11:10 AM, Jan Cholasta wrote:
On 22.4.2014 13:34, Tomas Babej wrote:
Updated, rebased patch attached.
This API.txt change belongs in the previous patch:
+capability: datetime_values 2.84
Fixed, updated patch attached.
I also added several tests for the user plugin
On 04/25/2014 11:08 AM, Jan Cholasta wrote:
On 22.4.2014 13:32, Tomas Babej wrote:
Thank you for the suggestions. Updated, rebased patch is attached.
This API.txt change from the next patch belongs in this patch:
+capability: datetime_values 2.84
I think you should use
On 04/23/2014 12:17 PM, Martin Kosek wrote:
On 04/22/2014 12:53 PM, Tomas Babej wrote:
Hi,
Add tests coverage for recently added ID range checks dependant
on the ID range types.
Part of: https://fedorahosted.org/freeipa/ticket/4137
NACK
On 04/22/2014 12:50 PM, Tomas Babej wrote:
On 04/17/2014 02:44 PM, Alexander Bokovoy wrote:
You replace this by
range-base_rid_set = (slapi_entry_attr_find(entry, IPA_BASE_RID,
attr) == -1);
You probably meant == 0. Fixed.
I know that is was in your original code, but can we get
4e2cd570a4387213d528575069b8d59098a6beae Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Tue, 22 Apr 2014 12:34:12 +0200
Subject: [PATCH] ipatests: Change range_check return values from int to
range_check_result_t enum
Using integers for return values that are used for complex casing can be fragile
and typo-prone
Hi,
Add tests coverage for recently added ID range checks dependant
on the ID range types.
Part of: https://fedorahosted.org/freeipa/ticket/4137
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From
On 04/18/2014 01:14 PM, Petr Viktorin wrote:
On 04/17/2014 04:31 PM, Petr Viktorin wrote:
On 04/17/2014 12:22 PM, Tomas Babej wrote:
On 04/09/2014 01:33 PM, Petr Viktorin wrote:
On 04/09/2014 12:07 PM, Tomas Babej wrote:
Hi,
the following batch deals with the following:
* cleans up
On 03/05/2014 01:08 PM, Jan Cholasta wrote:
On 25.2.2014 11:15, Tomas Babej wrote:
On 01/14/2014 10:19 AM, Petr Viktorin wrote:
On 01/14/2014 09:27 AM, Jan Cholasta wrote:
On 13.1.2014 14:57, Petr Vobornik wrote:
On 13.1.2014 13:41, Jan Cholasta wrote:
Hi,
On 10.1.2014 21:21, Nathaniel
On 03/05/2014 01:10 PM, Jan Cholasta wrote:
On 25.2.2014 08:34, Tomas Babej wrote:
Rebased to current master.
On 01/09/2014 04:31 PM, Tomas Babej wrote:
Hi,
Adds a krbPrincipalExpiration attribute to the user class
in user.py ipalib plugin as a DateTime parameter.
Part of: https
On 04/09/2014 01:33 PM, Petr Viktorin wrote:
On 04/09/2014 12:07 PM, Tomas Babej wrote:
Hi,
the following batch deals with the following:
* cleans up apache's semaphores prior to installing IPA (CA install can
get stuck when IPA is reinstalled many times)
What happens if Apache is running
Hi,
This set of patches deals with bugs and extensions of ipa_range_check
plugin.
See commit messages for details.
Parts of: https://fedorahosted.org/freeipa/ticket/4137
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
the attribute
names should use letter casing as returned by python-ldap. Patch 259
implements that.
See commit messages for details.
Honza
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
not be
overridden by domain name
* fixes incorrect assert for UIDs/GIDs in legacy client tests
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 160b3d5937f45fb3ea1d932f3260be70126dd703 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba
Hi,
this patch fixes the issue with using freeipa specific rpms when
defining custom jobs.
Tomas
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From fa75dd96908346d354c40fb6587fdf9b7b11870d Mon Sep 17 00:00:00 2001
From
Hi.
these fix the following:
* not properly removed PKI instance on IPA uninstall
* improper usage of external hostname of AD subdomain in the legacy
client tests
* relax regex checks in legacy client tests
* put 2 seconds of sleep after restart of SSSD when clearing the cache
--
Tomas Babej
Hi,
this adds basic trust and legacy client integration tests to our Jenkins
jobs repo.
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 3dc23d1f4ee312e01eafb9677af2d97fdc40845b Mon Sep 17 00:00:00 2001
From: Tomas
On 04/01/2014 09:11 AM, Alexander Bokovoy wrote:
On Tue, 01 Apr 2014, Jan Pazdziora wrote:
On Thu, Mar 27, 2014 at 01:14:52PM +0100, Tomas Babej wrote:
Hi,
When cleaning the range_info struct, simple free of the struct
is not enough, we have to free contents of char pointers in the
struct
On 04/01/2014 09:17 AM, Tomas Babej wrote:
On 04/01/2014 09:11 AM, Alexander Bokovoy wrote:
On Tue, 01 Apr 2014, Jan Pazdziora wrote:
On Thu, Mar 27, 2014 at 01:14:52PM +0100, Tomas Babej wrote:
Hi,
When cleaning the range_info struct, simple free of the struct
is not enough, we have
A slightly new version, properly adds new attributes of the range_info
struct to the free_range_info method.
Should be applied on top of my 161 patch.
On 03/27/2014 01:11 PM, Tomas Babej wrote:
The updated version handles the ret variable properly. It also makes
sure the memory is properly
On 04/01/2014 10:40 AM, Alexander Bokovoy wrote:
On Tue, 01 Apr 2014, Tomas Babej wrote:
From 736b3f747188696fd4a46ca63d91a6cca942fd56 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 5 Mar 2014 12:28:18 +0100
Subject: [PATCH] Extend ipa-range-check DS plugin to handle
Hi,
We need to free the entry before returning from the function.
https://fedorahosted.org/freeipa/ticket/4295
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 5149ce52f583ef234bde5e8b386567c377369e41 Mon Sep 17 00
On 03/28/2014 08:42 AM, Martin Kosek wrote:
On 03/26/2014 06:46 PM, Martin Kosek wrote:
On 03/03/2014 08:16 PM, Tomas Babej wrote:
The updated patch addresses all the mentioned issues.
Also enables systemd's specific domainname service instead of relying
ypbind being present on the system
The updated version handles the ret variable properly. It also makes
sure the memory is properly freed.
On 03/18/2014 04:45 PM, Alexander Bokovoy wrote:
On Tue, 18 Mar 2014, Tomas Babej wrote:
On 03/18/2014 09:19 AM, Alexander Bokovoy wrote:
On Mon, 17 Mar 2014, Tomas Babej wrote:
Hi
Hi,
When cleaning the range_info struct, simple free of the struct
is not enough, we have to free contents of char pointers in the
struct as well.
https://fedorahosted.org/freeipa/ticket/4276
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC
Hi,
In test_trust.py, several tests did case sensitive search on the output of
the ipa idrange-show command. This could cause false negatives.
Part of: https://fedorahosted.org/freeipa/ticket/4267
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC
. This patch should fix
https://fedorahosted.org/freeipa/ticket/4264 .
bye,
Sumit
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Tomas Babej
Associate Software Engeneer | Red Hat
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From acadb5537c26b0f27065c172b7952f3e14474939 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 27 Feb 2014 15:40:54 +0100
Subject: [PATCH] ipatests: test_trust
On 03/18/2014 09:19 AM, Alexander Bokovoy wrote:
On Mon, 17 Mar 2014, Tomas Babej wrote:
Hi,
The ipa-range-check plugin used to determine the range type depending
on the value of the attributes such as RID or secondary RID base. This
approached caused variety of issues since the portfolio
ID mapping derivation capabilities.
https://fedorahosted.org/freeipa/ticket/4137
Test coverage coming soon!
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 0d038fb71f02fab5320e4843be80feb34c5c3303 Mon Sep 17 00:00
Hi,
Changes the code in the idrange_del method to not only check for
the root domains that match the SID in the IDRange, but for the
SIDs of subdomains of trusts as well.
https://fedorahosted.org/freeipa/ticket/4247
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
, Alexander Bokovoy wrote:
On Thu, 13 Mar 2014, Martin Kosek wrote:
On 03/13/2014 01:01 PM, Alexander Bokovoy wrote:
On Thu, 13 Mar 2014, Martin Kosek wrote:
On 03/13/2014 12:45 PM, Tomas Babej wrote:
Hi,
Changes the code in the idrange_del method to not only check
for
the root domains that match
On 03/13/2014 04:28 PM, Tomas Babej wrote:
On 03/13/2014 01:47 PM, Alexander Bokovoy wrote:
On Thu, 13 Mar 2014, Martin Kosek wrote:
On 03/13/2014 01:36 PM, Martin Kosek wrote:
On 03/13/2014 01:33 PM, Alexander Bokovoy wrote:
On Thu, 13 Mar 2014, Petr Spacek wrote:
On 13.3.2014 13:20
Thanks Jan, both fixed.
Tomas
On 03/05/2014 10:53 AM, Jan Pazdziora wrote:
On Mon, Feb 24, 2014 at 02:58:13PM +0100, Tomas Babej wrote:
Hi,
If SSH keys have not been generated prior to enrolling the client to the
IPA server, they will not be uploaded to the server, since they're
Thanks,
PATCH 341: ACK
(this is the last remaining ACK for this patchset)
On 03/04/2014 11:58 AM, Petr Viktorin wrote:
On 03/03/2014 01:41 PM, Tomas Babej wrote:
Finally got to this patchset!
PATCH 337: ACK
PATCH 338: ACK
This prohibits us to use extra roles that end in digits. Can you
=extram1.ipadomain.test
TESTHOST_EXTRAROLEM2_env1=extram2.ipadomain.test
For cases where there's just a single host of the role, it'll export
it both with the number and without.
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej
://bugzilla.redhat.com/show_bug.cgi?id=1071951
On 11/14/2013 12:54 PM, Ana Krivokapic wrote:
On 09/26/2013 10:28 AM, Tomas Babej wrote:
+if options.no_nisdomain and not options.nisdomain:
This should be `if options.no_nisdomain and options.nisdomain:`.
+parser.error(--no-nisdomain cannot be used
Hi,
Makes ipa-client-install configure SSSD as the data provider
for the sudo service by default. This behaviour can be disabled
by using --no-sudo flag.
https://fedorahosted.org/freeipa/ticket/3358
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site
Hi,
Remove a reference to the old deprecated LDAP API invoked by
the usage of trust_add method.
https://fedorahosted.org/freeipa/ticket/4204
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From
@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
After some thorough testing, ACK!
With this patch, not only we solve the referenced IPA ticket, but
adding a trust no longer requires retries in CI (and works on the first
attempt).
--
Tomas Babej
Associate Software Engeneer | Red
On 02/26/2014 02:16 PM, Tomas Babej wrote:
On 02/26/2014 12:39 PM, Martin Kosek wrote:
On 02/26/2014 09:33 AM, Alexander Bokovoy wrote:
On Wed, 26 Feb 2014, Martin Kosek wrote:
On 02/25/2014 07:59 PM, Simo Sorce wrote:
On Tue, 2014-02-25 at 20:58 +0200, Alexander Bokovoy wrote:
Resending
On 01/14/2014 10:19 AM, Petr Viktorin wrote:
On 01/14/2014 09:27 AM, Jan Cholasta wrote:
On 13.1.2014 14:57, Petr Vobornik wrote:
On 13.1.2014 13:41, Jan Cholasta wrote:
Hi,
On 10.1.2014 21:21, Nathaniel McCallum wrote:
On Thu, 2014-01-09 at 16:30 +0100, Tomas Babej wrote:
Hi,
Adds
Hi,
As a part of a better cleanup procedure in the integration tests,
make sure that winbindd is not running after uninstalling the IPA
server.
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From
Hi,
If SSH keys have not been generated prior to enrolling the client to the
IPA server, they will not be uploaded to the server, since they're not
present. Clarify this issue in the man pages.
https://fedorahosted.org/freeipa/ticket/4055
--
Tomas Babej
Associate Software Engeneer | Red Hat
Rebased to current master.
On 01/09/2014 04:31 PM, Tomas Babej wrote:
Hi,
Adds a krbPrincipalExpiration attribute to the user class
in user.py ipalib plugin as a DateTime parameter.
Part of: https://fedorahosted.org/freeipa/ticket/3306
--
Tomas Babej
Associate Software Engeneer | Red Hat
on your own, you should wrap the test in custom
setup teardown code.
There's no way we can perfectly restore a system after IPA has been
installed on it, much less if it was an unstable/testing version of
IPA, so returning to a sane state seems good for me.
--
Tomas Babej
Associate Software
On 02/19/2014 04:54 PM, Jan Pazdziora wrote:
On Wed, Feb 19, 2014 at 04:37:05PM +0100, Tomas Babej wrote:
Hi,
When restoring files from backup, we do use an incorrect order of
operations - we first restore SELinux context and then copy the
files from backup, when we need to do the exact
Patch on review field is
beneficial in that:
1.) you can query the tickets by the reviewer (e.g. look up the patches
you volunteered to review)
2.) you don't have to look up in ticket comments to see who changed the
Patch on review flag
--
Tomas Babej
Associate Software Engeneer | Red Hat
get the
reasonable portion of benefit.
My 2 cents,
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com
00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 19 Feb 2014 16:31:12 +0100
Subject: [PATCH] ipatests: Fix incorrect order of operations when restoring
backup
When restoring files from backup, we do use an incorrect order of
operations - we first restore SELinux context and then copy
Hello,
this is the third and final batch.
Please note that patch 148 has been already ACKed by Nathaniel :) (by
mistake, so please look it over again)
Details in the commit messages.
Tomas
From aa4808ec50b22ff7e412599c0da2b691a978bc7d Mon Sep 17 00:00:00 2001
From: Tomas Babej tba
2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 22 Jan 2014 11:44:34 +0100
Subject: [PATCH] ipatests: test_legacy_clients: Change test group to
testgroup
The integration test for legacy clients used incorrectly test group
instead of testgroup as group used on AD for test purposes
ACK for both versions
Tomas
On 02/05/2014 10:49 AM, Petr Viktorin wrote:
On 02/05/2014 10:14 AM, Petr Viktorin wrote:
Hello,
This fixes https://fedorahosted.org/freeipa/ticket/4135 in ipa-3-3. I'll
send a patch for master soon.
Version for master is here.
On 02/05/2014 12:47 PM, Petr Viktorin wrote:
On 02/05/2014 11:23 AM, Petr Viktorin wrote:
On 02/05/2014 10:29 AM, Tomas Babej wrote:
Hello,
the attached patches fix the following tickets:
https://fedorahosted.org/freeipa/ticket/4131
https://fedorahosted.org/freeipa/ticket/4130
https
: Tomas Babej tba...@redhat.com
Date: Thu, 23 Jan 2014 10:05:09 +0100
Subject: [PATCH] ipatests: legacy_clients: Test legacy clients with non-posix
trust
Adds test cases for legacy client support with IPA that has estabilish
trust with AD that does not leverage POSIX attributes defined on AD.
https
On 01/14/2014 07:03 PM, Simo Sorce wrote:
On Tue, 2014-01-14 at 18:02 +0100, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/4115
The tilde was not expanded in the $IPA_ROOT_SSH_KEY configuration
variable, so the default (~/.ssh/id_rsa) did not work.
Here's a fix.
Looks good.
unapplying fixes there.
https://fedorahosted.org/freeipa/ticket/4124
From 1b4d06b1b26a1ddbecb1f458fc35e3f600f67d0b Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 20 Jan 2014 09:28:26 +0100
Subject: [PATCH] ipatests: Check for legacy_client attribute presence if
unapplying
From: Tomas Babej tba...@redhat.com
Date: Mon, 20 Jan 2014 09:41:32 +0100
Subject: [PATCH] ipatests: Remove sudo calls from tasks
Sudo calls are not necessary since we log in as a root. Additionally,
sudo requires tty in default configuration, which is not acquired
when using OpenSSH transport.
https
Yep, 100% bug coverage.
Updated patch attached.
On 01/20/2014 09:33 AM, Tomas Babej wrote:
Hi,
When legacy client tests fail during IPA installation, the legacy
client test produces an additional misleading error
(the real cause is reported as well). This happens due the fact
that we try
Hey!
Let us discuss a which behaviour we should take with trust-add command.
Currently, if you run:
$ ipa trust-add --type ad host
Range type (POSIX or non-POSIX) is being detected automatically.
However, if you run:
$ ipa trust-add --type ad host --range-type=ipa-ad-trust-posix
You override
://fedorahosted.org/freeipa/ticket/3306
From 26a57febd0a1b920cb0857f3a12912bb69c82d90 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 9 Jan 2014 11:14:56 +0100
Subject: [PATCH 137/140] ipalib: Add DateTime parameter
Adds a parameter that represents a DateTime format using
Hi,
Adds a krbPrincipalExpiration attribute to the user class
in user.py ipalib plugin as a DateTime parameter.
Part of: https://fedorahosted.org/freeipa/ticket/3306
From 00691ffa8407f5059fde9b913e3a1253fe9a287e Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 9 Jan 2014
: Tomas Babej tba...@redhat.com
Date: Thu, 9 Jan 2014 14:19:49 +0100
Subject: [PATCH 139/140] acl: Remove krbPrincipalExpiration from list of
admin's excluded attrs
Since we're exposing the krbPrincipalExpiration attribute for direct
editing in the CLI, remove it from the list of attributes
Hi,
For ipatokennotbefore and ipatokennotafter attributes use DateTime
parameter class instead of Str, since these are represented as
LDAP Generalized Time in LDAP.
Tomas
From cb671a7c1e746ef5f1c3de0e4ad30ae6ef42dcf1 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 9 Jan
Hi,
I'm working on exposing the krbPrincipalExpiration attribute in the CLI
(https://fedorahosted.org/freeipa/ticket/3306). However, this attribute
is exempted from the default ACL Admin can manage any entry
(install/share/default-aci.ldif +8).
Now, we have several options:
1.) remove it from
501 - 600 of 961 matches
Mail list logo