Re: [Freeipa-devel] Handling of krbPrincpalExpiration in default ACI

On 01/08/2014 03:46 PM, Rob Crittenden wrote: Simo Sorce wrote: On Wed, 2014-01-08 at 09:19 -0500, Simo Sorce wrote: On Wed, 2014-01-08 at 13:42 +0100, Tomas Babej wrote: Hi, I'm working on exposing the krbPrincipalExpiration attribute in the CLI (https://fedorahosted.org/freeipa/ticket

Re: [Freeipa-devel] Handling of krbPrincpalExpiration in default ACI

On 01/08/2014 04:19 PM, Simo Sorce wrote: On Wed, 2014-01-08 at 15:49 +0100, Petr Viktorin wrote: On 01/08/2014 03:43 PM, Simo Sorce wrote: On Wed, 2014-01-08 at 09:19 -0500, Simo Sorce wrote: On Wed, 2014-01-08 at 13:42 +0100, Tomas Babej wrote: Hi, I'm working on exposing

Re: [Freeipa-devel] [PATCH 0034] Deny LDAP binds for user accounts with expired principal

On 01/07/2014 07:23 AM, Alexander Bokovoy wrote: On Mon, 06 Jan 2014, Tomas Babej wrote: On 01/06/2014 12:16 PM, Tomas Babej wrote: On 04/15/2013 12:43 PM, Tomas Babej wrote: On 04/08/2013 03:55 PM, Martin Kosek wrote: On 04/01/2013 09:52 PM, Rob Crittenden wrote: Tomas Babej wrote: On 02

Re: [Freeipa-devel] [PATCH 0034] Deny LDAP binds for user accounts with expired principal

On 04/15/2013 12:43 PM, Tomas Babej wrote: On 04/08/2013 03:55 PM, Martin Kosek wrote: On 04/01/2013 09:52 PM, Rob Crittenden wrote: Tomas Babej wrote: On 02/12/2013 06:23 PM, Simo Sorce wrote: On Tue, 2013-02-12 at 18:03 +0100, Tomas Babej wrote: On 02/12/2013 05:50 PM, Tomas Babej wrote

Re: [Freeipa-devel] [PATCH 0034] Deny LDAP binds for user accounts with expired principal

On 01/06/2014 12:16 PM, Tomas Babej wrote: On 04/15/2013 12:43 PM, Tomas Babej wrote: On 04/08/2013 03:55 PM, Martin Kosek wrote: On 04/01/2013 09:52 PM, Rob Crittenden wrote: Tomas Babej wrote: On 02/12/2013 06:23 PM, Simo Sorce wrote: On Tue, 2013-02-12 at 18:03 +0100, Tomas Babej wrote

Re: [Freeipa-devel] Fedora 20 Release

Good news! With slapi-nis-0.52-1 and 389-ds-base-1.3.2.9-1 I can no longer reproduce neither of https://bugzilla.redhat.com/show_bug.cgi?id=1043546 or https://bugzilla.redhat.com/show_bug.cgi?id=1041732 Thanks Rich, Nalin (or anyone else involved)! I will move to some more heavyweight

[Freeipa-devel] [PATCH 0135] Fix incorrect path in error message on sysrestore failure

Hi, On sysrestore failure, user is prompted out to remove the sysrestore file. However, the path to the sysrestore file mentioned in the sentence is not correct. https://fedorahosted.org/freeipa/ticket/4080 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno

[Freeipa-devel] [PATCH 0136] Remove enumeration index from dynamic role hosts when

Hi, When exporting test configuration, do not append indexes to dynamic role definitions as this is not expected form of input. https://fedorahosted.org/freeipa/ticket/4081 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org

Re: [Freeipa-devel] [PATCH 0133] ipa-cldap: Cut NetBIOS name after 15 characters

On 11/27/2013 03:38 PM, Simo Sorce wrote: On Wed, 2013-11-27 at 08:50 +0100, Tomas Babej wrote: Sorry to nitpick but ... diff --git a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c b/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c index

Re: [Freeipa-devel] [PATCH] 0129 fix trust.get_dn to distinguish creating and re-adding trusts

confuse trustdomain-find command. https://fedorahosted.org/freeipa/ticket/4067 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK. -- Tomas Babej Associate Software Engeneer | Red Hat

Re: [Freeipa-devel] [PATCH] 0330 - Add comment about last change to VERSION

- RADIUS support -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH 0134] ipa-client-install: Always pass hostname to the ipa-join

/4027 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From b9eea8f7bfb501dcc9bffd36f8c4a856721d78c2 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 26 Nov 2013 12:15:33 +0100 Subject: [PATCH] ipa-client

[Freeipa-devel] [PATCH 0133] ipa-cldap: Cut NetBIOS name after 15 characters

Hi, The CLDAP DS plugin uses the uppercased first segment of the fully qualified hostname as the NetBIOS name. We need to limit its size to 15 characters. https://fedorahosted.org/freeipa/ticket/4028 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site

Re: [Freeipa-devel] [PATCH 0133] ipa-cldap: Cut NetBIOS name after 15 characters

On 11/26/2013 04:56 PM, Alexander Bokovoy wrote: On Tue, 26 Nov 2013, Tomas Babej wrote: Hi, The CLDAP DS plugin uses the uppercased first segment of the fully qualified hostname as the NetBIOS name. We need to limit its size to 15 characters. https://fedorahosted.org/freeipa/ticket/4028

Re: [Freeipa-devel] [PATCH 0133] ipa-cldap: Cut NetBIOS name after 15 characters

On 11/27/2013 08:25 AM, Alexander Bokovoy wrote: On Wed, 27 Nov 2013, Tomas Babej wrote: daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c b/daemons/ipa

[Freeipa-devel] [PATCH 0131] [PATCH 131/132] trusts: Do not pass base-id to the subdomain ranges

Hi, this fixes https://fedorahosted.org/freeipa/ticket/4041 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 97b0209a2e149ba6dd86ad9998f8e37e60014c3d Mon Sep 17 00:00:00 2001 From: Tomas Babej tomasba...@gmail.com

[Freeipa-devel] [PATCH 0132] [PATCH 132/132] trusts: Always stop and disable smb service on uninstall

Hi, this fixes https://fedorahosted.org/freeipa/ticket/4042 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 5eaae3eec6095bb115bac23f00b49d515f402624 Mon Sep 17 00:00:00 2001 From: Tomas Babej tomasba...@gmail.com

Re: [Freeipa-devel] [PATCH 111] ipa-client-install: Publish CA certificate to systemwide store

On 11/15/2013 03:36 PM, Rob Crittenden wrote: Tomas Babej wrote: On 11/15/2013 02:46 PM, Ana Krivokapic wrote: On 11/13/2013 02:57 PM, Tomas Babej wrote: On 09/27/2013 10:14 AM, Martin Kosek wrote: On 09/26/2013 04:46 PM, Jan Cholasta wrote: On 26.9.2013 12:59, Tomas Babej wrote: On 09/26

Re: [Freeipa-devel] [PATCH 111] ipa-client-install: Publish CA certificate to systemwide store

On 11/15/2013 02:46 PM, Ana Krivokapic wrote: On 11/13/2013 02:57 PM, Tomas Babej wrote: On 09/27/2013 10:14 AM, Martin Kosek wrote: On 09/26/2013 04:46 PM, Jan Cholasta wrote: On 26.9.2013 12:59, Tomas Babej wrote: On 09/26/2013 12:54 PM, Jan Cholasta wrote: On 24.9.2013 18:14, Nalin

Re: [Freeipa-devel] [PATCH] 0084 Make sure state of services is preserved after client uninstall

abstracted that into a function, should we use this at other places as well? -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https

[Freeipa-devel] [PATCH 0130] platform: Add Fedora 19 platform file

Hi, Part of: https://fedorahosted.org/freeipa/ticket/3504 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 6c84927497fffdad2b60b1af1f69e79b0471936d Mon Sep 17 00:00:00 2001 From: Tomas Babej tomasba...@gmail.com Date

Re: [Freeipa-devel] [PATCH 111] ipa-client-install: Publish CA certificate to systemwide store

On 09/27/2013 10:14 AM, Martin Kosek wrote: On 09/26/2013 04:46 PM, Jan Cholasta wrote: On 26.9.2013 12:59, Tomas Babej wrote: On 09/26/2013 12:54 PM, Jan Cholasta wrote: On 24.9.2013 18:14, Nalin Dahyabhai wrote: On Tue, Sep 24, 2013 at 01:30:10PM +0200, Jan Cholasta wrote: We discussed

Re: [Freeipa-devel] [PATCH 0113] ipa-client: Set NIS domain name in the installer

On 09/26/2013 03:16 PM, Petr Viktorin wrote: On 09/26/2013 02:58 PM, Martin Kosek wrote: On 09/26/2013 02:45 PM, Jan Cholasta wrote: On 26.9.2013 14:38, Martin Kosek wrote: On 09/26/2013 02:28 PM, Tomas Babej wrote: On 09/26/2013 12:20 PM, Jan Cholasta wrote: ... I just found --no-nisdomain

Re: [Freeipa-devel] [PATCH] 0082 Use EXTERNAL auth mechanism in ldapmodify

-- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH 0128] ipatests: Add integration tests for legacy clients

Hi, This implements the test cases for legacy clients using SSSD, nss-ldap and nss-pam-ldapd. Part of: https://fedorahosted.org/freeipa/ticket/3833 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From

Re: [Freeipa-devel] [PATCH 0128] ipatests: Add integration tests for legacy clients

On 11/01/2013 12:35 PM, Alexander Bokovoy wrote: On Fri, 01 Nov 2013, Tomas Babej wrote: Hi, This implements the test cases for legacy clients using SSSD, nss-ldap and nss-pam-ldapd. Part of: https://fedorahosted.org/freeipa/ticket/3833 -- Tomas Babej Associate Software Engeneer | Red Hat

Re: [Freeipa-devel] [PATCH 0125] ipatests: Add which package to legacy client advice

On 10/31/2013 12:10 PM, Ana Krivokapic wrote: On 10/30/2013 04:18 PM, Tomas Babej wrote: Hi, Adds which package to the requirements, since older distros do not have it by default. Part of: https://fedorahosted.org/freeipa/ticket/3833

Re: [Freeipa-devel] [PATCH 0125] ipatests: Add which package to legacy client advice

On 11/01/2013 03:27 PM, Ana Krivokapic wrote: On 11/01/2013 03:18 PM, Tomas Babej wrote: On 10/31/2013 12:10 PM, Ana Krivokapic wrote: On 10/30/2013 04:18 PM, Tomas Babej wrote: Hi, Adds which package to the requirements, since older distros do not have it by default. Part of: https

Re: [Freeipa-devel] [PATCH 0128] ipatests: Add integration tests for legacy clients

On 11/01/2013 03:39 PM, Petr Viktorin wrote: On 11/01/2013 03:20 PM, Tomas Babej wrote: On 11/01/2013 12:19 PM, Tomas Babej wrote: Hi, This implements the test cases for legacy clients using SSSD, nss-ldap and nss-pam-ldapd. Part of: https://fedorahosted.org/freeipa/ticket/3833 A nitpick

Re: [Freeipa-devel] [PATCH 0128] ipatests: Add integration tests for legacy clients

On 11/01/2013 03:42 PM, Tomas Babej wrote: On 11/01/2013 03:39 PM, Petr Viktorin wrote: On 11/01/2013 03:20 PM, Tomas Babej wrote: On 11/01/2013 12:19 PM, Tomas Babej wrote: Hi, This implements the test cases for legacy clients using SSSD, nss-ldap and nss-pam-ldapd. Part of: https

Re: [Freeipa-devel] [PATCH 0121] ipatests: Add support for hosts referenced by a keyword

On 10/29/2013 01:00 PM, Petr Viktorin wrote: On 10/24/2013 12:20 PM, Tomas Babej wrote: On 10/22/2013 10:44 AM, Petr Viktorin wrote: On 10/22/2013 10:09 AM, Tomas Babej wrote: On 10/22/2013 09:54 AM, Petr Viktorin wrote: On 10/22/2013 09:20 AM, Tomas Babej wrote: Hi, Adds support for host

[Freeipa-devel] [PATCH 0123] ipatests: Do not use /usr/bin hardcoded paths

Hi, The RHEL 5.9 clients do not have /usr/bin symlinks. Part of: https://fedorahosted.org/freeipa/ticket/3833 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 9b10658d19d29f6d0d2a9237c1e0062fff471b04 Mon Sep 17 00:00

[Freeipa-devel] [PATCH 0126] ipatests: Restore SELinux context after restoring files from

Hi, Without this patch, restored directories get home_t SELinux context. Part of: https://fedorahosted.org/freeipa/ticket/3833 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 17d25a579434fc454f1a2be18a41b7921a53e5cc

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

On 10/24/2013 01:29 PM, Petr Viktorin wrote: On 10/22/2013 02:24 PM, Tomas Babej wrote: On 10/22/2013 02:15 PM, Tomas Babej wrote: On 10/22/2013 12:27 PM, Tomas Babej wrote: On 10/22/2013 10:37 AM, Petr Viktorin wrote: Replying to one part only: On 10/21/2013 04:50 PM, Tomas Babej wrote

[Freeipa-devel] [PATCH 0121] ipatests: Add support for hosts referenced by a keyword

keyword hosts are accessible to the IntegrationTests via the keyword_hosts attribute, which contains a dictionary keyed by the keywords. Part of: https://fedorahosted.org/freeipa/ticket/3833 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej

Re: [Freeipa-devel] [PATCH 0121] ipatests: Add support for hosts referenced by a keyword

On 10/22/2013 09:54 AM, Petr Viktorin wrote: On 10/22/2013 09:20 AM, Tomas Babej wrote: Hi, Adds support for host definition by a environment variables of the following form: KEYWORDHOST__envX, where X is the number of the environment for which host referenced by a keyword should be defined

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

On 10/22/2013 10:37 AM, Petr Viktorin wrote: Replying to one part only: On 10/21/2013 04:50 PM, Tomas Babej wrote: On 10/16/2013 03:44 PM, Petr Viktorin wrote: I still think it would be simpler if IPA and AD domains shared the numbering namespace (users would need to define $AD_env2

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

On 10/22/2013 12:27 PM, Tomas Babej wrote: On 10/22/2013 10:37 AM, Petr Viktorin wrote: Replying to one part only: On 10/21/2013 04:50 PM, Tomas Babej wrote: On 10/16/2013 03:44 PM, Petr Viktorin wrote: I still think it would be simpler if IPA and AD domains shared the numbering namespace

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

On 10/22/2013 02:15 PM, Tomas Babej wrote: On 10/22/2013 12:27 PM, Tomas Babej wrote: On 10/22/2013 10:37 AM, Petr Viktorin wrote: Replying to one part only: On 10/21/2013 04:50 PM, Tomas Babej wrote: On 10/16/2013 03:44 PM, Petr Viktorin wrote: I still think it would be simpler if IPA

[Freeipa-devel] [PATCH 120] Get the created range type in case of re-establishing trust

Hi, This is a regression fix introduced by commit id: 285ed59889590ddd0d6ca2e2a030b28527941cbf Fixes internal error in case of re-establishing the trust. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From

Re: [Freeipa-devel] [PATCH 0119] ipatests: Extend the order plugin to properly handle inheritance

On 10/16/2013 01:57 PM, Petr Viktorin wrote: On 10/14/2013 04:28 PM, Tomas Babej wrote: Hi, When trying to create a new ordered test case by inheriting from already defined test case, by overriding few of its methods, the execution order of the tests is as follows: - first all non

[Freeipa-devel] [PATCH 0119] ipatests: Extend the order plugin to properly handle inheritance

This patch makes sure that methods are executed in the logical order, that is, the order defined in the parent class. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From e1b9eac26f9d93a6a95c4f94fa68ee2fe68a16f3 Mon Sep 17 00:00:00

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

: +# Tomas Babej tba...@redhat.com +# +# Copyright (C) 2013 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software

[Freeipa-devel] [PATCH 0118] Do not create separate ranges for subdomains in case of POSIX trust

Hi, This is a fix for a bug I found related to the subdomains code while working on the AD Continuous Integration testing. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 42d3932ad10e4c5ca60c24d2f4da0e9d6bc3b348 Mon

[Freeipa-devel] [PATCHES 114-117] Do proper cleanup after ipa-adtrust-install

Hi, the following patchset contains fixes for https://fedorahosted.org/freeipa/ticket/3479 . With it applied, you should be able to establish a trust on a reinstalled IPA master that had a trust established. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On 10/01/2013 05:15 PM, Alexander Bokovoy wrote: On Mon, 30 Sep 2013, Alexander Bokovoy wrote: On Mon, 30 Sep 2013, Tomas Babej wrote: On 09/28/2013 10:01 PM, Alexander Bokovoy wrote: On Fri, 27 Sep 2013, Sumit Bose wrote: On Fri, Sep 27, 2013 at 03:53:08PM +0300, Alexander Bokovoy wrote

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

Unexpected information received (both may be None) I was unable to track this one down in a reasonable timeframe, I suggest we continue on IRC. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org

Re: [Freeipa-devel] [PATCH 111] ipa-client-install: Publish CA certificate to systemwide store

patch attached. Tomas -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 4f8b708b588265bf2678895b433fa33fe52ad6a4 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 24 Sep 2013 10:54:57 +0200 Subject

Re: [Freeipa-devel] [PATCH 0113] ipa-client: Set NIS domain name in the installer

On 09/26/2013 12:20 PM, Jan Cholasta wrote: On 26.9.2013 10:28, Tomas Babej wrote: Hi, Provides two new options for the ipa-client-install: --nisdomain: specifies the NIS domain name --no_nisdomain: flag to aviod setting the NIS domain name In case no --nisdomain is specified

[Freeipa-devel] [PATCH 111] ipa-client-install: Publish CA certificate to systemwide store

Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 9e61407d6db5b5c673a1d2924b8f4ba3936812a7 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 24 Sep 2013 10:54:57 +0200 Subject: [PATCH] ipa-client-install: Publish CA

Re: [Freeipa-devel] [PATCH] 0114 ipa-sam: fix setting encryption type for trust object already created

this is pretty tight, no need to expand the filter. (Simo agreed to this argument on IRC) ACK -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel mailing list Freeipa

[Freeipa-devel] [PATCH 107] Do not add trust to AD in case of IPA realm-domain mismatch

Hi, Make sure that trust-add command fails when admin attempts to add an Active Directory trust when the realm name and the domain name of the IPA server do not match. https://fedorahosted.org/freeipa/ticket/3923 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE

[Freeipa-devel] [PATCH 108] Warn user about realm-domain mismatch in install scripts

-adtrust-install were updated with the relevant notes. https://fedorahosted.org/freeipa/ticket/3924 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 0909d5fe4803cefced1efb79043062615d5f6dbe Mon Sep 17 00:00:00 2001 From

[Freeipa-devel] [PATCH 109] Use getent admin@domain for nss check in, ipa-client-install

Hi, Use 'getent admin@domain' rather than 'getent admin@REALM' to check if nss is working properly since admin@REALM check fails in case the domain and the realm name does not match. https://fedorahosted.org/freeipa/ticket/3906 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity

[Freeipa-devel] [PATCH 110] ipa-sam: Fix memory leaks

Hi, this fixes a memory leak in ipa-sam plugin. https://fedorahosted.org/freeipa/ticket/3913 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 316c0bc3a2f0c5cbeceecf4c373fc9afc6cfcc44 Mon Sep 17 00:00:00 2001 From

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

On 09/17/2013 10:43 AM, Petr Viktorin wrote: On 09/16/2013 03:45 PM, Tomas Babej wrote: Hi, this set of patches extends ipatests module to support integration testing with Active Directory, as well as provides an basic (working without artificial sleeps!) trust test case. Thanks

[Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Hi, this set of patches extends ipatests module to support integration testing with Active Directory, as well as provides an basic (working without artificial sleeps!) trust test case. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej

Re: [Freeipa-devel] DNS improvements: Should we add some sanity checking?

specified domain or server name Named is unable to find the domain, since the connection is down. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH 0003] Add timestamps to named debug logs in /var/named/data/named.run

On 09/05/2013 04:25 PM, Petr Spacek wrote: Hello, Add timestamps to named debug logs in /var/named/data/named.run. Tomas Babej and I spent more than hour with debugging bind-dyndb-ldap and timestamps were invaluable. ACK -- Tomas Babej Associate Software Engeneer | Red Hat | Identity

Re: [Freeipa-devel] FreeIPA server package group

On 09/02/2013 05:41 PM, Martin Kosek wrote: On 08/29/2013 12:22 PM, Tomas Babej wrote: On 08/29/2013 11:55 AM, Petr Viktorin wrote: On 08/28/2013 12:20 PM, Tomas Babej wrote: On 08/28/2013 12:03 PM, Petr Viktorin wrote: On 08/28/2013 11:46 AM, Tomas Babej wrote: On 08/26/2013 10:14 AM

Re: [Freeipa-devel] [PATCH] 0060 Add warning when uninstalling active replica

print as a function we can wrap the text inside the parenthesis with no effect on the output whatsoever. Or use print statement, but enclose the text in parenthesis. Or use backslash. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej

Re: [Freeipa-devel] FreeIPA server package group

On 08/29/2013 11:55 AM, Petr Viktorin wrote: On 08/28/2013 12:20 PM, Tomas Babej wrote: On 08/28/2013 12:03 PM, Petr Viktorin wrote: On 08/28/2013 11:46 AM, Tomas Babej wrote: On 08/26/2013 10:14 AM, Tomas Babej wrote: On Mon 26 Aug 2013 10:12:09 AM CEST, Petr Vobornik wrote: On 08/26/2013

Re: [Freeipa-devel] [PATCH] 1104 move NULL check

___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel mailing

Re: [Freeipa-devel] [PATCH] 119 CLDAP: make sure an empty reply is returned on any error

On 08/28/2013 10:25 AM, Sumit Bose wrote: Hi, this patch fixes an issue in the CLDAP plugin found by Coverity. bye, Sumit ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK -- Tomas

Re: [Freeipa-devel] FreeIPA server package group

On 08/26/2013 10:14 AM, Tomas Babej wrote: On Mon 26 Aug 2013 10:12:09 AM CEST, Petr Vobornik wrote: On 08/26/2013 09:54 AM, Tomas Babej wrote: Hi, I cooked up a patch for comps that adds a FreeIPA package group. Please chime in if you're OK with package selection / description

Re: [Freeipa-devel] FreeIPA server package group

On 08/28/2013 12:03 PM, Petr Viktorin wrote: On 08/28/2013 11:46 AM, Tomas Babej wrote: On 08/26/2013 10:14 AM, Tomas Babej wrote: On Mon 26 Aug 2013 10:12:09 AM CEST, Petr Vobornik wrote: On 08/26/2013 09:54 AM, Tomas Babej wrote: Hi, I cooked up a patch for comps that adds a FreeIPA

Re: [Freeipa-devel] [PATCH 0087] Log proper error message when defaultNamingContext not found

On 08/28/2013 01:22 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, When adding a trust using trust-add with misconfigured DNS, an improper LDAP entry might be returned. Log a proper error message. https://fedorahosted.org/freeipa/ticket/3690 I think this should this include which KeyError

Re: [Freeipa-devel] [PATCH] 0055 Fix tests which fail after ipa-adtrust-install

On 08/26/2013 09:38 AM, Ana Krivokapic wrote: On 08/22/2013 06:13 PM, Tomas Babej wrote: On 08/20/2013 04:14 PM, Ana Krivokapic wrote: On 08/09/2013 05:35 PM, Tomas Babej wrote: On 08/09/2013 04:03 PM, Ana Krivokapic wrote: On 08/09/2013 09:39 AM, Tomas Babej wrote: On 08/08/2013 04:09 PM

Re: [Freeipa-devel] FreeIPA server package group

On Mon 26 Aug 2013 10:12:09 AM CEST, Petr Vobornik wrote: On 08/26/2013 09:54 AM, Tomas Babej wrote: Hi, I cooked up a patch for comps that adds a FreeIPA package group. Please chime in if you're OK with package selection / description. For illustration, see the attached image. FreeIPA

[Freeipa-devel] [PATCH 0093] Fix incorrect message occurence when re-adding the trust

-- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 4841fa8954b860fe5383d077178d5e1a3655517e Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Fri, 23 Aug 2013 13:06:52 +0200 Subject: [PATCH] Fix incorrect error

Re: [Freeipa-devel] [PATCH 0083] Make CS.cfg edits with CA instance stopped

On 08/05/2013 05:43 PM, Martin Kosek wrote: On 08/02/2013 03:32 PM, Tomas Babej wrote: Hi, This patch makes sure that all edits to CS.cfg configuration file are performed while pki-tomcatd service is stopped. Introduces a new contextmanager stopped_service for handling a general problem

Re: [Freeipa-devel] [PATCH 0091] Perform dirsrv tuning at platform level

On 08/20/2013 06:40 PM, Nathaniel McCallum wrote: On Mon, 2013-08-19 at 14:48 +0200, Tomas Babej wrote: Hi, When configuring the 389 Directory Server instance, we tune it so that number of file descriptors available to the DS is increased from the default 1024 to 8192. There are platform

[Freeipa-devel] [PATCH 0092] Remove redundant shebangs

Hi, Remove redundant shebangs from files that are not used as scripts. https://fedorahosted.org/freeipa/ticket/3853 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 43c7733ccf691bd50425f021c4ab23f11315343d Mon Sep 17

Re: [Freeipa-devel] [PATCH] 0055 Fix tests which fail after ipa-adtrust-install

On 08/20/2013 04:14 PM, Ana Krivokapic wrote: On 08/09/2013 05:35 PM, Tomas Babej wrote: On 08/09/2013 04:03 PM, Ana Krivokapic wrote: On 08/09/2013 09:39 AM, Tomas Babej wrote: On 08/08/2013 04:09 PM, Ana Krivokapic wrote: Hello, This patch should fix the failing unit tests. https

[Freeipa-devel] [PATCH 0091] Perform dirsrv tuning at platform level

platforms. systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv set ulimit - nofile 8192 in /etc/security/limits.conf https://fedorahosted.org/freeipa/ticket/3823 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity

Re: [Freeipa-devel] [PATCH] 0055 Fix tests which fail after ipa-adtrust-install

On 08/09/2013 04:03 PM, Ana Krivokapic wrote: On 08/09/2013 09:39 AM, Tomas Babej wrote: On 08/08/2013 04:09 PM, Ana Krivokapic wrote: Hello, This patch should fix the failing unit tests. https://fedorahosted.org/freeipa/ticket/3852 ___ Freeipa

Re: [Freeipa-devel] [PATCH] Bypass ipa-replica-conncheck ssh tests when ssh is not installed

The following message needs to be changed for allowing more generic use-case. +print WARNING: ssh not installed, skipping Should be sufficient. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org

Re: [Freeipa-devel] [PATCH] 0051 Handle --subject option in ipa-server-install

) sysupgrade 2) dirsrv 3) certmap.conf If it cannot be found, an error is displayed and the file is not modified. I tested exhaustively and patch held up against my efforts. No objections to the code itself, so, ACK. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno

Re: [Freeipa-devel] [PATCH] 417 Increase default SASL buffer size

set to 64 kB. With that change applied, ACK. Tomas --- Done based on Rich's recommendation. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- Tomas Babej Associate Software

Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search

On 08/05/2013 05:59 PM, Martin Kosek wrote: On 07/17/2013 01:47 PM, Tomas Babej wrote: I will release version 3.5 before end of this week. I have some small fixes ready so it is worth to release it now. To summarize the discussion - please remove following options from configuration file

[Freeipa-devel] [PATCH 0086] Remove overlapping use-cases of the same result variable

Hi, a simple fix for an issue I found while reading the code. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 5d11a8534c1cd3bf3c99945157c8920c0eff7333 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date

Re: [Freeipa-devel] [PATCH 0086] Remove overlapping use-cases of the same result variable

On 08/06/2013 10:46 AM, Tomas Babej wrote: Hi, a simple fix for an issue I found while reading the code. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel

Re: [Freeipa-devel] [PATCH] 0052 Add ipa-advise plugins for legacy clients

of advises shown by 'ipa-advise' by default. It is now a bit unreadable. The patch 0089 should fix that. Tomas -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel

[Freeipa-devel] [PATCH 0087] Log proper error message when defaultNamingContext not found

Hi, When adding a trust using trust-add with misconfigured DNS, an improper LDAP entry might be returned. Log a proper error message. https://fedorahosted.org/freeipa/ticket/3690 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej

[Freeipa-devel] [PATCH 0090] Allow deletion of an empty trusted range with the --force flag

/V3_Minor_Enhancements https://fedorahosted.org/freeipa/ticket/3787 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 96287a035aa3dd4ff2acc40cf6ca81221dc40a8d Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 6 Aug

Re: [Freeipa-devel] [PATCH 0090] Allow deletion of an empty trusted range with the --force flag

closed the ticket as invalid. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa

[Freeipa-devel] [PATCH 0085] Limit pwpolicy maxlife to 20000 days

that can be set through the framework to 20 000 days (~ 54 years). https://fedorahosted.org/freeipa/ticket/3817 TomasFrom 06d0f2a4f2c32613142c1f901fb72e5f6b087549 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Mon, 5 Aug 2013 13:45:26 +0200 Subject: [PATCH] Limit pwpolicy

Re: [Freeipa-devel] [PATCH 0084] Improve help entry for ipa host

On 08/05/2013 05:48 PM, Martin Kosek wrote: On 08/02/2013 05:16 PM, Tomas Babej wrote: Hi, Updates old information produced by the ipa help host command. Also adds a section to ipa-client-install manpage about client re-enrollment. https://fedorahosted.org/freeipa/ticket/3820 Tomas 1

[Freeipa-devel] [PATCH 0083] Make CS.cfg edits with CA instance stopped

/freeipa/ticket/3804 TomasFrom d15a580496be21cd44f36edbfaa8a6c49e540b03 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 1 Aug 2013 14:47:52 +0200 Subject: [PATCH] Make CS.cfg edits with CA instance stopped This patch makes sure that all edits to CS.cfg configuration file

[Freeipa-devel] [PATCH 0084] Improve help entry for ipa host

Hi, Updates old information produced by the ipa help host command. Also adds a section to ipa-client-install manpage about client re-enrollment. https://fedorahosted.org/freeipa/ticket/3820 TomasFrom b779c357e3703eedcc25a9df0d9f220843d45b9e Mon Sep 17 00:00:00 2001 From: Tomas Babej tba

[Freeipa-devel] [PATCH 0082] Use case-insensitive dict for trusted domain info

Hi, In DomainValidator, we store a dictionary containing information for trusted domains. This is a case-sensitive dictionary keyed by the domain name. We need to use case-insensitive dictionary since domain names are generally case-insensitive. https://fedorahosted.org/freeipa/ticket/3816

Re: [Freeipa-devel] [PATCH 0082] Use case-insensitive dict for trusted domain info

On Friday 26 of July 2013 11:07:05 Tomas Babej wrote: Hi, In DomainValidator, we store a dictionary containing information for trusted domains. This is a case-sensitive dictionary keyed by the domain name. We need to use case-insensitive dictionary since domain names are generally case

Re: [Freeipa-devel] [PATCH 0081] Skip referrals when converting LDAP result to LDAPEntry

On Thursday 25 of July 2013 15:53:23 Jakub Hrozek wrote: On Thu, Jul 25, 2013 at 03:39:59PM +0200, Tomas Babej wrote: On Thursday 25 of July 2013 09:30:22 Jan Cholasta wrote: On 25.7.2013 09:11, Petr Spacek wrote: On 25.7.2013 09:03, Alexander Bokovoy wrote: On Thu, 25 Jul 2013, Petr

Re: [Freeipa-devel] [PATCH 0081] Skip referrals when converting LDAP result to LDAPEntry

On Friday 26 of July 2013 12:16:42 Jan Cholasta wrote: On 26.7.2013 11:29, Tomas Babej wrote: After some investigation I decided the correct approach here is to scream at the debug level only, when referral is being ignored. We cannot guide ourselves by the ldap.OPT_REFFERALS option

Re: [Freeipa-devel] [PATCH 0081] Skip referrals when converting LDAP result to LDAPEntry

On Friday 26 of July 2013 13:03:25 Martin Kosek wrote: On 07/26/2013 12:23 PM, Tomas Babej wrote: On Friday 26 of July 2013 12:16:42 Jan Cholasta wrote: On 26.7.2013 11:29, Tomas Babej wrote: After some investigation I decided the correct approach here is to scream at the debug level only

Re: [Freeipa-devel] [PATCH 0079] Change shebang to absolute path in ipa-client-automount

On Wednesday 24 of July 2013 13:06:19 Martin Kosek wrote: On 07/24/2013 12:39 PM, Tomas Babej wrote: Hi, this fixes the https://fedorahosted.org/freeipa/ticket/3811 Tomas Shouldn't we also add '-E' parameter like we do with in other install tools' shebang? Martin I added

Re: [Freeipa-devel] [PATCH 0081] Skip referrals when converting LDAP result to LDAPEntry

On Thursday 25 of July 2013 09:30:22 Jan Cholasta wrote: On 25.7.2013 09:11, Petr Spacek wrote: On 25.7.2013 09:03, Alexander Bokovoy wrote: On Thu, 25 Jul 2013, Petr Spacek wrote: On 24.7.2013 22:18, Tomas Babej wrote: Hi, When converting the result obtained by python-ldap library

[Freeipa-devel] [PATCH 0079] Change shebang to absolute path in ipa-client-automount

Hi, this fixes the https://fedorahosted.org/freeipa/ticket/3811 Tomas From ed9014c9db13247dbf062af58f21ea583c476300 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 23 Jul 2013 17:11:59 +0200 Subject: [PATCH] Change shebang to absolute path in ipa-client-automount https

Re: [Freeipa-devel] [PATCH 0079] Change shebang to absolute path in ipa-client-automount

On Wednesday 24 of July 2013 12:43:49 Jan Pazdziora wrote: On Wed, Jul 24, 2013 at 12:39:07PM +0200, Tomas Babej wrote: Hi, this fixes the https://fedorahosted.org/freeipa/ticket/3811 Tomas From ed9014c9db13247dbf062af58f21ea583c476300 Mon Sep 17 00:00:00 2001 From: Tomas

[Freeipa-devel] [PATCH 0081] Skip referrals when converting LDAP result to LDAPEntry

Hi, When converting the result obtained by python-ldap library, we need to skip unresolved referral entries, since they cannot be converted. https://fedorahosted.org/freeipa/ticket/3814 TomasFrom 701ce525d52a1797cbdc511f0a57fe08a57a6766 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba

<    2   3   4   5   6   7   8   9   10   >