Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 10.12.2015 15:01, Martin Babinsky wrote: On 12/10/2015 07:57 AM, Jan Cholasta wrote: On 9.12.2015 16:39, Jan Cholasta wrote: On 7.12.2015 08:14, Jan Cholasta wrote: On 6.12.2015 21:32, Martin Basti wrote: On 04.12.2015 16:58, Simo Sorce wrote: On Fri, 2015-12-04 at 15:39 +0100, Jan

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 12/10/2015 07:57 AM, Jan Cholasta wrote: On 9.12.2015 16:39, Jan Cholasta wrote: On 7.12.2015 08:14, Jan Cholasta wrote: On 6.12.2015 21:32, Martin Basti wrote: On 04.12.2015 16:58, Simo Sorce wrote: On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote: On 4.12.2015 15:16, Jan

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 7.12.2015 08:14, Jan Cholasta wrote: On 6.12.2015 21:32, Martin Basti wrote: On 04.12.2015 16:58, Simo Sorce wrote: On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote: On 4.12.2015 15:16, Jan Cholasta wrote: On 4.12.2015 15:12, Jan Cholasta wrote: On 4.12.2015 11:15, Petr Vobornik

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 9.12.2015 16:39, Jan Cholasta wrote: On 7.12.2015 08:14, Jan Cholasta wrote: On 6.12.2015 21:32, Martin Basti wrote: On 04.12.2015 16:58, Simo Sorce wrote: On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote: On 4.12.2015 15:16, Jan Cholasta wrote: On 4.12.2015 15:12, Jan Cholasta

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 04.12.2015 16:58, Simo Sorce wrote: On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote: On 4.12.2015 15:16, Jan Cholasta wrote: On 4.12.2015 15:12, Jan Cholasta wrote: On 4.12.2015 11:15, Petr Vobornik wrote: On 12/03/2015 03:11 PM, Martin Basti wrote: On 01.12.2015 12:19, Jan

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 6.12.2015 21:32, Martin Basti wrote: On 04.12.2015 16:58, Simo Sorce wrote: On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote: On 4.12.2015 15:16, Jan Cholasta wrote: On 4.12.2015 15:12, Jan Cholasta wrote: On 4.12.2015 11:15, Petr Vobornik wrote: On 12/03/2015 03:11 PM, Martin

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 12/03/2015 03:11 PM, Martin Basti wrote: On 01.12.2015 12:19, Jan Cholasta wrote: On 23.11.2015 15:47, Simo Sorce wrote: On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote: Ad alternative is to add the host to ipaservers before the checks are done and remove it again if any of them

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote: > On 4.12.2015 15:16, Jan Cholasta wrote: > > On 4.12.2015 15:12, Jan Cholasta wrote: > >> On 4.12.2015 11:15, Petr Vobornik wrote: > >>> On 12/03/2015 03:11 PM, Martin Basti wrote: > > > On 01.12.2015 12:19, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 4.12.2015 15:16, Jan Cholasta wrote: On 4.12.2015 15:12, Jan Cholasta wrote: On 4.12.2015 11:15, Petr Vobornik wrote: On 12/03/2015 03:11 PM, Martin Basti wrote: On 01.12.2015 12:19, Jan Cholasta wrote: On 23.11.2015 15:47, Simo Sorce wrote: On Mon, 2015-11-23 at 15:37 +0100, Jan

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 4.12.2015 11:15, Petr Vobornik wrote: On 12/03/2015 03:11 PM, Martin Basti wrote: On 01.12.2015 12:19, Jan Cholasta wrote: On 23.11.2015 15:47, Simo Sorce wrote: On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote: Ad alternative is to add the host to ipaservers before the checks are

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 4.12.2015 15:12, Jan Cholasta wrote: On 4.12.2015 11:15, Petr Vobornik wrote: On 12/03/2015 03:11 PM, Martin Basti wrote: On 01.12.2015 12:19, Jan Cholasta wrote: On 23.11.2015 15:47, Simo Sorce wrote: On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote: Ad alternative is to add the

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 01.12.2015 12:19, Jan Cholasta wrote: On 23.11.2015 15:47, Simo Sorce wrote: On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote: Ad alternative is to add the host to ipaservers before the checks are done and remove it again if any of them fail. Too error prone, I am ok with the

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 23.11.2015 15:47, Simo Sorce wrote: On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote: Ad alternative is to add the host to ipaservers before the checks are done and remove it again if any of them fail. Too error prone, I am ok with the current way in your patches until/unless I can

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Thu, 2015-11-26 at 07:47 +0100, Jan Cholasta wrote: > On 25.11.2015 18:46, Simo Sorce wrote: > > On Wed, 2015-11-25 at 10:25 +0100, Jan Cholasta wrote: > >> On 20.11.2015 16:49, Jan Cholasta wrote: > >>> On 19.11.2015 17:43, Simo Sorce wrote: > 510: > - We should probably tightenup

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Wed, 2015-11-25 at 10:25 +0100, Jan Cholasta wrote: > On 20.11.2015 16:49, Jan Cholasta wrote: > > On 19.11.2015 17:43, Simo Sorce wrote: > >> 510: > >> - We should probably tightenup the ACI to allos host X to only add > >> memberPrincipal = X and no other value, also the host should not be >

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

Hi, Should I cover ticket N 3416 in the replica promotion test plan? It should be tested, and IMO there is no sense in creating a separate test plan for just that. On 11/19/2015 03:43 PM, Jan Cholasta wrote: Hi, the attached patches fix and

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

Works for me. On 25.11.2015 21:35, Oleg Fayans wrote: Hi, Should I cover ticket N 3416 in the replica promotion test plan? It should be tested, and IMO there is no sense in creating a separate test plan for just that. On 11/19/2015 03:43 PM, Jan Cholasta wrote: Hi, the attached patches fix

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 25.11.2015 18:46, Simo Sorce wrote: On Wed, 2015-11-25 at 10:25 +0100, Jan Cholasta wrote: On 20.11.2015 16:49, Jan Cholasta wrote: On 19.11.2015 17:43, Simo Sorce wrote: 510: - We should probably tightenup the ACI to allos host X to only add memberPrincipal = X and no other value, also

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 20.11.2015 16:49, Jan Cholasta wrote: On 19.11.2015 17:43, Simo Sorce wrote: 510: - We should probably tightenup the ACI to allos host X to only add memberPrincipal = X and no other value, also the host should not be allowed to change the memberPrincipal attribute only the keys. If we can't

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 23.11.2015 15:34, Simo Sorce wrote: On Mon, 2015-11-23 at 08:54 +0100, Jan Cholasta wrote: On 20.11.2015 17:58, Simo Sorce wrote: On Fri, 2015-11-20 at 16:49 +0100, Jan Cholasta wrote: On 19.11.2015 17:43, Simo Sorce wrote: [..] On the patches -- 509: - commit says only: "aci: add IPA

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Mon, 2015-11-23 at 08:54 +0100, Jan Cholasta wrote: > On 20.11.2015 17:58, Simo Sorce wrote: > > On Fri, 2015-11-20 at 16:49 +0100, Jan Cholasta wrote: > >> On 19.11.2015 17:43, Simo Sorce wrote: > > [..] > >>> On the patches > >>> -- > >>> 509: > >>> - commit says only: "aci: add IPA servers

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote: > > Ad alternative is to add the host to ipaservers before the checks are > done and remove it again if any of them fail. Too error prone, I am ok with the current way in your patches until/unless I can think of a fail safe way. :-) Simo.

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 20.11.2015 17:58, Simo Sorce wrote: On Fri, 2015-11-20 at 16:49 +0100, Jan Cholasta wrote: On 19.11.2015 17:43, Simo Sorce wrote: [..] On the patches -- 509: - commit says only: "aci: add IPA servers host group 'ipaservers'" but it does other things like changing how CA renewal certificate

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 19.11.2015 17:43, Simo Sorce wrote: On Thu, 2015-11-19 at 15:43 +0100, Jan Cholasta wrote: Hi, the attached patches fix and . I worked around the issue of checking if the user is privileged to

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Fri, 2015-11-20 at 16:49 +0100, Jan Cholasta wrote: > On 19.11.2015 17:43, Simo Sorce wrote: [..] > > On the patches > > -- > > 509: > > - commit says only: "aci: add IPA servers host group 'ipaservers'" > > but it does other things like changing how CA renewal certificate acis > > are added, I

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Thu, 2015-11-19 at 15:43 +0100, Jan Cholasta wrote: > Hi, > > the attached patches fix > and . > > I worked around the issue of checking if the user is privileged to > perform replica promotion by