Please take a look at the attached patch to add vault-archive/retrieve
commands.
On 4/20/2015 1:12 AM, Jan Cholasta wrote:
16) You do way too much stuff in vault_add.forward(). Only code that
must be done on the client needs to be there, i.e. handling of the
data, text and in options.
The
Dne 27.5.2015 v 02:38 Endi Sukma Dewata napsal(a):
Please take a look at the attached patch to add vault-archive/retrieve
commands.
On 4/20/2015 1:12 AM, Jan Cholasta wrote:
16) You do way too much stuff in vault_add.forward(). Only code that
must be done on the client needs to be there, i.e.
On 05/25/2015 03:56 PM, Oleg Fayans wrote:
Hi,
Playing around with the replication topology plugin, I've noticed a
couple of issues:
1. around 50% of attempts to setup a replica of a freeipa master with
topology plugin enabled (domain level set to 1.0) end up with the
following error message in
On 05/20/2015 09:06 AM, Petr Spacek wrote:
Hello,
this patchset implements support for MODRDN for ordinary records. As noted in
ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/123, we agreed
yesterday that renaming zones is out of scope and seems unnecessarily complex.
This patch
On 05/22/2015 04:20 PM, Petr Vobornik wrote:
On 05/21/2015 12:55 PM, thierry bordaz wrote:
On 05/20/2015 05:40 PM, Ludwig Krispenz wrote:
please find new versions of patches 0003 and 0005 for the topology
plugin.
the ds plugin patch includes
- changes to match domain level patch
- remove
The attached patch contains fix for bug
https://fedorahosted.org/freeipa/ticket/5019 which Tomas posted on
freeipa-devel here:
https://www.redhat.com/archives/freeipa-devel/2015-May/msg00045.html
I have reviewed the patch and it works, so ACK.
I have just changed the commit message to
On 05/26/2015 09:37 AM, Martin Babinsky wrote:
The attached patch contains fix for bug
https://fedorahosted.org/freeipa/ticket/5019 which Tomas posted on
freeipa-devel here:
https://www.redhat.com/archives/freeipa-devel/2015-May/msg00045.html
I have reviewed the patch and it works, so ACK.
I
Thanks Petr!
Did I understand correctly, that the master branch does not yet contain
patches 0005 and 0006 from Ludwig, only the 0003 patch has been merged?
I must apply them manually to get the full plugin functionality, right?
On 05/26/2015 11:00 AM, Petr Vobornik wrote:
On 05/25/2015 03:56
Dne 25.5.2015 v 17:15 Tomas Babej napsal(a):
On 05/25/2015 12:42 PM, Tomas Babej wrote:
On 05/25/2015 07:30 AM, Jan Cholasta wrote:
Dne 22.5.2015 v 12:36 Petr Vobornik napsal(a):
On 05/22/2015 07:08 AM, Jan Cholasta wrote:
Dne 21.5.2015 v 18:18 Tomas Babej napsal(a):
On 05/19/2015
On 05/21/2015 12:42 PM, Petr Spacek wrote:
Hello,
Add schema for unknown record types.
This patch complements my previous patch 367.
The change was pushed to
https://github.com/pspacek/bind-dyndb-ldap/tree/unknown_record_types , too.
ACK
Tomas
--
Tomas Hozza
Software Engineer -
On 05/22/2015 10:03 AM, Petr Spacek wrote:
On 18.5.2015 17:31, Petr Spacek wrote:
Hello,
This patch is unrelated to metaDB but it should be merged before alpha, too.
Thank you for review!
Support unknown record types (RFC 3597).
Fallback to generic LDAP attribute
On 05/15/2015 01:50 PM, Petr Vobornik wrote:
On 04/21/2015 04:09 PM, Petr Vobornik wrote:
First iteration of Topology plugin Web UI.
It reflects current state of topology plugin python part which is
implemented in [PATCH] manage replication topology in the shared tree
and my wip patch.
I
On 05/26/2015 11:57 AM, Jan Cholasta wrote:
Dne 25.5.2015 v 17:15 Tomas Babej napsal(a):
On 05/25/2015 12:42 PM, Tomas Babej wrote:
On 05/25/2015 07:30 AM, Jan Cholasta wrote:
Dne 22.5.2015 v 12:36 Petr Vobornik napsal(a):
On 05/22/2015 07:08 AM, Jan Cholasta wrote:
Dne 21.5.2015 v
On 05/26/2015 12:14 PM, Petr Vobornik wrote:
the patch is rebased on top of tbabej 325-9 (but it might not be needed)
ipa server-find
ipa server-show FQDN
These commands display a list of IPA servers stored in
cn=masters,cn=ipa,cn=etc,$SUFFIX
https://fedorahosted.org/freeipa/ticket/4302
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
--
Petr Vobornik
From
the patch is rebased on top of tbabej 325-9 (but it might not be needed)
ipa server-find
ipa server-show FQDN
These commands display a list of IPA servers stored in
cn=masters,cn=ipa,cn=etc,$SUFFIX
https://fedorahosted.org/freeipa/ticket/4302 (maybe we could create a
different one)
--
On 05/26/2015 11:21 AM, Oleg Fayans wrote:
Thanks Petr!
Did I understand correctly, that the master branch does not yet contain
patches 0005 and 0006 from Ludwig, only the 0003 patch has been merged?
I must apply them manually to get the full plugin functionality, right?
No, today I've pushed
Hi,
these patches add some unit tests and some additional improvements
related to the issues described in
https://bugzilla.redhat.com/show_bug.cgi?id=1222475 . The original issue
is fixed by a patch from Alexander attached to the ticket.
The first patch converts the existing check-based test to
Dne 26.5.2015 v 13:32 Martin Babinsky napsal(a):
On 05/25/2015 03:10 PM, Martin Basti wrote:
This fixes issue with the remove statement, which causes LDAP error,
when the updater is trying to remove value from nonexistent entry.
Reproducer: apply my patch mbasti-0256, install the IPA server
On 05/26/2015 01:33 PM, Sumit Bose wrote:
Hi,
these patches add some unit tests and some additional improvements
related to the issues described in
https://bugzilla.redhat.com/show_bug.cgi?id=1222475 . The original issue
is fixed by a patch from Alexander attached to the ticket.
The first
Dne 25.5.2015 v 16:07 Fraser Tweedale napsal(a):
On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote:
On 25/05/15 13:57, Martin Basti wrote:
On 25/05/15 09:20, Fraser Tweedale wrote:
On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
Dne 22.5.2015 v 15:53 Petr Vobornik
On 05/26/2015 12:39 PM, Tomas Babej wrote:
On 05/26/2015 11:57 AM, Jan Cholasta wrote:
Dne 25.5.2015 v 17:15 Tomas Babej napsal(a):
On 05/25/2015 12:42 PM, Tomas Babej wrote:
On 05/25/2015 07:30 AM, Jan Cholasta wrote:
Dne 22.5.2015 v 12:36 Petr Vobornik napsal(a):
On 05/22/2015
This little patch fixes an issue introduced by commit
6a4b428120c2e351ad0f1b4573f50b106844b1fd:
If uninstalling IPA server with KRA enabled a wrong Dogtag version was
being passed to KRA uninstaller due to missing config, resulting in
uninstallation crash and inability to install new server
Hi,
I came across this very old code. Before there was a domain GUID
attribute for the IPA domain in the directory tree ipa-sam used a
auto generated one. Since we now have that attribute and deliver it e.g.
via CLDAP ipa-sam should use the same.
bye,
Sumit
From
Hi,
this tests should have gone together with
c1114ef82516002de08e004a930b5ba4a1791b25 but got lost somehow during the
bugzilla processing.
bye,
Sumit
From 724258fc3eff2872cf95a5401f25b8134233ee68 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 26 Feb 2015 14:08:06 +0100
On 05/26/2015 01:21 PM, Sumit Bose wrote:
Hi,
this tests should have gone together with
c1114ef82516002de08e004a930b5ba4a1791b25 but got lost somehow during the
bugzilla processing.
bye,
Sumit
So it has been acked? And we can push it?
--
Petr Vobornik
--
Manage your subscription for the
On 05/25/2015 03:10 PM, Martin Basti wrote:
This fixes issue with the remove statement, which causes LDAP error,
when the updater is trying to remove value from nonexistent entry.
Reproducer: apply my patch mbasti-0256, install the IPA server without
the DNS subsystem.
Patch attached.
On Tue, 26 May 2015, Sumit Bose wrote:
On Tue, May 26, 2015 at 01:24:30PM +0200, Petr Vobornik wrote:
On 05/26/2015 01:21 PM, Sumit Bose wrote:
Hi,
this tests should have gone together with
c1114ef82516002de08e004a930b5ba4a1791b25 but got lost somehow during the
bugzilla processing.
bye,
On 26/05/15 13:44, Alexander Bokovoy wrote:
On Tue, 26 May 2015, Jan Cholasta wrote:
I tested 0259.1 (it worked for install and update) but not 0259.2
yet. 0259.2 looks OK though; ACK if tested for install and update.
The new patch has only one additional minor fix for a potential
problem
On 05/26/2015 01:51 PM, Tomas Babej wrote:
On 05/26/2015 12:39 PM, Tomas Babej wrote:
On 05/26/2015 11:57 AM, Jan Cholasta wrote:
Dne 25.5.2015 v 17:15 Tomas Babej napsal(a):
On 05/25/2015 12:42 PM, Tomas Babej wrote:
On 05/25/2015 07:30 AM, Jan Cholasta wrote:
Dne 22.5.2015 v
Dne 26.5.2015 v 13:54 Tomas Babej napsal(a):
On 05/26/2015 01:51 PM, Tomas Babej wrote:
On 05/26/2015 12:39 PM, Tomas Babej wrote:
On 05/26/2015 11:57 AM, Jan Cholasta wrote:
Dne 25.5.2015 v 17:15 Tomas Babej napsal(a):
On 05/25/2015 12:42 PM, Tomas Babej wrote:
On 05/25/2015
Hello,
it came to my mind that domain level for topology plugin should actually be
number 2, not 1.
We already used number 1 for incompatible changes in DNS tree and I believe
that it is not a good idea to have two places which say 'version 1' but and
actually mean two different things. (DNS
On Tue, 26 May 2015, Jan Cholasta wrote:
I tested 0259.1 (it worked for install and update) but not 0259.2
yet. 0259.2 looks OK though; ACK if tested for install and update.
The new patch has only one additional minor fix for a potential
problem that currently does not appear anywhere in
On Tue, May 26, 2015 at 01:24:30PM +0200, Petr Vobornik wrote:
On 05/26/2015 01:21 PM, Sumit Bose wrote:
Hi,
this tests should have gone together with
c1114ef82516002de08e004a930b5ba4a1791b25 but got lost somehow during the
bugzilla processing.
bye,
Sumit
So it has been acked? And
On 05/20/2015 06:02 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
Add a plugin to manage service delegations, like the one allowing the
HTTP service to obtain an ldap service ticket on behalf of the user.
This does not include impersonation targets, so one cannot yet
Dne 26.5.2015 v 13:03 Petr Vobornik napsal(a):
On 05/26/2015 12:14 PM, Petr Vobornik wrote:
the patch is rebased on top of tbabej 325-9 (but it might not be needed)
ipa server-find
ipa server-show FQDN
These commands display a list of IPA servers stored in
Hi,
Dne 26.5.2015 v 13:55 Martin Babinsky napsal(a):
This little patch fixes an issue introduced by commit
6a4b428120c2e351ad0f1b4573f50b106844b1fd:
If uninstalling IPA server with KRA enabled a wrong Dogtag version was
being passed to KRA uninstaller due to missing config, resulting in
On 05/26/2015 12:19 PM, Petr Vobornik wrote:
this patch is based on top of my patch #856 and tbabej'
s 325-9.
Obsoletes Ludwig's 0006.
ipalib part of topology management
Design:
- http://www.freeipa.org/page/V4/Manage_replication_topology
https://fedorahosted.org/freeipa/ticket/4302
New
Dne 22.5.2015 v 12:24 Christian Heimes napsal(a):
Hello,
since May 1st I'm a new Red Hat employee and developer with the FreeIPA
team. Some of you may already recognize my name from my contributions to
CPython core, Python security and TLS/SSL improvements, or a couple of
PEPs. I'm very glad
On Fri, 2015-05-22 at 12:24 +0200, Christian Heimes wrote:
Here is what I have so far:
1) The FreeIPA webui already depends on Apache and mod_wsgi. KDC
proxy
will run from the same Apache HTTPD instance but it will use a
different
mod_wsgi daemon configuration. A second WSGI daemon is
On 2015-05-26 15:57, Nathaniel McCallum wrote:
/KdcProxy
The URI uses the virtual directory /KdcProxy unless otherwise
configured.
https://msdn.microsoft.com/en-us/library/hh553891.aspx
Also, the proxy should be available over both HTTP and HTTPS.
Easy-peasy! I'm using /KdcProxy
Hello,
Fix for https://fedorahosted.org/freeipa/ticket/3809
Thanks,
Gabe
From b6a852f82e9335ac04fb5d9b96f31013fb2a3bdb Mon Sep 17 00:00:00 2001
From: Gabe redhatri...@gmail.com
Date: Tue, 26 May 2015 08:06:12 -0600
Subject: [PATCH] Fix client ca.crt to match the server's cert
Works with correct privileges checking, as in your patch attached.
ACK
Matúš Honěk
- Original Message -
From: Petr Spacek pspa...@redhat.com
To: tho...@redhat.com
Cc: freeipa-devel@redhat.com, Matus Honek mho...@redhat.com
Sent: Friday, May 22, 2015 10:03:49 AM
Subject: Re:
On 05/26/2015 04:13 PM, thierry bordaz wrote:
On 05/26/2015 02:12 PM, Petr Spacek wrote:
Hello,
it came to my mind that domain level for topology plugin should actually be
number 2, not 1.
We already used number 1 for incompatible changes in DNS tree and I believe
that it is not a good idea
On 05/26/2015 04:17 PM, Christian Heimes wrote:
On 2015-05-26 15:57, Nathaniel McCallum wrote:
/KdcProxy
The URI uses the virtual directory /KdcProxy unless otherwise
configured.
https://msdn.microsoft.com/en-us/library/hh553891.aspx
Also, the proxy should be available over both HTTP and
On 26.5.2015 10:17, Tomas Hozza wrote:
On 05/20/2015 09:06 AM, Petr Spacek wrote:
Hello,
this patchset implements support for MODRDN for ordinary records. As noted in
ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/123, we agreed
yesterday that renaming zones is out of scope and seems
On Tue, 2015-05-26 at 16:43 +0200, Christian Heimes wrote:
On 2015-05-26 16:24, Martin Kosek wrote:
On 05/26/2015 04:17 PM, Christian Heimes wrote:
On 2015-05-26 15:57, Nathaniel McCallum wrote:
/KdcProxy
The URI uses the virtual directory /KdcProxy unless otherwise
On 05/26/2015 02:12 PM, Petr Spacek wrote:
Hello,
it came to my mind that domain level for topology plugin should actually be
number 2, not 1.
We already used number 1 for incompatible changes in DNS tree and I believe
that it is not a good idea to have two places which say 'version 1' but and
On 26.5.2015 16:16, Martin Kosek wrote:
On 05/26/2015 04:13 PM, thierry bordaz wrote:
On 05/26/2015 02:12 PM, Petr Spacek wrote:
Hello,
it came to my mind that domain level for topology plugin should actually be
number 2, not 1.
We already used number 1 for incompatible changes in DNS tree
On 2015-05-26 16:24, Martin Kosek wrote:
On 05/26/2015 04:17 PM, Christian Heimes wrote:
On 2015-05-26 15:57, Nathaniel McCallum wrote:
/KdcProxy
The URI uses the virtual directory /KdcProxy unless otherwise
configured.
https://msdn.microsoft.com/en-us/library/hh553891.aspx
Also, the
On 2015-05-26 16:50, Nathaniel McCallum wrote:
Right. So as I see it, we have three options:
1. Merge kdcproxy soon with a global switch.
A. Build per-replica switches later.
B. Never build per-replica switches.
2. Merge kdcproxy later with per-replica switches.
I don't think having
On Tue, 2015-05-26 at 17:09 +0200, Christian Heimes wrote:
On 2015-05-26 16:50, Nathaniel McCallum wrote:
Right. So as I see it, we have three options:
1. Merge kdcproxy soon with a global switch.
A. Build per-replica switches later.
B. Never build per-replica switches.
2. Merge
On Mon, 2015-05-25 at 10:48 +0200, Martin Babinsky wrote:
On 04/06/2015 12:53 AM, Simo Sorce wrote:
Fix for bug 4914.
I've tested it locally and seem to do exactly what is needed. I couldn't
detect any side effects, except that if you use kadmin to get a
randomized password for a
Dne 20.5.2015 v 17:27 Jan Cholasta napsal(a):
Hi,
the attached patch implements the initial bits for
https://fedorahosted.org/freeipa/ticket/2888.
Test by running ipa-client-install and then ipa-replica-install on the
same host.
Updated patch attached.
--
Jan Cholasta
From
On 2015-05-26 17:11, Nathaniel McCallum wrote:
I don't want to add code that:
1. is half-baked
2. we aren't committed to supporting.
I'd rather land per-replica switches as a separate commit with
everything polished and supportable.
Well then ... I'm going to remove the code for
55 matches
Mail list logo