On Fri, Jun 05, 2015 at 11:31:54AM -0600, Gabe Alford wrote:
Thanks. Updated patch attached.
On Fri, Jun 5, 2015 at 9:53 AM, Jakub Hrozek jhro...@redhat.com wrote:
On Fri, Jun 05, 2015 at 09:46:05AM -0600, Gabe Alford wrote:
How should
On 06/29/2015 11:05 AM, Petr Spacek wrote:
On 29.6.2015 09:22, David Kupka wrote:
On 26/06/15 19:45, Rob Crittenden wrote:
Petr Vobornik wrote:
On 06/26/2015 10:54 AM, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/5080
ACK
Is there a reason we don't simply start
On Mon, Jun 29, 2015 at 11:43:32AM +0200, Christian Heimes wrote:
Hello,
the attached patch makes sure that HTTPInstance has an admin_conn LDAP
connection. Without the LDAP connection, HTTPInstance.enable_kdcproxy()
fails.
Christian
ACK; upgrade from 4.1.4 to master+patch works.
--
On 16/06/15 11:42, Ludwig Krispenz wrote:
This patch addresses coverity issues 13290 and 13291
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
On 06/29/2015 01:36 PM, Tomas Babej wrote:
On 06/29/2015 01:14 PM, Martin Basti wrote:
On 26/06/15 18:55, Petr Spacek wrote:
Hello,
attached patches implement a portion of improvements for ticket
https://fedorahosted.org/freeipa/ticket/4657
It came to my mind that it will be better to
On Mon, Jun 29, 2015 at 10:54:50AM +0200, Christian Heimes wrote:
Hello,
the attached patch fixes the first bug, that was reported by Fraser
today. installutils.remove_file() uses os.path.exists() to check if the
file still exists, which in turn uses stat(2). I have modified the
function to
On Thu, Jun 25, 2015 at 11:23:01AM +0200, Martin Basti wrote:
On 19/06/15 09:28, Fraser Tweedale wrote:
The attached patches fix upgrade issues when pki is also updated
from pre 10.2.4.
pki dependency is bumped to 10.2.5 - the official builds should be
done Friday (US time) but it is
On 25/06/15 13:46, Petr Spacek wrote:
On 17.6.2015 13:37, Martin Basti wrote:
On 17/06/15 13:26, Petr Spacek wrote:
On 16.6.2015 15:40, Martin Basti wrote:
On 05/06/15 12:54, Petr Spacek wrote:
On 20.5.2015 18:00, Martin Basti wrote:
This patch allows to disable DNSSEC key master on IPA
On 15/06/15 18:38, Martin Babinsky wrote:
On 05/28/2015 02:55 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:43 +0200, Martin Babinsky wrote:
A small improvement upon simo's fix for
https://fedorahosted.org/freeipa/ticket/4914
--
Martin^3 Babinsky
LGTM.
Simo.
Anyone else to review this
On 26/06/15 14:15, Petr Vobornik wrote:
On 06/17/2015 02:00 PM, Petr Vobornik wrote:
ipa-replica-manage del now:
- checks the whole current topology(before deletion), reports issues
- simulates deletion of server and checks the topology again, reports
issues
Asks admin if he wants to continue
On 26/06/15 14:15, Petr Vobornik wrote:
On 06/17/2015 04:11 PM, Petr Vobornik wrote:
On 06/17/2015 02:15 PM, Ludwig Krispenz wrote:
On 06/17/2015 02:04 PM, Petr Vobornik wrote:
With patch 878 topology: check topology in ipa-replica-manage del
we can use the same logic for POC of
ipa
On 15/06/15 19:27, Petr Vobornik wrote:
in other words limit usage of `agreement_dn` method only for manipulation
and search of agreements which are not managed by topology plugin.
For other cases is safer to search for the agreement.
https://fedorahosted.org/freeipa/ticket/5066
Works for
On 26/06/15 18:55, Petr Spacek wrote:
Hello,
attached patches implement a portion of improvements for ticket
https://fedorahosted.org/freeipa/ticket/4657
It came to my mind that it will be better to review them at once - the
previous threads with my patches 40 and 41 can be abandoned.
I'm
On 06/26/2015 05:50 PM, Martin Basti wrote:
Patch fixes wrong value for ntUserDomainId and ntUniqueId indicies.
Patch attached.
ACK
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to
On 06/04/2015 05:19 PM, Petr Vobornik wrote:
based on: http://fpaste.org/228856/25049143/
The patch is not tested.
Description:
'info' is optional component in LDAPError
http://www.python-ldap.org/doc/html/ldap.html#exceptions
Pushed to master:
On 06/29/2015 12:47 PM, Martin Basti wrote:
On 17/06/15 11:05, Ludwig Krispenz wrote:
On 06/17/2015 10:35 AM, thierry bordaz wrote:
On 06/17/2015 09:25 AM, Ludwig Krispenz wrote:
Hi,
thanks for review, see answers inline.
On 06/16/2015 05:17 PM, thierry bordaz wrote:
On 06/16/2015 11:41
On 22/06/15 19:48, Rob Crittenden wrote:
Add an ACI to allow a host to add its own services. This only grants
add access. It can't subsequently delete or modify the entry.
This requires 389-ds-1.3.4.0 GA.
rob
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing
On 26/06/15 15:58, Petr Spacek wrote:
Hello,
Rate-limit while loop in SystemdService.is_active().
Previously is_active() was frenetically calling systemctl is_active in
tight loop which in fact made the process slower.
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel
On 06/29/2015 01:28 PM, Martin Basti wrote:
On 26/06/15 15:58, Petr Spacek wrote:
Hello,
Rate-limit while loop in SystemdService.is_active().
Previously is_active() was frenetically calling systemctl is_active in
tight loop which in fact made the process slower.
ACK
Pushed to master:
On 17/06/15 11:05, Ludwig Krispenz wrote:
On 06/17/2015 10:35 AM, thierry bordaz wrote:
On 06/17/2015 09:25 AM, Ludwig Krispenz wrote:
Hi,
thanks for review, see answers inline.
On 06/16/2015 05:17 PM, thierry bordaz wrote:
On 06/16/2015 11:41 AM, Ludwig Krispenz wrote:
this patch adresses
On 06/29/2015 01:14 PM, Martin Basti wrote:
On 26/06/15 18:55, Petr Spacek wrote:
Hello,
attached patches implement a portion of improvements for ticket
https://fedorahosted.org/freeipa/ticket/4657
It came to my mind that it will be better to review them at once - the
previous threads
On 04/06/15 17:19, Petr Vobornik wrote:
based on: http://fpaste.org/228856/25049143/
The patch is not tested.
Description:
'info' is optional component in LDAPError
http://www.python-ldap.org/doc/html/ldap.html#exceptions
ACK
--
Martin Basti
--
Manage your subscription for the
On 06/26/2015 01:18 PM, Martin Basti wrote:
On 19/06/15 14:06, Petr Vobornik wrote:
Commit 9f049ca14403f3696d54d186e6b1b15181f055df introduced dependency on
python-setuptools on line:
from pkg_resources import parse_version
This dependency is missing on *minimal* installation and then
On 06/26/2015 06:05 PM, Petr Vobornik wrote:
On 06/26/2015 12:41 PM, Petr Spacek wrote:
Hello,
Add hint how to re-run IPA upgrade.
ACK
Pushed to master: d5a07b50b4d8900c16dd8672e21de34647fff9ec
--
Manage your subscription for the Freeipa-devel mailing list:
On 06/29/2015 01:23 PM, Martin Babinsky wrote:
On 06/26/2015 05:50 PM, Martin Basti wrote:
Patch fixes wrong value for ntUserDomainId and ntUniqueId indicies.
Patch attached.
ACK
Pushed to master: 16f47ed4520d4f89db39d1dc58be7a8efb1d8612
--
Manage your subscription for the
On 06/29/2015 10:44 AM, Martin Basti wrote:
On 22/06/15 17:08, thierry bordaz wrote:
Add the permission to Stage users administrators to delete already
preserved user
ACK
--
Martin Basti
Pushed to master: ffd6b039a755016c3de22a11fec037eca7180a79
--
Manage your
On 06/29/2015 04:52 PM, Martin Basti wrote:
On 29/06/15 16:48, Fraser Tweedale wrote:
Attached patch fixes a small error in certprofile plugin
documentation.
Thanks,
Fraser
ACK
Pushed to master: 7f923f922a28aa34eb6ee3b0e94c1cba223d285c
--
Petr Vobornik
--
Manage your subscription for
On 06/29/2015 03:22 PM, Fraser Tweedale wrote:
On Mon, Jun 29, 2015 at 10:54:50AM +0200, Christian Heimes wrote:
Hello,
the attached patch fixes the first bug, that was reported by Fraser
today. installutils.remove_file() uses os.path.exists() to check if the
file still exists, which in turn
On 06/29/2015 03:33 PM, David Kupka wrote:
On 26/06/15 14:15, Petr Vobornik wrote:
On 06/17/2015 04:11 PM, Petr Vobornik wrote:
On 06/17/2015 02:15 PM, Ludwig Krispenz wrote:
On 06/17/2015 02:04 PM, Petr Vobornik wrote:
With patch 878 topology: check topology in ipa-replica-manage del
we
On 06/29/2015 03:33 PM, David Kupka wrote:
On 26/06/15 14:15, Petr Vobornik wrote:
On 06/17/2015 02:00 PM, Petr Vobornik wrote:
ipa-replica-manage del now:
- checks the whole current topology(before deletion), reports issues
- simulates deletion of server and checks the topology again, reports
Attached patch fixes a small error in certprofile plugin
documentation.
Thanks,
Fraser
From 6de3a4fd9d3d250e09a75721ef7b7f0831c47ea6 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale ftwee...@redhat.com
Date: Mon, 29 Jun 2015 10:28:25 -0400
Subject: [PATCH] certprofile: fix doc error
---
On 29/06/15 16:48, Fraser Tweedale wrote:
Attached patch fixes a small error in certprofile plugin
documentation.
Thanks,
Fraser
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
On 06/29/2015 03:33 PM, David Kupka wrote:
On 15/06/15 19:27, Petr Vobornik wrote:
in other words limit usage of `agreement_dn` method only for manipulation
and search of agreements which are not managed by topology plugin.
For other cases is safer to search for the agreement.
On 06/29/2015 04:18 PM, Martin Basti wrote:
On 16/06/15 11:42, Ludwig Krispenz wrote:
This patch addresses coverity issues 13290 and 13291
ACK
Pushed to master: 5e92c981b0e433ee28b953d222a1b531b525ff1c
--
Petr Vobornik
--
Manage your subscription for the Freeipa-devel mailing list:
Attached patch solves issue when DS was restarted but code still tried
to use old invalid connection.
--
Martin Basti
From b6ab7ddc531bf119c1b9c119fa4d725df3714a69 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Mon, 29 Jun 2015 17:22:24 +0200
Subject: [PATCH] server
On 06/29/2015 04:20 PM, Martin Basti wrote:
On 15/06/15 18:38, Martin Babinsky wrote:
On 05/28/2015 02:55 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:43 +0200, Martin Babinsky wrote:
A small improvement upon simo's fix for
https://fedorahosted.org/freeipa/ticket/4914
--
Martin^3 Babinsky
On 06/29/2015 03:33 PM, Fraser Tweedale wrote:
On Mon, Jun 29, 2015 at 11:43:32AM +0200, Christian Heimes wrote:
Hello,
the attached patch makes sure that HTTPInstance has an admin_conn LDAP
connection. Without the LDAP connection, HTTPInstance.enable_kdcproxy()
fails.
Christian
ACK;
On 29/06/15 17:40, Martin Basti wrote:
Attached patch solves issue when DS was restarted but code still tried
to use old invalid connection.
This patch is not needed after reworking CA patches.
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
On 29/06/15 16:03, Fraser Tweedale wrote:
On Thu, Jun 25, 2015 at 11:23:01AM +0200, Martin Basti wrote:
On 19/06/15 09:28, Fraser Tweedale wrote:
The attached patches fix upgrade issues when pki is also updated
from pre 10.2.4.
pki dependency is bumped to 10.2.5 - the official builds should
On 2015-06-29 17:28, Petr Vobornik wrote:
On 06/29/2015 03:22 PM, Fraser Tweedale wrote:
On Mon, Jun 29, 2015 at 10:54:50AM +0200, Christian Heimes wrote:
Hello,
the attached patch fixes the first bug, that was reported by Fraser
today. installutils.remove_file() uses os.path.exists() to
On 06/26/2015 09:43 AM, Martin Basti wrote:
On 23/06/15 14:14, Petr Spacek wrote:
Hello,
Bump minimal BIND version for CentOS.
DNSSEC support added dependency on bind-pkcs11 sub-package.
https://fedorahosted.org/freeipa/ticket/4657
ACK
--
Martin Basti
Pushed to master:
On 06/29/2015 12:24 PM, Martin Basti wrote:
On 22/06/15 19:48, Rob Crittenden wrote:
Add an ACI to allow a host to add its own services. This only grants
add access. It can't subsequently delete or modify the entry.
This requires 389-ds-1.3.4.0 GA.
rob
ACK
--
Martin Basti
On 06/29/2015 01:50 PM, thierry bordaz wrote:
On 06/29/2015 12:47 PM, Martin Basti wrote:
On 17/06/15 11:05, Ludwig Krispenz wrote:
On 06/17/2015 10:35 AM, thierry bordaz wrote:
On 06/17/2015 09:25 AM, Ludwig Krispenz wrote:
Hi,
thanks for review, see answers inline.
On 06/16/2015 05:17
I am encountering an ipa-server-upgrade failure when upgrading from
freeipa-server-4.1.4-4.fc22 to master post-kdcproxy.
ipaupgrade.log excerpt below.
Thanks,
Fraser
2015-06-29T05:47:27Z INFO [Enabling KDC Proxy]
2015-06-29T05:47:27Z DEBUG Backing up system configuration file
On 2015-06-29 07:31, Fraser Tweedale wrote:
Hi Christian,
With the kdcproxy change landed, if IPA has been installed and then
uninstalled, and then freeipa-server package erased or downgraded,
the /etc/httpd/conf.d/ipa-kdc-proxy.conf symlink remains, and is
broken, resulting in an inability
Martin Basti wrote:
On 10/06/15 00:59, Niranjan wrote:
Niranjan wrote:
Greetings,
Please find the modified patch for ipapython/adminutil.py.
I have run few tests manually like running ipa-server-install
as non-root user or provide --quiet and --verbose to see
if it raises ScriptError
On 26/06/15 19:45, Rob Crittenden wrote:
Petr Vobornik wrote:
On 06/26/2015 10:54 AM, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/5080
ACK
Is there a reason we don't simply start certmonger and quit if it fails
to start? Woudln't that be friendlier?
rob
Yes. The
On 22/06/15 17:08, thierry bordaz wrote:
Add the permission to Stage users administrators to delete already
preserved user
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
On 06/23/2015 01:49 PM, Martin Babinsky wrote:
This patchset implements new API commands for manipulating
user/host/service userCertificate attribute alongside some underlying
plumbing.
PATCH 0045 is a small test suite that I slapped together since manual
testing of this stuff is very
On 29.6.2015 09:22, David Kupka wrote:
On 26/06/15 19:45, Rob Crittenden wrote:
Petr Vobornik wrote:
On 06/26/2015 10:54 AM, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/5080
ACK
Is there a reason we don't simply start certmonger and quit if it fails
to start? Woudln't
Hello,
the attached patch fixes the first bug, that was reported by Fraser
today. installutils.remove_file() uses os.path.exists() to check if the
file still exists, which in turn uses stat(2). I have modified the
function to use os.path.lexists() instead. It doesn't follow symlinks.
Because
51 matches
Mail list logo