[Freeipa-devel] [PATCH 0364] ipa-kra-install: allow first KRA to be installed on replica

https://fedorahosted.org/freeipa/ticket/5460 I tested just master, I will test ipa-4-2 later. patch attached. From f70d98047318b075cef35d74da949a9742615770 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 23 Nov 2015 13:43:53 +0100 Subject: [PATCH] ipa-kra-install:

Re: [Freeipa-devel] [PATCH 0387] custodia: Make sure container is created with first custodia

On 11/27/2015 05:13 PM, Tomas Babej wrote: On 11/27/2015 05:04 PM, Martin Babinsky wrote: On 11/27/2015 04:25 PM, Tomas Babej wrote: Hi, If a first 4.3+ replica is installed in the domain, the custodia container does not exist. Make sure it is created to avoid failures during key

Re: [Freeipa-devel] [PATCH 0387] custodia: Make sure container is created with first custodia

On 11/27/2015 05:04 PM, Martin Babinsky wrote: > On 11/27/2015 04:25 PM, Tomas Babej wrote: >> Hi, >> >> If a first 4.3+ replica is installed in the domain, the custodia >> container does not exist. Make sure it is created to avoid failures >> during key generation. >> >>

Re: [Freeipa-devel] [PATCH 0387] custodia: Make sure container is created with first custodia

On 11/27/2015 04:25 PM, Tomas Babej wrote: Hi, If a first 4.3+ replica is installed in the domain, the custodia container does not exist. Make sure it is created to avoid failures during key generation. https://fedorahosted.org/freeipa/ticket/5474 The patch works as advertised, but I'm

Re: [Freeipa-devel] [PATCH] 0749 Package ipapython, ipalib, ipaplatform, ipatests for Python 3

On 11/26/2015 11:52 AM, Jan Cholasta wrote: > Hi, > > On 6.11.2015 13:07, Petr Viktorin wrote: >> Hello, >> The Python 3 port is not 100% done, but I think the time has come to >> start packaging the py3 bits. This will make it easier to plug into CI. >> >> The existing Python 2 packages should

Re: [Freeipa-devel] rename topology suffixes

On 27.11.2015 09:00, Jan Cholasta wrote: > On 27.11.2015 08:33, Martin Kosek wrote: >> On 11/27/2015 07:05 AM, Jan Cholasta wrote: >>> On 26.11.2015 17:15, Petr Vobornik wrote: New topology management gives names to managed suffixes: ipaca: o=ipaca realm: dc=example,dc=com

Re: [Freeipa-devel] rename topology suffixes

On 11/27/2015 01:39 PM, Jan Cholasta wrote: On 27.11.2015 13:10, Petr Vobornik wrote: On 11/27/2015 12:46 PM, Petr Spacek wrote: On 27.11.2015 09:00, Jan Cholasta wrote: On 27.11.2015 08:33, Martin Kosek wrote: On 11/27/2015 07:05 AM, Jan Cholasta wrote: On 26.11.2015 17:15, Petr Vobornik

Re: [Freeipa-devel] [PATCH 0355-0356, 0363] Prevent using replica file with ipa-ca-install and domain

On 26.11.2015 15:00, Martin Basti wrote: On 24.11.2015 16:48, Jan Cholasta wrote: On 24.11.2015 10:21, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5455 Patches attached. +def run(self): +self._run() Wouldn't it be better to rename _run() to run() instead?

Re: [Freeipa-devel] [IPAQE][REVIEW-REQUEST][TEST PLAN] Replica promotion

Hi Martin, On 11/27/2015 03:05 PM, Martin Basti wrote: On 26.11.2015 14:39, Petr Vobornik wrote: On 11/23/2015 06:51 PM, Oleg Fayans wrote: Hi all, Here is a draft of the Replica Promotion test plan http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan == Test case: Unprivileged

Re: [Freeipa-devel] [PATCH] First part of the replica promotion tests + testplan

On 27.11.2015 15:04, Oleg Fayans wrote: Hi Martin, All your suggestions were taken into account. Both patches are updated. Thank you for your help! On 11/26/2015 10:50 AM, Martin Basti wrote: On 26.11.2015 10:04, Oleg Fayans wrote: Hi Martin, I agree to all your points but one.

Re: [Freeipa-devel] [PATCH] Removed duplicate domain name validation function

On 25.11.2015 17:18, Stanislav Laznicka wrote: There were two functions for the same purpose. Removed one. Hello, I would like to have "log" param of is_host_resolvable as optional Otherwise the patch LGTM. Martin -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] Removed duplicate domain name validation function

On 27.11.2015 15:32, Martin Basti wrote: > > > On 25.11.2015 17:18, Stanislav Laznicka wrote: >> There were two functions for the same purpose. Removed one. >> >> > Hello, > > I would like to have "log" param of is_host_resolvable as optional Is there an immediate need for the optional param?

Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package

On 11/27/2015 03:31 PM, Milan Kubík wrote: On 11/23/2015 10:43 AM, Lenka Doudova wrote: NACK - there's a "typo" in /tracker/user_plugin.py, line 17-18: def get_user_dn(cn): return DN(('cn', cn), api.env.container_user, api.env.basedn) should be def get_user_dn(uid): return

Re: [Freeipa-devel] [PATCH] Removed duplicate domain name validation function

On 27.11.2015 15:33, Petr Spacek wrote: On 27.11.2015 15:32, Martin Basti wrote: On 25.11.2015 17:18, Stanislav Laznicka wrote: There were two functions for the same purpose. Removed one. Hello, I would like to have "log" param of is_host_resolvable as optional Is there an immediate

Re: [Freeipa-devel] rename topology suffixes

On 11/27/2015 12:46 PM, Petr Spacek wrote: On 27.11.2015 09:00, Jan Cholasta wrote: On 27.11.2015 08:33, Martin Kosek wrote: On 11/27/2015 07:05 AM, Jan Cholasta wrote: On 26.11.2015 17:15, Petr Vobornik wrote: New topology management gives names to managed suffixes: ipaca: o=ipaca realm:

Re: [Freeipa-devel] rename topology suffixes

On 27.11.2015 13:10, Petr Vobornik wrote: On 11/27/2015 12:46 PM, Petr Spacek wrote: On 27.11.2015 09:00, Jan Cholasta wrote: On 27.11.2015 08:33, Martin Kosek wrote: On 11/27/2015 07:05 AM, Jan Cholasta wrote: On 26.11.2015 17:15, Petr Vobornik wrote: New topology management gives names to

Re: [Freeipa-devel] [PATCH] 928-936 webui: topology visualization

On 11/25/2015 05:05 PM, Martin Babinsky wrote: On 11/25/2015 03:28 PM, Petr Vobornik wrote: On 11/24/2015 02:09 PM, Martin Babinsky wrote: On 11/24/2015 12:17 PM, Petr Vobornik wrote: On 11/24/2015 12:10 PM, Ludwig Krispenz wrote: Hi Petr, I'm testing these patches.Two observations so far:

Re: [Freeipa-devel] [PATCH] 927 topology: treat server suffix as multivalued attribute in API

On 11/20/2015 03:56 PM, Petr Vobornik wrote: ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [IPAQE][REVIEW-REQUEST][TEST PLAN] Replica promotion

On 26.11.2015 14:39, Petr Vobornik wrote: On 11/23/2015 06:51 PM, Oleg Fayans wrote: Hi all, Here is a draft of the Replica Promotion test plan http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan == Test case: Unprivileged users are not allowed to enroll and promote clients ==

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

On 11/19/2015 06:19 PM, Martin Babinsky wrote: These two patches fix the following tickets: https://fedorahosted.org/freeipa/ticket/5377 https://fedorahosted.org/freeipa/ticket/5409 I have added a new option '--ignore-disconnected-topology' which forces IPA master uninstall despite reported

Re: [Freeipa-devel] [PATCH] 927 topology: treat server suffix as multivalued attribute in API

On 11/27/2015 02:50 PM, Martin Babinsky wrote: On 11/20/2015 03:56 PM, Petr Vobornik wrote: ACK Pushed to master: c688954c27c219cb18aff968fc1f510afff93981 -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] Allow ipa-getkeytab to find server name from config file

On 11/26/2015 02:11 AM, Fraser Tweedale wrote: On Wed, Nov 25, 2015 at 09:44:09AM -0500, Simo Sorce wrote: On Wed, 2015-11-25 at 14:34 +1000, Fraser Tweedale wrote: Attached new patch that includes manpage changes. Simo. ACK Pushed to master: f12f56fe8d607240efd7e8c8a942554bdd3b980f --

Re: [Freeipa-devel] [PATCH] First part of the replica promotion tests + testplan

Hi, On 11/27/2015 03:26 PM, Martin Basti wrote: On 27.11.2015 15:04, Oleg Fayans wrote: Hi Martin, All your suggestions were taken into account. Both patches are updated. Thank you for your help! On 11/26/2015 10:50 AM, Martin Basti wrote: On 26.11.2015 10:04, Oleg Fayans wrote: Hi

Re: [Freeipa-devel] [PATCH 0355-0356, 0363] Prevent using replica file with ipa-ca-install and domain

On 11/27/2015 02:05 PM, Martin Basti wrote: On 26.11.2015 15:00, Martin Basti wrote: On 24.11.2015 16:48, Jan Cholasta wrote: On 24.11.2015 10:21, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5455 Patches attached. +def run(self): +self._run() Wouldn't it be

Re: [Freeipa-devel] [PATCH] Removed duplicate domain name validation function

Please, see the modified patch attached. Standa On 11/27/2015 03:48 PM, Martin Basti wrote: On 27.11.2015 15:33, Petr Spacek wrote: On 27.11.2015 15:32, Martin Basti wrote: On 25.11.2015 17:18, Stanislav Laznicka wrote: There were two functions for the same purpose. Removed one.

Re: [Freeipa-devel] [PATCH 0355-0356, 0363] Prevent using replica file with ipa-ca-install and domain

On 27.11.2015 16:04, Martin Babinsky wrote: On 11/27/2015 02:05 PM, Martin Basti wrote: On 26.11.2015 15:00, Martin Basti wrote: On 24.11.2015 16:48, Jan Cholasta wrote: On 24.11.2015 10:21, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5455 Patches attached. +def

[Freeipa-devel] [PATCH 0106] perform IPA client uninstallation as a last step of server uninstall

This patch fixes https://fedorahosted.org/freeipa/ticket/5410 -- Martin^3 Babinsky From 6c565cd6e25dec28ef98b987b2f8bf61d21de52d Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 27 Nov 2015 14:05:21 +0100 Subject: [PATCH] perform IPA client uninstallation as a last

Re: [Freeipa-devel] [PATCH] 924 use starttls in CSReplicationManager connection again

On Fri, 2015-11-27 at 14:51 +0100, Petr Vobornik wrote: > On 10/23/2015 04:57 PM, Simo Sorce wrote: > > On 23/10/15 08:39, Petr Vobornik wrote: > >> not sure if the change in2606f5aecd6ac0db31abb515b691529bb7eaf14e was a > >> mistake or done on purpose. > >> > >> Anyway: > >> commit

[Freeipa-devel] [PATCH 0387] custodia: Make sure container is created with first custodia

Hi, If a first 4.3+ replica is installed in the domain, the custodia container does not exist. Make sure it is created to avoid failures during key generation. https://fedorahosted.org/freeipa/ticket/5474 From bc88f695866183666aa27535d6e3fd730dc07547 Mon Sep 17 00:00:00 2001 From: Tomas Babej

Re: [Freeipa-devel] [PATCH] First part of the replica promotion tests + testplan

And patch N 16 passes lint too: On 11/27/2015 04:03 PM, Oleg Fayans wrote: Hi, On 11/27/2015 03:26 PM, Martin Basti wrote: On 27.11.2015 15:04, Oleg Fayans wrote: Hi Martin, All your suggestions were taken into account. Both patches are updated. Thank you for your help! On 11/26/2015

Re: [Freeipa-devel] [IPAQE][REVIEW-REQUEST][TEST PLAN] Installation tests

On 27.11.2015 15:05, Martin Basti wrote: On 26.11.2015 14:39, Petr Vobornik wrote: On 11/23/2015 06:51 PM, Oleg Fayans wrote: Hi all, Here is a draft of the Replica Promotion test plan http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan == Test case: Unprivileged users are not

Re: [Freeipa-devel] [PATCH 0100] replica promotion: modify default.conf even if DS configuration fails

On 26.11.2015 15:07, Petr Vobornik wrote: On 11/26/2015 10:56 AM, Martin Babinsky wrote: On 11/20/2015 10:46 AM, Martin Babinsky wrote: On 11/20/2015 10:19 AM, Martin Babinsky wrote: Fixes https://fedorahosted.org/freeipa/ticket/5417 Sorry forgot to add the patch. Attaching new

Re: [Freeipa-devel] rename topology suffixes

On 27.11.2015 08:33, Martin Kosek wrote: On 11/27/2015 07:05 AM, Jan Cholasta wrote: On 26.11.2015 17:15, Petr Vobornik wrote: New topology management gives names to managed suffixes: ipaca: o=ipaca realm: dc=example,dc=com We already had several offline discussions to change the names