Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On Tue, Jun 07, 2016 at 03:42:22PM +1000, Fraser Tweedale wrote: > On Wed, Jun 01, 2016 at 02:51:04PM +1000, Fraser Tweedale wrote: > > Hi team, > > > > This patchset implements the 'ca' plugin for creating and managing > > lightweight sub-CAs, and updates the 'caacl' plugin and > >

Re: [Freeipa-devel] [PATCH] 0201 Add support for an external trust to Active Directory domain

On Tue, 07 Jun 2016, Alexander Bokovoy wrote: > del attrs['ipanttrusttype'] > +if attributes: > +del attrs['ipanttrustattributes'] > """ Updated patch is attached. Another update, forgot one space in the allow_behavior(). I also spent some

Re: [Freeipa-devel] [PATCH] 0202 support UPNs for trusted domain users

On Tue, 07 Jun 2016, Martin Babinsky wrote: On 06/07/2016 06:38 PM, Alexander Bokovoy wrote: On Tue, 07 Jun 2016, Martin Babinsky wrote: On 06/06/2016 12:34 PM, Alexander Bokovoy wrote: Hi, Add support for additional user name principal suffixes from trusted Active Directory forests. UPN

Re: [Freeipa-devel] [PATCH] 0034: webui: Authentication indicators

On 06/06/2016 08:33 PM, Pavel Vomacka wrote: > > > On 06/06/2016 07:03 PM, Petr Vobornik wrote: >> On 06/06/2016 12:27 PM, Pavel Vomacka wrote: >>> >>> On 06/02/2016 06:22 PM, Petr Vobornik wrote: On 06/01/2016 10:41 AM, Pavel Vomacka wrote: > On 05/27/2016 05:58 PM, Pavel Vomacka

Re: [Freeipa-devel] [PATCH] 0202 support UPNs for trusted domain users

On 06/07/2016 06:38 PM, Alexander Bokovoy wrote: On Tue, 07 Jun 2016, Martin Babinsky wrote: On 06/06/2016 12:34 PM, Alexander Bokovoy wrote: Hi, Add support for additional user name principal suffixes from trusted Active Directory forests. UPN suffixes are property of the forest and as such

Re: [Freeipa-devel] [PATCHES 0146-0152] Server Roles v2

On 06/07/2016 12:07 PM, Martin Babinsky wrote: On 06/03/2016 05:25 PM, Martin Babinsky wrote: I am sending rebased patches implementing http://www.freeipa.org/page/V4/Server_Roles I hope the patches work since I have had a lot of fun rebasing them on top of thin client and DNS locations

Re: [Freeipa-devel] [PATCH] 0201 Add support for an external trust to Active Directory domain

On Tue, 07 Jun 2016, Martin Babinsky wrote: Again, we only require contributors to follow PEP8 when adding new code/directly touching old one. Please note that there are more serious transgressions than a couple of long lines that should _definitely_ be fixed (indentation errors, whitespace

[Freeipa-devel] [PATCH] 0206 adtrust optimize forest root LDAP filter

Hi, `ipa trust-find' command should only show trusted forest root domains The child domains should be visible via ipa trustdomain-find forest.root The difference between forest root (or external domain) and child domains is that root domain gets ipaIDObject class to allow assigning a POSIX

Re: [Freeipa-devel] [PATCH] 0202 support UPNs for trusted domain users

On Tue, 07 Jun 2016, Martin Babinsky wrote: On 06/06/2016 12:34 PM, Alexander Bokovoy wrote: Hi, Add support for additional user name principal suffixes from trusted Active Directory forests. UPN suffixes are property of the forest and as such are associated with the forest root domain.

Re: [Freeipa-devel] [PATCH] 0201 Add support for an external trust to Active Directory domain

On 06/07/2016 06:00 PM, Alexander Bokovoy wrote: On Tue, 07 Jun 2016, Martin Babinsky wrote: On 06/06/2016 12:33 PM, Alexander Bokovoy wrote: Hi, this patch adds support for external trust to Active Directory. External trust is a trust that can be created between Active Directory domains

Re: [Freeipa-devel] [PATCH] 0005 Always qualify requests for admin in ipa-replica-conncheck

On 07.06.2016 17:25, Florence Blanc-Renaud wrote: On 06/06/2016 07:18 PM, Martin Basti wrote: On 02.06.2016 14:58, Florence Blanc-Renaud wrote: Hi, this patch modifies ipa-replica-conncheck when it performs the SSH connection to the master, so that the username is always fully

Re: [Freeipa-devel] [PATCH] 0201 Add support for an external trust to Active Directory domain

On Tue, 07 Jun 2016, Martin Babinsky wrote: On 06/06/2016 12:33 PM, Alexander Bokovoy wrote: Hi, this patch adds support for external trust to Active Directory. External trust is a trust that can be created between Active Directory domains that are in different forests or between an Active

Re: [Freeipa-devel] [PATCH] 0202 support UPNs for trusted domain users

On 06/06/2016 12:34 PM, Alexander Bokovoy wrote: Hi, Add support for additional user name principal suffixes from trusted Active Directory forests. UPN suffixes are property of the forest and as such are associated with the forest root domain. FreeIPA stores UPN suffixes as

Re: [Freeipa-devel] [PATCH] 0005 Always qualify requests for admin in ipa-replica-conncheck

On 06/06/2016 07:18 PM, Martin Basti wrote: On 02.06.2016 14:58, Florence Blanc-Renaud wrote: Hi, this patch modifies ipa-replica-conncheck when it performs the SSH connection to the master, so that the username is always fully qualified. https://fedorahosted.org/freeipa/ticket/5812 --

Re: [Freeipa-devel] [PATCH] 0201 Add support for an external trust to Active Directory domain

On 06/06/2016 12:33 PM, Alexander Bokovoy wrote: Hi, this patch adds support for external trust to Active Directory. External trust is a trust that can be created between Active Directory domains that are in different forests or between an Active Directory domain. Since FreeIPA does not

Re: [Freeipa-devel] ipapwd_extop vs password_extop

On 06/07/2016 03:47 PM, Alexander Bokovoy wrote: On Tue, 07 Jun 2016, thierry bordaz wrote: Well here we have IPA password extop that receives a 'compat' entry. This compat entry does not exist except in slapi-nis that can do the mapping to the real entry. What I was thinking of was some

Re: [Freeipa-devel] ipapwd_extop vs password_extop

On Tue, 07 Jun 2016, thierry bordaz wrote: Well here we have IPA password extop that receives a 'compat' entry. This compat entry does not exist except in slapi-nis that can do the mapping to the real entry. What I was thinking of was some kind of call from IPA password extop to slapi-nis that

Re: [Freeipa-devel] ipapwd_extop vs password_extop

On 06/07/2016 01:20 PM, Alexander Bokovoy wrote: On Tue, 07 Jun 2016, thierry bordaz wrote: On 06/06/2016 07:12 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, thierry bordaz wrote: On 06/06/2016 11:07 AM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, thierry bordaz wrote: Hello,

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

Hello, Thank you for your patch. As the thin-client patches were pushed in the meantime, the patch won't apply. Could you please send a rebased version? Also, I have a few comments to the patch: 1) I think that the commit message should be rather a brief conclusion to the changes made in

Re: [Freeipa-devel] [PATCH 0499] Pylint: exclude some files/dirs from check

On 07.06.2016 12:58, Pavel Vomacka wrote: On 06/06/2016 04:26 PM, Martin Basti wrote: See commit message, yacctab.py causes lint errors and must be excluded Patch attached. Works well, ACK. -- Pavel^3 Vomacka Pushed to master: 1d9425dab7b16a0c518dadc5ba42c027045c4529 -- Manage

Re: [Freeipa-devel] ipapwd_extop vs password_extop

On Tue, 07 Jun 2016, thierry bordaz wrote: On 06/06/2016 07:12 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, thierry bordaz wrote: On 06/06/2016 11:07 AM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, thierry bordaz wrote: Hello, In DS it is possible to register callbacks for

Re: [Freeipa-devel] ipapwd_extop vs password_extop

On 06/06/2016 07:12 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, thierry bordaz wrote: On 06/06/2016 11:07 AM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, thierry bordaz wrote: Hello, In DS it is possible to register callbacks for extended op. For

Re: [Freeipa-devel] [PATCH 0499] Pylint: exclude some files/dirs from check

On 06/06/2016 04:26 PM, Martin Basti wrote: See commit message, yacctab.py causes lint errors and must be excluded Patch attached. Works well, ACK. -- Pavel^3 Vomacka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0492] Translations: update ipa-4-3 translations

On 06/01/2016 05:10 PM, Martin Basti wrote: Patch attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0403-0407] Preparation work for per-server config in LDAP

Hello, this patch set is preparation work for per-server config in LDAP, which is required for DNS location in IPA. This patch set should not cause any user-visible changes. https://fedorahosted.org/bind-dyndb-ldap/ticket/162 -- Petr^2 Spacek From 5a4e0b7026dc4f7f786d1d59a3a9ad33bfe89e30 Mon

Re: [Freeipa-devel] [PATCHES 0146-0152] Server Roles v2

On 06/03/2016 05:25 PM, Martin Babinsky wrote: I am sending rebased patches implementing http://www.freeipa.org/page/V4/Server_Roles I hope the patches work since I have had a lot of fun rebasing them on top of thin client and DNS locations effort. https://fedorahosted.org/freeipa/ticket/5181

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 07.06.2016 10:43, Jan Cholasta wrote: On 7.6.2016 10:22, Martin Basti wrote: On 07.06.2016 09:07, Jan Cholasta wrote: On 6.6.2016 18:29, Martin Basti wrote: On 03.06.2016 14:28, Stanislav Laznicka wrote: On 06/03/2016 02:19 PM, Martin Basti wrote: On 03.06.2016 14:13, Stanislav

Re: [Freeipa-devel] thin client regressions: otptoken

On Tue, 07 Jun 2016, Jan Cholasta wrote: On 7.6.2016 10:17, Alexander Bokovoy wrote: ipa: ERROR: AttributeError: 'str' object has no attribute 'decode' Traceback (most recent call last): File "/usr/lib/python3.5/site-packages/ipalib/cli.py", line 1345, in run

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 7.6.2016 10:22, Martin Basti wrote: On 07.06.2016 09:07, Jan Cholasta wrote: On 6.6.2016 18:29, Martin Basti wrote: On 03.06.2016 14:28, Stanislav Laznicka wrote: On 06/03/2016 02:19 PM, Martin Basti wrote: On 03.06.2016 14:13, Stanislav Laznicka wrote:

Re: [Freeipa-devel] [PATCH 0497] Py3: fix unicode/str error in LDAP*ReverseMember

On 07.06.2016 10:35, Jan Cholasta wrote: On 7.6.2016 10:29, Martin Basti wrote: On 07.06.2016 09:08, Jan Cholasta wrote: On 6.6.2016 14:33, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5923 Patch attached. Could we drop the error message parsing and do something sane

Re: [Freeipa-devel] [PATCH 0497] Py3: fix unicode/str error in LDAP*ReverseMember

On 7.6.2016 10:29, Martin Basti wrote: On 07.06.2016 09:08, Jan Cholasta wrote: On 6.6.2016 14:33, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5923 Patch attached. Could we drop the error message parsing and do something sane instead? Not now, we can do it later and

Re: [Freeipa-devel] [PATCH 0497] Py3: fix unicode/str error in LDAP*ReverseMember

On 07.06.2016 09:08, Jan Cholasta wrote: On 6.6.2016 14:33, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5923 Patch attached. Could we drop the error message parsing and do something sane instead? Not now, we can do it later and push this patch just as workaround --

Re: [Freeipa-devel] [PATCH] 0042: Fix bad searching of reverse DNS zone

On 06/07/2016 09:08 AM, Petr Spacek wrote: Hi, the commit message does not say what was wrong and why and what works now. Please improve the commit message before pushing this. Commit message improved. Petr^2 Spacek On 6.6.2016 19:03, Pavel Vomacka wrote: Fix bad searching of reverse DNS

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 07.06.2016 09:07, Jan Cholasta wrote: On 6.6.2016 18:29, Martin Basti wrote: On 03.06.2016 14:28, Stanislav Laznicka wrote: On 06/03/2016 02:19 PM, Martin Basti wrote: On 03.06.2016 14:13, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5892 NACK please remove

Re: [Freeipa-devel] thin client regressions: otptoken

On 7.6.2016 10:17, Alexander Bokovoy wrote: ipa: ERROR: AttributeError: 'str' object has no attribute 'decode' Traceback (most recent call last): File "/usr/lib/python3.5/site-packages/ipalib/cli.py", line 1345, in run sys.exit(api.Backend.cli.run(argv)) File

[Freeipa-devel] thin client regressions: otptoken

ipa: ERROR: AttributeError: 'str' object has no attribute 'decode' Traceback (most recent call last): File "/usr/lib/python3.5/site-packages/ipalib/cli.py", line 1345, in run sys.exit(api.Backend.cli.run(argv)) File "/usr/lib/python3.5/site-packages/ipalib/cli.py", line 1110, in run rv =

[Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

https://fedorahosted.org/freeipa/ticket/5775 From 8ba87072d8e998ccb8743390eb541e74f6b1aa96 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Tue, 7 Jun 2016 10:08:45 +0200 Subject: [PATCH] Uninstaller won't fail if service can't be started

Re: [Freeipa-devel] [PATCH] 0039-40: DNS Location: WebUI

On 06/06/2016 07:51 PM, Martin Basti wrote: On 05.06.2016 18:34, Pavel Vomacka wrote: Hello, please review attached patches which add WebUI part of DNS Locations feature. -- Pavel^3 Vomacka NACK 1) When I edit location description and click on revert button, then that nice

Re: [Freeipa-devel] [PATCH] 0042: Fix bad searching of reverse DNS zone

Hi, the commit message does not say what was wrong and why and what works now. Please improve the commit message before pushing this. Petr^2 Spacek On 6.6.2016 19:03, Pavel Vomacka wrote: > Fix bad searching of reverse DNS zone > > https://fedorahosted.org/freeipa/ticket/5796 > > -- > >

Re: [Freeipa-devel] [PATCH 0497] Py3: fix unicode/str error in LDAP*ReverseMember

On 6.6.2016 14:33, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5923 Patch attached. Could we drop the error message parsing and do something sane instead? -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 6.6.2016 18:29, Martin Basti wrote: On 03.06.2016 14:28, Stanislav Laznicka wrote: On 06/03/2016 02:19 PM, Martin Basti wrote: On 03.06.2016 14:13, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5892 NACK please remove it from LDAPAddReverseMember too, it contains

Re: [Freeipa-devel] [PATCH 0041] Increase nsslapd-db-locks

On 06/06/2016 07:23 PM, Martin Basti wrote: On 03.06.2016 13:38, Stanislav Laznicka wrote: Hello, The attached patch implements solution to https://fedorahosted.org/freeipa/ticket/5914. The patch is rather hacky as nsslapd-db-locks requires to be modified when DS is not running