Re: [Freeipa-devel] beware of 389-ds-base-1.3.5.4-1.fc24.x86_64: weird filter/ACI evaluation

On 06/16/2016 10:50 AM, Petr Spacek wrote: On 16.6.2016 10:47, thierry bordaz wrote: On 06/16/2016 06:55 AM, Petr Spacek wrote: Hello, TL;DR version: Upgrade to 389-ds-base-1.3.5.6-1.fc24. I was facing weird filter/ACI evaluation with 389 DS 389-ds-base-1.3.5.4-1.fc24.x86_64. Here is full

Re: [Freeipa-devel] [PATCH 0133] Require 389-ds-base >= 1.3.5.6

On 16.6.2016 12:12, Ludwig Krispenz wrote: > > On 06/16/2016 12:00 PM, Petr Spacek wrote: >> Hello, >> >> Require 389-ds-base >= 1.3.5.6 >> >> Old DS handles LDAP filters incorrectly > no. Old DS handles filters strictly as documented in the admin guide, > requiring access rights to each

Re: [Freeipa-devel] [PATCH 0153-0158] move ipa-replica-manage del functionality into server-del

On 15.06.2016 15:29, Martin Babinsky wrote: On 06/15/2016 10:30 AM, Jan Cholasta wrote: Hi, On 12.6.2016 17:31, Martin Babinsky wrote: On 06/09/2016 08:12 PM, Martin Babinsky wrote: These patches expand `server_del` to a full fledged IPA master killer in domain level 1. Due to 'server

Re: [Freeipa-devel] [PATCH] 0056 webui: Counterpart of dnsserver-{find, show, mod}

On 06/16/2016 12:06 PM, Pavel Vomacka wrote: Hello, please review attached patch. https://fedorahosted.org/freeipa/ticket/5905 Fixed commit message -- Pavel^3 Vomacka From c61e0dd9190be2537ecd8da0a4fa5c0ace81a81e Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date:

Re: [Freeipa-devel] beware of 389-ds-base-1.3.5.4-1.fc24.x86_64: weird filter/ACI evaluation

On 06/16/2016 06:55 AM, Petr Spacek wrote: Hello, TL;DR version: Upgrade to 389-ds-base-1.3.5.6-1.fc24. I was facing weird filter/ACI evaluation with 389 DS 389-ds-base-1.3.5.4-1.fc24.x86_64. Here is full story (written before I realized that DS is old one ...): Test First, let's try

[Freeipa-devel] [Patch-0046] Increased certmonger timeout to address ticket N 5758

With this change the certmonger timeout issue is no longer observed in abcd lab. -- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 2063d59f3d8303abf056d38a68ac75f9f2d9cd24 Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Thu, 16 Jun 2016 10:25:59 +0200 Subject:

Re: [Freeipa-devel] beware of 389-ds-base-1.3.5.4-1.fc24.x86_64: weird filter/ACI evaluation

On 16.6.2016 10:47, thierry bordaz wrote: > On 06/16/2016 06:55 AM, Petr Spacek wrote: >> Hello, >> >> TL;DR version: >> Upgrade to 389-ds-base-1.3.5.6-1.fc24. >> >> I was facing weird filter/ACI evaluation with 389 DS >> 389-ds-base-1.3.5.4-1.fc24.x86_64. Here is full story (written before I >>

Re: [Freeipa-devel] beware of 389-ds-base-1.3.5.4-1.fc24.x86_64: weird filter/ACI evaluation

On 06/16/2016 11:23 AM, Ludwig Krispenz wrote: On 06/16/2016 06:55 AM, Petr Spacek wrote: Hello, TL;DR version: Upgrade to 389-ds-base-1.3.5.6-1.fc24. I was facing weird filter/ACI evaluation with 389 DS 389-ds-base-1.3.5.4-1.fc24.x86_64. Here is full story (written before I realized that

[Freeipa-devel] [PATCH] 0056 webui: Counterpart of dnsserver-{find, show, mod}

Hello, please review attached patch. https://fedorahosted.org/freeipa/ticket/5905 -- Pavel^3 Vomacka From 16270e37ce76796e76513270f5833241d4f5c892 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Thu, 16 Jun 2016 10:09:36 +0200 Subject: [PATCH] DNS Servers: Web UI part

Re: [Freeipa-devel] [PATCH 0133] Require 389-ds-base >= 1.3.5.6

On 06/16/2016 12:14 PM, Petr Spacek wrote: On 16.6.2016 12:12, Ludwig Krispenz wrote: On 06/16/2016 12:00 PM, Petr Spacek wrote: Hello, Require 389-ds-base >= 1.3.5.6 Old DS handles LDAP filters incorrectly no. Old DS handles filters strictly as documented in the admin guide, requiring

[Freeipa-devel] [PATCH 0133] Require 389-ds-base >= 1.3.5.6

Hello, Require 389-ds-base >= 1.3.5.6 Old DS handles LDAP filters incorrectly and breaks bind-dyndb-ldap. See https://www.redhat.com/archives/freeipa-devel/2016-June/msg00477.html https://fedorahosted.org/freeipa/ticket/2008 -- Petr^2 Spacek From 6cadda4044cf2ea85c84e04937455ab7726207e1 Mon

Re: [Freeipa-devel] beware of 389-ds-base-1.3.5.4-1.fc24.x86_64: weird filter/ACI evaluation

On 06/16/2016 06:55 AM, Petr Spacek wrote: Hello, TL;DR version: Upgrade to 389-ds-base-1.3.5.6-1.fc24. I was facing weird filter/ACI evaluation with 389 DS 389-ds-base-1.3.5.4-1.fc24.x86_64. Here is full story (written before I realized that DS is old one ...): Test First, let's try

Re: [Freeipa-devel] beware of 389-ds-base-1.3.5.4-1.fc24.x86_64: weird filter/ACI evaluation

On 16.6.2016 11:34, Ludwig Krispenz wrote: > > On 06/16/2016 11:23 AM, Ludwig Krispenz wrote: >> >> On 06/16/2016 06:55 AM, Petr Spacek wrote: >>> Hello, >>> >>> TL;DR version: >>> Upgrade to 389-ds-base-1.3.5.6-1.fc24. >>> >>> I was facing weird filter/ACI evaluation with 389 DS >>>

[Freeipa-devel] [PATCH 0014-0016][Tests] Authentication indicators

Hi, attached are tests for authentication indicators. Please note: 1. newly created service tracker is not exactly complete, list of unimplemented methods is in doc. These methods can be filled in when existing declarative tests are refactored. 2. patch 0015 depends on 0014, so it should

Re: [Freeipa-devel] [PATCH 0133] Require 389-ds-base >= 1.3.5.6

On 16.06.2016 12:21, Ludwig Krispenz wrote: On 06/16/2016 12:14 PM, Petr Spacek wrote: On 16.6.2016 12:12, Ludwig Krispenz wrote: On 06/16/2016 12:00 PM, Petr Spacek wrote: Hello, Require 389-ds-base >= 1.3.5.6 Old DS handles LDAP filters incorrectly no. Old DS handles filters strictly

Re: [Freeipa-devel] [PATCH 0133] Require 389-ds-base >= 1.3.5.6

On (16/06/16 12:00), Petr Spacek wrote: >Hello, > >Require 389-ds-base >= 1.3.5.6 > >Old DS handles LDAP filters incorrectly and breaks bind-dyndb-ldap. >See https://www.redhat.com/archives/freeipa-devel/2016-June/msg00477.html > >https://fedorahosted.org/freeipa/ticket/2008 > >-- >Petr^2 Spacek

Re: [Freeipa-devel] [PATCH] 0056 webui: Counterpart of dnsserver-{find, show, mod}

On 16.6.2016 12:09, Pavel Vomacka wrote: > > > On 06/16/2016 12:06 PM, Pavel Vomacka wrote: >> Hello, >> >> please review attached patch. >> >> https://fedorahosted.org/freeipa/ticket/5905 >> > Fixed commit message LGTM from user's perspective but I did not review the code. -- Petr^2 Spacek

Re: [Freeipa-devel] [PATCH 0133] Require 389-ds-base >= 1.3.5.6

On Thu, 16 Jun 2016, Lukas Slebodnik wrote: On (16/06/16 12:00), Petr Spacek wrote: Hello, Require 389-ds-base >= 1.3.5.6 Old DS handles LDAP filters incorrectly and breaks bind-dyndb-ldap. See https://www.redhat.com/archives/freeipa-devel/2016-June/msg00477.html

Re: [Freeipa-devel] [Design Review Request] V4/Automatic_Certificate_Request_Generation

On 06/14/2016 08:27 AM, Ben Lipton wrote: Hello all, I have written up a design proposal for making certificate requests easier to generate when using alternate certificate profiles: http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation. The use case for this is described

Re: [Freeipa-devel] [PATCH] 0019 - 2 ipapwd_extop should take precedence over default DS plugin

On Thu, 16 Jun 2016, thierry bordaz wrote: The version DS 1.3.5.6 is now available. Here is the second version of the patch taking into account lower precedence for Schema Compat On 06/13/2016 06:01 PM, Alexander Bokovoy wrote: On Mon, 13 Jun 2016, thierry bordaz wrote: On 06/13/2016

Re: [Freeipa-devel] [PATCH 0503-0513, 0515-0519] DNS locations

On 16.6.2016 13:57, Martin Basti wrote: > > > On 16.06.2016 12:09, Petr Spacek wrote: >> On 15.6.2016 17:24, Petr Spacek wrote: >>> On 15.6.2016 15:45, Martin Basti wrote: On 15.06.2016 14:52, Martin Basti wrote: > > Hydra patching: Updated patches attached + new patches for

[Freeipa-devel] [PATCH] 497 Update Developers in Contributors.txt

Since we are close to 4.4 release, let's add the latest contributors. (master branch should be enough). -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. From 2f3b4706fbdf4319a54ef679042cdf1b156787b5 Mon Sep 17 00:00:00 2001 From: Martin

Re: [Freeipa-devel] [PATCH 0133] Require 389-ds-base >= 1.3.5.6

On 16.6.2016 15:58, Lukas Slebodnik wrote: > On (16/06/16 12:00), Petr Spacek wrote: >> Hello, >> >> Require 389-ds-base >= 1.3.5.6 >> >> Old DS handles LDAP filters incorrectly and breaks bind-dyndb-ldap. >> See https://www.redhat.com/archives/freeipa-devel/2016-June/msg00477.html >> >>

[Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

-- Oleg Fayans Quality Engineer FreeIPA team RedHat. From debac0cf5cb24e1c2072d10373f4d9f72cb875a7 Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Thu, 16 Jun 2016 16:45:03 +0200 Subject: [PATCH] Automated clean-ruv subcommand test

Re: [Freeipa-devel] [PATCH] 0019 - 2 ipapwd_extop should take precedence over default DS plugin

The version DS 1.3.5.6 is now available. Here is the second version of the patch taking into account lower precedence for Schema Compat On 06/13/2016 06:01 PM, Alexander Bokovoy wrote: On Mon, 13 Jun 2016, thierry bordaz wrote: On 06/13/2016 04:57 PM, Alexander Bokovoy wrote: On Mon, 13

[Freeipa-devel] [PATCH 0047] Fix uninitialized variables in replicainstall

Hello, There was a possible use of uninitialized variables in replicainstall. From 1b26d42e00506b007e087c74cafc0327090aec40 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Thu, 16 Jun 2016 10:05:34 +0200 Subject: [PATCH] Fix unitialized variables in replicainstall

[Freeipa-devel] [PATCH 0048] Remove sys.exit() from installer modules

Hello, This patch removes most sys.exits() from installer modules and scripts and replaces them with ScriptError. I only left sys.exits at places where the user decides yes/no on continuation of the script. From 7968f068141e53f7bf111221b38c40cac432 Mon Sep 17 00:00:00 2001 From:

[Freeipa-devel] [PATCH] 0069 renew_ca_cert: bootstrap api with in_server=True

Attached patch fixes https://fedorahosted.org/freeipa/ticket/5968 Thanks, Fraser From 47ddd811f37fc026c296dd6c2fd44be606ba5a75 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Fri, 17 Jun 2016 14:18:05 +1000 Subject: [PATCH] renew_ca_cert: bootstrap api with

Re: [Freeipa-devel] [PATCH 0048] Remove sys.exit() from installer modules

On 16.6.2016 17:33, Stanislav Laznicka wrote: > Hello, > > This patch removes most sys.exits() from installer modules and scripts and > replaces them with ScriptError. I only left sys.exits at places where the user > decides yes/no on continuation of the script. I wonder if yes/no should be

Re: [Freeipa-devel] [freeipa-devel][PATCH] Added missing translation to automount.py method

Hi All, Please review updated patch. On 06/15/2016 07:56 PM, Abhijeet Kasurde wrote: On 06/15/2016 07:29 PM, Martin Basti wrote: On 15.06.2016 11:13, Abhijeet Kasurde wrote: Hi All, Please review the attached patch. Fixes: https://fedorahosted.org/freeipa/ticket/5920 Thank you

Re: [Freeipa-devel] [PATCH] Fix minor typos

On 16.06.2016 05:16, Petr Spacek wrote: On 15.6.2016 20:57, Yuri Chornoivan wrote: Hi, There are several minor typos in the new portion of FreeIPA code (see the patch attached). Thanks for fixing them. Thank *you* for fixing them! ACK Pushed to master:

Re: [Freeipa-devel] [freeipa-devel][PATCH] Added missing translation to automount.py method

On 16.06.2016 08:31, Abhijeet Kasurde wrote: Hi All, Please review updated patch. On 06/15/2016 07:56 PM, Abhijeet Kasurde wrote: On 06/15/2016 07:29 PM, Martin Basti wrote: On 15.06.2016 11:13, Abhijeet Kasurde wrote: Hi All, Please review the attached patch. Fixes:

Re: [Freeipa-devel] [PATCH] Schema caching for thin client

On 06/15/2016 08:15 PM, Petr Vobornik wrote: On 06/15/2016 02:36 PM, David Kupka wrote: Hello! Schema caching for thin client is available here: https://github.com/dkupka/freeipa/commits/schema_cache Comments and reviews welcome. Enjoy! Not doing proper review. I'll test by using it. But:

Re: [Freeipa-devel] [PATCH 0413-0416] Support fake_mname option in per-server configuration in LDAP

On 16.6.2016 09:19, Petr Spacek wrote: > On 13.6.2016 09:56, Petr Spacek wrote: >> On 11.6.2016 20:36, Petr Spacek wrote: >>> Hello, >>> >>> Support fake_mname option in per-server configuration in LDAP. >>> >>> https://fedorahosted.org/bind-dyndb-ldap/ticket/162 >>> >>> >>> Patch set contains

Re: [Freeipa-devel] [PATCH 0413-0416] Support fake_mname option in per-server configuration in LDAP

On 13.6.2016 09:56, Petr Spacek wrote: > On 11.6.2016 20:36, Petr Spacek wrote: >> Hello, >> >> Support fake_mname option in per-server configuration in LDAP. >> >> https://fedorahosted.org/bind-dyndb-ldap/ticket/162 >> >> >> Patch set contains necessary infrastructure changes so the configuration