Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On Tue, 19 Jul 2016, Jan Cholasta wrote: On 19.7.2016 10:40, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 18.7.2016 10:12, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Jan Cholasta wrote: Hi, On 16.7.2016 12:46, Alexander Bokovoy wrote: Hi, I had some time and was

Re: [Freeipa-devel] [freeipa] #6002: Default CA can be used without an ACL

On Tue, Jul 19, 2016 at 08:26:22AM +0200, Jan Cholasta wrote: > Hi, > > On 4.7.2016 09:06, Fraser Tweedale wrote: > > On Tue, Jun 28, 2016 at 01:47:23PM -, freeipa wrote: > > > #6002: Default CA can be used without an ACL > > > > > > Comment (by ftweedal): > > > > > > This is expected

Re: [Freeipa-devel] [PATCH] [WIP] Allow full customisability of CA subject name

Hi, On 15.7.2016 07:05, Fraser Tweedale wrote: On Fri, Jul 15, 2016 at 03:04:48PM +1000, Fraser Tweedale wrote: The attached patch is a work in progress for https://fedorahosted.org/freeipa/ticket/2614 (BZ 828866). I am sharing now to make the approach clear and solicit feedback. It has been

Re: [Freeipa-devel] [PATCH] 0211-0212 Make sure --raw option works for trust-add

On 18.7.2016 12:06, Martin Babinsky wrote: On 07/16/2016 12:50 PM, Alexander Bokovoy wrote: Hi, I had some time and was blocked by these bugs to do my tickets so I actually fixed these three problems that are assigned to Martin Babinsky. Hopefully, Martin wouldn't be offended by that. :)

Re: [Freeipa-devel] [PATCH 0183] ipa-advise: correct handling of plugin namespace iteration

On 07/18/2016 08:46 AM, Jan Cholasta wrote: Hi, On 11.7.2016 14:18, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/6044 Note that you should use .name rather than .__name__ to get plugin names, otherwise the code won't work with plugins with non-default names. There

[Freeipa-devel] [PATCH 0029][Tests] Adding authentication test to trust test suite

Hi, this patch adds authentication test (specifically "kinit -E ipauser@IPADOMAIN") to basic trust test suite, as requested by Sumit. Intended to be applied after my patches 25.4 and 26.3 (already waiting to be pushed). Lenka From 394304d23ef752c30cf1f4d69d5e6116fd41ad2d Mon Sep 17

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On Tue, 19 Jul 2016, Jan Cholasta wrote: On 18.7.2016 10:12, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Jan Cholasta wrote: Hi, On 16.7.2016 12:46, Alexander Bokovoy wrote: Hi, I had some time and was blocked by these bugs to do my tickets so I actually fixed these three problems that

Re: [Freeipa-devel] [PATCH] cert-show: show subject alternative names

On Tue, Jul 19, 2016 at 08:50:34AM +0200, Jan Cholasta wrote: > Hi, > > On 14.7.2016 13:44, Fraser Tweedale wrote: > > Hi all, > > > > The attached patch includes SANs in cert-show output. If you have > > certs with esoteric altnames (especially any that are more than just > > ASN.1 string

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 19.7.2016 10:40, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 18.7.2016 10:12, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Jan Cholasta wrote: Hi, On 16.7.2016 12:46, Alexander Bokovoy wrote: Hi, I had some time and was blocked by these bugs to do my tickets so

Re: [Freeipa-devel] Using RPZ to overcome multi Kerberos domains and multiple DNS authorities.

On 18.7.2016 19:44, Jim Glenz wrote: > IPA DNS configuration using Response Policy Zone (RPZ). > > IPA utilizes DNS extensively to locate service records (SRV) and text > records (TXT) associated with the Kerberos realm. > IPA also heavily require DNS A records and PTR records to function >

Re: [Freeipa-devel] [PATCH] cert-show: show subject alternative names

Hi, On 14.7.2016 13:44, Fraser Tweedale wrote: Hi all, The attached patch includes SANs in cert-show output. If you have certs with esoteric altnames (especially any that are more than just ASN.1 string types), please test with those certs. https://fedorahosted.org/freeipa/ticket/6022 I

Re: [Freeipa-devel] [PATCH] 963 unite log file name of ipa-ca-install

On 19.7.2016 09:27, Petr Vobornik wrote: On 07/19/2016 08:01 AM, Jan Cholasta wrote: Hi, On 18.7.2016 18:50, Florence Blanc-Renaud wrote: On 07/15/2016 04:29 PM, Petr Vobornik wrote: ipa-ca-install said that it used /var/log/ipareplica-ca-install.log but in fact it used

Re: [Freeipa-devel] [PATCH 0059] Fix to ipa-cacert-manage man and help differences

On 07/15/2016 02:09 PM, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/6013 Hi Stanislav, thanks for your patch. As CERTFILE is added in the arguments for install, I would suggest to mention it in the command description. For instance: install - Install a CA

Re: [Freeipa-devel] [PATCH] 0001: Silence sshd messages during install

Hi, On 9.7.2016 14:46, Ben Lipton wrote: On 07/07/2016 11:19 AM, Ben Lipton wrote: Thanks for the review! Comments below. On 07/01/2016 07:42 AM, Martin Basti wrote: On 29.06.2016 20:46, Ben Lipton wrote: The attached patch silences some annoying messages I've been getting when

Re: [Freeipa-devel] [PATCH] 963 unite log file name of ipa-ca-install

On 07/19/2016 08:01 AM, Jan Cholasta wrote: > Hi, > > On 18.7.2016 18:50, Florence Blanc-Renaud wrote: >> On 07/15/2016 04:29 PM, Petr Vobornik wrote: >>> ipa-ca-install said that it used >>> /var/log/ipareplica-ca-install.log >>> but in fact it used >>> /var/log/ipaserver-ca-install.log >>>

Re: [Freeipa-devel] [PATCH] 0211-0212 Make sure --raw option works for trust-add

On Tue, 19 Jul 2016, Jan Cholasta wrote: On 18.7.2016 12:06, Martin Babinsky wrote: On 07/16/2016 12:50 PM, Alexander Bokovoy wrote: Hi, I had some time and was blocked by these bugs to do my tickets so I actually fixed these three problems that are assigned to Martin Babinsky. Hopefully,

Re: [Freeipa-devel] [PATCH 0058] Make get_entries not ignore its size_limit argument

Hi, On 14.7.2016 14:36, Stanislav Laznicka wrote: Hello, This patch fixes https://fedorahosted.org/freeipa/ticket/5640. With not so much experience with the framework, it raises question in my head whether ipaldap.get_entries is used properly throughout the system - does it always assume that

Re: [Freeipa-devel] [PATCH] 0023 Bug in the ipapwd plugin

On 07/13/2016 10:02 PM, Lukas Slebodnik wrote: On (13/07/16 16:50), thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/6030 >From 4efedc5e674db92f9f7c160429df543422ed8afb Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Wed, 13 Jul 2016 15:34:20 +0200

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 18.7.2016 10:12, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Jan Cholasta wrote: Hi, On 16.7.2016 12:46, Alexander Bokovoy wrote: Hi, I had some time and was blocked by these bugs to do my tickets so I actually fixed these three problems that are assigned to Martin Babinsky. Hopefully,

Re: [Freeipa-devel] [PATCH] [WIP] Allow full customisability of CA subject name

On Tue, Jul 19, 2016 at 09:36:17AM +0200, Jan Cholasta wrote: > Hi, > > On 15.7.2016 07:05, Fraser Tweedale wrote: > > On Fri, Jul 15, 2016 at 03:04:48PM +1000, Fraser Tweedale wrote: > > > The attached patch is a work in progress for > > > https://fedorahosted.org/freeipa/ticket/2614 (BZ

[Freeipa-devel] [PATCH 0553] CI tests: improve log collecting in tests

Patch attached. From 55a4b4a47bd859194bfb3fc4ab6acde4f8086f6e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 19 Jul 2016 12:09:29 +0200 Subject: [PATCH] CI tests: improve log collecting We should collect as much as possible relevant logs to be able do better

Re: [Freeipa-devel] [PATCH] 0023 Bug in the ipapwd plugin

On Tue, 2016-07-19 at 10:17 +0200, thierry bordaz wrote: > > > On 07/13/2016 10:02 PM, Lukas Slebodnik wrote: > > On (13/07/16 16:50), thierry bordaz wrote: > >> https://fedorahosted.org/freeipa/ticket/6030 > >> >From 4efedc5e674db92f9f7c160429df543422ed8afb Mon Sep 17 00:00:00 > 2001 > >> From:

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On Tue, 19 Jul 2016, Jan Cholasta wrote: On 19.7.2016 11:36, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 19.7.2016 10:40, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 18.7.2016 10:12, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Jan Cholasta

Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

On 18.07.2016 18:09, Martin Babinsky wrote: On 07/14/2016 03:39 PM, Lenka Doudova wrote: On 07/13/2016 06:04 PM, Martin Babinsky wrote: On 07/01/2016 04:45 PM, Lenka Doudova wrote: On 07/01/2016 03:04 PM, Martin Babinsky wrote: On 07/01/2016 11:13 AM, Lenka Doudova wrote: And, of

Re: [Freeipa-devel] [PATCH 0187] Use server API in com.redhat.idm.trust-fetch-domains oddjob helper

On 18.07.2016 10:53, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/6082 -- Martin^3 Babinsky From 990f29cbfb457c6179ffc0bed452dc358ba30d21 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Thu, 14 Jul

Re: [Freeipa-devel] [PATCH] 0046 Create server certs with DNS altname

On 01.07.2016 13:26, Petr Spacek wrote: On 20.1.2016 05:04, Fraser Tweedale wrote: On Tue, Dec 08, 2015 at 07:06:39PM +1000, Fraser Tweedale wrote: On Mon, Dec 07, 2015 at 05:50:05PM -0500, Rob Crittenden wrote: Fraser Tweedale wrote: On Mon, Dec 07, 2015 at 01:53:15PM +0100, Martin Kosek

Re: [Freeipa-devel] [PATCH 190] expose `--secret` option in radiusproxy-* commands

Hi, On 18.7.2016 13:51, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/6078 I don't think we want the secret searchable. Add a 'no_search' flag to the param to fix that. Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] 0011 server uninstall fails to remove krb principals

On 07/11/2016 09:52 AM, Florence Blanc-Renaud wrote: > Hi, > > please find a patch for the 3rd issue of ticket 6012. > > https://fedorahosted.org/freeipa/ticket/6012 > > bump for review -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] 0023 Bug in the ipapwd plugin

On 19.07.2016 12:21, Simo Sorce wrote: On Tue, 2016-07-19 at 10:17 +0200, thierry bordaz wrote: On 07/13/2016 10:02 PM, Lukas Slebodnik wrote: On (13/07/16 16:50), thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/6030 >From 4efedc5e674db92f9f7c160429df543422ed8afb Mon Sep 17

Re: [Freeipa-devel] [PATCH] [WIP] Allow full customisability of CA subject name

On 19.7.2016 11:54, Fraser Tweedale wrote: On Tue, Jul 19, 2016 at 09:36:17AM +0200, Jan Cholasta wrote: Hi, On 15.7.2016 07:05, Fraser Tweedale wrote: On Fri, Jul 15, 2016 at 03:04:48PM +1000, Fraser Tweedale wrote: The attached patch is a work in progress for

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 19.7.2016 11:36, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 19.7.2016 10:40, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 18.7.2016 10:12, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Jan Cholasta wrote: Hi, On 16.7.2016 12:46,

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On Tue, 19 Jul 2016, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 19.7.2016 10:40, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 18.7.2016 10:12, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Jan Cholasta wrote: Hi, On 16.7.2016 12:46,

[Freeipa-devel] Location mechanism RFE

Hello, can you please check if TCs for basic test looks good for http://www.freeipa.org/page/V4/DNS_Location_Mechanism TC 1 - default values (50:50) - ipa-server-install + replica - add two location - mod SRV record (ipa server-mod) to master - location1 | replica - location2 - check by

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 19.7.2016 12:31, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 19.7.2016 11:36, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 19.7.2016 10:40, Alexander Bokovoy wrote: On Tue, 19 Jul 2016, Jan Cholasta wrote: On 18.7.2016 10:12, Alexander

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 07/19/2016 01:13 PM, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Martin Babinsky wrote: On 07/18/2016 12:29 PM, Martin Babinsky wrote: > On 07/18/2016 10:01 AM, Jan Cholasta wrote: > > Hi, > > > > On 16.7.2016 12:46, Alexander Bokovoy wrote: > > > Hi, > > > > > > I had some time and was

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On Mon, 18 Jul 2016, Martin Babinsky wrote: On 07/18/2016 12:29 PM, Martin Babinsky wrote: > On 07/18/2016 10:01 AM, Jan Cholasta wrote: > > Hi, > > > > On 16.7.2016 12:46, Alexander Bokovoy wrote: > > > Hi, > > > > > > I had some time and was blocked by these bugs to do my tickets so I > >

Re: [Freeipa-devel] [PATCH 0024][Tests] Fix integration tests not to produce incorrect /etc/hosts file

On 06/29/2016 06:49 PM, Petr Spacek wrote: On 29.6.2016 18:39, Oleg Fayans wrote: In fact, I believe /etc/hosts file should not be touched at all. Hostname resolution is usually governed by the DNS system of the lab in which tests are running. We do not modify it when perform tests manually,

Re: [Freeipa-devel] [PATCH 0032] Secure permission and cleanup Custodia server.keys

On 12.07.2016 16:45, Christian Heimes wrote: Custodia's server.keys file contain the private RSA keys for encrypting and signing Custodia messages. The file was created with permission 644 and is only secured by permission 700 of the directory /etc/ipa/custodia. The installer and upgrader

Re: [Freeipa-devel] [PATCH 0553] CI tests: improve log collecting in tests

On 19.07.2016 16:18, Martin Basti wrote: Patch attached. self-NACK, my assumptions were wrong, this doesn't work if any of log files do not exist -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [PATCH 0001][Tests] Fix for dns_plugin tests

Greetings! Fix for ipatests/test_xmlrpc/test_dns_plugin.py (test_forwardzone_delegation_warnings.test) You can't have a DNS zone with the authoritative nameserver that does not have a A or record in the local DNS. Since in some test environments primary hostname of the master is managed

Re: [Freeipa-devel] [PATCH] 0046 Create server certs with DNS altname

On Tue, Jul 19, 2016 at 02:21:05PM +0200, Martin Basti wrote: > > > On 01.07.2016 13:26, Petr Spacek wrote: > > On 20.1.2016 05:04, Fraser Tweedale wrote: > > > On Tue, Dec 08, 2015 at 07:06:39PM +1000, Fraser Tweedale wrote: > > > > On Mon, Dec 07, 2015 at 05:50:05PM -0500, Rob Crittenden

[Freeipa-devel] [DESIGN] Text-based rules for CSR autogeneration using Jinja2

Hi, I have updated the design page http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation/Mapping_Rules with my plan for implementing user-configurable rules for mapping IPA data into certificate requests. In brief: we will use Jinja2 for templating. Data rules (which map