Re: [Freeipa-devel] [PATCH] 0004 Fix ipa-server-install in pure IPv6 environment

On 24.08.2016 18:41, Martin Basti wrote: On 19.08.2016 14:09, Tomas Krizek wrote: Hi, please review the attached patch. Make sure the hostname isn't resolved to link local IPv6(feXX:...) during testing, which doesn't work (and isn't supposed to). It did not work for me,

Re: [Freeipa-devel] [PATCH 0213] support multiple uid values in slapi-nis users map

On 25.08.2016 10:32, Alexander Bokovoy wrote: On Tue, 23 Aug 2016, thierry bordaz wrote: acceptance is now completed (successfully). ACK bump so ACKed ab's 213-1 fixes https://fedorahosted.org/freeipa/ticket/6138 ? Yes that is my understanding. patch 213-1 fixes #6138. I verified that

[Freeipa-devel] [freeipa PR#18] Fixed incorrect sequence of method calls in tasks.py (opened)

ofayans's pull request #18: "Fixed incorrect sequence of method calls in tasks.py" was opened PR body: """ https://fedorahosted.org/freeipa/ticket/6255 """ See the full pull-request at https://github.com/freeipa/freeipa/pull/18 ... or pull the PR as Git branch: git remote add ghfreeipa

Re: [Freeipa-devel] [PATCH 0213] support multiple uid values in slapi-nis users map

On Tue, 23 Aug 2016, thierry bordaz wrote: acceptance is now completed (successfully). ACK bump so ACKed ab's 213-1 fixes https://fedorahosted.org/freeipa/ticket/6138 ? Yes that is my understanding. patch 213-1 fixes #6138. I verified that lookup of UPN entries does return the domain. But

Re: [Freeipa-devel] [PATCH] 0220 move /bin/ipa to freeipa-client

Hi, On 25.8.2016 11:27, Alexander Bokovoy wrote: Hi, attached patch moves ipa CLI to freeipa-client and obsoletes freeipa-admintools The Obsoletes (both) should be on version < 4.4.1 rather than %{version}, as per Fedora packaging guidelines [1]. Please move the Obsoletes and Provides on

Re: [Freeipa-devel] pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ilt-gif-ipa01.ipa.preprod.local user=adu...@corp.addomain.com

I am getting bellow menage in logs. when i trying to check the status for sssd service i am getting *Cannot find KDC for realm "ADDOMAIN.COM " *at the end #systemctl status sssd â sssd.service - System Security Services Daemon Loaded: loaded

Re: [Freeipa-devel] [PATCH] 0091 Allow full customisability of CA subject name

On 22.8.2016 07:00, Fraser Tweedale wrote: On Fri, Aug 19, 2016 at 08:09:33PM +1000, Fraser Tweedale wrote: On Mon, Aug 15, 2016 at 10:54:25PM +1000, Fraser Tweedale wrote: On Mon, Aug 15, 2016 at 02:08:54PM +0200, Jan Cholasta wrote: On 19.7.2016 12:05, Jan Cholasta wrote: On 19.7.2016

Re: [Freeipa-devel] [PATCH] 0220 move /bin/ipa to freeipa-client

On Thu, 25 Aug 2016, Jan Cholasta wrote: Hi, On 25.8.2016 11:27, Alexander Bokovoy wrote: Hi, attached patch moves ipa CLI to freeipa-client and obsoletes freeipa-admintools The Obsoletes (both) should be on version < 4.4.1 rather than %{version}, as per Fedora packaging guidelines [1].

[Freeipa-devel] [freeipa PR#20] cert: include CA name in cert command output (opened)

jcholast's pull request #20: "cert: include CA name in cert command output" was opened PR body: """ Include name of the CA that issued a certificate in cert-request, cert-show and cert-find. This allows the caller to call further commands on the cert without having to call ca-find to find the

[Freeipa-devel] [PATCH] 0220 move /bin/ipa to freeipa-client

Hi, attached patch moves ipa CLI to freeipa-client and obsoletes freeipa-admintools Solves https://fedorahosted.org/freeipa/ticket/5934 Here is how upgrade looks when running 'dnf': Upgrading: freeipa-client x86_64 4.4.0.201608250913GIT9c20682-0.fc24

[Freeipa-devel] [freeipa PR#19] WebUI: Add 'Restore' option to action dropdown menu (opened)

pvomacka's pull request #19: "WebUI: Add 'Restore' option to action dropdown menu" was opened PR body: """ Also moving activate_action method several lines up - correcting logical order of methods. https://fedorahosted.org/freeipa/ticket/5818 """ See the full pull-request at

[Freeipa-devel] [freeipa PR#21] custodia: include known CA certs in the PKCS#12 file for Dogtag (opened)

jcholast's pull request #21: "custodia: include known CA certs in the PKCS#12 file for Dogtag" was opened PR body: """ This fixes CA replica install in a topology upgraded from CA-less to CA-full. https://fedorahosted.org/freeipa/ticket/6207 """ See the full pull-request at

[Freeipa-devel] [freeipa PR#22] otptoken: Convert ipatokenotpkey on server (opened)

dkupka's pull request #22: "otptoken: Convert ipatokenotpkey on server" was opened PR body: """ Force client to send the value of ipatokenotpkey as entered by user. Otherwise client encodes the value with base64 before sending to server resulting in using base32(base64(value)) instead of

[Freeipa-devel] [freeipa PR#18] Fixed incorrect sequence of method calls in tasks.py (+pushed)

ofayans's pull request #18: "Fixed incorrect sequence of method calls in tasks.py" label *pushed* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/18 -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [freeipa PR#18] Fixed incorrect sequence of method calls in tasks.py (comment)

mbasti-rh commented on a pull request """ @ofayans This is just mirror repo of fedorahosted , we cannot merge commits here, it has no effect. """ See the full comment at https://github.com/freeipa/freeipa/pull/18#issuecomment-242359169 -- Manage your subscription for the Freeipa-devel mailing

[Freeipa-devel] [freeipa PR#18] Fixed incorrect sequence of method calls in tasks.py (comment)

mbasti-rh commented on a pull request """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/fbc9179970ce30ba8c121a3d60b9550ef8f9c06c """ See the full comment at https://github.com/freeipa/freeipa/pull/18#issuecomment-242359000 -- Manage your subscription for the Freeipa-devel

[Freeipa-devel] [freeipa PR#18] Fixed incorrect sequence of method calls in tasks.py (+ack)

ofayans's pull request #18: "Fixed incorrect sequence of method calls in tasks.py" label *ack* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/18 -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0060] Add --force-join option to ipa-replica-install

On 10.08.2016 07:53, Stanislav Laznicka wrote: On 08/10/2016 07:31 AM, Jan Cholasta wrote: On 9.8.2016 18:52, Petr Vobornik wrote: On 08/09/2016 04:18 PM, Martin Basti wrote: On 09.08.2016 16:07, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/6183 Didn't we agreed

[Freeipa-devel] [freeipa PR#18] Fixed incorrect sequence of method calls in tasks.py (comment)

mbasti-rh commented on a pull request """ NACK ``` [Thu Aug 25 13:31:13.597940 2016] [wsgi:error] [pid 130658] Traceback (most recent call last): [Thu Aug 25 13:31:13.597945 2016] [wsgi:error] [pid 130658] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 352, in

[Freeipa-devel] [freeipa PR#23] Prototype of timerules as LDAP objects (opened)

stlaz's pull request #23: "Prototype of timerules as LDAP objects" was opened PR body: """ Hello, My branch adds the basic capabilities for adding time policies to HBAC rules. The policies are represented as separate objects that I call "time rules" which can be added to each HBAC rule. The

[Freeipa-devel] [freeipa PR#18] Fixed incorrect sequence of method calls in tasks.py (comment)

ofayans commented on a pull request """ @mbasti-rh oh, I see. Thanks! """ See the full comment at https://github.com/freeipa/freeipa/pull/18#issuecomment-242390863 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute

[Freeipa-devel] [freeipa PR#23] Time-Based HBAC Policies (edited)

stlaz's pull request #23: "Time-Based HBAC Policies" was edited See the full pull-request at https://github.com/freeipa/freeipa/pull/23 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/23/head:pr23 git checkout pr23 -- Manage

Re: [Freeipa-devel] [WIP][PATCH] Time-Based HBAC Policies

On 05/06/2016 12:28 PM, Stanislav Laznicka wrote: Hello, The time rules for FreeIPA effort is now to be found on Github. I forked FreeIPA and SSSD repos and added the current state of work there. https://github.com/stlaz/freeipa/tree/timerules

[Freeipa-devel] [freeipa PR#23] Time-Based HBAC Policies (comment)

mbasti-rh commented on a pull request """ I wrote a few comments. The most serious issue I found was time rule permissions, we must carefully decide what to do now, otherwise it will hurt us in future. Would be nice to provide API tests too :) """ See the full comment at

[Freeipa-devel] [PATCH] 0102..0105 Better handling for cert-request to disabled CA

The attached patches add better handling of cert-request failure due to target CA being disabled (#6260). To do this, rather than go and do extra work in Dogtag that we would depend on, instead I bite the bullet and refactor ra.request_certificate to use the Dogtag REST API, which correctly

Re: [Freeipa-devel] [Design Review Request] V4/Automatic_Certificate_Request_Generation

Ben Lipton wrote: On 08/23/2016 03:54 AM, Jan Cholasta wrote: On 8.8.2016 22:23, Ben Lipton wrote: On 07/25/2016 07:45 AM, Jan Cholasta wrote: On 25.7.2016 13:11, Alexander Bokovoy wrote: On Mon, 25 Jul 2016, Jan Cholasta wrote: On 20.7.2016 16:05, Ben Lipton wrote: Hi, Thanks very much

Re: [Freeipa-devel] [Design Review Request] V4/Automatic_Certificate_Request_Generation

On 08/23/2016 03:54 AM, Jan Cholasta wrote: On 8.8.2016 22:23, Ben Lipton wrote: On 07/25/2016 07:45 AM, Jan Cholasta wrote: On 25.7.2016 13:11, Alexander Bokovoy wrote: On Mon, 25 Jul 2016, Jan Cholasta wrote: On 20.7.2016 16:05, Ben Lipton wrote: Hi, Thanks very much for the feedback!

[Freeipa-devel] [PATCH] 0106 Make host/service cert revocation aware of lightweight CAs

Hi all, Attached patch fixes https://fedorahosted.org/freeipa/ticket/6221. It depends on Honza's PR #20 https://github.com/freeipa/freeipa/pull/20. Thanks, Fraser -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to

Re: [Freeipa-devel] [PATCH] 0106 Make host/service cert revocation aware of lightweight CAs

On Fri, Aug 26, 2016 at 03:37:17PM +1000, Fraser Tweedale wrote: > Hi all, > > Attached patch fixes https://fedorahosted.org/freeipa/ticket/6221. > It depends on Honza's PR #20 > https://github.com/freeipa/freeipa/pull/20. > > Thanks, > Fraser > It does help to attach the patch :) From