Re: [Freeipa-devel] What would break if loopback addresses were allowed for IPA server?

On 27.9.2016 14:31, Jan Pazdziora wrote: > On Wed, Sep 21, 2016 at 12:01:44PM +0200, Jan Pazdziora wrote: >> >> I've recently hit again the situation of IPA installer not happy >> about the provided IP address not being local to it, this time in >> containerized environment: >> >>

[Freeipa-devel] [freeipa PR#165][synchronized] Tests: Verify that cert-find show CA without --all

URL: https://github.com/freeipa/freeipa/pull/165 Author: mirielka Title: #165: Tests: Verify that cert-find show CA without --all Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/165/head:pr165 git checkout

[Freeipa-devel] [freeipa PR#165][comment] Tests: Verify that cert-find show CA without --all

URL: https://github.com/freeipa/freeipa/pull/165 Title: #165: Tests: Verify that cert-find show CA without --all mirielka commented: """ I added check for cert-show and cert-request (it was quite easy to add it to existing test). I'd prefer to add test for #6022 separately when bugfix is

[Freeipa-devel] [freeipa PR#165][synchronized] Tests: Verify that cert-find show CA without --all

URL: https://github.com/freeipa/freeipa/pull/165 Author: mirielka Title: #165: Tests: Verify that cert-find show CA without --all Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/165/head:pr165 git checkout

[Freeipa-devel] [freeipa PR#165][comment] Tests: Verify that cert-find show CA without --all

URL: https://github.com/freeipa/freeipa/pull/165 Title: #165: Tests: Verify that cert-find show CA without --all pvoborni commented: """ Right, I only wanted to highlight the issue in #6022. It should be a separate patch. """ See the full comment at

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

Hi, On 13.10.2016 18:52, Sumit Bose wrote: On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote: On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: Hi, I've started to write a SSSD design page about enhancing the current mapping of certificates to users and how to select/match

[Freeipa-devel] [help]

Hello everyone, I'm using freeipa, and having a test and research with the function of freeipa. At the same time, I have carried on the Chinese translation to the web interface, also added own log module in web interface, referring to the following screenshots. However, for these changes

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

On 17.10.2016 16:50, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 13.10.2016 18:52, Sumit Bose wrote: = Issuer specific matching = Although the MIT Kerberos rules allow to select the issuer of a certificate there are use cases where a more specific selection is needed. E.g. if

Re: [Freeipa-devel] [Design Review Request] V4/Automatic_Certificate_Request_Generation

On 13.10.2016 17:23, Ben Lipton wrote: Thank you, this was a really helpful clarification of your point. Comments below. Once again, I'm sorry I missed the email for so long. Ben On 09/05/2016 06:52 AM, Jan Cholasta wrote: On 27.8.2016 22:40, Ben Lipton wrote: On 08/25/2016 04:11 PM, Rob

[Freeipa-devel] [freeipa PR#166][opened] WebUI: services without canonical name are shown correctly

URL: https://github.com/freeipa/freeipa/pull/166 Author: pvomacka Title: #166: WebUI: services without canonical name are shown correctly Action: opened PR body: """ There is a change introduced in 4.4 that new services have canonical name. The old ones didn't have it, therefore these

[Freeipa-devel] [freeipa PR#143][synchronized] Issue6386 nss dir

URL: https://github.com/freeipa/freeipa/pull/143 Author: tiran Title: #143: Issue6386 nss dir Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/143/head:pr143 git checkout pr143 From

[Freeipa-devel] [freeipa PR#167][+ack] Move ipa.1 man file

URL: https://github.com/freeipa/freeipa/pull/167 Title: #167: Move ipa.1 man file Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

Jan Cholasta wrote: Hi, On 13.10.2016 18:52, Sumit Bose wrote: = Issuer specific matching = Although the MIT Kerberos rules allow to select the issuer of a certificate there are use cases where a more specific selection is needed. E.g. if there are some default matching rules for all

[Freeipa-devel] [freeipa PR#143][comment] Issue6386 nss dir

URL: https://github.com/freeipa/freeipa/pull/143 Title: #143: Issue6386 nss dir jcholast commented: """ NACK, see inline comments. """ See the full comment at https://github.com/freeipa/freeipa/pull/143#issuecomment-254226440 -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [freeipa PR#143][synchronized] Issue6386 nss dir

URL: https://github.com/freeipa/freeipa/pull/143 Author: tiran Title: #143: Issue6386 nss dir Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/143/head:pr143 git checkout pr143 From

[Freeipa-devel] [freeipa PR#167][opened] Move ipa.1 man file

URL: https://github.com/freeipa/freeipa/pull/167 Author: tiran Title: #167: Move ipa.1 man file Action: opened PR body: """ setuptools does not support data_files any more. The ipa(1) man page is now handled like the remaining man pages. Signed-off-by: Christian Heimes

[Freeipa-devel] [freeipa PR#117][comment] Make ipa-replica-install run in interactive mode

URL: https://github.com/freeipa/freeipa/pull/117 Title: #117: Make ipa-replica-install run in interactive mode simo5 commented: """ @stlaz, sure, what I meant is that the checking code should be made common and run in ipa-repliuca-install, certainly I was not suggesting to just duplicate all

[Freeipa-devel] [freeipa PR#167][+pushed] Move ipa.1 man file

URL: https://github.com/freeipa/freeipa/pull/167 Title: #167: Move ipa.1 man file Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#157][comment] git: Add commit template

URL: https://github.com/freeipa/freeipa/pull/157 Title: #157: git: Add commit template mbasti-rh commented: """ I disagree here with Honza, I liked those comments more at bottom. Why do we even need that comments? git commit command with vim set as editor is doing that automatically. """

Re: [Freeipa-devel] What would break if loopback addresses were allowed for IPA server?

On Mon, 2016-10-17 at 09:02 +0200, Petr Spacek wrote: > On 27.9.2016 14:31, Jan Pazdziora wrote: > > On Wed, Sep 21, 2016 at 12:01:44PM +0200, Jan Pazdziora wrote: > >> > >> I've recently hit again the situation of IPA installer not happy > >> about the provided IP address not being local to it,

[Freeipa-devel] [freeipa PR#167][closed] Move ipa.1 man file

URL: https://github.com/freeipa/freeipa/pull/167 Author: tiran Title: #167: Move ipa.1 man file Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/167/head:pr167 git checkout pr167 -- Manage your subscription for

[Freeipa-devel] [freeipa PR#167][comment] Move ipa.1 man file

URL: https://github.com/freeipa/freeipa/pull/167 Title: #167: Move ipa.1 man file mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/b9d68b5c3503bb708f637be6bb173a742b4105b4 """ See the full comment at

[Freeipa-devel] [freeipa PR#155][comment] Build system cleanup

URL: https://github.com/freeipa/freeipa/pull/155 Title: #155: Build system cleanup mbasti-rh commented: """ Needs rebase """ See the full comment at https://github.com/freeipa/freeipa/pull/155#issuecomment-254240565 -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

On Thu, 2016-10-13 at 18:52 +0200, Sumit Bose wrote: > Compatibility with Active Directory > Active Directory uses a per-user LDAP attribute > [https://msdn.microsoft.com/en-us/library/cc220106.aspx > altSecurityIdentities] to allow arbitrary user-certificate mappings is there > is no

Re: [Freeipa-devel] Feature branches for sub-team efforts

On Tue, 2016-10-11 at 16:19 +0200, Petr Vobornik wrote: > On 10/11/2016 03:50 PM, Alexander Bokovoy wrote: > > On ti, 11 loka 2016, Petr Vobornik wrote: > >> Hi List, > >> > >> we discussed locally a proposal about creating a feature branch for each > >> sub-team effort in our main git. Currently

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

1) you don't need to disable/enable dirsrv, just stop/start. Please remove disable/enable parts 2) traceback

[Freeipa-devel] [freeipa PR#168][opened] Update cli.py

URL: https://github.com/freeipa/freeipa/pull/168 Author: Garont Title: #168: Update cli.py Action: opened PR body: """ fix for ipa host-find ipa: ERROR: UnicodeEncodeError: 'ascii' codec can't encode characters in position 15-26: ordinal not in range(128) Traceback (most recent call last):