[Freeipa-devel] [PATCH] 1091 Don't double-encode CA cert

When the CA cert was added via the update plugin we were double-encoding it. We just need to store the DER value. See the ticket for reproduction details. rob >From b1e8f63ca9a1b991f892010c314ebb53cb1d9b5f Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 6 Mar 2013 14:28:18 -0500 Subje

Re: [Freeipa-devel] Backup and Restore design

I think I've captured all the changes and suggestions. Am I good to go on starting to implement this or do we need more discussion? http://freeipa.org/page/V3/Backup_and_Restore rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.

Re: [Freeipa-devel] [PATCH] 1088 Recover DNA ranges when deleting a master

Petr Viktorin wrote: On 03/01/2013 11:57 PM, Rob Crittenden wrote: Implement the design at http://freeipa.org/page/V3/Recover_DNA_Ranges Could you add the link to the commit message? done Note that this required some new ACIs in cn=config which is not replicated so the range-set commands

Re: [Freeipa-devel] [PATCH] 0007 Web UI: Realm Domains page

On 03/06/2013 10:40 AM, Petr Vobornik wrote: > On 03/05/2013 05:52 PM, Ana Krivokapic wrote: >> On 02/27/2013 05:10 PM, Petr Vobornik wrote: >>> On 02/27/2013 04:20 PM, Ana Krivokapic wrote: Add support for Realm Domains to web UI. https://fedorahosted.org/freeipa/ticket/3407 >>> >>>

Re: [Freeipa-devel] [PATCH] 260-262 Global trust configuration page

On Wed, Mar 06, 2013 at 02:05:38PM +0100, Martin Kosek wrote: > On 03/06/2013 01:42 PM, Petr Vobornik wrote: > > On 03/02/2013 08:40 PM, Endi Sukma Dewata wrote: > >> - Original Message - > >>> First two patches are bug fixes which are required for third patch. > >>> Depends on my patch #25

Re: [Freeipa-devel] [PATCHES] 94-99 Read and use per-service PAC type

On Wed, Mar 06, 2013 at 08:51:47AM -0500, Simo Sorce wrote: > On Wed, 2013-03-06 at 14:49 +0100, Martin Kosek wrote: > > On 03/06/2013 10:41 AM, Sumit Bose wrote: > > > On Tue, Mar 05, 2013 at 05:13:58PM +0100, Martin Kosek wrote: > > >> On 03/04/2013 04:22 PM, Sumit Bose wrote: > > >>> On Fri, Mar

Re: [Freeipa-devel] [ACK] ipa-replica-manage break after new LDAP code merged

On 03/06/2013 03:39 PM, Petr Viktorin wrote: > ACK for Alexander's two-liner fix to ipa-replica-manage, which I broke with > the > LDAP refactoring. > > Patch was posted via Trac: > https://fedorahosted.org/freeipa/ticket/3490 > Pushed to master. Martin ___

Re: [Freeipa-devel] [PATCH] 264-265 Web UI:Certificate pages

Updated patch 264 attached. 265 was rebased. See comments below. On 03/06/2013 12:33 AM, Endi Sukma Dewata wrote: On 2/22/2013 10:43 AM, Petr Vobornik wrote: Note: static json files for testing and such will be updated soon (there were several patch which changes API. I rather want to do one ma

Re: [Freeipa-devel] [PATCHES] 0191-0195 Use ipaldap in the client installer & password migration

On 03/06/2013 04:29 PM, Petr Viktorin wrote: > Hello, > These patches move ipaldap to ipapython, and make the client installer use it. > Also password migration web-app is made to use ipaldap; they both called a > shared a utility function that is converted to use ipaldap. > > This should fix http

Re: [Freeipa-devel] [PATCH] 115 Fix internal error in output_for_cli method of sudorule_{enable, disable}

On 03/06/2013 10:31 AM, Jan Cholasta wrote: > Hi, > > this patch fixes . > > Honza > ACK. Pushed to master, ipa-3-1. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/

Re: [Freeipa-devel] [PATCH] 114 Remove disabled entries from sudoers compat tree

On 03/06/2013 10:14 AM, Jan Cholasta wrote: > Hi, > > this patch fixes . > > Honza > ACK. Pushed to master, ipa-3-1. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/

[Freeipa-devel] [ACK] ipa-replica-manage break after new LDAP code merged

ACK for Alexander's two-liner fix to ipa-replica-manage, which I broke with the LDAP refactoring. Patch was posted via Trac: https://fedorahosted.org/freeipa/ticket/3490 -- Petr³ From a7a2e3e09eb4a1eb7bb005fe4a43ea0e3ac1c5af Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 6 Mar 201

[Freeipa-devel] LDAP search without enforcing schema correctness

Hi! We need to make schema validation optional for multiple cases. Recent LDAP code changes in master broke whole AD trusts because we are no longer able to talk to Global Catalog service as it is not exposing schema the way we expect it (neither we need that schema). I've pushed one-liner that

Re: [Freeipa-devel] [PATCH] 105 Fix remove while iterating in suppress_netgroup_memberof

On 03/05/2013 04:13 PM, Petr Viktorin wrote: > On 02/27/2013 02:55 PM, Jan Cholasta wrote: >> Hi, >> >> this patch fixes . >> >> Honza >> > > ACK, thanks. > > Pushed to master, ipa-3-1. Martin ___ Freeip

Re: [Freeipa-devel] [PATCHES] 94-99 Read and use per-service PAC type

On Wed, 2013-03-06 at 14:49 +0100, Martin Kosek wrote: > On 03/06/2013 10:41 AM, Sumit Bose wrote: > > On Tue, Mar 05, 2013 at 05:13:58PM +0100, Martin Kosek wrote: > >> On 03/04/2013 04:22 PM, Sumit Bose wrote: > >>> On Fri, Mar 01, 2013 at 08:58:34AM -0500, Simo Sorce wrote: > On Fri, 2013-0

Re: [Freeipa-devel] [PATCHES] 94-99 Read and use per-service PAC type

On 03/06/2013 10:41 AM, Sumit Bose wrote: > On Tue, Mar 05, 2013 at 05:13:58PM +0100, Martin Kosek wrote: >> On 03/04/2013 04:22 PM, Sumit Bose wrote: >>> On Fri, Mar 01, 2013 at 08:58:34AM -0500, Simo Sorce wrote: On Fri, 2013-03-01 at 10:08 +0100, Martin Kosek wrote: > On 03/01/2013 09:2

Re: [Freeipa-devel] [PATCH] 260-262 Global trust configuration page

On 03/06/2013 02:21 PM, Petr Vobornik wrote: > On 03/06/2013 02:05 PM, Martin Kosek wrote: >> On 03/06/2013 01:42 PM, Petr Vobornik wrote: >>> On 03/02/2013 08:40 PM, Endi Sukma Dewata wrote: - Original Message - > First two patches are bug fixes which are required for third patch.

Re: [Freeipa-devel] [PATCH] 260-262 Global trust configuration page

On 03/06/2013 02:05 PM, Martin Kosek wrote: On 03/06/2013 01:42 PM, Petr Vobornik wrote: On 03/02/2013 08:40 PM, Endi Sukma Dewata wrote: - Original Message - First two patches are bug fixes which are required for third patch. Depends on my patch #259 (Combobox keyboard support) 1) [P

Re: [Freeipa-devel] [PATCH] 260-262 Global trust configuration page

On 03/06/2013 01:42 PM, Petr Vobornik wrote: > On 03/02/2013 08:40 PM, Endi Sukma Dewata wrote: >> - Original Message - >>> First two patches are bug fixes which are required for third patch. >>> Depends on my patch #259 (Combobox keyboard support) >>> >>> 1) [PATCH] Fix dirty state update

Re: [Freeipa-devel] [PATCH] 263 Web UI: configurable SID blacklists

On 03/04/2013 06:14 PM, Endi Sukma Dewata wrote: On 2/18/2013 10:37 AM, Petr Vobornik wrote: Added blacklists section, with ipantsidblacklistincoming and ipantsidblacklistoutgoing multivalued textbox fields, into trust details page. https://fedorahosted.org/freeipa/ticket/3289 ACK. Pushed t

Re: [Freeipa-devel] [PATCH] 260-262 Global trust configuration page

On 03/02/2013 08:40 PM, Endi Sukma Dewata wrote: - Original Message - First two patches are bug fixes which are required for third patch. Depends on my patch #259 (Combobox keyboard support) 1) [PATCH] Fix dirty state update of editable combobox Editable combobox didn't update it's dir

Re: [Freeipa-devel] [PATCH] 259 Combobox keyboard support

On 03/02/2013 08:38 PM, Endi Sukma Dewata wrote: On 02/27/2013 06:54 AM, Petr Vobornik wrote: On 02/27/2013 01:50 AM, Endi Sukma Dewata wrote: Another minor thing, if the search box is in focus, you can use the Up/Down arrow to go to the list. However, from the list you cannot use the Up/Do

Re: [Freeipa-devel] [PATCH 0037] Add support for re-enrolling hosts using keytab

On 6.3.2013 13:04, Tomas Babej wrote: On 03/05/2013 02:10 PM, Petr Viktorin wrote: Thanks! The mechanism works, but see below. This is a RFE so it needs a design document. http://freeipa.org/page/V3/Client_install_using_keytab I added "Security Considerations" section with couple questions in

Re: [Freeipa-devel] [PATCH] 378-380 Improved CNAME and DNAME validation

On 6.3.2013 09:32, Martin Kosek wrote: +error=u'CNAME record is not allowed to coexist with any other record'), Sorry for nitpicking again, but I would add note '(RFC 1034, section 3.6.2)'. Thank you! -- Petr^2 Spacek ___ Freeipa-d

Re: [Freeipa-devel] [PATCH 0037] Add support for re-enrolling hosts using keytab

On 03/05/2013 02:10 PM, Petr Viktorin wrote: Thanks! The mechanism works, but see below. This is a RFE so it needs a design document. http://freeipa.org/page/V3/Client_install_using_keytab For context, I'll include your comment from trac: > From my investigation I would conclude that we canno

Re: [Freeipa-devel] [PATCH] 0007 Web UI: Realm Domains page

On 03/05/2013 05:52 PM, Ana Krivokapic wrote: On 02/27/2013 05:10 PM, Petr Vobornik wrote: On 02/27/2013 04:20 PM, Ana Krivokapic wrote: Add support for Realm Domains to web UI. https://fedorahosted.org/freeipa/ticket/3407 The patch looks good, but there is a issue we don't have a precedence

Re: [Freeipa-devel] [PATCHES] 94-99 Read and use per-service PAC type

On Tue, Mar 05, 2013 at 05:13:58PM +0100, Martin Kosek wrote: > On 03/04/2013 04:22 PM, Sumit Bose wrote: > > On Fri, Mar 01, 2013 at 08:58:34AM -0500, Simo Sorce wrote: > >> On Fri, 2013-03-01 at 10:08 +0100, Martin Kosek wrote: > >>> On 03/01/2013 09:20 AM, Sumit Bose wrote: > On Fri, Mar 01

[Freeipa-devel] [PATCH] 115 Fix internal error in output_for_cli method of sudorule_{enable, disable}

Hi, this patch fixes . Honza -- Jan Cholasta >From ee827fab8cb916ebf2d9b7d21ae4b6f93685e2b2 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 6 Mar 2013 10:20:18 +0100 Subject: [PATCH] Fix internal error in output_for_cli method of sudorule_{

[Freeipa-devel] [PATCH] 114 Remove disabled entries from sudoers compat tree

Hi, this patch fixes . Honza -- Jan Cholasta >From 4d9b3cd132981dbf51067adf3d35e5b6b70b673c Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 6 Mar 2013 10:07:13 +0100 Subject: [PATCH] Remove disabled entries from sudoers compat tree. The rem

Re: [Freeipa-devel] [PATCH] 378-380 Improved CNAME and DNAME validation

On 03/05/2013 01:04 PM, Petr Spacek wrote: > Hello, > > please see my comments in-line. > > On 5.3.2013 12:23, Martin Kosek wrote: >> These relatively straightforward patches depend on each other, so I am >> sending >> them in bulk. Details can be found in commit messages. >> >> Martin >> >> >>