[Freeipa-devel] [PATCH 0045] Enforce host existence only where needed in ipa-replica-manage

Hi, In ipa-replica-manage commands, we enforce that hostnames we work with are resolvable. However, this caused errors while deleting or disconnecting a ipa / winsync replica, if that replica was down and authoritative server for itself. https://fedorahosted.org/freeipa/ticket/3524 Tomas From

[Freeipa-devel] [PATCH 0142] Improve LDAP error logging

Hello, Improve LDAP error logging. Diagnostic error message is logged when it is available. Plugin with this patch produces messages like: LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind to LDAP server failed intead of bind to LDAP server failed: Server is

[Freeipa-devel] [PATCH 0143] Treat syntax errors in LDAP filters as fatal

Hello, Treat syntax errors in LDAP filters as fatal. Filters are hardcoded at the moment, this is preventive action. -- Petr^2 Spacek From 7d903641d343f3e083feed3e935d34c19ede2971 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 9 Apr 2013 15:28:19 +0200 Subject:

[Freeipa-devel] [PATCH] 125 Do actually stop pki_cad in stop_pkicad instead of starting it

Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/3554. Honza -- Jan Cholasta From fca3caa0515e2ca37b9e04c3c960d59477ccd0a9 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Tue, 9 Apr 2013 15:49:15 +0200 Subject: [PATCH] Do actually stop pki_cad in stop_pkicad

Re: [Freeipa-devel] [PATCH] 123 Use http instead of https for OCSP and CRL URLs in IPA certificate profile

On 04/08/2013 05:09 PM, Martin Kosek wrote: On 04/08/2013 03:47 PM, Dmitri Pal wrote: On 04/08/2013 08:42 AM, Martin Kosek wrote: On 04/08/2013 10:48 AM, Jan Cholasta wrote: On 8.4.2013 10:47, Jan Cholasta wrote: Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/3552. Honza

Re: [Freeipa-devel] [PATCH] 123 Use http instead of https for OCSP and CRL URLs in IPA certificate profile

On Tue, 2013-04-09 at 16:02 +0200, Martin Kosek wrote: On 04/08/2013 05:09 PM, Martin Kosek wrote: On 04/08/2013 03:47 PM, Dmitri Pal wrote: On 04/08/2013 08:42 AM, Martin Kosek wrote: On 04/08/2013 10:48 AM, Jan Cholasta wrote: On 8.4.2013 10:47, Jan Cholasta wrote: Hi, this patch

Re: [Freeipa-devel] [PATCH] 125 Do actually stop pki_cad in stop_pkicad instead of starting it

On 04/09/2013 03:52 PM, Jan Cholasta wrote: Hi, this patch fixes https://fedorahosted.org/freeipa/ticket/3554. Honza Yeah, this does much better job at stopping pki-ca... ACK. Pushed to master, ipa-3-1. Martin ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 267 Filter groups by type (normal, posix, external)

On 04/04/2013 12:02 PM, Martin Kosek wrote: On 04/04/2013 11:48 AM, Tomas Babej wrote: On 03/22/2013 03:03 PM, Martin Kosek wrote: On 03/21/2013 06:10 PM, Petr Vobornik wrote: On 03/21/2013 05:10 PM, Martin Kosek wrote: On 03/16/2013 03:32 AM, Endi Sukma Dewata wrote: On 3/12/2013 11:28 AM,

Re: [Freeipa-devel] [PATCH] 123 Use http instead of https for OCSP and CRL URLs in IPA certificate profile

On Tue, 2013-04-09 at 11:18 -0400, Dmitri Pal wrote: On 04/09/2013 10:19 AM, Simo Sorce wrote: On Tue, 2013-04-09 at 16:02 +0200, Martin Kosek wrote: On 04/08/2013 05:09 PM, Martin Kosek wrote: On 04/08/2013 03:47 PM, Dmitri Pal wrote: On 04/08/2013 08:42 AM, Martin Kosek wrote: On

Re: [Freeipa-devel] [PATCH] 267 Filter groups by type (normal, posix, external)

On 04/09/2013 05:06 PM, Martin Kosek wrote: On 04/09/2013 04:38 PM, Petr Vobornik wrote: On 04/04/2013 12:02 PM, Martin Kosek wrote: Thanks Tomas for your opinion, I can agree with that. To make it more in an actual design, this is API following this discussion that I would propose: This is

Re: [Freeipa-devel] [PATCH] 267 Filter groups by type (normal, posix, external)

On 04/09/2013 06:45 PM, Petr Vobornik wrote: On 04/09/2013 05:06 PM, Martin Kosek wrote: On 04/09/2013 04:38 PM, Petr Vobornik wrote: On 04/04/2013 12:02 PM, Martin Kosek wrote: Thanks Tomas for your opinion, I can agree with that. To make it more in an actual design, this is API following

Re: [Freeipa-devel] [PATCH] WIP backup and restore

Petr Viktorin wrote: On 04/05/2013 10:54 PM, Rob Crittenden wrote: Petr Viktorin wrote: On 04/04/2013 03:04 PM, Rob Crittenden wrote: Rob Crittenden wrote: Petr Viktorin wrote: On 03/23/2013 05:06 AM, Rob Crittenden wrote: There are strict limits on what can be restored where. Only exact

Re: [Freeipa-devel] [PATCH 0044] Update only selected attributes for winsync agreement

Tomas Babej wrote: Hi, Trying to insert nsDS5ReplicatedAttributeListTotal and nsds5ReplicaStripAttrs to winsync agreements caused upgrade errors. With this patch, these attributes are skipped for winsync agreements. Made find_ipa_replication_agreements() in replication.py more corresponding to

Re: [Freeipa-devel] [PATCH] 1094 fix 2 broken tests

Ana Krivokapic wrote: On 04/05/2013 10:30 PM, Rob Crittenden wrote: Two tests are failing due to missing attributes since the krb ticket flags patch was pushed. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 123 Use http instead of https for OCSP and CRL URLs in IPA certificate profile

On 04/09/2013 12:11 PM, Simo Sorce wrote: On Tue, 2013-04-09 at 11:18 -0400, Dmitri Pal wrote: On 04/09/2013 10:19 AM, Simo Sorce wrote: On Tue, 2013-04-09 at 16:02 +0200, Martin Kosek wrote: On 04/08/2013 05:09 PM, Martin Kosek wrote: On 04/08/2013 03:47 PM, Dmitri Pal wrote: On 04/08/2013