Re: [Freeipa-devel] [PATCH] 310 Exclude attributelevelrights from --raw result processing in baseldap

Dne 28.7.2014 v 19:59 Petr Viktorin napsal(a): On 07/24/2014 05:33 PM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4371. Honza NACK If the value *is* a str, with this patch it ends up undefined. Right, fixed. -- Jan Cholasta From

Re: [Freeipa-devel] LDAP schema for DNSSEC keys

Dne 28.7.2014 v 11:04 Simo Sorce napsal(a): On Fri, 2014-07-25 at 19:26 +0200, Petr Spacek wrote: I have updated design page and diagrams: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm#LDAPschema Excellent page, I took a full read and it all seem

Re: [Freeipa-devel] LDAP schema for DNSSEC keys

Dne 29.7.2014 v 08:56 Simo Sorce napsal(a): On Tue, 2014-07-29 at 08:46 +0200, Jan Cholasta wrote: Dne 28.7.2014 v 11:04 Simo Sorce napsal(a): On Fri, 2014-07-25 at 19:26 +0200, Petr Spacek wrote: I have updated design page and diagrams:

Re: [Freeipa-devel] [PATCH] 310 Exclude attributelevelrights from --raw result processing in baseldap

On 07/29/2014 08:27 AM, Jan Cholasta wrote: Dne 28.7.2014 v 19:59 Petr Viktorin napsal(a): On 07/24/2014 05:33 PM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4371. Honza NACK If the value *is* a str, with this patch it ends up undefined.

Re: [Freeipa-devel] [PATCH] 710 webui: review pending operation after expired session

On 28.7.2014 19:01, Endi Sukma Dewata wrote: On 7/28/2014 6:06 AM, Petr Vobornik wrote: Right now suppose I'm trying to delete a user, I have the delete dialog open and I let it sit until the session expires, then when I click Delete it will show me a login screen. Once I re-login, the dialog

Re: [Freeipa-devel] [PATCH] 715 webui: add bounce url to reset_password.html

On 28.7.2014 19:08, Endi Sukma Dewata wrote: On 7/28/2014 3:58 AM, Petr Vobornik wrote: Just one thing, there is no pause between clicking the Reset button and the redirection, so the Password reset was successful. confirmation message might only appear very briefly. A possible alternative is

Re: [Freeipa-devel] [PATCH] 0007 test group: remove group from protected group

On 07/28/2014 06:41 PM, Petr Viktorin wrote: On 07/24/2014 03:11 PM, David Kupka wrote: Simple test scenario from ticket #4448. Last test will fail until patch freeipa-dkupka-0006 gets accepted. Thanks! These look fine, but since the new tests don't require that the rest of `test_group` is

Re: [Freeipa-devel] [PATCH] 0006 Fix group-remove-member crash when group is removed from a protected group

On 07/23/2014 04:32 PM, David Kupka wrote: On 07/23/2014 04:15 PM, Martin Kosek wrote: On 07/23/2014 04:08 PM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4448 Alternatively, we could also update the if condition to avoid running this section at all when options['user'] does

Re: [Freeipa-devel] [PATCH] 0005 Verify otptoken timespan is valid

Dne 24.7.2014 v 10:00 David Kupka napsal(a): On 07/23/2014 05:07 PM, Jan Cholasta wrote: Hi, On 23.7.2014 15:46, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4244 1) Use isinstance(X, Y) instead of type(X) is Y. Thanks for advice, will try to remember. 2) When is

Re: [Freeipa-devel] [PATCH] 0005 Verify otptoken timespan is valid

On 07/29/2014 01:21 PM, Jan Cholasta wrote: Dne 24.7.2014 v 10:00 David Kupka napsal(a): On 07/23/2014 05:07 PM, Jan Cholasta wrote: Hi, On 23.7.2014 15:46, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4244 1) Use isinstance(X, Y) instead of type(X) is Y. Thanks for

Re: [Freeipa-devel] [PATCH] 0005 Verify otptoken timespan is valid

Dne 29.7.2014 v 14:11 David Kupka napsal(a): On 07/29/2014 01:21 PM, Jan Cholasta wrote: Dne 24.7.2014 v 10:00 David Kupka napsal(a): On 07/23/2014 05:07 PM, Jan Cholasta wrote: Hi, On 23.7.2014 15:46, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4244 1) Use isinstance(X,

Re: [Freeipa-devel] [PATCH] 0005 Verify otptoken timespan is valid

On 07/29/2014 03:28 PM, Jan Cholasta wrote: Dne 29.7.2014 v 14:11 David Kupka napsal(a): On 07/29/2014 01:21 PM, Jan Cholasta wrote: Dne 24.7.2014 v 10:00 David Kupka napsal(a): On 07/23/2014 05:07 PM, Jan Cholasta wrote: Hi, On 23.7.2014 15:46, David Kupka wrote:

Re: [Freeipa-devel] [PATCH] 0005 Verify otptoken timespan is valid

Dne 29.7.2014 v 15:52 David Kupka napsal(a): On 07/29/2014 03:28 PM, Jan Cholasta wrote: Dne 29.7.2014 v 14:11 David Kupka napsal(a): On 07/29/2014 01:21 PM, Jan Cholasta wrote: Dne 24.7.2014 v 10:00 David Kupka napsal(a): On 07/23/2014 05:07 PM, Jan Cholasta wrote: Hi, On 23.7.2014

Re: [Freeipa-devel] [PATCHES] 295-299 Allow changing chaining of the IPA CA certificate

Jan Cholasta wrote: Dne 28.7.2014 v 21:39 Rob Crittenden napsal(a): This is oh-so close. AFAICT it generally does what it should, I think it is ready for a wider audience. Just a few more things: 306: A while True loop is used for something which AFAICT can only ever execute once. I'd think

Re: [Freeipa-devel] [PATCHES] 295-299 Allow changing chaining of the IPA CA certificate

Rob Crittenden wrote: Jan Cholasta wrote: Dne 28.7.2014 v 21:39 Rob Crittenden napsal(a): This is oh-so close. AFAICT it generally does what it should, I think it is ready for a wider audience. Just a few more things: 306: A while True loop is used for something which AFAICT can only ever

[Freeipa-devel] [PATCHES] 0264-0267 backup, restore: Don't overwrite /etc/{passwd, group}

Hello, The first patch here consolidates our system user creation code a bit. The second patch fixes an oversight in the restore script. The third changes the backup script to not include /etc/{passwd,group}, and the restore script to create the PKI user if a CA is being restored. Note that

[Freeipa-devel] [PATCH] 480 Do not crash client basedn discovery when SSF not met

ipa-client-install runs anonymous search in non-rootdse space which may raise UNWILLING_TO_PERFORM error. This case was only covered for BIND, but not for the actual LDAP queries. https://fedorahosted.org/freeipa/ticket/4459 -- Martin Kosek mko...@redhat.com Supervisor, Software Engineering -

Re: [Freeipa-devel] [PATCH] 0007 test group: remove group from protected group

On 07/29/2014 12:58 PM, David Kupka wrote: On 07/28/2014 06:41 PM, Petr Viktorin wrote: On 07/24/2014 03:11 PM, David Kupka wrote: Simple test scenario from ticket #4448. Last test will fail until patch freeipa-dkupka-0006 gets accepted. Thanks! These look fine, but since the new tests

Re: [Freeipa-devel] [PATCH] 0005 Verify otptoken timespan is valid

On 07/29/2014 03:58 PM, Jan Cholasta wrote: Dne 29.7.2014 v 15:52 David Kupka napsal(a): On 07/29/2014 03:28 PM, Jan Cholasta wrote: Dne 29.7.2014 v 14:11 David Kupka napsal(a): On 07/29/2014 01:21 PM, Jan Cholasta wrote: Dne 24.7.2014 v 10:00 David Kupka napsal(a): On 07/23/2014 05:07

Re: [Freeipa-devel] [PATCH] 480 Do not crash client basedn discovery when SSF not met

On 07/29/2014 05:03 PM, Martin Kosek wrote: ipa-client-install runs anonymous search in non-rootdse space which may raise UNWILLING_TO_PERFORM error. This case was only covered for BIND, but not for the actual LDAP queries. https://fedorahosted.org/freeipa/ticket/4459 ACK, pushed to: master:

Re: [Freeipa-devel] [PATCHES] 0264-0267 backup, restore: Don't overwrite /etc/{passwd, group}

On 07/29/2014 05:02 PM, Petr Viktorin wrote: Hello, The first patch here consolidates our system user creation code a bit. The second patch fixes an oversight in the restore script. The third changes the backup script to not include /etc/{passwd,group}, and the restore script to create the

Re: [Freeipa-devel] Password Vault Implementation

On 7/15/2014 9:13 AM, Endi Sukma Dewata wrote: Hi, I've been working on the implementation details of password vault: http://www.freeipa.org/page/V4/Password_Vault_Implementation There are some issues (i.e. vault password and vault key) that aren't specifically defined in the design, so we