Re: [Freeipa-devel] [PATCH 0033] Remove trivial path constants

Thanks Petr. Updated patch attached. On Tue, Sep 30, 2014 at 10:59 AM, Petr Viktorin wrote: > On 09/30/2014 05:13 AM, Gabe Alford wrote: > >> Updated patch to fix merge conflicts from recent changes. >> >> On Wed, Sep 24, 2014 at 8:34 PM, Gabe Alford > > wrote: >> >

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

Hello Nathaniel, An additional comment about the patch. When the new value is detected to be invalid, it is fixed by a repair operation (trigger_replication). I did test it and it is fine to update, with an internal operation, the same entry that is currently updated. Now if y

[Freeipa-devel] [PATCH] 765 webui: allow --force in dnszone-mod and dnsrecord-add

Allow to use --force when changing authoritative nameserver address in DNS zone. Same for dnsrecord-add for NS record. https://fedorahosted.org/freeipa/ticket/4573 Note: dnsrecord-mod doesn't support --force option to skip dns resolution when changing NS record. Question is whether it should

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 3.10.2014 16:46, Simo Sorce wrote: I did not do any ACI work in the patch yet. I assume that we would like to add the attr into 'System: Read Host|Service' permission. But I think that write right should have it's own permission. I have added 2 new permissions. Simo, are they OK? for serv

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what "host-add-retrieve-keyt

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what "host-add-retrieve-keytab" means. That word does not even make much

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/03/2014 04:47 PM, Petr Vobornik wrote: On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what "host-add-retrieve-keytab" means. That word does not even make much se

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what "host-add-retrieve-keytab" means. That word does not even make much sense. Can we use something more readable? For

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

- Original Message - > From: "Petr Vobornik" > To: "freeipa-devel" , "jch >> Jan Cholasta" > , "simo Sorce" > > Sent: Friday, October 3, 2014 10:08:53 AM > Subject: Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission > management > > New revision according to Honza's recomme

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API. It is hard to guess what "host-add-retrieve-keytab" means. That word does not even make much sense. Can we use something more readable? For example: ipa host-add-allowed-operatio

[Freeipa-devel] [PATCH] 764 webui: management of keytab permissions

On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for: https://fedorahosted.org/freeipa/ticket/4419 Web UI for 4419. Depends on patch 761 (parent thread). -- Petr Vobornik From 2b9cc4c0a2fa4dd1a8a28b9551a15218e5367819 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Thu, 2 Oct 201

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

New revision according to Honza's recommendations. Comments inline. On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for: https://fedorahosted.org/freeipa/ticket/4419 Before I start any work on Web UI and tests I would like to gather feedback on: - the new API - member attributes wit

Re: [Freeipa-devel] ipa-server-install setup KRA

On 03/10/14 15:31, Petr Viktorin wrote: On 10/03/2014 03:22 PM, Martin Basti wrote: Hello, I found a TODO in ipa-server-install: # setup_kra is set to False until Dogtag 10.2 is available for IPA to consume # Until then users that want to install the KRA need to use ipa-install-kra # TODO s

Re: [Freeipa-devel] ipa-server-install setup KRA

On 10/03/2014 03:22 PM, Martin Basti wrote: Hello, I found a TODO in ipa-server-install: # setup_kra is set to False until Dogtag 10.2 is available for IPA to consume # Until then users that want to install the KRA need to use ipa-install-kra # TODO set setup_kra = True when Dogtag 10.2 is a

[Freeipa-devel] Switching to pytest

https://fedorahosted.org/freeipa/ticket/4610 Our test suite is currently not very maintainable. I want to dedicate some time to improve this. The biggest part of this effort will be switching to a different test framework, [pytest]. Compared to Nose, it makes complicated tests easier to write

[Freeipa-devel] ipa-server-install setup KRA

Hello, I found a TODO in ipa-server-install: # setup_kra is set to False until Dogtag 10.2 is available for IPA to consume # Until then users that want to install the KRA need to use ipa-install-kra # TODO set setup_kra = True when Dogtag 10.2 is available setup_kra = False Dogtag 10.2 is

Re: [Freeipa-devel] [PATCH] 0654 sudo integration test: Remove the local user test

On 10/03/2014 01:45 PM, Petr Viktorin wrote: SSSD does not support sudo rules for local users; these should be added in a local sudoers file. https://fedorahosted.org/freeipa/ticket/4608 Works for me, ACK. Pushed to: master: 0cdaf2c48fa7cc44229e9e490fdad0157abdabed ipa-4-1: e6edbe447c1ab56552

[Freeipa-devel] [PATCH] 0654 sudo integration test: Remove the local user test

SSSD does not support sudo rules for local users; these should be added in a local sudoers file. https://fedorahosted.org/freeipa/ticket/4608 -- Petr³ From ec76f6ff2d9edad9132a029f3643c7d5cc9cafa8 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 3 Oct 2014 10:55:48 +0200 Subject: [PATCH]

[Freeipa-devel] [PATCH 0131-0132] Add missing attributes to named.conf

Hello! Patch 131: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Patch 132: I modified named.conf in 131, so I change the rest of paths to be ipaplatform specified. Patches attached -- Martin Basti From 4fe9f258c272d9d7c98b084579bafbef6ba6bc83 Mon Sep 17 00:00:00 2001 From: Martin

Re: [Freeipa-devel] [PATCH] 762 webui-ci: adjust dnszone-add test to recent DNS changes

On 10/02/2014 04:44 PM, Petr Vobornik wrote: 'idnssoamname', 'ip_address' and 'force' fields were removed from DNS zone adder dialog in #4149 https://fedorahosted.org/freeipa/ticket/4604 Yup, tests pass now: # ipa-run-tests -v --logging-level=DEBUG test_webui.test_dns Basic CRUD: dnsconfig ..

Re: [Freeipa-devel] [PATCH] 0018 Check that port 8443 is available when installing PKI.

On 10/02/2014 12:42 PM, Martin Kosek wrote: On 09/29/2014 04:48 PM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4564 Looks and works OK. The port checking should be ideally refactored in 4.2 and *instance.py should use some common hooks to define which ports should be checked,