Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it is good enough. I just do not like the API.

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/03/2014 05:03 PM, Petr Vobornik wrote: On 3.10.2014 16:46, Simo Sorce wrote: I did not do any ACI work in the patch yet. I assume that we would like to add the attr into 'System: Read Host|Service' permission. But I think that write right should have it's own permission. I have added

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek wrote: NACK. I will not comment on mechanics, if you get an ACK from Honza, it

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/06/2014 01:31 PM, Petr Viktorin wrote: On 10/03/2014 05:02 PM, Martin Kosek wrote: [...] I like these the best. Maybe with a -to or -by suffix. or if we expect more operations in a future: ipa host-allow-operation HOSTNAME --operation read-keys --users=STR --groups STR ipa

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik napsal(a): On 3.10.2014 16:24, Martin Kosek

[Freeipa-devel] [RFC] Views - SSSD cache layout

Hi, I have started a new section on the design page 'Migrating existing environments to Trust' aka Views about how the data is stored in the cache of SSSD at http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust#SSSD_Cache_layout Comments and suggestions are welcome. bye,

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/06/2014 03:01 PM, Simo Sorce wrote: On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote: Dne 3.10.2014 v 16:47 Petr Vobornik

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On Mon, 06 Oct 2014 15:49:09 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 03:01 PM, Simo Sorce wrote: On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 6.10.2014 15:49, Martin Kosek wrote: On 10/06/2014 03:01 PM, Simo Sorce wrote: On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a): On 10/03/2014 04:59 PM, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

On 10/06/2014 04:15 PM, Petr Vobornik wrote: On 6.10.2014 15:49, Martin Kosek wrote: On 10/06/2014 03:01 PM, Simo Sorce wrote: On Mon, 06 Oct 2014 12:53:57 +0200 Martin Kosek mko...@redhat.com wrote: On 10/06/2014 10:33 AM, Jan Cholasta wrote: Dne 3.10.2014 v 17:02 Martin Kosek napsal(a):

Re: [Freeipa-devel] [PATCH] 0159-0160 Support ID views in compat tree

Hi Alex, one quick comment: I'm afraid the only case where slapi_search_internal_pb() returns -1 is if you don't provide a pblock. In all other cases it returns 0 and you have to check: slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, result); Ludwig Ludwig On 10/01/2014 06:16 PM,

Re: [Freeipa-devel] [PATCH] 0159-0160 Support ID views in compat tree

On Mon, 06 Oct 2014, Ludwig Krispenz wrote: Hi Alex, one quick comment: I'm afraid the only case where slapi_search_internal_pb() returns -1 is if you don't provide a pblock. In all other cases it returns 0 and you have to check: slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT,

Re: [Freeipa-devel] [PATCH] 0159-0160 Support ID views in compat tree

On 10/06/2014 04:44 PM, Alexander Bokovoy wrote: On Mon, 06 Oct 2014, Ludwig Krispenz wrote: Hi Alex, one quick comment: I'm afraid the only case where slapi_search_internal_pb() returns -1 is if you don't provide a pblock. In all other cases it returns 0 and you have to check:

Re: [Freeipa-devel] [PATCH] 0159-0160 Support ID views in compat tree

On 10/06/2014 04:57 PM, Ludwig Krispenz wrote: On 10/06/2014 04:44 PM, Alexander Bokovoy wrote: On Mon, 06 Oct 2014, Ludwig Krispenz wrote: Hi Alex, one quick comment: I'm afraid the only case where slapi_search_internal_pb() returns -1 is if you don't provide a pblock. In all other cases

Re: [Freeipa-devel] Switching to pytest

On 10/03/2014 09:24 AM, Petr Viktorin wrote: https://fedorahosted.org/freeipa/ticket/4610 Our test suite is currently not very maintainable. I want to dedicate some time to improve this. The biggest part of this effort will be switching to a different test framework, [pytest]. Compared to

[Freeipa-devel] Dogtag lightweight sub-CAs; updated design

Hi all, The Dogtag lightweight sub-CAs design has undergone major revision and expansion ahead of beginning the implementation (I plan to begin later this week). This feature will provide an API for admins to create sub-CAs for separate security domains and augment the existing API so that