Re: [Freeipa-devel] [PATCH 424] install: Introduce installer framework ipapython.install

2015-04-20 Thread Martin Basti
On 17/04/15 16:15, Jan Cholasta wrote: Dne 16.4.2015 v 16:46 Jan Cholasta napsal(a): Hi, the attached patch adds the basics of the new installer framework. As a next step, I plan to convert the install scripts to use the framework with their old code (the old code will be gradually ported to

Re: [Freeipa-devel] User life cycle: How to update 60basev3.ldif

2015-04-20 Thread Petr Spacek
On 17.4.2015 17:16, thierry bordaz wrote: Hello, User life cycle uses a new DS aci right: moddn. This right comes with two new target keywords (target_to and target_from). permission plugins should support those new target keywords and so those attributes need to be defined in

Re: [Freeipa-devel] Splitting out ipaldap

2015-04-20 Thread Petr Viktorin
On 04/20/2015 08:30 AM, Jan Cholasta wrote: Dne 16.4.2015 v 09:18 Petr Viktorin napsal(a): On 04/15/2015 08:30 AM, Jan Cholasta wrote: Dne 14.4.2015 v 19:21 Petr Viktorin napsal(a): On 04/14/2015 06:18 PM, Jan Cholasta wrote: Dne 14.4.2015 v 17:50 Petr Viktorin napsal(a): On 04/14/2015

Re: [Freeipa-devel] [PATCH 001] Remove recommendation from ipa-adtrust-install

2015-04-20 Thread Gabe Alford
Ack from me. Thanks, Gabe On Fri, Apr 10, 2015 at 7:35 AM, Thorsten Scherf tsch...@redhat.com wrote: -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 810 speed up indirect member processing

2015-04-20 Thread Jan Cholasta
Dne 9.4.2015 v 13:56 Petr Vobornik napsal(a): On 04/08/2015 10:21 AM, Jan Cholasta wrote: Hi, Dne 31.3.2015 v 12:11 Petr Vobornik napsal(a): the old implementation tried to get all entries which are member of group. That means also user. User can't have any members therefore this costly

Re: [Freeipa-devel] [PATCH 0029] suppress errors arising from deleting non-existent files during client uninstall

2015-04-20 Thread Martin Babinsky
On 04/20/2015 10:32 AM, Martin Basti wrote: On 17/04/15 14:11, Martin Babinsky wrote: On 04/17/2015 12:41 PM, Martin Babinsky wrote: On 04/17/2015 12:36 PM, Martin Basti wrote: On 17/04/15 12:33, Martin Babinsky wrote: On 04/17/2015 12:04 PM, Martin Basti wrote: On 15/04/15 15:53, Martin

Re: [Freeipa-devel] [PATCHES 0015-0017] consolidation of various Kerberos auth methods in FreeIPA code

2015-04-20 Thread Martin Babinsky
On 04/20/2015 09:48 AM, Jan Cholasta wrote: Dne 15.4.2015 v 15:17 Martin Babinsky napsal(a): On 04/13/2015 02:16 PM, Martin Babinsky wrote: On 04/09/2015 03:38 PM, Jan Cholasta wrote: Some comments: Patch 15: 1) The functions should be as similar as possible: a) kinit_password()

Re: [Freeipa-devel] [PATCH 0029] suppress errors arising from deleting non-existent files during client uninstall

2015-04-20 Thread Martin Basti
On 17/04/15 14:11, Martin Babinsky wrote: On 04/17/2015 12:41 PM, Martin Babinsky wrote: On 04/17/2015 12:36 PM, Martin Basti wrote: On 17/04/15 12:33, Martin Babinsky wrote: On 04/17/2015 12:04 PM, Martin Basti wrote: On 15/04/15 15:53, Martin Babinsky wrote: On 04/14/2015 04:24 PM, Martin

Re: [Freeipa-devel] [PATCHES] 0688-0689 Remove Editable DN and DN component classes

2015-04-20 Thread Jan Cholasta
Dne 16.4.2015 v 14:35 Petr Viktorin napsal(a): On 04/16/2015 09:04 AM, Jan Cholasta wrote: Hi, Dne 10.4.2015 v 15:58 Petr Viktorin napsal(a): The attached patches remove EditableDN, EditableRDN and EditableAVA. They depend on Petr Voborník's patch 811 (performance: faster DN implementation).

Re: [Freeipa-devel] [PATCHES 0015-0017] consolidation of various Kerberos auth methods in FreeIPA code

2015-04-20 Thread Jan Cholasta
Dne 20.4.2015 v 10:06 Martin Babinsky napsal(a): On 04/20/2015 09:48 AM, Jan Cholasta wrote: Dne 15.4.2015 v 15:17 Martin Babinsky napsal(a): On 04/13/2015 02:16 PM, Martin Babinsky wrote: On 04/09/2015 03:38 PM, Jan Cholasta wrote: Some comments: Patch 15: 1) The functions should be as

Re: [Freeipa-devel] [PATCHES 0015-0017] consolidation of various Kerberos auth methods in FreeIPA code

2015-04-20 Thread Jan Cholasta
Dne 15.4.2015 v 15:17 Martin Babinsky napsal(a): On 04/13/2015 02:16 PM, Martin Babinsky wrote: On 04/09/2015 03:38 PM, Jan Cholasta wrote: Some comments: Patch 15: 1) The functions should be as similar as possible: a) kinit_password() should have a 'ccache_path' argument instead of

Re: [Freeipa-devel] User life cycle: How to update 60basev3.ldif

2015-04-20 Thread thierry bordaz
On 04/20/2015 09:10 AM, Petr Spacek wrote: On 17.4.2015 17:16, thierry bordaz wrote: Hello, User life cycle uses a new DS aci right: moddn. This right comes with two new target keywords (target_to and target_from). permission plugins should support those new target keywords and so

Re: [Freeipa-devel] [PATCH] 810 speed up indirect member processing

2015-04-20 Thread Petr Vobornik
On 04/20/2015 09:51 AM, Jan Cholasta wrote: Dne 9.4.2015 v 13:56 Petr Vobornik napsal(a): On 04/08/2015 10:21 AM, Jan Cholasta wrote: Hi, Dne 31.3.2015 v 12:11 Petr Vobornik napsal(a): the old implementation tried to get all entries which are member of group. That means also user. User can't

Re: [Freeipa-devel] [PATCH] 809 speed up convert_attribute_members

2015-04-20 Thread Jan Cholasta
Dne 9.4.2015 v 13:56 Petr Vobornik napsal(a): On 04/02/2015 09:47 AM, Jan Cholasta wrote: Hi, Dne 31.3.2015 v 12:11 Petr Vobornik napsal(a): A workaround to avoid usage of slow LDAPEntry._sync_attr #4946. I originally wanted to avoid DN processing as well but we can't do that because of DNs

Re: [Freeipa-devel] [PATCH 0014] emit a more helpful error messages when CA configuration fails

2015-04-20 Thread Martin Babinsky
On 04/17/2015 03:56 PM, Martin Babinsky wrote: On 03/05/2015 01:11 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4900 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH 0030] use separate ccache filename for each IPA DNSSEC daemon

2015-04-20 Thread Martin Babinsky
The attached patch implements a request by Petr^2 Spacek during the review of my PATCHES 0015-0017, which are prerequisites of the patch and were pushed today. Petr wanted each DNSSEC daemon (ipa-dnskeysync-replica, ipa-dnskeysyncd, and ipa-ods-exporter) to have its own CCache file to

Re: [Freeipa-devel] [PATCH 424] install: Introduce installer framework ipapython.install

2015-04-20 Thread Jan Cholasta
Dne 20.4.2015 v 15:14 Martin Basti napsal(a): On 17/04/15 16:15, Jan Cholasta wrote: Dne 16.4.2015 v 16:46 Jan Cholasta napsal(a): Hi, the attached patch adds the basics of the new installer framework. As a next step, I plan to convert the install scripts to use the framework with their old

Re: [Freeipa-devel] [PATCHES 0227-0229] Server upgrade: introduce ipa-server-upgrade command

2015-04-20 Thread David Kupka
On 04/16/2015 05:14 PM, Martin Basti wrote: On 15/04/15 16:26, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4904 Patches attached. Also ipa-upgradeconfig part is called as a subprocess. This will be removed after installer modifications. This patch may cause temporal upgrade

Re: [Freeipa-devel] [PATCH] manage replication topology in the shared tree

2015-04-20 Thread thierry bordaz
On 04/13/2015 10:56 AM, Ludwig Krispenz wrote: Hi, in the attachment you find the latest state of the topology plugin, it implements what is defined in the design page: http://www.freeipa.org/page/V4/Manage_replication_topology (which is also waiting for a reviewer) It contains the plugin

Re: [Freeipa-devel] [PATCHES] 0688-0689 Remove Editable DN and DN component classes

2015-04-20 Thread Jan Cholasta
Dne 20.4.2015 v 17:13 Petr Viktorin napsal(a): On 04/20/2015 10:24 AM, Jan Cholasta wrote: Dne 16.4.2015 v 14:35 Petr Viktorin napsal(a): On 04/16/2015 09:04 AM, Jan Cholasta wrote: Hi, Dne 10.4.2015 v 15:58 Petr Viktorin napsal(a): The attached patches remove EditableDN, EditableRDN and

Re: [Freeipa-devel] [PATCH 0030] use separate ccache filename for each IPA DNSSEC daemon

2015-04-20 Thread Petr Spacek
On 20.4.2015 17:02, Martin Babinsky wrote: The attached patch implements a request by Petr^2 Spacek during the review of my PATCHES 0015-0017, which are prerequisites of the patch and were pushed today. Petr wanted each DNSSEC daemon (ipa-dnskeysync-replica, ipa-dnskeysyncd, and

Re: [Freeipa-devel] [PATCH] Password vault

2015-04-20 Thread Jan Cholasta
Dne 3.4.2015 v 05:37 Endi Sukma Dewata napsal(a): Hi, Attached are new patches replacing all old ones. Please take a look at them. They should applied in this order: 365, 353-8, 355-6, 357-3, 359-2, 360-1, 364-1, 361-1. Thanks for squashing patches 362-364 into the original patches, it's

Re: [Freeipa-devel] Splitting out ipaldap

2015-04-20 Thread Jan Cholasta
Dne 16.4.2015 v 09:18 Petr Viktorin napsal(a): On 04/15/2015 08:30 AM, Jan Cholasta wrote: Dne 14.4.2015 v 19:21 Petr Viktorin napsal(a): On 04/14/2015 06:18 PM, Jan Cholasta wrote: Dne 14.4.2015 v 17:50 Petr Viktorin napsal(a): On 04/14/2015 05:22 PM, Jan Cholasta wrote: Hi, Dne 14.4.2015