[Freeipa-devel] [PATCH] 496 Fix typo in ipa-server-upgrade man page

Pushed to master (oneliner): d0a330aa1ce250da3ab552f6517945c7cf871ad1 -- Martin Kosek Supervisor, Software Engineering - Identity Management Team Red Hat Inc. From c0642ba63f41d269d3208bf9fc69da0503aff3fa Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Tue, 26 May 2015 07:52:50 +0200 Subject:

Re: [Freeipa-devel] Yet another user certificates/Smart Card thread

On 05/25/2015 04:40 PM, Jan Cholasta wrote: Dne 25.5.2015 v 16:26 Fraser Tweedale napsal(a): On Mon, May 25, 2015 at 03:56:46PM +0200, Martin Kosek wrote: On 05/25/2015 03:13 PM, Jan Cholasta wrote: Hi, Dne 25.5.2015 v 14:55 Martin Babinsky napsal(a): Hello all, long post ahead! I became a

Re: [Freeipa-devel] [PATCH 0258] Server Upgrade: move code from ipa-upgrade config into separate module

Dne 25.5.2015 v 16:46 Martin Basti napsal(a): On 22/05/15 18:13, Martin Basti wrote: IPA services upgrade is executed only by ipa-server-upgrade, ipa-upgradeconfig will not work. Patch attached. https://fedorahosted.org/freeipa/ticket/4904 Updated patch attached. Thanks, ACK. Pushed to

Re: [Freeipa-devel] [PATCH 0036] merge KRA installation machinery to a single module

Dne 25.5.2015 v 16:58 Martin Babinsky napsal(a): On 05/21/2015 10:16 AM, Martin Babinsky wrote: On 05/19/2015 08:23 PM, Martin Babinsky wrote: This patch is required for the installer ref@#$%&ing work (https://fedorahosted.org/freeipa/ticket/4468). It required quite a bit of hacking to get it

Re: [Freeipa-devel] [PATCH 0325] Add Domain Level feature

On 05/25/2015 12:42 PM, Tomas Babej wrote: > > > On 05/25/2015 07:30 AM, Jan Cholasta wrote: >> Dne 22.5.2015 v 12:36 Petr Vobornik napsal(a): >>> On 05/22/2015 07:08 AM, Jan Cholasta wrote: Dne 21.5.2015 v 18:18 Tomas Babej napsal(a): > > > On 05/19/2015 04:07 PM, Tomas Babej

Re: [Freeipa-devel] [PATCH 0036] merge KRA installation machinery to a single module

On 05/21/2015 10:16 AM, Martin Babinsky wrote: On 05/19/2015 08:23 PM, Martin Babinsky wrote: This patch is required for the installer ref@#$%&ing work (https://fedorahosted.org/freeipa/ticket/4468). It required quite a bit of hacking to get it work as expected, but I hope that it's not so bad.

Re: [Freeipa-devel] [PATCH 0258] Server Upgrade: move code from ipa-upgrade config into separate module

On 22/05/15 18:13, Martin Basti wrote: IPA services upgrade is executed only by ipa-server-upgrade, ipa-upgradeconfig will not work. Patch attached. https://fedorahosted.org/freeipa/ticket/4904 Updated patch attached. -- Martin Basti From 021bcf3ee911b472425a8ca4931570d5154100b5 Mon Sep

Re: [Freeipa-devel] Yet another user certificates/Smart Card thread

Dne 25.5.2015 v 16:26 Fraser Tweedale napsal(a): On Mon, May 25, 2015 at 03:56:46PM +0200, Martin Kosek wrote: On 05/25/2015 03:13 PM, Jan Cholasta wrote: Hi, Dne 25.5.2015 v 14:55 Martin Babinsky napsal(a): Hello all, long post ahead! I became a proud owner of https://fedorahosted.org/freei

Re: [Freeipa-devel] [PATCH] 0178 Fix AD trusts in Fedora 22

On 05/12/2015 04:03 PM, Alexander Bokovoy wrote: > On Tue, 12 May 2015, Alexander Bokovoy wrote: >> On Tue, 12 May 2015, Alexander Bokovoy wrote: >>> On Fri, 08 May 2015, Alexander Bokovoy wrote: Hi, attached patch fixes issues with Samba 4.2 in Fedora 22. See commit mess

Re: [Freeipa-devel] Yet another user certificates/Smart Card thread

On Mon, May 25, 2015 at 03:56:46PM +0200, Martin Kosek wrote: > On 05/25/2015 03:13 PM, Jan Cholasta wrote: > > Hi, > > > > Dne 25.5.2015 v 14:55 Martin Babinsky napsal(a): > >> Hello all, long post ahead! > >> > >> I became a proud owner of https://fedorahosted.org/freeipa/ticket/4238, > >> and w

Re: [Freeipa-devel] Yet another user certificates/Smart Card thread

On 05/25/2015 04:19 PM, Martin Babinsky wrote: > On 05/25/2015 03:56 PM, Martin Kosek wrote: >> On 05/25/2015 03:13 PM, Jan Cholasta wrote: >>> Hi, >>> >>> Dne 25.5.2015 v 14:55 Martin Babinsky napsal(a): Hello all, long post ahead! I became a proud owner of https://fedorahosted.org/

Re: [Freeipa-devel] Yet another user certificates/Smart Card thread

On 05/25/2015 03:56 PM, Martin Kosek wrote: On 05/25/2015 03:13 PM, Jan Cholasta wrote: Hi, Dne 25.5.2015 v 14:55 Martin Babinsky napsal(a): Hello all, long post ahead! I became a proud owner of https://fedorahosted.org/freeipa/ticket/4238, and while Martin's design page (http://www.freeipa.o

Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart

On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote: > On 25/05/15 13:57, Martin Basti wrote: > >On 25/05/15 09:20, Fraser Tweedale wrote: > >>On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote: > >>>Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a): > On 05/21/2015 03:16 PM, Fra

Re: [Freeipa-devel] Yet another user certificates/Smart Card thread

On 05/25/2015 03:13 PM, Jan Cholasta wrote: > Hi, > > Dne 25.5.2015 v 14:55 Martin Babinsky napsal(a): >> Hello all, long post ahead! >> >> I became a proud owner of https://fedorahosted.org/freeipa/ticket/4238, >> and while Martin's design page >> (http://www.freeipa.org/page/V4/User_Certificates

[Freeipa-devel] Replication Topology plugin issues

Hi, Playing around with the replication topology plugin, I've noticed a couple of issues: 1. around 50% of attempts to setup a replica of a freeipa master with topology plugin enabled (domain level set to 1.0) end up with the following error message in the stdoutput: [error] RuntimeError: One o

Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart

On 25/05/15 13:57, Martin Basti wrote: On 25/05/15 09:20, Fraser Tweedale wrote: On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote: Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a): On 05/21/2015 03:16 PM, Fraser Tweedale wrote: On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti w

Re: [Freeipa-devel] Yet another user certificates/Smart Card thread

Hi, Dne 25.5.2015 v 14:55 Martin Babinsky napsal(a): Hello all, long post ahead! I became a proud owner of https://fedorahosted.org/freeipa/ticket/4238, and while Martin's design page (http://www.freeipa.org/page/V4/User_Certificates) brings a comprehensive overview of what should be done, ther

[Freeipa-devel] [PATCH 0260] Server Upgrade: fix the remove statement

This fixes issue with the remove statement, which causes LDAP error, when the updater is trying to remove value from nonexistent entry. Reproducer: apply my patch mbasti-0256, install the IPA server without the DNS subsystem. Patch attached. https://fedorahosted.org/freeipa/ticket/4904 -- Ma

Re: [Freeipa-devel] [PATCH 0321] Update and standardize copyright headers; introduce AUTHORS file

On 25.5.2015 14:41, Lukas Slebodnik wrote: > On (28/04/15 14:50), Petr Spacek wrote: >> Hello, >> >> I'm going to add couple new files to the source tree and current copyright >> header drove me mad, so here is (finally) a clenaup. >> >> >> Update and standardize copyright headers; introduce AUTHOR

Re: [Freeipa-devel] using pyhbac for CA ACLs

On Mon, May 25, 2015 at 02:09:32PM +0300, Alexander Bokovoy wrote: > On Mon, 25 May 2015, Fraser Tweedale wrote: > >Hi everyone, > > > >CA ACLs (the forthcoming `caacl' plugin) will be used to declare > >which users/hosts/services can get certificates from which CAs and > >profiles. For v4.2, we w

[Freeipa-devel] Yet another user certificates/Smart Card thread

Hello all, long post ahead! I became a proud owner of https://fedorahosted.org/freeipa/ticket/4238, and while Martin's design page (http://www.freeipa.org/page/V4/User_Certificates) brings a comprehensive overview of what should be done, there are still some gray areas we should address both

Re: [Freeipa-devel] [PATCH 0321] Update and standardize copyright headers; introduce AUTHORS file

On (28/04/15 14:50), Petr Spacek wrote: >Hello, > >I'm going to add couple new files to the source tree and current copyright >header drove me mad, so here is (finally) a clenaup. > > >Update and standardize copyright headers; introduce AUTHORS file. > >Dates in all headers were harmonized with Git

Re: [Freeipa-devel] [PATCH 0048] fix ipa help command output errors

On 22/05/15 17:40, Gabe Alford wrote: On Fri, May 22, 2015 at 9:01 AM, Martin Basti > wrote: On 22/05/15 16:08, Gabe Alford wrote: Hello, This should fix https://fedorahosted.org/freeipa/ticket/3584, and as requested in the ticket, this should also fix

Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart

On 25/05/15 09:20, Fraser Tweedale wrote: On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote: Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a): On 05/21/2015 03:16 PM, Fraser Tweedale wrote: On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote: This patch should fix following t

Re: [Freeipa-devel] using pyhbac for CA ACLs

On Mon, May 25, 2015 at 02:28:52PM +0300, Alexander Bokovoy wrote: > On Mon, 25 May 2015, Martin Kosek wrote: > >On 05/25/2015 09:35 AM, Fraser Tweedale wrote: > >>Hi everyone, > >> > >>CA ACLs (the forthcoming `caacl' plugin) will be used to declare > >>which users/hosts/services can get certifica

Re: [Freeipa-devel] using pyhbac for CA ACLs

On Mon, 25 May 2015, Martin Kosek wrote: On 05/25/2015 09:35 AM, Fraser Tweedale wrote: Hi everyone, CA ACLs (the forthcoming `caacl' plugin) will be used to declare which users/hosts/services can get certificates from which CAs and profiles. For v4.2, we will enforce the ACLs in the framework

Re: [Freeipa-devel] using pyhbac for CA ACLs

On 05/25/2015 09:35 AM, Fraser Tweedale wrote: > Hi everyone, > > CA ACLs (the forthcoming `caacl' plugin) will be used to declare > which users/hosts/services can get certificates from which CAs and > profiles. For v4.2, we will enforce the ACLs in the framework; the > plan is to move ACL enforc

Re: [Freeipa-devel] using pyhbac for CA ACLs

On Mon, 25 May 2015, Fraser Tweedale wrote: Hi everyone, CA ACLs (the forthcoming `caacl' plugin) will be used to declare which users/hosts/services can get certificates from which CAs and profiles. For v4.2, we will enforce the ACLs in the framework; the plan is to move ACL enforcement to Dogt

Re: [Freeipa-devel] [PATCH 0325] Add Domain Level feature

On 05/25/2015 07:30 AM, Jan Cholasta wrote: > Dne 22.5.2015 v 12:36 Petr Vobornik napsal(a): >> On 05/22/2015 07:08 AM, Jan Cholasta wrote: >>> Dne 21.5.2015 v 18:18 Tomas Babej napsal(a): On 05/19/2015 04:07 PM, Tomas Babej wrote: > > > On 05/19/2015 03:59 PM, Martin K

Re: [Freeipa-devel] [PATCH 0257] ULC: Fix: Upgrade for stage user admins failed

On 05/22/2015 05:59 PM, Martin Basti wrote: Patch attached. Thanks for patch. Works for me, ACK. -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/

Re: [Freeipa-devel] Fix password changes via kadmin

On 04/06/2015 12:53 AM, Simo Sorce wrote: Fix for bug 4914. I've tested it locally and seem to do exactly what is needed. I couldn't detect any side effects, except that if you use kadmin to get a randomized password for a service then you'll get a key for all supported types (currently aes256,

Re: [Freeipa-devel] [PATCH 0339-0363] Implement meta-database

On 22.5.2015 11:10, Tomas Hozza wrote: > On 05/15/2015 11:37 AM, Petr Spacek wrote: >> Hello, >> >> this patch set adds meta-database which is one of prerequisites for other >> work. >> >> These changes should not be user-visible. You might compile the plugin with >> CFLAGS="-DMETADB_DEBUG" and ch

[Freeipa-devel] using pyhbac for CA ACLs

Hi everyone, CA ACLs (the forthcoming `caacl' plugin) will be used to declare which users/hosts/services can get certificates from which CAs and profiles. For v4.2, we will enforce the ACLs in the framework; the plan is to move ACL enforcement to Dogtag in a future release (https://fedorahosted.o

Re: [Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart

On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote: > Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a): > >On 05/21/2015 03:16 PM, Fraser Tweedale wrote: > >>On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote: > >>>This patch should fix following traceback. > >>> > >>>2015-05-20T03