Re: [Freeipa-devel] [PATCH 0052] Create server-dns sub-package

Dne 1.7.2015 v 15:25 Petr Spacek napsal(a): On 1.7.2015 15:13, Jan Cholasta wrote: Hi, Dne 1.7.2015 v 14:12 Petr Spacek napsal(a): Hello, Create server-dns sub-package. This allows us to automatically pull in package bind-pkcs11 and thus create upgrade path for on CentOS 7.1 -> 7.2. IPA pre

Re: [Freeipa-devel] [PATCH 0274] DNS: Check if dns package is installed

On 1.7.2015 20:29, Tomas Babej wrote: > > > On 07/01/2015 04:45 PM, Petr Spacek wrote: >> On 1.7.2015 15:32, Martin Basti wrote: >>> https://fedorahosted.org/freeipa/ticket/4058 >>> Requires patch freeipa-pspacek-0052 >> >> ACK >> > > I must admit I don't really like wrapping a constant in the m

Re: [Freeipa-devel] topology plugin woes

On Wed, 2015-07-01 at 15:00 -0400, Simo Sorce wrote: > On Wed, 2015-07-01 at 14:44 -0400, Simo Sorce wrote: > > On Wed, 2015-07-01 at 14:34 -0400, Simo Sorce wrote: > > > I am working on the replica promotion code and suddenly the topology > > > plugin is getting in the way. > > > > > > First thin

Re: [Freeipa-devel] topology plugin woes

On Wed, 2015-07-01 at 14:44 -0400, Simo Sorce wrote: > On Wed, 2015-07-01 at 14:34 -0400, Simo Sorce wrote: > > I am working on the replica promotion code and suddenly the topology > > plugin is getting in the way. > > > > First thing I noticed is that it converted an agreement into a segment > >

Re: [Freeipa-devel] [PATCH 0018] allow deletion of segment, if not both nodes are managed

On Wed, 2015-07-01 at 12:05 +0200, Ludwig Krispenz wrote: > This fix allows the removal of segments, where not both endpoints of the > segments are managed. > These segments can exist after deliberately disconnecting a topology by > removal of a central node, a fix to automatically remove danglin

Re: [Freeipa-devel] topology plugin woes

On Wed, 2015-07-01 at 14:34 -0400, Simo Sorce wrote: > I am working on the replica promotion code and suddenly the topology > plugin is getting in the way. > > First thing I noticed is that it converted an agreement into a segment > even though my domain level is 0, is this expected ? I thought we

[Freeipa-devel] topology plugin woes

I am working on the replica promotion code and suddenly the topology plugin is getting in the way. First thing I noticed is that it converted an agreement into a segment even though my domain level is 0, is this expected ? I thought we'd enable the plugin only when level -> 1 By taking over immed

Re: [Freeipa-devel] [PATCH 0274] DNS: Check if dns package is installed

On 07/01/2015 04:45 PM, Petr Spacek wrote: > On 1.7.2015 15:32, Martin Basti wrote: >> https://fedorahosted.org/freeipa/ticket/4058 >> Requires patch freeipa-pspacek-0052 > > ACK > I must admit I don't really like wrapping a constant in the method in the TaskNamespace object. We're interested

Re: [Freeipa-devel] [PATCH 0275] DNS commands: do not show traceback if DNS is not installed

On 07/01/2015 05:53 PM, Martin Basti wrote: > https://fedorahosted.org/freeipa/ticket/5017 > > Patch attached > > > Repeated code hurts my eyes, but abstracting it seems like an overkill. ACK. Pushed to master: 96c23659fcb8adc64dd925556fb40f558fa7e37d -- Manage your subscription for the

Re: [Freeipa-devel] [PATCH] 891 replication: fix regression in get_agreement_type

On 07/01/2015 06:32 PM, Petr Vobornik wrote: > dcb6916a3b0601e33b08e12aeb25357efed6812b introduced a regression where > get_agreement_type does not raise NotFound error if an agreement for > host does not exist. The exception was swallowed by > get_replication_agreement. > > ACK. Pushed to ma

Re: [Freeipa-devel] [PATCHES 306-316] Automated migration tool from Winsync

On 06/30/2015 05:55 PM, Tomas Babej wrote: On 06/16/2015 01:01 PM, Jan Cholasta wrote: Dne 16.6.2015 v 10:14 Martin Babinsky napsal(a): On 05/06/2015 10:12 AM, Tomas Babej wrote: On 05/05/2015 02:02 PM, Tomas Babej wrote: On 04/29/2015 12:28 PM, Tomas Babej wrote: On 03/11/2015 04:20

[Freeipa-devel] [PATCH] 892 webui: add mangedby tab to otptoken

Added managedby_user tab to manage users who can manage the token. https://fedorahosted.org/freeipa/ticket/5003 Nathaniel, I could not reproduce the following part of the ticket: """ Careful interaction is required here. In the current code, this also creates a bug since all UI created tokens a

[Freeipa-devel] [PATCH] 891 replication: fix regression in get_agreement_type

dcb6916a3b0601e33b08e12aeb25357efed6812b introduced a regression where get_agreement_type does not raise NotFound error if an agreement for host does not exist. The exception was swallowed by get_replication_agreement. -- Petr Vobornik From 4dd4f13c2fc746f800ebbfc81f084ef0690bec63 Mon Sep 17 00

[Freeipa-devel] [PATCH 0275] DNS commands: do not show traceback if DNS is not installed

https://fedorahosted.org/freeipa/ticket/5017 Patch attached -- Martin Basti From b7ebb0661ff46306f25c5406ebaf0719e10e3834 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 1 Jul 2015 17:40:16 +0200 Subject: [PATCH] DNS: Do not traceback if DNS is not installed Instead of internal error s

Re: [Freeipa-devel] [PATCH] 0016 user life cycle: Display the wrong attribute name when mandatory attribute is missing

Hi Thierry, I think it would be better to use: error=_('Entry has no \'%s\'') % attr or even better, use named substitution: error=_('Entry has no \'%(attribute)s\'') % dict(attribute=attr) This way will generate a more readable strings for translators. Tomas -- Manage your subscription for

[Freeipa-devel] [PATCH] 0016 user life cycle: Display the wrong attribute name when mandatory attribute is missing

From 99d65933e49360750cf18f06315e1e259dd71126 Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Wed, 1 Jul 2015 14:46:22 +0200 Subject: [PATCH] Display the wrong attribute name when mandatory attribute is missing When activating a stageuser, if 'sn' or 'cn' or 'uid' is missing it displays an

Re: [Freeipa-devel] [PATCH] 886-890 webui: API browser

For those of you who don't want to try the patches: * https://pvoborni.fedorapeople.org/images/api-user-show.png * https://pvoborni.fedorapeople.org/images/api-user-add.png On 07/01/2015 09:35 AM, Martin Kosek wrote: On 06/30/2015 06:35 PM, Petr Vobornik wrote: First part of API Browser - displ

Re: [Freeipa-devel] [PATCH 0274] DNS: Check if dns package is installed

On 1.7.2015 15:32, Martin Basti wrote: > https://fedorahosted.org/freeipa/ticket/4058 > Requires patch freeipa-pspacek-0052 ACK -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://w

[Freeipa-devel] [PATCH 0054] cermonger: Use private unix socket when DBus SystemBus is not, available.

-- David Kupka From ece6e155007e5ab1c13c4cb61977fec5c68c8e51 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Wed, 1 Jul 2015 16:26:15 +0200 Subject: [PATCH] cermonger: Use private unix socket when DBus SystemBus is not available. --- ipaplatform/base/paths.py | 1 + ipapython/certmonger.py

[Freeipa-devel] [PATCH 0274] DNS: Check if dns package is installed

https://fedorahosted.org/freeipa/ticket/4058 Requires patch freeipa-pspacek-0052 Patch attached. -- Martin Basti From df79ebacc24299178d222f1dd83507e2ba15f479 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 1 Jul 2015 15:05:45 +0200 Subject: [PATCH] DNS: check if DNS package is installe

Re: [Freeipa-devel] [PATCH 0052] Create server-dns sub-package

On 1.7.2015 15:13, Jan Cholasta wrote: > Hi, > > Dne 1.7.2015 v 14:12 Petr Spacek napsal(a): >> Hello, >> >> Create server-dns sub-package. >> >> This allows us to automatically pull in package bind-pkcs11 >> and thus create upgrade path for on CentOS 7.1 -> 7.2. >> >> IPA previously had no requir

Re: [Freeipa-devel] [PATCH 0052] Create server-dns sub-package

Hi, Dne 1.7.2015 v 14:12 Petr Spacek napsal(a): Hello, Create server-dns sub-package. This allows us to automatically pull in package bind-pkcs11 and thus create upgrade path for on CentOS 7.1 -> 7.2. IPA previously had no requires on BIND packages and these had to be installed manually befor

Re: [Freeipa-devel] [PATCHES 448-460] Allow multiple API instances (take 2)

Dne 1.7.2015 v 14:26 Martin Babinsky napsal(a): On 07/01/2015 09:30 AM, Jan Cholasta wrote: Dne 30.6.2015 v 12:37 Martin Babinsky napsal(a): On 06/24/2015 05:21 PM, Jan Cholasta wrote: Hi, the attached patches fix and

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 06/30/2015 02:45 PM, Martin Babinsky wrote: On 06/30/2015 01:11 PM, Martin Babinsky wrote: On 06/30/2015 12:04 PM, Jan Cholasta wrote: Dne 29.6.2015 v 10:36 Martin Babinsky napsal(a): On 06/23/2015 01:49 PM, Martin Babinsky wrote: This patchset implements new API commands for manipulating

Re: [Freeipa-devel] [PATCHES 448-460] Allow multiple API instances (take 2)

On 07/01/2015 09:30 AM, Jan Cholasta wrote: Dne 30.6.2015 v 12:37 Martin Babinsky napsal(a): On 06/24/2015 05:21 PM, Jan Cholasta wrote: Hi, the attached patches fix and . Honza Hi Honza, everyt

[Freeipa-devel] [PATCH 0273] KRA install: check if replica file contains all required certificates

Fixes: https://fedorahosted.org/freeipa/ticket/5059 Patch attached. -- Martin Basti From 3545cd4680cfe50983976204c71a2dc6df3788bb Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 1 Jul 2015 14:02:24 +0200 Subject: [PATCH] KRA Install: check replica file if contains req. certificates htt

[Freeipa-devel] [PATCH 0052] Create server-dns sub-package

Hello, Create server-dns sub-package. This allows us to automatically pull in package bind-pkcs11 and thus create upgrade path for on CentOS 7.1 -> 7.2. IPA previously had no requires on BIND packages and these had to be installed manually before first ipa-dns-install run. We need to pull additi

Re: [Freeipa-devel] [PATCHES 326-328] ID Views improvements

On 07/01/2015 12:50 PM, Alexander Bokovoy wrote: > On Thu, 28 May 2015, Tomas Babej wrote: >>> From c4ad3ba829ab2816c6ddb64da8d5c6ceb8789340 Mon Sep 17 00:00:00 2001 >> From: Tomas Babej >> Date: Wed, 27 May 2015 16:30:48 +0200 >> Subject: [PATCH] idviews: Remove ID overrides for permanently rem

Re: [Freeipa-devel] [PATCHES 448-460] Allow multiple API instances (take 2)

On 07/01/2015 09:30 AM, Jan Cholasta wrote: Dne 30.6.2015 v 12:37 Martin Babinsky napsal(a): On 06/24/2015 05:21 PM, Jan Cholasta wrote: Hi, the attached patches fix and . Honza Hi Honza, everyt

Re: [Freeipa-devel] [PATCHES 326-328] ID Views improvements

On Thu, 28 May 2015, Tomas Babej wrote: From c4ad3ba829ab2816c6ddb64da8d5c6ceb8789340 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 27 May 2015 16:30:48 +0200 Subject: [PATCH] idviews: Remove ID overrides for permanently removed users and groups For IPA users and groups we are able to

Re: [Freeipa-devel] [PATCHES 326-328] ID Views improvements

On Thu, 28 May 2015, Tomas Babej wrote: From 41f158cd2b18ee7007e5b1d9ee2e1e02e37512c5 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 27 May 2015 15:06:15 +0200 Subject: [PATCH] idviews: Allow users specify the raw anchor directly as identifier For various reasons, it can happen that the

Re: [Freeipa-devel] [PATCHES 0252-0253, 268, 50 - 51] DNSSEC: allow to move DNSSEC key master to another IPA server

On 1.7.2015 12:35, Martin Basti wrote: > On 30/06/15 22:09, Petr Spacek wrote: >> On 30.6.2015 16:04, Martin Basti wrote: >>> On 30/06/15 10:25, Martin Basti wrote: On 29/06/15 15:16, Martin Basti wrote: > On 25/06/15 13:46, Petr Spacek wrote: >> On 17.6.2015 13:37, Martin Basti wrote:

Re: [Freeipa-devel] [PATCHES 326-328] ID Views improvements

On Thu, 28 May 2015, Tomas Babej wrote: From 8acc50c10d9886668a0147b46f311f9aa83294bb Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 27 May 2015 14:31:13 +0200 Subject: [PATCH] idviews: Set dcerpc detection flag properly The availability of dcerpc bindings is being checked on the client

Re: [Freeipa-devel] [PATCHES 0252-0253, 268, 50 - 51] DNSSEC: allow to move DNSSEC key master to another IPA server

On 30/06/15 22:09, Petr Spacek wrote: On 30.6.2015 16:04, Martin Basti wrote: On 30/06/15 10:25, Martin Basti wrote: On 29/06/15 15:16, Martin Basti wrote: On 25/06/15 13:46, Petr Spacek wrote: On 17.6.2015 13:37, Martin Basti wrote: On 17/06/15 13:26, Petr Spacek wrote: On 16.6.2015 15:40,

Re: [Freeipa-devel] [PATCHES 326-328] ID Views improvements

On 05/28/2015 12:59 PM, Tomas Babej wrote: > Hi, > > this couple of patches improves ID Views and ID overrides handling. See > commit messages for details. > > Tomas > > > Bump. Can this sad, forgotten patch set get a review? -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0017] dirsrv crash on segment add if suffix does not exist

On 07/01/2015 12:11 PM, thierry bordaz wrote: > On 06/30/2015 04:50 PM, Ludwig Krispenz wrote: >> new patch attached >> >> On 06/30/2015 03:37 PM, thierry bordaz wrote: >>> On 06/30/2015 12:07 PM, Ludwig Krispenz wrote: added verification for issue reported in ticket 5088 and sanity che

Re: [Freeipa-devel] [PATCH] 0020..0022 pki-related upgrade fixes

On 07/01/2015 10:49 AM, Martin Basti wrote: > On 30/06/15 18:02, Fraser Tweedale wrote: >> On Mon, Jun 29, 2015 at 05:56:11PM +0200, Martin Basti wrote: >>> On 29/06/15 16:03, Fraser Tweedale wrote: On Thu, Jun 25, 2015 at 11:23:01AM +0200, Martin Basti wrote: > On 19/06/15 09:28, Fraser

Re: [Freeipa-devel] [PATCH 0046] DNSSEC: Store time & date key metadata in UTC

On 07/01/2015 10:37 AM, Martin Basti wrote: > On 30/06/15 14:36, Petr Spacek wrote: >> Hello, >> >> DNSSEC: Store time & date key metadata in UTC. >> >> OpenDNSSEC stores key metadata in local time zone but BIND needs >> timestamps in UTC. UTC will be stored in LDAP. >> >> https://fedorahosted.or

Re: [Freeipa-devel] [PATCH] 1114 don't rely on positional arguments in pykerberos calls

On 06/30/2015 01:37 PM, Tomas Babej wrote: > > > On 06/26/2015 05:56 PM, Rob Crittenden wrote: >> I'm working on rebasing python-kerberos (PyKerberos) in rawhide and when >> upstream accepted our patch which added the ability to pass in flags to >> authGSSClientInit() they changed the ordering su

Re: [Freeipa-devel] [PATCH 0017] dirsrv crash on segment add if suffix does not exist

On 06/30/2015 04:50 PM, Ludwig Krispenz wrote: new patch attached On 06/30/2015 03:37 PM, thierry bordaz wrote: On 06/30/2015 12:07 PM, Ludwig Krispenz wrote: added verification for issue reported in ticket 5088 and sanity checks requested in review for patch 0014 Hello, The fix looks goo

[Freeipa-devel] [PATCH 0018] allow deletion of segment, if not both nodes are managed

This fix allows the removal of segments, where not both endpoints of the segments are managed. These segments can exist after deliberately disconnecting a topology by removal of a central node, a fix to automatically remove dangling segments is in process, but it cannot handle all situations, es

Re: [Freeipa-devel] [PATCH 0050] Fix client ca.crt to match the server's cert

On 01/07/15 09:05, Martin Basti wrote: On 30/06/15 17:31, Gabe Alford wrote: On Tue, Jun 30, 2015 at 8:51 AM, Martin Basti > wrote: On 16/06/15 16:58, Gabe Alford wrote: I know you guys are busy. Bump for review. Thanks, Gabe On Tue, May 26, 201

Re: [Freeipa-devel] [PATCH] 0020..0022 pki-related upgrade fixes

On 30/06/15 18:02, Fraser Tweedale wrote: On Mon, Jun 29, 2015 at 05:56:11PM +0200, Martin Basti wrote: On 29/06/15 16:03, Fraser Tweedale wrote: On Thu, Jun 25, 2015 at 11:23:01AM +0200, Martin Basti wrote: On 19/06/15 09:28, Fraser Tweedale wrote: The attached patches fix upgrade issues whe

Re: [Freeipa-devel] [PATCH 0046] DNSSEC: Store time & date key metadata in UTC

On 30/06/15 14:36, Petr Spacek wrote: Hello, DNSSEC: Store time & date key metadata in UTC. OpenDNSSEC stores key metadata in local time zone but BIND needs timestamps in UTC. UTC will be stored in LDAP. https://fedorahosted.org/freeipa/ticket/4657 ACK -- Martin Basti -- Manage your subscr

[Freeipa-devel] [PATCH 0272] Server upgrade: log more into debug log instead of info log

Update is logging too much info into info log. Patch attached. -- Martin Basti From 9af056e70bc8ea3a0aa50269e6e7fe7af174e68c Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 8 Jun 2015 17:33:11 +0200 Subject: [PATCH] Server Upgrade: use debug log level for upgrade instead of info Upgra

Re: [Freeipa-devel] [PATCH] 886-890 webui: API browser

On 06/30/2015 06:35 PM, Petr Vobornik wrote: > First part of API Browser - displaying the metadata in more consumable way. > > Second part, how to use it in different languages will be written as wiki > pages > first. > > The browser could be later enhanced with more infos and tooltips. > > Pat

Re: [Freeipa-devel] [PATCH 0050] Fix client ca.crt to match the server's cert

On 30/06/15 17:31, Gabe Alford wrote: On Tue, Jun 30, 2015 at 8:51 AM, Martin Basti > wrote: On 16/06/15 16:58, Gabe Alford wrote: I know you guys are busy. Bump for review. Thanks, Gabe On Tue, May 26, 2015 at 8:16 AM, Gabe Alford mailto:red