Re: [Freeipa-devel] IPA 3.0 migrated to 4.1 users break winsync agreement when deleted in active directory

Can confirm, works well for me too. Thanks! On 09/10/2015 05:06 PM, Petr Vobornik wrote: On 09/10/2015 05:00 PM, Rob Crittenden wrote: Martin Kosek wrote: Hmm, does this mean we need to update our HowTo on migrating FreeIPA to FreeIPA via migrate-ds? It is already quite long command, mostly du

Re: [Freeipa-devel] [PATH 0053] Inconsistency between ipasearchrecordslimit and --sizelimit

Oops.. replied without the list. Reason I said -1 is because users might be confused if they enter `ipa config-mod --searchtimelimit=0`, and both `ipa user-show` and the webui show -1 instead of 0. I wonder if -1 makes more sense in that regard? Thoughts? Does "<= 0 is unlimited" make more sense?

[Freeipa-devel] [PATCH 0314] Server Upgrade: backup CS.cfg when dogtag is turnend off

https://fedorahosted.org/freeipa/ticket/5287 Patch attached. From ea3ccb19cf326efb1a2f6cb44d9047d0169b6643 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 10 Sep 2015 18:46:00 +0200 Subject: [PATCH] Server Upgrade: backup CS.cfg when dogtag is turned off Is unable to made CS.cfg when dog

Re: [Freeipa-devel] INFO: CA ACL test and kerberos usage in functional tests

On 09/10/2015 06:36 PM, Alexander Bokovoy wrote: On Thu, 10 Sep 2015, Milan Kubík wrote: Hi list, before my PTO, I was trying to write a functional test for CA ACLs with the tracker along all other acceptance/functional tests. I wasn't successful, the approach doesn't seem to work for CA ACL

Re: [Freeipa-devel] INFO: CA ACL test and kerberos usage in functional tests

On Thu, 10 Sep 2015, Milan Kubík wrote: Hi list, before my PTO, I was trying to write a functional test for CA ACLs with the tracker along all other acceptance/functional tests. I wasn't successful, the approach doesn't seem to work for CA ACLs as they have specific requirements for kerberos

[Freeipa-devel] INFO: CA ACL test and kerberos usage in functional tests

Hi list, before my PTO, I was trying to write a functional test for CA ACLs with the tracker along all other acceptance/functional tests. I wasn't successful, the approach doesn't seem to work for CA ACLs as they have specific requirements for kerberos credentials that none of my attempts wer

[Freeipa-devel] [PATCH 0313] IPA Restore: allow to specify dirs/files which should be removed before restore

https://fedorahosted.org/freeipa/ticket/5293 Patch attached. From 1436a83909d808e7f81e91dc2d992b8f1e39ed84 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 10 Sep 2015 16:35:54 +0200 Subject: [PATCH] IPA Restore: allows to specify files that should be removed Some files/directories should

Re: [Freeipa-devel] IPA 3.0 migrated to 4.1 users break winsync agreement when deleted in active directory

On 09/10/2015 05:00 PM, Rob Crittenden wrote: Martin Kosek wrote: Hmm, does this mean we need to update our HowTo on migrating FreeIPA to FreeIPA via migrate-ds? It is already quite long command, mostly due to the need of removing Kerberos attributes: http://www.freeipa.org/page/Howto/Migration

Re: [Freeipa-devel] IPA 3.0 migrated to 4.1 users break winsync agreement when deleted in active directory

Martin Kosek wrote: > Hmm, does this mean we need to update our HowTo on migrating FreeIPA to > FreeIPA > via migrate-ds? It is already quite long command, mostly due to the need of > removing Kerberos attributes: > > http://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_Fre

Re: [Freeipa-devel] IPA 3.0 migrated to 4.1 users break winsync agreement when deleted in active directory

Hmm, does this mean we need to update our HowTo on migrating FreeIPA to FreeIPA via migrate-ds? It is already quite long command, mostly due to the need of removing Kerberos attributes: http://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA Martin On 09/09/2015 09:40

Re: [Freeipa-devel] [PATH 0053] Inconsistency between ipasearchrecordslimit and --sizelimit

I'm not sure about that, I think it should still say 0, because that's what we want to use as the unlimited value. If you insist on including -1 in the docs, maybe we can say "<= 0 is unlimited"? On 10.9.2015 16:08, Gabe Alford wrote: Makes sense. I also changed the doc string to reflect -1 as

Re: [Freeipa-devel] [PATH 0053] Inconsistency between ipasearchrecordslimit and --sizelimit

Makes sense. I also changed the doc string to reflect -1 as well. Updated patch attached. Thanks, Gabe On Thu, Sep 10, 2015 at 1:41 AM, Jan Cholasta wrote: > On 4.9.2015 14:43, Gabe Alford wrote: > >> Bump for review. >> >> On Wed, Aug 12, 2015 at 9:32 AM, Gabe Alford >

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

On 2015-09-10 14:58, Rob Crittenden wrote: > Christian Heimes wrote: >> The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly. >> A timeout does no longer result into an Apache startup error. >> >> https://fedorahosted.org/freeipa/ticket/5292 >> >> >> >> > > > Since this is rela

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

Christian Heimes wrote: > The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly. > A timeout does no longer result into an Apache startup error. > > https://fedorahosted.org/freeipa/ticket/5292 > > > > Since this is related to IPA not being configured yet would it make sens

Re: [Freeipa-devel] cert profiles - test plan + patches

On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the pr

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

On 09/10/2015 01:29 PM, Martin Basti wrote: ACK On 09/10/2015 11:58 AM, Christian Heimes wrote: The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly. A timeout does no longer result into an Apache startup error. https://fedorahosted.org/freeipa/ticket/5292 Pushed

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

ACK On 09/10/2015 11:58 AM, Christian Heimes wrote: The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly. A timeout does no longer result into an Apache startup error. https://fedorahosted.org/freeipa/ticket/5292 -- Manage your subscription for the Freeipa-devel mailin

[Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly. A timeout does no longer result into an Apache startup error. https://fedorahosted.org/freeipa/ticket/5292 From 7ae756234534f0c6e750b5820733c6c5cb0682c6 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 10 Sep 201

Re: [Freeipa-devel] [PATCH 0312] CI: extend backup restore tests with DNS/DNSSEC

Self NACK On 09/10/2015 10:21 AM, Martin Basti wrote: Patch attached. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0312] CI: extend backup restore tests with DNS/DNSSEC

Patch attached. From 43df42f7659e25c38ad83ebf11777d4c103ceeec Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 8 Sep 2015 13:08:31 +0200 Subject: [PATCH] backup CI: test DNS/DNSSEC after backup and restore --- ipatests/test_integration/tasks.py | 23 ++ .../test_integr

Re: [Freeipa-devel] [PATH 0053] Inconsistency between ipasearchrecordslimit and --sizelimit

On 4.9.2015 14:43, Gabe Alford wrote: Bump for review. On Wed, Aug 12, 2015 at 9:32 AM, Gabe Alford mailto:redhatri...@gmail.com>> wrote: On Tue, Aug 11, 2015 at 1:34 AM, Jan Cholasta mailto:jchol...@redhat.com>> wrote: On 6.8.2015 21:43, Gabe Alford wrote: Hello,