[Freeipa-devel] [PATCH] Allow ipa-getkeytab to find server name from config file

Fixes #2203 by reading the server name from /etc/ipa/default.conf if not provided on the command line. Simo. -- Simo Sorce * Red Hat, Inc * New York From 8dd8176147c46b2af559c61dec469dfff5b82059 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 23 Nov 2015 14:50:04 -0500

Re: [Freeipa-devel] [PATCH 0354] Remove forgotten print in DNS plugin

On 20.11.2015 14:37, Martin Basti wrote: > patch attached. Obvous ACK. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0042-0043 Avoid race condition in profile creation

On 23.11.2015 06:46, Fraser Tweedale wrote: The attached patch 0043 fixes #5269[1]: nondeterministic failure of certificate profile creation during ipa-server-install. [1] https://fedorahosted.org/freeipa/ticket/5269 The other patch 0042 is drive-by improvements of IPA install/upgrade logging

Re: [Freeipa-devel] [PATCH 0067, 0068] ipa-{cacert-renew, otptoken-import}: Fix connection to ldap.

On 23.11.2015 08:53, David Kupka wrote: On 20/11/15 08:29, Jan Cholasta wrote: On 19.11.2015 17:28, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5468 ipa-cacert-manage is not the only code which uses ldap2 this way. It would be better to find the root cause of this rather than

Re: [Freeipa-devel] [PATCH 0064] Check if IPA is configured before attempting a winsync migration

On 11/20/2015 07:10 PM, Gabe Alford wrote: Thanks. Updated patch attached. Gabe On Fri, Nov 20, 2015 at 10:36 AM, Martin Babinsky > wrote: On 11/20/2015 04:02 PM, Gabe Alford wrote: Hello, Fix for

Re: [Freeipa-devel] [PATCH] 0042-0043 Avoid race condition in profile creation

On 23.11.2015 10:04, Jan Cholasta wrote: On 23.11.2015 06:46, Fraser Tweedale wrote: The attached patch 0043 fixes #5269[1]: nondeterministic failure of certificate profile creation during ipa-server-install. [1] https://fedorahosted.org/freeipa/ticket/5269 The other patch 0042 is drive-by

[Freeipa-devel] [PATCH 0386] private_ccache: Harden the removal of KRB5CCNAME env variable

Hi, If the code within the private_ccache contextmanager does not set/removes the KRB5CCNAME, the pop method will raise KeyError, which will cause unnecessary termination of the code flow. Make sure the KRB5CCNAME is popped out of os.environ only if present. Tomas From

Re: [Freeipa-devel] [PATCH 0386] private_ccache: Harden the removal of KRB5CCNAME env variable

On 23.11.2015 12:53, Tomas Babej wrote: Hi, If the code within the private_ccache contextmanager does not set/removes the KRB5CCNAME, the pop method will raise KeyError, which will cause unnecessary termination of the code flow. Make sure the KRB5CCNAME is popped out of os.environ only if

Re: [Freeipa-devel] [PATCH 0386] private_ccache: Harden the removal of KRB5CCNAME env variable

On 11/23/2015 01:11 PM, Jan Cholasta wrote: > On 23.11.2015 12:53, Tomas Babej wrote: >> Hi, >> >> If the code within the private_ccache contextmanager does not >> set/removes the KRB5CCNAME, the pop method will raise KeyError, which >> will cause unnecessary termination of the code flow. >> >>

Re: [Freeipa-devel] [PATCH 0354] Remove forgotten print in DNS plugin

On 23.11.2015 09:10, Petr Spacek wrote: On 20.11.2015 14:37, Martin Basti wrote: patch attached. Obvous ACK. Pushed to master: bf654aee1ca339b7807e80bd6a8dd42b008553c9 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0102] update idrange tests to reflect disabled modification of local ID ranges

On 20.11.2015 18:41, Milan Kubík wrote: On 11/20/2015 04:06 PM, Martin Babinsky wrote: When I fixed https://fedorahosted.org/freeipa/ticket/4826 I forgot to fix the corresponding xmlrpc tests. This oversight bit me today when I ran in-tree tests on my VM. Here is the patch that makes

Re: [Freeipa-devel] [PATCH] First part of the replica promotion tests + testplan

On 09.11.2015 17:21, Martin Basti wrote: On 09.11.2015 15:09, Oleg Fayans wrote: Hi guys, Here are first two automated testcases from this (so far incomplete) testplan: http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan Testplan review is highly appreciated Hello, I did

Re: [Freeipa-devel] [PATCH 0386] private_ccache: Harden the removal of KRB5CCNAME env variable

On 11/23/2015 01:40 PM, Tomas Babej wrote: > > > On 11/23/2015 01:31 PM, Jan Cholasta wrote: >> On 23.11.2015 13:28, Tomas Babej wrote: >>> >>> >>> On 11/23/2015 01:11 PM, Jan Cholasta wrote: On 23.11.2015 12:53, Tomas Babej wrote: > Hi, > > If the code within the private_ccache

Re: [Freeipa-devel] [PATCH 0386] private_ccache: Harden the removal of KRB5CCNAME env variable

On 23.11.2015 13:40, Tomas Babej wrote: On 11/23/2015 01:31 PM, Jan Cholasta wrote: On 23.11.2015 13:28, Tomas Babej wrote: On 11/23/2015 01:11 PM, Jan Cholasta wrote: On 23.11.2015 12:53, Tomas Babej wrote: Hi, If the code within the private_ccache contextmanager does not set/removes

[Freeipa-devel] [PATCH 0385] replicainstall: Add possiblity to install client in one

Hi, this patch implements the single command replica promotion for #5310. Tomas https://fedorahosted.org/freeipa/ticket/5310 From 8dbb1f420533793f20160b7927e4a1e4d2bd9611 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Mon, 23 Nov 2015 12:46:15 +0100 Subject: [PATCH]

Re: [Freeipa-devel] [PATCH 0102] update idrange tests to reflect disabled modification of local ID ranges

On 11/20/2015 06:41 PM, Milan Kubík wrote: > On 11/20/2015 04:06 PM, Martin Babinsky wrote: >> When I fixed https://fedorahosted.org/freeipa/ticket/4826 I forgot to >> fix the corresponding xmlrpc tests. >> >> This oversight bit me today when I ran in-tree tests on my VM. >> >> Here is the patch

Re: [Freeipa-devel] [PATCH 0386] private_ccache: Harden the removal of KRB5CCNAME env variable

On 23.11.2015 13:28, Tomas Babej wrote: On 11/23/2015 01:11 PM, Jan Cholasta wrote: On 23.11.2015 12:53, Tomas Babej wrote: Hi, If the code within the private_ccache contextmanager does not set/removes the KRB5CCNAME, the pop method will raise KeyError, which will cause unnecessary

Re: [Freeipa-devel] [PATCH 0386] private_ccache: Harden the removal of KRB5CCNAME env variable

On 11/23/2015 01:31 PM, Jan Cholasta wrote: > On 23.11.2015 13:28, Tomas Babej wrote: >> >> >> On 11/23/2015 01:11 PM, Jan Cholasta wrote: >>> On 23.11.2015 12:53, Tomas Babej wrote: Hi, If the code within the private_ccache contextmanager does not set/removes the KRB5CCNAME,

Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package

NACK - there's a "typo" in /tracker/user_plugin.py, line 17-18: def get_user_dn(cn): return DN(('cn', cn), api.env.container_user, api.env.basedn) should be def get_user_dn(uid): return DN(('uid', uid), api.env.container_user, api.env.basedn) Some tests may fail because of

Re: [Freeipa-devel] [PATCH] 0044-0045 Add profiles and default CA ACL on migration

On 23.11.2015 06:54, Fraser Tweedale wrote: Hi all, The attached patches fix #5459[1]: Default CA ACL rule is not created during ipa-replica-install. These patches apply on branch ipa-4-2. There is a (trivial) conflict in imports when applying to master. When a patch does not apply cleanly

Re: [Freeipa-devel] [PATCH] 0748 Handle encoding for ipautil.run

On 23.11.2015 07:43, Jan Cholasta wrote: On 19.11.2015 00:55, Petr Viktorin wrote: On 11/03/2015 02:39 PM, Petr Viktorin wrote: Hello, Python 3's strings are Unicode, so data coming to or leaving a Python program needs to be decoded/encoded if it's to be handled as a string. One of the

Re: [Freeipa-devel] [PATCH 0386] private_ccache: Harden the removal of KRB5CCNAME env variable

On 11/23/2015 01:50 PM, Jan Cholasta wrote: > On 23.11.2015 13:40, Tomas Babej wrote: >> >> >> On 11/23/2015 01:31 PM, Jan Cholasta wrote: >>> On 23.11.2015 13:28, Tomas Babej wrote: On 11/23/2015 01:11 PM, Jan Cholasta wrote: > On 23.11.2015 12:53, Tomas Babej wrote: >>

Re: [Freeipa-devel] [PATCH 0064] Check if IPA is configured before attempting a winsync migration

On 11/23/2015 12:11 PM, Martin Babinsky wrote: > On 11/20/2015 07:10 PM, Gabe Alford wrote: >> Thanks. Updated patch attached. >> >> >> Gabe >> >> On Fri, Nov 20, 2015 at 10:36 AM, Martin Babinsky > > wrote: >> >> On 11/20/2015 04:02 PM, Gabe

Re: [Freeipa-devel] [PATCHES 151-153] ipasam: fix wrong usage of talloc_new()

On 11/18/2015 12:59 PM, Alexander Bokovoy wrote: > On Wed, 18 Nov 2015, Sumit Bose wrote: >> Hi, >> >> please find attached 3 small patches for ipasam. The first fixes >> https://fedorahosted.org/freeipa/ticket/5457 . The second is related >> because if the compat tree is enabled the lookup will

Re: [Freeipa-devel] [PATCH 0002] Refactor test_group_plugin

Found couple of issues (broke some dependencies). NACK F. On Fri, 20 Nov 2015 13:56:36 +0100 Filip Škola wrote: > Another one. > > F. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to

Re: [Freeipa-devel] [PATCH 0386] private_ccache: Harden the removal of KRB5CCNAME env variable

Tomas Babej wrote: > > > On 11/23/2015 01:50 PM, Jan Cholasta wrote: >> On 23.11.2015 13:40, Tomas Babej wrote: >>> >>> >>> On 11/23/2015 01:31 PM, Jan Cholasta wrote: On 23.11.2015 13:28, Tomas Babej wrote: > > > On 11/23/2015 01:11 PM, Jan Cholasta wrote: >> On 23.11.2015

Re: [Freeipa-devel] [PATCH 0067, 0068] ipa-{cacert-renew, otptoken-import}: Fix connection to ldap.

On 23/11/15 10:09, Jan Cholasta wrote: On 23.11.2015 08:53, David Kupka wrote: On 20/11/15 08:29, Jan Cholasta wrote: On 19.11.2015 17:28, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5468 ipa-cacert-manage is not the only code which uses ldap2 this way. It would be better to

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On 23.11.2015 15:34, Simo Sorce wrote: On Mon, 2015-11-23 at 08:54 +0100, Jan Cholasta wrote: On 20.11.2015 17:58, Simo Sorce wrote: On Fri, 2015-11-20 at 16:49 +0100, Jan Cholasta wrote: On 19.11.2015 17:43, Simo Sorce wrote: [..] On the patches -- 509: - commit says only: "aci: add IPA

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Mon, 2015-11-23 at 08:54 +0100, Jan Cholasta wrote: > On 20.11.2015 17:58, Simo Sorce wrote: > > On Fri, 2015-11-20 at 16:49 +0100, Jan Cholasta wrote: > >> On 19.11.2015 17:43, Simo Sorce wrote: > > [..] > >>> On the patches > >>> -- > >>> 509: > >>> - commit says only: "aci: add IPA servers

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote: > > Ad alternative is to add the host to ipaservers before the checks are > done and remove it again if any of them fail. Too error prone, I am ok with the current way in your patches until/unless I can think of a fail safe way. :-) Simo.

Re: [Freeipa-devel] [PATCH] Allow ipa-getkeytab to find server name from config file

On 23.11.2015 21:18, Simo Sorce wrote: Fixes #2203 by reading the server name from /etc/ipa/default.conf if not provided on the command line. Simo. Just a thought: it would be nice if we had libipaconfig and used it everywhere (the framework, ipa-getkeytab, certmonger, ...). I don't like

Re: [Freeipa-devel] [PATCH] 0044-0045 Add profiles and default CA ACL on migration

On Mon, Nov 23, 2015 at 10:05:32AM +0100, Jan Cholasta wrote: > On 23.11.2015 06:54, Fraser Tweedale wrote: > >Hi all, > > > >The attached patches fix #5459[1]: Default CA ACL rule is not > >created during ipa-replica-install. > > > >These patches apply on branch ipa-4-2. There is a (trivial) >

Re: [Freeipa-devel] [PATCH 0067, 0068] ipa-{cacert-renew, otptoken-import}: Fix connection to ldap.

On 23.11.2015 15:17, David Kupka wrote: On 23/11/15 10:09, Jan Cholasta wrote: On 23.11.2015 08:53, David Kupka wrote: On 20/11/15 08:29, Jan Cholasta wrote: On 19.11.2015 17:28, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5468 ipa-cacert-manage is not the only code which

Re: [Freeipa-devel] [PATCH 0002] Refactor test_group_plugin

Sending updated patch. F. On Mon, 23 Nov 2015 14:59:34 +0100 Filip Škola wrote: > Found couple of issues (broke some dependencies). > > NACK > > F. > > On Fri, 20 Nov 2015 13:56:36 +0100 > Filip Škola wrote: > > > Another one. > > > > F. > > >From

Re: [Freeipa-devel] [PATCH 0385] replicainstall: Add possiblity to install client in one

Hi, On 23.11.2015 12:50, Tomas Babej wrote: Hi, this patch implements the single command replica promotion for #5310. Tomas https://fedorahosted.org/freeipa/ticket/5310 1) ensure_enrolled() should be called from promote_check() after the client check is done: client_fstore =

[Freeipa-devel] [PATCH] Remove des3/arcfour from default enctypes

Note, this does not touch the trust code because apparently we use only arcfour there. CCing Alexander to give me a comment about that, probably worth opening a ticket specific to trusts. Otherwise addresses #4740 Simo. -- Simo Sorce * Red Hat, Inc * New York From

[Freeipa-devel] [IPAQE][REVIEW-REQUEST][TEST PLAN] Replica promotion

Hi all, Here is a draft of the Replica Promotion test plan http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel