[Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

Hi team, This patchset implements the 'ca' plugin for creating and managing lightweight sub-CAs, and updates the 'caacl' plugin and 'cert-request' command to support multiple CAs. A brief overview of the patches: 0059 'ca' plugin, associated schema changes and container objects, Dogtag REST

Re: [Freeipa-devel] V4/Sub-CAs review

On Mon, May 23, 2016 at 10:02:44AM +0200, Jan Cholasta wrote: > > > > > 2) > > > > > > > > > > It should be mentioned here that the primary CA is also handled by > > > > > this > > > > > plugin. > > > > > > > > > > I would like to propose

Re: [Freeipa-devel] [PATCH] 0052..0054 Configure lightweight CA key replication

Updated patches attached; comments inline. On Thu, May 05, 2016 at 04:52:29PM +1000, Fraser Tweedale wrote: > > I would rather add a new ACI than have one super-ACI for everything. That > > way you don't have to invent any complicated naming schemes *and* it will be > > more apparent what the ACI

Re: [Freeipa-devel] [PATCH] 0051 Allow CustodiaClient to be used by arbitrary principals

Updated patch attached; comments inline below. On Mon, Apr 25, 2016 at 07:55:46AM +0200, Jan Cholasta wrote: > I think it would be better to merge the `client` and `client_servicename` > into a single `client_principal` argument, as both of the arguments are used > only to specify the principal

Re: [Freeipa-devel] [PATCH 0036] Increased mod_wsgi socket-timeout

On 31.05.2016 09:41, Stanislav Laznicka wrote: On 05/30/2016 02:12 PM, Petr Spacek wrote: On 28.5.2016 15:59, Martin Basti wrote: On 27.05.2016 14:52, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5833 Is possible to remove timeout completely as it used to be before?

Re: [Freeipa-devel] [PATCH 0037] Added /etc/krb5.conf.d/ to krb5.conf

Alexander Bokovoy writes: > On Sat, 28 May 2016, Robbie Harwood wrote: >> Alexander Bokovoy writes: >>> On Fri, 27 May 2016, Robbie Harwood wrote: Stanislav Laznicka writes: > From: Stanislav Laznicka

Re: [Freeipa-devel] [Testplan Review]

On 05/23/2016 09:23 AM, Oleg Fayans wrote: > Hi Petr, > > The test plan is updated. Thanks, is it possible to number test cases? It is hard to refer to them without copying the full name. 1. first test case: `ipa host-find` will show the host entry, but cert will be revoked and kerb key

Re: [Freeipa-devel] [Testplan Review] Server Roles

On 05/25/2016 04:14 PM, Oleg Fayans wrote: > Hi guys. Here is a rather schematic (as neither the feature not the > design document is not complete) of the server roles testplan. Could you > please review it and tell me what is missing? > > http://www.freeipa.org/page/V4/Server_Roles/Test_Plan >

Re: [Freeipa-devel] [Testplan] Thin client

On 05/31/2016 03:30 PM, Lenka Doudova wrote: > Hi all, > > here's [1] a draft of test plan for V4 RFE Thin client. > > Please review this and let me know if there's something missing or wrong. > > > Thanks, > > Lenka > > > [1] http://www.freeipa.org/page/V4/Thin_Client/Test_Plan > Hi

[Freeipa-devel] [PATCH 0038] Reduced time for IO blocking of DS

Hello, This is a fix to https://fedorahosted.org/freeipa/ticket/5383. From the comments I am not sure if nsslapd-idletimeout should be reduced as well. If so, could you please propose a value that you find reasonable? Thanks, Standa From 812566cc687fedc1df2f00950440e9e7abd67d99 Mon Sep 17

Re: [Freeipa-devel] [PATCH 0033] Fix CA being presented as running even if it weren't

On 05/31/2016 11:40 AM, Stanislav Laznicka wrote: On 05/31/2016 10:22 AM, Stanislav Laznicka wrote: On 05/30/2016 12:54 PM, Jan Cholasta wrote: On 30.5.2016 12:36, Martin Basti wrote: On 26.05.2016 19:31, Stanislav Laznicka wrote: Self NACK. I should not post patches when tired, sorry.

Re: [Freeipa-devel] [PATCH 0093] Enable service authentication indicator management

On Tue, 2016-05-31 at 15:25 +0200, Petr Vobornik wrote: > On 05/31/2016 02:49 PM, Nathaniel McCallum wrote: > > On Mon, 2016-05-30 at 19:08 +0300, Alexander Bokovoy wrote: > > > On Mon, 30 May 2016, Petr Vobornik wrote: > > > > On 05/27/2016 06:00 PM, Nathaniel McCallum wrote: > > > > > Pavel,

Re: [Freeipa-devel] Provisioning throughput

On 05/31/2016 02:02 PM, Petr Vobornik wrote: On 05/04/2016 02:20 PM, thierry bordaz wrote: Hello, I have been doing some tests/measures using https://github.com/freeipa/freeipa-tools/blob/master/create-test-data.py. The tool creates a set of typical users/hosts/groups... to

[Freeipa-devel] [Testplan] Authentication indicators

Hi all, here's [1] a draft of test plan for V4 RFE Authentication Indicators. Please review this and let me know if there's something missing or wrong. Thanks, Lenka [1] http://www.freeipa.org/page/V4/Authentication_Indicators/Test_Plan -- Manage your subscription for the Freeipa-devel

[Freeipa-devel] [Testplan] Thin client

Hi all, here's [1] a draft of test plan for V4 RFE Thin client. Please review this and let me know if there's something missing or wrong. Thanks, Lenka [1] http://www.freeipa.org/page/V4/Thin_Client/Test_Plan -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0093] Enable service authentication indicator management

On 05/31/2016 02:49 PM, Nathaniel McCallum wrote: > On Mon, 2016-05-30 at 19:08 +0300, Alexander Bokovoy wrote: >> On Mon, 30 May 2016, Petr Vobornik wrote: >>> On 05/27/2016 06:00 PM, Nathaniel McCallum wrote: Pavel, since we made the change here from a StrEnum to a Str, we need to

Re: [Freeipa-devel] [PATCH 0093] Enable service authentication indicator management

On Mon, 2016-05-30 at 19:08 +0300, Alexander Bokovoy wrote: > On Mon, 30 May 2016, Petr Vobornik wrote: > > On 05/27/2016 06:00 PM, Nathaniel McCallum wrote: > > > Pavel, since we made the change here from a StrEnum to a Str, we > > > need > > > to update the UI patch accordingly. > > > > How

Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches

On 31.05.2016 14:08, Martin Babinsky wrote: On 05/31/2016 01:57 PM, Martin Basti wrote: On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@

Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches

On 05/31/2016 01:57 PM, Martin Basti wrote: On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def

Re: [Freeipa-devel] Provisioning throughput

On 05/04/2016 02:20 PM, thierry bordaz wrote: > Hello, > > I have been doing some tests/measures using > https://github.com/freeipa/freeipa-tools/blob/master/create-test-data.py. > The tool creates a set of typical users/hosts/groups... to import with a > ldapadd. > > I wrote

Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches

On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host):

Re: [Freeipa-devel] [PATCH 0486, 0487] Update zanata config

On 31.05.2016 13:46, Martin Basti wrote: On 31.05.2016 13:04, Martin Babinsky wrote: On 05/26/2016 04:52 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5915 Patches attached ACK. Even better patches attached. Wrong thread :D The original patches were pushed

Re: [Freeipa-devel] [PATCH 0486, 0487] Update zanata config

On 31.05.2016 13:04, Martin Babinsky wrote: On 05/26/2016 04:52 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5915 Patches attached ACK. Even better patches attached. From 1918df3017504354834c9175faf8d09108feb07a Mon Sep 17 00:00:00 2001 From: Martin Basti

Re: [Freeipa-devel] [PATCH 0486, 0487] Update zanata config

On 05/26/2016 04:52 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5915 Patches attached ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches

On 31.05.2016 12:44, Martin Babinsky wrote: On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host):

Re: [Freeipa-devel] [PATCH 0488-0489] Perfomance: membership processing related patches

On 05/28/2016 01:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4995 Patches attached Hi, PATCH 0488: LGTM PATCH 0489: @@ -996,10 +997,10 @@ def check_deleted_segments(hostname, masters, topo_errors, starting_host): i = 0 while True:

Re: [Freeipa-devel] [PATCH 0033] Fix CA being presented as running even if it weren't

On 05/31/2016 10:22 AM, Stanislav Laznicka wrote: On 05/30/2016 12:54 PM, Jan Cholasta wrote: On 30.5.2016 12:36, Martin Basti wrote: On 26.05.2016 19:31, Stanislav Laznicka wrote: Self NACK. I should not post patches when tired, sorry. Minor fix is attached. On 05/26/2016 07:21 PM,

Re: [Freeipa-devel] [PATCH 0033] Fix CA being presented as running even if it weren't

On 05/30/2016 12:54 PM, Jan Cholasta wrote: On 30.5.2016 12:36, Martin Basti wrote: On 26.05.2016 19:31, Stanislav Laznicka wrote: Self NACK. I should not post patches when tired, sorry. Minor fix is attached. On 05/26/2016 07:21 PM, Stanislav Laznicka wrote: Hello, Please, see the

Re: [Freeipa-devel] [PATCH 0036] Increased mod_wsgi socket-timeout

On 05/30/2016 02:12 PM, Petr Spacek wrote: On 28.5.2016 15:59, Martin Basti wrote: On 27.05.2016 14:52, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5833 Is possible to remove timeout completely as it used to be before? Even if this timeout is exceeded, command