Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On Wed, Jun 15, 2016 at 07:30:26AM +0200, Jan Cholasta wrote: > On 15.6.2016 04:02, Fraser Tweedale wrote: > > On Tue, Jun 14, 2016 at 03:21:24PM +0200, Martin Babinsky wrote: > > > On 06/14/2016 04:55 AM, Fraser Tweedale wrote: > > > > On Tue, Jun 14, 2016 at 02:19:27AM +1000, Fraser Tweedale wrot

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On 15.6.2016 04:02, Fraser Tweedale wrote: On Tue, Jun 14, 2016 at 03:21:24PM +0200, Martin Babinsky wrote: On 06/14/2016 04:55 AM, Fraser Tweedale wrote: On Tue, Jun 14, 2016 at 02:19:27AM +1000, Fraser Tweedale wrote: On Mon, Jun 13, 2016 at 04:35:54PM +0200, Martin Babinsky wrote: Hi Fras

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On Tue, Jun 14, 2016 at 03:21:24PM +0200, Martin Babinsky wrote: > On 06/14/2016 04:55 AM, Fraser Tweedale wrote: > > On Tue, Jun 14, 2016 at 02:19:27AM +1000, Fraser Tweedale wrote: > > > On Mon, Jun 13, 2016 at 04:35:54PM +0200, Martin Babinsky wrote: > > > > > > > > > > > > > > Hi Fraser, > > >

Re: [Freeipa-devel] Using JSON for tlog config files

On Tue, 2016-06-14 at 16:40 +0300, Nikolai Kondrashov wrote: > Hi everyone, > > Although this was mentioned several times before, I'd like to bring additional > attention to the idea of using config files written in JSON for tlog, because > there were some concerns over that being appropriate. Wh

Re: [Freeipa-devel] [PATCH] 0018-0030, 52 webui: add support for more certificates

On 05/13/2016 06:56 PM, Petr Vobornik wrote: On 04/26/2016 04:23 PM, Pavel Vomacka wrote: Self-NACK for patches 0027, 28, 29, 30 - used incorrect policy. I also attach all patches which were not changed - it is easier to get the whole patchset. On 04/26/2016 02:02 PM, Pavel Vomacka wrote: I

Re: [Freeipa-devel] [PATCH 0159-0160] emancipate IPA NTP service into role

On 14.06.2016 18:58, Martin Babinsky wrote: On 06/14/2016 05:06 PM, Martin Basti wrote: On 12.06.2016 17:37, Martin Babinsky wrote: These two patches turn oft-neglected ntp service into a full fledged role whose status can be queried centrally. They should also enable generation of location

Re: [Freeipa-devel] [PATCH 0159-0160] emancipate IPA NTP service into role

On 06/14/2016 05:06 PM, Martin Basti wrote: On 12.06.2016 17:37, Martin Babinsky wrote: These two patches turn oft-neglected ntp service into a full fledged role whose status can be queried centrally. They should also enable generation of location-specific _ntp._udp records. Please note that

Re: [Freeipa-devel] [PATCH] 0031 webui: add ability to review certificate request dialog

On 04/27/2016 09:25 AM, Pavel Vomacka wrote: > Hi > > please review the attached patch. > > Fixes this ticket: https://fedorahosted.org/freeipa/ticket/5652 > > -- > Pavel^3 Vomacka > > ACK master: * 8135651abb857fbe489a1de8aacad3747d7d5cc9 Add ability to review cert request dialog -- Petr

Re: [Freeipa-devel] [PATCH] 0045-47: webui: Sub-CAs

On 06/14/2016 10:17 AM, Pavel Vomacka wrote: > > > On 06/14/2016 06:42 AM, Fraser Tweedale wrote: >> On Mon, Jun 13, 2016 at 07:48:58PM +0200, Pavel Vomacka wrote: >>> >>> On 06/13/2016 06:55 AM, Fraser Tweedale wrote: On Fri, Jun 10, 2016 at 04:34:33PM +0200, Pavel Vomacka wrote: > Hell

Re: [Freeipa-devel] [PATCH] 0036-38 webui: Server roles

On 06/09/2016 05:39 PM, Pavel Vomacka wrote: > > > On 06/08/2016 04:09 PM, Petr Vobornik wrote: >> On 06/05/2016 07:22 PM, Pavel Vomacka wrote: >>> >>> On 06/03/2016 03:10 PM, Petr Vobornik wrote: On 06/02/2016 01:40 PM, Pavel Vomacka wrote: > Hello, > > please review my patches

Re: [Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

On 06/14/2016 09:25 AM, Stanislav Laznicka wrote: On 06/13/2016 02:51 PM, Martin Babinsky wrote: On 06/07/2016 10:14 AM, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5775 Umm, wouldn't it be better to augment the `Service.start()/restart()` methods themselves with param

[Freeipa-devel] [PATCH 0424-0426] Fix subtle bugs in event processing

Hello, these three bugs were found accidentally while analyzing requirements for https://fedorahosted.org/bind-dyndb-ldap/ticket/125 All three should go to master before the release because they were source of subtle bugs. -- Petr^2 Spacek From 578e72ffa221f320acfa1a4f7eadb8d97996476f Mon Sep 1

Re: [Freeipa-devel] [PATCH 0159-0160] emancipate IPA NTP service into role

On 12.06.2016 17:37, Martin Babinsky wrote: These two patches turn oft-neglected ntp service into a full fledged role whose status can be queried centrally. They should also enable generation of location-specific _ntp._udp records. Please note that NTP is LDAP-enabled by additional call afte

Re: [Freeipa-devel] [PATCH] 0206 adtrust optimize forest root LDAP filter

On Tue, 07 Jun 2016, Alexander Bokovoy wrote: Hi, `ipa trust-find' command should only show trusted forest root domains The child domains should be visible via ipa trustdomain-find forest.root The difference between forest root (or external domain) and child domains is that root domain gets

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 14.6.2016 16:35, Martin Basti wrote: On 14.06.2016 16:37, Jan Cholasta wrote: On 14.6.2016 16:29, Martin Basti wrote: On 08.06.2016 14:17, Stanislav Laznicka wrote: On 06/07/2016 10:42 AM, Martin Basti wrote: On 07.06.2016 10:43, Jan Cholasta wrote: On 7.6.2016 10:22, Martin Basti w

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 14.06.2016 16:37, Jan Cholasta wrote: On 14.6.2016 16:29, Martin Basti wrote: On 08.06.2016 14:17, Stanislav Laznicka wrote: On 06/07/2016 10:42 AM, Martin Basti wrote: On 07.06.2016 10:43, Jan Cholasta wrote: On 7.6.2016 10:22, Martin Basti wrote: On 07.06.2016 09:07, Jan Cholast

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 14.6.2016 16:29, Martin Basti wrote: On 08.06.2016 14:17, Stanislav Laznicka wrote: On 06/07/2016 10:42 AM, Martin Basti wrote: On 07.06.2016 10:43, Jan Cholasta wrote: On 7.6.2016 10:22, Martin Basti wrote: On 07.06.2016 09:07, Jan Cholasta wrote: On 6.6.2016 18:29, Martin Basti wr

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 08.06.2016 14:17, Stanislav Laznicka wrote: On 06/07/2016 10:42 AM, Martin Basti wrote: On 07.06.2016 10:43, Jan Cholasta wrote: On 7.6.2016 10:22, Martin Basti wrote: On 07.06.2016 09:07, Jan Cholasta wrote: On 6.6.2016 18:29, Martin Basti wrote: On 03.06.2016 14:28, Stanislav La

Re: [Freeipa-devel] [PATCH 0041] Increase nsslapd-db-locks

On 09.06.2016 12:42, Stanislav Laznicka wrote: On 06/07/2016 08:56 AM, thierry bordaz wrote: On 06/06/2016 07:23 PM, Martin Basti wrote: On 03.06.2016 13:38, Stanislav Laznicka wrote: Hello, The attached patch implements solution to https://fedorahosted.org/freeipa/ticket/5914. The pa

[Freeipa-devel] [IMPORTANT] regression in 389-ds-base-1.3.5.5-1.fc24 breaks replica install

Hi list, 389-ds-base-1.3.5.5-1.fc24 package in Fedora updates-testing repo contains a fix for https://fedorahosted.org/389/ticket/48755 which most likely breaks FreeIPA replica installation during total update. Please downgrade this package (and 389-ds-base-libs) to the latest working versio

[Freeipa-devel] Using JSON for tlog config files

Hi everyone, Although this was mentioned several times before, I'd like to bring additional attention to the idea of using config files written in JSON for tlog, because there were some concerns over that being appropriate. Tlog is a terminal I/O recording package [1], with primary purpose of se

Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On 06/14/2016 04:55 AM, Fraser Tweedale wrote: On Tue, Jun 14, 2016 at 02:19:27AM +1000, Fraser Tweedale wrote: On Mon, Jun 13, 2016 at 04:35:54PM +0200, Martin Babinsky wrote: Hi Fraser, during functional review I found the following issues: 1.) If I create a CAACL rule tied to a specific

Re: [Freeipa-devel] bind-dyndb-ldap 10.0 development status (related to FreeIPA 4.4)

On 11.6.2016 21:22, Petr Spacek wrote: > Hello, > > bind-dyndb-ldap 10.0 alpha 1 is available for testing (finally). > > AFAIK it implements all the critical functionality for FreeIPA 4.4, namely > RecordGenerator & default TTL support necessary for FreeIPA DNS locations. > > > Limitations > ==

[Freeipa-devel] [Design Review Request] V4/Automatic_Certificate_Request_Generation

Hello all, I have written up a design proposal for making certificate requests easier to generate when using alternate certificate profiles: http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation. The use case for this is described in https://fedorahosted.org/freeipa/ticket/4

Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree

On Tue, 14 Jun 2016, thierry bordaz wrote: From ac6c0617f618fc609df93dc18ec25255484b533d Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Fri, 10 Jun 2016 15:34:40 +0200 Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop plugin ipapwd_extop allows to update the passwor

Re: [Freeipa-devel] [PATCH 0501] Revert: switch /usr/bin/ipa to python3

On 14.06.2016 13:05, Martin Babinsky wrote: On 06/14/2016 11:56 AM, Martin Basti wrote: On 14.06.2016 10:14, Martin Basti wrote: On 10.06.2016 10:57, Martin Basti wrote: On 10.06.2016 06:17, Jan Cholasta wrote: On 9.6.2016 20:57, Martin Basti wrote: Py3 support was enabled prematurel

Re: [Freeipa-devel] [PATCH 0501] Revert: switch /usr/bin/ipa to python3

On 06/14/2016 11:56 AM, Martin Basti wrote: On 14.06.2016 10:14, Martin Basti wrote: On 10.06.2016 10:57, Martin Basti wrote: On 10.06.2016 06:17, Jan Cholasta wrote: On 9.6.2016 20:57, Martin Basti wrote: Py3 support was enabled prematurely, attached patches removes python3 from /usr/

Re: [Freeipa-devel] [PATCH 0494] Bump required version of pki-ca and pki-kra due bug in parsing '%' in DM password

On 02.06.2016 09:26, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5690 Patch attached You can ignore this patch, dogtag version has been bumped by different patch -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeip

Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree

On 06/13/2016 05:06 PM, Alexander Bokovoy wrote: On Mon, 13 Jun 2016, thierry bordaz wrote: From fff11869d8cf3dfe98471e018c10926fc23b13da Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Fri, 10 Jun 2016 15:34:40 +0200 Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-e

Re: [Freeipa-devel] [PATCH 0501] Revert: switch /usr/bin/ipa to python3

On 14.06.2016 10:14, Martin Basti wrote: On 10.06.2016 10:57, Martin Basti wrote: On 10.06.2016 06:17, Jan Cholasta wrote: On 9.6.2016 20:57, Martin Basti wrote: Py3 support was enabled prematurely, attached patches removes python3 from /usr/bin/ipa Notes: * ipa 4.3.x won't have enab

[Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate

On 21.4.2016 09:11, Jan Cholasta wrote: On 6.4.2016 15:46, Pavel Vomacka wrote: On 03/16/2016 01:50 PM, Jan Cholasta wrote: Hi, the attached patches implement the server-side part of . Honza Hi, thank you for the patches. I tested them and th

Re: [Freeipa-devel] [PATCH] 0045-47: webui: Sub-CAs

On 06/14/2016 06:42 AM, Fraser Tweedale wrote: On Mon, Jun 13, 2016 at 07:48:58PM +0200, Pavel Vomacka wrote: On 06/13/2016 06:55 AM, Fraser Tweedale wrote: On Fri, Jun 10, 2016 at 04:34:33PM +0200, Pavel Vomacka wrote: Hello, please review these new patches which add WebUI for Sub-CAs. h

Re: [Freeipa-devel] [PATCH 0501] Revert: switch /usr/bin/ipa to python3

On 10.06.2016 10:57, Martin Basti wrote: On 10.06.2016 06:17, Jan Cholasta wrote: On 9.6.2016 20:57, Martin Basti wrote: Py3 support was enabled prematurely, attached patches removes python3 from /usr/bin/ipa Notes: * ipa 4.3.x won't have enabled py3 * master (ipa 4.4+) will have disabl

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

On 14.06.2016 08:04, Stanislav Laznicka wrote: On 06/13/2016 10:15 AM, Petr Vobornik wrote: On 06/10/2016 06:31 PM, Stanislav Laznicka wrote: On 06/08/2016 02:06 PM, Florence Blanc-Renaud wrote: On 06/08/2016 10:07 AM, Petr Spacek wrote: On 7.6.2016 15:11, Stanislav Laznicka wrote: Hello,

Re: [Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

On 06/13/2016 02:51 PM, Martin Babinsky wrote: On 06/07/2016 10:14 AM, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5775 Umm, wouldn't it be better to augment the `Service.start()/restart()` methods themselves with parameters that will suppress exception raising and log