Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On 13.6.2016 08:59, Jan Cholasta wrote: On 13.6.2016 08:38, Fraser Tweedale wrote: On Fri, Jun 10, 2016 at 12:48:00AM +1000, Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 12:36:35PM +0200, Jan Cholasta wrote: On 9.6.2016 11:10, Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 10:12:40AM +0200,

[Freeipa-devel] [PATCH 0023][Tests] Fix frontend tests - #5987

Hi, I've made patch to fix for https://fedorahosted.org/freeipa/ticket/5987. Please note, that this patch must be applied on top on my patch no. 0018, which provides other fixes on the same file (and same test). Lenka From ef04d8d013643fd5d2a0a7de32ab23686e46531d Mon Sep 17 00:00:00 2001 Fr

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

Florence Blanc-Renaud wrote: Hi all, thanks for your suggestions. Updated patch attached. Flo. The invocation in ipactl should say server, not client. Otherwise LGTM (untested). rob -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/free

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

On 06/27/2016 03:55 PM, Rob Crittenden wrote: Petr Spacek wrote: On 27.6.2016 08:38, Florence Blanc-Renaud wrote: Hi, this fix is a port of Bug 1131570 - Do not allow IdM server/replica/client installation in a FIPS-140 mode It prevents installation of FreeIPA if the host is fips-enabled. htt

Re: [Freeipa-devel] Broken pki 10.3.3-1 packages in freeipa-master COPR

On (27/06/16 17:55), Milan Kubík wrote: >Hi all, > >the pki packages that are currently in the COPR repo [1] are broken. There is >a conflict between pki-server and pki-base: > >Error: Transaction check error: > file /usr/lib/python2.7/site-packages/pki/server/deployment/pkiparser.pyc > from inst

Re: [Freeipa-devel] [WIP] Automatic CSR generation - first steps

My email client is playing tricks on me - https://github.com/LiptonB/freeipa/pull/2 is the correct link. On 06/27/2016 01:14 PM, Ben Lipton wrote: Hi, I have implemented the core functionality of the automatic CSR generation design (http://www.freeipa.org/page/V4/Automatic_Certificate_Reque

[Freeipa-devel] [WIP] Automatic CSR generation - first steps

Hi, I have implemented the core functionality of the automatic CSR generation design (http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation). The code (which should be considered a work in progress) is available at https://github.com/LiptonB/freeipa/pull/2, please take a loo

[Freeipa-devel] Broken pki 10.3.3-1 packages in freeipa-master COPR

Hi all, the pki packages that are currently in the COPR repo [1] are broken. There is a conflict between pki-server and pki-base: Error: Transaction check error: file /usr/lib/python2.7/site-packages/pki/server/deployment/pkiparser.pyc from install of pki-server-10.3.3-1.fc24.noarch conflic

[Freeipa-devel] [PATCH] 0064: webui: simplify confirmation messages in confirmation dialogs

Hello, Please review attached patch which simplifies confirmation messages for 'remove cert hold' and 'restore cert' actions. -- Pavel^3 Vomacka From d3d10e8481be242dac5f66cc1ba6c622696a6758 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Mon, 27 Jun 2016 17:35:31 +0200 Subject: [PATCH 2/

Re: [Freeipa-devel] [PATCH] 0061: webui: Add support for 'dns_update_system_records' command

On 06/23/2016 04:58 PM, Petr Vobornik wrote: On 06/23/2016 04:34 PM, Martin Basti wrote: On 23.06.2016 09:57, Pavel Vomacka wrote: Hello, please review attached patch. Part of: https://fedorahosted.org/freeipa/ticket/5905 Works for me In this patch and also in some other(cert patches

Re: [Freeipa-devel] [WIP] Thin client

On 27.6.2016 14:55, David Kupka wrote: On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review. The re

Re: [Freeipa-devel] [PATCH] 0058 WebUI: certificate widget on ID override user page

On 06/23/2016 04:25 PM, Petr Vobornik wrote: On 06/20/2016 06:54 PM, Pavel Vomacka wrote: Hello, please review attached patch. https://fedorahosted.org/freeipa/ticket/5926 1. I'm not sure whether to include the certificate field in the adder dialog. But if so then it is not good that it ac

Re: [Freeipa-devel] [PATCH 0167] test_serverroles: ensure that test API is initialized with correct ldap_uri

On 06/27/2016 02:04 PM, Martin Babinsky wrote: Makes the test suite play nice with others during CI. https://fedorahosted.org/freeipa/ticket/6000 ACK, thank you! Lenka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Cont

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

Gabe Alford wrote: On Mon, Jun 27, 2016 at 12:38 AM, Florence Blanc-Renaud mailto:fren...@redhat.com>> wrote: Hi, this fix is a port of Bug 1131570 - Do not allow IdM server/replica/client installation in a FIPS-140 mode It prevents installation of FreeIPA if the host is fips-en

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

Petr Spacek wrote: On 27.6.2016 08:38, Florence Blanc-Renaud wrote: Hi, this fix is a port of Bug 1131570 - Do not allow IdM server/replica/client installation in a FIPS-140 mode It prevents installation of FreeIPA if the host is fips-enabled. https://fedorahosted.org/freeipa/ticket/5761 free

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

On Mon, Jun 27, 2016 at 12:38 AM, Florence Blanc-Renaud wrote: > Hi, > > this fix is a port of Bug 1131570 - Do not allow IdM server/replica/client > installation in a FIPS-140 mode > It prevents installation of FreeIPA if the host is fips-enabled. > > https://fedorahosted.org/freeipa/ticket/5761

Re: [Freeipa-devel] [PATCH] 0018-0030, 52 webui: add support for more certificates

On 06/23/2016 03:17 PM, Petr Vobornik wrote: comments inline On 06/20/2016 02:37 PM, Pavel Vomacka wrote: On 06/14/2016 09:41 PM, Pavel Vomacka wrote: On 05/13/2016 06:56 PM, Petr Vobornik wrote: On 04/26/2016 04:23 PM, Pavel Vomacka wrote: Self-NACK for patches 0027, 28, 29, 30 - used i

Re: [Freeipa-devel] [WIP] Thin client

On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review. The rest is subject to change (WARNING: I will

Re: [Freeipa-devel] [PATCH] 0079 Set default OCSP URI on install and upgrade

On 27.06.2016 14:10, Fraser Tweedale wrote: On Mon, Jun 27, 2016 at 02:02:15PM +0200, Martin Basti wrote: On 27.06.2016 13:58, Fraser Tweedale wrote: Hi all, The attached patch fixes the OCSP URI in the Dogtag CA and system certificates (https://fedorahosted.org/freeipa/ticket/5956). It de

Re: [Freeipa-devel] [PATCH] 0079 Set default OCSP URI on install and upgrade

On Mon, Jun 27, 2016 at 02:02:15PM +0200, Martin Basti wrote: > > > On 27.06.2016 13:58, Fraser Tweedale wrote: > > Hi all, > > > > The attached patch fixes the OCSP URI in the Dogtag CA and system > > certificates (https://fedorahosted.org/freeipa/ticket/5956). It > > depends on a patch[1] for

[Freeipa-devel] [PATCH 0167] test_serverroles: ensure that test API is initialized with correct ldap_uri

Makes the test suite play nice with others during CI. https://fedorahosted.org/freeipa/ticket/6000 -- Martin^3 Babinsky From c3443cd12e6fdb9e29033c5395146114d5f7 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Mon, 27 Jun 2016 13:44:17 +0200 Subject: [PATCH] test_serverroles: ensure th

Re: [Freeipa-devel] [PATCH 0138] replica-install: Compare domain names as DNS names and not string

On 27.06.2016 14:02, Petr Spacek wrote: On 27.6.2016 11:20, Petr Spacek wrote: On 27.6.2016 10:30, Martin Basti wrote: On 23.06.2016 18:32, Petr Spacek wrote: Hello, replica-install: Compare domain names as DNS names and not strings This fixes false possitive where user inputs "example.co

Re: [Freeipa-devel] [PATCH] 0079 Set default OCSP URI on install and upgrade

On 27.06.2016 13:58, Fraser Tweedale wrote: Hi all, The attached patch fixes the OCSP URI in the Dogtag CA and system certificates (https://fedorahosted.org/freeipa/ticket/5956). It depends on a patch[1] for Dogtag which is expected to be released in v10.3.4. In the meantime, you can test wi

Re: [Freeipa-devel] [PATCH 0138] replica-install: Compare domain names as DNS names and not string

On 27.6.2016 11:20, Petr Spacek wrote: > On 27.6.2016 10:30, Martin Basti wrote: >> > >> > >> > On 23.06.2016 18:32, Petr Spacek wrote: >>> >> Hello, >>> >> >>> >> replica-install: Compare domain names as DNS names and not strings >>> >> >>> >> This fixes false possitive where user inputs "exampl

[Freeipa-devel] [PATCH] 0079 Set default OCSP URI on install and upgrade

Hi all, The attached patch fixes the OCSP URI in the Dogtag CA and system certificates (https://fedorahosted.org/freeipa/ticket/5956). It depends on a patch[1] for Dogtag which is expected to be released in v10.3.4. In the meantime, you can test with the build of v10.3.4 from my COPR[2]. [1] ht

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

Hi guys, Is there a chance the patches NN 0047.1 and 0048.1 get reviewed before 4.4 release? They cover a good part of the Managed Topology 4.4 feature. On 06/17/2016 11:18 AM, Oleg Fayans wrote: > One more test was added to the patch-0048 > > On 06/17/2016 09:43 AM, Oleg Fayans wrote: >> Fixed

Re: [Freeipa-devel] [PATCH 0165] keep setting ipakrbprincipal objectclass on new service entries

On 27.06.2016 13:02, Petr Spacek wrote: On 27.6.2016 12:42, Martin Basti wrote: On 27.06.2016 09:39, Martin Babinsky wrote: On 06/27/2016 07:56 AM, Martin Babinsky wrote: On 06/24/2016 04:07 PM, Martin Babinsky wrote: This patch reverts commits 705f66f7490c64de1adc129221b31927616c485 and 0

Re: [Freeipa-devel] [PATCH 0538-0540] DNS locations: epilogue

On 27.06.2016 13:25, Petr Spacek wrote: On 27.6.2016 11:43, Martin Basti wrote: On 27.06.2016 10:56, Petr Spacek wrote: On 24.6.2016 12:25, Martin Basti wrote: On 23.06.2016 18:26, Petr Spacek wrote: On 23.6.2016 16:38, Martin Basti wrote: Patches attached. https://fedorahosted.org/free

Re: [Freeipa-devel] [patch 0038-0040] Sub CA test patches

On 06/27/2016 02:57 AM, Fraser Tweedale wrote: On Fri, Jun 24, 2016 at 12:08:24PM +0200, Milan Kubík wrote: On 06/24/2016 03:42 AM, Fraser Tweedale wrote: On Tue, Jun 21, 2016 at 05:01:35PM +0200, Milan Kubík wrote: Hi Fraser and list, I have made changes to the test plan on the wiki [1] acco

Re: [Freeipa-devel] [PATCH 0538-0540] DNS locations: epilogue

On 27.6.2016 11:43, Martin Basti wrote: > > > On 27.06.2016 10:56, Petr Spacek wrote: >> On 24.6.2016 12:25, Martin Basti wrote: >>> >>> On 23.06.2016 18:26, Petr Spacek wrote: On 23.6.2016 16:38, Martin Basti wrote: > Patches attached. > > > https://fedorahosted.org/freeipa/

Re: [Freeipa-devel] [PATCH] 0078 Fix IssuerDN presence check in cert search result

On 27.06.2016 08:34, Fraser Tweedale wrote: Attached patch fixes a problem with check for IssuerDN in Dogtag cert search results (found by Coverity; thanks to mbasti for brining to my attention). Cheers, Fraser ACK master: * 47d33f36507d7af16daff5b9f7e4b4acfc6d963b Fix IssuerDN presence ch

Re: [Freeipa-devel] [PATCH 0165] keep setting ipakrbprincipal objectclass on new service entries

On 27.6.2016 12:42, Martin Basti wrote: > > > On 27.06.2016 09:39, Martin Babinsky wrote: >> On 06/27/2016 07:56 AM, Martin Babinsky wrote: >>> On 06/24/2016 04:07 PM, Martin Babinsky wrote: This patch reverts commits 705f66f7490c64de1adc129221b31927616c485 and 06d945a04607dc36e25af7868

Re: [Freeipa-devel] [PATCH 0164] Fix incorrect construction of service principal during replica cleanup

On 24.06.2016 10:36, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5985 ACK Pushed to master: 9392b212719032a694ff47ae8802b46f9f58e718 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to Free

Re: [Freeipa-devel] [PATCH 0165] keep setting ipakrbprincipal objectclass on new service entries

On 27.06.2016 09:39, Martin Babinsky wrote: On 06/27/2016 07:56 AM, Martin Babinsky wrote: On 06/24/2016 04:07 PM, Martin Babinsky wrote: This patch reverts commits 705f66f7490c64de1adc129221b31927616c485 and 06d945a04607dc36e25af78688b4295420489fb9 responsible for https://fedorahosted.org/fr

Re: [Freeipa-devel] [PATCH 0544] ipa-rmkeytab, ipa-join: dont fail if gettext cannot be initialized

On 27.06.2016 12:22, Petr Spacek wrote: On 27.6.2016 08:36, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5973 Patch attached. ACK for this patch set. Interestingly it does not fix https://fedorahosted.org/freeipa/ticket/5978 On my broken IPA client it prints following messa

Re: [Freeipa-devel] [PATCH 0544] ipa-rmkeytab, ipa-join: dont fail if gettext cannot be initialized

On 27.6.2016 08:36, Martin Basti wrote: > https://fedorahosted.org/freeipa/ticket/5973 > > Patch attached. ACK for this patch set. Interestingly it does not fix https://fedorahosted.org/freeipa/ticket/5978 On my broken IPA client it prints following message: # /usr/sbin/ipa-rmkeytab -k /etc/kr

[Freeipa-devel] [PATCH 0139] DNS: Fix tests for realm domains integration with DNS zone ad

Hello, DNS: Fix tests for realm domains integration with DNS zone add We forgot to update tests after change in 22f4045f72daf182c44ce574291c0d8a7733713b. https://fedorahosted.org/freeipa/ticket/5980 It should go to master, 4-3, and 4-2 as well (as the original change). -- Petr^2 Spacek From

Re: [Freeipa-devel] [PATCH 0538-0540] DNS locations: epilogue

On 27.06.2016 10:56, Petr Spacek wrote: On 24.6.2016 12:25, Martin Basti wrote: On 23.06.2016 18:26, Petr Spacek wrote: On 23.6.2016 16:38, Martin Basti wrote: Patches attached. https://fedorahosted.org/freeipa/ticket/2008 freeipa-mbasti-0538-Revert-DNS-Locations-do-not-generate-locatio

Re: [Freeipa-devel] [PATCH 0138] replica-install: Compare domain names as DNS names and not string

On 27.6.2016 10:30, Martin Basti wrote: > > > On 23.06.2016 18:32, Petr Spacek wrote: >> Hello, >> >> replica-install: Compare domain names as DNS names and not strings >> >> This fixes false possitive where user inputs "example.com" and "EXAMPLE.COM" >> were not considered equivalent and install

Re: [Freeipa-devel] [PATCH 0020][Tests] Make ID views test reflect new krbcanonicalname attribute

On 06/27/2016 10:26 AM, Martin Babinsky wrote: On 06/23/2016 03:51 PM, Lenka Doudova wrote: Patch attached. Lenka Thanks for catching this. conditional ACK if you add https://fedorahosted.org/freeipa/ticket/3864 to the commit message. Ah, yes. New patch with fixed commit message att

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 06/27/2016 10:33 AM, Martin Babinsky wrote: On 06/27/2016 10:28 AM, Petr Spacek wrote: On 27.6.2016 10:26, Petr Spacek wrote: On 27.6.2016 10:18, Martin Babinsky wrote: On 06/27/2016 10:04 AM, Petr Vobornik wrote: On 06/27/2016 09:42 AM, Lenka Doudova wrote: Hi! With newly created AD m

Re: [Freeipa-devel] [PATCH 0538-0540] DNS locations: epilogue

On 24.6.2016 12:25, Martin Basti wrote: > > > On 23.06.2016 18:26, Petr Spacek wrote: >> On 23.6.2016 16:38, Martin Basti wrote: >>> Patches attached. >>> >>> >>> https://fedorahosted.org/freeipa/ticket/2008 >>> >>> >>> freeipa-mbasti-0538-Revert-DNS-Locations-do-not-generate-location-record.patc

Re: [Freeipa-devel] [PATCH 0052] Added missing nsSystemIndex attributes to .update file

On 24.06.2016 14:24, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5947 ACK Pushed to master: e136db019210e3e373fe96fe8331976c93b166f3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to F

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 06/27/2016 10:28 AM, Petr Spacek wrote: On 27.6.2016 10:26, Petr Spacek wrote: On 27.6.2016 10:18, Martin Babinsky wrote: On 06/27/2016 10:04 AM, Petr Vobornik wrote: On 06/27/2016 09:42 AM, Lenka Doudova wrote: Hi! With newly created AD machines in Brno lab, existing trust tests fail on

Re: [Freeipa-devel] [PATCH 0138] replica-install: Compare domain names as DNS names and not string

On 23.06.2016 18:32, Petr Spacek wrote: Hello, replica-install: Compare domain names as DNS names and not strings This fixes false possitive where user inputs "example.com" and "EXAMPLE.COM" were not considered equivalent and installation was wrongly refused. https://fedorahosted.org/freeipa

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 27.6.2016 10:26, Petr Spacek wrote: > On 27.6.2016 10:18, Martin Babinsky wrote: >> On 06/27/2016 10:04 AM, Petr Vobornik wrote: >>> On 06/27/2016 09:42 AM, Lenka Doudova wrote: Hi! With newly created AD machines in Brno lab, existing trust tests fail on 'ipa dnsforwardzone-a

Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

On Mon, Jun 27, 2016 at 10:06:23AM +0200, Oleg Fayans wrote: > Hi Sumit, > > I've updated the testplan. (Thank you for the link to Fraser's blogpost, > it was really very useful!). All the operations described were > performed manually and succeed. Could you please review it again in case > I for

Re: [Freeipa-devel] [PATCH 0020][Tests] Make ID views test reflect new krbcanonicalname attribute

On 06/23/2016 03:51 PM, Lenka Doudova wrote: Patch attached. Lenka Thanks for catching this. conditional ACK if you add https://fedorahosted.org/freeipa/ticket/3864 to the commit message. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.r

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 27.6.2016 10:18, Martin Babinsky wrote: > On 06/27/2016 10:04 AM, Petr Vobornik wrote: >> On 06/27/2016 09:42 AM, Lenka Doudova wrote: >>> Hi! >>> >>> With newly created AD machines in Brno lab, existing trust tests fail on >>> 'ipa dnsforwardzone-add' command claiming the zone is already presen

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 06/27/2016 10:10 AM, Lenka Doudova wrote: > > > On 06/27/2016 10:04 AM, Petr Vobornik wrote: >> On 06/27/2016 09:42 AM, Lenka Doudova wrote: >>> Hi! >>> >>> With newly created AD machines in Brno lab, existing trust tests fail on >>> 'ipa dnsforwardzone-add' command claiming the zone is alread

Re: [Freeipa-devel] DNS Locations: fix an issue found by coverity

On 27.06.2016 10:21, Martin Babinsky wrote: On 06/27/2016 08:34 AM, Martin Basti wrote: Shame, shame, shame on me. I forgot how to python when I was writing that originally. Patch attached. https://fedorahosted.org/freeipa/ticket/2008 ACK. master: * c6f7d94d5b39c213483909de34c61016b8e

Re: [Freeipa-devel] DNS Locations: fix an issue found by coverity

On 06/27/2016 08:34 AM, Martin Basti wrote: Shame, shame, shame on me. I forgot how to python when I was writing that originally. Patch attached. https://fedorahosted.org/freeipa/ticket/2008 ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https:/

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 06/27/2016 10:04 AM, Petr Vobornik wrote: On 06/27/2016 09:42 AM, Lenka Doudova wrote: Hi! With newly created AD machines in Brno lab, existing trust tests fail on 'ipa dnsforwardzone-add' command claiming the zone is already present, as new AD domain is dom-221.idm.lab.eng.brq.redhat.com.

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 06/27/2016 10:04 AM, Petr Vobornik wrote: On 06/27/2016 09:42 AM, Lenka Doudova wrote: Hi! With newly created AD machines in Brno lab, existing trust tests fail on 'ipa dnsforwardzone-add' command claiming the zone is already present, as new AD domain is dom-221.idm.lab.eng.brq.redhat.com.

Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

Hi Sumit, I've updated the testplan. (Thank you for the link to Fraser's blogpost, it was really very useful!). All the operations described were performed manually and succeed. Could you please review it again in case I forgot something? On 06/09/2016 05:06 PM, Sumit Bose wrote: > On Thu, Jun

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 06/27/2016 09:42 AM, Lenka Doudova wrote: > Hi! > > With newly created AD machines in Brno lab, existing trust tests fail on > 'ipa dnsforwardzone-add' command claiming the zone is already present, > as new AD domain is dom-221.idm.lab.eng.brq.redhat.com. > > To prevent these failures I prepar

[Freeipa-devel] [PATCH 0166] test-{service, host}-plugin: only expect krbcanonicalname when all=True

https://fedorahosted.org/freeipa/ticket/3864 -- Martin^3 Babinsky From 4f63ed2c710cac33da2fb11f354c6a46a265f42b Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Mon, 27 Jun 2016 09:40:17 +0200 Subject: [PATCH] test-{service,host}-plugin: only expect krbcanonicalname when all=True fixes inc

[Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

Hi! With newly created AD machines in Brno lab, existing trust tests fail on 'ipa dnsforwardzone-add' command claiming the zone is already present, as new AD domain is dom-221.idm.lab.eng.brq.redhat.com. To prevent these failures I prepared attached patch, that will still attempt to add the

Re: [Freeipa-devel] [PATCH 0165] keep setting ipakrbprincipal objectclass on new service entries

On 06/27/2016 07:56 AM, Martin Babinsky wrote: On 06/24/2016 04:07 PM, Martin Babinsky wrote: This patch reverts commits 705f66f7490c64de1adc129221b31927616c485 and 06d945a04607dc36e25af78688b4295420489fb9 responsible for https://fedorahosted.org/freeipa/ticket/5996 This should unblock replica

Re: [Freeipa-devel] [PATCH 0542] ipa-getkeytab: increase LDAP timeout

On 27.06.2016 09:31, Petr Spacek wrote: On 23.6.2016 17:28, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5842 Patch attached. I do not have reproducer but it seems reasonable. ACK. Pushed to master: deb99c11d4c0f7c5f68ed36b183f69281bf6 -- Manage your subscription for t

Re: [Freeipa-devel] [PATCH 0542] ipa-getkeytab: increase LDAP timeout

On 23.6.2016 17:28, Martin Basti wrote: > https://fedorahosted.org/freeipa/ticket/5842 > > > Patch attached. I do not have reproducer but it seems reasonable. ACK. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

On 27.6.2016 08:38, Florence Blanc-Renaud wrote: > Hi, > > this fix is a port of Bug 1131570 - Do not allow IdM server/replica/client > installation in a FIPS-140 mode > It prevents installation of FreeIPA if the host is fips-enabled. > > https://fedorahosted.org/freeipa/ticket/5761 > > freeipa-