Re: [Freeipa-devel] [DESIGN] Text-based rules for CSR autogeneration using Jinja2

On 07/20/2016 12:21 PM, Simo Sorce wrote: On Wed, 2016-07-20 at 12:14 -0400, Ben Lipton wrote: On 07/20/2016 10:37 AM, Simo Sorce wrote: On Wed, 2016-07-20 at 10:17 -0400, Ben Lipton wrote: On 07/20/2016 06:27 AM, Simo Sorce wrote: On Tue, 2016-07-19 at 16:20 -0400, Ben Lipton wrote: Hi, I

Re: [Freeipa-devel] [DESIGN] Text-based rules for CSR autogeneration using Jinja2

On Wed, 2016-07-20 at 12:14 -0400, Ben Lipton wrote: > On 07/20/2016 10:37 AM, Simo Sorce wrote: > > > > On Wed, 2016-07-20 at 10:17 -0400, Ben Lipton wrote: > > > > > > On 07/20/2016 06:27 AM, Simo Sorce wrote: > > > > > > > > On Tue, 2016-07-19 at 16:20 -0400, Ben Lipton wrote: > > > > > > >

Re: [Freeipa-devel] [DESIGN] Text-based rules for CSR autogeneration using Jinja2

On 07/20/2016 10:37 AM, Simo Sorce wrote: On Wed, 2016-07-20 at 10:17 -0400, Ben Lipton wrote: On 07/20/2016 06:27 AM, Simo Sorce wrote: On Tue, 2016-07-19 at 16:20 -0400, Ben Lipton wrote: Hi, I have updated the design page http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Gene

Re: [Freeipa-devel] [PATCH 0028][Tests] Fix failing user tests

On 07/20/2016 04:11 PM, Lenka Doudova wrote: On 07/20/2016 02:04 PM, Martin Babinsky wrote: On 07/15/2016 06:10 PM, Lenka Doudova wrote: Hi, here's patch with fix for failing user tests, specifically tests with renaming users. Failures were caused by RFE Kerberos principal aliases. As part

Re: [Freeipa-devel] [PATCH] 0002 New User Role Tests

Sorry for late reply, I was waiting how the discussion with tracker improvement will end, but since there's no progress and I'm leaving soon, I'm attaching new patch. I also created mapping between old and new tests [1], to make life of reviewer easier. Number in first column denotes line

[Freeipa-devel] [PATCH] 0078-82: webui tests: tests for new certificate widget

Please review attached patches, which add tests for new certificate widget in WebUI. https://fedorahosted.org/freeipa/ticket/6064 -- Pavel^3 Vomacka From 66879ea9d38ea42e2ac5641d0f89643edea83d16 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Wed, 20 Jul 2016 16:27:47

[Freeipa-devel] [PATCH 0002][Tests] Small fix for dns_plugin tests

Greetings! Fix for ipatests/test_xmlrpc/test_dns_plugin.py Fix conflict between “got” and “expected” values when testing "dnsconfig_mod: Update global DNS settings" Best regards, Ganna Kaihorodova Associate Software Quality Engineer From 94899bbb538129384a7faa22be1228e2fcd453cf Mon Sep 17

Re: [Freeipa-devel] [PATCH] webui test: bunch of patches which fix webui patches

On 07/11/2016 06:33 PM, Pavel Vomacka wrote: Hello, please review these patches. First four of them fixes patches and the last one fixes small bug in WebUI which causes that some tests fail. https://fedorahosted.org/freeipa/ticket/6050 https://fedorahosted.org/freeipa/ticket/6052

Re: [Freeipa-devel] [PATCH] 0011 server uninstall fails to remove krb principals

On 19.07.2016 12:56, Petr Vobornik wrote: On 07/11/2016 09:52 AM, Florence Blanc-Renaud wrote: Hi, please find a patch for the 3rd issue of ticket 6012. https://fedorahosted.org/freeipa/ticket/6012 bump for review ACK Pushed to master: a0d90263d62f48f0c04b8b9e7da3aaa10201c3a0 --

Re: [Freeipa-devel] [PATCH 0180] allow multiple dashes in the components of server hostname

On 04.07.2016 12:54, Martin Babinsky wrote: The PKI bug preventing use of multiple dashes in hostnames [1] was already fixed. We may now relax our own syntax constraints. https://fedorahosted.org/freeipa/ticket/4710 [1] https://fedorahosted.org/pki/ticket/1260 ACK Pushed to master:

Re: [Freeipa-devel] [DESIGN] Text-based rules for CSR autogeneration using Jinja2

On 07/20/2016 06:27 AM, Simo Sorce wrote: On Tue, 2016-07-19 at 16:20 -0400, Ben Lipton wrote: Hi, I have updated the design page http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generati on/Mapping_Rules with my plan for implementing user-configurable rules for mapping IPA data

Re: [Freeipa-devel] [PATCH 0001][Tests] Fix for dns_plugin tests

Hello, On 19.07.2016 17:45, Ganna Kaihorodova wrote: Greetings! Fix for ipatests/test_xmlrpc/test_dns_plugin.py (test_forwardzone_delegation_warnings.test) You can't have a DNS zone with the authoritative nameserver that does not have a A or record in the local DNS. Not true

Re: [Freeipa-devel] [PATCH 0028][Tests] Fix failing user tests

On 07/20/2016 02:04 PM, Martin Babinsky wrote: On 07/15/2016 06:10 PM, Lenka Doudova wrote: Hi, here's patch with fix for failing user tests, specifically tests with renaming users. Failures were caused by RFE Kerberos principal aliases. As part of the fix, I had to rewrite few of the tests

Re: [Freeipa-devel] PATCH: Improve on #2795 patches

On 20/07/16 12:11, Simo Sorce wrote: Attached patch introduces a helper function and avoids the questionable replace+delete operations where possible (still employed in the entry_to_mods function). Compiles and I am about to test it, but I'd like feedback on it if anyone wants to take a look.

Re: [Freeipa-devel] [freeipa] #6002: Default CA can be used without an ACL

On 19.7.2016 09:01, Fraser Tweedale wrote: On Tue, Jul 19, 2016 at 08:26:22AM +0200, Jan Cholasta wrote: Hi, On 4.7.2016 09:06, Fraser Tweedale wrote: On Tue, Jun 28, 2016 at 01:47:23PM -, freeipa wrote: #6002: Default CA can be used without an ACL Comment (by ftweedal): This is

Re: [Freeipa-devel] [PATCH 0029][Tests] Adding authentication test to trust test suite

On 07/19/2016 10:41 AM, Lenka Doudova wrote: Hi, this patch adds authentication test (specifically "kinit -E ipauser@IPADOMAIN") to basic trust test suite, as requested by Sumit. Intended to be applied after my patches 25.4 and 26.3 (already waiting to be pushed). Lenka Hi Lenka, Code

Re: [Freeipa-devel] [PATCH 0028][Tests] Fix failing user tests

On 07/15/2016 06:10 PM, Lenka Doudova wrote: Hi, here's patch with fix for failing user tests, specifically tests with renaming users. Failures were caused by RFE Kerberos principal aliases. As part of the fix, I had to rewrite few of the tests themselves, since they used "--setattr" option

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 20.7.2016 13:15, Martin Babinsky wrote: On 07/20/2016 12:08 PM, Martin Babinsky wrote: On 07/19/2016 01:25 PM, Martin Babinsky wrote: On 07/19/2016 01:13 PM, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Martin Babinsky wrote: On 07/18/2016 12:29 PM, Martin Babinsky wrote: > On 07/18/2016

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 07/20/2016 12:08 PM, Martin Babinsky wrote: On 07/19/2016 01:25 PM, Martin Babinsky wrote: On 07/19/2016 01:13 PM, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Martin Babinsky wrote: On 07/18/2016 12:29 PM, Martin Babinsky wrote: > On 07/18/2016 10:01 AM, Jan Cholasta wrote: > > Hi, > > >

Re: [Freeipa-devel] [PATCH] 0010 Show full error message for selinuxusermap-add-hostgroup

On 20.7.2016 11:46, Florence Blanc-Renaud wrote: On 07/20/2016 10:50 AM, Jan Cholasta wrote: On 20.7.2016 10:26, Florence Blanc-Renaud wrote: On 07/18/2016 02:52 PM, Florence Blanc-Renaud wrote: On 07/18/2016 08:20 AM, Jan Cholasta wrote: Hi, On 7.7.2016 16:40, Florence Blanc-Renaud wrote:

Re: [Freeipa-devel] [DESIGN] Text-based rules for CSR autogeneration using Jinja2

On Tue, 2016-07-19 at 16:20 -0400, Ben Lipton wrote: > Hi, > > I have updated the design page  > http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generati > on/Mapping_Rules  > with my plan for implementing user-configurable rules for mapping > IPA  > data into certificate requests.

[Freeipa-devel] PATCH: Improve on #2795 patches

Attached patch introduces a helper function and avoids the questionable replace+delete operations where possible (still employed in the entry_to_mods function). Compiles and I am about to test it, but I'd like feedback on it if anyone wants to take a look. Simo.From

Re: [Freeipa-devel] [PATCH 190] expose `--secret` option in radiusproxy-* commands

On 07/19/2016 12:32 PM, Jan Cholasta wrote: Hi, On 18.7.2016 13:51, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/6078 I don't think we want the secret searchable. Add a 'no_search' flag to the param to fix that. Honza 'no_search' flag breaks the API backwards

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 07/19/2016 01:25 PM, Martin Babinsky wrote: On 07/19/2016 01:13 PM, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Martin Babinsky wrote: On 07/18/2016 12:29 PM, Martin Babinsky wrote: > On 07/18/2016 10:01 AM, Jan Cholasta wrote: > > Hi, > > > > On 16.7.2016 12:46, Alexander Bokovoy wrote:

Re: [Freeipa-devel] [PATCH] 0010 Show full error message for selinuxusermap-add-hostgroup

On 07/20/2016 10:50 AM, Jan Cholasta wrote: On 20.7.2016 10:26, Florence Blanc-Renaud wrote: On 07/18/2016 02:52 PM, Florence Blanc-Renaud wrote: On 07/18/2016 08:20 AM, Jan Cholasta wrote: Hi, On 7.7.2016 16:40, Florence Blanc-Renaud wrote: On 07/07/2016 01:23 PM, Petr Vobornik wrote: On

Re: [Freeipa-devel] [PATCH] 0010 Show full error message for selinuxusermap-add-hostgroup

On 20.7.2016 10:26, Florence Blanc-Renaud wrote: On 07/18/2016 02:52 PM, Florence Blanc-Renaud wrote: On 07/18/2016 08:20 AM, Jan Cholasta wrote: Hi, On 7.7.2016 16:40, Florence Blanc-Renaud wrote: On 07/07/2016 01:23 PM, Petr Vobornik wrote: On 07/05/2016 02:38 PM, Florence Blanc-Renaud

Re: [Freeipa-devel] [PATCH] 0010 Show full error message for selinuxusermap-add-hostgroup

On 07/18/2016 02:52 PM, Florence Blanc-Renaud wrote: On 07/18/2016 08:20 AM, Jan Cholasta wrote: Hi, On 7.7.2016 16:40, Florence Blanc-Renaud wrote: On 07/07/2016 01:23 PM, Petr Vobornik wrote: On 07/05/2016 02:38 PM, Florence Blanc-Renaud wrote: Hi, the output of ipa

Re: [Freeipa-devel] [Design Review Request] V4/Automatic_Certificate_Request_Generation

Hi, On 17.6.2016 00:06, Ben Lipton wrote: On 06/14/2016 08:27 AM, Ben Lipton wrote: Hello all, I have written up a design proposal for making certificate requests easier to generate when using alternate certificate profiles: