URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
HonzaCholasta commented:
"""
Upgrade from 4.4.3 asks for a PKCS#12 file password and then fails:
```
Cleanup : freeipa-server-common-4.4.3-1.fc25.noarch
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
Hi @simo5
The command must also be able to return matching entries coming from trusted
domains, and SSSD is able to handle this part for us.
"""
See
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
dkupka commented:
"""
@stlaz Thanks. Then we really rather wait for 0.6.3.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#issuecomment-283264733
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/522
Author: frasertweedale
Title: #522: dogtag: remove redundant property definition
Action: edited
Changed field: body
Original value:
"""
The dogtag `ra' backend defines a `ca_host' property, which is also
defined (identically) by the
URL: https://github.com/freeipa/freeipa/pull/515
Title: #515: Re-add ipapython.config.config for backwards compatibilty
HonzaCholasta commented:
"""
Could we please revert to the original `IPAConfig` implementation rather than
wrapping around `api.env`? I know I'm the one who suggested it, but
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
@dkupka Those fixes should allow us to setup trusts again (more or less).
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/520
Title: #520: Change README to use Markdown
stlaz commented:
"""
https://github.com/freeipa/freeipa/pull/518 ?
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/520#issuecomment-283261220
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/444
Title: #444: Allow nsaccountlock to be searched in user-find commands
abbra commented:
"""
nsaccountlock is an operational attribute, not a normal one. I don't like it
being created all the time. You have to request it explicitly if you want to
URL: https://github.com/freeipa/freeipa/pull/515
Title: #515: Re-add ipapython.config.config for backwards compatibilty
HonzaCholasta commented:
"""
Could we please revert to the original `IPAConfig` implementation rather than
wrapping around `api.env`? I know I'm the one who suggested it, but
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
dkupka commented:
"""
@puiterwijk @MartinBasti with the redirection working it's not needed. But I
should get used to paste links to pagure. Updated.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/511
Author: dkupka
Title: #511: Bump required version of gssproxy to 0.6.2
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/511/head:pr511
git checkout pr511
URL: https://github.com/freeipa/freeipa/pull/444
Title: #444: Allow nsaccountlock to be searched in user-find commands
HonzaCholasta commented:
"""
No, it's not the right approach. This is an issue in the framework and that's
where it needs to be fixed - in the framework - rather than working
URL: https://github.com/freeipa/freeipa/pull/523
Author: frasertweedale
Title: #523: cert-request: minor refactors
Action: opened
PR body:
"""
A couple of minor refactors done as part of GSS-API work
(https://pagure.io/freeipa/issue/5011).
"""
To pull the PR as Git branch:
git remote add
URL: https://github.com/freeipa/freeipa/pull/522
Author: frasertweedale
Title: #522: dogtag: remove redundant property definition
Action: opened
PR body:
"""
The dogtag `ra' backend defines a `ca_host' property, which is also
defined (identically) by the `RestClient' class, which recently
URL: https://github.com/freeipa/freeipa/pull/521
Author: redhatrises
Title: #521: Add nsaccountlock to user attributes when a new user is created
Action: edited
Changed field: body
Original value:
"""
This adds a the `nsaccountlock` attribute to a user upon account creation. This
addresses
URL: https://github.com/freeipa/freeipa/pull/521
Author: redhatrises
Title: #521: Add nsaccountlock to user attributes when a new user is created
Action: opened
PR body:
"""
This adds a the `nsaccountlock` attribute to a user upon account creation. This
addresses newly created accounts;
URL: https://github.com/freeipa/freeipa/pull/520
Author: pvoborni
Title: #520: Change README to use Markdown
Action: opened
PR body:
"""
So that it will be nicely formatted on FreeIPA Pagure landing page.
https://pagure.io/freeipa
Some links were updated as other projects also moved to
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
simo5 commented:
"""
Why do we need to talk to SSSD to do this?
Don't we have all the needed data in LDAP already ?
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/515
Title: #515: Re-add ipapython.config.config for backwards compatibilty
tiran commented:
"""
I can add a deprecation warning after we have agreed upon a new API. What's the
official way to get the values w/o requiring credentials?
"""
See the
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
puiterwijk commented:
"""
@MartinBasti Yeah, I know. I just figured that since it's not merged yet, we
might as well just change it :).
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
MartinBasti commented:
"""
@puiterwijk It shouldn't be an issue with
https://pagure.io/fedora-infrastructure/issue/5845 fixed :)
but yes since this is not acked yet commit should be updated
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
puiterwijk commented:
"""
Perhaps it'd be an idea to update the ticket link in the code to
https://pagure.io/freeipa/issue/6698 ?
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/475
Title: #475: Add options to run only ipaclient unittests
tiran commented:
"""
I pushed an alternative approach that checks for the option and raises skip in
packages. It needs some extra workaround in the integration plugin.
"""
See the full
URL: https://github.com/freeipa/freeipa/pull/515
Title: #515: Re-add ipapython.config.config for backwards compatibilty
MartinBasti commented:
"""
IIRC we agreed that there should be warning that this is deprecated and
`api.env` should be used instead.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/475
Author: tiran
Title: #475: Add options to run only ipaclient unittests
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/475/head:pr475
git checkout pr475
URL: https://github.com/freeipa/freeipa/pull/519
Title: #519: WebUI: add sizelimit:0 to cert-find
pvoborni commented:
"""
LGTM
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/519#issuecomment-283096563
--
Manage your subscription for the Freeipa-devel mailing list:
URL: https://github.com/freeipa/freeipa/pull/444
Title: #444: Allow nsaccountlock to be searched in user-find commands
MartinBasti commented:
"""
@redhatrises IMO for new users we can always create that attribute in LDAP,
that should limit bad behavior. I wouldn't add it to user-add, usually
URL: https://github.com/freeipa/freeipa/pull/475
Title: #475: Add options to run only ipaclient unittests
martbab commented:
"""
Oh my, every time I think about something nice that should work there is some
corner case that ruins it.
I guess that one way to work around it would be to keep the
URL: https://github.com/freeipa/freeipa/pull/475
Title: #475: Add options to run only ipaclient unittests
tiran commented:
"""
I'm not a big fan either. Can you come up with a better solution that does not
result in import errors? Because the module marker or class markers still
import the
URL: https://github.com/freeipa/freeipa/pull/444
Title: #444: Allow nsaccountlock to be searched in user-find commands
redhatrises commented:
"""
@MartinBasti sorry for the late reply, but yes, this is a bug. If
'nsaccountlock' doesn't exist, it should return as `Account disabled = False`.
I
URL: https://github.com/freeipa/freeipa/pull/475
Title: #475: Add options to run only ipaclient unittests
martbab commented:
"""
I am not a big fan of mixing filename matching and markers in this PR. I feel
that using only one of those approaches is a more cleaner solution and it seems
that
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
stlaz commented:
"""
Fixed another issue with CA-less to CA-full upgrade.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/367#issuecomment-283057864
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/448
Title: #448: Tests: Basic coverage with tree root domain
gkaihorodova commented:
"""
Thanks you for review. Let's hope for the best .
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/448#issuecomment-283057505
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/448
Title: #448: Tests: Basic coverage with tree root domain
martbab commented:
"""
The patch looks ok, let's hope that our CI will play nice with it.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/448#issuecomment-283054583
--
URL: https://github.com/freeipa/freeipa/pull/400
Title: #400: WebUI: Certificate Mapping
pvomacka commented:
"""
Hi @flo-renaud
Thank you for review.
The issue about certificates is different and here is the fix:
https://github.com/freeipa/freeipa/pull/519
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/518
Title: #518: README to README.md
stlaz commented:
"""
I stopped the Travis jobs so that it does not eat the resources it for the
needy.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/518#issuecomment-283035128
--
Manage
URL: https://github.com/freeipa/freeipa/pull/519
Author: pvomacka
Title: #519: WebUI: add sizelimit:0 to cert-find
Action: opened
PR body:
"""
It was not possible to get all arbitrary certificates which were added
using {user|host|service|idview}-add-cert method. Adding sizelimit:0
to this
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
martbab commented:
"""
I have added a commit that fixes the choeck for missing dependencies in
composite installers.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/479
Author: martbab
Title: #479: Merge AD trust installer into composite ones
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/479/head:pr479
git checkout pr479
URL: https://github.com/freeipa/freeipa/pull/420
Title: #420: Allow login to WebUI using Kerberos aliases/enterprise principals
martbab commented:
"""
Now that privilege separation was implemented I have rebased the PR and request
a proper review of this patch.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/420
Author: martbab
Title: #420: Allow login to WebUI using Kerberos aliases/enterprise principals
Action: edited
Changed field: title
Original value:
"""
WIP: Allow login to WebUI using Kerberos aliases/enterprise principals
"""
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/420
Author: martbab
Title: #420: WIP: Allow login to WebUI using Kerberos aliases/enterprise
principals
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
On ti, 28 helmi 2017, Martin Babinsky wrote:
Hello list,
I have put together a draft of design page describing server-side
implementation of user short name -> fully-qualified name
resolution.[1]
In the end I have taken the liberty to change a few aspects of the
design we have agreed on
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
stlaz commented:
"""
The issues should hopefully be fixed
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/367#issuecomment-283028836
--
Manage your subscription for the Freeipa-devel
URL: https://github.com/freeipa/freeipa/pull/518
Author: stlaz
Title: #518: README to README.md
Action: opened
PR body:
"""
Pagure can't cope with README very well, move to README.md in spirit of
Hello list,
I have put together a draft of design page describing server-side
implementation of user short name -> fully-qualified name resolution.[1]
In the end I have taken the liberty to change a few aspects of the
design we have agreed on before and I will be grad if we can discuss
them
On 02/28/2017 12:48 PM, Martin Basti wrote:
On 28.02.2017 12:38, Lukas Slebodnik wrote:
On (28/02/17 12:17), Martin Basti wrote:
On 28.02.2017 12:03, Petr Vobornik wrote:
On 02/28/2017 12:00 PM, Petr Vobornik wrote:
On 02/27/2017 12:46 PM, Petr Vobornik wrote:
Hello list,
today and
On 28.02.2017 12:38, Lukas Slebodnik wrote:
On (28/02/17 12:17), Martin Basti wrote:
On 28.02.2017 12:03, Petr Vobornik wrote:
On 02/28/2017 12:00 PM, Petr Vobornik wrote:
On 02/27/2017 12:46 PM, Petr Vobornik wrote:
Hello list,
today and tomorrow a migration of FreeIPA issue tracker[1]
On (28/02/17 12:17), Martin Basti wrote:
>
>
>On 28.02.2017 12:03, Petr Vobornik wrote:
>> On 02/28/2017 12:00 PM, Petr Vobornik wrote:
>> > On 02/27/2017 12:46 PM, Petr Vobornik wrote:
>> > > Hello list,
>> > >
>> > > today and tomorrow a migration of FreeIPA issue tracker[1] and git repo
>> > >
On 28.02.2017 12:03, Petr Vobornik wrote:
On 02/28/2017 12:00 PM, Petr Vobornik wrote:
On 02/27/2017 12:46 PM, Petr Vobornik wrote:
Hello list,
today and tomorrow a migration of FreeIPA issue tracker[1] and git repo
will take place.
It is due to FedoraHosted sunset [2]. Both will be
URL: https://github.com/freeipa/freeipa/pull/517
Author: tiran
Title: #517: [WIP] Use Custodia 0.3 features
Action: opened
PR body:
"""
* Use sd-notify in ipa-custodia.service
* Introduce libexec/ipa/ipa-custodia script. It comes with correct
default setting for IPA's config file. The new
On 02/27/2017 12:46 PM, Petr Vobornik wrote:
Hello list,
today and tomorrow a migration of FreeIPA issue tracker[1] and git repo
will take place.
It is due to FedoraHosted sunset [2]. Both will be migrated to pagure.io
[3].
During this migration it won't be possible to add new tickets and
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
abbra commented:
"""
One thing I don't like is that SELinux policy requirements aren't mentioned. To
allow ipaapi user to talk to SSSD dbus interface, you have to have a policy
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
flo-renaud commented:
"""
Note: this PR is work in progress. It requires PR#398 Support for Certificate
Identity Mapping and sssd patches not pushed yet.
"""
See the full
URL: https://github.com/freeipa/freeipa/pull/516
Author: flo-renaud
Title: #516: IdM Server: list all Employees with matching Smart Card
Action: opened
PR body:
"""
Implement a new IPA command allowing to retrieve the list of users matching the
provided certificate.
The command is using SSSD
URL: https://github.com/freeipa/freeipa/pull/488
Title: #488: Speed up client schema cache
tiran commented:
"""
@dkupka Makes sense, I dropped the temporary buffer and replaced the file
locking logic with tempfile + os.rename.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/488
Author: tiran
Title: #488: Speed up client schema cache
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/488/head:pr488
git checkout pr488
From
URL: https://github.com/freeipa/freeipa/pull/400
Title: #400: WebUI: Certificate Mapping
flo-renaud commented:
"""
Hi @pvomacka
Thank you for the updated PR.
I probably wongly advised you to replace 'usercertificate' with 'certificate'
in one extra place where it was not needed, because now
URL: https://github.com/freeipa/freeipa/pull/488
Title: #488: Speed up client schema cache
dkupka commented:
"""
@tiran Currently the file is first copied into BytesIO and then all reading is
done from it. Your modification IMO supersedes the need for the BytesIO copy
because everything is
URL: https://github.com/freeipa/freeipa/pull/434
Author: LiptonB
Title: #434: csrgen: Automate full cert request flow
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/434/head:pr434
git checkout pr434
--
Manage
URL: https://github.com/freeipa/freeipa/pull/434
Title: #434: csrgen: Automate full cert request flow
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/434
Title: #434: csrgen: Automate full cert request flow
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/39a5d9c5aae77687f67d9be02457733bdfb99ead
URL: https://github.com/freeipa/freeipa/pull/434
Title: #434: csrgen: Automate full cert request flow
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
63 matches
Mail list logo