rename it to server-common?
To me it seems that the real problem is that IPA should continue to work
with plain bind after upgrade, without DNSSEC which is optional anyway,
but it does not. Why not fix that instead?
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing
Dne 25.6.2015 v 19:01 Endi Sukma Dewata napsal(a):
On 6/25/2015 12:35 AM, Jan Cholasta wrote:
I think it would be better to use a new attribute type which inherits
from ipaPublicKey (ipaVaultPublicKey?) rather than ipaPublicKey
directly
for assymetric vault public keys, so that assymetric
Dne 30.6.2015 v 12:29 Simo Sorce napsal(a):
On Tue, 2015-06-30 at 11:47 +0200, Jan Cholasta wrote:
Dne 27.6.2015 v 00:21 Simo Sorce napsal(a):
If I try to create a custom api with something like:
myapi = create_api(mode=None)
myapi.finalize()
I get back a stacktrace in the aci plugin
Dne 30.6.2015 v 17:55 Tomas Babej napsal(a):
On 06/16/2015 01:01 PM, Jan Cholasta wrote:
Also please rename the class to MigrateWinsync, for consistency.
Naming is consistent, the tool is called ipa-winsync-migrate, class is
called WinsyncMigrate. This is consistent with other IPA tools
api.env.container_user and other stuff.
Do I always have to api.finalize() before creating new api objects ?
Is there a way to load only the env (all I am really interested in)
without loading any plugin ?
The bootstrap method initializes env:
myapi = create_api(mode=None)
myapi.bootstrap()
--
Jan
.
I have also added two negative test cases which deal with incorrectly
encoded and formatted certificates.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page
Hi,
the attached patches fix https://fedorahosted.org/freeipa/ticket/3090
and https://fedorahosted.org/freeipa/ticket/5073.
Honza
--
Jan Cholasta
From f7d33fa9f10da20460fb3d1c0a62c96742edab29 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 24 Jun 2015 15:14:54
Dne 23.6.2015 v 05:27 Endi Sukma Dewata napsal(a):
Please take a look at the new patch.
On 6/17/2015 1:32 AM, Jan Cholasta wrote:
I think it would be better to use a new attribute type which inherits
from ipaPublicKey (ipaVaultPublicKey?) rather than ipaPublicKey
directly
for assymetric vault
Hi,
Dne 23.6.2015 v 22:37 Simo Sorce napsal(a):
An option was added by mistake to ipa-replica-install during the
refactoring.
ACK.
Pushed to master: 49d708f00fd13903dbd96193aac2c608e3512398
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https
: Mon Jun 8 05:23:56 2015 +
Move CA installation code into single module.
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: Jan Cholasta jchol...@redhat.com
During the execution of ipa-replica-prepare, the RA cert (nickname
ipaCert) gets added to the /etc
Dne 15.6.2015 v 17:29 thierry bordaz napsal(a):
On 06/15/2015 05:00 PM, Simo Sorce wrote:
On Mon, 2015-06-15 at 16:48 +0200, Petr Vobornik wrote:
On 06/09/2015 02:02 PM, Jan Cholasta wrote:
Dne 20.5.2015 v 11:26 Jan Cholasta napsal(a):
Dne 18.5.2015 v 10:33 thierry bordaz napsal(a):
On 05
Dne 18.6.2015 v 09:30 Jan Cholasta napsal(a):
Dne 15.6.2015 v 17:29 thierry bordaz napsal(a):
On 06/15/2015 05:00 PM, Simo Sorce wrote:
On Mon, 2015-06-15 at 16:48 +0200, Petr Vobornik wrote:
On 06/09/2015 02:02 PM, Jan Cholasta wrote:
Dne 20.5.2015 v 11:26 Jan Cholasta napsal(a):
Dne
Dne 17.6.2015 v 19:18 Drew Erny napsal(a):
On 06/17/2015 01:24 AM, Jan Cholasta wrote:
Dne 16.6.2015 v 20:29 Drew Erny napsal(a):
Hi, All,
...
Call
api.Backend.rpcclient.connect(ccache=krbV.default_context().default_ccache())
to make the problem go away.
This doesn't work. The Flask
Dne 16.6.2015 v 01:02 Endi Sukma Dewata napsal(a):
On 6/15/2015 2:22 AM, Jan Cholasta wrote:
I think it would be better to use a new attribute type which inherits
from ipaPublicKey (ipaVaultPublicKey?) rather than ipaPublicKey directly
for assymetric vault public keys, so that assymetric public
by that, what could the causes be?
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Dne 16.6.2015 v 10:14 Martin Babinsky napsal(a):
On 05/06/2015 10:12 AM, Tomas Babej wrote:
On 05/05/2015 02:02 PM, Tomas Babej wrote:
On 04/29/2015 12:28 PM, Tomas Babej wrote:
On 03/11/2015 04:20 PM, Jan Cholasta wrote:
Hi,
Dne 10.3.2015 v 16:35 Tomas Babej napsal(a):
On 03/09
proper crud base
classes.
Just for the record, this changes API, right? It would be better to have this
in Alpha planned for this week. Not a blocker for Alpha though, we can give
warning that the internal API may change before GA.
--
Jan Cholasta
--
Manage your subscription for the Freeipa
Dne 15.6.2015 v 09:22 Jan Cholasta napsal(a):
Dne 10.6.2015 v 08:13 Martin Kosek napsal(a):
On 06/09/2015 11:13 PM, Endi Sukma Dewata wrote:
Please take a look at the attached patch to add symmetric
asymmetric vaults.
Some comments about the patch:
I think it would be better to use a new
Dne 11.6.2015 v 07:16 Fraser Tweedale napsal(a):
On Wed, Jun 10, 2015 at 03:50:22PM +0200, Martin Basti wrote:
On 10/06/15 13:57, Martin Kosek wrote:
On 06/10/2015 01:50 PM, Jan Cholasta wrote:
Dne 10.6.2015 v 13:44 Martin Basti napsal(a):
On 10/06/15 06:40, Fraser Tweedale wrote:
On Tue
Hi,
the attached patch reverts logging in ipa-server-install and
ipa-replica-install to the old behavior.
Honza
--
Jan Cholasta
From c0c3e98be38484638bf670587775bbc9dfda2501 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 11 Jun 2015 13:04:31 +
Subject: [PATCH
Dne 11.6.2015 v 16:46 Martin Basti napsal(a):
On 11/06/15 15:28, Jan Cholasta wrote:
Hi,
the attached patch reverts logging in ipa-server-install and
ipa-replica-install to the old behavior.
Honza
ACK
Thanks.
Pushed to master: bae80b00a668b678c608d04c1b5d96871a85ece9
--
Jan Cholasta
Hi,
the attached patches fix several shortcomings in ipa-kra-install, see
commit messages.
https://fedorahosted.org/freeipa/ticket/3872
(Patch 434 was introduced in
https://www.redhat.com/archives/freeipa-devel/2015-June/msg00035.html.)
Honza
--
Jan Cholasta
From
).
There is a commit that seems to indicate that substring index is
needed, so I have included substring indices in this patchset.
Copied Honza in case he wants to comment.
commit a10521a1dcf69960d6ce0bf5657180b709c297c0
Author: Jan Cholasta jchol...@redhat.com
Date: Tue Jun 25 13:16:40
Dne 8.6.2015 v 12:04 Jan Cholasta napsal(a):
Dne 5.6.2015 v 21:50 Endi Sukma Dewata napsal(a):
On 6/5/2015 7:13 AM, Jan Cholasta wrote:
BTW, ipa-kra-install is broken with pki-core-10.2.4-1, but it works with
pki-core-10.2.1-3.
There's a bug in IPA: https://bugzilla.redhat.com/show_bug.cgi
Dne 10.6.2015 v 09:28 David Kupka napsal(a):
On 06/09/2015 02:06 PM, Jan Cholasta wrote:
Hi,
the attached patches implement another part of
https://fedorahosted.org/freeipa/ticket/4468.
Honza
Works for me, ACK.
Thanks.
Pushed to master: 46cbe26b51f7ac8f24351d165c50d415326f
--
Jan
Dne 10.6.2015 v 18:14 David Kupka napsal(a):
Dne 10.6.2015 v 18:08 David Kupka napsal(a):
Dne 10.6.2015 v 13:25 Jan Cholasta napsal(a):
Hi,
the attached patches fix several shortcomings in ipa-kra-install, see
commit messages.
https://fedorahosted.org/freeipa/ticket/3872
(Patch 434
Dne 20.5.2015 v 11:26 Jan Cholasta napsal(a):
Dne 18.5.2015 v 10:33 thierry bordaz napsal(a):
On 05/15/2015 04:44 PM, David Kupka wrote:
Hello Thierry,
thanks for the patch set. Overall functionality of ULC feature looks
good to
me and is definitely alpha ready.
I found following issues
There was also an unrelated problem in replicainstall.py which I also
fixed, see the other attachment.
Pushed to master under the one-liner rule:
e01095dfb33aaef0ab1babf86a71d70410b666ed
--
Jan Cholasta
From f958c692dd2a81a652bce555474b4b6380e920f4 Mon Sep 17 00:00:00 2001
From: David Kupka dku
Dne 5.6.2015 v 21:50 Endi Sukma Dewata napsal(a):
On 6/5/2015 7:13 AM, Jan Cholasta wrote:
If KRA is not installed, vault-archive and vault-retrieve fail with
internal error.
Added a code to check KRA installation in all vault commands. If you
know a way not to load the vault plugin
Dne 8.6.2015 v 12:09 Jan Cholasta napsal(a):
Dne 8.6.2015 v 08:25 Jan Cholasta napsal(a):
Dne 5.6.2015 v 14:16 David Kupka napsal(a):
On 06/03/2015 05:49 PM, David Kupka wrote:
Updated patch attached.
ACK. The patch needed a rebase and there was a bug in
ipa-replica-install, I took care
Dne 8.6.2015 v 15:19 Martin Basti napsal(a):
On 08/06/15 15:17, Martin Basti wrote:
On 08/06/15 12:12, Jan Cholasta wrote:
Dne 3.6.2015 v 15:02 Martin Basti napsal(a):
On 02/06/15 15:21, Jan Cholasta wrote:
Dne 11.5.2015 v 13:41 Jan Cholasta napsal(a):
Dne 6.5.2015 v 08:22 Jan Cholasta
Dne 8.6.2015 v 17:27 Martin Basti napsal(a):
On 08/06/15 15:53, Jan Cholasta wrote:
Dne 8.6.2015 v 15:19 Martin Basti napsal(a):
On 08/06/15 15:17, Martin Basti wrote:
On 08/06/15 12:12, Jan Cholasta wrote:
Dne 3.6.2015 v 15:02 Martin Basti napsal(a):
On 02/06/15 15:21, Jan Cholasta wrote
Dne 8.6.2015 v 17:04 David Kupka napsal(a):
On 06/08/2015 04:23 PM, Jan Cholasta wrote:
Dne 8.6.2015 v 12:09 Jan Cholasta napsal(a):
Dne 8.6.2015 v 08:25 Jan Cholasta napsal(a):
Dne 5.6.2015 v 14:16 David Kupka napsal(a):
On 06/03/2015 05:49 PM, David Kupka wrote:
Updated patch attached
Dne 3.6.2015 v 14:17 Jan Cholasta napsal(a):
Dne 2.6.2015 v 02:00 Endi Sukma Dewata napsal(a):
Please take a look at the updated patch.
On 5/27/2015 12:39 AM, Jan Cholasta wrote:
21) vault_archive is not a retrieve operation, it should be
based on
LDAPUpdate instead of LDAPRetrieve
profiles to ACL - this has
the desirable effect of making sure the profile actually exists :)
Pushed 1 to 11 to master: a931d3edc00f7578223df2afeebdf2da3dd85a68
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
-archive name --user mkosek --std-in
Yes please, a way to pass in via stdin is extremely useful, as leaving
files on the filesystem is also a big risk.
This will not work well, it should use the normal prompting mechanism:
$ ipa vault-archive name --user user
Data: type data here
--
Jan Cholasta
.
rob
Thank you, ACK!
Pushed to master: a92328452dced34d6d6df7ad6fe585563bb909f6
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Dne 3.6.2015 v 14:58 Endi Sukma Dewata napsal(a):
On 6/2/2015 1:34 PM, Simo Sorce wrote:
On Tue, 2015-06-02 at 12:04 +0200, Jan Cholasta wrote:
Dne 2.6.2015 v 02:02 Endi Sukma Dewata napsal(a):
On 5/28/2015 12:46 AM, Jan Cholasta wrote:
On a related note, since KRA is optional, can we move
Dne 2.6.2015 v 02:00 Endi Sukma Dewata napsal(a):
Please take a look at the updated patch.
On 5/27/2015 12:39 AM, Jan Cholasta wrote:
21) vault_archive is not a retrieve operation, it should be
based on
LDAPUpdate instead of LDAPRetrieve. Or Command actually, since it
does
not do anything
Dne 3.6.2015 v 15:20 Simo Sorce napsal(a):
On Wed, 2015-06-03 at 09:27 +0200, Martin Kosek wrote:
On 06/02/2015 08:34 PM, Simo Sorce wrote:
On Tue, 2015-06-02 at 12:04 +0200, Jan Cholasta wrote:
Dne 2.6.2015 v 02:02 Endi Sukma Dewata napsal(a):
On 5/28/2015 12:46 AM, Jan Cholasta wrote
Dne 3.6.2015 v 17:44 Martin Basti napsal(a):
On 03/06/15 15:21, Fraser Tweedale wrote:
On Wed, Jun 03, 2015 at 01:55:47PM +0200, Milan Kubik wrote:
On 06/03/2015 01:17 PM, Martin Basti wrote:
On 02/06/15 16:03, Jan Cholasta wrote:
Dne 2.6.2015 v 12:36 Martin Basti napsal(a):
On 02/06/15 11
Dne 2.6.2015 v 02:02 Endi Sukma Dewata napsal(a):
On 5/28/2015 12:46 AM, Jan Cholasta wrote:
On a related note, since KRA is optional, can we move the vaults
container to cn=kra,cn=vaults? This is the convetion used by the other
optional components (DNS and recently CA).
I mean cn=vaults,cn
: af8f44c86ab37d83b952c0f021c6509c48be7da8
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
with only the following?
-bash: bad: command not found
Can you split this patch into 2 separate patches for each ticket
please?
Done
Martin^2
--
Martin Basti
Thank you!
ACK and ACK.
Pushed to master: b98077ea6844eddd8810e4ae6ddd5bf40c61b58e
--
Jan Cholasta
--
Manage
') % name,
+ csv=True, alwaysask=True)
IMHO CSV values should not be supported.
Honza told me, the option doesn't work anyway.
Patch with minor fixes attached.
I removed unused code and PEP8 complains
Wrong thread :-)
--
Jan Cholasta
--
Manage your subscription for the Freeipa
changes to the other patchset (0001..0013)
since rebase.
Thanks,
Fraser
Thank you,
ACK
Martin^2
Pushed to master: 7f7c247bb5a4b0030d531f4f14c156162e808212
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Dne 25.5.2015 v 10:53 David Kupka napsal(a):
On 05/22/2015 05:59 PM, Martin Basti wrote:
Patch attached.
Thanks for patch. Works for me, ACK.
Pushed to master: 943c5391221fdeb6520e60d2f5b04ce41b085169
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https
Dne 11.5.2015 v 13:41 Jan Cholasta napsal(a):
Dne 6.5.2015 v 08:22 Jan Cholasta napsal(a):
Dne 6.5.2015 v 08:11 Martin Kosek napsal(a):
On 04/29/2015 06:25 PM, Jan Cholasta wrote:
Dne 20.4.2015 v 16:56 Jan Cholasta napsal(a):
Dne 20.4.2015 v 15:14 Martin Basti napsal(a):
On 17/04/15 16:15
to this mail or ask me
personally.
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Dne 29.5.2015 v 09:52 Martin Basti napsal(a):
On 28/05/15 16:28, Jan Cholasta wrote:
Hi,
the attached patches move ipa-server-install, ipa-replica-install and
ipa-server-upgrade into modules. This is part of
https://fedorahosted.org/freeipa/ticket/4468.
Honza
ACK
Thanks.
Pushed to master
Dne 29.5.2015 v 08:07 Nathaniel McCallum napsal(a):
On Fri, 2015-05-29 at 08:02 +0200, Jan Cholasta wrote:
Dne 28.5.2015 v 16:48 Nathaniel McCallum napsal(a):
On Thu, 2015-05-28 at 16:34 +0200, Christian Heimes wrote:
Jan has suggested to ipaConfigString=kdcProxyEnabled in
cn=KDC,cn=$FQDN,cn
is not a different application, but rather a subcomponent of KDC
in the other thread.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
of
major.minor logic we have in the topology plugin right now :-)
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Dne 28.5.2015 v 09:45 Christian Heimes napsal(a):
On 2015-05-28 07:32, Jan Cholasta wrote:
Dne 27.5.2015 v 16:01 Christian Heimes napsal(a):
On 2015-05-27 15:51, Nathaniel McCallum wrote:
As I understand the problem, there is an assumption that an optional
component has a distinct service
will never use this at all, and even then probably not
more than once or twice, so adding a ton of new commands seems like
major overkill to me.
rob
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute
.
Christian
So, will it be a separate component with its own freeipa-server-kdcproxy
subpackage and installer or will it be a sub-component of KDC (as Martin
suggested) and part of the core freeipa-server package?
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https
Dne 28.5.2015 v 13:56 Christian Heimes napsal(a):
On 2015-05-28 13:30, Jan Cholasta wrote:
Dne 28.5.2015 v 12:53 Christian Heimes napsal(a):
On 2015-05-28 12:46, Martin Kosek wrote:
I am fine with this too. So if there is not another major
disagreement, let us
start with enabling KDCPROXY
.
These checks are absolutely a critical blocker to enable the whole
domain-level feature.
IIUC this is already done, see commit
f3010498af2a4b98512d219b8e09101176c172fe.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa
Dne 27.5.2015 v 15:43 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 13:57 +0200, Jan Cholasta wrote:
ipa config-mod --enable-kdcproxy=TRUE
ipa config-mod --enable-kdcproxy=FALSE
I don't like this approach, as it is completely inconsistent with
every
other optional component
Dne 27.5.2015 v 13:34 Martin Kosek napsal(a):
On 05/27/2015 01:33 PM, Christian Heimes wrote:
On 2015-05-27 11:59, Martin Kosek wrote:
On 05/27/2015 11:53 AM, Alexander Bokovoy wrote:
On Wed, 27 May 2015, Martin Kosek wrote:
On 05/26/2015 05:40 PM, Jan Cholasta wrote:
Dne 22.5.2015 v 12:24
Dne 27.5.2015 v 14:47 Petr Vobornik napsal(a):
On 05/27/2015 01:57 PM, Jan Cholasta wrote:
Dne 27.5.2015 v 13:34 Martin Kosek napsal(a):
On 05/27/2015 01:33 PM, Christian Heimes wrote:
On 2015-05-27 11:59, Martin Kosek wrote:
On 05/27/2015 11:53 AM, Alexander Bokovoy wrote:
On Wed, 27 May
Dne 27.5.2015 v 07:39 Jan Cholasta napsal(a):
Dne 27.5.2015 v 02:38 Endi Sukma Dewata napsal(a):
Please take a look at the attached patch to add vault-archive/retrieve
commands.
On 4/20/2015 1:12 AM, Jan Cholasta wrote:
16) You do way too much stuff in vault_add.forward(). Only code that
must
Dne 27.5.2015 v 15:51 Nathaniel McCallum napsal(a):
On Wed, 2015-05-27 at 15:47 +0200, Jan Cholasta wrote:
Dne 27.5.2015 v 15:43 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 13:57 +0200, Jan Cholasta wrote:
ipa config-mod --enable-kdcproxy=TRUE
ipa config-mod --enable-kdcproxy=FALSE
is
configured to proxy requests to Tomcat.
If the IPA KDC proxy package is not installed on a replica, then going
to /KdcProxy will return 404, right? Why is an additional switch
necessary then?
My patch 0001 Provide Kerberos over HTTP (MS-KKDCP) has more details.
Christian
--
Jan
Dne 28.5.2015 v 07:43 Jan Cholasta napsal(a):
Dne 27.5.2015 v 07:39 Jan Cholasta napsal(a):
Dne 27.5.2015 v 02:38 Endi Sukma Dewata napsal(a):
Please take a look at the attached patch to add vault-archive/retrieve
commands.
On 4/20/2015 1:12 AM, Jan Cholasta wrote:
16) You do way too much
Dne 27.5.2015 v 15:54 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 15:47 +0200, Jan Cholasta wrote:
Dne 27.5.2015 v 15:43 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 13:57 +0200, Jan Cholasta wrote:
ipa config-mod --enable-kdcproxy=TRUE
ipa config-mod --enable-kdcproxy=FALSE
I
Dne 27.5.2015 v 02:38 Endi Sukma Dewata napsal(a):
Please take a look at the attached patch to add vault-archive/retrieve
commands.
On 4/20/2015 1:12 AM, Jan Cholasta wrote:
16) You do way too much stuff in vault_add.forward(). Only code that
must be done on the client needs to be there, i.e
Dne 25.5.2015 v 17:15 Tomas Babej napsal(a):
On 05/25/2015 12:42 PM, Tomas Babej wrote:
On 05/25/2015 07:30 AM, Jan Cholasta wrote:
Dne 22.5.2015 v 12:36 Petr Vobornik napsal(a):
On 05/22/2015 07:08 AM, Jan Cholasta wrote:
Dne 21.5.2015 v 18:18 Tomas Babej napsal(a):
On 05/19/2015 04
without
the DNS subsystem.
Patch attached.
https://fedorahosted.org/freeipa/ticket/4904
ACK
Pushed to master: 9eedffdfa62b4fa64244f048969b45b27a995c7a
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Dne 25.5.2015 v 16:07 Fraser Tweedale napsal(a):
On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote:
On 25/05/15 13:57, Martin Basti wrote:
On 25/05/15 09:20, Fraser Tweedale wrote:
On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
Dne 22.5.2015 v 15:53 Petr Vobornik
Dne 26.5.2015 v 13:54 Tomas Babej napsal(a):
On 05/26/2015 01:51 PM, Tomas Babej wrote:
On 05/26/2015 12:39 PM, Tomas Babej wrote:
On 05/26/2015 11:57 AM, Jan Cholasta wrote:
Dne 25.5.2015 v 17:15 Tomas Babej napsal(a):
On 05/25/2015 12:42 PM, Tomas Babej wrote:
On 05/25/2015 07
,$SUFFIX
https://fedorahosted.org/freeipa/ticket/4302 (maybe we could create a
different one)
minor update based on Honza's offline comments
Thanks, ACK.
Rebased and pushed to master: 41662eb9f02fc6bf1399508a13de8d6f18d7b3b1
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel
in
uninstallation crash and inability to install new server instance.
Thanks, ACK.
Added ticket URL and Pushed to master:
01fa05dd4ec7bd79abee8df0dd3642eabf138bcf
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa
://web.mit.edu/kerberos/krb5-current/doc/admin/https.html
[3] https://github.com/npmccallum/kdcproxy
[4] https://github.com/tiran/freeipa/compare/master...kdcproxy2
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Dne 20.5.2015 v 17:27 Jan Cholasta napsal(a):
Hi,
the attached patch implements the initial bits for
https://fedorahosted.org/freeipa/ticket/2888.
Test by running ipa-client-install and then ipa-replica-install on the
same host.
Updated patch attached.
--
Jan Cholasta
From
for details.
[3/38]: adding default schema
[4/38]: enabling memberof plugin
It would be nice to check if the socket exists before waiting for it.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute
Dne 21.5.2015 v 17:45 Endi Sukma Dewata napsal(a):
Please take a look at the new patch.
On 5/20/2015 1:53 AM, Jan Cholasta wrote:
I suppose you meant you're OK with not adding host vaults now?
Yes.
The only way to know if the design will be future proof is if we have at
least some idea how
forgot something or got it wrong, please correct me.
Whew, this mail got out of hand quickly. Anyway let the discussion begin!
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http
to master: 027515230a93a7a60983d3eca26a97a0d9c3610e
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Dne 25.5.2015 v 16:26 Fraser Tweedale napsal(a):
On Mon, May 25, 2015 at 03:56:46PM +0200, Martin Kosek wrote:
On 05/25/2015 03:13 PM, Jan Cholasta wrote:
Hi,
Dne 25.5.2015 v 14:55 Martin Babinsky napsal(a):
Hello all, long post ahead!
I became a proud owner of https://fedorahosted.org
to master: 6a4b428120c2e351ad0f1b4573f50b106844b1fd
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Dne 22.5.2015 v 12:36 Petr Vobornik napsal(a):
On 05/22/2015 07:08 AM, Jan Cholasta wrote:
Dne 21.5.2015 v 18:18 Tomas Babej napsal(a):
On 05/19/2015 04:07 PM, Tomas Babej wrote:
On 05/19/2015 03:59 PM, Martin Kosek wrote:
On 05/19/2015 03:56 PM, Tomas Babej wrote:
On 05/19/2015 03:51
Dne 20.5.2015 v 17:54 Martin Babinsky napsal(a):
On 05/20/2015 04:28 PM, Jan Cholasta wrote:
Hi,
the attached patch fixes a bug introduced in the fix for
https://fedorahosted.org/freeipa/ticket/4808 (reopened).
Honza
Works for me, ACK.
Thanks.
Pushed to:
master
should be named --domain-level (with a dash), for
consistency.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Dne 20.5.2015 v 07:56 Fraser Tweedale napsal(a):
On Wed, May 20, 2015 at 07:40:44AM +0200, Jan Cholasta wrote:
Dne 19.5.2015 v 13:50 Fraser Tweedale napsal(a):
On Tue, May 19, 2015 at 10:52:49AM +0200, Jan Cholasta wrote:
Dne 15.5.2015 v 14:27 Martin Basti napsal(a):
On 15/05/15 10:24
Dne 19.5.2015 v 16:40 Endi Sukma Dewata napsal(a):
Before I send another patch I have some questions below.
On 5/19/2015 3:27 AM, Jan Cholasta wrote:
I changed the 'host vaults' to become 'service vaults'. The interface
will look like this:
$ ipa vault-find --service HTTP/server.example.com
theirry
--
Jan Cholasta
From 7151ebe30cac7877b31c3a682730ff3c63561e9f Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 20 May 2015 08:12:07 +
Subject: [PATCH] User life cycle: provide preserved user virtual attribute
https://fedorahosted.org/freeipa/ticket/3813
/freeipa/ticket/5028
updated patch attached
Thanks. ACK
NACK, lint failed
Attaching patch that passes lint.
ACK
Pushed to master: 9d8ac395c00e48c95f8fdccbc05d43dd144f82ad
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman
Hi,
the attached patch fixes a bug introduced in the fix for
https://fedorahosted.org/freeipa/ticket/4808 (reopened).
Honza
--
Jan Cholasta
From c3bac104f2d04ff964e187e5f078d79ca3fb303f Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 20 May 2015 14:23:30 +
Dne 18.5.2015 v 21:17 Endi Sukma Dewata napsal(a):
Please take a look at the attached new patch which includes some of your
changes you proposed.
On 5/14/2015 7:17 PM, Endi Sukma Dewata wrote:
On 5/14/2015 1:42 PM, Jan Cholasta wrote:
Question: Services in IPA are identified by Kerberos
,
Fraser
On Wed, May 13, 2015 at 10:39:55AM +0200, Jan Cholasta wrote:
Dne 13.5.2015 v 10:36 Martin Basti napsal(a):
On 13/05/15 10:06, Jan Cholasta wrote:
Hi,
Dne 5.5.2015 v 10:38 Martin Basti napsal(a):
On 05/05/15 08:29, Fraser Tweedale wrote:
On Mon, May 04, 2015 at 06:35:45PM +0200, Martin
Dne 19.5.2015 v 13:50 Fraser Tweedale napsal(a):
On Tue, May 19, 2015 at 10:52:49AM +0200, Jan Cholasta wrote:
Dne 15.5.2015 v 14:27 Martin Basti napsal(a):
On 15/05/15 10:24, Fraser Tweedale wrote:
Please find attached latest patches including new patches:
- 0006 enable LDAP-based profiles
to uniqueness plugins were made just in master
branch so upgrade will not work correctly from master to newer master.
From IPA 4.1 to master should work as expected.
Patch attached.
Updated patch attached.
--
Martin Basti
ACK
Pushed to master: fbdfd688b9d04cfef3cd595a26c4cbf49f30e0f1
--
Jan
to:
master: ebd91461132d2aa7d5166d03ccfe7b0d49df2c8a
ipa-4-1: d7cfc1107bcd63eaa4c5282672c088dcbd1ebf9b
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute
Dne 19.5.2015 v 15:22 Tomas Babej napsal(a):
On 05/14/2015 11:48 AM, Jan Cholasta wrote:
Hi,
Dne 14.5.2015 v 11:00 Tomas Babej napsal(a):
Hi,
this patch implements the domain level feature.
https://fedorahosted.org/freeipa/ticket/5018
Tomas
1)
+# Create entry proclaiming Domain Level
Dne 15.5.2015 v 16:44 Martin Basti napsal(a):
On 14/05/15 15:16, Martin Basti wrote:
Required for new installers.
Patch attached.
Updated patch attached.
Thanks, ACK.
Pushed to master: ae9c3e2dce000ed185b28e2e6e85043ad8d001ed
--
Jan Cholasta
--
Manage your subscription for the Freeipa
Dne 13.5.2015 v 15:22 David Kupka napsal(a):
On 05/12/2015 02:44 PM, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/4904
Patches attached.
Works for me, ACK.
Pushed to master: 99c0b918a7cdf4ea6f24b4cbe687d9cafd21de24
--
Jan Cholasta
--
Manage your subscription
: 0167919ba88ef718e7b678380ebfe3ddb4566831
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Dne 19.5.2015 v 14:31 David Kupka napsal(a):
On 05/15/2015 04:41 PM, Martin Babinsky wrote:
On 05/15/2015 04:25 PM, Jan Cholasta wrote:
Dne 15.5.2015 v 16:16 Martin Babinsky napsal(a):
These two patches fix two issues reported by David Kupka in most recent
freeipa-master builds, which
to http://dx.doi.org/10.6028/NIST.SP.800-81-2
section 11.2.
Modified patch is attached.
Thank you for reviewing it :-)
ACK
Pushed to:
master: 96f6d6ca09922f56aa63cfdebc934bd9db0d3ed5
ipa-4-1: 9b7fe37c9d3a8a11c3485c73fd67f90298e793c5
--
Jan Cholasta
--
Manage your subscription for the Freeipa
801 - 900 of 2029 matches
Mail list logo