On 15.4.2013 21:16, Martin Kosek wrote:
Jan, can you please rebase the patch also for ipa-3-1? We will need to
fix this issue also for 3.1.
Yep.
--
Jan Cholasta
From eb97cc1e5fa6b1d2953b78c72e601e17a87be208 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 15 Apr 2013
Hi,
while rebasing patches 126 127 on top of ipa-3-1, I have noticed that
commit bceccbd6 uses new LDAP API, which is not available in 3.1. The
attached patch fixes this.
Honza
--
Jan Cholasta
From 19090a990a48934459ae66d7ce1443ce2c6fdbfd Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol
Hi,
this patch fixes https://fedorahosted.org/freeipa/ticket/3563.
Honza
--
Jan Cholasta
From 28b598053e74f53681f30a5e9f964bf61a48ba90 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 17 Apr 2013 15:14:01 +0200
Subject: [PATCH] Use correct zone when removing DNS
-6 and
later (see https://bugzilla.redhat.com/show_bug.cgi?id=953534).
Honza
--
Jan Cholasta
From ced80a4ec1fc0993472d9350289c817df554b18a Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 18 Apr 2013 18:06:54 +0200
Subject: [PATCH] Drop support for OpenSSH versions
On 19.4.2013 19:39, Rob Crittenden wrote:
Jan Cholasta wrote:
Also, this does not fix SSH integration not working on Fedora 18, as
that is caused by backward incompatiblity in openssh-server-6.1p1-6 and
later (see https://bugzilla.redhat.com/show_bug.cgi?id=953534).
FYI this bug was fixed
the changeConf call will fail when the file does not exist, we might
want to handle that gracefully.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 24.4.2013 14:54, Martin Kosek wrote:
On 04/24/2013 02:51 PM, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 23.4.2013 12:28, Tomas Babej wrote:
Hi,
We should respect already configured options present in
/etc/openldap/ldap.conf when generating our own configuration.
With this patch, we
On 25.4.2013 08:51, Martin Kosek wrote:
On 04/24/2013 08:02 PM, Rob Crittenden wrote:
Jan Cholasta wrote:
On 24.4.2013 14:54, Martin Kosek wrote:
On 04/24/2013 02:51 PM, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 23.4.2013 12:28, Tomas Babej wrote:
Hi,
We should respect already
or do we want to wrap this with a
conditional for some period?
I have changed the patch to add support for openssh 6.2 without dropping
support for older openssh versions. We can drop support for older
openssh versions in IPA 3.3. See attachment.
Honza
--
Jan Cholasta
From
think custom plugins is the way to go. But we should first make
installing user plugins easier (allow loading plugins from arbitrary
python packages - not just ipalib.plugins and friends - etc.)
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3600.
Honza
--
Jan Cholasta
From 834f04380c3d53496ed6bd36d42bb486fa8db9c8 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Fri, 3 May 2013 15:00:24 +0200
Subject: [PATCH] Fix creation of reverse records
On 3.5.2013 15:23, Martin Kosek wrote:
On 05/03/2013 03:03 PM, Jan Cholasta wrote:
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3600.
Honza
This would fix the behavior, yes. But I think that it would be even better to
fix add_ptr_rr function to avoid unconditionally
On 3.5.2013 15:38, Martin Kosek wrote:
On 05/03/2013 03:34 PM, Jan Cholasta wrote:
I don't see a point in doing this now. There are many occurences of
uncoditional fqdn+'.' in the code and the proper fix would be to get rid of
them all. I think this could be done in the scope of
https
the NotFound exception which causes the crash.
You can test it by installing IPA without --setup-dns and without
--external-ca on server1 and then installing a replica with --setup-dns
and without --setup-ca on server2. After this, ipa-ca record for server1
should be created.
Honza
--
Jan Cholasta
On 9.5.2013 17:57, Martin Kosek wrote:
On 05/09/2013 05:44 PM, Jan Cholasta wrote:
Sorry for this, but NACK. With this patch ipa-ca records are not created for
existing masters unless ipa-dns-install is run on a replica which has CA
configured. You should instead put the ldap.get_entries() call
is the idea behind this:
+replace:nsslapd-pluginarg2:userpassword::mail
why not use remove instead of replace?
Also please add the missing newline at the end of the update file.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel
On 3.6.2013 14:55, Martin Kosek wrote:
On 06/03/2013 01:32 PM, Jan Cholasta wrote:
Hi,
On 3.6.2013 13:10, Tomas Babej wrote:
Hi,
Default list of attributes that are checked with 7-bit plugin
for being 7-bit clean includes userPassword. Consecutively, one
is unable to set passwords
must be directly signed by the
CA trusted by IPA (specified by --root-ca-cert in ipa-server-install),
there may be no intermediate CAs, because ldapsearch and friends and
python-ldap don't like them.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
the
complete trust chain).
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 7.6.2013 15:17, John Dennis wrote:
On 06/07/2013 08:57 AM, Jan Cholasta wrote:
Yes, this is correct. The DS certificate must be directly signed by the
CA trusted by IPA (specified by --root-ca-cert in ipa-server-install),
there may be no intermediate CAs, because ldapsearch and friends
://fedorahosted.org/freeipa/ticket/3673
https://fedorahosted.org/freeipa/ticket/3674
https://fedorahosted.org/freeipa/ticket/3675
Honza
--
Jan Cholasta
From 75ffce804845cba828e4e95d1bc3540459299ddf Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 5 Jun 2013 14:47:31 +0200
On 7.6.2013 15:23, Dmitri Pal wrote:
On 06/07/2013 09:08 AM, Jan Cholasta wrote:
On 7.6.2013 14:54, Dmitri Pal wrote:
On 06/07/2013 08:26 AM, Martin Kosek wrote:
On 06/07/2013 02:04 PM, Dmitri Pal wrote:
On 06/07/2013 03:47 AM, freeipa wrote:
#3668: CA-less install fails when intermediate
On 7.6.2013 15:36, John Dennis wrote:
On 06/07/2013 09:26 AM, Jan Cholasta wrote:
On 7.6.2013 15:17, John Dennis wrote:
On 06/07/2013 08:57 AM, Jan Cholasta wrote:
Yes, this is correct. The DS certificate must be directly signed by the
CA trusted by IPA (specified by --root-ca-cert in ipa
On 14.6.2013 16:19, Jan Cholasta wrote:
Hi,
On 13.6.2013 14:16, Petr Viktorin wrote:
On 06/10/2013 04:48 PM, Petr Viktorin wrote:
On 05/31/2013 01:46 PM, Petr Viktorin wrote:
Apply on top of my patches 0227-0234.
These patches add an initial integration testing framework.
Patch 0230 adds
On 14.6.2013 16:01, Petr Viktorin wrote:
On 06/14/2013 03:20 PM, Jan Cholasta wrote:
Hi,
On 28.5.2013 17:55, Petr Viktorin wrote:
Hello,
Patch 0227 creates the freeipa-tests package.
As a system package, it needs a more unique name than tests, so I
renamed it to ipatests. I also changed
On 17.6.2013 14:39, Jan Cholasta wrote:
On 14.6.2013 16:01, Petr Viktorin wrote:
On 06/14/2013 03:20 PM, Jan Cholasta wrote:
Hi,
On 28.5.2013 17:55, Petr Viktorin wrote:
Hello,
Patch 0227 creates the freeipa-tests package.
As a system package, it needs a more unique name than tests, so I
On 17.6.2013 15:09, Jan Cholasta wrote:
On 17.6.2013 14:39, Jan Cholasta wrote:
On 14.6.2013 16:01, Petr Viktorin wrote:
On 06/14/2013 03:20 PM, Jan Cholasta wrote:
Hi,
On 28.5.2013 17:55, Petr Viktorin wrote:
Hello,
Patch 0227 creates the freeipa-tests package.
As a system package
On 17.6.2013 17:08, Petr Viktorin wrote:
We can fix individual out-of-tree failures later, the priority now is
that in-tree tests are not broken, and that the beakerlib plugin works.
Well, works just fine for me, so ACK.
Honza
--
Jan Cholasta
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3707.
Honza
--
Jan Cholasta
From bc3ecb7548c76c2ee181f090a851fa15e12dcbec Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 18 Jun 2013 08:57:12 +
Subject: [PATCH] Check trust chain length in CA
actually use LDAP, this is also ugly.
Please inherit from Plugin directly and create a new API namespace for
advises instead. And don't call the class Configuration, it's misleading
(Advise or Advisory is better IMHO).
Honza
--
Jan Cholasta
On 19.6.2013 16:09, Tomas Babej wrote:
On 06/19/2013 03:03 PM, Alexander Bokovoy wrote:
On Wed, 19 Jun 2013, Jan Cholasta wrote:
On 19.6.2013 14:47, Dmitri Pal wrote:
On 06/19/2013 08:02 AM, Tomas Babej wrote:
Do you have something particular in mind?
Tomas
-advice.
+
Is the --list option absolutely necessary? If I read your code
correctly, the list of advices is also returned when you run ipa-advise
without arguments.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
On 21.6.2013 09:16, Tomas Babej wrote:
I'm also thinking about propagating the --verbose, etc. options provided
by default by AdminTool down to plugin level so that plugin authors can
make use of them. What do you think?
+1
--
Jan Cholasta
the case, there should be a
--range-type option instead. (If not, I'd still go for --range-type but
that would just be bikeshedding.)
In any case I think an explicit 'auto' option would be nice.
But that's just an outsider's view, maybe --use-posix makes more sense.
+1
--
Jan Cholasta
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3750.
Honza
--
Jan Cholasta
From f6fbd4a2ef1db3fa543f37e87c10722379e21108 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 25 Jun 2013 08:31:56 +
Subject: [PATCH] Fix CA-less check in ipa-replica
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3705.
Honza
--
Jan Cholasta
From 873beb4d2ce268906f808f71af32919dec30928b Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 25 Jun 2013 08:41:46 +
Subject: [PATCH] Do not skip SSSD known hosts
On 26.6.2013 13:42, Martin Kosek wrote:
As 389-ds-base 1.3.1.1 requested in the ticket is already out, I think we
should revive these patches.
Martin
Rebased patch attached.
Honza
--
Jan Cholasta
From 7d971d66afd65ecb8e26507b83a7d1e50ab5fd3b Mon Sep 17 00:00:00 2001
From: Jan Cholasta
has no attribute
'container_entitlements'
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
147 fixes https://fedorahosted.org/freeipa/ticket/3743.
Honza
--
Jan Cholasta
From ddca9fbf73e985fb8a6e5ea43b0e2e68c957377b Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 25 Jun 2013 12:58:37 +
Subject: [PATCH 1/5] Use LDAP search instead of *group_show to check
On 27.6.2013 17:34, Rich Megginson wrote:
On 06/27/2013 09:31 AM, Jan Cholasta wrote:
The search is hard-coded in the referint plugin, see
https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/servers/plugins/referint/referint.c#n745.
Not sure if it makes sense to do a wildcard/substr
On 3.7.2013 22:11, Nathaniel McCallum wrote:
https://fedorahosted.org/freeipa/ticket/3766
If the directory doesn't exist, update_ssh_keys is no-op, so I would prefer
if not os.path.isdir(ssh_dir):
return
at the beginning of update_ssh_keys instead.
Honza
--
Jan Cholasta
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3736.
Honza
--
Jan Cholasta
From 9e18d5fb7a9c7d4e7604ca2788c087963fc2c0bb Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 3 Jul 2013 11:00:58 +0200
Subject: [PATCH] Skip cert issuer validation
Hi,
the attached patches fix https://fedorahosted.org/freeipa/ticket/3717.
Also added a small patch to fix a formatting issue with
installutils.read_password.
Honza
--
Jan Cholasta
From 6a1eedeb478dce9acced03cf3ee2a502384428a9 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
self.masters[0]
IndexError: list index out of range
Both the tests in test_simple_replication.py fail for me. I suspect it
is because the data isn't replicated fast enough, a little delay between
user-show and user-add might fix this.
Honza
--
Jan Cholasta
On 11.7.2013 11:58, Alexander Bokovoy wrote:
On Mon, 08 Jul 2013, Alexander Bokovoy wrote:
On Thu, 27 Jun 2013, Jan Cholasta wrote:
On 27.6.2013 17:34, Rich Megginson wrote:
On 06/27/2013 09:31 AM, Jan Cholasta wrote:
The search is hard-coded in the referint plugin, see
https
On 10.7.2013 17:50, Petr Viktorin wrote:
On 07/10/2013 02:03 PM, Jan Cholasta wrote:
make test seems to run fine with patches 230-242 applied, however
ipa-run-tests produces the following output:
[...Skipping nose output...]
I guess the location of the test certificate should be made
On 11.7.2013 20:51, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
the attached patches fix https://fedorahosted.org/freeipa/ticket/3717.
Also added a small patch to fix a formatting issue with
installutils.read_password.
Honza
Functionally ok but I found it very jarring the way
On 11.7.2013 14:10, Jan Cholasta wrote:
Hi,
this is the first batch of patches for
https://fedorahosted.org/freeipa/ticket/3641. It contains port of
ipa-server-certinstall to the admintool framework and fixes some bugs.
Note that there's still some work I have to do to make
ipa-server
On 11.7.2013 22:50, Rob Crittenden wrote:
Set the correct content-type on negotiated XML-RPC requests. It was
being set as text/plain when it should be text/xml.
rob
ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel
):
parser.error(All PKCS#12 options are required if any are used.)
This error message is somewhat misleading, since --pkinit-pkcs12 options
is not required.
Fixed.
Updated patches attached.
Honza
--
Jan Cholasta
From 6b21db9dc6c2cc3b7fb5a13877cbe8cb3aec1213 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol
On 15.7.2013 15:16, Martin Kosek wrote:
On 07/11/2013 12:15 PM, Alexander Bokovoy wrote:
On Thu, 11 Jul 2013, Jan Cholasta wrote:
We can add WebUI improvements later. I have some WIP, but I need to discuss
it with Petr first (he's away this week).
Ok.
The patchset is in ipa-3-2 as well now
simpler
might be better.)
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 15.7.2013 16:43, Petr Viktorin wrote:
On 07/11/2013 01:28 PM, Jan Cholasta wrote:
On 10.7.2013 17:50, Petr Viktorin wrote:
Yes, I believe that for the integration tests it's better to see what is
going on. Both for manual runs, and also this way the information is
more easily picked up
with your patch.
Updated patch attached.
ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3767.
Honza
--
Jan Cholasta
From 7b24c86d28eab5a24456be8a665b17ec09ffb1a7 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 17 Jul 2013 12:11:57 +
Subject: [PATCH] Run gpg-agent explicitly when
IOError as e:
raise ScriptError(Failed to open %s: %s % (ca_cert_name, e.strerror))
Can you please also check what happens if you pass non-existent filename
to --dirsrv_pkcs12 and --http_pkcs12?
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
On 17.7.2013 17:39, Ana Krivokapic wrote:
On 07/17/2013 04:57 PM, Jan Cholasta wrote:
Hi,
On 17.7.2013 16:38, Ana Krivokapic wrote:
Hello,
This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3785.
NACK, this results in an unnecessarily ugly error message [Errno 2
fixing a default argument of
LDAPClient.get_entries.
ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 18.7.2013 13:02, Ana Krivokapic wrote:
On 07/18/2013 09:25 AM, Jan Cholasta wrote:
On 17.7.2013 19:43, Ana Krivokapic wrote:
On 07/17/2013 06:04 PM, Jan Cholasta wrote:
On 17.7.2013 17:39, Ana Krivokapic wrote:
On 07/17/2013 04:57 PM, Jan Cholasta wrote:
Hi,
On 17.7.2013 16:38, Ana
On 18.7.2013 17:07, Martin Kosek wrote:
On 07/18/2013 04:53 PM, Jan Cholasta wrote:
Added patch which adds new hidden option no_members to suppress membership
processing for commands of all objects that have member attributes. This can be
used by the WebUI to prevent member lookups where
On 18.7.2013 17:26, Martin Kosek wrote:
On 07/18/2013 05:22 PM, Jan Cholasta wrote:
On 18.7.2013 17:07, Martin Kosek wrote:
On 07/18/2013 04:53 PM, Jan Cholasta wrote:
Added patch which adds new hidden option no_members to suppress membership
processing for commands of all objects that have
On 19.7.2013 13:10, Petr Vobornik wrote:
On 07/18/2013 05:29 PM, Jan Cholasta wrote:
On 18.7.2013 17:26, Martin Kosek wrote:
On 07/18/2013 05:22 PM, Jan Cholasta wrote:
On 18.7.2013 17:07, Martin Kosek wrote:
On 07/18/2013 04:53 PM, Jan Cholasta wrote:
Added patch which adds new hidden
On 22.7.2013 17:40, Simo Sorce wrote:
On Mon, 2013-07-22 at 17:36 +0200, Jan Cholasta wrote:
if nickname == 'subsystemCert cert-pki-ca':
-update_people_entry('pkidbuser', cert)
+update_people_entry(dogtag_uri, 'pkidbuser', cert)
This is probably wrong, there is no pkidbuser in old
://fedorahosted.org/freeipa/ticket/3808
Tomas
Please add a changelog entry.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 24.7.2013 13:52, Tomas Babej wrote:
On Wednesday 24 of July 2013 13:19:29 Jan Cholasta wrote:
Hi,
On 24.7.2013 12:40, Tomas Babej wrote:
Hi,
There was already a dependency in server package, however,
the correct place for such dependency is in freeipa-python,
since the relevant code using
. This update fixes them.
Patch 245:
Since you use tar -J, I think it might make sense to add tar and xz to
freeipa-tests requires.
Otherwise it looks good to me.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
this will prevent surprises in the future, because
it is absolutely clear that referrals are not followed.
IMO a comment is good enough. I don't think adding options that aren't
used anywhere is a good thing to do.
Honza
--
Jan Cholasta
___
Freeipa-devel
On 25.7.2013 12:23, Petr Viktorin wrote:
On 07/24/2013 03:46 PM, Petr Viktorin wrote:
On 07/24/2013 02:39 PM, Jan Cholasta wrote:
On 17.7.2013 14:45, Petr Viktorin wrote:
On 07/16/2013 05:25 PM, Petr Viktorin wrote:
This exposes tasks such as installation, uninstallation, clean-up
should
/ticket/3773
ACK.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
implementation details - something like Ignoring referral entry {ref}.
Also use str(original_attrs) as ref.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
.
Patch 158: OK
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 19.8.2013 17:53, Petr Viktorin wrote:
On 08/19/2013 03:50 PM, Jan Cholasta wrote:
On 19.8.2013 14:02, Petr Viktorin wrote:
Thanks!
I've read the patches and have some initial comments; I'll get to
functional testing (and writing related CA-less tests) right away.
The patches need a small
is that SSSD would execute an external
script to do the update when it detects changes, but I'm not sure how
well would that work with SELinux in the picture. Is there a better way
to do this?
Suggestions and ideas are welcome.
Honza
--
Jan Cholasta
that IPA client install does not configure certmonger
Instead of making a note in the commit, I would prefer if you deleted
the test case. There's no need to keep it if it's invalid, right?
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3778.
Honza
--
Jan Cholasta
From 3168b27ba841de568d0e4dc3ec53b5f92ee5300c Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 27 Aug 2013 07:57:07 +
Subject: [PATCH] Fix nsSaslMapping object class
step.
Honza
--
Jan Cholasta
From 06bfc67227b18182cf6e143cc297c7856554ad9e Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 27 Aug 2013 16:06:24 +
Subject: [PATCH 1/2] Add --dirman-password option to ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3869
On 27.8.2013 10:16, Petr Viktorin wrote:
On 08/26/2013 09:23 AM, Jan Cholasta wrote:
On 22.8.2013 09:46, Petr Viktorin wrote:
On 08/16/2013 07:13 PM, Petr Viktorin wrote:
On 07/30/2013 05:47 PM, Petr Viktorin wrote:
Hello,
This patch implements the first batch of integration tests for CA
On 28.8.2013 17:15, Petr Viktorin wrote:
On 08/28/2013 03:23 PM, Jan Cholasta wrote:
Thanks.
The service-disable and host-disable tests fail with AlreadyInactive,
because the certificate is removed with service-mod and host-mod in
earlier tests. I think the service and host command tests
On 28.8.2013 19:39, Petr Viktorin wrote:
On 08/28/2013 06:24 PM, Jan Cholasta wrote:
On 28.8.2013 17:15, Petr Viktorin wrote:
On 08/28/2013 03:23 PM, Jan Cholasta wrote:
Thanks.
The service-disable and host-disable tests fail with AlreadyInactive,
because the certificate is removed
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3886.
Honza
--
Jan Cholasta
From 90f08d568ecc085bc559c7565bb106e6e7415839 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 29 Aug 2013 08:44:43 +0200
Subject: [PATCH] Fix service-disable in CA-less
On 23.7.2013 18:26, Jan Cholasta wrote:
On 22.7.2013 17:40, Simo Sorce wrote:
On Mon, 2013-07-22 at 17:36 +0200, Jan Cholasta wrote:
if nickname == 'subsystemCert cert-pki-ca':
-update_people_entry('pkidbuser', cert)
+update_people_entry(dogtag_uri, 'pkidbuser', cert
On 29.8.2013 16:32, Jan Cholasta wrote:
On 23.7.2013 18:26, Jan Cholasta wrote:
On 22.7.2013 17:40, Simo Sorce wrote:
On Mon, 2013-07-22 at 17:36 +0200, Jan Cholasta wrote:
if nickname == 'subsystemCert cert-pki-ca':
-update_people_entry('pkidbuser', cert)
+update_people_entry
On 3.9.2013 18:16, Dmitri Pal wrote:
On 09/02/2013 04:49 AM, Petr Spacek wrote:
On 22.8.2013 15:43, Jan Cholasta wrote:
Hi,
I'm currently investigating support for multiple CA certificates in LDAP
(https://fedorahosted.org/freeipa/ticket/3259,
https://fedorahosted.org/freeipa/ticket/3520
users are mapped to entries in the directory
(https://fedorahosted.org/freeipa/ticket/3242), they can be handled more
or less the same way as internal users.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
for LDAP
and HTTP, but trust CA2 only to issue certificates for HTTP), but I'm
not sure how useful that would be in the real world.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
On 9.9.2013 15:36, Simo Sorce wrote:
On Mon, 2013-09-09 at 11:17 +0200, Jan Cholasta wrote:
Another question:
Should each IPA service (LDAP, HTTP, PKINIT) have its own distinctive
set of trusted CAs, or is using one set for everything good enough?
Using distinctive sets would allow granular
On 9.9.2013 16:05, John Dennis wrote:
On 09/09/2013 10:02 AM, Nalin Dahyabhai wrote:
On Mon, Sep 09, 2013 at 11:17:02AM +0200, Jan Cholasta wrote:
Should each IPA service (LDAP, HTTP, PKINIT) have its own
distinctive set of trusted CAs, or is using one set for everything
good enough? Using
On 9.9.2013 16:02, John Dennis wrote:
On 09/09/2013 05:17 AM, Jan Cholasta wrote:
Another question:
Should each IPA service (LDAP, HTTP, PKINIT) have its own distinctive
set of trusted CAs, or is using one set for everything good enough?
Using distinctive sets would allow granular control over
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/3915.
Honza
--
Jan Cholasta
From 2021327828cd4245a5a92fa9093f68d76e00e6b5 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 9 Sep 2013 08:15:11 +
Subject: [PATCH] Fix nsslapdPlugin object class
On 9.9.2013 17:54, Simo Sorce wrote:
On Mon, 2013-09-09 at 10:40 -0400, Rob Crittenden wrote:
Jan Cholasta wrote:
On 9.9.2013 16:02, John Dennis wrote:
On 09/09/2013 05:17 AM, Jan Cholasta wrote:
Another question:
Should each IPA service (LDAP, HTTP, PKINIT) have its own distinctive
set
radius CLI patches for details).
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 5.9.2013 10:28, Jan Cholasta wrote:
On 3.9.2013 18:16, Dmitri Pal wrote:
On 09/02/2013 04:49 AM, Petr Spacek wrote:
On 22.8.2013 15:43, Jan Cholasta wrote:
Hi,
I'm currently investigating support for multiple CA certificates in
LDAP
(https://fedorahosted.org/freeipa/ticket/3259,
https
'] =
self.api.Object.radius.get_dn(options['ipatokenradiusconfiglink'])
return super(user_find, self).args_options_2_entry(
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa
On 13.9.2013 10:53, Martin Kosek wrote:
On 09/13/2013 10:51 AM, Jan Cholasta wrote:
On 5.9.2013 10:28, Jan Cholasta wrote:
On 3.9.2013 18:16, Dmitri Pal wrote:
On 09/02/2013 04:49 AM, Petr Spacek wrote:
It reminds me problems with key-rotation for DNSSEC.
Could we find common problems
On 13.9.2013 10:07, Jan Cholasta wrote:
On 5.9.2013 06:25, Nathaniel McCallum wrote:
This patch has a few problems that I'd like some help with. There are a
few notes here as well.
1. The handling of the 'key' option is insecure. It should probably be
treated like a password (hidden from logs
On 13.9.2013 09:21, Jan Cholasta wrote:
Hi,
On 12.9.2013 22:48, Nathaniel McCallum wrote:
On Thu, 2013-09-05 at 00:06 -0400, Nathaniel McCallum wrote:
patch attached
Update for ./makeapi attached.
+if 'ipatokenradiusconfiglink' in entry_attrs:
+cl = entry_attrs
On 20.2.2013 17:37, Petr Viktorin wrote:
On 02/19/2013 01:51 PM, Jan Cholasta wrote:
Hi,
On 5.2.2013 18:02, Petr Viktorin wrote:
CIDict, our case-insensitive dictionary, inherits from dict but did not
reimplement the full dict interface. Calling the missing methods
silently invoked case
in host-add and host-mod.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
operates on top of a trust. I
think it should be renamed to better reflect this.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 20.9.2013 09:36, Alexander Bokovoy wrote:
On Fri, 20 Sep 2013, Jan Cholasta wrote:
On 19.9.2013 21:08, Alexander Bokovoy wrote:
Hi!
Attached patch adds IPA CLI to manage trust subdomains.
ipa trust-domain-fetch trust -- fetch list of subdomains from AD
side and add new ones to IPA
ipa
401 - 500 of 2029 matches
Mail list logo