Re: [Freeipa-devel] [PATCHES] 391-392 Make certificate renewal process synchronized

Dne 13.1.2015 v 18:47 David Kupka napsal(a): On 01/13/2015 12:17 PM, Jan Cholasta wrote: Hi, the attached patches fix <https://fedorahosted.org/freeipa/ticket/4803>. Note that if you want to test upgrades on CA-less, you need to apply my patch 390 as well: <https://www.redhat.com

Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands

;entry_attrs.single_value['idnsname'] = entry_attrs.single_value['idnsname'].make_absolute()" Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands

Dne 15.1.2015 v 14:58 Martin Basti napsal(a): On 15/01/15 14:25, Jan Cholasta wrote: Hi, Dne 15.1.2015 v 13:27 Martin Basti napsal(a): On 15/01/15 13:17, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4722 Patch attached. Fast fix. Updated patch attached. 1) Forward zone

Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands

Dne 15.1.2015 v 15:39 Martin Basti napsal(a): On 15/01/15 15:07, Jan Cholasta wrote: Dne 15.1.2015 v 14:58 Martin Basti napsal(a): On 15/01/15 14:25, Jan Cholasta wrote: Hi, Dne 15.1.2015 v 13:27 Martin Basti napsal(a): On 15/01/15 13:17, Martin Basti wrote: https://fedorahosted.org

Re: [Freeipa-devel] [PATCH] 390 Do not crash on unknown services in installutils.stopped_service

Dne 13.1.2015 v 18:55 Jan Cholasta napsal(a): Dne 13.1.2015 v 18:46 David Kupka napsal(a): On 01/13/2015 05:55 PM, Jan Cholasta wrote: Dne 13.1.2015 v 12:12 Jan Cholasta napsal(a): Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4835>. Honza Modified the

Re: [Freeipa-devel] [PATCH] 388 Remove RUV from LDIF files before using them in ipa-restore

Dne 13.1.2015 v 17:58 Jan Cholasta napsal(a): Dne 13.1.2015 v 17:44 Petr Vobornik napsal(a): On 01/12/2015 05:46 PM, Jan Cholasta wrote: Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4822>. Honza works for me, ACK Thanks, pushed to:

Re: [Freeipa-devel] [PATCH] 492 Add anonymous read ACI for DUA profile

for me, ACK. Pushed to: master: 0a7a8d66040f7a5f0e55da4b01e614dd9b569a00 ipa-4-1: b54b740f7903a0722930cc281ccb5a2bece45aef Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 395 Revert "Make all ipatokenTOTP attributes mandatory"

Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4833>. Honza -- Jan Cholasta >From f5e6e45977b699bada1990f8231d0f142ab6fc61 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 21 Jan 2015 07:57:03 + Subject: [PATCH] Revert "Make all ipatokenT

Re: [Freeipa-devel] [PATCH] 395 Revert "Make all ipatokenTOTP attributes mandatory"

Dne 21.1.2015 v 09:09 Martin Kosek napsal(a): On 01/21/2015 09:02 AM, Jan Cholasta wrote: Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4833>. Honza Please also add the reason why we are reverting the change (see details https://bugzilla.redhat.com/show_bug.

Re: [Freeipa-devel] [PATCHES 0187, 0188] DNSSEC ipa-dnskeysyncd fixes

? Patch 188: IMO it would be slightly better to do it like this: -name = name.relativize(dns.name.root) +if name != dns.name.root: +name = name.relativize(dns.name.root) Honza -- Jan Cholasta ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands

Dne 20.1.2015 v 12:49 Martin Basti napsal(a): On 15/01/15 16:07, Jan Cholasta wrote: Dne 15.1.2015 v 15:39 Martin Basti napsal(a): On 15/01/15 15:07, Jan Cholasta wrote: Dne 15.1.2015 v 14:58 Martin Basti napsal(a): On 15/01/15 14:25, Jan Cholasta wrote: Hi, Dne 15.1.2015 v 13:27 Martin

Re: [Freeipa-devel] [PATCHES 0187, 0188] DNSSEC ipa-dnskeysyncd fixes

Dne 23.1.2015 v 10:13 Martin Basti napsal(a): On 23/01/15 08:04, Jan Cholasta wrote: Hi, Dne 21.1.2015 v 13:39 Martin Basti napsal(a): Patch 188 catch ldap exceptions to prevent false positive abrt reports Patch 187 fixes issues with removing root zone Patches attached. Patch 187: Is

Re: [Freeipa-devel] [PATCHES 0187, 0188] DNSSEC ipa-dnskeysyncd fixes

Dne 23.1.2015 v 10:25 Martin Basti napsal(a): On 23/01/15 10:23, Jan Cholasta wrote: Dne 23.1.2015 v 10:13 Martin Basti napsal(a): On 23/01/15 08:04, Jan Cholasta wrote: Hi, Dne 21.1.2015 v 13:39 Martin Basti napsal(a): Patch 188 catch ldap exceptions to prevent false positive abrt reports

Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands

Dne 23.1.2015 v 15:51 Martin Basti napsal(a): On 23/01/15 08:22, Jan Cholasta wrote: Dne 20.1.2015 v 12:49 Martin Basti napsal(a): On 15/01/15 16:07, Jan Cholasta wrote: Dne 15.1.2015 v 15:39 Martin Basti napsal(a): On 15/01/15 15:07, Jan Cholasta wrote: Dne 15.1.2015 v 14:58 Martin Basti

[Freeipa-devel] [PATCH] 396 Create correct log directories during full restore in ipa-restore

Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4865>. Honza -- Jan Cholasta >From 2cdb9f96c94c146805f43f38b5b93d48c95eecdb Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 26 Jan 2015 10:39:48 + Subject: [PATCH] Create correct log directories du

[Freeipa-devel] [PATCH] 397 Do not crash when replica is unreachable in ipa-restore

Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4857>. Honza -- Jan Cholasta >From 6270155705249b6b6bcb4665156d73f2f14edb86 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Tue, 27 Jan 2015 07:38:06 + Subject: [PATCH] Do not crash when replica is unreachab

Re: [Freeipa-devel] [PATCH] 396 Create correct log directories during full restore in ipa-restore

Dne 26.1.2015 v 17:22 Martin Kosek napsal(a): On 01/26/2015 12:12 PM, Jan Cholasta wrote: Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4865>. Honza I tested the use case and log directories were properly created. So ACK, works for me. Martin Thanks. Pus

Re: [Freeipa-devel] [PATCHES 301-302] ID override sshpubkey handling

: 3b87302f5a280c044a8e6a8b4aa08a29e3b4b0d5 ipa-4-1: 0dc7448b3634be443806db45ffead57107213ad6 Your patches will latter go into ipa-4-2. +1 -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo

Re: [Freeipa-devel] [PATCH] 0003-2 User life cycle: new stageuser plugin with add verb

bject and an command. 3) This is purely subjective, but I don't like the name "deleteuser", as it has a verb in it. We usually don't do that and IMHO we shouldn't do that. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 398 Bump 389-ds-base and pki-ca dependencies for POODLE fixes

Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4653>. Honza -- Jan Cholasta >From 808f0bcfa15936dd573c9093c9fdf7d097512dad Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 12 Jan 2015 09:01:09 + Subject: [PATCH] Bump 389-ds-base and pki-ca depende

Re: [Freeipa-devel] [PATCH 0182] Fix pkcs11 python extension reference counting

2) In P11_Helper_find_keys, you sometimes return without decreasing reference count on result_list or any items it may contain. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0182] Fix pkcs11 python extension reference counting

Dne 10.2.2015 v 14:56 Martin Basti napsal(a): On 10/02/15 10:11, Jan Cholasta wrote: Hi, Dne 12.1.2015 v 13:11 Martin Basti napsal(a): Part of DNSSEC (https://fedorahosted.org/freeipa/ticket/4657) Patch attached. 1) In P11_Helper_set_attribute, the return value can be only Py_None or NULL

Re: [Freeipa-devel] [PATCH] 398 Bump 389-ds-base and pki-ca dependencies for POODLE fixes

Dne 9.2.2015 v 13:08 Martin Kosek napsal(a): On 02/09/2015 11:37 AM, Jan Cholasta wrote: Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4653>. Honza Thanks, I was looking for having this one completed. I just fired the builds for the updated deps in mkosek/f

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

hema update is separate from data update. (Rob?) 7) " keep --test option and fix the plugins which do not respect the option " Just a note, I believe this ticket is related: <https://fedorahosted.org/freeipa/ticket/3448>. Good work overall! Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

Dne 2.3.2015 v 12:23 Martin Kosek napsal(a): On 03/02/2015 07:49 AM, Jan Cholasta wrote: Hi, Dne 24.2.2015 v 19:10 Martin Basti napsal(a): Hello all, please read the design page, any objections/suggestions appreciated http://www.freeipa.org/page/V4/Server_Upgrade_Refactoring 1) " *

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

Dne 2.3.2015 v 13:51 Martin Basti napsal(a): On 02/03/15 13:12, Jan Cholasta wrote: Dne 2.3.2015 v 12:23 Martin Kosek napsal(a): On 03/02/2015 07:49 AM, Jan Cholasta wrote: Hi, Dne 24.2.2015 v 19:10 Martin Basti napsal(a): Hello all, please read the design page, any objections/suggestions

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

Dne 3.3.2015 v 09:06 Martin Basti napsal(a): On 03/03/15 07:31, Jan Cholasta wrote: Dne 2.3.2015 v 13:51 Martin Basti napsal(a): On 02/03/15 13:12, Jan Cholasta wrote: Dne 2.3.2015 v 12:23 Martin Kosek napsal(a): On 03/02/2015 07:49 AM, Jan Cholasta wrote: Hi, Dne 24.2.2015 v 19:10 Martin

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

Dne 3.3.2015 v 09:55 Martin Basti napsal(a): On 03/03/15 09:33, Jan Cholasta wrote: Dne 3.3.2015 v 09:06 Martin Basti napsal(a): On 03/03/15 07:31, Jan Cholasta wrote: Dne 2.3.2015 v 13:51 Martin Basti napsal(a): On 02/03/15 13:12, Jan Cholasta wrote: Dne 2.3.2015 v 12:23 Martin Kosek

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

Dne 3.3.2015 v 10:55 Martin Kosek napsal(a): On 03/03/2015 09:55 AM, Martin Basti wrote: On 03/03/15 09:33, Jan Cholasta wrote: Dne 3.3.2015 v 09:06 Martin Basti napsal(a): On 03/03/15 07:31, Jan Cholasta wrote: Dne 2.3.2015 v 13:51 Martin Basti napsal(a): On 02/03/15 13:12, Jan Cholasta

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

Dne 3.3.2015 v 10:58 Martin Kosek napsal(a): On 03/03/2015 09:36 AM, Petr Spacek wrote: On 3.3.2015 09:33, Jan Cholasta wrote: Dne 3.3.2015 v 09:06 Martin Basti napsal(a): On 03/03/15 07:31, Jan Cholasta wrote: Dne 2.3.2015 v 13:51 Martin Basti napsal(a): On 02/03/15 13:12, Jan Cholasta

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

Dne 3.3.2015 v 11:04 Petr Spacek napsal(a): On 3.3.2015 10:58, Martin Kosek wrote: On 03/03/2015 09:36 AM, Petr Spacek wrote: On 3.3.2015 09:33, Jan Cholasta wrote: Dne 3.3.2015 v 09:06 Martin Basti napsal(a): On 03/03/15 07:31, Jan Cholasta wrote: Dne 2.3.2015 v 13:51 Martin Basti napsal(a

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

Dne 3.3.2015 v 11:00 Martin Basti napsal(a): On 03/03/15 10:55, Jan Cholasta wrote: Dne 3.3.2015 v 09:55 Martin Basti napsal(a): On 03/03/15 09:33, Jan Cholasta wrote: Dne 3.3.2015 v 09:06 Martin Basti napsal(a): On 03/03/15 07:31, Jan Cholasta wrote: Dne 2.3.2015 v 13:51 Martin Basti

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

Dne 3.3.2015 v 12:08 Martin Kosek napsal(a): On 03/03/2015 11:06 AM, Jan Cholasta wrote: Dne 3.3.2015 v 11:04 Petr Spacek napsal(a): On 3.3.2015 10:58, Martin Kosek wrote: On 03/03/2015 09:36 AM, Petr Spacek wrote: On 3.3.2015 09:33, Jan Cholasta wrote: Dne 3.3.2015 v 09:06 Martin Basti

[Freeipa-devel] [PATCHES 399-401] Allow multiple API instances

Hi, the attached patches provide an attempt to fix <https://fedorahosted.org/freeipa/ticket/3090>. Patch 401 serves as an example and modifies ipa-advise to use its own API instance for Advice plugins. Honza -- Jan Cholasta >From 3715c9b4ca43eab6c5ad01b34cd1b14838241bde Mon Sep

Re: [Freeipa-devel] [PATCHES 399-401] Allow multiple API instances

Dne 3.3.2015 v 16:04 Tomas Babej napsal(a): On 03/03/2015 04:01 PM, Martin Kosek wrote: On 03/03/2015 03:49 PM, Jan Cholasta wrote: Hi, the attached patches provide an attempt to fix <https://fedorahosted.org/freeipa/ticket/3090>. Patch 401 serves as an example and modifies ipa-adv

Re: [Freeipa-devel] [PATCHES 399-401] Allow multiple API instances

Dne 3.3.2015 v 16:11 Martin Kosek napsal(a): On 03/03/2015 04:09 PM, Jan Cholasta wrote: Dne 3.3.2015 v 16:04 Tomas Babej napsal(a): On 03/03/2015 04:01 PM, Martin Kosek wrote: On 03/03/2015 03:49 PM, Jan Cholasta wrote: Hi, the attached patches provide an attempt to fix <ht

Re: [Freeipa-devel] [PATCH] 0040 Add realm name to backup header file.

from Honza. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Thanks, ACK! Pushed to: master: 4a20115ce8a3d90afec827d356edecc7834a0684 ipa-4-1: 253f9adae7968af8df8aab0ae2441d26112deb2b Honza -- Ja

Re: [Freeipa-devel] [PATCH] 0006 Limit deadlocks between DS plugin DNA and slapi-nis

Hi Thierry, Dne 4.3.2015 v 15:54 thierry bordaz napsal(a): https://fedorahosted.org/freeipa/ticket/4927 Thanks, ACK. Added ticket URL to commit message and pushed to: master: 6e00f7318230781debd9952c6f2a3d924f35688a ipa-4-1: 5c3611481a5e0a4974ee368c60b8ef9ca34ea38a Honza -- Jan Cholasta

Re: [Freeipa-devel] [PATCH] Password vault

pre_callback: try: ldap.get_entries(dn, scope=ldap.SCOPE_ONELEVEL, attrs_list=[]) except errors.NotFound: pass else: if not options.get('force', False): raise errors.NotAllowedOnNonLeaf() 27) Why are parent vaultcontainer objects aut

Re: [Freeipa-devel] [PATCHES 0015-0019] changes to the way host TGT is obtained using keytab

7;) ... return ccache_file (You don't need to prepend "FILE:", as it is the default ccache type.) Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Generic support for unknown DNS RR types (RFC 3597)

butes. The RFC is titled "Handling of *Unknown* DNS Resource Record (RR) Types". The word "generic" is used only when referring to encoding of RDATA. You even used "*unknown* DNS record, RFC 3597" as description of the attribute yourself. Make sure it is abundant

Re: [Freeipa-devel] [PATCHES 306-316] Automated migration tool from Winsync

in it. By convention, the AdminTool subclass should be named WinsyncMigrate, or the tool should be named ipa-migrate-winsync. Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [PATCH 0208] Respect --test option in upgrade plugins

they should. This is what the ticket (<https://fedorahosted.org/freeipa/ticket/3448>) requests and what should be done to make --test work for them. -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0208] Respect --test option in upgrade plugins

Dne 13.3.2015 v 12:08 Petr Spacek napsal(a): On 13.3.2015 12:01, Martin Basti wrote: On 13/03/15 11:55, Petr Spacek wrote: On 13.3.2015 11:34, Jan Cholasta wrote: Dne 13.3.2015 v 11:17 Martin Kosek napsal(a): On 03/13/2015 11:00 AM, Petr Spacek wrote: On 13.3.2015 10:42, Alexander Bokovoy

Re: [Freeipa-devel] [PATCHES 0015-0017] consolidation of various Kerberos auth methods in FreeIPA code

are trying to get rid of this circular dependency. Krb5Error is OK in this case. -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0003-3 User life cycle: new stageuser plugin with add verb

Dne 16.3.2015 v 12:06 David Kupka napsal(a): On 03/06/2015 07:30 PM, thierry bordaz wrote: On 02/19/2015 04:19 PM, Martin Basti wrote: On 19/02/15 13:01, thierry bordaz wrote: On 02/04/2015 05:14 PM, Jan Cholasta wrote: Hi, Dne 4.2.2015 v 15:25 David Kupka napsal(a): On 02/03/2015 11:50 AM

Re: [Freeipa-devel] [PATCH] extdom: return LDAP_NO_SUCH_OBJECT to the client

g = "Failed to handle the request.\n"; +} goto done; } -- 2.1.0 ACK. Pushed to master: 024463804c0c73e89ed76e709a838762a8302f04 and to ipa-4-1: c55632374d3b41e23521461667da1699a7264947 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH 142] extdom: fix memory leak

does not apply to the current master branch. Sumit, can you send a updated version? sure, new version attached. bye, Sumit Thanks, Tomas Thanks, Pushed to master: 8dac096ae3a294dc55b32b69b873013fd687e945 and to ipa-4-1: 179be3c222a9d27a147d5c0ff4be45e7def9b2d5 -- Jan Cholasta -- Manage

Re: [Freeipa-devel] [PATCH] 0003-3 User life cycle: new stageuser plugin with add verb

Dne 18.3.2015 v 19:39 thierry bordaz napsal(a): On 03/17/2015 08:01 AM, Jan Cholasta wrote: Dne 16.3.2015 v 12:06 David Kupka napsal(a): On 03/06/2015 07:30 PM, thierry bordaz wrote: On 02/19/2015 04:19 PM, Martin Basti wrote: On 19/02/15 13:01, thierry bordaz wrote: On 02/04/2015 05:14 PM

[Freeipa-devel] [PATCHES 404-407] client-install: Do not crash on invalid CA certificate in LDAP

Hi, the attached patches fix <https://fedorahosted.org/freeipa/ticket/4565>. Honza -- Jan Cholasta >From f4c02ff6105954115c1b46d874aed43bf52aa4c4 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Tue, 17 Mar 2015 09:28:47 + Subject: [PATCH 1/4] certstore: Make certificate retri

Re: [Freeipa-devel] [PATCHES 404-407] client-install: Do not crash on invalid CA certificate in LDAP

Dne 19.3.2015 v 15:24 David Kupka napsal(a): On 03/19/2015 10:20 AM, Jan Cholasta wrote: Hi, the attached patches fix <https://fedorahosted.org/freeipa/ticket/4565>. Honza Hi! Thanks for the patches. Both, client installer and ldap updater, now deal quite robustly with invalid or m

[Freeipa-devel] New installer PoC

parameters from which option parsers etc. can be generated. 5) Make installers plugable. This is not really apparent from the patch, since it only implements installer for a single component, but I plan to make the whole thing extensible by plugins. Honza -- Jan Cholasta >F

Re: [Freeipa-devel] Time-based account policies

we just have the admin pick the timezone themselves? Which time format would be best for both FreeIPA and SSSD? Thank you very much for you insights! Standa Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Password vault

Dne 11.3.2015 v 15:12 Endi Sukma Dewata napsal(a): Thanks for the review. New patch attached to be applied on top of all previous patches. Please see comments below. Thanks. I have replied to some of your comments below. On 3/6/2015 3:53 PM, Jan Cholasta wrote: Patch 353: 1) Please follow

Re: [Freeipa-devel] Time-based account policies

Dne 23.3.2015 v 20:17 Standa Láznička napsal(a): On 3/23/2015 10:10 AM, Jan Cholasta wrote: Hi, Dne 20.3.2015 v 13:30 Stanislav Láznička napsal(a): ... As for the local time - timezone in the tuple (time, timezone) would only say "Local Time", which can't be found in Olson

Re: [Freeipa-devel] Time-based account policies

Dne 24.3.2015 v 08:40 Martin Kosek napsal(a): On 03/24/2015 08:20 AM, Jakub Hrozek wrote: On Tue, Mar 24, 2015 at 08:07:53AM +0100, Martin Kosek wrote: On 03/24/2015 07:16 AM, Jan Cholasta wrote: Dne 23.3.2015 v 20:17 Standa Láznička napsal(a): ... Given the above, HBAC rules could contain

Re: [Freeipa-devel] [PATCH] 0003-3 User life cycle: new stageuser plugin with add verb

Dne 19.3.2015 v 13:07 thierry bordaz napsal(a): On 03/19/2015 07:37 AM, Jan Cholasta wrote: Dne 18.3.2015 v 19:39 thierry bordaz napsal(a): On 03/17/2015 08:01 AM, Jan Cholasta wrote: Dne 16.3.2015 v 12:06 David Kupka napsal(a): On 03/06/2015 07:30 PM, thierry bordaz wrote: On 02/19/2015 04

Re: [Freeipa-devel] Time-based account policies

Dne 24.3.2015 v 18:08 Stanislav Láznička napsal(a): On 03/24/2015 08:53 AM, Jan Cholasta wrote: Dne 24.3.2015 v 08:40 Martin Kosek napsal(a): On 03/24/2015 08:20 AM, Jakub Hrozek wrote: On Tue, Mar 24, 2015 at 08:07:53AM +0100, Martin Kosek wrote: On 03/24/2015 07:16 AM, Jan Cholasta wrote

Re: [Freeipa-devel] [PATCH 0023] enable debugging of spawned ntpd command during client install

s and I think it should stay that way. I would prefer to have an ipautil.run wrapper with debug flag using appropriate debugging option for each command where we need to conditionally enable debugging. Or just add the debugging option unconditionally to every command where it could be useful.

Re: [Freeipa-devel] Time-based account policies

Dne 24.3.2015 v 19:20 Simo Sorce napsal(a): On Tue, 2015-03-24 at 08:40 +0100, Martin Kosek wrote: On 03/24/2015 08:20 AM, Jakub Hrozek wrote: On Tue, Mar 24, 2015 at 08:07:53AM +0100, Martin Kosek wrote: On 03/24/2015 07:16 AM, Jan Cholasta wrote: Dne 23.3.2015 v 20:17 Standa Láznička

Re: [Freeipa-devel] Time-based account policies

r in this thread. I would be very keen on hearing your ideas and opinions on this one. Thanks! Standa -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Time-based account policies

Dne 26.3.2015 v 14:55 Martin Kosek napsal(a): On 03/26/2015 02:40 PM, Standa Láznička wrote: On 3/26/2015 1:24 PM, Martin Kosek wrote: On 03/26/2015 01:08 PM, Standa Láznička wrote: On 3/26/2015 11:13 AM, Jan Cholasta wrote: Dne 25.3.2015 v 18:25 Stanislav Láznička napsal(a): On 03/25/2015

Re: [Freeipa-devel] Time-based account policies

Dne 26.3.2015 v 16:47 Martin Kosek napsal(a): On 03/26/2015 04:39 PM, Simo Sorce wrote: On Thu, 2015-03-26 at 16:35 +0100, Martin Kosek wrote: On 03/26/2015 04:26 PM, Jan Cholasta wrote: [...] I don't see any point in storing time zone in the host object, if it's not used fo

Re: [Freeipa-devel] [PATCH 0042] Make lint work on Fedora 22.

ll the new disables really just false positives? tested on: - F21: ipa-4-1, master branch - F22: master branch. IMHO it could got to ipa-4-1 branch because of FreeIPA 4.1.4 in F22 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailma

Re: [Freeipa-devel] [PATCH 0043] Use mod_auth_gssapi instead of mod_auth_kerb.

dated patch attached. ACK tested on F22 - both CLI and Web UI -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0043-0045] Use mod_auth_gssapi instead of mod_auth_kerb.

Dne 30.3.2015 v 12:21 David Kupka napsal(a): On 03/30/2015 07:15 AM, Jan Cholasta wrote: Dne 28.3.2015 v 00:09 Petr Vobornik napsal(a): On 27.3.2015 15:26, David Kupka wrote: On 03/27/2015 03:14 PM, Rob Crittenden wrote: David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4190 To

Re: [Freeipa-devel] [PATCH 0043-0045] Use mod_auth_gssapi instead of mod_auth_kerb.

Dne 30.3.2015 v 13:13 Jan Cholasta napsal(a): Dne 30.3.2015 v 12:21 David Kupka napsal(a): On 03/30/2015 07:15 AM, Jan Cholasta wrote: Dne 28.3.2015 v 00:09 Petr Vobornik napsal(a): On 27.3.2015 15:26, David Kupka wrote: On 03/27/2015 03:14 PM, Rob Crittenden wrote: David Kupka wrote

Re: [Freeipa-devel] Use sessions for mod_auth_gssapi ?

re on Apache 1.3, and seesion support, mod_seesion, was not avaialble. Fairly certain the landscape has changed since then. -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeip

Re: [Freeipa-devel] [PATCH] 809 speed up convert_attribute_members

new_attr = '%s_%s' % (attr, ldap_obj.name) new_value = ldap_obj.get_primary_key_from_dn(memberdn) entry_attrs.setdefault(new_attr, []).append(new_value) Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing li

Re: [Freeipa-devel] [PATCH 0212] Server Upgrade: Fix comments

ctionaries which should be lists. Updated patch attached. -- Martin Basti Updated patch attached Thanks for the patch, LGTM, ACK. Pushed to master: b5e941d49b3571a3f257be645dabb429754c94b0 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.c

Re: [Freeipa-devel] [PATCH 0222] DNSSEC: do not log into files

: 1216da8b9f2100cacebbeb8fe2dd91e22b954ba7 ipa-4-1: e27b9d18cee86b7634a0ec23042985c23096098e -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0001] ipatests: port of p11helper test from github

"." I do not insist on this. Otherwise it works as expected. -- Martin Basti Milan Hello, I did few modifications: * new license header * PEP8 fixes * variables instead of magic constants for key labels an IDs Patch attached Do you accept my modifications? Martin^2 -- Martin

Re: [Freeipa-devel] [PATCH] 0001-2 ipatests: SOA record Maintenance tests

as expected. Martin^2 -- Martin Basti Thanks! - alich - Thank you, ACK. Pushed to: master: ca96ecbf40038d09814f99f19bf47246352dfa0c ipa-4-1: 8f94ac1e7c24b3bf33c5211d3e327c9a51390fb1 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0024] do not log BINDs to non-existent users as errors

Dne 30.3.2015 v 14:10 Petr Spacek napsal(a): On 25.3.2015 17:07, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4889 ACK Pushed to: master: 4192cce80eb22172696b11bf24457f7467b711fc ipa-4-1: ede3298fdf8092567b7cfec4053c0db45725f882 -- Jan Cholasta -- Manage your

Re: [Freeipa-devel] [PATCH 0021] fix improper handling of boolean option during KRA install

Dne 25.3.2015 v 16:48 Martin Basti napsal(a): On 17/03/15 17:51, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4530 ACK -- Martin Basti Pushed to master: c311af06f60cfdb73be9c0aecb9ddc559db1a055 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel

Re: [Freeipa-devel] [PATCH 0223] Fix ldap2 do not create shared instance by default

Hi, Dne 1.4.2015 v 17:16 Martin Basti napsal(a): Since API is not singleton anymore, ldap2 instance should not be shared between all APIs. Patch attached. Works for me. However, it's not the ldap2 instance that was shared, but rather the underlying LDAP connection. Honza -- Jan Cho

Re: [Freeipa-devel] [PATCH 0223] Fix ldap2 do not create shared instance by default

Dne 2.4.2015 v 14:18 Martin Basti napsal(a): On 02/04/15 14:11, Jan Cholasta wrote: Hi, Dne 1.4.2015 v 17:16 Martin Basti napsal(a): Since API is not singleton anymore, ldap2 instance should not be shared between all APIs. Patch attached. Works for me. However, it's not the ldap2 ins

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Dne 21.12.2011 14:32, Jan Cholasta napsal(a): Dne 2.12.2011 21:26, Alexander Bokovoy napsal(a): On Fri, 02 Dec 2011, Jan Cholasta wrote: I don't like the idea of introducing a new class every time we need a ReadOnly attribute to be writable. There's quite a few places in the code w

Re: [Freeipa-devel] [PATCH] 54 Fix attempted write to attribute of read-only object

Dne 21.12.2011 21:49, Alexander Bokovoy napsal(a): On Wed, 21 Dec 2011, Jan Cholasta wrote: Fixed cachedproperty so that the return value is cached per-instance instead of per-class. Updated patch attached. Works for me, thanks. Could you please do a favor and use the decorator syntax as

Re: [Freeipa-devel] [PATCHES] 59-65 SSH public key management

Dne 15.12.2011 22:03, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 7.12.2011 17:28, Jan Cholasta napsal(a): [PATCH] 65 Configure ssh and sshd during ipa-client-install. For ssh, VerifyHostKeyDNS option is enabled. For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM options

Re: [Freeipa-devel] [PATCH] 918, 919 update sudo schema

Dne 14.12.2011 16:21, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 14.12.2011 15:23, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 14.12.2011 05:20, Rob Crittenden napsal(a): The sudo schema now defines sudoOrder, sudoNotBefore and sudoNotAfter but these weren't available i

Re: [Freeipa-devel] Fwd: Type conversions

Dne 9.1.2012 16:01, John Dennis napsal(a): Forwarding to freeipa-devel where this should have gone in the first place ... Original Message Subject: Type conversions (was: enhancement tickets) Date: Mon, 09 Jan 2012 09:44:49 -0500 From: John Dennis To: Jan Cholasta CC: Rob

Re: [Freeipa-devel] [PATCH] 924 display both hex and decimal serial numbers

e client that it should format the value as a serial number. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 918, 919 update sudo schema

Dne 13.1.2012 17:39, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 14.12.2011 16:21, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 14.12.2011 15:23, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 14.12.2011 05:20, Rob Crittenden napsal(a): The sudo schema now defines sudoOrder

Re: [Freeipa-devel] [PATCH] 924 display both hex and decimal serial numbers

Dne 16.1.2012 18:37, Dmitri Pal napsal(a): On 01/16/2012 12:09 PM, Jan Cholasta wrote: Dne 13.1.2012 20:53, Rob Crittenden napsal(a): When viewing a certificate it will show the serial number as hex (dec). # ipa service-show HTTP/rawhide.example.com Principal: HTTP/rawhide.example

Re: [Freeipa-devel] [PATCH] 924 display both hex and decimal serial numbers

Dne 16.1.2012 22:02, Rob Crittenden napsal(a): Rob Crittenden wrote: Jan Cholasta wrote: Dne 13.1.2012 20:53, Rob Crittenden napsal(a): When viewing a certificate it will show the serial number as hex (dec). # ipa service-show HTTP/rawhide.example.com Principal: HTTP/rawhide.example

Re: [Freeipa-devel] [PATCH] 924 display both hex and decimal serial numbers

Dne 18.1.2012 00:04, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 16.1.2012 22:02, Rob Crittenden napsal(a): Rob Crittenden wrote: Jan Cholasta wrote: Dne 13.1.2012 20:53, Rob Crittenden napsal(a): When viewing a certificate it will show the serial number as hex (dec). # ipa service

Re: [Freeipa-devel] [PATCH] 932 Add support for storing MAC address in host entries.

entry_attrs['managedby'] = dn +entry_attrs['objectclass'].append('ieee802device') return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): Why do you add the objectclass here instead of adding it to host plugin'

Re: [Freeipa-devel] [PATCH] 932 Add support for storing MAC address in host entries.

Dne 23.1.2012 16:24, Martin Kosek napsal(a): On Mon, 2012-01-23 at 11:14 +0100, Jan Cholasta wrote: Dne 20.1.2012 21:15, Rob Crittenden napsal(a): macaddress is a multi-valued attribute and we allow multiple entries. This is from the objectclass ieee802device. This is added manually when doing

Re: [Freeipa-devel] [PATCHES] 59-65 SSH public key management

Dne 24.1.2012 23:11, Rob Crittenden napsal(a): Jan Cholasta wrote: I have updated and rebased the patches: [PATCH] 59 Add LDAP schema for SSH public keys. No changes. [PATCH] 60 Add LDAP ACIs for SSH public key schema. Requires patch 59. No changes. [PATCH] 61 Add support for SSH public

Re: [Freeipa-devel] [PATCH] 10 --no-reverse option in ipa-replica-install is not honoured

MO be closed as invalid. It is a case of people not reading documentation and then being surprised why things don't work the way they assumed. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 940 apply some validation to some classes only

not perform custom validation when referring to existing LDAP attribute values at all (or only partially), no matter what parameter and command. Fixing this would make the problem go away for all commands, present or future, without the need for adding a list of comm

Re: [Freeipa-devel] [PATCH] 940 apply some validation to some classes only

Dne 7.2.2012 15:15, Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 7.2.2012 09:27, Martin Kosek napsal(a): On Mon, 2012-02-06 at 11:52 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2012-02-03 at 16:58 -0500, Rob Crittenden wrote: There is some validation that we only need to

Re: [Freeipa-devel] [PATCHES] 59-65 SSH public key management

On 8.2.2012 04:23, Rob Crittenden wrote: Jan Cholasta wrote: Dne 7.2.2012 00:04, Rob Crittenden napsal(a): Jan Cholasta wrote: Updated & rebased the patches. I have also attached a patch that Rob made: [PATCH] Don't use sets when calculating the modlist so order is preserved. Th

Re: [Freeipa-devel] [PATCH] 940 apply some validation to some classes only

On 7.2.2012 20:25, Rob Crittenden wrote: Rob Crittenden wrote: Jan Cholasta wrote: Dne 7.2.2012 09:27, Martin Kosek napsal(a): On Mon, 2012-02-06 at 11:52 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2012-02-03 at 16:58 -0500, Rob Crittenden wrote: There is some validation that

Re: [Freeipa-devel] [PATCH] 940 apply some validation to some classes only

On 14.2.2012 16:44, Jan Cholasta wrote: On 7.2.2012 20:25, Rob Crittenden wrote: Rob Crittenden wrote: Jan Cholasta wrote: Dne 7.2.2012 09:27, Martin Kosek napsal(a): On Mon, 2012-02-06 at 11:52 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2012-02-03 at 16:58 -0500, Rob

Re: [Freeipa-devel] [PATCH] 202 Add reverse DNS record when forward is created

m foo ---ip-address=F:F:F:A::12 ---create-reverse ipa: ERROR: invalid 'record': cannot use IANA reserved IP address Martin I would prefer if there was a single --create-reverse option for both A and records, as it IMO makes more sense from user's point of

Re: [Freeipa-devel] [PATCH] 940 apply some validation to some classes only

On 14.2.2012 22:16, Rob Crittenden wrote: Jan Cholasta wrote: On 14.2.2012 16:44, Jan Cholasta wrote: On 7.2.2012 20:25, Rob Crittenden wrote: Rob Crittenden wrote: Jan Cholasta wrote: Dne 7.2.2012 09:27, Martin Kosek napsal(a): On Mon, 2012-02-06 at 11:52 -0500, Rob Crittenden wrote

Re: [Freeipa-devel] [PATCH] 940 apply some validation to some classes only

On 15.2.2012 15:33, Rob Crittenden wrote: Jan Cholasta wrote: On 14.2.2012 22:16, Rob Crittenden wrote: Jan Cholasta wrote: On 14.2.2012 16:44, Jan Cholasta wrote: On 7.2.2012 20:25, Rob Crittenden wrote: Rob Crittenden wrote: Jan Cholasta wrote: Dne 7.2.2012 09:27, Martin Kosek napsal(a

Re: [Freeipa-devel] [PATCH] 0015 Only split CSV strings once

V handling should be only done on the client. Unfortunately turning off CSV handling in the server will break the UI, which at places uses `join(',')` (no escaping commas, no single place to change it), even though it can just send a list. +1, but I'm not sure if that's acceptable

<    3   4   5   6   7   8   9   10   11   12   >