Re: [Freeipa-devel] [PATCH 428] client-install: Fix kinits with non-default Kerberos config file

On 05/20/2015 04:28 PM, Jan Cholasta wrote: Hi, the attached patch fixes a bug introduced in the fix for (reopened). Honza Works for me, ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redha

Re: [Freeipa-devel] [PATCH] 854 git ignore ipaplatform/__init__.py

On 05/20/2015 03:57 PM, Petr Vobornik wrote: This file is generated in `make version-update` added in 9f049ca14403f3696d54d186e6b1b15181f055df Yay no more warnings about untracked file! ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.red

Re: [Freeipa-devel] [PATCH 0036] merge KRA installation machinery to a single module

On 05/19/2015 08:23 PM, Martin Babinsky wrote: This patch is required for the installer ref@#$%&ing work (https://fedorahosted.org/freeipa/ticket/4468). It required quite a bit of hacking to get it work as expected, but I hope that it's not so bad. Requires PATCH 0035 "do

Re: [Freeipa-devel] Fix password changes via kadmin

-- Martin^3 Babinsky From 455ee89dc8d449732e7f27c6c5ccd542963bd74e Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 22 May 2015 17:23:00 +0200 Subject: [PATCH] common function to get salt types from LDAP --- daemons/ipa-kdb/ipa_kdb.c | 129 +- daemons/ipa-kdb/i

[Freeipa-devel] Yet another user certificates/Smart Card thread

Hello all, long post ahead! I became a proud owner of https://fedorahosted.org/freeipa/ticket/4238, and while Martin's design page (http://www.freeipa.org/page/V4/User_Certificates) brings a comprehensive overview of what should be done, there are still some gray areas we should address both

Re: [Freeipa-devel] Yet another user certificates/Smart Card thread

On 05/25/2015 03:56 PM, Martin Kosek wrote: On 05/25/2015 03:13 PM, Jan Cholasta wrote: Hi, Dne 25.5.2015 v 14:55 Martin Babinsky napsal(a): Hello all, long post ahead! I became a proud owner of https://fedorahosted.org/freeipa/ticket/4238, and while Martin's design page

Re: [Freeipa-devel] [PATCH 0036] merge KRA installation machinery to a single module

On 05/21/2015 10:16 AM, Martin Babinsky wrote: On 05/19/2015 08:23 PM, Martin Babinsky wrote: This patch is required for the installer ref@#$%&ing work (https://fedorahosted.org/freeipa/ticket/4468). It required quite a bit of hacking to get it work as expected, but I hope that it's n

[Freeipa-devel] tbabej's [PATCH 0324] replica-manage: properly delete nested entries

The attached patch contains fix for bug https://fedorahosted.org/freeipa/ticket/5019 which Tomas posted on freeipa-devel here: https://www.redhat.com/archives/freeipa-devel/2015-May/msg00045.html I have reviewed the patch and it works, so ACK. I have just changed the commit message to somethi

Re: [Freeipa-devel] [PATCH 0260] Server Upgrade: fix the remove statement

On 05/25/2015 03:10 PM, Martin Basti wrote: This fixes issue with the remove statement, which causes LDAP error, when the updater is trying to remove value from nonexistent entry. Reproducer: apply my patch mbasti-0256, install the IPA server without the DNS subsystem. Patch attached. https://f

[Freeipa-devel] [PATCH 0037] KRA: get the right dogtag version during server uninstall

instance. -- Martin^3 Babinsky From acf2ca89dc117ed4a6f963ec91ce87b37b10ea10 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Tue, 26 May 2015 11:21:45 +0200 Subject: [PATCH] KRA: get the right dogtag version during server uninstall Ensure that the correct version of dogtag is passed from API

[Freeipa-devel] [PATCH 0038] increase NSS memcache timeout for IPA server

https://fedorahosted.org/freeipa/ticket/4964 -- Martin^3 Babinsky From ef8481ee0267a720551832baae9398b435b3c6c5 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Tue, 26 May 2015 18:11:08 +0200 Subject: [PATCH] increase NSS memcache timeout for IPA server Increasing memcache timeout to 600

Re: [Freeipa-devel] [PATCH 0038] increase NSS memcache timeout for IPA server

On 05/27/2015 01:33 PM, Lukas Slebodnik wrote: On (27/05/15 13:25), Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4964 -- Martin^3 Babinsky From ef8481ee0267a720551832baae9398b435b3c6c5 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Tue, 26 May 2015 18:11:08 +0200

Re: [Freeipa-devel] Fix password changes via kadmin

On 05/25/2015 10:48 AM, Martin Babinsky wrote: On 04/06/2015 12:53 AM, Simo Sorce wrote: Fix for bug 4914. I've tested it locally and seem to do exactly what is needed. I couldn't detect any side effects, except that if you use kadmin to get a randomized password for a service then

Re: [Freeipa-devel] Fix password changes via kadmin

On 05/27/2015 04:33 PM, Martin Kosek wrote: On 05/27/2015 03:55 PM, Alexander Bokovoy wrote: On Wed, 27 May 2015, Simo Sorce wrote: On Wed, 2015-05-27 at 15:25 +0200, Martin Babinsky wrote: On 05/25/2015 10:48 AM, Martin Babinsky wrote: On 04/06/2015 12:53 AM, Simo Sorce wrote: Fix for bug

[Freeipa-devel] [PATCH 0039] ipa-kdb: common function to get key encodings/salt types

A small improvement upon simo's fix for https://fedorahosted.org/freeipa/ticket/4914 -- Martin^3 Babinsky From 51f8bcd716fbddf5913cd79ba574a396e0956f0d Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 22 May 2015 17:23:00 +0200 Subject: [PATCH] ipa-kdb: common function to ge

Re: [Freeipa-devel] KeyError raised upon replica installation

On 06/02/2015 12:09 PM, Oleg Fayans wrote: Hi all, The following error was caught during replica installation (I used all the latest patches from Ludwig and Martin Basti): root@localhost:/home/ofayans/rpms]$ ipa-replica-install --setup-ca --setup-dns --forwarder 10.38.5.26 /var/lib/ipa/replica-

Re: [Freeipa-devel] KeyError raised upon replica installation

On 06/02/2015 02:07 PM, Martin Babinsky wrote: On 06/02/2015 12:09 PM, Oleg Fayans wrote: Hi all, The following error was caught during replica installation (I used all the latest patches from Ludwig and Martin Basti): root@localhost:/home/ofayans/rpms]$ ipa-replica-install --setup-ca --setup

Re: [Freeipa-devel] [PATCH 0329] ipa-replica-manage: Do not allow topology altering commands

On 06/02/2015 02:10 PM, Tomas Babej wrote: Hi, With Domain Level 1 and above, the usage of ipa-replica-manage commands that alter the replica topology is deprecated. Following commands are prohibited: * connect * disconnect * del Upon executing any of these commands, users are pointed out to t

Re: [Freeipa-devel] Database error on replicas

On 06/03/2015 10:33 AM, Oleg Fayans wrote: Hi, With the latest freeipa code containing Topology plugin patches, I am unable to make any changes in replicas. I have the following topology: replica1 <=> master <=> replica3 Here is the output of the ipa topologysegment-find command: Suffix name:

Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands

On 05/26/2015 03:31 PM, Petr Vobornik wrote: On 05/26/2015 12:19 PM, Petr Vobornik wrote: this patch is based on top of my patch #856 and tbabej' s 325-9. Obsoletes Ludwig's 0006. ipalib part of topology management Design: - http://www.freeipa.org/page/V4/Manage_replication_topology https://

Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands

On 06/03/2015 10:52 AM, Martin Babinsky wrote: On 05/26/2015 03:31 PM, Petr Vobornik wrote: On 05/26/2015 12:19 PM, Petr Vobornik wrote: this patch is based on top of my patch #856 and tbabej' s 325-9. Obsoletes Ludwig's 0006. ipalib part of topology management Desi

Re: [Freeipa-devel] Database error on replicas

On 06/03/2015 11:11 AM, Oleg Fayans wrote: Jun 02 12:05:49 replica3.zaeba.li ns-slapd[2683]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available) Hmm, Ludwigs' PATCH 0007 should fix these errors, or am I mistaken? -- Martin^3 Bab

[Freeipa-devel] Topology plugin quirks

Hi everyone, I have been playing with the topology related patches and I have encountered a few issues that I would like to address in this thread: 1.) When replica install for whatever reason crashes _after_ the setup of replication agreements etc., it leaves the topology plugin with dangli

Re: [Freeipa-devel] Topology plugin quirks

core dump or scenario to reproduce the crash. With patch0009 ipa-replica-manage del worked for me I thing I have missed this patch before, I will test it again with patch 0009 applied. On 06/03/2015 11:37 AM, Martin Babinsky wrote: Hi everyone, I have been playing with the topology related

Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands

On 06/03/2015 01:34 PM, Petr Vobornik wrote: On 06/03/2015 10:59 AM, Martin Babinsky wrote: On 06/03/2015 10:52 AM, Martin Babinsky wrote: On 05/26/2015 03:31 PM, Petr Vobornik wrote: On 05/26/2015 12:19 PM, Petr Vobornik wrote: this patch is based on top of my patch #856 and tbabej' s

Re: [Freeipa-devel] [PATCH] 857 topology: ipa management commands

On 06/03/2015 03:53 PM, Petr Vobornik wrote: On 06/03/2015 02:38 PM, Martin Babinsky wrote: On 06/03/2015 01:34 PM, Petr Vobornik wrote: On 06/03/2015 10:59 AM, Martin Babinsky wrote: On 06/03/2015 10:52 AM, Martin Babinsky wrote: On 05/26/2015 03:31 PM, Petr Vobornik wrote: On 05/26/2015

Re: [Freeipa-devel] [PATCH] 822 webui: topology plugin

On 05/27/2015 04:14 PM, Petr Vobornik wrote: On 05/26/2015 12:22 PM, Petr Vobornik wrote: On 05/15/2015 01:50 PM, Petr Vobornik wrote: On 04/21/2015 04:09 PM, Petr Vobornik wrote: First iteration of Topology plugin Web UI. It reflects current state of topology plugin python part which is impl

Re: [Freeipa-devel] [PATCH] 822 webui: topology plugin

On 06/04/2015 01:23 PM, Petr Vobornik wrote: On 06/03/2015 06:51 PM, Martin Babinsky wrote: On 05/27/2015 04:14 PM, Petr Vobornik wrote: On 05/26/2015 12:22 PM, Petr Vobornik wrote: On 05/15/2015 01:50 PM, Petr Vobornik wrote: On 04/21/2015 04:09 PM, Petr Vobornik wrote: First iteration of

[Freeipa-devel] [PATCH 0040] generalize certificate creation during testing

Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Tue, 9 Jun 2015 10:06:53 +0200 Subject: [PATCH] generalize certificate creation during testing With added support for multiple certificates for hosts, services, and even users, IPA testing framework will need a more flexible way to generate

Re: [Freeipa-devel] with new cert profiles patches ipa-replica-prepare fails after update

On 06/04/2015 04:03 PM, Petr Vobornik wrote: - ipa-replica-prepare works - old IPA server was upgraded to today's master (with Cert profiles patches) - ipa-replica-prepare fails with: Log: ipa: DEBUG: approved_usage = SSL Server intended_usage = SSL Server ipa: DEBUG: cert valid True for "CN=re

Re: [Freeipa-devel] [PATCH] 863 move replications managers group to, cn=sysaccounts, cn=etc, $SUFFIX

On 06/08/2015 04:54 PM, Petr Vobornik wrote: On 06/04/2015 04:32 PM, Petr Vobornik wrote: https://fedorahosted.org/freeipa/ticket/4302 missed one occurrence. Updated patch attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redh

Re: [Freeipa-devel] [PATCH] 864 add entries required by topology plugin on update

On 06/04/2015 04:32 PM, Petr Vobornik wrote: requires patch 863 These entries were not added on upgrade from old IPA servers and on replica creation. https://fedorahosted.org/freeipa/ticket/4302 ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https:

Re: [Freeipa-devel] [PATCH] 868 rename topologysegment_refresh to topologysegment_reinitialize

On 06/10/2015 02:27 PM, Petr Vobornik wrote: https://fedorahosted.org/freeipa/ticket/5056 ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribu

Re: [Freeipa-devel] [PATCH] 870 disallow mod of topology segment nodes

On 06/10/2015 03:13 PM, Petr Vobornik wrote: Mod of segment end will be disallowed in topology plugin. Reasoning (by Ludwig): if we want to properly allow mods to change connectivity and endpoints, then we would need to check if the mod disconnects the topology, delete existing agreements, chec

Re: [Freeipa-devel] [PATCH] 871 webui: make topology suffices UI readonly

On 06/10/2015 03:25 PM, Petr Vobornik wrote: On 06/10/2015 03:24 PM, Petr Vobornik wrote: Admins should not modify topology suffices. They are created on install/upgrade. part of: https://fedorahosted.org/freeipa/ticket/4997 and with patch... ACK -- Martin^3 Babinsky -- Manage your subs

Re: [Freeipa-devel] [PATCH] 869 topology: restrict direction changes

On 06/10/2015 03:13 PM, Petr Vobornik wrote: topology plugin doesn't properly handle: - creation of segment with direction 'none' and then upgrade to other direction - downgrade of direction These situations are now forbidden in API. part of: https://fedorahosted.org/freeipa/ticket/4302 A

Re: [Freeipa-devel] [PATCH] 869 topology: restrict direction changes

On 06/11/2015 01:41 PM, Petr Vobornik wrote: On 06/11/2015 01:11 PM, Ludwig Krispenz wrote: On 06/11/2015 12:53 PM, Petr Vobornik wrote: On 06/11/2015 12:35 PM, Ludwig Krispenz wrote: On 06/11/2015 12:19 PM, Petr Vobornik wrote: On 06/11/2015 10:22 AM, Martin Babinsky wrote: On 06/10/2015

Re: [Freeipa-devel] [PATCH 0264] Server Upgrade: disconnect ldap2 connection before DS restart

On 06/10/2015 01:47 PM, Martin Basti wrote: Without this patch, upgrade may failed when api.Backend.ldap2 was connected before DS restart. Patch attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeip

Re: [Freeipa-devel] [PATCH] 875 topology: fix swapped topologysegment-reinitialize behavior

On 06/12/2015 04:19 PM, Petr Vobornik wrote: setting "nsds5BeginReplicaRefresh;left" to "start" reinintializes the right node and not the left node. This patch fixes API to match the behavior. part of: https://fedorahosted.org/freeipa/ticket/4302 ACK -- Martin^3 Babinsky -- Manage your subs

Re: [Freeipa-devel] [PATCH] 869 topology: restrict direction changes

On 06/11/2015 01:41 PM, Petr Vobornik wrote: On 06/11/2015 01:11 PM, Ludwig Krispenz wrote: On 06/11/2015 12:53 PM, Petr Vobornik wrote: On 06/11/2015 12:35 PM, Ludwig Krispenz wrote: On 06/11/2015 12:19 PM, Petr Vobornik wrote: On 06/11/2015 10:22 AM, Martin Babinsky wrote: On 06/10/2015

Re: [Freeipa-devel] [PATCH] 873-874 ipa-replica-manage: adjust del to work with managed topology

On 06/15/2015 10:57 AM, Petr Vobornik wrote: On 06/12/2015 04:18 PM, Petr Vobornik wrote: Some notes: 1. As mentioned in the WIP patch thread: original 'del' worked also with winsync agreements. I'm not sure why is that. Shouldn't 'disconnect' be used for winsync agreements? At least man page s

Re: [Freeipa-devel] [PATCH] 873-874 ipa-replica-manage: adjust del to work with managed topology

On 06/15/2015 02:15 PM, Petr Vobornik wrote: On 06/15/2015 01:46 PM, Martin Babinsky wrote: On 06/15/2015 10:57 AM, Petr Vobornik wrote: On 06/12/2015 04:18 PM, Petr Vobornik wrote: Some notes: 1. As mentioned in the WIP patch thread: original 'del' worked also with winsync agree

Re: [Freeipa-devel] [PATCH 0329] ipa-replica-manage: Do not allow topology altering commands

On 06/10/2015 07:23 PM, Petr Vobornik wrote: On 06/10/2015 04:39 PM, Petr Vobornik wrote: On 06/10/2015 04:06 PM, Petr Vobornik wrote: On 06/02/2015 02:24 PM, Ludwig Krispenz wrote: hi, is there a real replacement for "del", it is not in the scope of the topology commands, the removal of teh

Re: [Freeipa-devel] [PATCH 0039] ipa-kdb: common function to get key encodings/salt types

On 05/28/2015 02:55 PM, Simo Sorce wrote: On Thu, 2015-05-28 at 14:43 +0200, Martin Babinsky wrote: A small improvement upon simo's fix for https://fedorahosted.org/freeipa/ticket/4914 -- Martin^3 Babinsky LGTM. Simo. Anyone else to review this patch? It also incidentally fi

Re: [Freeipa-devel] [PATCHES 306-316] Automated migration tool from Winsync

On 05/06/2015 10:12 AM, Tomas Babej wrote: On 05/05/2015 02:02 PM, Tomas Babej wrote: On 04/29/2015 12:28 PM, Tomas Babej wrote: On 03/11/2015 04:20 PM, Jan Cholasta wrote: Hi, Dne 10.3.2015 v 16:35 Tomas Babej napsal(a): On 03/09/2015 12:26 PM, Tomas Babej wrote: Hi, this couple of

[Freeipa-devel] [PATCH 0041] add DS index for userCertificate attribute

Related to http://www.freeipa.org/page/V4/User_Certificates and https://fedorahosted.org/freeipa/ticket/4238 -- Martin^3 Babinsky From 2c5a37557d0d5e19bfe3119f71e3010e4b4454dc Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Tue, 16 Jun 2015 13:20:15 +0200 Subject: [PATCH] add DS index for

Re: [Freeipa-devel] [PATCH 0266] ipa-ca-install fix: reconnect ldap2 after DS restart

On 06/17/2015 02:28 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5064 Patch attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.

Re: [Freeipa-devel] [PATCH 0265] Server Upgrade: Create NIS server configuration during upgrade in off mode

On 06/11/2015 04:04 PM, Martin Basti wrote: Without this patch, upgrader shows the parent entry not found error. NIS Server plugin is disabled by default, must be enabled by ipa-nis-manage Patch attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing l

Re: [Freeipa-devel] [PATCH 0266] ipa-ca-install fix: reconnect ldap2 after DS restart

On 06/18/2015 03:53 PM, Martin Basti wrote: On 18/06/15 15:04, Martin Babinsky wrote: On 06/17/2015 02:28 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5064 Patch attached. ACK Rebased patch attached. ACK to rebased patch :). -- Martin^3 Babinsky -- Manage your

[Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

:00 2001 From: Martin Babinsky Date: Tue, 23 Jun 2015 13:42:45 +0200 Subject: [PATCH 4/4] test suite for user/host/service certificate management API commands These tests excercise various scenarios when using new class of API commands to add or remove certificates to user/service/host entries

Re: [Freeipa-devel] [PATCH 0037] Hide traceback in ipa-dnskeysyncd if kinit failed

On 06/23/2015 02:15 PM, Petr Spacek wrote: Hello, Hide traceback in ipa-dnskeysyncd if kinit failed. https://fedorahosted.org/freeipa/ticket/4657 ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 06/23/2015 01:49 PM, Martin Babinsky wrote: This patchset implements new API commands for manipulating user/host/service userCertificate attribute alongside some underlying plumbing. PATCH 0045 is a small test suite that I slapped together since manual testing of this stuff is very

Re: [Freeipa-devel] [PATCH 0267] Fix broken indicies

On 06/26/2015 05:50 PM, Martin Basti wrote: Patch fixes wrong value for ntUserDomainId and ntUniqueId indicies. Patch attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeI

Re: [Freeipa-devel] [PATCHES 448-460] Allow multiple API instances (take 2)

On 06/24/2015 05:21 PM, Jan Cholasta wrote: Hi, the attached patches fix and . Honza Hi Honza, everything seems to work except `ipa-replica-prepare` which raises the following exception: http://f

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 06/30/2015 12:04 PM, Jan Cholasta wrote: Dne 29.6.2015 v 10:36 Martin Babinsky napsal(a): On 06/23/2015 01:49 PM, Martin Babinsky wrote: This patchset implements new API commands for manipulating user/host/service userCertificate attribute alongside some underlying plumbing. PATCH 0045 is

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 06/30/2015 01:11 PM, Martin Babinsky wrote: On 06/30/2015 12:04 PM, Jan Cholasta wrote: Dne 29.6.2015 v 10:36 Martin Babinsky napsal(a): On 06/23/2015 01:49 PM, Martin Babinsky wrote: This patchset implements new API commands for manipulating user/host/service userCertificate attribute

Re: [Freeipa-devel] [PATCHES 448-460] Allow multiple API instances (take 2)

On 07/01/2015 09:30 AM, Jan Cholasta wrote: Dne 30.6.2015 v 12:37 Martin Babinsky napsal(a): On 06/24/2015 05:21 PM, Jan Cholasta wrote: Hi, the attached patches fix <https://fedorahosted.org/freeipa/ticket/3090> and <https://fedorahosted.org/freeipa/ticket/5073>. Honza

Re: [Freeipa-devel] [PATCHES 448-460] Allow multiple API instances (take 2)

On 07/01/2015 09:30 AM, Jan Cholasta wrote: Dne 30.6.2015 v 12:37 Martin Babinsky napsal(a): On 06/24/2015 05:21 PM, Jan Cholasta wrote: Hi, the attached patches fix <https://fedorahosted.org/freeipa/ticket/3090> and <https://fedorahosted.org/freeipa/ticket/5073>. Honza

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 06/30/2015 02:45 PM, Martin Babinsky wrote: On 06/30/2015 01:11 PM, Martin Babinsky wrote: On 06/30/2015 12:04 PM, Jan Cholasta wrote: Dne 29.6.2015 v 10:36 Martin Babinsky napsal(a): On 06/23/2015 01:49 PM, Martin Babinsky wrote: This patchset implements new API commands for manipulating

Re: [Freeipa-devel] [PATCHES 306-316] Automated migration tool from Winsync

On 06/30/2015 05:55 PM, Tomas Babej wrote: On 06/16/2015 01:01 PM, Jan Cholasta wrote: Dne 16.6.2015 v 10:14 Martin Babinsky napsal(a): On 05/06/2015 10:12 AM, Tomas Babej wrote: On 05/05/2015 02:02 PM, Tomas Babej wrote: On 04/29/2015 12:28 PM, Tomas Babej wrote: On 03/11/2015 04

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 07/01/2015 03:05 PM, Martin Babinsky wrote: On 06/30/2015 02:45 PM, Martin Babinsky wrote: On 06/30/2015 01:11 PM, Martin Babinsky wrote: On 06/30/2015 12:04 PM, Jan Cholasta wrote: Dne 29.6.2015 v 10:36 Martin Babinsky napsal(a): On 06/23/2015 01:49 PM, Martin Babinsky wrote: This

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 07/02/2015 11:12 AM, Martin Babinsky wrote: On 07/01/2015 03:05 PM, Martin Babinsky wrote: On 06/30/2015 02:45 PM, Martin Babinsky wrote: On 06/30/2015 01:11 PM, Martin Babinsky wrote: On 06/30/2015 12:04 PM, Jan Cholasta wrote: Dne 29.6.2015 v 10:36 Martin Babinsky napsal(a): On 06/23

Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk

On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedorahosted.org/freeipa/ticket/4768 self-NACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 07/02/2015 11:28 AM, Martin Babinsky wrote: On 07/02/2015 11:12 AM, Martin Babinsky wrote: On 07/01/2015 03:05 PM, Martin Babinsky wrote: On 06/30/2015 02:45 PM, Martin Babinsky wrote: On 06/30/2015 01:11 PM, Martin Babinsky wrote: On 06/30/2015 12:04 PM, Jan Cholasta wrote: Dne

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 07/02/2015 02:37 PM, Martin Babinsky wrote: On 07/02/2015 11:28 AM, Martin Babinsky wrote: On 07/02/2015 11:12 AM, Martin Babinsky wrote: On 07/01/2015 03:05 PM, Martin Babinsky wrote: On 06/30/2015 02:45 PM, Martin Babinsky wrote: On 06/30/2015 01:11 PM, Martin Babinsky wrote: On 06/30

Re: [Freeipa-devel] [PATCH] 892 webui: add mangedby tab to otptoken

On 07/01/2015 06:59 PM, Petr Vobornik wrote: Added managedby_user tab to manage users who can manage the token. https://fedorahosted.org/freeipa/ticket/5003 Nathaniel, I could not reproduce the following part of the ticket: """ Careful interaction is required here. In the current code, this als

Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk

On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedorahosted.org/freeipa/ticket/4768 Attaching reworked patch. -- Martin^3 Babinsky From 809a63b86f73cc041f28e223187337dd65f8b1fd Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 3 Jul 2015 12:21:09 +0200

Re: [Freeipa-devel] [PATCH 0023] enable debugging of spawned ntpd command during client install

On 03/30/2015 12:38 PM, Martin Babinsky wrote: On 03/26/2015 01:14 PM, Martin Kosek wrote: On 03/25/2015 04:18 PM, Jan Cholasta wrote: Hi, Dne 25.3.2015 v 15:26 Martin Babinsky napsal(a): The attached patch related to https://fedorahosted.org/freeipa/ticket/4931 Please make sure <ht

[Freeipa-devel] [PATCH 0047] ipa-ca-install: print more specific errors when CA is already installed

Fixes https://fedorahosted.org/freeipa/ticket/4492 -- Martin^3 Babinsky From 8c29064df3649db5784e96440bae3ae0ed19dcd3 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Wed, 15 Jul 2015 14:15:49 +0200 Subject: [PATCH] ipa-ca-install: print more specific errors when CA is already installed

[Freeipa-devel] [PATCH 0048] separate module to handle installation of AD trust related functionality

/4468 to the commit message, is it OK even if we formally closed the ticket? -- Martin^3 Babinsky From 17b6098981d764d776c5ed19be5697cdb46620ba Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Wed, 15 Jul 2015 15:44:19 +0200 Subject: [PATCH] separate module to handle installation of AD trust

Re: [Freeipa-devel] [PATCH 0048] separate module to handle installation of AD trust related functionality

On 07/15/2015 04:05 PM, Jan Cholasta wrote: Dne 15.7.2015 v 16:02 Martin Babinsky napsal(a): During investigation of https://fedorahosted.org/freeipa/ticket/3993 I have realized that I can do some guerilla ref*ctoring and move the guts of `ipa-adtrust-install` to separate module, as we did with

Re: [Freeipa-devel] [PATCH 0048] separate module to handle installation of AD trust related functionality

On 07/15/2015 04:19 PM, Martin Babinsky wrote: On 07/15/2015 04:05 PM, Jan Cholasta wrote: Dne 15.7.2015 v 16:02 Martin Babinsky napsal(a): During investigation of https://fedorahosted.org/freeipa/ticket/3993 I have realized that I can do some guerilla ref*ctoring and move the guts of `ipa

Re: [Freeipa-devel] [PATCHES 0279-0280] Backport index fixes into IPA 4.1

On 07/09/2015 01:50 PM, Martin Basti wrote: Backport following commits into IPA 4-1: 57fba7a56f88c517b3ebb03842f1cc18bc129ebb 16f47ed4520d4f89db39d1dc58be7a8efb1d8612 Patches attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://w

Re: [Freeipa-devel] [PATCH 0285] DNS: consolidate RR types in API and LDAP schema

On 07/17/2015 01:00 PM, Martin Basti wrote: On 15/07/15 18:13, Petr Spacek wrote: On 15.7.2015 17:39, Martin Basti wrote: On 15/07/15 17:38, Petr Spacek wrote: On 15.7.2015 17:33, Martin Basti wrote: On 15/07/15 16:03, Martin Basti wrote: On 15/07/15 15:39, Petr Vobornik wrote: On 07/15/201

Re: [Freeipa-devel] [PATCH 0274] DNS: Check if dns package is installed

On 07/17/2015 02:37 PM, Martin Basti wrote: On 03/07/15 09:03, Tomas Babej wrote: On 07/02/2015 02:03 PM, Petr Spacek wrote: On 2.7.2015 13:54, Jan Cholasta wrote: Dne 2.7.2015 v 13:34 Petr Spacek napsal(a): On 2.7.2015 12:57, Tomas Babej wrote: On 07/02/2015 08:50 AM, Petr Spacek wrote:

Re: [Freeipa-devel] [PATCH 0347] tests: vault_plugin: Skip tests if KRA not available

On 07/21/2015 06:03 PM, Tomas Babej wrote: Hi, the vault tests should be skipped in case the KRA is not available on the machine. Tomas ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute

Re: [Freeipa-devel] [PATCH 0344] tests: service_plugin: Make sure the cert is decoded from

On 07/21/2015 06:01 PM, Tomas Babej wrote: Hi, this patch fixes an issue in tests where the certificate was not decoded from base64 representation. Tomas ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeip

Re: [Freeipa-devel] [PATCH 0349] tests: test_cert: Services can have multiple certificates

On 07/21/2015 06:03 PM, Tomas Babej wrote: Hi, Old certificates of the services are no longer removed and revoked after new ones have been issued. Check that both old and new certificates are present. Tomas ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailin

[Freeipa-devel] [PATCH 0049] fix broken search for users by their manager

Fixes https://fedorahosted.org/freeipa/ticket/5146 -- Martin^3 Babinsky From 0f1cf3cc9b98a8ba1c3f3a1df990c0f717426806 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Thu, 23 Jul 2015 10:44:08 +0200 Subject: [PATCH] fix broken search for users by their manager The patch fixes incorrect

Re: [Freeipa-devel] [PATCH 0049] fix broken search for users by their manager

On 07/23/2015 11:18 AM, Tomas Babej wrote: On 07/23/2015 10:55 AM, Martin Babinsky wrote: Fixes https://fedorahosted.org/freeipa/ticket/5146 The patch fixes the mentioned issue. However, there is some code made redundant in stageuser_find.execute, which does the same thing, can you

[Freeipa-devel] [PATCH 0050] ACI plugin: correctly parse bind rules enclosed in parentheses

This is a quick fix for https://fedorahosted.org/freeipa/ticket/5037 -- Martin^3 Babinsky From 72ef56f5673152c91a1de571518d8ea232d35143 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Thu, 23 Jul 2015 15:45:35 +0200 Subject: [PATCH] ACI plugin: correctly parse bind rules enclosed in

Re: [Freeipa-devel] [PATCH] 905, 295 webui: add Kerberos configuration instructions for Chrome

On 07/27/2015 04:12 PM, Martin Basti wrote: On 27/07/15 13:52, Martin Basti wrote: On 27/07/15 12:06, Martin Basti wrote: On 22/07/15 14:00, Petr Vobornik wrote: * IE section moved at the end * Chrome section added * FF and IE icons removed https://fedorahosted.org/freeipa/ticket/823 ACK

Re: [Freeipa-devel] [PATCH 0050] ACI plugin: correctly parse bind rules enclosed in parentheses

On 07/27/2015 05:10 PM, Martin Basti wrote: On 23/07/15 16:06, Martin Babinsky wrote: This is a quick fix for https://fedorahosted.org/freeipa/ticket/5037 NACK I do not like your change in first regexp too much. Can you try this instead? PermPat = re.compile(r'(\w+)\s*\(([^()]*

[Freeipa-devel] [PATCH 0051] IPA server and replica installers can accept options from config file

hould '--config-file' automatically imply '--unattended'? There are probably other issues to discuss. Feel free to write email/ping me on IRC. -- Martin^3 Babinsky From 57685dfca56e5300d6c996ba6362c407b7b1a63b Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Wed, 22 Jul

Re: [Freeipa-devel] [PATCH 0051] IPA server and replica installers can accept options from config file

On 07/29/2015 01:25 PM, Jan Cholasta wrote: Dne 29.7.2015 v 12:20 Martin Babinsky napsal(a): Initial attempt to implement https://fedorahosted.org/freeipa/ticket/4517 Some points to discuss: 1.) name of the config entries: currently the option names are derived from CLI options but have

Re: [Freeipa-devel] [PATCH 0051] IPA server and replica installers can accept options from config file

On 07/30/2015 08:55 AM, Jan Cholasta wrote: Dne 29.7.2015 v 17:43 Petr Vobornik napsal(a): On 07/29/2015 05:13 PM, Martin Babinsky wrote: On 07/29/2015 01:25 PM, Jan Cholasta wrote: Dne 29.7.2015 v 12:20 Martin Babinsky napsal(a): Initial attempt to implement https://fedorahosted.org/freeipa

[Freeipa-devel] [PATCH 0052] store user certificates in 'userCertificate; binary' attributes

workarounds in pre/post callbacks of user-* commands in order to enforce this behavior. -- Martin^3 Babinsky From f3a35458271c3fd149eed752fe0815e61edf0cb4 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Mon, 3 Aug 2015 13:36:29 +0200 Subject: [PATCH] store certificates issued

Re: [Freeipa-devel] [PATCHES 0042-45] new commands for adding/removing certificates from entries

On 07/14/2015 03:22 PM, Milan Kubík wrote: On 07/02/2015 04:44 PM, Jan Cholasta wrote: Dne 2.7.2015 v 16:36 Martin Babinsky napsal(a): On 07/02/2015 02:37 PM, Martin Babinsky wrote: On 07/02/2015 11:28 AM, Martin Babinsky wrote: On 07/02/2015 11:12 AM, Martin Babinsky wrote: On 07/01/2015

Re: [Freeipa-devel] [PATCH 0052] store user certificates in 'userCertificate; binary' attributes

On 08/03/2015 02:46 PM, Jan Cholasta wrote: Dne 3.8.2015 v 14:14 Jan Cholasta napsal(a): Hi, Dne 3.8.2015 v 14:00 Martin Babinsky napsal(a): This patch fixes the inconsistency between storing certificates in 'userCertificate'/'userCertificate;binary' attribute for t

Re: [Freeipa-devel] [PATCH 0052] store user certificates in 'userCertificate; binary' attributes

On 08/03/2015 03:39 PM, Jan Cholasta wrote: Dne 3.8.2015 v 14:58 Martin Babinsky napsal(a): On 08/03/2015 02:46 PM, Jan Cholasta wrote: Dne 3.8.2015 v 14:14 Jan Cholasta napsal(a): Hi, Dne 3.8.2015 v 14:00 Martin Babinsky napsal(a): This patch fixes the inconsistency between storing

Re: [Freeipa-devel] [PATCH 0052] store user certificates in 'userCertificate; binary' attributes

On 08/03/2015 06:41 PM, Martin Babinsky wrote: On 08/03/2015 03:39 PM, Jan Cholasta wrote: Dne 3.8.2015 v 14:58 Martin Babinsky napsal(a): On 08/03/2015 02:46 PM, Jan Cholasta wrote: Dne 3.8.2015 v 14:14 Jan Cholasta napsal(a): Hi, Dne 3.8.2015 v 14:00 Martin Babinsky napsal(a): This patch

Re: [Freeipa-devel] [PATCH 0052] store user certificates in 'userCertificate; binary' attributes

On 08/04/2015 10:27 AM, Martin Babinsky wrote: On 08/03/2015 06:41 PM, Martin Babinsky wrote: On 08/03/2015 03:39 PM, Jan Cholasta wrote: Dne 3.8.2015 v 14:58 Martin Babinsky napsal(a): On 08/03/2015 02:46 PM, Jan Cholasta wrote: Dne 3.8.2015 v 14:14 Jan Cholasta napsal(a): Hi, Dne

[Freeipa-devel] Update of User Certificates design page

Hello list, I am working on the update of http://www.freeipa.org/page/V4/User_Certificates design page. For now I have edited the "Feature Management" and "Howto Test" sections. Since this is my first time writing/editing designs, there surely is a room for improvement. Feel free to send me

Re: [Freeipa-devel] [PATCH 0051] IPA server and replica installers can accept options from config file

On 08/03/2015 01:56 PM, Martin Babinsky wrote: On 07/30/2015 08:55 AM, Jan Cholasta wrote: Dne 29.7.2015 v 17:43 Petr Vobornik napsal(a): On 07/29/2015 05:13 PM, Martin Babinsky wrote: On 07/29/2015 01:25 PM, Jan Cholasta wrote: Dne 29.7.2015 v 12:20 Martin Babinsky napsal(a): Initial

[Freeipa-devel] [PATCH 0053] fix crash when installer with no positional arguments handles invalid options

This bug was discovered when writing tests for functionality introduced in my PATCH 0051. This patch should apply on top of PATCH 0051. -- Martin^3 Babinsky From 7b281ba47e4fec7da7eab4a861a7cbaceb2bd859 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Thu, 6 Aug 2015 14:19:52 +0200

Re: [Freeipa-devel] [PATCH 0053] fix crash when installer with no positional arguments handles invalid options

On 08/06/2015 02:35 PM, Jan Cholasta wrote: Hi, Dne 6.8.2015 v 14:29 Martin Babinsky napsal(a): This bug was discovered when writing tests for functionality introduced in my PATCH 0051. This patch should apply on top of PATCH 0051. This whole patch can be reduced to: except

[Freeipa-devel] [PATCH 0054] test suite for functionality implemented #4517

Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Wed, 22 Jul 2015 13:54:44 +0200 Subject: [PATCH] test suite for configuration of installers based on ConfigureTool Tests for new functionality introduced in https://fedorahosted.org/freeipa/ticket/4517 --- ipatests/test_install

Re: [Freeipa-devel] Update of User Certificates design page

On 08/04/2015 06:47 PM, Jan Pazdziora wrote: On Tue, Aug 04, 2015 at 05:39:01PM +0200, Martin Babinsky wrote: I am working on the update of http://www.freeipa.org/page/V4/User_Certificates design page. For now I have edited the "Feature Management" and "Howto Test" section

Re: [Freeipa-devel] [PATCH] 0033 Fix default CA ACL added during upgrade

On 08/07/2015 10:04 AM, Fraser Tweedale wrote: The attached patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=1251225 Thanks, Fraser ACK but please put a link to the upstream ticket into the commit message (https://fedorahosted.org/freeipa/ticket/5185) -- Martin^3 Babinsky -- Manage

Re: [Freeipa-devel] [PATCH] 0033 Fix default CA ACL added during upgrade

On 08/07/2015 12:43 PM, Fraser Tweedale wrote: On Fri, Aug 07, 2015 at 11:47:57AM +0200, Martin Babinsky wrote: On 08/07/2015 10:04 AM, Fraser Tweedale wrote: The attached patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=1251225 Thanks, Fraser ACK but please put a link to the

<    1   2   3   4   5   6   7   8   9   >