Re: [Freeipa-devel] [PATCH 0303] backup: back up hosts file

On 09/01/2015 04:28 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5275 Patch attached ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] fixing Kerberos principal aliases handling in IPA

Hi list, I own the following ticket https://fedorahosted.org/freeipa/ticket/3864 and I would like to clarify what needs to be done in order to make IPA to fully support multiple aliases per entry. So far I have identified these task based on the ticket comments and discussion with Simo way

Re: [Freeipa-devel] fixing Kerberos principal aliases handling in IPA

On 09/01/2015 04:53 PM, Simo Sorce wrote: On Tue, 2015-09-01 at 16:39 +0200, Martin Babinsky wrote: Hi list, I own the following ticket https://fedorahosted.org/freeipa/ticket/3864 and I would like to clarify what needs to be done in order to make IPA to fully support multiple aliases per

[Freeipa-devel] [PATCH PoC] proper support of kerberos principal aliases

913bc484c1d00d62a5ab7f31546fec87cc1b8c43 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Tue, 8 Sep 2015 18:01:57 +0200 Subject: [PATCH 8/8] add case-insensitive matching rule to krbprincipalname index Part of https://fedorahosted.org/freeipa/ticket/3864 --- install

Re: [Freeipa-devel] [PATCH 0311] tests: fix vault tests

On 09/08/2015 05:45 PM, Martin Basti wrote: Attached patch fixes vault tests. Tests work for me, ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] INFO: CA ACL test and kerberos usage in functional tests

On 09/10/2015 06:41 PM, Milan Kubík wrote: On 09/10/2015 06:36 PM, Alexander Bokovoy wrote: On Thu, 10 Sep 2015, Milan Kubík wrote: Hi list, before my PTO, I was trying to write a functional test for CA ACLs with the tracker along all other acceptance/functional tests. I wasn't successful,

Re: [Freeipa-devel] [PATCH 0086] Migrate OTP import script to python-cryptography

On 09/25/2015 07:05 PM, Nathaniel McCallum wrote: On Fri, 2015-09-25 at 18:29 +0200, Martin Babinsky wrote: On 09/25/2015 04:53 PM, Nathaniel McCallum wrote: On Mon, 2015-08-31 at 11:08 -0400, Nathaniel McCallum wrote: https://fedorahosted.org/freeipa/ticket/5192 -- Manage your subscription

Re: [Freeipa-devel] [PATCH 0066] fix for regression in ipa-restore

On 10/01/2015 02:18 PM, Martin Kosek wrote: On 09/29/2015 03:27 PM, David Kupka wrote: On 25/09/15 18:13, Martin Babinsky wrote: fixes https://fedorahosted.org/freeipa/ticket/5328 Fixes the issue for me, ACK. Just checking - what is the impact here, will ipa-restore still work

Re: [Freeipa-devel] [PATCH 0067] ipa-server-install: mark master_password Knob as deprecated

On 10/01/2015 02:49 PM, Martin Babinsky wrote: Pave Picka found out that the fix for https://fedorahosted.org/freeipa/ticket/4516 was partially undone during 4.2 installer rectofaring efforts. This one-liner should fix it for good (or at least until we move the code around again). created

[Freeipa-devel] [PATCH 0068] backup/restore CI TESTS: re-kinit after ipa-restore in some tests

Babinsky From 18b7f256c94f0becff8511f338ae5c32d961f6db Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Wed, 23 Sep 2015 12:47:13 +0200 Subject: [PATCH] re-kinit after ipa-restore in backup/restore CI tests In FreeIPA CI-tests the install_master task automat

Re: [Freeipa-devel] [PATCH 0065] CI test for IPA install/backup/uninstall/install/restore scenario

On 09/23/2015 12:53 PM, Martin Babinsky wrote: CI test for full IPA restore into a running IPA server self-NACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http

[Freeipa-devel] [PATCH 0065] CI test for IPA install/backup/uninstall/install/restore scenario

Should help to catch bugs like https://fedorahosted.org/freeipa/ticket/5296 -- Martin^3 Babinsky From e515bc3aff47ac83807f2ae0b625e0ef8291b7c9 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Mon, 21 Sep 2015 09:58:38 +0200 Subject: [PATCH] CI test for full IPA r

Re: [Freeipa-devel] [PATCHES 0370-0371] winsync-migrate: Handle invalid characters in the names of IPA entities

On 09/23/2015 04:56 PM, Jan Cholasta wrote: On 23.9.2015 16:52, Martin Babinsky wrote: On 09/23/2015 01:39 PM, Tomas Babej wrote: Hi, this fixes https://fedorahosted.org/freeipa/ticket/5319. Details in the commit messages. Tomas ACK The patches need to be rebased on top of ipa-4-2

Re: [Freeipa-devel] [PATCH 494] install: create kdcproxy user during server install

On 09/23/2015 01:37 PM, Jan Cholasta wrote: On 23.9.2015 12:49, Christian Heimes wrote: On 2015-09-23 12:40, Jan Cholasta wrote: On 23.9.2015 11:44, Christian Heimes wrote: On 2015-09-23 10:54, Jan Cholasta wrote: Correction, the HTTP server works, but it spits lots of errors in error_log

Re: [Freeipa-devel] [PATCHES 0370-0371] winsync-migrate: Handle invalid characters in the names of IPA entities

On 09/23/2015 01:39 PM, Tomas Babej wrote: Hi, this fixes https://fedorahosted.org/freeipa/ticket/5319. Details in the commit messages. Tomas ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 466-468] install: Add common base class for server and replica install

On 09/16/2015 10:44 AM, Jan Cholasta wrote: On 16.9.2015 08:11, Jan Cholasta wrote: On 15.9.2015 07:22, Jan Cholasta wrote: On 10.8.2015 16:58, Martin Babinsky wrote: On 08/06/2015 08:22 AM, Jan Cholasta wrote: Hi, the attached patch fixes part of <https://fedorahosted.org/freeipa/tic

[Freeipa-devel] [PATCH 0064] destroy httpd ccache after stopping the service

This patch fixes https://fedorahosted.org/freeipa/ticket/5296 and generally makes cleaning up of httpd ccache more thorough. -- Martin^3 Babinsky From 02ec4a4d080a1dab28d14fa46a037ef1731431fb Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Wed, 16 Sep 2015 18

Re: [Freeipa-devel] [PATCH 494] install: create kdcproxy user during server install

On 09/22/2015 01:33 PM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to

[Freeipa-devel] [PATCHES 0069-0077] support for proper Kerberos principal canonicalization

. I will try to send some tests for the patches later this week. Please review the hell out of them. -- Martin^3 Babinsky From 4832fa024a3083f6cce3c151ab29ae99a696fcf1 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 2 Oct 2015 18:05:03 +0200 Subject: [PATCH

Re: [Freeipa-devel] [PATCH 0387] custodia: Make sure container is created with first custodia

On 11/27/2015 05:13 PM, Tomas Babej wrote: On 11/27/2015 05:04 PM, Martin Babinsky wrote: On 11/27/2015 04:25 PM, Tomas Babej wrote: Hi, If a first 4.3+ replica is installed in the domain, the custodia container does not exist. Make sure it is created to avoid failures during key generation

Re: [Freeipa-devel] [PATCH 0387] custodia: Make sure container is created with first custodia

On 11/27/2015 04:25 PM, Tomas Babej wrote: Hi, If a first 4.3+ replica is installed in the domain, the custodia container does not exist. Make sure it is created to avoid failures during key generation. https://fedorahosted.org/freeipa/ticket/5474 The patch works as advertised, but I'm

[Freeipa-devel] [PATCH 0113] properly add ACIs to custodia container during IPA upgrade

fixes https://fedorahosted.org/freeipa/ticket/5524 -- Martin^3 Babinsky From fbcade73e29eb486bc5c2970bc8ba2d147db81eb Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Tue, 8 Dec 2015 09:51:09 +0100 Subject: [PATCH] properly add ACIs to custodia container duri

Re: [Freeipa-devel] [PATCH 0364, 0367] ipa-kra-install: allow first KRA to be installed on replica

On 12/02/2015 05:24 PM, Martin Basti wrote: On 02.12.2015 14:52, Martin Babinsky wrote: On 11/30/2015 06:29 PM, Martin Basti wrote: On 30.11.2015 14:16, Martin Babinsky wrote: On 11/27/2015 05:02 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5460 I tested just master

Re: [Freeipa-devel] [PATCH 0364, 0367] ipa-kra-install: allow first KRA to be installed on replica

On 11/30/2015 07:24 PM, Simo Sorce wrote: On Mon, 2015-11-30 at 19:22 +0100, Martin Basti wrote: On 30.11.2015 19:20, Simo Sorce wrote: On Mon, 2015-11-30 at 18:29 +0100, Martin Basti wrote: On 30.11.2015 14:16, Martin Babinsky wrote: On 11/27/2015 05:02 PM, Martin Basti wrote: https

Re: [Freeipa-devel] [PATCH 0111] prevent crashes of server uninstall check caused by failed, 5 LDAP connections

On 12/04/2015 08:49 PM, Rob Crittenden wrote: Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5409 Should it also warn about the potential loss of the DNSSEC master? rob Probably, but that warrants a separate ticket IMHO. IIRC these checks are a part of replica deletion

Re: [Freeipa-devel] [PATCH 0369] Force creation of service during replica install

On 12/06/2015 09:45 PM, Martin Basti wrote: Replica install should not fail due a missing A record, if there are proper entries in hosts. Patch attached. ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [PATCH 0114] harden domain level 1 topology connectivity checks

A sort of auxilliary patch which makes topology checks more resistant to https://fedorahosted.org/freeipa/ticket/5526 If required I will open a separate ticket for it though. -- Martin^3 Babinsky From 6b722203ba9442559b1311be63b8b05b862af084 Mon Sep 17 00:00:00 2001 From: Martin Babinsky

[Freeipa-devel] [PATCH 0115] fix error message assertion in negative forced client reenrollment tests

, but the positive cases are broken there due to https://fedorahosted.org/freeipa/ticket/5528 -- Martin^3 Babinsky From eb152f6996a8b653d8676ade826e806898fdf556 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Tue, 8 Dec 2015 17:00:11 +0100 Subject: [PATCH] fix error m

Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not

On 12/08/2015 04:53 PM, Tomas Babej wrote: On 12/08/2015 02:28 PM, Tomas Babej wrote: Hi, The old 'realm' topology suffix is no longer used, however, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca'

Re: [Freeipa-devel] [PATCH 0385] replicainstall: Add possiblity to install client in one

On 12/01/2015 04:33 PM, Jan Cholasta wrote: On 1.12.2015 16:19, Tomas Babej wrote: On 12/01/2015 08:19 AM, Jan Cholasta wrote: On 30.11.2015 19:17, Simo Sorce wrote: On Mon, 2015-11-30 at 12:25 +0100, Tomas Babej wrote: +# Perform only if we have the necessary options +if not

Re: [Freeipa-devel] [PATCH 558] Allow disabling requireing preauth by default for Service Principal Names

On 12/01/2015 10:08 PM, Simo Sorce wrote: On Tue, 2015-12-01 at 15:59 +0100, Martin Babinsky wrote: On 11/30/2015 07:42 PM, Simo Sorce wrote: On Wed, 2015-11-25 at 10:33 +0100, Martin Babinsky wrote: On 11/24/2015 10:20 PM, Simo Sorce wrote: This addresses #3860, giving admins the option

Re: [Freeipa-devel] [PATCH 0096] check whether replica exists before executing the domain level 1 deletion code

On 12/04/2015 05:12 PM, Petr Vobornik wrote: On 12/01/2015 09:18 AM, Martin Basti wrote: On 18.11.2015 13:25, Martin Babinsky wrote: Additional fix for https://fedorahosted.org/freeipa/ticket/5424 In current implementation the topology suffices are checked first and after that the error

[Freeipa-devel] [PATCH 0112] CI tests: ignore disconnected domain level 1 topology on IPA master teardown

This patch should fix teardown methods in replication-related CI tests ran at non-zero domain level. -- Martin^3 Babinsky From 52919ed0237c4bf6fe5580a9d99af79661a9bf53 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 4 Dec 2015 18:24:31 +0100 Subject: [PAT

Re: [Freeipa-devel] [PATCH 0112] CI tests: ignore disconnected domain level 1 topology on IPA master teardown

On 12/07/2015 01:53 PM, Martin Babinsky wrote: On 12/07/2015 12:07 PM, Oleg Fayans wrote: Hi Martin, CONFIGURED_DOMAIN_LEVEL is declared, but not used. The rest looks fine to me On 12/07/2015 11:05 AM, Martin Babinsky wrote: This patch should fix teardown methods in replication-related CI

Re: [Freeipa-devel] [TESTS][PATCH 0006] Add comments to stageuser plugin tests

12:13 PM, Martin Babinsky wrote: On 11/19/2015 10:34 AM, Petr Viktorin wrote: On 11/19/2015 09:30 AM, Lenka Doudova wrote: On 11/18/2015 04:51 PM, Martin Babinsky wrote: On 11/18/2015 02:16 PM, Lenka Doudova wrote: Hi, here's a patch that adds a few comments to stageuser tests in order

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

On 12/09/2015 03:48 PM, Jan Cholasta wrote: On 2.12.2015 14:19, Martin Basti wrote: On 02.12.2015 14:10, Martin Basti wrote: On 02.12.2015 14:08, Martin Babinsky wrote: On 12/02/2015 10:45 AM, Martin Babinsky wrote: On 12/01/2015 02:40 PM, Martin Babinsky wrote: On 11/30/2015 08:34 PM

[Freeipa-devel] [PATCH 0108] replica install: improvements in the handling of CA-related IPA config entries

c67a6c03a4f2ed82aea7e0da03c9e2270eea2d42 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Wed, 2 Dec 2015 12:22:45 +0100 Subject: [PATCH] replica install: improvements in the handling of CA-related IPA config entries When a CA-less replica is installed, its IPA config file should be u

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

On 12/01/2015 02:40 PM, Martin Babinsky wrote: On 11/30/2015 08:34 PM, Martin Basti wrote: On 30.11.2015 18:41, Martin Babinsky wrote: On 11/30/2015 06:15 PM, Martin Basti wrote: On 30.11.2015 16:43, Martin Babinsky wrote: On 11/30/2015 12:31 PM, Jan Cholasta wrote: Hi, On 27.11.2015

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

On 12/02/2015 10:45 AM, Martin Babinsky wrote: On 12/01/2015 02:40 PM, Martin Babinsky wrote: On 11/30/2015 08:34 PM, Martin Basti wrote: On 30.11.2015 18:41, Martin Babinsky wrote: On 11/30/2015 06:15 PM, Martin Basti wrote: On 30.11.2015 16:43, Martin Babinsky wrote: On 11/30/2015 12

Re: [Freeipa-devel] [PATCH 0364, 0367] ipa-kra-install: allow first KRA to be installed on replica

On 11/30/2015 06:29 PM, Martin Basti wrote: On 30.11.2015 14:16, Martin Babinsky wrote: On 11/27/2015 05:02 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5460 I tested just master, I will test ipa-4-2 later. patch attached. ACK for the master branch. Thanks

Re: [Freeipa-devel] [PATCH 0112] CI tests: ignore disconnected domain level 1 topology on IPA master teardown

On 12/07/2015 12:07 PM, Oleg Fayans wrote: Hi Martin, CONFIGURED_DOMAIN_LEVEL is declared, but not used. The rest looks fine to me On 12/07/2015 11:05 AM, Martin Babinsky wrote: This patch should fix teardown methods in replication-related CI tests ran at non-zero domain level. Ah

[Freeipa-devel] [PATCH 0111] prevent crashes of server uninstall check caused by failed, 5 LDAP connections

https://fedorahosted.org/freeipa/ticket/5409 -- Martin^3 Babinsky From 2b710f7dbc2017bfc0a0b090d55f631c7017f79f Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 4 Dec 2015 20:29:18 +0100 Subject: [PATCH] prevent crashes of server uninstall check caused by

[Freeipa-devel] [PATCH 0109-0110] fix auto-forwarders in standalone DNS installer and update man pages

Additional fixes for https://fedorahosted.org/freeipa/ticket/5438 -- Martin^3 Babinsky From 2f6c7183bcfd3dc04e0a76b622bedb6db0b7feb8 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 4 Dec 2015 20:09:46 +0100 Subject: [PATCH 2/2] add '--auto-forwarders' descr

Re: [Freeipa-devel] [PATCH 0113] properly add ACIs to custodia container during IPA upgrade

On 12/08/2015 10:45 AM, Martin Babinsky wrote: fixes https://fedorahosted.org/freeipa/ticket/5524 Attaching updated patch with simpler fix suggested by Jan. -- Martin^3 Babinsky From 9c7accdc7facec47e9a75f91168dca28db9e343d Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mb

[Freeipa-devel] [PATCH 0116] CI tests: remove '-p' option from ipa-dns-install calls

See commit message. -- Martin^3 Babinsky From 108ce5787620227ef657c8e655dd3427655ebd06 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 10 Dec 2015 16:32:35 +0100 Subject: [PATCH] CI tests: remove '-p' option from ipa-dns-install calls fix for

Re: [Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

On 12/15/2015 07:19 AM, Jan Cholasta wrote: On 14.12.2015 18:51, Tomas Babej wrote: On 12/14/2015 05:31 PM, Martin Babinsky wrote: fixes https://fedorahosted.org/freeipa/ticket/5528 Works as expected, code-wise looks good. Thanks for looking into this, ACK! Pushed to master

[Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

fixes https://fedorahosted.org/freeipa/ticket/5528 -- Martin^3 Babinsky From 1e6dcfe235b1c9e563dd0fd3408ef93008010a89 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Mon, 14 Dec 2015 14:28:41 +0100 Subject: [PATCH] ipa-client-install: create a temporary dir

Re: [Freeipa-devel] [PATCH 016 - 017] First part of the replica promotion tests + testplan

On 12/15/2015 10:29 AM, Oleg Fayans wrote: Hi Martin, The updated patches are attached. Patch 0017 includes all changes from patch 0018, so, if you approve this one, there would be no need to continue with the review of 0018. This one contains all changes related to you remarks from 0018

Re: [Freeipa-devel] [PATCH 0020][Tests] Added --realm parameter to master installation procedure in integration tests

On 12/17/2015 04:28 PM, Oleg Fayans wrote: Oleg, you sent a vim swap file instead of the patch. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] Fwd: [PUBLIC] Re: [IPAQE][REVIEW-REQUEST][TEST PLAN] Replica promotion

On 12/16/2015 03:17 PM, Nikhil Dehadrai wrote: Hi There, Based on the URL for REPLICA PROMOTION Test plan (http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan), I have following observations / queries. Observations: --- 1. For "ipa-kra-install" and "ipa-ca-install" ,

Re: [Freeipa-devel] [TESTS][PATCH 0008] Fix tests for (stage)user plugin

On 12/16/2015 01:51 PM, Lenka Doudova wrote: Hi, this patch fixes few Tracker methods for staged and 'normal' user, which were mistakenly modified by my patch 0006.3. Applies for ipa-4-2 branch only. Lenka ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

Rebased patches attached. Note that 520 should still be applied between 509 and 510. LGTM ACK Thanks. Pushed to master: 01ddf51df76f3298499973355c5461727e46ab5b Martin Babinsky found out that ipaservers is not created early enough when installing a replica of a 4.2 or older server which caus

Re: [Freeipa-devel] [PATCHES 523-525] replica install: add remote connection check over API

On 12/10/2015 09:48 AM, Jan Cholasta wrote: On 9.12.2015 16:38, Jan Cholasta wrote: On 9.12.2015 14:52, Jan Cholasta wrote: On 9.12.2015 10:02, Jan Cholasta wrote: Hi, the attached patches fix . Note that this needs selinux-policy fix to work,

Re: [Freeipa-devel] [PATCH 0114] harden domain level 1 topology connectivity checks

On 12/08/2015 05:35 PM, Martin Babinsky wrote: A sort of auxilliary patch which makes topology checks more resistant to https://fedorahosted.org/freeipa/ticket/5526 If required I will open a separate ticket for it though. Bump for review. -- Martin^3 Babinsky -- Manage your subscription

[Freeipa-devel] [PATCH 0118] fix Py3 incompatible exception instantiation in replica install code

-- Martin^3 Babinsky From 2cd363bedcf08c8fd941b34e048b9c5eed3e09f1 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Wed, 16 Dec 2015 10:56:06 +0100 Subject: [PATCH] fix Py3 incompatible exception instantiation in replica install code --- ipaserver/install/

[Freeipa-devel] [PATCH 0119] ipalib/x509.py: revert deletion of ipalib api import

Fixes https://fedorahosted.org/freeipa/ticket/5561 -- Martin^3 Babinsky From db5be916722af67b6d0c472cd8737011956651dd Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Mon, 4 Jan 2016 15:56:07 +0100 Subject: [PATCH] ipalib/x509.py: revert deletion of ipalib api

Re: [Freeipa-devel] [PATCH 0119] ipalib/x509.py: revert deletion of ipalib api import

On 01/04/2016 04:05 PM, Martin Babinsky wrote: Fixes https://fedorahosted.org/freeipa/ticket/5561 This is for master branch only, ipa-4-{2,3} does not have this problem. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman

Re: [Freeipa-devel] [PATCH 027] Require Dogtag 10.2.6-13 to fix KRA uninstall

On 01/05/2016 01:49 PM, Lukas Slebodnik wrote: On (05/01/16 12:24), Christian Heimes wrote: The combination of a bug in Dogtag's sslget command and a new feature in mod_nss causes an incomplete uninstallation of KRA. The bug has been fixed in Dogtag 10.2.6-13. and it ins in fedora 23 stable

[Freeipa-devel] [PATCH 0120] prevent crash of CA-less server upgrade due to absent certmonger

fixes https://fedorahosted.org/freeipa/ticket/5519 -- Martin^3 Babinsky From d5e6dadf7e092b389284a753ec55e2448446f3d5 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Tue, 5 Jan 2016 13:00:24 +0100 Subject: [PATCH] prevent crash of CA-less server upgrade due to

Re: [Freeipa-devel] [PATCH 559] Fix kadmin for new users

On 11/25/2015 03:41 PM, Martin Kosek wrote: On 11/25/2015 03:32 PM, Simo Sorce wrote: On Wed, 2015-11-25 at 14:13 +0100, Tomas Babej wrote: On 11/25/2015 02:13 PM, Tomas Babej wrote: On 11/25/2015 02:00 PM, Martin Babinsky wrote: On 11/24/2015 11:32 PM, Simo Sorce wrote: Ticket #937

Re: [Freeipa-devel] [PATCH 0400] update_uniqueness plugin: fix possible referenced before assignment error

On 01/06/2016 08:32 PM, Martin Basti wrote: Variable 'update' might be undefined if a plugin configuration cannot be migrated to new format. Patch attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [PATCH 0121] consider IPA master removed from topology when request for host TGT fails

https://fedorahosted.org/freeipa/ticket/5584 -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0121] consider IPA master removed from topology when request for host TGT fails

On 01/07/2016 05:37 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5584 And the patch is here. -- Martin^3 Babinsky From 43617fe3bbd4e72626bdf9f3c228c3585cc37d4b Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 7 Jan 2016 16:48:11

Re: [Freeipa-devel] [PATCH 0118] fix Py3 incompatible exception instantiation in replica install code

On 01/04/2016 09:02 AM, Martin Babinsky wrote: I have created ticket to patch and added it to commit message: https://fedorahosted.org/freeipa/ticket/5585 -- Martin^3 Babinsky From 8d2779da21b2110ad879e413a2434c4b7e702d35 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.

Re: [Freeipa-devel] [PATCH] 928-936 webui: topology visualization

On 11/25/2015 03:28 PM, Petr Vobornik wrote: On 11/24/2015 02:09 PM, Martin Babinsky wrote: On 11/24/2015 12:17 PM, Petr Vobornik wrote: On 11/24/2015 12:10 PM, Ludwig Krispenz wrote: Hi Petr, I'm testing these patches.Two observations so far: - in Topology->IPA Servers I see a table of

Re: [Freeipa-devel] rename topology suffixes

On 11/27/2015 01:39 PM, Jan Cholasta wrote: On 27.11.2015 13:10, Petr Vobornik wrote: On 11/27/2015 12:46 PM, Petr Spacek wrote: On 27.11.2015 09:00, Jan Cholasta wrote: On 27.11.2015 08:33, Martin Kosek wrote: On 11/27/2015 07:05 AM, Jan Cholasta wrote: On 26.11.2015 17:15, Petr Vobornik

Re: [Freeipa-devel] [PATCH] 927 topology: treat server suffix as multivalued attribute in API

On 11/20/2015 03:56 PM, Petr Vobornik wrote: ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

On 11/19/2015 06:19 PM, Martin Babinsky wrote: These two patches fix the following tickets: https://fedorahosted.org/freeipa/ticket/5377 https://fedorahosted.org/freeipa/ticket/5409 I have added a new option '--ignore-disconnected-topology' which forces IPA master uninstall despite reported

Re: [Freeipa-devel] [PATCH 0355-0356, 0363] Prevent using replica file with ipa-ca-install and domain

On 11/27/2015 02:05 PM, Martin Basti wrote: On 26.11.2015 15:00, Martin Basti wrote: On 24.11.2015 16:48, Jan Cholasta wrote: On 24.11.2015 10:21, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5455 Patches attached. +def run(self): +self._run() Wouldn't it be

[Freeipa-devel] [PATCH 0106] perform IPA client uninstallation as a last step of server uninstall

This patch fixes https://fedorahosted.org/freeipa/ticket/5410 -- Martin^3 Babinsky From 6c565cd6e25dec28ef98b987b2f8bf61d21de52d Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 27 Nov 2015 14:05:21 +0100 Subject: [PATCH] perform IPA client uninstallation as

Re: [Freeipa-devel] [PATCH 0104] do not disconnect when using existing connection to check default CA ACLs

On 11/25/2015 09:56 AM, Jan Cholasta wrote: On 25.11.2015 09:28, Martin Babinsky wrote: On 11/25/2015 07:21 AM, Jan Cholasta wrote: On 25.11.2015 05:56, Fraser Tweedale wrote: On Tue, Nov 24, 2015 at 05:38:45PM +0100, Jan Cholasta wrote: On 24.11.2015 17:17, Martin Babinsky wrote: On 11/24

Re: [Freeipa-devel] [PATCH 558] Allow disabling requireing preauth by default for Service Principal Names

On 11/24/2015 10:20 PM, Simo Sorce wrote: This addresses #3860, giving admins the option to not require preauth for Hosts and services. I did not add this option by default, although it does reduce the load on the KDC as well as speed up TGT acquisition for service principal accounts that

Re: [Freeipa-devel] [PATCH 0104] do not disconnect when using existing connection to check default CA ACLs

On 11/25/2015 07:21 AM, Jan Cholasta wrote: On 25.11.2015 05:56, Fraser Tweedale wrote: On Tue, Nov 24, 2015 at 05:38:45PM +0100, Jan Cholasta wrote: On 24.11.2015 17:17, Martin Babinsky wrote: On 11/24/2015 05:10 PM, Martin Babinsky wrote: On 11/24/2015 05:01 PM, Martin Babinsky wrote

Re: [Freeipa-devel] [PATCH 0349] baseuser.py compare objectclasses as case insensitive

On 11/17/2015 11:47 AM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5456 Patch attached. ACK but please fix a typo in the commit message before pushing. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 559] Fix kadmin for new users

On 11/24/2015 11:32 PM, Simo Sorce wrote: Ticket #937 was reopened a while ago because one corner case, new users that have never been assigned a password cause kadmin/kadmin.local to throw a fit when they try to visualize information about those user's principals. This patch fakes up

Re: [Freeipa-devel] [PATCH 0104] do not disconnect when using existing connection to check default CA ACLs

On 11/24/2015 05:01 PM, Martin Babinsky wrote: On 11/24/2015 04:58 PM, Jan Cholasta wrote: On 24.11.2015 16:48, Martin Babinsky wrote: On 11/24/2015 04:44 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5459 forgot to attach the actual file *slaps himself* ipaserver

Re: [Freeipa-devel] [PATCH 0104] do not disconnect when using existing connection to check default CA ACLs

On 11/24/2015 05:10 PM, Martin Babinsky wrote: On 11/24/2015 05:01 PM, Martin Babinsky wrote: On 11/24/2015 04:58 PM, Jan Cholasta wrote: On 24.11.2015 16:48, Martin Babinsky wrote: On 11/24/2015 04:44 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5459 forgot to attach

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

On 11/30/2015 12:31 PM, Jan Cholasta wrote: Hi, On 27.11.2015 14:58, Martin Babinsky wrote: On 11/19/2015 06:19 PM, Martin Babinsky wrote: These two patches fix the following tickets: https://fedorahosted.org/freeipa/ticket/5377 https://fedorahosted.org/freeipa/ticket/5409 I have added

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

On 11/30/2015 06:15 PM, Martin Basti wrote: On 30.11.2015 16:43, Martin Babinsky wrote: On 11/30/2015 12:31 PM, Jan Cholasta wrote: Hi, On 27.11.2015 14:58, Martin Babinsky wrote: On 11/19/2015 06:19 PM, Martin Babinsky wrote: These two patches fix the following tickets: https

Re: [Freeipa-devel] [PATCH] 927 topology: treat server suffix as multivalued attribute in API

On 11/30/2015 12:15 PM, Jan Cholasta wrote: On 27.11.2015 15:57, Petr Vobornik wrote: On 11/27/2015 02:50 PM, Martin Babinsky wrote: On 11/20/2015 03:56 PM, Petr Vobornik wrote: ACK Pushed to master: c688954c27c219cb18aff968fc1f510afff93981 As we discussed offline, the server plugin

Re: [Freeipa-devel] [PATCH] 927 topology: treat server suffix as multivalued attribute in API

On 11/30/2015 12:38 PM, Petr Vobornik wrote: On 11/30/2015 12:15 PM, Jan Cholasta wrote: On 27.11.2015 15:57, Petr Vobornik wrote: On 11/27/2015 02:50 PM, Martin Babinsky wrote: On 11/20/2015 03:56 PM, Petr Vobornik wrote: ACK Pushed to master: c688954c27c219cb18aff968fc1f510afff93981

Re: [Freeipa-devel] [PATCH 0107] fix 'iparepltopomanagedsuffix' attribute consumers

On 12/01/2015 12:21 PM, Martin Babinsky wrote: This patch fixes a regression caused by recently pushed topologysuffix-related patches. self-NACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0107] fix 'iparepltopomanagedsuffix' attribute consumers

On 12/01/2015 12:28 PM, Martin Babinsky wrote: On 12/01/2015 12:21 PM, Martin Babinsky wrote: This patch fixes a regression caused by recently pushed topologysuffix-related patches. self-NACK. This patch should actually work. -- Martin^3 Babinsky From

[Freeipa-devel] [PATCH 0107] fix 'iparepltopomanagedsuffix' attribute consumers

This patch fixes a regression caused by recently pushed topologysuffix-related patches. -- Martin^3 Babinsky From eace784d7bea6234083eff2658b787bb0706f575 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Tue, 1 Dec 2015 12:14:07 +0100 Subject: [PATC

Re: [Freeipa-devel] [PATCH 558] Allow disabling requireing preauth by default for Service Principal Names

On 11/30/2015 07:42 PM, Simo Sorce wrote: On Wed, 2015-11-25 at 10:33 +0100, Martin Babinsky wrote: On 11/24/2015 10:20 PM, Simo Sorce wrote: This addresses #3860, giving admins the option to not require preauth for Hosts and services. I did not add this option by default, although it does

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

On 11/30/2015 08:34 PM, Martin Basti wrote: On 30.11.2015 18:41, Martin Babinsky wrote: On 11/30/2015 06:15 PM, Martin Basti wrote: On 30.11.2015 16:43, Martin Babinsky wrote: On 11/30/2015 12:31 PM, Jan Cholasta wrote: Hi, On 27.11.2015 14:58, Martin Babinsky wrote: On 11/19/2015 06

Re: [Freeipa-devel] [PATCH 0100] replica promotion: modify default.conf even if DS configuration fails

On 11/20/2015 10:46 AM, Martin Babinsky wrote: On 11/20/2015 10:19 AM, Martin Babinsky wrote: Fixes https://fedorahosted.org/freeipa/ticket/5417 Sorry forgot to add the patch. Attaching new version of patch rebased for current master and bumping for review. -- Martin^3 Babinsky From

[Freeipa-devel] [PATCH 0105] fix a typo in replica DS creation code

My OCD self cringes every time I see "retriving DS Certificate" so I here's a patch that fixes this. -- Martin^3 Babinsky From 1c1e0165016b88fc91e57ba4ec6bb1b3099a049f Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 26 Nov 2015 10:52:45 +0100

[Freeipa-devel] [PATCH 0096] check whether replica exists before executing the domain level 1 deletion code

. -- Martin^3 Babinsky From 93d9f706d31a1f57438fecb7dd10b97b52b0b240 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Wed, 18 Nov 2015 13:12:50 +0100 Subject: [PATCH] check whether replica exists before executing the domain level 1 deletion code Move this check before the

[Freeipa-devel] [PATCH 0097] fix critical error messages when adding KRA container that already exists

https://fedorahosted.org/freeipa/ticket/5346 -- Martin^3 Babinsky From cf880b128ca4a4b53b8d70d1dce7d7aadab130c8 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 19 Nov 2015 10:24:40 +0100 Subject: [PATCH] suppress errors arising from adding existing LDAP e

Re: [Freeipa-devel] [PATCH 508] install: export KRA agent PEM file in ipa-kra-install

On 11/19/2015 09:07 AM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to

Re: [Freeipa-devel] [PATCH 515] client install: do not corrupt OpenSSH config with Match sections

On 11/20/2015 09:56 AM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to

[Freeipa-devel] [PATCH 0101] raise more descriptive Backend connection-related exceptions

Fixes https://fedorahosted.org/freeipa/ticket/5473 Patch is for master only, I will rebase it for 4-2 if we decide that it can land there as well. -- Martin^3 Babinsky From 9072fad67fd0bc3b9ef08d59a0c59c949a78e87a Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Dat

[Freeipa-devel] [PATCH 0102] update idrange tests to reflect disabled modification of local ID ranges

5709303aabcc26fd2faf8236861c98d8938d4620 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 20 Nov 2015 15:55:06 +0100 Subject: [PATCH] update idrange tests to reflect disabled modification of local ID ranges Fix for https://fedorahosted.org/freeipa/ticket/4826 temporarily disallowed modifi

Re: [Freeipa-devel] [PATCH 0100] replica promotion: modify default.conf even if DS configuration fails

On 11/20/2015 10:19 AM, Martin Babinsky wrote: Fixes https://fedorahosted.org/freeipa/ticket/5417 Sorry forgot to add the patch. -- Martin^3 Babinsky From f6235e6b1bcb2dfe08b0d92a9f0b834d45801ab9 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 20 Nov 2015

Re: [Freeipa-devel] [TESTS][PATCH 0006] Add comments to stageuser plugin tests

On 11/19/2015 10:34 AM, Petr Viktorin wrote: On 11/19/2015 09:30 AM, Lenka Doudova wrote: On 11/18/2015 04:51 PM, Martin Babinsky wrote: On 11/18/2015 02:16 PM, Lenka Doudova wrote: Hi, here's a patch that adds a few comments to stageuser tests in order to allow easier determining

Re: [Freeipa-devel] [PATCH 0064] Check if IPA is configured before attempting a winsync migration

On 11/20/2015 04:02 PM, Gabe Alford wrote: Hello, Fix for https://fedorahosted.org/freeipa/ticket/5470 Thanks, Gabe Hi Gabe, patch looks good. IMHO it would be better if you moved the check before API initialization like so: """ @@ -340,6 +340,12 @@ class

[Freeipa-devel] [PATCH 0100] replica promotion: modify default.conf even if DS configuration fails

Fixes https://fedorahosted.org/freeipa/ticket/5417 -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0064] Check if IPA is configured before attempting a winsync migration

On 11/20/2015 07:10 PM, Gabe Alford wrote: Thanks. Updated patch attached. Gabe On Fri, Nov 20, 2015 at 10:36 AM, Martin Babinsky <mbabi...@redhat.com <mailto:mbabi...@redhat.com>> wrote: On 11/20/2015 04:02 PM, Gabe Alford wrote: Hello, Fix for https://fedo

[Freeipa-devel] [PATCH 0102] disconnect ldap2 backend after adding default CA ACL profiles

:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Tue, 24 Nov 2015 14:43:10 +0100 Subject: [PATCH] disconnect ldap2 backend after adding default CA ACL profiles ensure_default_caacl() was leaking open api.Backend.ldap2 connection which could crash server/replica installation at later

<    1   2   3   4   5   6   7   8   >