Re: [Freeipa-devel] [PATCH 0208] Respect --test option in upgrade plugins

2015-03-12 Thread Petr Spacek
On 12.3.2015 16:23, Rob Crittenden wrote: David Kupka wrote: On 03/06/2015 06:00 PM, Martin Basti wrote: Upgrade plugins which modify LDAP data directly should not be executed in --test mode. This patch is a workaround, to ensure update with --test option will not modify any LDAP data.

Re: [Freeipa-devel] Generic support for unknown DNS RR types (RFC 3597)

2015-03-12 Thread Petr Spacek
On 11.3.2015 17:02, Martin Kosek wrote: On 03/11/2015 04:55 PM, Petr Spacek wrote: On 11.3.2015 15:45, Martin Kosek wrote: On 03/11/2015 03:38 PM, Petr Spacek wrote: On 11.3.2015 15:28, Martin Kosek wrote: On 03/11/2015 12:43 PM, Petr Spacek wrote: On 11.3.2015 11:34, Jan Cholasta wrote

Re: [Freeipa-devel] Purpose of default user group

2015-03-12 Thread Petr Spacek
On 10.3.2015 16:01, Jakub Hrozek wrote: On Tue, Mar 10, 2015 at 03:52:44PM +0100, Martin Kosek wrote: On 03/10/2015 03:27 PM, Rob Crittenden wrote: Petr Vobornik wrote: Hi, I would like to ask what is a purpose of a default user group - by default ipausers? Default group is also a required

Re: [Freeipa-devel] Generic support for unknown DNS RR types (RFC 3597)

2015-03-11 Thread Petr Spacek
On 10.3.2015 20:04, Simo Sorce wrote: On Tue, 2015-03-10 at 19:24 +0100, Petr Spacek wrote: On 10.3.2015 18:36, Simo Sorce wrote: On Tue, 2015-03-10 at 18:26 +0100, Petr Spacek wrote: On 10.3.2015 17:35, Simo Sorce wrote: On Tue, 2015-03-10 at 16:19 +0100, Petr Spacek wrote: On 10.3.2015 15

Re: [Freeipa-devel] Generic support for unknown DNS RR types (RFC 3597)

2015-03-11 Thread Petr Spacek
On 11.3.2015 08:13, Martin Kosek wrote: On 03/10/2015 07:24 PM, Petr Spacek wrote: On 10.3.2015 18:36, Simo Sorce wrote: On Tue, 2015-03-10 at 18:26 +0100, Petr Spacek wrote: On 10.3.2015 17:35, Simo Sorce wrote: On Tue, 2015-03-10 at 16:19 +0100, Petr Spacek wrote: On 10.3.2015 15:53, Simo

Re: [Freeipa-devel] Generic support for unknown DNS RR types (RFC 3597)

2015-03-11 Thread Petr Spacek
On 11.3.2015 11:34, Jan Cholasta wrote: Dne 11.3.2015 v 11:12 Petr Spacek napsal(a): On 10.3.2015 20:04, Simo Sorce wrote: On Tue, 2015-03-10 at 19:24 +0100, Petr Spacek wrote: On 10.3.2015 18:36, Simo Sorce wrote: On Tue, 2015-03-10 at 18:26 +0100, Petr Spacek wrote: On 10.3.2015 17:35

Re: [Freeipa-devel] [PATCHES 0015-0017] consolidation of various Kerberos auth methods in FreeIPA code

2015-03-11 Thread Petr Spacek
Hello Martin^3, good work, we are almost there! Please see my nitpicks in-line. On 9.3.2015 13:06, Martin Babinsky wrote: On 03/06/2015 01:05 PM, Martin Babinsky wrote: This series of patches for the master/4.1 branch attempts to implement some of the Rob's and Petr Vobornik's ideas which

Re: [Freeipa-devel] Generic support for unknown DNS RR types (RFC 3597)

2015-03-11 Thread Petr Spacek
On 11.3.2015 15:28, Martin Kosek wrote: On 03/11/2015 12:43 PM, Petr Spacek wrote: On 11.3.2015 11:34, Jan Cholasta wrote: Dne 11.3.2015 v 11:12 Petr Spacek napsal(a): On 10.3.2015 20:04, Simo Sorce wrote: On Tue, 2015-03-10 at 19:24 +0100, Petr Spacek wrote: On 10.3.2015 18:36, Simo Sorce

Re: [Freeipa-devel] [PATCHES 0015-0017] consolidation of various Kerberos auth methods in FreeIPA code

2015-03-11 Thread Petr Spacek
On 11.3.2015 14:27, Martin Babinsky wrote: Actually, now that I think about it, I will try to address some of your comments: +except krbV.Krb5Error, e: except ... , ... syntax is not going to work in Python 3. Maybe 'as' would be better? AFAIK except ... as ... syntax was added in

[Freeipa-devel] Generic support for unknown DNS RR types (RFC 3597)

2015-03-10 Thread Petr Spacek
Hello, I would like to discuss Generic support for unknown DNS RR types (RFC 3597 [0]). Here is the proposal: LDAP schema === - 1 new attribute: ( OID NAME 'GenericRecord' DESC 'unknown DNS record, RFC 3597' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) The

Re: [Freeipa-devel] Generic support for unknown DNS RR types (RFC 3597)

2015-03-10 Thread Petr Spacek
On 10.3.2015 15:53, Simo Sorce wrote: On Tue, 2015-03-10 at 15:32 +0100, Petr Spacek wrote: Hello, I would like to discuss Generic support for unknown DNS RR types (RFC 3597 [0]). Here is the proposal: LDAP schema === - 1 new attribute: ( OID NAME 'GenericRecord' DESC 'unknown

Re: [Freeipa-devel] Purpose of default user group

2015-03-10 Thread Petr Spacek
On 10.3.2015 16:55, Alexander Bokovoy wrote: On Tue, 10 Mar 2015, Petr Spacek wrote: On 10.3.2015 16:01, Jakub Hrozek wrote: On Tue, Mar 10, 2015 at 03:52:44PM +0100, Martin Kosek wrote: On 03/10/2015 03:27 PM, Rob Crittenden wrote: Petr Vobornik wrote: Hi, I would like to ask what

Re: [Freeipa-devel] Generic support for unknown DNS RR types (RFC 3597)

2015-03-10 Thread Petr Spacek
On 10.3.2015 18:36, Simo Sorce wrote: On Tue, 2015-03-10 at 18:26 +0100, Petr Spacek wrote: On 10.3.2015 17:35, Simo Sorce wrote: On Tue, 2015-03-10 at 16:19 +0100, Petr Spacek wrote: On 10.3.2015 15:53, Simo Sorce wrote: On Tue, 2015-03-10 at 15:32 +0100, Petr Spacek wrote: Hello, I would

Re: [Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records

2015-03-06 Thread Petr Spacek
On 4.3.2015 16:35, Martin Basti wrote: On 04/03/15 16:17, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4930 0200: 4.1, master Fixes traceback, which was raised if LDAP contained a record that was marked as unsupported. Now unsupported records are shown, if LDAP

Re: [Freeipa-devel] New freeipa-devel footer

2015-03-06 Thread Petr Spacek
On 6.3.2015 12:01, Martin Kosek wrote: On 03/06/2015 11:55 AM, Jan Pazdziora wrote: On Fri, Mar 06, 2015 at 11:43:07AM +0100, Martin Kosek wrote: See the footer below. If you have any improvements proposals, just tell me. Given the information about the list actions is in the List-* header

Re: [Freeipa-devel] [PATCH 0190] DNSSEC: add support for CKM_RSA_PKCS_OAEP mechanism

2015-03-05 Thread Petr Spacek
On 26.2.2015 16:59, Martin Basti wrote: On 26/02/15 12:47, Petr Spacek wrote: On 11.2.2015 14:10, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4657#comment:13 Patch attached. -- Martin Basti freeipa-mbasti-0190-DNSSEC-add-support-for-CKM_RSA_PKCS_OAEP-mechanism.patch

[Freeipa-devel] [PATCH 0023-0025] p11helper improvements

2015-03-05 Thread Petr Spacek
Hello, please review this patch set. It should be applied on top of your previous p11helper patch set. Thank you! -- Petr^2 Spacek From 0195c8cac890a6a41d5ba8e48e904b6d69405bfb Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 4 Mar 2015 14:37:58 +0100 Subject: [PATCH

Re: [Freeipa-devel] [PATCH 0194] Remove unused method to export secret key from ipapkcs11helper module

2015-03-05 Thread Petr Spacek
On 25.2.2015 14:24, Martin Basti wrote: The method never been used, and never will be, because we do not want to export secrets. Ticket: https://fedorahosted.org/freeipa/ticket/4657 Patch attached (may require mbasti-0195, mbasti-0190) ACK, it works for me. -- Petr^2 Spacek

Re: [Freeipa-devel] [PATCH 0316] Fix crash triggered by zone objects with unexpected DN

2015-03-05 Thread Petr Spacek
On 4.3.2015 15:26, Tomas Hozza wrote: On 02/24/2015 03:01 PM, Petr Spacek wrote: Hello, On 18.2.2015 10:36, Tomas Hozza wrote: On 12/16/2014 04:32 PM, Petr Spacek wrote: Hello, Fix crash triggered by zone objects with unexpected DN. https://fedorahosted.org/bind-dyndb-ldap

Re: [Freeipa-devel] [PATCH 0023-0025] p11helper improvements

2015-03-05 Thread Petr Spacek
On 5.3.2015 14:50, Petr Spacek wrote: Hello, please review this patch set. It should be applied on top of your previous p11helper patch set. Thank you! Reviewer requested reworded version of the error message, here it is. -- Petr^2 Spacek From dd05ce3026b30874355ca3a441d7ccc51c65f287

Re: [Freeipa-devel] [PATCH 0195] Fix memory leaks in ipapkcs11helper module

2015-03-05 Thread Petr Spacek
On 26.2.2015 17:01, Martin Basti wrote: On 26/02/15 13:06, Petr Spacek wrote: Hello Martin, thank you for patch! This NACK is only aesthetic :-) On 25.2.2015 14:21, Martin Basti wrote: if (!check_return_value(rv, import_wrapped_key: key unwrapping)) { +error = 1

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

2015-03-03 Thread Petr Spacek
On 3.3.2015 10:58, Martin Kosek wrote: On 03/03/2015 09:36 AM, Petr Spacek wrote: On 3.3.2015 09:33, Jan Cholasta wrote: Dne 3.3.2015 v 09:06 Martin Basti napsal(a): On 03/03/15 07:31, Jan Cholasta wrote: Dne 2.3.2015 v 13:51 Martin Basti napsal(a): On 02/03/15 13:12, Jan Cholasta wrote

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

2015-03-03 Thread Petr Spacek
On 3.3.2015 11:01, Jan Cholasta wrote: I would very much prefer to do it the other way around, so that most bugs in the code are caught early, instead of hidden behind the version comparison. +1 -- Petr^2 Spacek ___ Freeipa-devel mailing list

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

2015-03-03 Thread Petr Spacek
On 3.3.2015 09:33, Jan Cholasta wrote: Dne 3.3.2015 v 09:06 Martin Basti napsal(a): On 03/03/15 07:31, Jan Cholasta wrote: Dne 2.3.2015 v 13:51 Martin Basti napsal(a): On 02/03/15 13:12, Jan Cholasta wrote: Dne 2.3.2015 v 12:23 Martin Kosek napsal(a): On 03/02/2015 07:49 AM, Jan Cholasta

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

2015-03-03 Thread Petr Spacek
On 2.3.2015 18:54, Martin Basti wrote: On 02/03/15 18:28, Martin Kosek wrote: On 03/02/2015 06:12 PM, Martin Basti wrote: On 02/03/15 15:43, Rob Crittenden wrote: Martin Basti wrote: ... But you haven't explained any case why LDAPI would fail. If LDAPI fails then you've got more serious

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

2015-02-26 Thread Petr Spacek
On 25.2.2015 17:49, Martin Basti wrote: On 25/02/15 17:15, Petr Spacek wrote: On 24.2.2015 19:10, Martin Basti wrote: Hello all, please read the design page, any objections/suggestions appreciated http://www.freeipa.org/page/V4/Server_Upgrade_Refactoring Thank you for the design, I have

Re: [Freeipa-devel] [PATCH 0190] DNSSEC: add support for CKM_RSA_PKCS_OAEP mechanism

2015-02-26 Thread Petr Spacek
On 11.2.2015 14:10, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4657#comment:13 Patch attached. -- Martin Basti freeipa-mbasti-0190-DNSSEC-add-support-for-CKM_RSA_PKCS_OAEP-mechanism.patch From 4d698a5adaa94eb854c75bd9bcaf3093f31a11e5 Mon Sep 17 00:00:00 2001

Re: [Freeipa-devel] [PATCH 0195] Fix memory leaks in ipapkcs11helper module

2015-02-26 Thread Petr Spacek
Hello Martin, thank you for patch! This NACK is only aesthetic :-) On 25.2.2015 14:21, Martin Basti wrote: if (!check_return_value(rv, import_wrapped_key: key unwrapping)) { +error = 1; +goto final; +} This exact sequence is repeated many times in the code. I

Re: [Freeipa-devel] IPA Server upgrade 4.2 design

2015-02-25 Thread Petr Spacek
On 24.2.2015 19:10, Martin Basti wrote: Hello all, please read the design page, any objections/suggestions appreciated http://www.freeipa.org/page/V4/Server_Upgrade_Refactoring Thank you for the design, I have only few nitpicks. Increase update files numbers range Update files number will

Re: [Freeipa-devel] [PATCH 0319] Fix crash caused by race condition during resolver cache flushing

2015-02-24 Thread Petr Spacek
On 29.1.2015 15:42, Tomas Hozza wrote: On 01/13/2015 02:16 PM, Petr Spacek wrote: Hello, This patch should be applied to v2 branch. Fix crash caused by race condition during resolver cache flushing. dns_view_flushcache() call has to be always done in single-thread mode. Locking

Re: [Freeipa-devel] [PATCH 0316] Fix crash triggered by zone objects with unexpected DN

2015-02-24 Thread Petr Spacek
Hello, On 18.2.2015 10:36, Tomas Hozza wrote: On 12/16/2014 04:32 PM, Petr Spacek wrote: Hello, Fix crash triggered by zone objects with unexpected DN. https://fedorahosted.org/bind-dyndb-ldap/ticket/148 NACK. The patch seems to make no difference when using the reproducer from ticket

Re: [Freeipa-devel] [PATCHES 0005-0011] Fix some of the defects reported by covscan on freeipa-master

2015-01-28 Thread Petr Spacek
On 27.1.2015 18:36, Martin Babinsky wrote: On 01/27/2015 06:05 PM, Petr Spacek wrote: On 27.1.2015 18:02, Alexander Bokovoy wrote: -slapi_search_internal_get_entry(sdn, attrs, entry, -otp_config_plugin_id(otp_config)); +search_result

Re: [Freeipa-devel] [PATCHES 0005-0011] Fix some of the defects reported by covscan on freeipa-master

2015-01-27 Thread Petr Spacek
On 27.1.2015 17:56, Alexander Bokovoy wrote: On Tue, 27 Jan 2015, Martin Babinsky wrote: From 23a823c3c5933d5c14342e15c00599af74b84118 Mon Sep 17 00:00:00 2001 From: Martin Babinsky mbabi...@redhat.com Date: Tue, 27 Jan 2015 13:21:33 +0100 Subject: [PATCH 3/7] proposed fix fo a defect

Re: [Freeipa-devel] [PATCHES 0005-0011] Fix some of the defects reported by covscan on freeipa-master

2015-01-27 Thread Petr Spacek
On 27.1.2015 18:23, Alexander Bokovoy wrote: On Tue, 27 Jan 2015, Petr Spacek wrote: On 27.1.2015 17:56, Alexander Bokovoy wrote: On Tue, 27 Jan 2015, Martin Babinsky wrote: From 23a823c3c5933d5c14342e15c00599af74b84118 Mon Sep 17 00:00:00 2001 From: Martin Babinsky mbabi...@redhat.com Date

Re: [Freeipa-devel] [PATCHES 0005-0011] Fix some of the defects reported by covscan on freeipa-master

2015-01-27 Thread Petr Spacek
On 27.1.2015 18:02, Alexander Bokovoy wrote: -slapi_search_internal_get_entry(sdn, attrs, entry, -otp_config_plugin_id(otp_config)); +search_result = slapi_search_internal_get_entry(sdn, attrs, entry, +otp_config_plugin_id(otp_config));

Re: [Freeipa-devel] [PATCHES 0005-0011] Fix some of the defects reported by covscan on freeipa-master

2015-01-27 Thread Petr Spacek
On 27.1.2015 18:41, Alexander Bokovoy wrote: On Tue, 27 Jan 2015, Petr Spacek wrote: On 27.1.2015 18:23, Alexander Bokovoy wrote: On Tue, 27 Jan 2015, Petr Spacek wrote: On 27.1.2015 17:56, Alexander Bokovoy wrote: On Tue, 27 Jan 2015, Martin Babinsky wrote: From

[Freeipa-devel] [PATCH 0320] Fix description of idnsAllowQuery attribute in README

2015-01-21 Thread Petr Spacek
2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 21 Jan 2015 13:53:02 +0100 Subject: [PATCH] Fix description of idnsAllowQuery attribute in README. https://fedorahosted.org/bind-dyndb-ldap/ticket/154 --- README | 23 +++ 1 file changed, 11 insertions(+), 12 deletions(-) diff

Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.

2015-01-20 Thread Petr Spacek
On 15.1.2015 20:49, Lukas Slebodnik wrote: On (15/01/15 20:38), Martin Basti wrote: On 15/01/15 20:24, Martin Basti wrote: On 15/01/15 17:13, David Kupka wrote: On 01/15/2015 03:22 PM, David Kupka wrote: On 01/15/2015 12:43 PM, David Kupka wrote: On 01/12/2015 06:34 PM, Martin Basti wrote:

Re: [Freeipa-devel] [PATCH 0170, 0183] Detect and warn about invalid forwardzone configuration

2015-01-15 Thread Petr Spacek
On 14.1.2015 17:20, Martin Basti wrote: On 12/12/14 13:52, Martin Basti wrote: On 12/12/14 13:50, Martin Kosek wrote: On 12/11/2014 05:44 PM, Petr Spacek wrote: On 11.12.2014 16:50, Martin Basti wrote: Updated aptch attached: Nice work, ACK! Can we also add some tests? This is a lot

[Freeipa-devel] [PATCH 0022] Fix default value type for wait_for_dns optio

2015-01-13 Thread Petr Spacek
Hello, Fix default value type for wait_for_dns option wait_for_dns value should be an integer so default value was changed from False to 0. -- Petr^2 Spacek From 15b0d338d7eb9b11cee7acfb1171367cbb8e723e Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 13 Jan 2015 10:14

Re: [Freeipa-devel] [PATCH 0319] Fix crash caused by race condition during resolver cache flushing

2015-01-13 Thread Petr Spacek
On 13.1.2015 14:16, Petr Spacek wrote: Hello, This patch should be applied to v2 branch. Fix crash caused by race condition during resolver cache flushing. dns_view_flushcache() call has to be always done in single-thread mode. Locking around the call was missing in forwarder

Re: [Freeipa-devel] [PATCH 0022] Fix default value type for wait_for_dns optio

2015-01-13 Thread Petr Spacek
On 13.1.2015 10:57, Martin Kosek wrote: On 01/13/2015 10:16 AM, Petr Spacek wrote: Hello, Fix default value type for wait_for_dns option wait_for_dns value should be an integer so default value was changed from False to 0. Thanks. I stumbled on this value this morning, when setting

[Freeipa-devel] FYI: LANGSEC: Sane protocol design and input parsing

2015-01-13 Thread Petr Spacek
Hello, FYI, I came across an interesting article/idea: LANGSEC: Language-theoretic Security The Language-theoretic approach (LANGSEC) regards the Internet insecurity epidemic as a consequence of ad hoc programming of input handling at all layers of network stacks, and in other kinds of software

[Freeipa-devel] [PATCH 0319] Fix crash caused by race condition during resolver cache flushing

2015-01-13 Thread Petr Spacek
. https://fedorahosted.org/bind-dyndb-ldap/ticket/142 -- Petr^2 Spacek From dce6ac00e48834c4c81e7041e4418c3d49b79725 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Fri, 19 Dec 2014 15:34:47 +0100 Subject: [PATCH] Fix crash caused by race condition during resolver cache

Re: [Freeipa-devel] Reviewed-By for design pages?

2015-01-12 Thread Petr Spacek
On 9.1.2015 14:26, Martin Kosek wrote: On 01/07/2015 05:41 PM, Alexander Bokovoy wrote: On Wed, 07 Jan 2015, Simo Sorce wrote: On Wed, 07 Jan 2015 10:34:59 +0100 Petr Spacek pspa...@redhat.com wrote: Hello, I wonder if we should add something like Reviewed-by tag to newly created design

[Freeipa-devel] [PATCH 0317-0318] Preparation for 7.0 release

2015-01-12 Thread Petr Spacek
c125f23501f8c53047375e45b72e73690fe791a3 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Mon, 12 Jan 2015 15:16:29 +0100 Subject: [PATCH] Update NEWS for upcoming 7.0 release. --- NEWS | 5 + 1 file changed, 5 insertions(+) diff --git a/NEWS b/NEWS index 313151ab197e4529def7953a1fbffa8fc3e8c5a7

Re: [Freeipa-devel] [PATCH 0315] Support BIND 9.10

2015-01-12 Thread Petr Spacek
On 9.1.2015 16:34, Tomas Hozza wrote: On 12/04/2014 05:04 PM, Petr Spacek wrote: Hello, Support BIND 9.10. https://fedorahosted.org/bind-dyndb-ldap/ticket/139 This patch definitely needs more testing but ...: - It compiles with BIND 9.9 and BIND 9.10. - It seems that it is able to load

[Freeipa-devel] automatic backup before FreeIPA upgrade?

2015-01-09 Thread Petr Spacek
Hello, I wonder if it is feasible to automatically run backup before FreeIPA upgrade ... How big the backup file is (I'm asking about X in expression X + database size)? Is there any reason not to do auto-backup? -- Petr^2 Spacek ___ Freeipa-devel

Re: [Freeipa-devel] [PATCHES 180-181] Fix forwardzone update

2015-01-09 Thread Petr Spacek
On 8.1.2015 16:53, Martin Basti wrote: On 08/01/15 16:42, Petr Spacek wrote: On 7.1.2015 13:56, Martin Basti wrote: +for config_option in container_entry.get(ipaConfigString, []): +matched = re.match(r^DNSVersion\s+(?Pversion%d)$, %d is C-ishm which does not work

Re: [Freeipa-devel] [PATCHES 180-181] Fix forwardzone update

2015-01-08 Thread Petr Spacek
On 7.1.2015 13:56, Martin Basti wrote: +for config_option in container_entry.get(ipaConfigString, []): +matched = re.match(r^DNSVersion\s+(?Pversion%d)$, %d is C-ishm which does not work + config_option, flags=re.I) +if matched and

[Freeipa-devel] Reviewed-By for design pages?

2015-01-07 Thread Petr Spacek
Hello, I wonder if we should add something like Reviewed-by tag to newly created design pages. It would serve as reminder and check that page was really reviewed by someone. (And that we should not spend much time on implementation before the tag is present on the page.) It will also add

[Freeipa-devel] DNS forward zone upgrade problem: post-mortem

2015-01-05 Thread Petr Spacek
Hello, as you may now, me and Martin^2 Basti screwed upgrades from RHEL 6.x to RHEL 7.1+. Cause = RHEL 7.1/bind-dyndb-ldap 6.x supports new object class idnsForwardZone and has modified idnsZone object class semantics . This new semantics match what is called master zones in BIND

[Freeipa-devel] [PATCH 0316] Fix crash triggered by zone objects with unexpected DN

2014-12-16 Thread Petr Spacek
Hello, Fix crash triggered by zone objects with unexpected DN. https://fedorahosted.org/bind-dyndb-ldap/ticket/148 -- Petr^2 Spacek From d9e2bd9a838882706ca95d60eefd459a95ae7579 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 16 Dec 2014 16:31:16 +0100 Subject: [PATCH

Re: [Freeipa-devel] FreeIPA integration with external DNS services

2014-12-11 Thread Petr Spacek
On 10.12.2014 18:50, Simo Sorce wrote: On Wed, 10 Dec 2014 15:13:30 +0100 Petr Spacek pspa...@redhat.com wrote: I think that external DNS could depend on Vault (assuming that external DNS support will be purely optional). TBH, I do not think this is a sensible option, the Vault will drag

Re: [Freeipa-devel] [PATCH 0170] Detect and warn about invalid forwardzone configuration

2014-12-11 Thread Petr Spacek
Hello, I have only few nitpicks and one minor non-nitpick. Rest is in-line. On 10.12.2014 18:20, Martin Basti wrote: freeipa-mbasti-0170.4-Detect-and-warn-about-invalid-DNS-forward-zone-confi.patch From a1b70e7a12ffdb08941d43587a05d7e36b57ab2b Mon Sep 17 00:00:00 2001 From: Martin Basti

Re: [Freeipa-devel] topology management question

2014-12-11 Thread Petr Spacek
On 11.12.2014 15:20, Simo Sorce wrote: On Thu, 11 Dec 2014 14:18:36 +0100 Ludwig Krispenz lkris...@redhat.com wrote: On 12/05/2014 04:50 PM, Simo Sorce wrote: On Thu, 04 Dec 2014 14:33:09 +0100 Ludwig Krispenz lkris...@redhat.com wrote: hi, I just have another (hopefully this will end

Re: [Freeipa-devel] [PATCH 0170] Detect and warn about invalid forwardzone configuration

2014-12-11 Thread Petr Spacek
On 11.12.2014 16:50, Martin Basti wrote: Updated aptch attached: Nice work, ACK! -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] FreeIPA integration with external DNS services

2014-12-10 Thread Petr Spacek
On 9.12.2014 13:40, Martin Kosek wrote: On 12/03/2014 05:04 PM, Petr Spacek wrote: On 2.12.2014 17:21, Simo Sorce wrote: On Tue, 02 Dec 2014 15:56:28 +0100 Petr Spacek pspa...@redhat.com wrote: On 1.12.2014 17:12, Simo Sorce wrote: On Mon, 01 Dec 2014 16:17:54 +0100 Petr Spacek pspa

Re: [Freeipa-devel] FreeIPA integration with external DNS services

2014-12-10 Thread Petr Spacek
On 10.12.2014 15:50, Martin Kosek wrote: On 12/10/2014 03:13 PM, Petr Spacek wrote: On 9.12.2014 13:40, Martin Kosek wrote: On 12/03/2014 05:04 PM, Petr Spacek wrote: On 2.12.2014 17:21, Simo Sorce wrote: On Tue, 02 Dec 2014 15:56:28 +0100 Petr Spacek pspa...@redhat.com wrote: On 1.12.2014

[Freeipa-devel] [PATCH 0315] Support BIND 9.10

2014-12-04 Thread Petr Spacek
yet. -- Petr^2 Spacek From 7101194d6bcf99c8cc5c8fec405ee716cd6e7b07 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Thu, 4 Dec 2014 14:52:18 +0100 Subject: [PATCH] Support BIND 9.10. https://fedorahosted.org/bind-dyndb-ldap/ticket/139 --- src/acl.c | 29

[Freeipa-devel] disaster recovery if replica was compromised

2014-12-03 Thread Petr Spacek
Hello, I wonder what we can recommend as disaster recovery procedure for cases where a replica (its LDAP database) was compromised. Saying you are screwed doesn't sound like the right answer :-D It is clear that all passwords and keys have to be changed and complete replica re-installation is

Re: [Freeipa-devel] FreeIPA integration with external DNS services

2014-12-03 Thread Petr Spacek
On 2.12.2014 17:21, Simo Sorce wrote: On Tue, 02 Dec 2014 15:56:28 +0100 Petr Spacek pspa...@redhat.com wrote: On 1.12.2014 17:12, Simo Sorce wrote: On Mon, 01 Dec 2014 16:17:54 +0100 Petr Spacek pspa...@redhat.com wrote: On 14.11.2014 17:31, Petr Spacek wrote: On 14.11.2014 02:22, Simo

Re: [Freeipa-devel] [PATCH 0036] Add missing python files to Makefile

2014-12-03 Thread Petr Spacek
if it is considered dead code. Gabe On Thursday, November 27, 2014, Petr Spacek pspa...@redhat.com mailto:pspa...@redhat.com wrote: On 27.11.2014 11:00, Martin Basti wrote: On 27/11/14 00:50, Gabe Alford wrote: Hello, Wondering

Re: [Freeipa-devel] Gaps in upstream tests

2014-12-03 Thread Petr Spacek
On 25.11.2014 10:43, Petr Spacek wrote: On 7.11.2014 14:41, Martin Kosek wrote: FreeIPA team will soon grow with a new member focusing on upstream QE tests. I would like to collect ideas what are the biggest gaps in the current upstream test suite from your POV. Existing requests

Re: [Freeipa-devel] [PATCH 0173] Throw zonemgr error message before installation proceeds

2014-12-02 Thread Petr Spacek
On 1.12.2014 13:32, Jan Cholasta wrote: Actually, sratch that, exceptions thrown by python-dns do not have messages. Oh yes, it is very annoying. I have asked upstream if potential patches about this issues can be accepted: https://github.com/rthalley/dnspython/issues/84 -- Petr^2 Spacek

Re: [Freeipa-devel] FreeIPA integration with external DNS services

2014-12-02 Thread Petr Spacek
On 1.12.2014 17:12, Simo Sorce wrote: On Mon, 01 Dec 2014 16:17:54 +0100 Petr Spacek pspa...@redhat.com wrote: On 14.11.2014 17:31, Petr Spacek wrote: On 14.11.2014 02:22, Simo Sorce wrote: On Tue, 11 Nov 2014 16:29:51 +0100 Petr Spacek pspa...@redhat.com wrote: Hello, this thread

[Freeipa-devel] Announcing bind-dyndb-ldap version 6.1

2014-12-02 Thread Petr Spacek
The FreeIPA team is proud to announce bind-dyndb-ldap version 6.1. It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/ The new version has also been built for Fedora 21+ and and is on its way to updates-testing:

[Freeipa-devel] Threat model abuse cases in design documents

2014-12-01 Thread Petr Spacek
Hello, while wondering about design for 'external DNS integration' feature I have realized that I did not see any explicit threat model for FreeIPA. Do we have any? IMHO it would be handy to have it somewhere on wiki so it could be used as 'checklist' while developing design documents for

Re: [Freeipa-devel] FreeIPA integration with external DNS services

2014-12-01 Thread Petr Spacek
On 14.11.2014 17:31, Petr Spacek wrote: On 14.11.2014 02:22, Simo Sorce wrote: On Tue, 11 Nov 2014 16:29:51 +0100 Petr Spacek pspa...@redhat.com wrote: Hello, this thread is about RFE IPA servers when installed should register themselves in the external DNS https://fedorahosted.org

Re: [Freeipa-devel] [PATCH 0170] Detect and warn about invalid forwardzone configuration

2014-12-01 Thread Petr Spacek
On 1.12.2014 14:39, Martin Basti wrote: On 24/11/14 17:24, Petr Spacek wrote: Hello! Thank you for the patch. It is not ready yet but the overall direction seems good. Please see my comments in-line. On 24.11.2014 14:35, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket

[Freeipa-devel] [PATCH 0311-0314] Preparation for 6.1 release

2014-11-28 Thread Petr Spacek
.gitignore to skip compile script from Autotools. Pushed to master: 75a706252bf816cbe236791e187c80d83774ad7d -- Petr^2 Spacek From 75a706252bf816cbe236791e187c80d83774ad7d Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Fri, 28 Nov 2014 10:09:30 +0100 Subject: [PATCH] Update

Re: [Freeipa-devel] [PATCH 0036] Add missing python files to Makefile

2014-11-27 Thread Petr Spacek
On 27.11.2014 11:00, Martin Basti wrote: On 27/11/14 00:50, Gabe Alford wrote: Hello, Wondering if I could get a review. Updated patch attached. Thanks, Gabe On Tue, Nov 11, 2014 at 7:21 AM, Gabe Alford redhatri...@gmail.com mailto:redhatri...@gmail.com wrote: Hello,

Re: [Freeipa-devel] [PATCH 0307] Send DNS NOTIFY message after any modification to the zone

2014-11-27 Thread Petr Spacek
On 27.11.2014 15:56, Tomas Hozza wrote: On 11/26/2014 01:46 PM, Martin Basti wrote: On 07/11/14 15:34, Petr Spacek wrote: Hello, Send DNS NOTIFY message after any modification to the zone. https://fedorahosted.org/bind-dyndb-ldap/ticket/144 Works for me. But don't push

Re: [Freeipa-devel] [PATCH 0228] Drop unnecessary #define _BSD_SOURCE

2014-11-26 Thread Petr Spacek
On 26.11.2014 16:47, Lukas Slebodnik wrote: On (12/11/14 16:34), Petr Spacek wrote: On 25.2.2014 15:05, Lukas Slebodnik wrote: On (25/02/14 09:54), Petr Spacek wrote: On 24.2.2014 18:56, Lukas Slebodnik wrote: On (24/02/14 16:48), Petr Spacek wrote: Hello, Drop unnecessary #define

Re: [Freeipa-devel] [PATCH][bind-dyndb-ldap] AUTOCONF: Improve detection of bind9 header files

2014-11-26 Thread Petr Spacek
On 26.11.2014 15:57, Lukas Slebodnik wrote: On (12/11/14 15:30), Petr Spacek wrote: On 24.7.2014 11:00, Petr Spacek wrote: On 27.2.2014 15:19, Lukas Slebodnik wrote: ehlo, I did some reviews of bind-dyndb-ldap last week and it was little bit annoying to export special CFLAGS for bind9

Re: [Freeipa-devel] [PATCH 0228] Drop unnecessary #define _BSD_SOURCE

2014-11-26 Thread Petr Spacek
On 26.11.2014 13:04, Tomas Hozza wrote: On 11/25/2014 07:53 PM, Martin Basti wrote: On 12/11/14 16:34, Petr Spacek wrote: On 25.2.2014 15:05, Lukas Slebodnik wrote: On (25/02/14 09:54), Petr Spacek wrote: On 24.2.2014 18:56, Lukas Slebodnik wrote: On (24/02/14 16:48), Petr Spacek

Re: [Freeipa-devel] [PATCH 0309] Fix crash caused by interaction between forward and master zones

2014-11-26 Thread Petr Spacek
On 26.11.2014 13:33, Tomas Hozza wrote: On 11/25/2014 07:07 PM, Martin Basti wrote: On 25/11/14 18:11, Petr Spacek wrote: Hello, Fix crash caused by interaction between forward and master zones. LDAP modifications made to idnsName=sub, idnsName=example.com, cn=dns object

Re: [Freeipa-devel] [PATCH 0306] Improve info messages about number of defined/loaded zones

2014-11-26 Thread Petr Spacek
On 26.11.2014 13:07, Tomas Hozza wrote: On 11/07/2014 01:33 PM, Petr Spacek wrote: Hello, Improve info messages about number of defined/loaded zones. ACK. The new message looks good. Pushed to master: eb600df6af932292e0a15817710cfc674f5c952b -- Petr^2 Spacek

Re: [Freeipa-devel] [PATCH][bind-dyndb-ldap] AUTOCONF: Improve detection of bind9 header files

2014-11-26 Thread Petr Spacek
On 26.11.2014 12:33, Tomas Hozza wrote: On 11/12/2014 03:30 PM, Petr Spacek wrote: On 24.7.2014 11:00, Petr Spacek wrote: On 27.2.2014 15:19, Lukas Slebodnik wrote: ehlo, I did some reviews of bind-dyndb-ldap last week and it was little bit annoying to export special CFLAGS

Re: [Freeipa-devel] [PATCH 0310] Fix misleading error message about forward zones on reconnect

2014-11-26 Thread Petr Spacek
On 26.11.2014 14:13, Tomas Hozza wrote: On 11/25/2014 07:25 PM, Martin Basti wrote: On 25/11/14 18:27, Petr Spacek wrote: Hello, Fix misleading error message about forward zones on reconnect. Previously the plugin could log 'already exist' error after successful reconnection

Re: [Freeipa-devel] [PATCH 0308] Improve detection of BIND 9 isc__errno2result header file

2014-11-26 Thread Petr Spacek
On 26.11.2014 13:39, Tomas Hozza wrote: On 11/25/2014 07:48 PM, Martin Basti wrote: On 12/11/14 16:11, Petr Spacek wrote: Hello, Improve detection of BIND 9 isc__errno2result header file. This header file is not in standard distribution so normal isc-config.sh detection

Re: [Freeipa-devel] RFE - Number of thoughts on FreeIPA

2014-11-25 Thread Petr Spacek
On 25.11.2014 04:09, Simo Sorce wrote: On Tue, 25 Nov 2014 08:31:33 +1030 William B will...@firstyear.id.au wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have been using FreeIPA for some time now. I have done a lot of testing for the project, and have a desire to see

Re: [Freeipa-devel] Gaps in upstream tests

2014-11-25 Thread Petr Spacek
On 7.11.2014 14:41, Martin Kosek wrote: FreeIPA team will soon grow with a new member focusing on upstream QE tests. I would like to collect ideas what are the biggest gaps in the current upstream test suite from your POV. Existing requests are tracked here:

[Freeipa-devel] [PATCH 0309] Fix crash caused by interaction between forward and master zones

2014-11-25 Thread Petr Spacek
=dns. https://fedorahosted.org/bind-dyndb-ldap/ticket/145 Tomas and Martin^2, please review it ASAP. Thank you! -- Petr^2 Spacek From b2f94e6e6d60c376519e92a466b9706eae141a37 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 25 Nov 2014 18:05:13 +0100 Subject: [PATCH] Fix

[Freeipa-devel] [PATCH 0310] Fix misleading error message about forward zones on reconnect

2014-11-25 Thread Petr Spacek
d5335dcf75e4d35177f477b9efd5a24db36d10d9 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 25 Nov 2014 18:24:11 +0100 Subject: [PATCH] Fix misleading error message about forward zones on reconnect. Previously the plugin could log 'already exist' error after succesfull reconnection to LDAP

Re: [Freeipa-devel] [PATCH 0170] Detect and warn about invalid forwardzone configuration

2014-11-24 Thread Petr Spacek
Hello! Thank you for the patch. It is not ready yet but the overall direction seems good. Please see my comments in-line. On 24.11.2014 14:35, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4721 Patch attached -- Martin Basti

Re: [Freeipa-devel] FreeIPA integration with external DNS services

2014-11-14 Thread Petr Spacek
On 14.11.2014 02:22, Simo Sorce wrote: On Tue, 11 Nov 2014 16:29:51 +0100 Petr Spacek pspa...@redhat.com wrote: Hello, this thread is about RFE IPA servers when installed should register themselves in the external DNS https://fedorahosted.org/freeipa/ticket/4424 It is not a complete

Re: [Freeipa-devel] [PATCH][bind-dyndb-ldap] AUTOCONF: Improve detection of bind9 header files

2014-11-12 Thread Petr Spacek
On 24.7.2014 11:00, Petr Spacek wrote: On 27.2.2014 15:19, Lukas Slebodnik wrote: ehlo, I did some reviews of bind-dyndb-ldap last week and it was little bit annoying to export special CFLAGS for bind9 header files. It can be automatically detected in configure script using utility isc

[Freeipa-devel] [PATCH 0308] Improve detection of BIND 9 isc__errno2result header file

2014-11-12 Thread Petr Spacek
packages are missing. -- Petr^2 Spacek From e8feffa54b8e5835d32bfba2c20ef686b8349ec7 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 12 Nov 2014 16:03:12 +0100 Subject: [PATCH] Improve detection of BIND 9 isc__errno2result header file. This header file is not in standard

Re: [Freeipa-devel] [PATCH 0228] Drop unnecessary #define _BSD_SOURCE

2014-11-12 Thread Petr Spacek
On 25.2.2014 15:05, Lukas Slebodnik wrote: On (25/02/14 09:54), Petr Spacek wrote: On 24.2.2014 18:56, Lukas Slebodnik wrote: On (24/02/14 16:48), Petr Spacek wrote: Hello, Drop unnecessary #define _BSD_SOURCE. -- Petr^2 Spacek From 1b5105e3ab92f2a898313da5f7e20e6f3e9d1d2a Mon Sep 17 00

Re: [Freeipa-devel] FreeIPA 4.1 release preparations

2014-11-11 Thread Petr Spacek
On 8.11.2014 14:43, Lukas Slebodnik wrote: On (20/10/14 16:08), Martin Kosek wrote: On 10/20/2014 04:00 PM, Jan Pazdziora wrote: On Mon, Oct 20, 2014 at 03:58:27PM +0200, Petr Vobornik wrote: The plan is to release 4.1 and then 4.0.4. Besides usual tarballs, 4.1 will go into Fedora rawhide,

[Freeipa-devel] FreeIPA integration with external DNS services

2014-11-11 Thread Petr Spacek
Hello, this thread is about RFE IPA servers when installed should register themselves in the external DNS https://fedorahosted.org/freeipa/ticket/4424 It is not a complete design, just a raw idea. Use case FreeIPA installation to a network with existing DNS infrastructure + network

Re: [Freeipa-devel] [PATCHES] 366-372 Additional Coverity fixes

2014-11-11 Thread Petr Spacek
On 11.11.2014 12:27, Jan Cholasta wrote: Dne 11.11.2014 v 11:40 Alexander Bokovoy napsal(a): On Tue, 11 Nov 2014, Jan Cholasta wrote: From 82d7d37ca310af015018ebb2da2f9a72c4dabcaa Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Mon, 10 Nov 2014 18:10:27 + Subject:

[Freeipa-devel] [PATCH 0307] Send DNS NOTIFY message after any modification to the zone

2014-11-07 Thread Petr Spacek
Hello, Send DNS NOTIFY message after any modification to the zone. https://fedorahosted.org/bind-dyndb-ldap/ticket/144 -- Petr^2 Spacek From 8980758721b57789c0f984465845f89c4705b872 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Fri, 7 Nov 2014 15:12:38 +0100 Subject

[Freeipa-devel] [PATCH 0021] Fix minimal version of BIND for Fedora 20 and 21

2014-11-07 Thread Petr Spacek
Hello, Fix minimal version of BIND for Fedora 20 and 21. We should build new mkosek/freeipa COPR package ASAP to solve conflicts on upgrade. -- Petr^2 Spacek From 822014a9ed130c05469d80b0cc200cda52d015c5 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Fri, 7 Nov 2014 16:53

Re: [Freeipa-devel] [PATCH] 357 Added symmetric and asymmetric vaults.

2014-11-05 Thread Petr Spacek
On 5.11.2014 09:32, Martin Kosek wrote: On 11/05/2014 08:14 AM, Jan Cholasta wrote: Hi, Dne 4.11.2014 v 17:54 Endi Sukma Dewata napsal(a): Hi, In this patch I'm adding ipaVaultSalt and ipaVaultPublicKey attribute types to store salt and public key for vault. Are there existing attribute

Re: [Freeipa-devel] Releasing testing tools as standalone projects

2014-11-04 Thread Petr Spacek
On 3.11.2014 16:47, Rob Crittenden wrote: Petr Viktorin wrote: Hello! There's been some interest in releasing pieces of FreeIPA's testing infrastructure so it can be reused in other projects. I will soon take the pytest-beakerlib plugin (currently in my patch 0672), and making a stand-alone

[Freeipa-devel] User life-cycle management as additional plugin

2014-11-04 Thread Petr Spacek
Hello, I wonder if user life-cycle extensions [1] can be in form of separate FreeIPA plugin for FreeIPA framework. Reasoning behind this is that different organizations will have different requirements (including no life-cycle management). I don't think that one-size-fits-all so from my

Re: [Freeipa-devel] [PATCH 0249-0250] Propagate DNS updates changes from LDAP to signed version of the zone

2014-11-03 Thread Petr Spacek
On 23.4.2014 18:16, Petr Spacek wrote: Hello, this patch set enables DNS updates to secure zones and also propagates changes made in LDAP to secure zones. NSEC3 doesn't work for some reason so don't waste time messing with NSEC3PARAM :-) This is delayed push notice

Re: [Freeipa-devel] [PATCH 0246-0248] Follow query/transfer/update policies for secure zones

2014-11-03 Thread Petr Spacek
On 7.5.2014 15:22, Petr Spacek wrote: On 23.4.2014 18:14, Petr Spacek wrote: This patch set configures secure zones according to policies in LDAP. Patch 246 v2 fixes incorrect ATTR_NONNULLS usage which causes segfaults when compiled with -O0. Patch 246 v2 obsoletes patch 253

<    2   3   4   5   6   7   8   9   10   11   >