Re: [Freeipa-devel] [PATCH] [DOC] 0003 Split text commands descriptions into XML tables.

2013-10-18 Thread Petr Viktorin
On 10/15/2013 06:19 PM, Jérôme Fenal wrote: kk2013/10/15 Martin Kosek mko...@redhat.com: Thanks. It would be ideal, if this table is (in future) generated somehow semi-automatically as practically all this info can be gathered from FreeIPA code. But for now, this is great. I see some issues

Re: [Freeipa-devel] [PATCH] 0075 Add ipa-advise plugins for nss-pam-ldapd legacy clients

2013-10-18 Thread Petr Viktorin
On 10/18/2013 04:07 PM, Alexander Bokovoy wrote: On Fri, 18 Oct 2013, Ana Krivokapic wrote: On 10/18/2013 01:31 PM, Ana Krivokapic wrote: On 10/18/2013 09:48 AM, Martin Kosek wrote: On 10/17/2013 10:29 PM, Alexander Bokovoy wrote: On Thu, 17 Oct 2013, Ana Krivokapic wrote: Hello, This

Re: [Freeipa-devel] [PATCHES] 0289-0302 Managed Read permissions

2013-10-18 Thread Petr Viktorin
On 10/03/2013 12:42 PM, Martin Kosek wrote: On 10/02/2013 01:26 PM, Petr Viktorin wrote: On 10/02/2013 01:07 PM, Simo Sorce wrote: ... To sum it up, I would rather not build our permission system on this group. I think we need top base our ACIs on LDAP bind targets ldap:///all and ldap

Re: [Freeipa-devel] Reviews still needed

2013-10-18 Thread Petr Viktorin
On 10/09/2013 08:57 PM, Nathaniel McCallum wrote: I still need reviews on the following patches. The first two (0015 and 0016) should be close if not ready to merge. They have undergone four revisions. The third is probably in the middle of reviews. Please help me push this over the goal line.

Re: [Freeipa-devel] [PATCH] 0288 Use a user result template in tests

2013-10-18 Thread Petr Viktorin
On 10/18/2013 04:21 PM, Ana Krivokapic wrote: On 09/30/2013 05:05 PM, Petr Viktorin wrote: Hello, This patch introduces an user template with the result of a default user add/show. The template is then customized and used in each test. This makes the tests shorter, and highlights the non

Re: [Freeipa-devel] [PATCH] 0274 test_simple_replication: Fix waiting for replication

2013-10-18 Thread Petr Viktorin
On 10/18/2013 05:53 PM, Ana Krivokapic wrote: On 09/13/2013 06:24 PM, Petr Viktorin wrote: The simple replication test is failing intermittently. It's quite hard to manually verify if this patch fixes that completely, but my testing says it does make a positive difference. See commit message

Re: [Freeipa-devel] [PATCHES] 0289-0302 Managed Read permissions

2013-10-21 Thread Petr Viktorin
On 10/21/2013 03:57 PM, Martin Kosek wrote: On 10/18/2013 04:28 PM, Petr Viktorin wrote: On 10/03/2013 12:42 PM, Martin Kosek wrote: On 10/02/2013 01:26 PM, Petr Viktorin wrote: On 10/02/2013 01:07 PM, Simo Sorce wrote: ... To sum it up, I would rather not build our permission system

Re: [Freeipa-devel] [PATCH 0121] ipatests: Add support for hosts referenced by a keyword

2013-10-22 Thread Petr Viktorin
On 10/22/2013 09:20 AM, Tomas Babej wrote: Hi, Adds support for host definition by a environment variables of the following form: KEYWORDHOST__envX, where X is the number of the environment for which host referenced by a keyword should be defined. You can also optionally use

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-22 Thread Petr Viktorin
Replying to one part only: On 10/21/2013 04:50 PM, Tomas Babej wrote: On 10/16/2013 03:44 PM, Petr Viktorin wrote: I still think it would be simpler if IPA and AD domains shared the numbering namespace (users would need to define $AD_env2; if they had $MASTER_env1 and $AD_env1 they would

Re: [Freeipa-devel] [PATCH 0121] ipatests: Add support for hosts referenced by a keyword

2013-10-22 Thread Petr Viktorin
On 10/22/2013 10:09 AM, Tomas Babej wrote: On 10/22/2013 09:54 AM, Petr Viktorin wrote: On 10/22/2013 09:20 AM, Tomas Babej wrote: Hi, Adds support for host definition by a environment variables of the following form: KEYWORDHOST__envX, where X is the number of the environment for which host

[Freeipa-devel] [PATCHES] 0289-0294 Fixes in permissions

2013-10-23 Thread Petr Viktorin
Here are refactorings and fixes for small issues I found so far while working on ticket #3566. Having these already in master should make the final patchset easier to review. -- Petr³ From d08b18cdac29120159217a9d43ebe3ce80eff3b0 Mon Sep 17 00:00:00 2001 From: Petr Viktorin pvikt

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-24 Thread Petr Viktorin
On 10/22/2013 02:24 PM, Tomas Babej wrote: On 10/22/2013 02:15 PM, Tomas Babej wrote: On 10/22/2013 12:27 PM, Tomas Babej wrote: On 10/22/2013 10:37 AM, Petr Viktorin wrote: Replying to one part only: On 10/21/2013 04:50 PM, Tomas Babej wrote: On 10/16/2013 03:44 PM, Petr Viktorin wrote

[Freeipa-devel] [PATCHES] 0313-0314 Integration test fixes

2013-10-24 Thread Petr Viktorin
Here are fixes for two bugs found while running integration tests under Beaker. -- Petr³ From c568f9c83eaf6e579efaf03fc9580ae46cf0b61c Mon Sep 17 00:00:00 2001 From: Petr Viktorin pvikt...@redhat.com Date: Thu, 24 Oct 2013 13:55:47 +0200 Subject: [PATCH] Tests: mkdir_recursive: Don't fail when

Re: [Freeipa-devel] [PATCH] 433-434 Remove mod_ssl conflict

2013-10-25 Thread Petr Viktorin
On 10/25/2013 10:31 AM, Martin Kosek wrote: Since mod_nss-1.0.8-24, mod_nss and mod_ssl can co-exist on one machine (of course, when listening to different ports). To make sure that mod_ssl is not configured to listen on 443 (default mod_ssl configuration), add a check to the installer checking

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-25 Thread Petr Viktorin
On 10/24/2013 04:38 PM, Tomas Babej wrote: On 10/24/2013 01:29 PM, Petr Viktorin wrote: [...] Patch 106: In ADTrustBase, it looks like if test_install_adtrust or test_configure_dns_and_time fail, it doesn't make much sense to run the other tests. If that's the case they can go in an install

Re: [Freeipa-devel] [PATCH] 0077 Do not roll back failed client installation on server

2013-10-25 Thread Petr Viktorin
On 10/24/2013 05:48 PM, Ana Krivokapic wrote: Hello, This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3990 ACK, pushed to: master: c518a80ab7faa8cbb399e3ed32c213ad518d997c ipa-3-3: 24073d22e2e829ccba49e698c45e07b69cf25770 -- Petr³

Re: [Freeipa-devel] [PATCH] 433-434 Remove mod_ssl conflict

2013-10-25 Thread Petr Viktorin
On 10/25/2013 02:09 PM, Martin Kosek wrote: On 10/25/2013 12:33 PM, Petr Viktorin wrote: On 10/25/2013 10:31 AM, Martin Kosek wrote: Since mod_nss-1.0.8-24, mod_nss and mod_ssl can co-exist on one machine (of course, when listening to different ports). To make sure that mod_ssl

Re: [Freeipa-devel] [PATCH] 433-434 Remove mod_ssl conflict

2013-10-25 Thread Petr Viktorin
On 10/25/2013 03:46 PM, Petr Viktorin wrote: On 10/25/2013 02:09 PM, Martin Kosek wrote: On 10/25/2013 12:33 PM, Petr Viktorin wrote: On 10/25/2013 10:31 AM, Martin Kosek wrote: Since mod_nss-1.0.8-24, mod_nss and mod_ssl can co-exist on one machine (of course, when listening to different

Re: [Freeipa-devel] [PATCH] 0076 Add test for external CA installation

2013-10-25 Thread Petr Viktorin
On 10/22/2013 08:15 PM, Ana Krivokapic wrote: Hello, This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3819 ACK, thanks! Do we want to push this to 3.3 as well? It's a stand-alone test module; unless it's called it's as if it wasn't there. (Assuming no one runs *all*

Re: [Freeipa-devel] [PATCH 0121] ipatests: Add support for hosts referenced by a keyword

2013-10-29 Thread Petr Viktorin
On 10/24/2013 12:20 PM, Tomas Babej wrote: On 10/22/2013 10:44 AM, Petr Viktorin wrote: On 10/22/2013 10:09 AM, Tomas Babej wrote: On 10/22/2013 09:54 AM, Petr Viktorin wrote: On 10/22/2013 09:20 AM, Tomas Babej wrote: Hi, Adds support for host definition by a environment variables

Re: [Freeipa-devel] [PATCHES] 0080-0081 Add userClass attributes for users and hosts

2013-10-29 Thread Petr Viktorin
On 10/29/2013 10:49 AM, Ana Krivokapic wrote: Hello, Patch 0080 adds userClass attribute for users to IPA CLI. Patch 0081 adds userClass attribute for users and hosts to the web UI. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems Tickets:

Re: [Freeipa-devel] [PATCH] 197 Track DS certificate with certmonger on replicas

2013-10-29 Thread Petr Viktorin
On 10/17/2013 03:27 PM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/3975. Honza Thanks! Works for me, ACK, pushed to master: e98abdca9b4cf772e93176b42e17ec5fb5736ea4 ipa-3-3: 074816faf36650dbfa5aa8a22a3896a31b64dbf1 -- Petr³

Re: [Freeipa-devel] [PATCHES] 106-113 Access raw LDAP values directly from LDAPEntry

2013-10-29 Thread Petr Viktorin
On 10/29/2013 01:34 PM, Jan Cholasta wrote: On 16.10.2013 18:13, Petr Viktorin wrote: On 10/14/2013 10:59 AM, Jan Cholasta wrote: On 10.10.2013 09:45, Jan Cholasta wrote: On 9.10.2013 13:57, Petr Viktorin wrote: [...] 109. Decode and encode attribute values in LDAPEntry on demand

Re: [Freeipa-devel] [PATCH 0124] ipatests: Extend clear_sssd_cache to support non-systemd

2013-10-31 Thread Petr Viktorin
On 10/31/2013 12:38 PM, Ana Krivokapic wrote: On 10/30/2013 04:40 PM, Tomas Babej wrote: Hi, This allows us to clean sssd cache on older, non-systemd platforms. Part of: https://fedorahosted.org/freeipa/ticket/3833 ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH 0126] ipatests: Restore SELinux context after restoring files from

2013-10-31 Thread Petr Viktorin
On 10/31/2013 01:02 PM, Ana Krivokapic wrote: On 10/30/2013 04:19 PM, Tomas Babej wrote: Hi, Without this patch, restored directories get home_t SELinux context. Part of: https://fedorahosted.org/freeipa/ticket/3833 ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH 0123] ipatests: Do not use /usr/bin hardcoded paths

2013-10-31 Thread Petr Viktorin
On 10/31/2013 02:05 PM, Ana Krivokapic wrote: On 10/30/2013 04:01 PM, Tomas Babej wrote: Hi, The RHEL 5.9 clients do not have /usr/bin symlinks. Part of: https://fedorahosted.org/freeipa/ticket/3833 ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH 0121] ipatests: Add support for hosts referenced by a keyword

2013-10-31 Thread Petr Viktorin
On 10/30/2013 03:57 PM, Tomas Babej wrote: On 10/29/2013 01:00 PM, Petr Viktorin wrote: On 10/24/2013 12:20 PM, Tomas Babej wrote: On 10/22/2013 10:44 AM, Petr Viktorin wrote: On 10/22/2013 10:09 AM, Tomas Babej wrote: On 10/22/2013 09:54 AM, Petr Viktorin wrote: On 10/22/2013 09:20 AM

Re: [Freeipa-devel] [PATCH 0128] ipatests: Add integration tests for legacy clients

2013-11-01 Thread Petr Viktorin
On 11/01/2013 03:20 PM, Tomas Babej wrote: On 11/01/2013 12:19 PM, Tomas Babej wrote: Hi, This implements the test cases for legacy clients using SSSD, nss-ldap and nss-pam-ldapd. Part of: https://fedorahosted.org/freeipa/ticket/3833 A nitpick: assert result.returncode == 0

Re: [Freeipa-devel] [PATCH 0125] ipatests: Add which package to legacy client advice

2013-11-01 Thread Petr Viktorin
On 11/01/2013 03:34 PM, Ana Krivokapic wrote: On 11/01/2013 03:30 PM, Tomas Babej wrote: On 11/01/2013 03:27 PM, Ana Krivokapic wrote: On 11/01/2013 03:18 PM, Tomas Babej wrote: On 10/31/2013 12:10 PM, Ana Krivokapic wrote: On 10/30/2013 04:18 PM, Tomas Babej wrote: Hi, Adds which package

[Freeipa-devel] [PATCH] 0315 Fix debug output in integration test

2013-11-04 Thread Petr Viktorin
Recent ipaldap refactoring broke the simple_replication test; here is a fix. Pushed as one-liner to master: 1f6880c59059496f5002111cd0b5f16cc51961db -- Petr³ From 95c229b617342f9fb46373428abbc5ba4c7778e4 Mon Sep 17 00:00:00 2001 From: Petr Viktorin pvikt...@redhat.com Date: Fri, 1 Nov 2013 15

[Freeipa-devel] [RFE] Anonymous and All permissions

2013-11-04 Thread Petr Viktorin
Hello, During discussions about fine-grained read ACIs [0], it became clear that we need to grant permissions to all authenticated and all, even anonymous users. Here is a design document for the feature: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions [0]

Re: [Freeipa-devel] [RFE] Anonymous and All permissions

2013-11-04 Thread Petr Viktorin
On 11/04/2013 04:33 PM, Martin Kosek wrote: On 11/04/2013 02:49 PM, Petr Viktorin wrote: Hello, During discussions about fine-grained read ACIs [0], it became clear that we need to grant permissions to all authenticated and all, even anonymous users. Here is a design document for the feature

Re: [Freeipa-devel] [PATCHES] 106-113 Access raw LDAP values directly from LDAPEntry

2013-11-05 Thread Petr Viktorin
On 10/29/2013 04:17 PM, Petr Viktorin wrote: On 10/29/2013 01:34 PM, Jan Cholasta wrote: On 16.10.2013 18:13, Petr Viktorin wrote: On 10/14/2013 10:59 AM, Jan Cholasta wrote: On 10.10.2013 09:45, Jan Cholasta wrote: On 9.10.2013 13:57, Petr Viktorin wrote: [...] 109. Decode and encode

[Freeipa-devel] Summary of ipaldap changes in master

2013-11-05 Thread Petr Viktorin
Hello, In master (IPA 3.4), an ipaldap entry's `single_value` is now a dict-like object, rather than a function: entry = ldap.get_entry(dn) print 'Hello, %s!' % entry.single_value['cn'] entry.single_value['wasGreeted'] = True Additionally, there is now a `raw` dict-like view that

Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-05 Thread Petr Viktorin
On 11/05/2013 05:53 PM, John Dennis wrote: On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169 UTF-8 DNS names will be converted to punycode ASCII string and stored But there is a question, how to show DNS names to user (in

[Freeipa-devel] [RFE] Permissions V2

2013-11-07 Thread Petr Viktorin
Hello, I'm splitting up ACI work into several designs to make it more manageable. This one is about - Moving ACIs out of $SUFFIX - Storing all ACI data in the permission entry - Permission flag system for ensuring backwards compatibility Summary of the backcompat story: - Attributes, rights,

Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-07 Thread Petr Viktorin
On 11/05/2013 06:08 PM, John Dennis wrote: On 11/05/2013 12:04 PM, Petr Viktorin wrote: On 11/05/2013 05:53 PM, John Dennis wrote: On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169 UTF-8 DNS names will be converted

Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-08 Thread Petr Viktorin
On 11/07/2013 02:14 PM, Martin Kosek wrote: On 11/07/2013 01:59 PM, Petr Viktorin wrote: On 11/05/2013 06:08 PM, John Dennis wrote: On 11/05/2013 12:04 PM, Petr Viktorin wrote: On 11/05/2013 05:53 PM, John Dennis wrote: On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working

Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types

2013-11-08 Thread Petr Viktorin
On 11/07/2013 07:48 PM, Nathaniel McCallum wrote: On Mon, 2013-10-07 at 16:22 +0200, Petr Viktorin wrote: Sorry for the delay. On 09/25/2013 10:51 PM, Nathaniel McCallum wrote: On Mon, 2013-09-23 at 15:19 +0200, Petr Viktorin wrote: Great, we're getting close! [...] There's another test

Re: [Freeipa-devel] [PATCH] 0316 Remove unused utf8_encode_value functions

2013-11-08 Thread Petr Viktorin
On 11/06/2013 02:20 PM, Ana Krivokapic wrote: On 11/05/2013 02:02 PM, Petr Viktorin wrote: Honza's recent LDAP refactoring left some unused helper functions around. This patch removes them. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCHES] 198-202 Refactor indirect membership processing

2013-11-08 Thread Petr Viktorin
On 10/31/2013 02:45 PM, Jan Cholasta wrote: Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/3971. Tested with 25000 users. Honza Patch 198: Also update ipaldap's find_entries docstring, it no longer uses IPA defaults. While you're touching this part of code, I had

Re: [Freeipa-devel] [PATCHES] 198-202 Refactor indirect membership processing

2013-11-08 Thread Petr Viktorin
I hid Send by mistake; continuing review: On 11/08/2013 03:14 PM, Petr Viktorin wrote: On 10/31/2013 02:45 PM, Jan Cholasta wrote: Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/3971. Tested with 25000 users. Honza Patch 198: Also update ipaldap's find_entries

Re: [Freeipa-devel] [RFE] Permissions V2

2013-11-11 Thread Petr Viktorin
On 11/11/2013 03:56 PM, Rob Crittenden wrote: Petr Viktorin wrote: Hello, I'm splitting up ACI work into several designs to make it more manageable. This one is about - Moving ACIs out of $SUFFIX - Storing all ACI data in the permission entry - Permission flag system for ensuring backwards

Re: [Freeipa-devel] [PATCH 0016] Add RADIUS proxy support to ipalib CLI

2013-11-15 Thread Petr Viktorin
On 11/12/2013 12:17 AM, Nathaniel McCallum wrote: On Fri, 2013-11-08 at 13:26 +0100, Petr Viktorin wrote: On 09/25/2013 10:56 PM, Nathaniel McCallum wrote: On Fri, 2013-09-20 at 12:38 -0400, Nathaniel McCallum wrote: On Thu, 2013-09-12 at 16:48 -0400, Nathaniel McCallum wrote: On Thu

Re: [Freeipa-devel] [PATCH] 463-530 First part of RCUE adoption

2013-11-15 Thread Petr Viktorin
On 11/15/2013 02:26 PM, Petr Vobornik wrote: Hello list, this is a first part of RCUE adoption effort. Main themes of this patch set are: - use RCUE navigation https://fedorahosted.org/freeipa/ticket/3902 - new styles for textboxes, textareas, radio/checkbox buttons and buttons- part of

Re: [Freeipa-devel] [PATCHES] 0258-0265 Add schema updater based on IPA schema files

2013-11-15 Thread Petr Viktorin
On 11/15/2013 02:09 PM, Petr Viktorin wrote: On 11/11/2013 04:18 PM, Ana Krivokapic wrote: On 11/11/2013 02:53 PM, Ana Krivokapic wrote: On 11/11/2013 12:32 PM, Petr Viktorin wrote: On 11/07/2013 02:34 PM, Ana Krivokapic wrote: On 11/01/2013 03:26 PM, Petr Viktorin wrote: On 09/13/2013 06

Re: [Freeipa-devel] [PATCH] 463-530 First part of RCUE adoption

2013-11-15 Thread Petr Viktorin
On 11/15/2013 03:28 PM, Petr Vobornik wrote: On 11/15/2013 02:40 PM, Petr Viktorin wrote: On 11/15/2013 02:26 PM, Petr Vobornik wrote: Hello list, this is a first part of RCUE adoption effort. Main themes of this patch set are: - use RCUE navigation https://fedorahosted.org/freeipa/ticket

Re: [Freeipa-devel] [PATCHES] 0258-0265 Add schema updater based on IPA schema files

2013-11-18 Thread Petr Viktorin
On 11/18/2013 04:12 PM, Ana Krivokapic wrote: On 11/15/2013 05:28 PM, Petr Viktorin wrote: On 11/15/2013 02:09 PM, Petr Viktorin wrote: On 11/11/2013 04:18 PM, Ana Krivokapic wrote: On 11/11/2013 02:53 PM, Ana Krivokapic wrote: On 11/11/2013 12:32 PM, Petr Viktorin wrote: On 11/07/2013 02

Re: [Freeipa-devel] [PATCH 0016] Add RADIUS proxy support to ipalib CLI

2013-11-18 Thread Petr Viktorin
On 11/15/2013 12:34 PM, Petr Viktorin wrote: On 11/12/2013 12:17 AM, Nathaniel McCallum wrote: On Fri, 2013-11-08 at 13:26 +0100, Petr Viktorin wrote: We've since decided that we'll carry LDAP content updates only in update files, so you can leave indices.ldif referint-conf.ldif unchanged

Re: [Freeipa-devel] ACI changes overview/roadmap

2013-11-18 Thread Petr Viktorin
- ACI audit tool On 11/18/2013 07:49 PM, Simo Sorce wrote: On Mon, 2013-11-18 at 19:29 +0100, Petr Viktorin wrote: On 11/18/2013 06:19 PM, Dmitri Pal wrote: Please factor in impact on the extensibility and API. * Regarding extensibility: Right now we say to add schema, create plugin and things

Re: [Freeipa-devel] [PATCH] 463-530 First part of RCUE adoption

2013-11-18 Thread Petr Viktorin
On 11/18/2013 06:17 PM, Petr Vobornik wrote: On 11/15/2013 05:43 PM, Petr Viktorin wrote: On 11/15/2013 03:28 PM, Petr Vobornik wrote: On 11/15/2013 02:40 PM, Petr Viktorin wrote: On 11/15/2013 02:26 PM, Petr Vobornik wrote: [...] It's quite a lot of patches so I did not attach them here

Re: [Freeipa-devel] [PATCHES] 0014, 0016 [RFE] ipa migrate-ds should have an argument to specify cert to use for DS connection

2013-11-19 Thread Petr Viktorin
On 10/21/2013 10:29 AM, Martin Basti wrote: On Mon, 2013-10-21 at 09:29 +0200, Martin Kosek wrote: On 10/18/2013 05:00 PM, Martin Basti wrote: Patch attached. Ticket: https://fedorahosted.org/freeipa/ticket/3243 I did not test the patch, just looked at the code and I have few comments: 1)

Re: [Freeipa-devel] [PATCH] 439 Allow kernel keyring CCACHE when supported

2013-11-19 Thread Petr Viktorin
On 11/05/2013 07:22 PM, Martin Kosek wrote: Server and client installer should allow kernel keyring ccache when supported. The patch needs a rebase. Can you add a function to check if persistent key is supported? It would remove some code duplication. How do I enable the kernel keyring? On

Re: [Freeipa-devel] [PATCHES] 0080-0081 Add userClass attributes for users and hosts

2013-11-19 Thread Petr Viktorin
On 11/19/2013 12:58 PM, Ana Krivokapic wrote: On 11/19/2013 12:52 PM, Ana Krivokapic wrote: On 11/14/2013 10:04 AM, Petr Vobornik wrote: On 11/13/2013 01:33 PM, Ana Krivokapic wrote: On 11/12/2013 01:27 PM, Ana Krivokapic wrote: On 10/30/2013 09:56 PM, Martin Kosek wrote: - Original

Re: [Freeipa-devel] [PATCH] 463-530 First part of RCUE adoption

2013-11-20 Thread Petr Viktorin
On 11/19/2013 01:27 PM, Petr Vobornik wrote: On 11/18/2013 08:47 PM, Petr Viktorin wrote: On 11/18/2013 06:17 PM, Petr Vobornik wrote: On 11/15/2013 05:43 PM, Petr Viktorin wrote: On 11/15/2013 03:28 PM, Petr Vobornik wrote: On 11/15/2013 02:40 PM, Petr Viktorin wrote: On 11/15/2013 02:26

Re: [Freeipa-devel] [PATCH 0130] platform: Add Fedora 19 platform file

2013-11-20 Thread Petr Viktorin
On 11/15/2013 02:40 PM, Ana Krivokapic wrote: On 11/13/2013 02:56 PM, Tomas Babej wrote: Hi, Part of: https://fedorahosted.org/freeipa/ticket/3504 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH 111] ipa-client-install: Publish CA certificate to systemwide store

2013-11-20 Thread Petr Viktorin
On 11/20/2013 12:59 PM, Ana Krivokapic wrote: On 11/18/2013 01:54 PM, Tomas Babej wrote: [...] Updated patch attached. Looks good, ACK. Pushed to master: 4a0e91449e2b65304ae8d660d1a480200b1a13d3 -- Petr³ ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCHES] 0276-0277 Break long doc strings for translations

2013-11-21 Thread Petr Viktorin
On 11/20/2013 03:42 PM, Ana Krivokapic wrote: On 10/09/2013 04:11 PM, Petr Viktorin wrote: On 09/16/2013 05:13 PM, Petr Viktorin wrote: Hello, The first patch allow concatenating LazyText objects using `+`. This means we can break up long docstrings into multiple parts. Translators can

[Freeipa-devel] [PATCH] 0319-0320 test_integration: Set up DNS on replicas

2013-11-21 Thread Petr Viktorin
2001 From: Petr Viktorin pvikt...@redhat.com Date: Thu, 21 Nov 2013 12:06:29 +0100 Subject: [PATCH] test_integration: Set up DNS on replicas https://fedorahosted.org/freeipa/ticket/4038 --- ipatests/test_integration/tasks.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipatests

Re: [Freeipa-devel] [PATCH] 0319-0320 test_integration: Set up DNS on replicas

2013-11-21 Thread Petr Viktorin
On 11/21/2013 02:04 PM, Petr Viktorin wrote: Hello, This should fix tests failing on Beaker when the test controller and master share the same machine. The second patch adds more debugging output to the code that fails. https://fedorahosted.org/freeipa/ticket/4038 Self-NACK for now; I'll

Re: [Freeipa-devel] [PATCH] 0317 Improve LDAPEntry.__repr__ for freshly created entries

2013-11-25 Thread Petr Viktorin
On 11/25/2013 01:05 PM, Jan Cholasta wrote: On 6.11.2013 13:28, Petr Viktorin wrote: Hello Honza, This is a simple enough patch, but I'd like you to check if it's consistent with your vision of the framework. I used self._raw here deliberately, so that calling repr() on an LDAPEntry does

Re: [Freeipa-devel] [PATCH] 203 Remove mod_ssl port workaround

2013-11-26 Thread Petr Viktorin
On 11/26/2013 12:34 PM, Alexander Bokovoy wrote: On Tue, 26 Nov 2013, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4021. Honza -- Jan Cholasta ACK. Pushed to: master: f20577ddc4ab40c2365c8abaa703d96019ec4eef ipa-3-3:

[Freeipa-devel] [PATCH] 0321 Remove changelog from the spec

2013-11-26 Thread Petr Viktorin
The changelog was useless and caused unnecessary rebase conflicts. Let's kill it. -- Petr³ From fe9d847fa39e3683ada3b7d12f3643ae9433bf45 Mon Sep 17 00:00:00 2001 From: Petr Viktorin pvikt...@redhat.com Date: Tue, 26 Nov 2013 13:06:07 +0100 Subject: [PATCH] Remove changelog from the spec

Re: [Freeipa-devel] [PATCH] 0317 Improve LDAPEntry.__repr__ for freshly created entries

2013-11-26 Thread Petr Viktorin
On 11/26/2013 09:57 AM, Jan Cholasta wrote: On 25.11.2013 14:41, Petr Viktorin wrote: On 11/25/2013 01:05 PM, Jan Cholasta wrote: On 6.11.2013 13:28, Petr Viktorin wrote: Hello Honza, This is a simple enough patch, but I'd like you to check if it's consistent with your vision of the framework

Re: [Freeipa-devel] [PATCH] 0321 Remove changelog from the spec

2013-11-26 Thread Petr Viktorin
On 11/26/2013 01:27 PM, Alexander Bokovoy wrote: On Tue, 26 Nov 2013, Petr Viktorin wrote: The changelog was useless and caused unnecessary rebase conflicts. Let's kill it. -- Petr³ From fe9d847fa39e3683ada3b7d12f3643ae9433bf45 Mon Sep 17 00:00:00 2001 From: Petr Viktorin pvikt

Re: [Freeipa-devel] [PATCH] 203 Remove mod_ssl port workaround

2013-11-26 Thread Petr Viktorin
On 11/26/2013 12:17 PM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4021. Honza I assume a build of httpd = 2.4.6-6 is not planned for Fedora 19, so master is now f20+ only. Is that right? -- Petr³

Re: [Freeipa-devel] [PATCH] 203 Remove mod_ssl port workaround

2013-11-26 Thread Petr Viktorin
On 11/26/2013 02:15 PM, Alexander Bokovoy wrote: On Tue, 26 Nov 2013, Petr Viktorin wrote: On 11/26/2013 12:17 PM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4021. Honza I assume a build of httpd = 2.4.6-6 is not planned for Fedora 19, so

Re: [Freeipa-devel] [PATCH 0132] [PATCH 132/132] trusts: Always stop and disable smb service on uninstall

2013-11-26 Thread Petr Viktorin
On 11/22/2013 12:01 PM, Alexander Bokovoy wrote: On Thu, 21 Nov 2013, Tomas Babej wrote: https://fedorahosted.org/freeipa/ticket/4042 --- ipaserver/install/adtrustinstance.py | 15 +++ 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/ipaserver/install/adtrustinstance.py

Re: [Freeipa-devel] [PATCH] 0321 Remove changelog from the spec

2013-11-26 Thread Petr Viktorin
On 11/26/2013 01:45 PM, Alexander Bokovoy wrote: On Tue, 26 Nov 2013, Petr Viktorin wrote: On 11/26/2013 01:27 PM, Alexander Bokovoy wrote: On Tue, 26 Nov 2013, Petr Viktorin wrote: The changelog was useless and caused unnecessary rebase conflicts. Let's kill it. -- Petr³ From

Re: [Freeipa-devel] [PATCH] #3901

2013-11-26 Thread Petr Viktorin
On 11/26/2013 04:42 PM, Jan Cholasta wrote: On 26.11.2013 16:35, Jan Cholasta wrote: On 26.11.2013 14:24, Simo Sorce wrote: On Tue, 2013-11-26 at 14:11 +0100, Jan Cholasta wrote: kadmin.local still returns an error for me with this patch applied: kadmin.local: modprinc +ok_as_delegate

Re: [Freeipa-devel] [PATCH] 0119 Switch client to JSON-RPC

2013-11-26 Thread Petr Viktorin
On 11/26/2013 03:06 PM, Jan Cholasta wrote: On 18.10.2013 12:26, Petr Viktorin wrote: On 10/17/2013 06:08 PM, Jan Cholasta wrote: Hi, On 7.10.2013 18:16, Petr Viktorin wrote: On 08/12/2013 10:17 AM, Petr Viktorin wrote: On 08/02/2013 11:13 AM, Petr Viktorin wrote: On 05/10/2013 04:54 PM

Re: [Freeipa-devel] [PATCH 0016] Add RADIUS proxy support to ipalib CLI

2013-11-27 Thread Petr Viktorin
On 11/21/2013 09:54 PM, Dmitri Pal wrote: On 11/21/2013 01:34 PM, Nathaniel McCallum wrote: The password can be retrieved with radiusproxy-show --all, because it is not blocked by LDAP ACIs. Is that intended? Yes. But I'm torn as to whether or not this is a good idea. Regular users can't see

Re: [Freeipa-devel] [PATCH 0016] Add RADIUS proxy support to ipalib CLI

2013-11-27 Thread Petr Viktorin
Sorry for the late review! On 11/21/2013 07:34 PM, Nathaniel McCallum wrote: On Fri, 2013-11-15 at 12:34 +0100, Petr Viktorin wrote: The password can be retrieved with radiusproxy-show --all, because it is not blocked by LDAP ACIs. Is that intended? Yes. But I'm torn as to whether

Re: [Freeipa-devel] [PATCHES] 198-202 Refactor indirect membership processing

2013-11-27 Thread Petr Viktorin
On 11/25/2013 03:27 PM, Jan Cholasta wrote: On 8.11.2013 17:56, Petr Viktorin wrote: Patch 198: Also update ipaldap's find_entries docstring, it no longer uses IPA defaults. Done. While you're touching this part of code, I had some other improvements in mind -- you can consider them

Re: [Freeipa-devel] [PATCH] 203 Remove mod_ssl port workaround

2013-11-29 Thread Petr Viktorin
On 11/26/2013 02:35 PM, Alexander Bokovoy wrote: On Tue, 26 Nov 2013, Petr Viktorin wrote: On 11/26/2013 02:15 PM, Alexander Bokovoy wrote: On Tue, 26 Nov 2013, Petr Viktorin wrote: On 11/26/2013 12:17 PM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa

Re: [Freeipa-devel] [RFE] Permissions V2

2013-11-29 Thread Petr Viktorin
On 11/11/2013 04:48 PM, Petr Viktorin wrote: On 11/11/2013 03:56 PM, Rob Crittenden wrote: Petr Viktorin wrote: Hello, I'm splitting up ACI work into several designs to make it more manageable. This one is about - Moving ACIs out of $SUFFIX - Storing all ACI data in the permission entry

Re: [Freeipa-devel] [PATCHES] 204-205 Spec file fixes

2013-12-02 Thread Petr Viktorin
On 11/27/2013 02:50 PM, Martin Kosek wrote: On 11/27/2013 02:26 PM, Jan Cholasta wrote: Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/4010. This fixes points 2) 3) in the ticket; point 1) is not applicable; 4) are false positives. The checks mentioned in the ticket

Re: [Freeipa-devel] [PATCH] 203 Remove mod_ssl port workaround

2013-12-02 Thread Petr Viktorin
On 11/29/2013 03:50 PM, Alexander Bokovoy wrote: On Fri, 29 Nov 2013, Martin Kosek wrote: On 11/29/2013 03:30 PM, Petr Viktorin wrote: On 11/26/2013 02:35 PM, Alexander Bokovoy wrote: On Tue, 26 Nov 2013, Petr Viktorin wrote: On 11/26/2013 02:15 PM, Alexander Bokovoy wrote: On Tue, 26 Nov

Re: [Freeipa-devel] [PATCH] 439 Allow kernel keyring CCACHE when supported

2013-12-02 Thread Petr Viktorin
On 11/29/2013 01:48 PM, Martin Kosek wrote: On 11/19/2013 12:35 PM, Petr Viktorin wrote: On 11/05/2013 07:22 PM, Martin Kosek wrote: Server and client installer should allow kernel keyring ccache when supported. How do I enable the kernel keyring? On f20 I get this: 2013-11-19T11:28:07Z

Re: [Freeipa-devel] [RFE] Permissions V2

2013-12-02 Thread Petr Viktorin
On 12/02/2013 02:29 PM, Simo Sorce wrote: On Fri, 2013-11-29 at 16:51 +0100, Petr Viktorin wrote: I've updated the design with - updated schema (this time the OIDs are even reserved properly!) - longer attribute descriptions with examples - updated update algorithm based on discussion

Re: [Freeipa-devel] [PATCH] 439 Allow kernel keyring CCACHE when supported

2013-12-02 Thread Petr Viktorin
On 12/02/2013 02:01 PM, Martin Kosek wrote: On 12/02/2013 01:58 PM, Petr Viktorin wrote: On 11/29/2013 01:48 PM, Martin Kosek wrote: On 11/19/2013 12:35 PM, Petr Viktorin wrote: On 11/05/2013 07:22 PM, Martin Kosek wrote: Server and client installer should allow kernel keyring ccache when

Re: [Freeipa-devel] [PATCH] 439 Allow kernel keyring CCACHE when supported

2013-12-02 Thread Petr Viktorin
On 12/02/2013 03:42 PM, Simo Sorce wrote: On Mon, 2013-12-02 at 14:51 +0100, Petr Viktorin wrote: On 12/02/2013 02:01 PM, Martin Kosek wrote: On 12/02/2013 01:58 PM, Petr Viktorin wrote: On 11/29/2013 01:48 PM, Martin Kosek wrote: On 11/19/2013 12:35 PM, Petr Viktorin wrote: On 11/05/2013

[Freeipa-devel] [PATCHES] 0328-0329 test_integration: Support external names for hosts

2013-12-03 Thread Petr Viktorin
://fedorahosted.org/freeipa/ticket/4038 tests: Forwarder is not set on replicas -- Petr³ From 5c3bb59c6c0a46e2841a95d643edf29692024e4e Mon Sep 17 00:00:00 2001 From: Petr Viktorin pvikt...@redhat.com Date: Thu, 24 Oct 2013 12:14:58 +0200 Subject: [PATCH] test_integration: Support external names

Re: [Freeipa-devel] [PATCH 0016] Add RADIUS proxy support to ipalib CLI

2013-12-03 Thread Petr Viktorin
On 11/28/2013 04:59 PM, Nathaniel McCallum wrote: Everything looks good to me. +1 Pushed to master: a1f32fa9369109235dba041de9c972da09d8448a -- Petr³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCHES] 206-209 Add default CFLAGS fix hardened build

2013-12-05 Thread Petr Viktorin
On 12/05/2013 11:15 AM, Jan Cholasta wrote: Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/3896. Patch 207 should fix build failures some of you were having after hardenening was enabled in the spec file. Thanks! In 209, would (ret != 1) make more sense than (ret ==

[Freeipa-devel] [PATCH] 0330 - Add comment about last change to VERSION

2013-12-05 Thread Petr Viktorin
064acd3c1ef7524c2525fb9266ff5fe3251d23d3 Mon Sep 17 00:00:00 2001 From: Petr Viktorin pvikt...@redhat.com Date: Thu, 5 Dec 2013 13:31:19 +0100 Subject: [PATCH] Add comment about last change to VERSION When a branch with API version bump is rebased, but the version was also bumped in master, Git thinks the change was already

Re: [Freeipa-devel] [PATCH] Fix python setup tools license tags

2013-12-05 Thread Petr Viktorin
On 12/03/2013 03:26 PM, Simo Sorce wrote: Some tags escaped the relicensing we did a long time ago. Simo. Looks good, ACK, pushed to: master: af26e6da4650b3a429af31bc38b546eff27e38c6 ipa-3-3: 9defb913aa65bfe9b423d510f340ae23b9e547f2 I grepped for some other occurences of GPLv2:

Re: [Freeipa-devel] [PATCH] Fix python setup tools license tags

2013-12-05 Thread Petr Viktorin
On 12/05/2013 04:02 PM, Simo Sorce wrote: On Thu, 2013-12-05 at 15:38 +0100, Petr Vobornik wrote: On 5.12.2013 15:34, Simo Sorce wrote: On Thu, 2013-12-05 at 15:29 +0100, Petr Vobornik wrote: On 5.12.2013 14:09, Petr Viktorin wrote: On 12/03/2013 03:26 PM, Simo Sorce wrote: Some tags

Re: [Freeipa-devel] [PATCHES] 206-209 Add default CFLAGS fix hardened build

2013-12-06 Thread Petr Viktorin
On 12/06/2013 11:52 AM, Jan Cholasta wrote: On 5.12.2013 13:31, Alexander Bokovoy wrote: On Thu, 05 Dec 2013, Petr Viktorin wrote: On 12/05/2013 11:15 AM, Jan Cholasta wrote: Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/3896. Patch 207 should fix build failures some

Re: [Freeipa-devel] [RFE] Permissions V2

2013-12-06 Thread Petr Viktorin
On 12/02/2013 02:48 PM, Petr Viktorin wrote: On 12/02/2013 02:29 PM, Simo Sorce wrote: On Fri, 2013-11-29 at 16:51 +0100, Petr Viktorin wrote: I've updated the design with - updated schema (this time the OIDs are even reserved properly!) - longer attribute descriptions with examples - updated

Re: [Freeipa-devel] [PATCHES] 206-209 Add default CFLAGS fix hardened build

2013-12-06 Thread Petr Viktorin
On 12/06/2013 02:26 PM, Alexander Bokovoy wrote: On Fri, 06 Dec 2013, Jan Cholasta wrote: However, even if writing to the pipe failed, we still need to wait until thread dies with pthread_join(). I think returning -1 here is premature. Fixed, updated patches attached. Also removed CFLAGS

[Freeipa-devel] FreeIPA Continuous Integration Configuration

2013-12-06 Thread Petr Viktorin
Hello, As some of you are aware, I'm running a Jenkins instance for FreeIPA continuous integration in our lab here at Red Hat Brno. I'm currently porting the job definitions to jenkins-job-builder[0] for ease of management. This allowed me to strip out the private bits from the

Re: [Freeipa-devel] [RFE] Permissions V2

2013-12-06 Thread Petr Viktorin
On 12/06/2013 03:28 PM, Simo Sorce wrote: On Fri, 2013-12-06 at 14:14 +0100, Petr Viktorin wrote: On 12/02/2013 02:48 PM, Petr Viktorin wrote: On 12/02/2013 02:29 PM, Simo Sorce wrote: It would be very nice if you can add the resulting LDAP objects in the example, that will allow me

Re: [Freeipa-devel] [RFE] Permissions V2

2013-12-06 Thread Petr Viktorin
On 12/06/2013 03:49 PM, Simo Sorce wrote: On Fri, 2013-12-06 at 15:46 +0100, Petr Viktorin wrote: On 12/06/2013 03:28 PM, Simo Sorce wrote: On Fri, 2013-12-06 at 14:14 +0100, Petr Viktorin wrote: On 12/02/2013 02:48 PM, Petr Viktorin wrote: On 12/02/2013 02:29 PM, Simo Sorce wrote

Re: [Freeipa-devel] [RFE] Permissions V2

2013-12-06 Thread Petr Viktorin
On 12/06/2013 03:54 PM, Rob Crittenden wrote: Simo Sorce wrote: On Fri, 2013-12-06 at 15:46 +0100, Petr Viktorin wrote: On 12/06/2013 03:28 PM, Simo Sorce wrote: On Fri, 2013-12-06 at 14:14 +0100, Petr Viktorin wrote: On 12/02/2013 02:48 PM, Petr Viktorin wrote: On 12/02/2013 02:29 PM, Simo

[Freeipa-devel] [PATCH] 0333 test_webui: Allow False values in configuration for no_ca, no_dns, has_trusts

2013-12-06 Thread Petr Viktorin
locally. Petr, could you check if it works? -- Petr³ From ff7581fd58701d3effb02dd5cc18f1f43491f17b Mon Sep 17 00:00:00 2001 From: Petr Viktorin pvikt...@redhat.com Date: Fri, 6 Dec 2013 16:39:06 +0100 Subject: [PATCH] test_webui: Allow False values in configuration for no_ca, no_dns, has_trusts

Re: [Freeipa-devel] [PATCH] 531 Fix license in some Web UI files

2013-12-09 Thread Petr Viktorin
On 12/06/2013 05:10 PM, Simo Sorce wrote: On Fri, 2013-12-06 at 14:19 +0100, Petr Vobornik wrote: Modified web ui files had incorrect GPLv2 headers instead of GPLv3 ones. All of the affected code is of FreeIPA origin. Ack. Simo. Pushed to master: b6540e88d88470f6566507e442f521214c5a74dc

Re: [Freeipa-devel] [PATCH] 439 Allow kernel keyring CCACHE when supported

2013-12-09 Thread Petr Viktorin
On 12/06/2013 03:00 PM, Simo Sorce wrote: On Fri, 2013-12-06 at 13:42 +0100, Martin Kosek wrote: On 12/02/2013 05:20 PM, Alexander Bokovoy wrote: On Mon, 02 Dec 2013, Martin Kosek wrote: On 12/02/2013 04:05 PM, Petr Viktorin wrote: On 12/02/2013 03:42 PM, Simo Sorce wrote: On Mon, 2013-12

Re: [Freeipa-devel] [PATCH] 0330 - Add comment about last change to VERSION

2013-12-09 Thread Petr Viktorin
On 12/09/2013 02:50 PM, Martin Kosek wrote: On 12/09/2013 02:35 PM, Simo Sorce wrote: On Mon, 2013-12-09 at 12:39 +0100, Martin Kosek wrote: On 12/09/2013 12:08 PM, Tomas Babej wrote: On 12/05/2013 01:37 PM, Petr Viktorin wrote: Consider this scenario: - Nathaniel submits RADIUS patches

Re: [Freeipa-devel] [PATCH] 441 Consolidate .gitignore entries

2013-12-10 Thread Petr Viktorin
On 12/09/2013 05:43 PM, Martin Kosek wrote: Clean up the .gitignore file: - Remove no longer used .gitignore entries, like .bzr files - Do not repeat autotools generated files over and over again - Whitelist existent Makefiles in the repository - Better separate the .gitignore entries

<    4   5   6   7   8   9   10   11   12   13   >