Re: [Freeipa-devel] [PATCH] 0020..0022 pki-related upgrade fixes

On 07/01/2015 10:49 AM, Martin Basti wrote: > On 30/06/15 18:02, Fraser Tweedale wrote: >> On Mon, Jun 29, 2015 at 05:56:11PM +0200, Martin Basti wrote: >>> On 29/06/15 16:03, Fraser Tweedale wrote: On Thu, Jun 25, 2015 at 11:23:01AM +0200, Martin Basti wrote: > On 19/06/15 09:28, Fraser

Re: [Freeipa-devel] [PATCH 0017] dirsrv crash on segment add if suffix does not exist

On 07/01/2015 12:11 PM, thierry bordaz wrote: > On 06/30/2015 04:50 PM, Ludwig Krispenz wrote: >> new patch attached >> >> On 06/30/2015 03:37 PM, thierry bordaz wrote: >>> On 06/30/2015 12:07 PM, Ludwig Krispenz wrote: added verification for issue reported in ticket 5088 and sanity che

Re: [Freeipa-devel] [PATCHES 326-328] ID Views improvements

On 05/28/2015 12:59 PM, Tomas Babej wrote: > Hi, > > this couple of patches improves ID Views and ID overrides handling. See > commit messages for details. > > Tomas > > > Bump. Can this sad, forgotten patch set get a review? -- Manage your subscription for the

Re: [Freeipa-devel] [PATCHES 326-328] ID Views improvements

On 07/01/2015 12:50 PM, Alexander Bokovoy wrote: > On Thu, 28 May 2015, Tomas Babej wrote: >>> From c4ad3ba829ab2816c6ddb64da8d5c6ceb8789340 Mon Sep 17 00:00:00 2001 >> From: Tomas Babej >> Date: Wed, 27 May 2015 16:30:48 +0200 >> Subject: [PATCH] idviews: Remov

Re: [Freeipa-devel] [PATCH] 0016 user life cycle: Display the wrong attribute name when mandatory attribute is missing

Hi Thierry, I think it would be better to use: error=_('Entry has no \'%s\'') % attr or even better, use named substitution: error=_('Entry has no \'%(attribute)s\'') % dict(attribute=attr) This way will generate a more readable strings for translators. Tomas -- Manage your subscription for

Re: [Freeipa-devel] [PATCH] 891 replication: fix regression in get_agreement_type

On 07/01/2015 06:32 PM, Petr Vobornik wrote: > dcb6916a3b0601e33b08e12aeb25357efed6812b introduced a regression where > get_agreement_type does not raise NotFound error if an agreement for > host does not exist. The exception was swallowed by > get_replication_agreement. > > ACK. Pushed to ma

Re: [Freeipa-devel] [PATCH 0275] DNS commands: do not show traceback if DNS is not installed

On 07/01/2015 05:53 PM, Martin Basti wrote: > https://fedorahosted.org/freeipa/ticket/5017 > > Patch attached > > > Repeated code hurts my eyes, but abstracting it seems like an overkill. ACK. Pushed to master: 96c23659fcb8adc64dd925556fb40f558fa7e37d -- Manage your subscription for the

Re: [Freeipa-devel] [PATCH 0274] DNS: Check if dns package is installed

On 07/01/2015 04:45 PM, Petr Spacek wrote: > On 1.7.2015 15:32, Martin Basti wrote: >> https://fedorahosted.org/freeipa/ticket/4058 >> Requires patch freeipa-pspacek-0052 > > ACK > I must admit I don't really like wrapping a constant in the method in the TaskNamespace object. We're interested

Re: [Freeipa-devel] [PATCH 0018] allow deletion of segment, if not both nodes are managed

On 07/01/2015 08:59 PM, Simo Sorce wrote: > On Wed, 2015-07-01 at 12:05 +0200, Ludwig Krispenz wrote: >> This fix allows the removal of segments, where not both endpoints of the >> segments are managed. >> These segments can exist after deliberately disconnecting a topology by >> removal of a c

Re: [Freeipa-devel] [PATCH] 0016 user life cycle: Display the wrong attribute name when mandatory attribute is missing

On 07/02/2015 10:34 AM, thierry bordaz wrote: > On 07/01/2015 05:39 PM, Tomas Babej wrote: >> Hi Thierry, >> >> I think it would be better to use: >> >> error=_('Entry has no \'%s\'') % attr >> >> or even better, use named sub

Re: [Freeipa-devel] [PATCH 0274] DNS: Check if dns package is installed

On 07/02/2015 08:50 AM, Petr Spacek wrote: > On 1.7.2015 20:29, Tomas Babej wrote: >> >> >> On 07/01/2015 04:45 PM, Petr Spacek wrote: >>> On 1.7.2015 15:32, Martin Basti wrote: >>>> https://fedorahosted.org/freeipa/ticket/4058 >>>> Requi

[Freeipa-devel] [PATCH 0333] ipaplatform: Remove redundant definitions

Hi, I noticed two variables are redundant in the base/paths.py and base/tasks.py in the ipaplatform module. git grep -E 'path_namespace|task_namespace' ipaplatform/base/paths.py:path_namespace = BasePathNamespace ipaplatform/base/tasks.py:task_namespace = BaseTaskNamespace() This pat

Re: [Freeipa-devel] [PATCHES 306-316] Automated migration tool from Winsync

On 07/01/2015 07:32 PM, Martin Babinsky wrote: > On 06/30/2015 05:55 PM, Tomas Babej wrote: >> >> >> On 06/16/2015 01:01 PM, Jan Cholasta wrote: >>> Dne 16.6.2015 v 10:14 Martin Babinsky napsal(a): >>>> On 05/06/2015 10:12 AM, Tomas Babej wrote: >&

Re: [Freeipa-devel] [PATCH] 882 ipa-replica-manage del: relax segment deletement check if, topology is disconnected

On 07/02/2015 07:42 PM, David Kupka wrote: > On 30/06/15 16:15, Petr Vobornik wrote: >> Comment from segment deletion check which describes the patch: >> >> Relax check if topology was or is disconnected. Disconnected topology >> can contain segments with already deleted servers. Check only if >> s

Re: [Freeipa-devel] [PATCH] 884 topologysegment: hide direction and enable options

On 07/02/2015 07:42 PM, David Kupka wrote: > On 30/06/15 16:15, Petr Vobornik wrote: >> These options should not be touched by users yet. >> >> https://fedorahosted.org/freeipa/ticket/5061 >> >> > Works for me, ACK. > Pushed to master: 2b8e1caa7bfda5e540a94fe26fbcdbfd0ea68928 -- Manage your sub

Re: [Freeipa-devel] [PATCH] 885 topology: make cn of new segment consistent with topology plugin

On 07/02/2015 07:42 PM, David Kupka wrote: > On 30/06/15 16:16, Petr Vobornik wrote: >> SSIA >> >> > Works for me, ACK. > Pushed to master: 66ea322e7e01266cc916156860b684adb21c618d -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-de

Re: [Freeipa-devel] [PATCH 0274] DNS: Check if dns package is installed

On 07/02/2015 02:03 PM, Petr Spacek wrote: > On 2.7.2015 13:54, Jan Cholasta wrote: >> Dne 2.7.2015 v 13:34 Petr Spacek napsal(a): >>> On 2.7.2015 12:57, Tomas Babej wrote: >>>> >>>> >>>> On 07/02/2015 08:50 AM, Petr Sp

Re: [Freeipa-devel] [PATCH] 886-890 webui: API browser

On 07/02/2015 04:55 PM, Martin Kosek wrote: > On 07/01/2015 04:51 PM, Petr Vobornik wrote: >> For those of you who don't want to try the patches: >> * https://pvoborni.fedorapeople.org/images/api-user-show.png >> * https://pvoborni.fedorapeople.org/images/api-user-add.png >> >> On 07/01/2015 09:3

Re: [Freeipa-devel] [PATCH] 886-890 webui: API browser

On 07/03/2015 10:06 AM, Tomas Babej wrote: > > > On 07/02/2015 04:55 PM, Martin Kosek wrote: >> On 07/01/2015 04:51 PM, Petr Vobornik wrote: >>> For those of you who don't want to try the patches: >>> * https://pvoborni.fedorapeople.or

Re: [Freeipa-devel] [PATCH] 892 webui: add mangedby tab to otptoken

On 07/03/2015 02:49 PM, Martin Babinsky wrote: > On 07/01/2015 06:59 PM, Petr Vobornik wrote: >> Added managedby_user tab to manage users who can manage the token. >> >> https://fedorahosted.org/freeipa/ticket/5003 >> >> Nathaniel, I could not reproduce the following part of the ticket: >> """ >>

Re: [Freeipa-devel] [PATCHES 0252-0253, 268, 50 - 51] DNSSEC: allow to move DNSSEC key master to another IPA server

On 07/01/2015 12:47 PM, Petr Spacek wrote: > On 1.7.2015 12:35, Martin Basti wrote: >> On 30/06/15 22:09, Petr Spacek wrote: >>> On 30.6.2015 16:04, Martin Basti wrote: On 30/06/15 10:25, Martin Basti wrote: > On 29/06/15 15:16, Martin Basti wrote: >> On 25/06/15 13:46, Petr Spacek w

Re: [Freeipa-devel] [MAN] [PATCH] 0004 Fix phrasing in man page for stageuser.py

On 07/04/2015 02:03 PM, Jérôme Fenal wrote: > Hi all, > > A quick patch to the man page part of stageuser to avoid ambiguity in > the phrasing, spotted while translating the page. > > Regards, > > J. > > > Thanks, ACK. I will not push this patch to master until we branch off 4.2 developme

[Freeipa-devel] [PATCH 0334] Hide topology and domainlevel features

:00:00 2001 From: Tomas Babej Date: Tue, 7 Jul 2015 09:36:32 +0200 Subject: [PATCH] Hide topology and domainlevel features * Hide topology and domainlevel commands in the CLI * Hide topology and domainlevel in the WebUI * Set maximum allowed domain level to 0 * Do not configure and enable the

Re: [Freeipa-devel] [PATCHES 330-331] Update translations and introduce Zanata configuration

On 07/07/2015 09:09 AM, Tomas Babej wrote: > > > On 06/24/2015 04:33 PM, Tomas Babej wrote: >> On 06/24/2015 04:29 PM, Martin Basti wrote: >>> On 24/06/15 14:39, Tomas Babej wrote: >>>> +msgid "Automount location name." >>>> +msgstr &

Re: [Freeipa-devel] [PATCHES 330-331] Update translations and introduce Zanata configuration

On 07/07/2015 11:48 AM, Martin Basti wrote: > On 07/07/15 10:37, Tomas Babej wrote: >> >> On 07/07/2015 09:09 AM, Tomas Babej wrote: >>> >>> On 06/24/2015 04:33 PM, Tomas Babej wrote: >>>> On 06/24/2015 04:29 PM, Martin Basti wrote: >>>

Re: [Freeipa-devel] [PATCH 0051] Clear SSSD caches when uninstalling the client

On 06/30/2015 05:40 PM, Simo Sorce wrote: > On Tue, 2015-06-30 at 16:10 +0200, Martin Basti wrote: >> On 30/06/15 15:18, Martin Basti wrote: >>> On 30/06/15 14:47, Simo Sorce wrote: >>>> On Tue, 2015-06-30 at 13:19 +0200, Tomas Babej wrote: >>>>&g

Re: [Freeipa-devel] [PATCH] 004 Improve error handling in ipa-httpd-kdcproxy

On 07/07/2015 04:28 PM, Alexander Bokovoy wrote: > On Tue, 07 Jul 2015, Nathaniel McCallum wrote: >> This LGTM. However, I’ll let Alexander give the ACK. > Looks good for me too. > > > Pushed to master: 25d1afdc54284c6bcf1caf08beae2e66ceb7f4e8 -- Manage your subscription for the Freeipa-dev

Re: [Freeipa-devel] [PATCH 0334] Hide topology and domainlevel features

On 07/07/2015 07:16 PM, Martin Basti wrote: > On 07/07/15 10:33, Tomas Babej wrote: >> Hi, >> >> * Hide topology and domainlevel commands in the CLI >> * Hide topology and domainlevel in the WebUI >> * Set maximum allowed domain level to 0 >> * Do not c

Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features

On 07/07/2015 07:30 PM, Martin Basti wrote: > On 04/07/15 16:58, Fraser Tweedale wrote: >> On Fri, Jul 03, 2015 at 10:34:07PM +1000, Fraser Tweedale wrote: >>> On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote: On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote: >

Re: [Freeipa-devel] [PATCH 0276] Fix: ipa-dns-install will add CA records if CA is installed

On 07/07/2015 07:36 PM, Martin Basti wrote: > https://fedorahosted.org/freeipa/ticket/5101 > > Patch attached. > > > ACK. Pushed to master: 1d9bdb240943527e1e19704acd183eae254267ae -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/free

Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk

On 07/07/2015 07:49 PM, Martin Basti wrote: > On 03/07/15 16:41, Martin Babinsky wrote: >> On 07/02/2015 01:58 PM, Martin Babinsky wrote: >>> First attempt at https://fedorahosted.org/freeipa/ticket/4768 >>> >>> >>> >> Attaching reworked patch. >> >> >> > ACK > > -- > Martin Basti > > > Pus

Re: [Freeipa-devel] [PATCH 0055] ipa-replica-prepare: Do not create DNS zone it automatically.

On 07/07/2015 07:16 PM, Martin Basti wrote: > On 03/07/15 06:17, David Kupka wrote: >> Since ipa-replica-* tools will be soon removed I think this simple >> check should be enough. >> >> >> > ACK > > -- > Martin Basti > > > Pushed to master: 6a91893ff50fee6d7c71d9bc982d85a3ec8b7583 -- Man

Re: [Freeipa-devel] [PATCH] 0180-0190 oneway trust and other trust-related patches

), it is >> in works. > Updated patch 0181 after discussion with Simo and Sumit about empty rid > array. > > > Works fine for me, thanks. ACK. Pushed to master: 5017726ebaf6eea3dedb1325efe00c0d6c4b6187 During review, I also pushed the attached oneliner. Tomas From d011ca3

Re: [Freeipa-devel] [PATCHES 145-148] ipa-kdb: add unit-test for filter_logon_info()

On 07/07/2015 03:49 PM, Sumit Bose wrote: > On Tue, May 26, 2015 at 01:36:35PM +0200, Martin Kosek wrote: >> On 05/26/2015 01:33 PM, Sumit Bose wrote: >>> Hi, >>> >>> these patches add some unit tests and some additional improvements >>> related to the issues described in >>> https://bugzilla.red

Re: [Freeipa-devel] [PATCH 144] extdom: add unit-test for get_user_grouplist()

On 07/07/2015 03:47 PM, Sumit Bose wrote: > On Tue, May 26, 2015 at 02:47:02PM +0300, Alexander Bokovoy wrote: >> On Tue, 26 May 2015, Sumit Bose wrote: >>> On Tue, May 26, 2015 at 01:24:30PM +0200, Petr Vobornik wrote: On 05/26/2015 01:21 PM, Sumit Bose wrote: > Hi, > > this tes

Re: [Freeipa-devel] [PATCH 463] spec file: Update minimal versions of required packages

On 07/08/2015 01:28 PM, Alexander Bokovoy wrote: > On Wed, 08 Jul 2015, Jan Cholasta wrote: >> Hi, >> >> the attached patch fixes . > ACK. > Pushed to master: 7c0e7f7e3ca3a971d4db64f80f02d4f79e5f5c4d -- Manage your subscription for the Freeipa-dev

[Freeipa-devel] [PATCHES 0335-0336] adtrustinstance: Enable and start oddjobd

Hi, Enable and start the oddjobd service as part of the ipa-adtrust-install for the new IPA installations and upgraded ones. Tomas From 66d39f12a77d23e8d8ac2c11650258ed9f3eb200 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 8 Jul 2015 15:44:13 +0200 Subject: [PATCH] adtrustinstance

Re: [Freeipa-devel] [PATCH 0278] Fix API logging

On 07/08/2015 02:18 PM, Martin Basti wrote: > log must be initilized before first usage in API, otherwise traceback is > shown: > > # ipa -e random-nonexistent-key=1 user-find > Traceback (most recent call last): > File "/bin/ipa", line 32, in > cli.run(api) > File "/usr/lib/python2.7/s

Re: [Freeipa-devel] [PATCH] 894-896 webui: certificate profiles and acls

On 07/08/2015 04:54 PM, Martin Basti wrote: > On 08/07/15 15:11, Petr Vobornik wrote: >> On 07/08/2015 02:24 PM, Petr Vobornik wrote: >>> add Web UI for new certificate objects >>> >>> [PATCH] 894 webui: certificate profiles >>> [PATCH] 895 webui: caacl >>> [PATCH] 896 webui: hide facet tab in ce

Re: [Freeipa-devel] [PATCHES 0335-0336] adtrustinstance: Enable and start oddjobd

On 07/08/2015 05:12 PM, Alexander Bokovoy wrote: > On Wed, 08 Jul 2015, Tomas Babej wrote: >> From 66d39f12a77d23e8d8ac2c11650258ed9f3eb200 Mon Sep 17 00:00:00 2001 >> From: Tomas Babej >> Date: Wed, 8 Jul 2015 15:44:13 +0200 >> Subject: [PATCH] adtrustinstanc

Re: [Freeipa-devel] [PATCH] 0026..0027 #5096 enforce caacl for SAN principals

On 07/08/2015 04:30 PM, David Kupka wrote: > On 03/07/15 16:26, Fraser Tweedale wrote: >> The attached patches fix: >> >> - a bug that caused caacl false negatives for hosts principals >> - #5096 cert-request: enforce caacl for subjectAltName principals >> >> Thanks, >> Fraser >> >> >> > Works fo

Re: [Freeipa-devel] [PATCH] 893 move session_logout command to ipalib/plugins directory

On 07/08/2015 02:33 PM, Martin Basti wrote: > On 08/07/15 13:46, Petr Vobornik wrote: >> On 07/08/2015 01:20 PM, Martin Basti wrote: >>> On 08/07/15 12:51, Martin Basti wrote: On 08/07/15 12:20, Petr Vobornik wrote: > On 07/08/2015 10:37 AM, Petr Vobornik wrote: >> API refactoring ca

Re: [Freeipa-devel] [PATCH] 901 Bump 4.3 development version to 4.2.90

On 07/09/2015 12:36 PM, Petr Vobornik wrote: > > > ACK, pushed to master: 0569910fead3b33a0806b216823738cf17283108 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contrib

Re: [Freeipa-devel] [PATCH] 0001 Enhance the DNSNotARecordError message

On 07/09/2015 01:49 PM, Veronika Kabatova wrote: > The attached patch solves the > ticket. > > Veronika Kabatova > > > Hello, thanks for the patch. Actually, the doctest does not pass: $ ipa-run-tests /usr/lib/python2.7/site-packages/ipalib/

[Freeipa-devel] [PATCH 0337] ipalib: Fix missing format for InvalidDomainLevelError

: Tomas Babej Date: Fri, 10 Jul 2015 14:59:21 +0200 Subject: [PATCH] ipalib: Fix missing format for InvalidDomainLevelError --- ipalib/errors.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipalib/errors.py b/ipalib/errors.py index d874e68829e1a5491dec402d5976c3adfa556e84

Re: [Freeipa-devel] [patch 0006] ipalib: pass api instance into textui in doctest snippets

On 07/10/2015 02:15 PM, Milan Kubik wrote: > On 07/10/2015 01:57 PM, Milan Kubik wrote: >> Hi, >> >> the recent set of patches that modified api broke the tests that are >> included in ipalib/cli.py >> >> This patch fixes the problems by passing api instance to textui() calls. >> >> Milan >> >> >

Re: [Freeipa-devel] [PATCH 0334] Hide topology and domainlevel features

On 07/10/2015 03:07 PM, Simo Sorce wrote: > On Wed, 2015-07-08 at 00:09 +0200, Tomas Babej wrote: >> >> On 07/07/2015 07:16 PM, Martin Basti wrote: >>> On 07/07/15 10:33, Tomas Babej wrote: >>>> Hi, >>>> >>>> * Hide topology

[Freeipa-devel] [PATCH 0338] Revert "Hide topology and domainlevel features"

Hi, This reverts commit 62e8002bc43ddd890c3db35a123cb7daf35e3121. Hiding of the topology and domainlevel features was necessary for the 4.2 branch only. Tomas From 89e55240b3e3820b42e85b63cd1849816690321a Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Fri, 10 Jul 2015 15:16:31 +0200 Subject

Re: [Freeipa-devel] [PATCH 0338] Revert "Hide topology and domainlevel features"

On 07/10/2015 03:25 PM, Simo Sorce wrote: > On Fri, 2015-07-10 at 15:18 +0200, Tomas Babej wrote: >> Hi, >> >> This reverts commit 62e8002bc43ddd890c3db35a123cb7daf35e3121. >> >> Hiding of the topology and domainlevel features was necessary >> for th

Re: [Freeipa-devel] [PATCH 007] Remove tuple unpacking from except clause

On 07/13/2015 02:59 PM, Rob Crittenden wrote: > Christian Heimes wrote: >> The patch replaces implicit tuple unpacking from except clauses with >> explicit unpacking of the exception objects' args attribute. >> >> Example: >> > e = RuntimeError('num', 'messages') > num, message = e >

Re: [Freeipa-devel] [PATCH 007-010] Remove tuple unpacking from except clause

On 07/14/2015 12:45 PM, Alexander Bokovoy wrote: > On Tue, 14 Jul 2015, Christian Heimes wrote: >> On 2015-07-13 16:29, Alexander Bokovoy wrote: I will push&mark the commit there. >>> Please do not push this specific version of the patch yet. Christian >>> will do the changes with four separ

Re: [Freeipa-devel] [PATCH 011] [py3] Replace file() with open()

On 07/14/2015 01:29 PM, Christian Heimes wrote: > On 2015-07-14 13:24, Christian Heimes wrote: >> The patch replaces file() with open() and a proper with statement. >> >> The patch is related to https://fedorahosted.org/freeipa/ticket/5127 >> >> Christian > > The first patch has a typo. > > Not

[Freeipa-devel] [PATCH 0339] trusts: Check for AD root domain among our trusted domains

03dabf99d538747051f1c898e6a58162425e7b28 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 15 Jul 2015 14:22:48 +0200 Subject: [PATCH] trusts: Check for AD root domain among our trusted domains Check for the presence of the forest root DNS domain of the AD realm among the IPA realm domains prior to

Re: [Freeipa-devel] [PATCH 0339] trusts: Check for AD root domain among our trusted domains

On 07/15/2015 02:31 PM, Alexander Bokovoy wrote: > On Wed, 15 Jul 2015, Tomas Babej wrote: >> Hi, >> >> Check for the presence of the forest root DNS domain of the AD realm >> among the IPA realm domains prior to esablishing the trust. >> >> This prevents

Re: [Freeipa-devel] [PATCH] 904 do not import memcache on client

On 07/16/2015 10:25 AM, Petr Vobornik wrote: > Fixes regression caused by cd3ca94ff2ef738cb3a9eae502193413058f976d. > > Which caused: > * client installation failure (missing memcache) > * invalid warning in CLI on server > > https://fedorahosted.org/freeipa/ticket/5133 > > Thanks for fixing

Re: [Freeipa-devel] [PATCH] 0191 Add SELinux boolean for oddjobd-activated services

On 07/14/2015 01:31 PM, Alexander Bokovoy wrote: > Hi! > > An SELinux policy we need for one-way trust is now in Fedora > updates-testing repository. > Attached patch adds support for 'httpd_run_ipa' SELinux boolean. > > Below is how one-way trust is using the communication with oddjobd (it > i

[Freeipa-devel] [PATCH 0340] dcerpc: Expand explanation for WERR_ACCESS_DENIED

2001 From: Tomas Babej Date: Wed, 15 Jul 2015 15:38:50 +0200 Subject: [PATCH] dcerpc: Expand explanation for WERR_ACCESS_DENIED It's possible for AD to contact a wrong IPA server in case the DNS SRV records on the AD sides are not properly configured. Mention this case in the error messa

Re: [Freeipa-devel] 4.3 Branch?

On 07/16/2015 01:13 PM, Petr Vobornik wrote: > On 07/14/2015 03:23 PM, Nathaniel McCallum wrote: >> 4.3 is going to be a very narrow feature release. Should we branch >> 4.3 early so that we can still land new features on master during >> 4.3? >> > > I did not like it at first but we should do i

Re: [Freeipa-devel] [PATCH 012] Fix selinux denial during kdcproxy user creation

On 07/16/2015 12:51 PM, Christian Heimes wrote: > Hi, > > the patch fixes the SELinux denial for kdcproxy's home directory. I have > successfully tested a migration from FreeIPA 4.1. The user, group and > home directory are successfully created with the correct permissions. > > https://fedoraho

Re: [Freeipa-devel] [PATCH] 0192 oddjob: avoid chown keytab to sssd if sssd user does not exist

On 07/16/2015 01:19 PM, Alexander Bokovoy wrote: > Hi, > > a simple optimisation to allow FreeIPA 4.2 to work with SSSD 1.13 > running as root instead of sssd user. Details in the commit message. > > This also fixes a simple exception in current Fedora 22 + > mkosek/freeipa-4.2 repo because use

Re: [Freeipa-devel] [PATCH 012] Fix selinux denial during kdcproxy user creation

On 07/16/2015 01:35 PM, Christian Heimes wrote: > On 2015-07-16 12:51, Christian Heimes wrote: >> Hi, >> >> the patch fixes the SELinux denial for kdcproxy's home directory. I have >> successfully tested a migration from FreeIPA 4.1. The user, group and >> home directory are successfully created

Re: [Freeipa-devel] [PATCH 0052] Create server-dns sub-package

On 07/17/2015 05:46 AM, Jan Cholasta wrote: > Dne 16.7.2015 v 16:50 Alexander Bokovoy napsal(a): >> On Thu, 16 Jul 2015, Petr Spacek wrote: >>> Third version of the patch is attached, please view. >>> >>> Behavior: >>> - freeipa-server package continues to exist and does not include DNS >>> depen

Re: [Freeipa-devel] general error message at the attempt to set domain level to 0

LT err=0 tag=101 >>>> nentries=1 etime=0 >>>> [20/Jul/2015:06:45:08 -0400] conn=151 op=1 RESULT err=14 tag=97 >>>> nentries=0 etime=0, SASL bind in progress >>>> [20/Jul/2015:06:45:08 -0400] conn=151 op=5 UNBIND >>>> [20/Jul/2015:06:45:08 -04

[Freeipa-devel] [PATCH 0342] idviews: Check for the Default Trust View only if applying

From: Tomas Babej Date: Tue, 21 Jul 2015 12:44:37 +0200 Subject: [PATCH] idviews: Check for the Default Trust View only if applying the view Currently, the code wrongly validates the idview-unapply command. Move check for the forbidden application of the Default Trust View into the correct logical

[Freeipa-devel] [PATCH 0343] tests: user_plugin: Add preserved flag when --all is used

Hi, this patch fixes failing tests for the user plugin where preserved attribute is missing. Tomas From bb209a5679fcebfd5329f3dfd1537d8bb7802c22 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 21 Jul 2015 13:17:56 +0200 Subject: [PATCH] tests: user_plugin: Add preserved flag when --all

[Freeipa-devel] [PATCH 0345] tests: realmdomains_plugin: Add explanatory comment

Tomas From c5fdaf229b67e4b6f331c3e9c9f42e751853f15b Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 21 Jul 2015 14:12:31 +0200 Subject: [PATCH] tests: realmdomains_plugin: Add explanatory comment The realmdomains_mod command will fail if the testing environment is configured improperly and the IP

[Freeipa-devel] [PATCH 0346] tests: Version is currently generated during command call

Hi, In the previous versions, version in the response was generated as part of the process_keyword_arguments method. This is no longer true, and so the explicit check for it should be removed. Tomas From 6f3b99589257711cbfa349cc6b21055b430a2d87 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date

[Freeipa-devel] [PATCH 0349] tests: test_cert: Services can have multiple certificates

Hi, Old certificates of the services are no longer removed and revoked after new ones have been issued. Check that both old and new certificates are present. Tomas From d1445c61bab5d9ee5efc4fe68d7fc8caf7758f75 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 21 Jul 2015 17:39:47 +0200

[Freeipa-devel] [PATCH 0348] tests: test_rpc: Create connection for the current thread

Hi, Both context.xmlclient and context.xmlclient_ need to be created in order to successfully call the Command.forward method. Tomas From 4fdeb54c5c02e14a83c12637df5d33bb6d9f8122 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 21 Jul 2015 17:38:06 +0200 Subject: [PATCH] tests: test_rpc

[Freeipa-devel] [PATCH 0344] tests: service_plugin: Make sure the cert is decoded from

Hi, this patch fixes an issue in tests where the certificate was not decoded from base64 representation. Tomas From 4bf69e94984d72d1f52dfb2afd65574c73838ece Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 21 Jul 2015 13:58:13 +0200 Subject: [PATCH] tests: service_plugin: Make sure the

[Freeipa-devel] [PATCH 0347] tests: vault_plugin: Skip tests if KRA not available

Hi, the vault tests should be skipped in case the KRA is not available on the machine. Tomas From dcfc274d400b5cd4bb2bdba6f1774952c63f9a5b Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 21 Jul 2015 15:43:35 +0200 Subject: [PATCH] tests: vault_plugin: Skip tests if KRA not available

Re: [Freeipa-devel] [PATCH 0343] tests: user_plugin: Add preserved flag when --all is used

On 07/21/2015 06:51 PM, Martin Basti wrote: > On 21/07/15 18:01, Tomas Babej wrote: >> Hi, >> >> this patch fixes failing tests for the user plugin where preserved >> attribute is missing. >> >> Tomas >> >> >&g

Re: [Freeipa-devel] [PATCH 0342] idviews: Check for the Default Trust View only if applying

On 07/22/2015 09:04 AM, Martin Basti wrote: > On 21/07/15 12:47, Tomas Babej wrote: >> Hi, >> >> Currently, the code wrongly validates the idview-unapply command. Move >> check for the forbidden application of the Default Trust View into >> the co

Re: [Freeipa-devel] [PATCH 0344] tests: service_plugin: Make sure the cert is decoded from

On 07/22/2015 08:40 AM, Martin Babinsky wrote: > On 07/21/2015 06:01 PM, Tomas Babej wrote: >> Hi, >> >> this patch fixes an issue in tests where the certificate was not decoded >> from base64 representation. >> >> Tom

Re: [Freeipa-devel] [PATCH 0345] tests: realmdomains_plugin: Add explanatory comment

On 07/22/2015 09:07 AM, Martin Basti wrote: > On 21/07/15 18:02, Tomas Babej wrote: >> Hi, >> >> The realmdomains_mod command will fail if the testing environment >> is configured improperly and the IPA domain's NS/SOA records are >> not resolvable. This

Re: [Freeipa-devel] [PATCH 0346] tests: Version is currently generated during command call

On 07/22/2015 08:56 AM, Martin Basti wrote: > On 21/07/15 18:02, Tomas Babej wrote: >> Hi, >> >> In the previous versions, version in the response was generated >> as part of the process_keyword_arguments method. This is no longer true, >> and so the explic

Re: [Freeipa-devel] [PATCH 0347] tests: vault_plugin: Skip tests if KRA not available

On 07/22/2015 08:41 AM, Martin Babinsky wrote: > On 07/21/2015 06:03 PM, Tomas Babej wrote: >> Hi, >> >> the vault tests should be skipped in case the KRA is not available on >> the machine. >> >> Tomas >> >> >> > ACK > Push

Re: [Freeipa-devel] [PATCH 0348] tests: test_rpc: Create connection for the current thread

On 07/22/2015 09:09 AM, Martin Basti wrote: > On 21/07/15 18:03, Tomas Babej wrote: >> Hi, >> >> Both context.xmlclient and context.xmlclient_ need to be created >> in order to successfully call the Command.forward method. >> >> Tomas >> >>

Re: [Freeipa-devel] [PATCH 0349] tests: test_cert: Services can have multiple certificates

On 07/22/2015 08:44 AM, Martin Babinsky wrote: > On 07/21/2015 06:03 PM, Tomas Babej wrote: >> Hi, >> >> Old certificates of the services are no longer removed and revoked >> after new ones have been issued. >> >> Check that both old and new certificates

[Freeipa-devel] [PATCH 0350] dcerpc: Fix UnboundLocalError for ccache_name

Hi, this fixes a UnboudLocalError in DomainValidator.__search_in_dc. Alexander gave an ACK over IRC. Pushed to: master: cf59981cc2c6bb13c286188aa27cb10a49ff4a5e ipa-4-2: fe3fa23e5f34219fda7cba182de50b5bd8074fb7 From 5e97322f3896001dca0b0060ff9bd7e8de47da4e Mon Sep 17 00:00:00 2001 From: Tomas

Re: [Freeipa-devel] [PATCH 0049] fix broken search for users by their manager

On 07/23/2015 10:55 AM, Martin Babinsky wrote: > Fixes https://fedorahosted.org/freeipa/ticket/5146 > > > The patch fixes the mentioned issue. However, there is some code made redundant in stageuser_find.execute, which does the same thing, can you please remove it? Tomas -- Manage your su

Re: [Freeipa-devel] [PATCH 0049] fix broken search for users by their manager

On 07/23/2015 11:31 AM, Martin Babinsky wrote: > On 07/23/2015 11:18 AM, Tomas Babej wrote: >> >> >> On 07/23/2015 10:55 AM, Martin Babinsky wrote: >>> Fixes https://fedorahosted.org/freeipa/ticket/5146 >>> >>> >>> >> >> The pa

[Freeipa-devel] [PATCHES 0351-0353] Improvements to ID override type validation

Hi, this patchset deals mainly with the ticket: https://fedorahosted.org/freeipa/ticket/5029 Details in the commit messages. Tomas From 83defa7e286b9e65a147598b4056abc47b4647bf Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 22 Jul 2015 14:00:37 +0200 Subject: [PATCH] dcerpc: Add

Re: [Freeipa-devel] [PATCHES 0351-0353] Improvements to ID override type validation

On 07/23/2015 03:08 PM, Alexander Bokovoy wrote: > On Thu, 23 Jul 2015, Tomas Babej wrote: >> Hi, >> >> this patchset deals mainly with the ticket: >> >> https://fedorahosted.org/freeipa/ticket/5029 >> >> Details i

Re: [Freeipa-devel] [PATCHES 0351-0353] Improvements to ID override type validation

On 07/23/2015 03:32 PM, Alexander Bokovoy wrote: > On Thu, 23 Jul 2015, Tomas Babej wrote: >>>> +def get_trusted_domain_object_type(self, name_or_sid): >>>> +""" >>>> +Return the type of the object corresponding to t

Re: [Freeipa-devel] [PATCH] 0028 add --out option to user-show

On 07/24/2015 03:40 PM, Fraser Tweedale wrote: > The attached patch adds --out option to user-show for saving user's > certificate(s) to file. > > Thanks, > Fraser > > > I hate to nitpick here, but is "out" really a descriptive option name here? I'd prefer something more explicit, like '--sa

Re: [Freeipa-devel] [PATCH] 0028 add --out option to user-show

On 07/24/2015 05:34 PM, Martin Basti wrote: > On 24/07/15 16:52, Tomas Babej wrote: >> >> On 07/24/2015 03:40 PM, Fraser Tweedale wrote: >>> The attached patch adds --out option to user-show for saving user's >>> certificate(s) to file. >>> >>

Re: [Freeipa-devel] New freeipa-tools repo

On 07/30/2015 01:58 PM, Martin Kosek wrote: > On 07/30/2015 01:51 PM, Alexander Bokovoy wrote: >> On Thu, 30 Jul 2015, Martin Kosek wrote: >>> Hello all, >>> >>> Right now, the people pushing patches to FreeIPA use Petr's great "ipatool" >>> that is part of Petr's (CCed) ipa-tools repo forked fro

Re: [Freeipa-devel] 4.1 branch is broken

On 08/04/2015 03:44 PM, Rob Crittenden wrote: > Commit 4d2ef43f broke the 4.1 branch. There is no ipaplatform/paths.py. > > rob > I don't think so, that particular commit is from May 29 2014, which predates the release of FreeIPA 4.0. This file (along with couple of other platform dependant f

Re: [Freeipa-devel] [PATCH] 0032 Fix otptoken-remove-managedby command summary

On 08/05/2015 07:51 AM, Fraser Tweedale wrote: > Small doc fix. > > Cheers, > Fraser > > > ACK, thanks for catching this. Pushed to: master: e28a45072004d93ced9bf81b3810fbd2652664b5 ipa-4-2: dc0745650a0172bb66350fb453ec4285e31a32ad Tomas -- Manage your subscription for the Freeipa-devel

Re: [Freeipa-devel] Exporting users "access formulars"

On 08/04/2015 03:13 PM, Florian Crouzat wrote: > Hey, > > For security reason (mostly PCI-DSS) I have to print and sign-off access > formular for every users, and also to maintain these formulars in time > which means that every time I add a host to a hostgroup for example, I > should reprint al

[Freeipa-devel] [PATCH 0355] Fix incorrect type comparison in trust-fetch-domains

Hi, Value needs to be unpacked from the list and converted before comparison. https://fedorahosted.org/freeipa/ticket/5182 From dee59d971acb733c1dee06a61cc0d79ac2f4fdb7 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 5 Aug 2015 17:31:47 +0200 Subject: [PATCH] Fix incorrect type

[Freeipa-devel] [PATCH 0356] trusts: Detect missing Samba instance

128ee05bbebe17f77272b8f2a6bd5039cfbc26b0 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 6 Aug 2015 10:10:04 +0200 Subject: [PATCH] trusts: Detect missing Samba instance In the event of invocation of trust related commands, IPA server needs to contact local Samba instance. This is not possible on servers that merely act

Re: [Freeipa-devel] [PATCH 0355] Fix incorrect type comparison in trust-fetch-domains

On 08/05/2015 08:24 PM, Alexander Bokovoy wrote: > On Wed, 05 Aug 2015, Tomas Babej wrote: >> Hi, >> >> Value needs to be unpacked from the list and converted before comparison. >> >> https://fedorahosted.org/freeipa/ticket/5182 > One more -- this

Re: [Freeipa-devel] [PATCH] 0194 Fix selector of protocol for LSA RPC binding string

On 08/05/2015 08:40 PM, Alexander Bokovoy wrote: > Hi, > > attached patch fixes a bug > https://bugzilla.redhat.com/show_bug.cgi?id=1249455 > > details are in the commit message. > > > Looks good to me, generates bindings strings as described in the BZ. Just a readability nitpick, can we g

[Freeipa-devel] [PATCH 0357] trusts: Detect domain clash with IPA domain when adding a AD

n Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 6 Aug 2015 10:54:47 +0200 Subject: [PATCH] trusts: Detect domain clash with IPA domain when adding a AD trust When IPA is deployed in the same domain as AD, trust-add fails since the names of the local domain and trusted domain ranges is the

Re: [Freeipa-devel] [PATCH 0055] raise an exception when user tries to modify a local ID range

On 08/07/2015 04:22 PM, Martin Babinsky wrote: > Short term fix for https://fedorahosted.org/freeipa/ticket/4826 > > > Hi, couple of minor issues: 1.) Please create a separate constant for the WARNING section, now this segment is copy-pasted at three different places in the plugin. 2.) It

Re: [Freeipa-devel] [PATCH 0055] raise an exception when user tries to modify a local ID range

On 08/07/2015 05:09 PM, Martin Babinsky wrote: > On 08/07/2015 04:51 PM, Tomas Babej wrote: >> >> >> On 08/07/2015 04:22 PM, Martin Babinsky wrote: >>> Short term fix for https://fedorahosted.org/freeipa/ticket/4826 >>> >>> >>> >>

[Freeipa-devel] [PATCH 0359] adtrust-install: Correctly determine 4.2 FreeIPA servers

://fedorahosted.org/freeipa/ticket/5199 From 31bf121e4603bc1287eac88653ff48198c2f69c3 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 11 Aug 2015 16:05:32 +0200 Subject: [PATCH] adtrust-install: Correctly determine 4.2 FreeIPA servers We need to detect a list of FreeIPA 4.2 (and above) servers

Re: [Freeipa-devel] [PATCH] 908 adjust search so that it works for non-admin users

On 08/12/2015 12:59 PM, Petr Vobornik wrote: > Non-admin user can now search for: > - hosts > - hostgroups > - netgroups > - servers > - services > > (Fixes ACI issue where search returns nothing when user does't have > read rights for an attribute in search_attributes. > > https://fedorahosted

<    3   4   5   6   7   8   9   10   11   >