[Freeipa-devel] Mirroring from pagure to github is broken

2017-04-03 Thread Martin Basti
https://pagure.io/fedora-infrastructure/issue/5946 Mirroring is broken, please make sure you pushed commits to both pagure and github. Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] Announcing FreeIPA 4.3.3

2017-03-23 Thread Martin Basti
python-libsss_nss_idmap and python-sss to BuildRequires === Martin Basti (5) === * Become IPA 4.3.3 * Update Contributors.txt * Raise DuplicatedEnrty error when user exists in delete_container * Catch DNS exceptions during emptyzones named.conf upgrade * Start named during configuration upgr

[Freeipa-devel] Announcing FreeIPA 4.4.4

2017-03-23 Thread Martin Basti
`batch` and `dnsrecord` === Martin Basti (7) === * Become IPA 4.4.4 * Update Contributors.txt * FreeIPA 4.4.4 translations * Bump python-dns to improve processing of non-complete resolv.conf * Use proper logging for error messages * Wait until HTTPS principal entry is replicated to replica * wait_

[Freeipa-devel] [DRAFT] release notes FreeIPA 4.4.4

2017-03-23 Thread Martin Basti
Please check the draft of the release notes for FreeIPA 4.4.4 release: http://www.freeipa.org/page/Releases/4.4.4 Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [DRAFT] release notes FreeIPA 4.3.3

2017-03-23 Thread Martin Basti
Please check the draft of the release notes for FreeIPA 4.3.3 release: http://www.freeipa.org/page/Releases/4.3.3 Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] Announcing FreeIPA 4.5.0

2017-03-15 Thread Martin Basti
DCs when fetching trust domain info * netgroup: avoid extraneous LDAP search when retrieving primary key from DN * advise: Use `name` instead of `__name__` to get plugin names * Use Travis-CI for basic sanity checks * ldapupdate: Use proper inheritance in BadSyntax exception * raise ValidationE

Re: [Freeipa-devel] [DRAFT] Release notes FreeIPA 4.5.0

2017-03-15 Thread Martin Basti
On 15.03.2017 00:49, Fraser Tweedale wrote: > On Tue, Mar 14, 2017 at 01:51:19PM +0100, Martin Basti wrote: >> Hello, >> >> DRAFT for FreeIPA 4.5.0 release notes is ready >> http://www.freeipa.org/page/Releases/4.5.0 >> >> Please update/let me know what is

Re: [Freeipa-devel] [DRAFT] Release notes FreeIPA 4.5.0

2017-03-14 Thread Martin Basti
On 14.03.2017 14:50, Jakub Hrozek wrote: > On Tue, Mar 14, 2017 at 01:51:19PM +0100, Martin Basti wrote: >> Hello, >> >> DRAFT for FreeIPA 4.5.0 release notes is ready >> http://www.freeipa.org/page/Releases/4.5.0 >> >> Please update/let me know what is

Re: [Freeipa-devel] [DRAFT] Release notes FreeIPA 4.5.0

2017-03-14 Thread Martin Basti
On 14.03.2017 15:06, Alexander Bokovoy wrote: > On ti, 14 maalis 2017, Luc de Louw wrote: >> My 3 cents... >> >> "Please note that FIPS 140-2 support may not work on some platforms" >> >> -> Does is work in Fedora? Should be worth mention it so people are >> more encouraged to test it in Fedora

Re: [Freeipa-devel] [DRAFT] Release notes FreeIPA 4.5.0

2017-03-14 Thread Martin Basti
HEL 7.4 > > Thanks, > > Luc We cannot guarantee that FIPS mode will work with fedora, any package update may break it. > > > > On 03/14/2017 02:50 PM, Jakub Hrozek wrote: >> On Tue, Mar 14, 2017 at 01:51:19PM +0100, Martin Basti wrote: >>> Hello, >>>

Re: [Freeipa-devel] [DRAFT] Release notes FreeIPA 4.5.0

2017-03-14 Thread Martin Basti
On 14.03.2017 15:08, Florence Blanc-Renaud wrote: > On 03/14/2017 01:51 PM, Martin Basti wrote: >> Hello, >> >> DRAFT for FreeIPA 4.5.0 release notes is ready >> http://www.freeipa.org/page/Releases/4.5.0 >> >> Please update/let me know what is mi

[Freeipa-devel] [DRAFT] Release notes FreeIPA 4.5.0

2017-03-14 Thread Martin Basti
Hello, DRAFT for FreeIPA 4.5.0 release notes is ready http://www.freeipa.org/page/Releases/4.5.0 Please update/let me know what is missing, what is extra. Martin^2 signature.asc Description: OpenPGP digital signature -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-07 Thread Martin Basti
On 07.03.2017 15:41, Martin Babinsky wrote: > On Tue, Mar 07, 2017 at 04:34:42PM +0200, Alexander Bokovoy wrote: >> On ti, 07 maalis 2017, Simo Sorce wrote: >>> On Tue, 2017-03-07 at 09:38 +0100, Martin Babinsky wrote: On 03/06/2017 01:48 PM, Simo Sorce wrote: > On Mon, 2017-03-06 at

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread Martin Basti
On 01.03.2017 17:04, Simo Sorce wrote: On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote: On 03/01/2017 04:32 PM, Simo Sorce wrote: On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote: On 03/01/2017 03:42 PM, Simo Sorce wrote: On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky

Re: [Freeipa-devel] Migration of FreeIPA issue tracker - Trac and git repo to pagure.io

2017-02-28 Thread Martin Basti
On 28.02.2017 12:38, Lukas Slebodnik wrote: On (28/02/17 12:17), Martin Basti wrote: On 28.02.2017 12:03, Petr Vobornik wrote: On 02/28/2017 12:00 PM, Petr Vobornik wrote: On 02/27/2017 12:46 PM, Petr Vobornik wrote: Hello list, today and tomorrow a migration of FreeIPA issue tracker[1

Re: [Freeipa-devel] Migration of FreeIPA issue tracker - Trac and git repo to pagure.io

2017-02-28 Thread Martin Basti
On 28.02.2017 12:03, Petr Vobornik wrote: On 02/28/2017 12:00 PM, Petr Vobornik wrote: On 02/27/2017 12:46 PM, Petr Vobornik wrote: Hello list, today and tomorrow a migration of FreeIPA issue tracker[1] and git repo will take place. It is due to FedoraHosted sunset [2]. Both will be

Re: [Freeipa-devel] MD5 certificate fingerprints removal

2017-02-24 Thread Martin Basti
On 24.02.2017 08:46, Tomas Krizek wrote: On 02/24/2017 08:34 AM, Standa Laznicka wrote: On 02/24/2017 08:29 AM, Jan Cholasta wrote: On 23.2.2017 19:06, Martin Basti wrote: On 23.02.2017 15:09, Tomas Krizek wrote: On 02/22/2017 01:44 PM, Fraser Tweedale wrote: On Wed, Feb 22, 2017 at 01

Re: [Freeipa-devel] MD5 certificate fingerprints removal

2017-02-23 Thread Martin Basti
On 23.02.2017 15:09, Tomas Krizek wrote: On 02/22/2017 01:44 PM, Fraser Tweedale wrote: On Wed, Feb 22, 2017 at 01:41:22PM +0100, Tomas Krizek wrote: On 02/22/2017 12:28 AM, Fraser Tweedale wrote: On Tue, Feb 21, 2017 at 05:23:07PM +0100, Standa Laznicka wrote: On 02/21/2017 04:24 PM,

Re: [Freeipa-devel] Release: script for updating contributors

2017-02-23 Thread Martin Basti
On 23.02.2017 12:31, Martin Kosek wrote: Hi all, Based on my recent Contributors.txt update and on Martin Basti's request in the pull request: https://github.com/freeipa/freeipa/pull/493#issuecomment-281938080 I added my (hacky) script for updating the file in the freeipa-tools repo and

[Freeipa-devel] [INFO] Freeipa/freeipa-master copr repo required for FreeIPA from master branch

2017-02-09 Thread Martin Basti
Hello, from now you need freeipa/freeipa-master copr repo to run IPA built from master branch (at least on F25/F24) due bind and bind-dyndb-ldap packages. Sorry for inconvenience. Martin^2 -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [design] add nsupdate output format to dns-update-system-records

2017-01-30 Thread Martin Basti
On 30.01.2017 07:27, Jan Cholasta wrote: On 27.1.2017 22:45, Petr Vobornik wrote: On 01/27/2017 01:37 PM, Martin Basti wrote: Hello all, I'm working on adding support of nsupdate format to output of `ipa dns-update-system-records` command, that will allow to copy output to nsupdate

[Freeipa-devel] [design] add nsupdate output format to dns-update-system-records

2017-01-27 Thread Martin Basti
Hello all, I'm working on adding support of nsupdate format to output of `ipa dns-update-system-records` command, that will allow to copy output to nsupdate utility and update IPA DNS records on external server. I propose following: 1) new option --nsupdate-format This option will replace

Re: [Freeipa-devel] Stageuser API

2017-01-17 Thread Martin Basti
On 17.01.2017 12:38, Christian Heimes wrote: On 2017-01-16 15:52, David Kupka wrote: Hello everyone! I've noticed that our API for stageuser is missing some commands that user has (stageuser-{add,remove}-{principal,cert}). I was wondering if there is reason for it but after asking some

Re: [Freeipa-devel] using Reviewer field on Github instead of Trac

2016-12-09 Thread Martin Basti
On 09.12.2016 09:05, Petr Spacek wrote: Dear FreeIPA developers, I just noticed that Github PRs now have Reviewers field. Can we replace reviewed-by field in Trac with Reviewers field on Github? It is easier to set myself as Reviewer on Github as it does not force me to edit ticket. Assuming

Re: [Freeipa-devel] [freeipa PR#314][edited] RFC: privilege separation for ipa framework code

2016-12-08 Thread Martin Basti
On 08.12.2016 22:47, Simo Sorce wrote: On Thu, 2016-12-08 at 21:46 +0100, simo5 wrote: URL: https://github.com/freeipa/freeipa/pull/314 Author: simo5 Title: #314: RFC: privilege separation for ipa framework code Action: edited Changed field: body Original value: """ As part of the

Re: [Freeipa-devel] NTP in FreeIPA

2016-11-25 Thread Martin Basti
On 24.11.2016 20:31, Gabe Alford wrote: On Thu, Nov 24, 2016 at 9:14 AM, Martin Basti <mba...@redhat.com <mailto:mba...@redhat.com>> wrote: On 24.11.2016 16:11, Gabe Alford wrote: On Thu, Nov 24, 2016 at 1:29 AM, Martin Basti <mba...@redhat.com <mailto

Re: [Freeipa-devel] NTP in FreeIPA

2016-11-24 Thread Martin Basti
On 24.11.2016 16:11, Gabe Alford wrote: On Thu, Nov 24, 2016 at 1:29 AM, Martin Basti <mba...@redhat.com <mailto:mba...@redhat.com>> wrote: On 24.11.2016 07:06, David Kupka wrote: On 22/11/16 23:15, Gabe Alford wrote: I would say that it is w

Re: [Freeipa-devel] NTP in FreeIPA

2016-11-24 Thread Martin Basti
On 24.11.2016 07:06, David Kupka wrote: On 22/11/16 23:15, Gabe Alford wrote: I would say that it is worth keeping in FreeIPA. I know myself and some customers use its functionality by having the clients sync to the IPA servers and have the servers sync to the NTP source. This way if the NTP

[Freeipa-devel] Removing ipa.pot file from git tree

2016-11-22 Thread Martin Basti
Hello list, we plan to remove ipa.pot file from git tree, as this is file can be generated from code during build time, and it is required only for pushing sources to Zanata. Does anybody remember reason why this file was added into git tree? Note: Translated strings (*.po files) will

Re: [Freeipa-devel] Design document: Integration Improvements

2016-11-11 Thread Martin Basti
On 11.11.2016 15:25, Christian Heimes wrote: Hello, I have released the first version of a new design document. It describes how I'm going to improve integration of FreeIPA's client libraries (ipalib, ipapython, ipaclient, ipaplatform) for third party developers.

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

2016-11-10 Thread Martin Basti
On 10.11.2016 10:06, Oleg Fayans wrote: On 11/10/2016 09:43 AM, Martin Basti wrote: ACK On the other hand, make it a conditional one. The link in the comment does not work. Please fix that. -- Milan Kubik -- Milan Kubik After offline discussion and some clarification

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

2016-11-10 Thread Martin Basti
ACK On the other hand, make it a conditional one. The link in the comment does not work. Please fix that. -- Milan Kubik -- Milan Kubik After offline discussion and some clarification, the comment is right. ACK -- Milan Kubik Because patches are scattered over this thread, am I

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

2016-11-03 Thread Martin Basti
= On 10/17/2016 07:05 PM, Martin Basti wrote: 1) you don't need to disable/enable dirsrv, just stop/start. Please remove disable/enable parts 2) traceback self = def test_delete_ruvs(self): """ http://www.freeipa.org/page/V4/Manage_replicati

Re: [Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test

2016-11-03 Thread Martin Basti
6 10:32 AM, Martin Basti wrote: On 15.09.2016 10:10, Oleg Fayans wrote: Hi Martin, The file was renamed. Did I understand correctly that for now we are leaving the test as is and are planning to extend it later? I would like to have there SSSD check involved, please use what Summit recommends. N

[Freeipa-devel] Github: rebases and commits order

2016-10-27 Thread Martin Basti
FYI: when you change order of commits using `git rebase` github doesn't respect this and shows commits in UI based on author date ordering. https://github.com/isaacs/github/issues/386 It is just for your information, we started using bigger amount of commits and surprise, surprise UI shows

Re: [Freeipa-devel] [PATCH] 0102-0104: webui: Add support for setting custom table pagination size

2016-10-26 Thread Martin Basti
On 11.08.2016 16:18, Pavel Vomacka wrote: Hello, please review attached patches. https://fedorahosted.org/freeipa/ticket/5742 bump for review -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [PATCH] webui: 0084, 0101: refactoring rpc module

2016-10-26 Thread Martin Basti
On 09.08.2016 13:29, Pavel Vomacka wrote: Hello, please review attached patches. The rpc module is now separated from display layer and changing activity text while loading metadata. https://fedorahosted.org/freeipa/ticket/6144 bump for review -- Manage your subscription for the

Re: [Freeipa-devel] [PATCH] 956 replicainstall: log ACI and LDAP errors in promotion check

2016-10-26 Thread Martin Basti
On 30.03.2016 10:06, Martin Basti wrote: On 24.03.2016 15:27, Petr Vobornik wrote: to enable debugging of such errors. E.g.: https://fedorahosted.org/freeipa/ticket/5741 Can we log the whole traceback to get exact place where error happened? Martin^2 bump -- Manage your

Re: [Freeipa-devel] [PATCH] restrict setkeytab operation

2016-10-26 Thread Martin Basti
On 31.08.2016 14:36, Martin Basti wrote: On 26.07.2016 13:38, Simo Sorce wrote: On Mon, 2016-07-25 at 11:26 -0400, Simo Sorce wrote: On Mon, 2016-07-25 at 11:10 -0400, Rob Crittenden wrote: Simo Sorce wrote: On Mon, 2016-07-25 at 10:55 -0400, Rob Crittenden wrote: Simo Sorce wrote

Re: [Freeipa-devel] Limiting pull request notification sizes

2016-10-19 Thread Martin Basti
On 19.10.2016 16:38, Petr Vobornik wrote: Looking at: [Freeipa-devel] [freeipa PR#171][synchronized] Build system cleanup phase 2 I see that the attached freeipa-pr-171.patch has 7.8 MB. With couple forced pushed to the private branch it creates quite big traffic a takes space. Is it

Re: [Freeipa-devel] [help]

2016-10-19 Thread Martin Basti
Comments inline On 19.10.2016 10:30, 郑磊 wrote: -- 祝: 工作顺利!生活愉快! -- 长沙研发中心 郑磊 Phone:18684703229 Email:zheng...@kylinos.cn Company:天津麒麟信息技术有限公司 Address:湖南长沙市开福区三一大道工美大厦十四楼 -- Original -- *From: * "Martin Basti

Re: [Freeipa-devel] [help]

2016-10-19 Thread Martin Basti
-ins. webUI is just layer on top of our API calls. -- 祝: 工作顺利!生活愉快! -- 长沙研发中心 郑磊 Phone:18684703229 Email:zheng...@kylinos.cn Company:天津麒麟信息技术有限公司 Address:湖南长沙市开福区三一大道工美大厦十四楼 -- Original -- *From: * "Martin Basti

Re: [Freeipa-devel] [help]

2016-10-18 Thread Martin Basti
On 18.10.2016 03:28, 郑磊 wrote: Hello everyone, I'm using freeipa, and having a test and research with the function of freeipa. At the same time, I have carried on the Chinese translation to the web interface, also added own log module in web interface, referring to the following

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

2016-10-17 Thread Martin Basti
ctors" in res1), ( "CA-specific RUVs are not displayed") E TypeError: argument of type 'SSHCommand' is not iterable test_integration/test_topology.py:215: TypeError >>>>>>>>>>>>>>>>>>>>>>>>>&g

Re: [Freeipa-devel] Broken IPA installation caused by new python-dns package

2016-10-13 Thread Martin Basti
On 13.10.2016 19:49, Petr Vobornik wrote: On 10/12/2016 11:11 AM, Petr Spacek wrote: On 10.10.2016 10:28, Martin Basti wrote: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1857421df6 Please set karma accordingly Traceback: ... 2016-10-10T04:44:05Z DEBUG The ipa-replica-install

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

2016-10-13 Thread Martin Basti
. Patch-0048 was not changed On 10/12/2016 02:35 PM, Martin Basti wrote: 1) Can you just turn off dirsrv on replica instead of doing iptables magic? 2) NACK No more eval() ever in code, use 'getattr', 'get' or whatever in the object that can be used. +evalhost = eval("args[

Re: [Freeipa-devel] links to docs in the messages from code

2016-10-13 Thread Martin Basti
On 12.10.2016 19:56, Petr Spacek wrote: Hello FreeIPA developers, looking at freeipa-users mailing list, a lot of questions could be answered by just quick glance to the docs. I wonder if we should add links HTML version of docs on access.redhat.com to the messages generated by the code. If

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

2016-10-12 Thread Martin Basti
ase:_clean-ruv_subcommand On 08/05/2016 06:36 PM, Martin Basti wrote: On 03.08.2016 14:45, Oleg Fayans wrote: Hi Martin, Thanks for the review! Both patches were updated. On 07/28/2016 04:11 PM, Martin Basti wrote: On 08.07.2016 15:41, Oleg Fayans wrote: Hi Martin, Thanks for the review!

Re: [Freeipa-devel] [PATCH 0497] Py3: fix unicode/str error in LDAP*ReverseMember

2016-10-10 Thread Martin Basti
On 10.10.2016 07:57, Jan Cholasta wrote: On 7.6.2016 10:35, Martin Basti wrote: On 07.06.2016 10:35, Jan Cholasta wrote: On 7.6.2016 10:29, Martin Basti wrote: On 07.06.2016 09:08, Jan Cholasta wrote: On 6.6.2016 14:33, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5923

[Freeipa-devel] Broken IPA installation caused by new python-dns package

2016-10-10 Thread Martin Basti
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1857421df6 Please set karma accordingly Traceback: ... File "/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py", line 426, in update_dns_records self.update_base_records(), File

Re: [Freeipa-devel] Build system refactoring - design document

2016-10-07 Thread Martin Basti
On 07.10.2016 11:56, Petr Spacek wrote: Dear FreeIPA developers and packagers, you can find first version of the Build system refactoring design document on: http://www.freeipa.org/page/V4/Build_system_refactoring If you do not care about implementation details, please be so kind and quickly

Re: [Freeipa-devel] python-nss-1.0.0-2.fc24.x86_64 from updates-testing breaks FreeIPA client API

2016-09-29 Thread Martin Basti
On 29.09.2016 10:14, Alexander Bokovoy wrote: On to, 29 syys 2016, Martin Babinsky wrote: Hi list, today I noticed the following exceptions in my VMs when installing/using FreeIPA: """ # ipa ping exception in SSLSocket.handshake_callback Traceback (most recent call last): File

Re: [Freeipa-devel] pylint: remove unused variables

2016-09-23 Thread Martin Basti
On 23.09.2016 14:12, Jan Cholasta wrote: On 23.9.2016 13:23, Standa Laznicka wrote: On 09/23/2016 07:28 AM, Jan Cholasta wrote: On 22.9.2016 16:39, Martin Basti wrote: Hello all, In 4.5, I would like to remove all unused variables from code and enable pylint check. Due to big amount

Re: [Freeipa-devel] FedoraHosted.org sunset

2016-09-23 Thread Martin Basti
On 23.09.2016 09:54, Jakub Hrozek wrote: On Thu, Sep 22, 2016 at 06:09:43PM +0200, Petr Vobornik wrote: Hi all, As you know, FedoraHosted.org will be decommissioned. https://communityblog.fedoraproject.org/fedorahosted-sunset-2017-02-28/ We use Trac instance there. Let's discuss where we

Re: [Freeipa-devel] pylint: remove unused variables

2016-09-22 Thread Martin Basti
On 22.09.2016 18:05, Tomas Krizek wrote: On 09/22/2016 06:00 PM, Martin Basti wrote: On 22.09.2016 17:59, Tomas Krizek wrote: On 09/22/2016 04:39 PM, Martin Basti wrote: Hello all, In 4.5, I would like to remove all unused variables from code and enable pylint check. Due to big amount

Re: [Freeipa-devel] pylint: remove unused variables

2016-09-22 Thread Martin Basti
On 22.09.2016 17:59, Tomas Krizek wrote: On 09/22/2016 04:39 PM, Martin Basti wrote: Hello all, In 4.5, I would like to remove all unused variables from code and enable pylint check. Due to big amount of unused variables in the code this will be longterm effort. Why this?: * better code

[Freeipa-devel] pylint: remove unused variables

2016-09-22 Thread Martin Basti
It is clear what to do with unused assignments, but I need an agreement what to do with unpacking or iteration with unused variables For example: for name, surname, gender in (('Martin', 'Basti', 'M'), ): name, surname, gender = user['mbasti'] Where 'surname' is unused Pylint will detect surname

Re: [Freeipa-devel] Suspicious IPA cert test fail after upgrade to pki-ca-10.3.5-6

2016-09-22 Thread Martin Basti
On 22.09.2016 13:56, Martin Babinsky wrote: On 09/22/2016 01:41 PM, Martin Basti wrote: Hello all, Following test is failing: test_cert_find.test_0007_find_revocation_reason_0

[Freeipa-devel] Suspicious IPA cert test fail after upgrade to pki-ca-10.3.5-6

2016-09-22 Thread Martin Basti
Hello all, Following test is failing: test_cert_find.test_0007_find_revocation_reason_0 self = 0x7f1bf4532f90> def

Re: [Freeipa-devel] What would break if loopback addresses were allowed for IPA server?

2016-09-22 Thread Martin Basti
On 21.09.2016 12:01, Jan Pazdziora wrote: Hello, I've recently hit again the situation of IPA installer not happy about the provided IP address not being local to it, this time in containerized environment: https://bugzilla.redhat.com/show_bug.cgi?id=1377973 During the discussion,

Re: [Freeipa-devel] [PATCH] pylint fixes

2016-09-20 Thread Martin Basti
On 01.07.2016 15:51, Florence Blanc-Renaud wrote: On 06/21/2016 01:51 PM, Martin Basti wrote: On 21.06.2016 08:38, Florence Blanc-Renaud wrote: On 06/20/2016 07:08 PM, Martin Basti wrote: On 20.06.2016 19:06, Martin Basti wrote: On 20.06.2016 12:00, Florence Blanc-Renaud wrote

[Freeipa-devel] Github review feature

2016-09-16 Thread Martin Basti
Sorry for stealing your thread, but you started asking about github review emails :) Standard review inline comments are disabled on purpose, each comment generates one email, so we decided that is better after review to write a regular comment "NACK, please see inline comments" or so. I

Re: [Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test

2016-09-15 Thread Martin Basti
On 14.09.2016 18:53, Sumit Bose wrote: On Wed, Sep 14, 2016 at 06:03:37PM +0200, Martin Basti wrote: On 14.09.2016 17:53, Alexander Bokovoy wrote: On Wed, 14 Sep 2016, Martin Basti wrote: On 14.09.2016 17:41, Alexander Bokovoy wrote: On Wed, 14 Sep 2016, Martin Basti wrote: 1) I still

Re: [Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test

2016-09-14 Thread Martin Basti
On 14.09.2016 17:41, Alexander Bokovoy wrote: On Wed, 14 Sep 2016, Martin Basti wrote: 1) I still don't see the reason why AD trust is needed. Default trust ID view is added just by ipa-adtrust-install, adding trust is not needed for current implementation. You don't need AD

Re: [Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test

2016-09-14 Thread Martin Basti
On 06.09.2016 13:57, Oleg Fayans wrote: The test is updated to clean up after itself On 09/06/2016 12:57 PM, Oleg Fayans wrote: Hi Martin, Thanks for the review. The updated patches are attached. Please, see my comments below On 08/30/2016 01:58 PM, Martin Basti wrote: On 22.08.2016 13

[Freeipa-devel] Announcing FreeIPA 4.4.1

2016-09-01 Thread Martin Basti
The FreeIPA team would like to announce FreeIPA v4.4.1 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 24 will be available in the official COPR repository . == Highlights in 4.4.1 ==

[Freeipa-devel] [PATCH] Bump master IPA devel version to 4.4.90

2016-09-01 Thread Martin Basti
Pushed under oneliner rule Pushed to master: 371254fc4b36cb4d89351edb19c88a85e5a33a1b From 17553b8e5d4a58fda8e9f8ad6427366e17aedb29 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Thu, 1 Sep 2016 16:20:41 +0200 Subject: [PATCH] Bump master IPA devel version to

Re: [Freeipa-devel] [PATCH] restrict setkeytab operation

2016-08-31 Thread Martin Basti
On 26.07.2016 13:38, Simo Sorce wrote: On Mon, 2016-07-25 at 11:26 -0400, Simo Sorce wrote: On Mon, 2016-07-25 at 11:10 -0400, Rob Crittenden wrote: Simo Sorce wrote: On Mon, 2016-07-25 at 10:55 -0400, Rob Crittenden wrote: Simo Sorce wrote: As described in #232 start restricting the use

Re: [Freeipa-devel] Release 4.4.1 planning

2016-08-31 Thread Martin Basti
On 30.08.2016 15:00, Alexander Bokovoy wrote: Hi, we have a plan to release FreeIPA 4.4.1 on Wednesday, Aug 31st. I started preparing a release page: http://www.freeipa.org/page/Releases/4.4.1 It has staggering 140+ closed tickets already. Please help me with filling in enhancements and

Re: [Freeipa-devel] [PATCH] 0024 memory leak in ipapwd plugin

2016-08-31 Thread Martin Basti
On 30.08.2016 13:27, Martin Basti wrote: On 11.08.2016 16:39, Alexander Bokovoy wrote: On Thu, 11 Aug 2016, thierry bordaz wrote: +/* rc should always be 0 (else slapi_sdn_new_dn_byref should have sigsev) + * but if we end in rc==LDAP_OPERATIONS_ERROR be sure to stop here

Re: [Freeipa-devel] [PATCH] 0220 move /bin/ipa to freeipa-client

2016-08-30 Thread Martin Basti
On 30.08.2016 09:27, Jan Cholasta wrote: On 25.8.2016 13:09, Alexander Bokovoy wrote: On Thu, 25 Aug 2016, Jan Cholasta wrote: Hi, On 25.8.2016 11:27, Alexander Bokovoy wrote: Hi, attached patch moves ipa CLI to freeipa-client and obsoletes freeipa-admintools The Obsoletes (both) should

Re: [Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test

2016-08-30 Thread Martin Basti
On 22.08.2016 13:18, Oleg Fayans wrote: ping for review On 08/02/2016 01:11 PM, Oleg Fayans wrote: Hi Martin, I did! Thank you! On 08/02/2016 12:31 PM, Martin Basti wrote: On 01.08.2016 22:46, Oleg Fayans wrote: The test was redesigned so that it actually tests against an AD user

Re: [Freeipa-devel] [PATCH] 0024 memory leak in ipapwd plugin

2016-08-30 Thread Martin Basti
On 11.08.2016 16:39, Alexander Bokovoy wrote: On Thu, 11 Aug 2016, thierry bordaz wrote: +/* rc should always be 0 (else slapi_sdn_new_dn_byref should have sigsev) + * but if we end in rc==LDAP_OPERATIONS_ERROR be sure to stop here + * because ret is not significant

Re: [Freeipa-devel] [Test][patch-0061] Fixed error in teardown method of replica_promotion tests

2016-08-30 Thread Martin Basti
On 24.08.2016 16:26, Oleg Fayans wrote: ACK Pushed to master: 5812af84a4a12528e969f14017e9675160b3faef -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

2016-08-30 Thread Martin Basti
at 11:26 -0400, Simo Sorce wrote: On Fri, 2016-08-26 at 18:09 +0300, Alexander Bokovoy wrote: On Fri, 26 Aug 2016, Simo Sorce wrote: On Fri, 2016-08-26 at 12:39 +0200, Martin Basti wrote: I miss "why" part of "To be able to handle backward compatibility with ease, a new object calle

Re: [Freeipa-devel] [PATCH 0159] Tests: fix test_forward_zones in test_xmlrpc/test_dns_plugin

2016-08-30 Thread Martin Basti
On 16.08.2016 13:55, Martin Basti wrote: On 16.08.2016 13:30, Martin Basti wrote: On 12.08.2016 20:00, Petr Spacek wrote: Hello, this is the last patch necessary to get all test_xmlrpc/test_dns_plugin tests to pass! (I hope :-) Tests: fix test_forward_zones in test_xmlrpc

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

2016-08-26 Thread Martin Basti
On 26.08.2016 12:37, Petr Vobornik wrote: On 08/26/2016 12:23 PM, Martin Basti wrote: On 26.08.2016 12:20, Alexander Bokovoy wrote: On Fri, 26 Aug 2016, Jan Cholasta wrote: On 26.8.2016 11:55, Martin Basti wrote: On 26.08.2016 11:43, Jan Cholasta wrote: Hi, On 11.8.2016 12:34

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

2016-08-26 Thread Martin Basti
On 26.08.2016 12:20, Alexander Bokovoy wrote: On Fri, 26 Aug 2016, Jan Cholasta wrote: On 26.8.2016 11:55, Martin Basti wrote: On 26.08.2016 11:43, Jan Cholasta wrote: Hi, On 11.8.2016 12:34, Stanislav Laznicka wrote: Hello, I updated the design of the Time-Based HBAC Policies

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

2016-08-26 Thread Martin Basti
On 26.08.2016 12:13, Jan Cholasta wrote: On 26.8.2016 11:55, Martin Basti wrote: On 26.08.2016 11:43, Jan Cholasta wrote: Hi, On 11.8.2016 12:34, Stanislav Laznicka wrote: Hello, I updated the design of the Time-Based HBAC Policies according to the discussion we led here earlier. Please

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

2016-08-26 Thread Martin Basti
On 26.08.2016 11:43, Jan Cholasta wrote: Hi, On 11.8.2016 12:34, Stanislav Laznicka wrote: Hello, I updated the design of the Time-Based HBAC Policies according to the discussion we led here earlier. Please check the design page http://www.freeipa.org/page/V4/Time-Based_Account_Policies.

Re: [Freeipa-devel] [PATCH 0060] Add --force-join option to ipa-replica-install

2016-08-25 Thread Martin Basti
On 10.08.2016 07:53, Stanislav Laznicka wrote: On 08/10/2016 07:31 AM, Jan Cholasta wrote: On 9.8.2016 18:52, Petr Vobornik wrote: On 08/09/2016 04:18 PM, Martin Basti wrote: On 09.08.2016 16:07, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/6183 Didn't we agreed

Re: [Freeipa-devel] [PATCH 0213] support multiple uid values in slapi-nis users map

2016-08-25 Thread Martin Basti
On 25.08.2016 10:32, Alexander Bokovoy wrote: On Tue, 23 Aug 2016, thierry bordaz wrote: acceptance is now completed (successfully). ACK bump so ACKed ab's 213-1 fixes https://fedorahosted.org/freeipa/ticket/6138 ? Yes that is my understanding. patch 213-1 fixes #6138. I verified that

Re: [Freeipa-devel] [PATCH] 0004 Fix ipa-server-install in pure IPv6 environment

2016-08-25 Thread Martin Basti
On 24.08.2016 18:41, Martin Basti wrote: On 19.08.2016 14:09, Tomas Krizek wrote: Hi, please review the attached patch. Make sure the hostname isn't resolved to link local IPv6(feXX:...) during testing, which doesn't work (and isn't supposed to). It did not work for me, pki-ca

Re: [Freeipa-devel] [PATCH] 0004 Fix ipa-server-install in pure IPv6 environment

2016-08-24 Thread Martin Basti
On 19.08.2016 14:09, Tomas Krizek wrote: Hi, please review the attached patch. Make sure the hostname isn't resolved to link local IPv6(feXX:...) during testing, which doesn't work (and isn't supposed to). It did not work for me, pki-ca-spawn.log: /ca/getStatus (Caused by

Re: [Freeipa-devel] [PATCH 0036, 0037][Tests] Host/service tests do not recognize newly added attribute

2016-08-24 Thread Martin Basti
On 24.08.2016 15:49, Ganna Kaihorodova wrote: Hello! [0036] ACK [0037] ACK Best regards, Ganna Kaihorodova Associate Software Quality Engineer - Original Message - From: "Lenka Doudova" To: "freeipa-devel" Sent: Monday, August 22,

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-24 Thread Martin Basti
:53 AM, Jan Cholasta wrote: On 22.8.2016 19:08, Tomas Krizek wrote: I've attached the updated patch. Hopefully I didn't forget anything else this time. On 08/22/2016 05:48 PM, Martin Basti wrote: On 22.08.2016 10:22, Tomas Krizek wrote: Seems like a good idea, I'm attaching the updated

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-24 Thread Martin Basti
:53 AM, Jan Cholasta wrote: On 22.8.2016 19:08, Tomas Krizek wrote: I've attached the updated patch. Hopefully I didn't forget anything else this time. On 08/22/2016 05:48 PM, Martin Basti wrote: On 22.08.2016 10:22, Tomas Krizek wrote: Seems like a good idea, I'm attaching the updated

Re: [Freeipa-devel] [PATCH 0039][Tests] ID views tests do not recognize 'krbcanonicalname' attribute

2016-08-24 Thread Martin Basti
On 22.08.2016 15:46, Lenka Doudova wrote: Hi, ID views tests still do not recognize 'krbcanonicalname' attribute - fix attached. Lenka ACK Pushed to master: 775c37bb812604496594524d8c6c7d936b4d3b15 -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0035] Remove Custodia server keys from LDAP

2016-08-24 Thread Martin Basti
On 24.08.2016 11:25, Christian Heimes wrote: On 2016-08-23 12:42, Petr Vobornik wrote: On 08/11/2016 04:13 PM, Martin Basti wrote: On 08.08.2016 16:10, Christian Heimes wrote: The server-del plugin now removes the Custodia keys for encryption and key signing from LDAP. https

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-23 Thread Martin Basti
On 22.08.2016 19:05, Martin Basti wrote: On 22.08.2016 17:48, Martin Basti wrote: On 22.08.2016 10:22, Tomas Krizek wrote: Seems like a good idea, I'm attaching the updated patch. Autofill does work when the param is required. On 08/19/2016 04:19 PM, Martin Basti wrote

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-22 Thread Martin Basti
On 22.08.2016 17:48, Martin Basti wrote: On 22.08.2016 10:22, Tomas Krizek wrote: Seems like a good idea, I'm attaching the updated patch. Autofill does work when the param is required. On 08/19/2016 04:19 PM, Martin Basti wrote: On 16.08.2016 17:35, Tomas Krizek wrote: Hi

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-22 Thread Martin Basti
On 22.08.2016 10:22, Tomas Krizek wrote: Seems like a good idea, I'm attaching the updated patch. Autofill does work when the param is required. On 08/19/2016 04:19 PM, Martin Basti wrote: On 16.08.2016 17:35, Tomas Krizek wrote: Hi, the attached patch fixes an error message when

Re: [Freeipa-devel] [Patch 0019] Corrected minor spell check in AD Trust information doc messages

2016-08-22 Thread Martin Basti
On 22.08.2016 17:05, Abhijeet Kasurde wrote: Hi All, On 08/22/2016 05:47 PM, Martin Basti wrote: On 22.08.2016 14:07, Alexander Bokovoy wrote: On Mon, 22 Aug 2016, Abhijeet Kasurde wrote: Hi All, Please find the patch attached. It's a minor spelling correction so, I have not created

Re: [Freeipa-devel] [Patch 0019] Corrected minor spell check in AD Trust information doc messages

2016-08-22 Thread Martin Basti
On 22.08.2016 14:07, Alexander Bokovoy wrote: On Mon, 22 Aug 2016, Abhijeet Kasurde wrote: Hi All, Please find the patch attached. It's a minor spelling correction so, I have not created ticket for this. ACK. Please don't update .pot files, we are doing it before release automatically

Re: [Freeipa-devel] [PATCHES 0038][Tests] ID views does not recognize ipakrboktoauthasdelegate attribute

2016-08-22 Thread Martin Basti
On 22.08.2016 14:06, Alexander Bokovoy wrote: On Mon, 22 Aug 2016, Lenka Doudova wrote: Hi, due to implementation of [1] some ID views tests fail because they do not recognize ipakrboktoauthasdelegate attribute. Providing fix for this. Ticket: https://fedorahosted.org/freeipa/ticket/6241

Re: [Freeipa-devel] [DESIGN][UPDATE] Time-Based HBAC Policies

2016-08-19 Thread Martin Basti
On 19.08.2016 12:37, Pavel Vomacka wrote: On 08/16/2016 08:21 AM, Stanislav Laznicka wrote: On 08/12/2016 06:48 PM, Petr Spacek wrote: On 11.8.2016 12:34, Stanislav Laznicka wrote: Hello, I updated the design of the Time-Based HBAC Policies according to the discussion we led here

Re: [Freeipa-devel] [PATCH 0214] Support schema files for external plugins

2016-08-19 Thread Martin Basti
On 19.08.2016 15:26, Alexander Bokovoy wrote: On Fri, 19 Aug 2016, Martin Basti wrote: On 19.08.2016 11:43, Alexander Bokovoy wrote: On Mon, 08 Aug 2016, Alexander Bokovoy wrote: On Mon, 08 Aug 2016, Petr Vobornik wrote: On 08/08/2016 12:26 PM, Alexander Bokovoy wrote: On Mon, 08 Aug

Re: [Freeipa-devel] [PATCH 0214] Support schema files for external plugins

2016-08-19 Thread Martin Basti
On 19.08.2016 11:43, Alexander Bokovoy wrote: On Mon, 08 Aug 2016, Alexander Bokovoy wrote: On Mon, 08 Aug 2016, Petr Vobornik wrote: On 08/08/2016 12:26 PM, Alexander Bokovoy wrote: On Mon, 08 Aug 2016, Alexander Bokovoy wrote: Hi! Attached patch is what is needed to allow external

Re: [Freeipa-devel] [freeipa/freeipa #2] Remove forgotten print from DN.__str__ implementation (comment)

2016-08-19 Thread Martin Basti
On 19.08.2016 13:05, freeipa-github-notificat...@redhat.com wrote: mbasti-rh commented on a pull request m a s t e r : * 8 6 e 1 5 6 c 3 c 5 f 3 3 1 e 3 f 1 6 9 b 9 4 1 b e 2 d 9 f 7 2 e 7 c 8 f 0 0 0 R e m o v e f o r g o t t e n p r i n t f r o m D N . _ _ s t r _

Re: [Freeipa-devel] [PATCH 0004] [Test] Test for caacl-add-service: incorrect error message when service does not exists

2016-08-18 Thread Martin Basti
On 18.08.2016 15:02, Tomas Krizek wrote: Hi, NACK. The issue is not that the error message contains the "no such entry" string. That is actually a valid part of the error message if the service indeed does not exist. The problem is that the error message contained only the first

  1   2   3   4   5   6   7   8   9   10   >