[Freeipa-devel] [freeipa PR#786][synchronized] ipa-server-install: fix uninstall

2017-05-16 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/786 Author: flo-renaud Title: #786: ipa-server-install: fix uninstall Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/786/head:pr786 git checkout pr786 From

[Freeipa-devel] [freeipa PR#786][edited] ipa-server-install: fix uninstall

2017-05-16 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/786 Author: flo-renaud Title: #786: ipa-server-install: fix uninstall Action: edited Changed field: body Original value: """ ipa-server-install --uninstall fails to stop tracking the certificates because it assigns a tuple

[Freeipa-devel] [freeipa PR#783][comment] Provide useful messages during cert validation

2017-05-16 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/783 Title: #783: Provide useful messages during cert validation flo-renaud commented: """ Hi @stlaz Thank you for the patch. LGTM. """ See the full comment at https://github.com/freeipa/freeipa/pull/783#issuecom

[Freeipa-devel] [freeipa PR#783][+ack] Provide useful messages during cert validation

2017-05-16 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/783 Title: #783: Provide useful messages during cert validation Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#788][opened] ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname

2017-05-16 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/788 Author: flo-renaud Title: #788: ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname Action: opened PR body: """ During ipa-kra-install, the installer prepares a configuration file provided to pkispawn. Thi

[Freeipa-devel] [freeipa PR#786][opened] ipa-server-install: fix uninstall

2017-05-15 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/786 Author: flo-renaud Title: #786: ipa-server-install: fix uninstall Action: opened PR body: """ ipa-server-install --uninstall fails to stop tracking the certificates because it assigns a tuple to the variable nicknames, the

[Freeipa-devel] [freeipa PR#784][opened] ipa-replica-manage del (dl 0): remove server from defaultServerList

2017-05-12 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/784 Author: flo-renaud Title: #784: ipa-replica-manage del (dl 0): remove server from defaultServerList Action: opened PR body: """ ipa-replica-manage del should remove the server from the entry cn=default,ou=profile,$BASE The

[Freeipa-devel] [freeipa PR#780][opened] server-del: update defaultServerList in cn=default, ou=profile, $BASE

2017-05-11 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/780 Author: flo-renaud Title: #780: server-del: update defaultServerList in cn=default,ou=profile,$BASE Action: opened PR body: """ ipa server-del should remove the server from the entry cn=default,ou=profile,$BASE The entry contai

[Freeipa-devel] [freeipa PR#777][opened] ipa-kra-install manpage: document domain-level 1

2017-05-10 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/777 Author: flo-renaud Title: #777: ipa-kra-install manpage: document domain-level 1 Action: opened PR body: """ ipa-kra-install man page was missing a specific section for domain level 1. This commits also fixes a wrong op

[Freeipa-devel] [freeipa PR#729][+ack] Turn on NSSOCSP check in mod_nss conf

2017-05-09 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/729 Title: #729: Turn on NSSOCSP check in mod_nss conf Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#766][comment] ipa-kra-install: fix check_host_keys

2017-05-09 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/766 Title: #766: ipa-kra-install: fix check_host_keys flo-renaud commented: """ Hi @MartinBasti @martbab thank you for the comment. PR updated with your suggestion. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#766][synchronized] ipa-kra-install: fix check_host_keys

2017-05-09 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/766 Author: flo-renaud Title: #766: ipa-kra-install: fix check_host_keys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/766/head:pr766 git checkout pr766 From

[Freeipa-devel] [freeipa PR#766][opened] ipa-kra-install: fix check_host_keys

2017-05-05 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/766 Author: flo-renaud Title: #766: ipa-kra-install: fix check_host_keys Action: opened PR body: """ ipa-kra-install on a replica checks that the keys are available before going further to avoid race condition due to replica

[Freeipa-devel] [freeipa PR#754][opened] ipa-server-install with external CA: fix pkinit cert issuance

2017-05-03 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/754 Author: flo-renaud Title: #754: ipa-server-install with external CA: fix pkinit cert issuance Action: opened PR body: """ ipa-server-install with external CA fails to issue pkinit certs. This happens because the inst

[Freeipa-devel] [freeipa PR#729][comment] Turn on NSSOCSP check in mod_nss conf

2017-05-02 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/729 Title: #729: Turn on NSSOCSP check in mod_nss conf flo-renaud commented: """ Hi @pvomacka I tested your last update with a new install and with an upgraded instance, and both are functionally OK. Revoked certs do not allow to ac

[Freeipa-devel] [freeipa PR#751][opened] ipa-client-install: remove extra space in pkinit_anchors definition

2017-05-02 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/751 Author: flo-renaud Title: #751: ipa-client-install: remove extra space in pkinit_anchors definition Action: opened PR body: """ ipa-client-install modifies /etc/krb5.conf and defines the following line: pkinit_anchors =

[Freeipa-devel] [freeipa PR#747][comment] vault: piped input for ipa vault-add fails

2017-04-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/747 Title: #747: vault: piped input for ipa vault-add fails flo-renaud commented: """ @stlaz Thank you for the reminder. Commit msg updated with issue 6907 """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#747][synchronized] vault: piped input for ipa vault-add fails

2017-04-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/747 Author: flo-renaud Title: #747: vault: piped input for ipa vault-add fails Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/747/head:pr747 git checkout pr747

[Freeipa-devel] [freeipa PR#747][opened] vault: piped input for ipa vault-add fails

2017-04-27 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/747 Author: flo-renaud Title: #747: vault: piped input for ipa vault-add fails Action: opened PR body: """ An exception is raised when using echo "Secret123\n" | ipa vault-add myvault This happens because the code

[Freeipa-devel] [freeipa PR#724][opened] upgrade: adtrust update_tdo_gidnumber plugin must check if adtrust is…

2017-04-20 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/724 Author: flo-renaud Title: #724: upgrade: adtrust update_tdo_gidnumber plugin must check if adtrust is… Action: opened PR body: """ … installed During upgrade, the plugin update_tdo_gidnumber is launched in order to

[Freeipa-devel] [freeipa PR#709][comment] Fix s4u2self with adtrust

2017-04-11 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/709 Title: #709: Fix s4u2self with adtrust flo-renaud commented: """ Hi @simo5, I tested webUI authentication with a IPA user and it is working with this patch. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#704][+ack] WebUI: cert login: Configure name of parameter used to pass username

2017-04-10 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/704 Title: #704: WebUI: cert login: Configure name of parameter used to pass username Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#704][comment] WebUI: cert login: Configure name of parameter used to pass username

2017-04-10 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/704 Title: #704: WebUI: cert login: Configure name of parameter used to pass username flo-renaud commented: """ Hi @dkupka thank you for the patch, everything works as expected with a single certificate mapped to multiple users. &q

[Freeipa-devel] [freeipa PR#667][comment] idrange-add: properly handle empty --dom-name option

2017-04-05 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/667 Title: #667: idrange-add: properly handle empty --dom-name option flo-renaud commented: """ @martbab thank you for the suggestion. The new test is available in PR #692 """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#692][opened] tests: add non-reg for idrange-add

2017-04-05 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/692 Author: flo-renaud Title: #692: tests: add non-reg for idrange-add Action: opened PR body: """ Add non regression test for issue 6404: when idrange-add is called with empty dom-name, the command returns ipa: ERROR: an int

[Freeipa-devel] [freeipa PR#667][comment] idrange-add: properly handle empty --dom-name option

2017-04-04 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/667 Title: #667: idrange-add: properly handle empty --dom-name option flo-renaud commented: """ Hi @stlaz I fixed the commit message. In contrary to what I told you offline, you need to configure an AD trust with ipa-adtrust-instal

[Freeipa-devel] [freeipa PR#667][edited] idrange-add: properly handle empty --dom-name option

2017-04-04 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/667 Author: flo-renaud Title: #667: idrange-add: properly handle empty --dom-name option Action: edited Changed field: title Original value: """ idrange-mod: properly handle empty --dom-name option """ -- Manage you

[Freeipa-devel] [freeipa PR#667][edited] idrange-mod: properly handle empty --dom-name option

2017-04-04 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/667 Author: flo-renaud Title: #667: idrange-mod: properly handle empty --dom-name option Action: edited Changed field: body Original value: """ When idrange-mod is called with --dom-name=, the CLI exits with ipa: ERROR: an int

[Freeipa-devel] [freeipa PR#667][synchronized] idrange-mod: properly handle empty --dom-name option

2017-04-04 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/667 Author: flo-renaud Title: #667: idrange-mod: properly handle empty --dom-name option Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/667/head:pr667 git

[Freeipa-devel] [freeipa PR#632][comment] ipa-sam: create the gidNumber attribute in the trusted domain entry

2017-04-03 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/632 Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry flo-renaud commented: """ Hi @abbra thank you for the review. PR updated following your comments, and with an upgrade plugin to handle existing

[Freeipa-devel] [freeipa PR#632][synchronized] ipa-sam: create the gidNumber attribute in the trusted domain entry

2017-04-03 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/632 Author: flo-renaud Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/632

[Freeipa-devel] [freeipa PR#678][opened] ipa-ca-install man page: Add domain level 1 help

2017-03-30 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/678 Author: flo-renaud Title: #678: ipa-ca-install man page: Add domain level 1 help Action: opened PR body: """ In domain level 1 ipa-ca-install does not require a replica-file. Update the man page to distinguish the domain lev

[Freeipa-devel] [freeipa PR#632][edited] ipa-sam: create the gidNumber attribute in the trusted domain entry

2017-03-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/632 Author: flo-renaud Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry Action: edited Changed field: body Original value: """ When a trusted domain entry is created, the uidNumber attri

[Freeipa-devel] [freeipa PR#632][comment] ipa-sam: create the gidNumber attribute in the trusted domain entry

2017-03-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/632 Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry flo-renaud commented: """ I updated the commit message with a different issue number, related to the "Failed to find a unix account" m

[Freeipa-devel] [freeipa PR#632][synchronized] ipa-sam: create the gidNumber attribute in the trusted domain entry

2017-03-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/632 Author: flo-renaud Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/632

[Freeipa-devel] [freeipa PR#667][opened] idrange-mod: properly handle empty --dom-name option

2017-03-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/667 Author: flo-renaud Title: #667: idrange-mod: properly handle empty --dom-name option Action: opened PR body: """ When idrange-mod is called with --dom-name=, the CLI exits with ipa: ERROR: an internal error has occurred This

[Freeipa-devel] [freeipa PR#661][opened] git-commit-template: update ticket url to use pagure.io instead of fe…

2017-03-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/661 Author: flo-renaud Title: #661: git-commit-template: update ticket url to use pagure.io instead of fe… Action: opened PR body: """ …dorahosted.org After the migration to pagure.io, tickets are accessed through another URL.

[Freeipa-devel] [freeipa PR#659][comment] WebUI: Allow to add certs to certmapping with CERT LINES around

2017-03-27 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/659 Title: #659: WebUI: Allow to add certs to certmapping with CERT LINES around flo-renaud commented: """ Hi @pvomacka , thank you for the patch, it works as expected. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#652][opened] dogtag-ipa-ca-renew-agent-submit: fix the is_replicated() function

2017-03-24 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/652 Author: flo-renaud Title: #652: dogtag-ipa-ca-renew-agent-submit: fix the is_replicated() function Action: opened PR body: """ dogtag-ipa-ca-renew-agent-submit behaves differently depending on the certificate it needs to rene

[Freeipa-devel] [freeipa PR#635][comment] man ipa-cacert-manage install needs clarification

2017-03-22 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/635 Title: #635: man ipa-cacert-manage install needs clarification flo-renaud commented: """ Hi @tomaskrizek thank you for the suggestion. PR updated. """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#635][synchronized] man ipa-cacert-manage install needs clarification

2017-03-22 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/635 Author: flo-renaud Title: #635: man ipa-cacert-manage install needs clarification Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/635/head:pr635 git

[Freeipa-devel] [freeipa PR#635][opened] man ipa-cacert-manage install needs clarification

2017-03-22 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/635 Author: flo-renaud Title: #635: man ipa-cacert-manage install needs clarification Action: opened PR body: """ The customers are often confused by ipa-cacert-manage install. The man page should make it clear that IPA CA is not

[Freeipa-devel] [freeipa PR#632][opened] ipa-sam: create the gidNumber attribute in the trusted domain entry

2017-03-21 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/632 Author: flo-renaud Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry Action: opened PR body: """ When a trusted domain entry is created, the uidNumber attribute is created but not the gidN

[Freeipa-devel] [freeipa PR#560][comment] rpcserver: x509_login: Handle unsuccessful certificate login gracefully

2017-03-15 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/560 Title: #560: rpcserver: x509_login: Handle unsuccessful certificate login gracefully flo-renaud commented: """ Hi, the invalid cert login correctly returns 401. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#560][+ack] rpcserver: x509_login: Handle unsuccessful certificate login gracefully

2017-03-15 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/560 Title: #560: rpcserver: x509_login: Handle unsuccessful certificate login gracefully Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#576][opened] Installation must publish CA cert in /usr/share/ipa/html/ca.crt

2017-03-13 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/576 Author: flo-renaud Title: #576: Installation must publish CA cert in /usr/share/ipa/html/ca.crt Action: opened PR body: """ Regression introduced with commit d124e30. ipa-server-install and ipa-replica-install must publish the

[Freeipa-devel] [freeipa PR#557][comment] certmap: load certificate from file in certmap-match CLI

2017-03-13 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/557 Title: #557: certmap: load certificate from file in certmap-match CLI flo-renaud commented: """ @HonzaCholasta Sorry, I forgot to ACK. You can push the PR. For the record, Issue [6746](https://pagure.io/freeipa/issue/6746) h

[Freeipa-devel] [freeipa PR#557][comment] certmap: load certificate from file in certmap-match CLI

2017-03-09 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/557 Title: #557: certmap: load certificate from file in certmap-match CLI flo-renaud commented: """ Hi @HonzaCholasta thank you for this patch. There is a minor issue when --certificate is specified multiple times: ``` ipa

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-03-08 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card flo-renaud commented: """ @dkupka I added the following explanation in the doc for certmap_match: """ Search for users mat

[Freeipa-devel] [freeipa PR#516][synchronized] IdM Server: list all Employees with matching Smart Card

2017-03-08 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Author: flo-renaud Title: #516: IdM Server: list all Employees with matching Smart Card Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/516/head:pr516 git

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-03-07 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card flo-renaud commented: """ Hi @dkupka As the goal of this command is to return exactly the same list of users as SSSD would consider for authentication, IMHO

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-03-07 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card flo-renaud commented: """ Hi @HonzaCholasta sorry I overlooked the change for count. It's updated now, thank you for the review. """

[Freeipa-devel] [freeipa PR#516][synchronized] IdM Server: list all Employees with matching Smart Card

2017-03-07 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Author: flo-renaud Title: #516: IdM Server: list all Employees with matching Smart Card Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/516/head:pr516 git

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-03-06 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card flo-renaud commented: """ Hi @HonzaCholasta thank you for your comments. Patch rebased. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#516][synchronized] IdM Server: list all Employees with matching Smart Card

2017-03-06 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Author: flo-renaud Title: #516: IdM Server: list all Employees with matching Smart Card Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/516/head:pr516 git

[Freeipa-devel] [freeipa PR#519][+ack] WebUI: add sizelimit:0 to cert-find

2017-03-03 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/519 Title: #519: WebUI: add sizelimit:0 to cert-find Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#519][comment] WebUI: add sizelimit:0 to cert-find

2017-03-03 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/519 Title: #519: WebUI: add sizelimit:0 to cert-find flo-renaud commented: """ Hi @pvomacka , thank you, the fix works as expected. """ See the full comment at https://github.com/freeipa/freeipa/pull/519#issuecom

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-03-03 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card flo-renaud commented: """ @abbra , Thanks for your comment. Running in permissive mode I did not see any AVC logged in the journal. @HonzaCholasta thanks

[Freeipa-devel] [freeipa PR#400][comment] WebUI: Certificate Mapping

2017-03-03 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/400 Title: #400: WebUI: Certificate Mapping flo-renaud commented: """ Hi @pvomacka thank you, LGTM. """ See the full comment at https://github.com/freeipa/freeipa/pull/400#issuecomment-283923415 -- Manage your subs

[Freeipa-devel] [freeipa PR#536][opened] ipa systemd unit should define Wants=network instead of Requires=network

2017-03-03 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/536 Author: flo-renaud Title: #536: ipa systemd unit should define Wants=network instead of Requires=network Action: opened PR body: """ The file ipa.service defines Requires=network.target which means that ipa stack will be

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-03-02 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card flo-renaud commented: """ @abbra , Thanks for your comment. Running in permissive mode I did not see any AVC logged in the journal. @HonzaCholasta thanks

[Freeipa-devel] [freeipa PR#516][synchronized] IdM Server: list all Employees with matching Smart Card

2017-03-02 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Author: flo-renaud Title: #516: IdM Server: list all Employees with matching Smart Card Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/516/head:pr516 git

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-02-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card flo-renaud commented: """ Hi @simo5 The command must also be able to return matching entries coming from trusted domains, and SSSD is able to handle this part f

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-02-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card flo-renaud commented: """ Note: this PR is work in progress. It requires PR#398 Support for Certificate Identity Mapping and sssd patches not pushed yet. &q

[Freeipa-devel] [freeipa PR#516][opened] IdM Server: list all Employees with matching Smart Card

2017-02-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/516 Author: flo-renaud Title: #516: IdM Server: list all Employees with matching Smart Card Action: opened PR body: """ Implement a new IPA command allowing to retrieve the list of users matching the provided certificate. The comman

[Freeipa-devel] [freeipa PR#400][comment] WebUI: Certificate Mapping

2017-02-28 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/400 Title: #400: WebUI: Certificate Mapping flo-renaud commented: """ Hi @pvomacka Thank you for the updated PR. I probably wongly advised you to replace 'usercertificate' with 'certificate' in one extra place where it was not need

[Freeipa-devel] [freeipa PR#508][comment] Fix ipa.service unit re. gssproxy

2017-02-27 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/508 Title: #508: Fix ipa.service unit re. gssproxy flo-renaud commented: """ @simo5 @abbra I agree but this should be tracked in a separate issue. """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#412][comment] Define template version in certmap.conf

2017-02-25 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/412 Title: #412: Define template version in certmap.conf flo-renaud commented: """ Hi @MartinBasti , patch rebased """ See the full comment at https://github.com/freeipa/freeipa/pull/412#issuecomment-28246959

[Freeipa-devel] [freeipa PR#412][synchronized] Define template version in certmap.conf

2017-02-25 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/412 Author: flo-renaud Title: #412: Define template version in certmap.conf Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/412/head:pr412 git checkout pr412

[Freeipa-devel] [freeipa PR#508][opened] Fix ipa.service unit re. gssproxy

2017-02-24 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/508 Author: flo-renaud Title: #508: Fix ipa.service unit re. gssproxy Action: opened PR body: """ ipa.service unit defines Requires=gssproxy. Because of this, during ipa-server-upgrade, the restart of gssproxy triggers a restart of

[Freeipa-devel] [freeipa PR#412][comment] Define template version in certmap.conf

2017-02-23 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/412 Title: #412: Define template version in certmap.conf flo-renaud commented: """ Bump for review """ See the full comment at https://github.com/freeipa/freeipa/pull/412#issuecomment-281931336 -- Manage your subs

[Freeipa-devel] [freeipa PR#496][+ack] Use newer Certificate.serial_number in krainstance.py

2017-02-23 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/496 Title: #496: Use newer Certificate.serial_number in krainstance.py Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#496][comment] Use newer Certificate.serial_number in krainstance.py

2017-02-23 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/496 Title: #496: Use newer Certificate.serial_number in krainstance.py flo-renaud commented: """ Hi @stlaz , the warning `/usr/lib/python2.7/site-packages/ipaserver/install/krainstance.py:316: DeprecationWarning: Certificate seria

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

2017-02-22 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping flo-renaud commented: """ Hi @sumit-bose , I am not able to reproduce this issue: `[root@vm-161 ~]# kinit -k [root@vm-161 ~]# klist Ticket cache: KEYRING:persistent:0:krb

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-21 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-21 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-21 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-20 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#478][opened] [4.4] Do not configure PKI ajp redirection to use "::1"

2017-02-17 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/478 Author: flo-renaud Title: #478: [4.4] Do not configure PKI ajp redirection to use "::1" Action: opened PR body: """ When ipa-server-install configures PKI, it provides a configuration file with the paramete

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

2017-02-15 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping flo-renaud commented: """ PR updated with the check on domain in certmaprule-add/mod. """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-15 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

2017-02-15 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping flo-renaud commented: """ @HonzaCholasta PR updated according to your comments. Thanks for the detailed review! """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-15 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

2017-02-14 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping flo-renaud commented: """ Hi @HonzaCholasta PR updated with `ipa user-add-certmapdata` using positional arg for CERTMAPDATA """ See the full comment at http

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-14 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-14 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

2017-02-14 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping flo-renaud commented: """ Hi @HonzaCholasta, PR updated with most of your comments, except the suggestion to use default_from. Please see my answer inline for this one. &q

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-13 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-13 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-02-13 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#395][synchronized] Configure PKI ajp redirection to use "localhost" instead of "::1"

2017-02-06 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/395 Author: flo-renaud Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1" Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetc

[Freeipa-devel] [freeipa PR#395][comment] Configure PKI ajp redirection to use "localhost" instead of "::1"

2017-02-06 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/395 Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1" flo-renaud commented: """ Hi, PR updated with dependency on pki 10.3.5-11 (note that this package is currently available in fed

[Freeipa-devel] [freeipa PR#425][opened] ipa-kra-install must create directory if it does not exist

2017-01-31 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/425 Author: flo-renaud Title: #425: ipa-kra-install must create directory if it does not exist Action: opened PR body: """ ipa-kra-install creates an admin cert file in /root/.dogtag/pki-tomcat/ca_admin.cert but does not check

[Freeipa-devel] [freeipa PR#412][opened] Define template version in certmap.conf

2017-01-24 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/412 Author: flo-renaud Title: #412: Define template version in certmap.conf Action: opened PR body: """ A previous commit (ffb9a09a0d63f7edae2b647b5c1d503d1d4d7a6e) removed the definition of VERSION 2 in certmap.conf.template. ipa

[Freeipa-devel] [freeipa PR#395][comment] Configure PKI ajp redirection to use "localhost" instead of "::1"

2017-01-23 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/395 Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1" flo-renaud commented: """ This PR has been modified to be consistent with PKI fix for [2570](https://fedorahosted.org/pki/ticke

[Freeipa-devel] [freeipa PR#395][synchronized] Configure PKI ajp redirection to use "localhost" instead of "::1"

2017-01-23 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/395 Author: flo-renaud Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1" Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetc

[Freeipa-devel] [freeipa PR#405][opened] ipa-restore must stop tracking PKINIT cert in the preparation phase

2017-01-19 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/405 Author: flo-renaud Title: #405: ipa-restore must stop tracking PKINIT cert in the preparation phase Action: opened PR body: """ ipa-restore calls certmonger to stop tracking the PKI certs, HTTP and DS certs. It must als

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-01-19 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][synchronized] Support for Certificate Identity Mapping

2017-01-18 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/398/head:pr398 git checkout pr398

[Freeipa-devel] [freeipa PR#398][opened] Support for Certificate Identity Mapping

2017-01-18 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: opened PR body: """ See design http://www.freeipa.org/page/V4/Certificate_Identity_Mapping https://fedorahosted.org/freeipa/ticket/6542 ""

  1   2   >