Re: [Freeipa-devel] [PATCH] 996 fix unit tests

2012-03-26 Thread Martin Kosek
On Fri, 2012-03-23 at 23:05 +0100, Ondrej Hamada wrote: On 03/23/2012 08:12 PM, Rob Crittenden wrote: A few unit tests were failing due to new type enforcement and comman support. Unit tests are passing 100% for me with this. rob

Re: [Freeipa-devel] [PATCH] 0031 Add missing BuildRequires

2012-03-26 Thread Martin Kosek
On Fri, 2012-03-23 at 21:59 +0200, Alexander Bokovoy wrote: On Fri, 23 Mar 2012, Petr Viktorin wrote: Since our build process runs pylint, we need all Python dependencies installed at RPM creation time. This adds python-lxml and python-pyasn1 to BuildRequires.

Re: [Freeipa-devel] [PATCH] 995 update min version of 389-ds-base

2012-03-26 Thread Martin Kosek
On Fri, 2012-03-23 at 16:36 -0400, Rob Crittenden wrote: Petr Viktorin wrote: On 03/23/2012 08:11 PM, Rob Crittenden wrote: Rob Crittenden wrote: Set new minimum version of 389-ds-base to fix db corruption during upgrade problem. This patch is against 2.2. Corrected changelog

Re: [Freeipa-devel] [PATCH 66] Replace broken i18n shell test with Python test

2012-03-26 Thread Petr Viktorin
On 03/23/2012 10:33 PM, John Dennis wrote: Attached is is a new patch addressing Petr's review comment as well as some sample output for illustration purposes (I suggest you review the example.txt). Rather than wading through a log of dialog in the previous emails let me address Petr's issues

Re: [Freeipa-devel] [PATCH] 0027 Use valid argument names in tests

2012-03-26 Thread Petr Viktorin
On 03/14/2012 05:02 PM, Petr Viktorin wrote: This patch depends on my patch 0024 (but I can rebase if it needs to be pushed earlied). It fixes some of the test bugs that would be found by a fix for https://fedorahosted.org/freeipa/ticket/2509 (Unknown Command arguments are allowed (and

Re: [Freeipa-devel] [PATCH] 994 set nsslapd-minssf-exclude-rootdse

2012-03-26 Thread Martin Kosek
On Thu, 2012-03-22 at 17:21 -0400, Rob Crittenden wrote: If minssf is set in configuration and this is not set then clients won't be able to detect the available namingContexts, defaultNamingContext, capabilities, etc. This was requested by the SSSD team. rob ACK. Works fine - RootDSE

Re: [Freeipa-devel] [PATCH] 994 set nsslapd-minssf-exclude-rootdse

2012-03-26 Thread Martin Kosek
On Mon, 2012-03-26 at 14:29 +0200, Martin Kosek wrote: On Thu, 2012-03-22 at 17:21 -0400, Rob Crittenden wrote: If minssf is set in configuration and this is not set then clients won't be able to detect the available namingContexts, defaultNamingContext, capabilities, etc. This was

Re: [Freeipa-devel] [PATCH] 994 set nsslapd-minssf-exclude-rootdse

2012-03-26 Thread Simo Sorce
On Mon, 2012-03-26 at 14:29 +0200, Martin Kosek wrote: On Thu, 2012-03-22 at 17:21 -0400, Rob Crittenden wrote: If minssf is set in configuration and this is not set then clients won't be able to detect the available namingContexts, defaultNamingContext, capabilities, etc. This was

Re: [Freeipa-devel] [PATCH] 994 set nsslapd-minssf-exclude-rootdse

2012-03-26 Thread Martin Kosek
On Mon, 2012-03-26 at 08:37 -0400, Simo Sorce wrote: On Mon, 2012-03-26 at 14:29 +0200, Martin Kosek wrote: On Thu, 2012-03-22 at 17:21 -0400, Rob Crittenden wrote: If minssf is set in configuration and this is not set then clients won't be able to detect the available namingContexts,

[Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-26 Thread Jan Cholasta
https://fedorahosted.org/freeipa/ticket/2521 Honza -- Jan Cholasta From 8c078285b4703f3ddb991665ec4a548b44a3e97d Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Mon, 26 Mar 2012 07:11:41 -0400 Subject: [PATCH] Fix uses of O=REALM instead of the configured certificate

Re: [Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-26 Thread Rob Crittenden
Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2521 Honza You can still set a custom subject base for selfsign installations so you need a special case in valid_issuer(). I wonder if this comparison should be case insensitive too. It may also be an optimization to cache the

Re: [Freeipa-devel] [PATCH] 42-3 Add CleanRUV Task to ipa-replica-manage del

2012-03-26 Thread Martin Kosek
On Wed, 2012-02-29 at 07:10 +, JR Aquino wrote: On Feb 28, 2012, at 10:44 AM, JR Aquino wrote: On Feb 24, 2012, at 3:09 PM, JR Aquino wrote: ipa-replica-manage del causes tombstone entries to remain in 389 DS. This has proven to be problematic. We can automatically perform

Re: [Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-26 Thread Jan Cholasta
On 26.3.2012 16:15, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2521 Honza You can still set a custom subject base for selfsign installations so you need a special case in valid_issuer(). For selfsign installations, the issuer is always CN=REALM

Re: [Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-26 Thread Jenny Galipeau
On 03/26/2012 11:28 AM, Jan Cholasta wrote: On 26.3.2012 16:15, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2521 Honza You can still set a custom subject base for selfsign installations so you need a special case in valid_issuer(). For selfsign

Re: [Freeipa-devel] [PATCH 66] Replace broken i18n shell test with Python test

2012-03-26 Thread John Dennis
On 03/26/2012 04:24 AM, Petr Viktorin wrote: Great! Just two issues now. According to the style guide, we do allow %s in a string iff it only appears once. The reason for named substitutions is that the word order can be changed, providing context is just secondary. Why does the checker report

Re: [Freeipa-devel] [PATCH 66] Replace broken i18n shell test with Python test

2012-03-26 Thread Petr Viktorin
On 03/26/2012 05:49 PM, John Dennis wrote: On 03/26/2012 04:24 AM, Petr Viktorin wrote: Great! Just two issues now. According to the style guide, we do allow %s in a string iff it only appears once. The reason for named substitutions is that the word order can be changed, providing context is

Re: [Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-26 Thread Rob Crittenden
Jenny Galipeau wrote: On 03/26/2012 11:28 AM, Jan Cholasta wrote: On 26.3.2012 16:15, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2521 Honza You can still set a custom subject base for selfsign installations so you need a special case in

Re: [Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-26 Thread Jenny Galipeau
On 03/26/2012 01:40 PM, Rob Crittenden wrote: Jenny Galipeau wrote: On 03/26/2012 11:28 AM, Jan Cholasta wrote: On 26.3.2012 16:15, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2521 Honza You can still set a custom subject base for selfsign

Re: [Freeipa-devel] [PATCH] 0029 Check expected error messages in tests

2012-03-26 Thread Rob Crittenden
Petr Viktorin wrote: On 03/20/2012 01:39 PM, Petr Viktorin wrote: This patch adds checking error messages, not just types, to the XML-RPC tests. The checking is still somewhat hackish, since XML-RPC doesn't give us structured error info, but it should protect against regressions on issues like

Re: [Freeipa-devel] [PATCH] 72 Fix uses of O=REALM instead of the configured certificate subject base

2012-03-26 Thread Rob Crittenden
Jan Cholasta wrote: On 26.3.2012 16:15, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/2521 Honza You can still set a custom subject base for selfsign installations so you need a special case in valid_issuer(). For selfsign installations, the issuer is

Re: [Freeipa-devel] [PATCH] 15 Confusing default user groups

2012-03-26 Thread Rob Crittenden
Ondrej Hamada wrote: On 03/19/2012 05:25 PM, Martin Kosek wrote: On Tue, 2012-03-06 at 19:07 +0100, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2354 There was added '(fallback)' string in the automember plugin labels referring to automember default groups to point out, that

Re: [Freeipa-devel] [PATCH 66] Replace broken i18n shell test with Python test

2012-03-26 Thread John Dennis
On 03/26/2012 04:34 PM, John Dennis wrote: On 03/26/2012 01:11 PM, Petr Viktorin wrote: Just a one-liner: The docstring of validate_anonymous_substitutions isn't up to par ­­– there's a missing quote, extra “a”, and the '%s occurred' has no context. I suggest: We do not permit multiple

Re: [Freeipa-devel] [PATCHES] 0025-26 Test improvements

2012-03-26 Thread Rob Crittenden
Petr Viktorin wrote: Patch 25 fixes errors I found by running pylint on the testsuite. They were in code that was unused, either by error or because it only runs on errors. Patch 26 adds a test for the batch plugin. In patch 25 the second test_internal_error should really be

Re: [Freeipa-devel] [PATCH] 236 Amend permissions for new DNS attributes

2012-03-26 Thread Rob Crittenden
Martin Kosek wrote: New features in bind-dyndb-ldap and IPA DNS plugin pulled new attributes and objectclasses. ACIs and permissions need to be updated to allow users with appropriate permissions update these attributes in LDAP. This patch updates the ACI for DNS record updates and adds one new

Re: [Freeipa-devel] [PATCH] 237 Improve user awareness about dnsconfig

2012-03-26 Thread Rob Crittenden
Martin Kosek wrote: Global DNS configuration is a nice tool to maintain a common DNS settings stored in LDAP which are then used for all enrolled IPA servers. However, the settings stored in LDAP override local settings in named.conf on DNS servers. This patch adds more information about global