Re: [Freeipa-devel] [PATCH 0019] Forbid overlapping primary and secondary rid ranges

2012-10-18 Thread Tomas Babej
On 10/17/2012 08:12 PM, Sumit Bose wrote: On Wed, Oct 17, 2012 at 03:29:11PM +0200, Tomas Babej wrote: On 10/17/2012 02:34 PM, Sumit Bose wrote: On Wed, Oct 17, 2012 at 12:59:52PM +0200, Tomas Babej wrote: On 10/17/2012 11:14 AM, Sumit Bose wrote: On Tue, Oct 16, 2012 at 02:26:24PM +0200,

Re: [Freeipa-devel] Unit tests failing on F18

2012-10-18 Thread Martin Kosek
On 10/18/2012 12:04 AM, Rob Crittenden wrote: Martin Kosek wrote: Hello, I was investigating global unit test failure on Fedora 18 for most of today, I would like to share results I found so far. Unit test and its related scripts on F18 now reports NSS BUSY exception, just like this one:

Re: [Freeipa-devel] [PATCH] 87 extdom: handle INP_POSIX_UID and INP_POSIX_GID requests

2012-10-18 Thread Martin Kosek
On 10/17/2012 02:15 PM, Alexander Bokovoy wrote: On Thu, 11 Oct 2012, Sumit Bose wrote: Hi, I found this issue while working on a related sssd bug https://fedorahosted.org/sssd/ticket/1561 . This patch allows the clients to send a request map a UID or GID for a trusted user to the name of

Re: [Freeipa-devel] [PATCH 75] log dogtag errors

2012-10-18 Thread Petr Viktorin
On 10/17/2012 08:23 PM, John Dennis wrote: On 10/12/2012 04:35 AM, Petr Viktorin wrote: On 10/11/2012 06:53 PM, John Dennis wrote: On 04/28/2012 09:50 AM, John Dennis wrote: On 04/27/2012 04:45 AM, Petr Viktorin wrote: On 04/20/2012 08:07 PM, John Dennis wrote: Ticket #2622 If we get an

Re: [Freeipa-devel] [PATCH 0018] Make service naming in ipa-server-install consistent

2012-10-18 Thread Martin Kosek
On 10/11/2012 05:11 PM, Tomas Babej wrote: On 10/11/2012 12:32 PM, Martin Kosek wrote: On 10/11/2012 12:26 PM, Tomas Babej wrote: Hi, This patch forces more consistency into ipa-server-install output. All descriptions of services that are not instances of SimpleServiceInstance are now in

[Freeipa-devel] [PATCH] 324 Add fallback for httpd restarts

2012-10-18 Thread Martin Kosek
Attaching a script I used to reproduce the issue on machine with sysV (RHEL 6.4 in my case). With the patch applied, httpd restarts correctly fallback-ed. If you think that the wait is not enough, I can add a more complicated procedure, like this one: wait_time = 5 retries = 3 for x in

Re: [Freeipa-devel] [PATCH] 324 Add fallback for httpd restarts

2012-10-18 Thread Rob Crittenden
Martin Kosek wrote: Attaching a script I used to reproduce the issue on machine with sysV (RHEL 6.4 in my case). With the patch applied, httpd restarts correctly fallback-ed. If you think that the wait is not enough, I can add a more complicated procedure, like this one: wait_time = 5 retries

Re: [Freeipa-devel] [PATCH] 324 Add fallback for httpd restarts

2012-10-18 Thread Martin Kosek
On 10/18/2012 02:47 PM, Rob Crittenden wrote: Martin Kosek wrote: Attaching a script I used to reproduce the issue on machine with sysV (RHEL 6.4 in my case). With the patch applied, httpd restarts correctly fallback-ed. If you think that the wait is not enough, I can add a more complicated

Re: [Freeipa-devel] [PATCH] 324 Add fallback for httpd restarts

2012-10-18 Thread Rob Crittenden
Martin Kosek wrote: On 10/18/2012 02:47 PM, Rob Crittenden wrote: Martin Kosek wrote: Attaching a script I used to reproduce the issue on machine with sysV (RHEL 6.4 in my case). With the patch applied, httpd restarts correctly fallback-ed. If you think that the wait is not enough, I can add

Re: [Freeipa-devel] [PATCH] 324 Add fallback for httpd restarts

2012-10-18 Thread Martin Kosek
On 10/18/2012 04:36 PM, Rob Crittenden wrote: Martin Kosek wrote: On 10/18/2012 02:47 PM, Rob Crittenden wrote: Martin Kosek wrote: Attaching a script I used to reproduce the issue on machine with sysV (RHEL 6.4 in my case). With the patch applied, httpd restarts correctly fallback-ed. If

Re: [Freeipa-devel] [PATCH 0020] Refactoring of default.conf man page

2012-10-18 Thread Rob Crittenden
Tomas Babej wrote: Hi, Description for the 'server' and 'wait_for_attr' option has been added. Option 'server' has been marked as deprecated, as it is not used anywhere in IPA code. All the options have been sorted lexicographically. Please provide feedback for added descriptions: +.TP +.B

Re: [Freeipa-devel] [PATCH] 323 Report ipa-upgradeconfig errors during RPM upgrade

2012-10-18 Thread Rob Crittenden
Martin Kosek wrote: Report errors just like with ipa-ldap-updater. These messages should warn user that some parts of the upgrades may have not been successful and he should follow up on them. Otherwise, user may not notice them at all. ipa-upgradeconfig logging has been made consistent with

Re: [Freeipa-devel] [PATCH] 223 Simpler instructions to generate certificate

2012-10-18 Thread Rob Crittenden
Petr Vobornik wrote: Instructions to generate certificate were simplified. New instructions: 1) Create a certificate database or use an existing one. To create a new database: # certutil -N -d database path 2) Create a CSR with subject CN=hostname,O=realm, for example: # certutil

Re: [Freeipa-devel] [PATCH] 323 Report ipa-upgradeconfig errors during RPM upgrade

2012-10-18 Thread Martin Kosek
On 10/18/2012 05:22 PM, Rob Crittenden wrote: Martin Kosek wrote: Report errors just like with ipa-ldap-updater. These messages should warn user that some parts of the upgrades may have not been successful and he should follow up on them. Otherwise, user may not notice them at all.

Re: [Freeipa-devel] [PATCH] 500 Fix shutdown issues with systemd

2012-10-18 Thread Rob Crittenden
Simo Sorce wrote: Also improve shutdown reliability and restart behavior so we always kill all the processes we started even if the list of processes to handle changed in LDAP. Fixes: https://fedorahosted.org/freeipa/ticket/2302 Should this list be updated if we do a post-install of DNS or

Re: [Freeipa-devel] [PATCH] 500 Fix shutdown issues with systemd

2012-10-18 Thread Simo Sorce
On Thu, 2012-10-18 at 11:37 -0400, Rob Crittenden wrote: Simo Sorce wrote: Also improve shutdown reliability and restart behavior so we always kill all the processes we started even if the list of processes to handle changed in LDAP. Fixes: https://fedorahosted.org/freeipa/ticket/2302

Re: [Freeipa-devel] [PATCH] 0091 ipautil.run: Log the command line before running the command

2012-10-18 Thread Rob Crittenden
Jan Cholasta wrote: On 16.10.2012 17:26, Petr Viktorin wrote: On 10/16/2012 04:53 PM, Jan Cholasta wrote: On 16.10.2012 16:27, Petr Viktorin wrote: On 10/16/2012 04:02 PM, Jan Cholasta wrote: Hi, On 15.10.2012 14:45, Petr Viktorin wrote: As I was debugging code that calls long-running or

Re: [Freeipa-devel] [PATCH] 500 Fix shutdown issues with systemd

2012-10-18 Thread Rob Crittenden
Simo Sorce wrote: On Thu, 2012-10-18 at 11:37 -0400, Rob Crittenden wrote: Simo Sorce wrote: Also improve shutdown reliability and restart behavior so we always kill all the processes we started even if the list of processes to handle changed in LDAP. Fixes:

Re: [Freeipa-devel] [PATCH] 323 Report ipa-upgradeconfig errors during RPM upgrade

2012-10-18 Thread Rob Crittenden
Martin Kosek wrote: On 10/18/2012 05:22 PM, Rob Crittenden wrote: Martin Kosek wrote: Report errors just like with ipa-ldap-updater. These messages should warn user that some parts of the upgrades may have not been successful and he should follow up on them. Otherwise, user may not notice them

Re: [Freeipa-devel] [PATCH] 500 Fix shutdown issues with systemd

2012-10-18 Thread Simo Sorce
On Thu, 2012-10-18 at 11:51 -0400, Rob Crittenden wrote: Simo Sorce wrote: On Thu, 2012-10-18 at 11:37 -0400, Rob Crittenden wrote: Simo Sorce wrote: Also improve shutdown reliability and restart behavior so we always kill all the processes we started even if the list of processes to

Re: [Freeipa-devel] [PATCH 75] log dogtag errors

2012-10-18 Thread John Dennis
On 10/18/2012 05:06 AM, Petr Viktorin wrote: This looks much better. I found one more issue, though. +if detail is not None: +err_msg += ' (%s)' % detail Here I get TypeError: unsupported operand type(s) for +=: 'Gettext' and 'unicode'. Until our Gettext class supports

Re: [Freeipa-devel] [PATCH 0017] Improve error message in ipa-replica-manage

2012-10-18 Thread Rob Crittenden
Tomas Babej wrote: On 10/02/2012 03:55 PM, Rob Crittenden wrote: Tomas Babej wrote: Hi, When executing ipa-replica-manage connect to an unknown or irrelevant master, we now print a sensible error message informing the user about this possiblity as well.

[Freeipa-devel] Search global catalog for trusted domain SIDs

2012-10-18 Thread Alexander Bokovoy
Hi, this is work in progress, shared mostly to get comments. Simo, Sumit, this is an attempt to resolve external group members from trusted domains using their Global Catalog services. The code quickly became complex because it needs to do a lot of additional activity. A rough sequence is

Re: [Freeipa-devel] [PATCH] 500 Fix shutdown issues with systemd

2012-10-18 Thread Alexander Bokovoy
On Thu, 18 Oct 2012, Rob Crittenden wrote: Simo Sorce wrote: Also improve shutdown reliability and restart behavior so we always kill all the processes we started even if the list of processes to handle changed in LDAP. Fixes: https://fedorahosted.org/freeipa/ticket/2302 Should this list be

Re: [Freeipa-devel] Search global catalog for trusted domain SIDs

2012-10-18 Thread Simo Sorce
On Thu, 2012-10-18 at 22:00 +0300, Alexander Bokovoy wrote: Hi, this is work in progress, shared mostly to get comments. Simo, Sumit, this is an attempt to resolve external group members from trusted domains using their Global Catalog services. The code quickly became complex because it

Re: [Freeipa-devel] Unit tests failing on F18

2012-10-18 Thread Rob Crittenden
Martin Kosek wrote: On 10/18/2012 12:04 AM, Rob Crittenden wrote: Martin Kosek wrote: Hello, I was investigating global unit test failure on Fedora 18 for most of today, I would like to share results I found so far. Unit test and its related scripts on F18 now reports NSS BUSY exception,

[Freeipa-devel] [PATCH] 1066 requesting certs with subject alt name

2012-10-18 Thread Rob Crittenden
We were seeing a unicode failure when trying to request a certificate with subject alt names. This one-liner should fix it. rob From 80e54a8efe98326f03a331bae4564727df4ca9d7 Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Wed, 17 Oct 2012 13:44:45 -0400 Subject: [PATCH]

Re: [Freeipa-devel] Search global catalog for trusted domain SIDs

2012-10-18 Thread Sumit Bose
On Thu, Oct 18, 2012 at 10:00:54PM +0300, Alexander Bokovoy wrote: Hi, this is work in progress, shared mostly to get comments. Simo, Sumit, this is an attempt to resolve external group members from trusted domains using their Global Catalog services. The code quickly became complex

Re: [Freeipa-devel] [PATCH 0019] Forbid overlapping primary and secondary rid ranges

2012-10-18 Thread Sumit Bose
On Thu, Oct 18, 2012 at 08:31:50AM +0200, Tomas Babej wrote: On 10/17/2012 08:12 PM, Sumit Bose wrote: On Wed, Oct 17, 2012 at 03:29:11PM +0200, Tomas Babej wrote: On 10/17/2012 02:34 PM, Sumit Bose wrote: On Wed, Oct 17, 2012 at 12:59:52PM +0200, Tomas Babej wrote: On 10/17/2012 11:14 AM,

Re: [Freeipa-devel] Search global catalog for trusted domain SIDs

2012-10-18 Thread Alexander Bokovoy
On Thu, 18 Oct 2012, Sumit Bose wrote: On Thu, Oct 18, 2012 at 10:00:54PM +0300, Alexander Bokovoy wrote: Hi, this is work in progress, shared mostly to get comments. Simo, Sumit, this is an attempt to resolve external group members from trusted domains using their Global Catalog services.

Re: [Freeipa-devel] Search global catalog for trusted domain SIDs

2012-10-18 Thread Sumit Bose
On Thu, Oct 18, 2012 at 11:42:34PM +0300, Alexander Bokovoy wrote: On Thu, 18 Oct 2012, Sumit Bose wrote: On Thu, Oct 18, 2012 at 10:00:54PM +0300, Alexander Bokovoy wrote: Hi, this is work in progress, shared mostly to get comments. Simo, Sumit, this is an attempt to resolve external

Re: [Freeipa-devel] Search global catalog for trusted domain SIDs

2012-10-18 Thread Alexander Bokovoy
On Thu, 18 Oct 2012, Sumit Bose wrote: On Thu, Oct 18, 2012 at 11:42:34PM +0300, Alexander Bokovoy wrote: On Thu, 18 Oct 2012, Sumit Bose wrote: On Thu, Oct 18, 2012 at 10:00:54PM +0300, Alexander Bokovoy wrote: Hi, this is work in progress, shared mostly to get comments. Simo, Sumit, this is