Re: [Freeipa-devel] [PATCH] 0029 Make sure replication works after DM password is changed

On 05/15/2013 01:36 PM, Ana Krivokapic wrote: On 05/15/2013 12:29 PM, Petr Viktorin wrote: On 05/15/2013 12:04 PM, Tomas Babej wrote: On 05/15/2013 11:40 AM, Ana Krivokapic wrote: Hello, See the commit message for details. https://fedorahosted.org/freeipa/ticket/3594 _

Re: [Freeipa-devel] [PATCH] 0033 Fail when adding a trust with a different range

On 05/31/2013 12:08 PM, Ana Krivokapic wrote: Hello, This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3635. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Hi, the pa

Re: [Freeipa-devel] [PATCH] 0035 Prevent error when running IPA commands with su/sudo

On 06/06/2013 01:31 PM, Tomas Babej wrote: > On 06/06/2013 12:58 PM, Ana Krivokapic wrote: >> Hello, >> >> This patch fixes https://fedorahosted.org/freeipa/ticket/3685. >> >> >> >> ___ >> Freeipa-devel mailing list >> Freeipa-devel@redhat.com >> https://

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

On 06/07/2013 03:47 AM, freeipa wrote: > #3668: CA-less install fails when intermediate CA is used > -+- >Reporter: jcholast | Owner: jcholast >Type: defect |

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

On 06/07/2013 02:04 PM, Dmitri Pal wrote: > On 06/07/2013 03:47 AM, freeipa wrote: >> #3668: CA-less install fails when intermediate CA is used >> -+- >>Reporter: jcholast | Owner: jcholast >>

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

On 06/07/2013 08:26 AM, Martin Kosek wrote: > On 06/07/2013 02:04 PM, Dmitri Pal wrote: >> On 06/07/2013 03:47 AM, freeipa wrote: >>> #3668: CA-less install fails when intermediate CA is used >>> -+- >>>Reporter

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

On 7.6.2013 14:26, Martin Kosek wrote: On 06/07/2013 02:04 PM, Dmitri Pal wrote: On 06/07/2013 03:47 AM, freeipa wrote: #3668: CA-less install fails when intermediate CA is used -+- Reporter: jcholast |

[Freeipa-devel] Configuring FreeIPA with JBoss EAP

Hello Jan a Peter, freeipa-devel users, There was recently a project of integrating FreeIPA server with Jboss EAP. One of the results of this project should be a script able to conveniently configure JBoss EAP on a machine to use FreeIPA as an identity&authentication backend. What I would like to

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

On 7.6.2013 14:54, Dmitri Pal wrote: On 06/07/2013 08:26 AM, Martin Kosek wrote: On 06/07/2013 02:04 PM, Dmitri Pal wrote: On 06/07/2013 03:47 AM, freeipa wrote: #3668: CA-less install fails when intermediate CA is used -+

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

On 06/07/2013 08:57 AM, Jan Cholasta wrote: Yes, this is correct. The DS certificate must be directly signed by the CA trusted by IPA (specified by --root-ca-cert in ipa-server-install), there may be no intermediate CAs, because ldapsearch and friends and python-ldap don't like them. That doesn

Re: [Freeipa-devel] Configuring FreeIPA with JBoss EAP

On 06/07/2013 08:58 AM, Martin Kosek wrote: > Hello Jan a Peter, freeipa-devel users, > > There was recently a project of integrating FreeIPA server with Jboss EAP. One > of the results of this project should be a script able to conveniently > configure JBoss EAP on a machine to use FreeIPA as an i

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

On 06/07/2013 09:08 AM, Jan Cholasta wrote: > On 7.6.2013 14:54, Dmitri Pal wrote: >> On 06/07/2013 08:26 AM, Martin Kosek wrote: >>> On 06/07/2013 02:04 PM, Dmitri Pal wrote: On 06/07/2013 03:47 AM, freeipa wrote: > #3668: CA-less install fails when intermediate CA is used > -

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

On 7.6.2013 15:17, John Dennis wrote: On 06/07/2013 08:57 AM, Jan Cholasta wrote: Yes, this is correct. The DS certificate must be directly signed by the CA trusted by IPA (specified by --root-ca-cert in ipa-server-install), there may be no intermediate CAs, because ldapsearch and friends and py

Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types

On 06/06/2013 12:00 PM, Alexander Bokovoy wrote: On Thu, 06 Jun 2013, Tomas Babej wrote: From 0580d3c03319c72d731d0598b19e633fc536b866 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 30 May 2013 14:07:09 +0200 Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType attribute P

Re: [Freeipa-devel] Configuring FreeIPA with JBoss EAP

On 06/07/2013 03:21 PM, Dmitri Pal wrote: > On 06/07/2013 08:58 AM, Martin Kosek wrote: >> Hello Jan a Peter, freeipa-devel users, >> >> There was recently a project of integrating FreeIPA server with Jboss EAP. >> One >> of the results of this project should be a script able to conveniently >> co

Re: [Freeipa-devel] Configuring FreeIPA with JBoss EAP

On Fri, 07 Jun 2013, Dmitri Pal wrote: On 06/07/2013 08:58 AM, Martin Kosek wrote: Hello Jan a Peter, freeipa-devel users, There was recently a project of integrating FreeIPA server with Jboss EAP. One of the results of this project should be a script able to conveniently configure JBoss EAP on

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

On 06/07/2013 09:26 AM, Jan Cholasta wrote: On 7.6.2013 15:17, John Dennis wrote: On 06/07/2013 08:57 AM, Jan Cholasta wrote: Yes, this is correct. The DS certificate must be directly signed by the CA trusted by IPA (specified by --root-ca-cert in ipa-server-install), there may be no intermedia

[Freeipa-devel] [PATCHES] 134-139 CA-less fixes

Hi, the attached patches fix some of the issues I have found while working on test plan for CA-less install (see for more information on that). https://fedorahosted.org/freeipa/ticket/3665 https://fedorahosted.org/freeipa/ticket/3667 http

Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types

Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync range')), +u'ipa-ad-trust': unicode(_('Active Directory domain range')), +u'i

Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types

On Fri, 07 Jun 2013, Tomas Babej wrote: From e3b073011518f37497f08b0b4f4e34881b671a0a Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 30 May 2013 14:07:09 +0200 Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType attribute Previously, we deduced the range type from the range

Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types

On Fri, 07 Jun 2013, Tomas Babej wrote: From 85ec5eca8a4dac379902b535b17995c0bfacb428 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 30 May 2013 14:02:44 +0200 Subject: [PATCH 61/63] Add ipaRangeType attribute to LDAP Schema This adds a new LDAP attribute ipaRangeType with OID 2.16.840.1

Re: [Freeipa-devel] Configuring FreeIPA with JBoss EAP

On 06/07/2013 09:31 AM, Alexander Bokovoy wrote: > On Fri, 07 Jun 2013, Dmitri Pal wrote: >> On 06/07/2013 08:58 AM, Martin Kosek wrote: >>> Hello Jan a Peter, freeipa-devel users, >>> >>> There was recently a project of integrating FreeIPA server with >>> Jboss EAP. One >>> of the results of this

Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types

On 06/07/2013 03:41 PM, Alexander Bokovoy wrote: Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync range')), +u'ipa-ad-trust': unico

[Freeipa-devel] Announcing FreeIPA 3.2.1

The FreeIPA team is proud to announce FreeIPA v3.2.1. It can be downloaded from http://www.freeipa.org/page/Downloads. The new version has also been built for Fedora 19 and is on its way to updates-testing. == Highlights in 3.2.1 == === New features for 3.2.1 === * dnszone-add command now intera

Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types

On Fri, 07 Jun 2013, Tomas Babej wrote: On 06/07/2013 03:41 PM, Alexander Bokovoy wrote: Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync r

Re: [Freeipa-devel] [PATCH] 0033 Fail when adding a trust with a different range

On 06/07/2013 12:15 PM, Tomas Babej wrote: > On 05/31/2013 12:08 PM, Ana Krivokapic wrote: >> Hello, >> >> This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3635. >> >> >> >> ___ >> Freeipa-devel mailing list >> Freeipa-devel@redhat.com

Re: [Freeipa-devel] Configuring FreeIPA with JBoss EAP

Hi Martin, the main reason why I suggested to not include the script in EAP is that we removed all similar scripts (for example data-source definition files) from its directories to keep is as simple and clean as possible. JBoss EAP 6 configuration changes needed to integrate with FreeIPA are qu

[Freeipa-devel] Announcing the release of Dogtag 10.0.3

The Dogtag team is proud to announce the third errata build for Dogtag v10.0.0. Builds are available for Fedora 18 and Fedora 19 in the updates-testing repositories. Please try them out and provide karma to move them to the F18 and F19 stable repositories. == Build Versions == pki-core-10.0.3-

Re: [Freeipa-devel] [PATCH] Fix format string typo

On Tue, Jun 04, 2013 at 10:56:59AM +0200, Sumit Bose wrote: > On Tue, Jun 04, 2013 at 10:49:45AM +0200, Petr Viktorin wrote: > > On 06/03/2013 03:41 PM, Martin Kosek wrote: > > >On 06/03/2013 03:39 PM, Sumit Bose wrote: > > >>Hi, > > >> > > >>this patch just fixes a typo. > > >> > > >>bye, > > >>Su