Re: [Freeipa-devel] [PATCHES] 0270-0271 Support for Pylint 1.0

On Wed, 04 Sep 2013, Petr Viktorin wrote: On 08/19/2013 12:29 PM, Petr Viktorin wrote: Hello, The first patch fixes a minor problem that Pylint 1.0 finds in our code. The second patch makes make-lint compatible with Pylint 1.0. It contains a workaround for a Pylint bug; before pushing this we

Re: [Freeipa-devel] ipa health check (was: certmonger/oddjob for DNSSEC key maintenance)

On 4.9.2013 19:17, Simo Sorce wrote: On Wed, 2013-09-04 at 09:08 -0400, Dmitri Pal wrote: On 09/03/2013 04:01 PM, Simo Sorce wrote: On Tue, 2013-09-03 at 12:36 -0400, Dmitri Pal wrote: On 09/02/2013 09:42 AM, Petr Spacek wrote: On 27.8.2013 23:08, Dmitri Pal wrote: On 08/27/2013 03:05 PM,

Re: [Freeipa-devel] [PATCHES] 0270-0271 Support for Pylint 1.0

On 09/05/2013 08:08 AM, Alexander Bokovoy wrote: On Wed, 04 Sep 2013, Petr Viktorin wrote: On 08/19/2013 12:29 PM, Petr Viktorin wrote: Hello, The first patch fixes a minor problem that Pylint 1.0 finds in our code. The second patch makes make-lint compatible with Pylint 1.0. It contains a

Re: [Freeipa-devel] Multiple CA certificates in LDAP, questions

On 3.9.2013 18:16, Dmitri Pal wrote: On 09/02/2013 04:49 AM, Petr Spacek wrote: On 22.8.2013 15:43, Jan Cholasta wrote: Hi, I'm currently investigating support for multiple CA certificates in LDAP (https://fedorahosted.org/freeipa/ticket/3259, https://fedorahosted.org/freeipa/ticket/3520).

Re: [Freeipa-devel] [PATCH 0017] Add OTP support to ipalib CLI

On 09/05/2013 06:38 AM, Nathaniel McCallum wrote: On Thu, 2013-09-05 at 00:25 -0400, Nathaniel McCallum wrote: This patch has a few problems that I'd like some help with. There are a few notes here as well. 1. The handling of the 'key' option is insecure. It should probably be treated like a

Re: [Freeipa-devel] [PATCH] 0061 Add option to ipa-client-install to configure automount

On 09/03/2013 01:02 PM, Ana Krivokapic wrote: On 09/03/2013 12:27 PM, Petr Viktorin wrote: On 09/02/2013 01:31 PM, Ana Krivokapic wrote: On 09/02/2013 12:55 PM, Petr Viktorin wrote: On 08/30/2013 04:10 PM, Ana Krivokapic wrote: Hello, The attached patch addresses ticket

Re: [Freeipa-devel] ipa health check (was: certmonger/oddjob for DNSSEC key maintenance)

On Thu, 2013-09-05 at 09:50 +0200, Petr Spacek wrote: Honestly, as a former sysadmin, I don't think that built-in SMTP client is a very good idea. 1) Each notification mechanism adds big complexity to the implementation: - message queue - fail-over if 'upstream' SMTP server is down -

Re: [Freeipa-devel] [PATCH 0017] Add OTP support to ipalib CLI

On Thu, 2013-09-05 at 12:19 +0200, Petr Viktorin wrote: On 09/05/2013 06:38 AM, Nathaniel McCallum wrote: On Thu, 2013-09-05 at 00:25 -0400, Nathaniel McCallum wrote: This patch has a few problems that I'd like some help with. There are a few notes here as well. 1. The handling of the

[Freeipa-devel] [PATCH 0003] Add timestamps to named debug logs in /var/named/data/named.run

Hello, Add timestamps to named debug logs in /var/named/data/named.run. Tomas Babej and I spent more than hour with debugging bind-dyndb-ldap and timestamps were invaluable. -- Petr^2 Spacek From 8d370b97d902d4106253dd9d6eb05f227ef92487 Mon Sep 17 00:00:00 2001 From: Petr Spacek

Re: [Freeipa-devel] [PATCH 0003] Add timestamps to named debug logs in /var/named/data/named.run

On Thu, 2013-09-05 at 16:25 +0200, Petr Spacek wrote: Hello, Add timestamps to named debug logs in /var/named/data/named.run. Tomas Babej and I spent more than hour with debugging bind-dyndb-ldap and timestamps were invaluable. ACK ___

Re: [Freeipa-devel] [PATCH 0003] Add timestamps to named debug logs in /var/named/data/named.run

On 09/05/2013 04:25 PM, Petr Spacek wrote: Hello, Add timestamps to named debug logs in /var/named/data/named.run. Tomas Babej and I spent more than hour with debugging bind-dyndb-ldap and timestamps were invaluable. ACK -- Tomas Babej Associate Software Engeneer | Red Hat | Identity

[Freeipa-devel] [PATCH] 0114 ipa-sam: fix setting encryption type for trust object already created

Hi! Attached please find a patch to clean up a mess we have with SID blacklist handling in ipa-sam. I noticed recently that Windows does not show IPA trusts as having AES encryption enabled. When investigating why is that happening, I've found out that there is a set of errors causing that but

Re: [Freeipa-devel] [PATCH 0016] Add RADIUS proxy support to ipalib CLI

On 09/05/2013 12:29 AM, Nathaniel McCallum wrote: I forgot to mention that this code ignores the design page in one area: radius-show does not list the users attached to this server. How important is this? user-find --radius=MyRADIUSServer should find all the users. Nathaniel

[Freeipa-devel] Notes and questions for fine-grained read permissions

Hello, I have some notes and questions on https://fedorahosted.org/freeipa/ticket/3566 (Control access of user roles to server functions). An IPA terminology refresher for reference: - ACI: The DS-level permission. - Permission: IPA object that encapsulates one ACI. Example: add user.

Re: [Freeipa-devel] [PATCH] Debian client support

On (03/09/13 00:43), Timo Aaltonen wrote: This fixes https://fedorahosted.org/freeipa/ticket/1887 and https://fedorahosted.org/freeipa/ticket/2455 the first three patches fix some bugs in how python is used fourth patch checks if dbus is already running before trying to start it fifth fixes some

Re: [Freeipa-devel] FreeIPA server package group

Martin Kosek wrote: On 08/29/2013 12:22 PM, Tomas Babej wrote: On 08/29/2013 11:55 AM, Petr Viktorin wrote: On 08/28/2013 12:20 PM, Tomas Babej wrote: On 08/28/2013 12:03 PM, Petr Viktorin wrote: On 08/28/2013 11:46 AM, Tomas Babej wrote: On 08/26/2013 10:14 AM, Tomas Babej wrote: On Mon

Re: [Freeipa-devel] ipa health check

On 09/05/2013 08:56 AM, Simo Sorce wrote: On Thu, 2013-09-05 at 09:50 +0200, Petr Spacek wrote: Honestly, as a former sysadmin, I don't think that built-in SMTP client is a very good idea. 1) Each notification mechanism adds big complexity to the implementation: - message queue -