Re: [Freeipa-devel] [PATCH] 460 Fix enablement of automount map type selector

On 09/30/2013 02:33 PM, Petr Vobornik wrote: > Map type radio used old way of defining that its value should not be used in > add command. Recent patch related to 'enable' attribute hardened/fixed the > behavior of radio widgets so they are disabled in UI as well when > enabled==false. Automount d

Re: [Freeipa-devel] Multiple CA certificates in LDAP, questions

On 02.10.2013 13:10, Simo Sorce wrote: > > > - Original Message - >> On 1.10.2013 22:08, Rob Crittenden wrote: >>> Simo Sorce wrote: - Original Message - > On 13.9.2013 11:05, Jan Cholasta wrote: >> On 13.9.2013 10:53, Martin Kosek wrote: >>> On 09/13/2013 10:51 A

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On Thu, Oct 03, 2013 at 12:01:35AM +0300, Alexander Bokovoy wrote: > On Wed, 02 Oct 2013, Tomas Babej wrote: > >>>I'll send new patchset shortly. > >>New patchset is attached. > >> > >>1. Added test update for ipalib/frontend.py changes > >>2. Used LDAPQuery as base for trustdomain_enable|disable c

Re: [Freeipa-devel] [PATCH] 0067 Use fqdn when creating msdcs SRV records

On 10/02/2013 05:24 PM, Martin Kosek wrote: > On 10/02/2013 05:17 PM, Petr Vobornik wrote: >> On 09/18/2013 06:42 PM, Ana Krivokapic wrote: >>> Hello, >>> >>> This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3908. >>> >>> >> >> The patch does what it advertises - it uses fqdn eve

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On 2.10.2013 23:01, Alexander Bokovoy wrote: On Wed, 02 Oct 2013, Tomas Babej wrote: 2.) The trust-fetch-domains has somewhat confusing options: [tbabej@vm-147 labtool]$ ipa trust-fetch-domains tbad.idm.lab.eng.brq.redhat.com --help Usage: ipa [global-options] trust-fetch-domains REALM [options

Re: [Freeipa-devel] [PATCH 107] Do not add trust to AD in case of IPA realm-domain mismatch

On 09/19/2013 11:57 AM, Tomas Babej wrote: > Hi, > > Make sure that trust-add command fails when admin attempts > to add an Active Directory trust when the realm name and > the domain name of the IPA server do not match. > > https://fedorahosted.org/freeipa/ticket/3923 ACK. Works for me. I just

Re: [Freeipa-devel] [PATCH 108] Warn user about realm-domain mismatch in install scripts

On 09/19/2013 11:58 AM, Tomas Babej wrote: > Hi, > > If the IPA server is setup with non-matching domain and realm > names, it will not be able to estabilish trust with the Active > Directory. > > Adds warnings to the ipa-server-install and warning to the > ipa-adtrust-install (which has to be co

Re: [Freeipa-devel] [DOC] Chapter 4 text

On Tue, 2013-10-01 at 16:29 +0200, Petr Vobornik wrote: > On 09/27/2013 05:52 PM, Martin Basti wrote: > > On Wed, 2013-09-18 at 17:10 +0200, Martin Basti wrote: > >> Patch fix examples in chapter 4, adds new examples, fix out of date > >> information. > >> > >> NOTE: Patch doesn't cover part 4.3 Lo

Re: [Freeipa-devel] [PATCH] 0067 Use fqdn when creating msdcs SRV records

On 10/03/2013 10:48 AM, Martin Kosek wrote: On 10/02/2013 05:24 PM, Martin Kosek wrote: On 10/02/2013 05:17 PM, Petr Vobornik wrote: On 09/18/2013 06:42 PM, Ana Krivokapic wrote: Hello, This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3908. The patch does what it advert

Re: [Freeipa-devel] [PATCHES] 0289-0302 Managed Read permissions

On 10/02/2013 01:26 PM, Petr Viktorin wrote: > On 10/02/2013 01:07 PM, Simo Sorce wrote: ... >>> To sum it up, I would rather not build our permission system on this group. >>> >>> I think we need top base our ACIs on LDAP bind targets ldap:///all and >>> ldap:///anyone to avoid performance issues

Re: [Freeipa-devel] [PATCHES] 170-171 Allow PKCS#12 files with empty password in install tools

On 09/25/2013 10:46 AM, Jan Cholasta wrote: Hi, the attached patches fix . Honza I'm still testing; it looks good except for unattended installs. With the attached fixup squashed in it works so far. -- Petr³ From c4b430d42859634d2483fe18c50ff

Re: [Freeipa-devel] [PATCH] 0067 Use fqdn when creating msdcs SRV records

On 10/03/2013 12:21 PM, Petr Vobornik wrote: > On 10/03/2013 10:48 AM, Martin Kosek wrote: >> On 10/02/2013 05:24 PM, Martin Kosek wrote: >>> On 10/02/2013 05:17 PM, Petr Vobornik wrote: On 09/18/2013 06:42 PM, Ana Krivokapic wrote: > Hello, > > This patch addresses ticket https://

[Freeipa-devel] [PATCH] 423 Do not set DNS discovery domain in server mode

In server mode, the discovery domain should be left unset in all cases as the DNS discovery is only driven by the AD domains. https://fedorahosted.org/freeipa/ticket/3947 --- Pushed as a (tested) one-liner to master, ipa-3-3. Martin From ad3bba0747c34e9e2fa75e76b733aacf2408135b Mon Sep 17 00:00

Re: [Freeipa-devel] [PATCHES] 170-171 Allow PKCS#12 files with empty password in install tools

On 10/03/2013 01:15 PM, Petr Viktorin wrote: On 09/25/2013 10:46 AM, Jan Cholasta wrote: Hi, the attached patches fix . Honza I'm still testing; it looks good except for unattended installs. With the attached fixup squashed in it works so far.

Re: [Freeipa-devel] [DOC] Chapter 4 text

On 10/03/2013 12:12 PM, Martin Basti wrote: On Tue, 2013-10-01 at 16:29 +0200, Petr Vobornik wrote: On 09/27/2013 05:52 PM, Martin Basti wrote: On Wed, 2013-09-18 at 17:10 +0200, Martin Basti wrote: Patch fix examples in chapter 4, adds new examples, fix out of date information. NOTE: Patch d

Re: [Freeipa-devel] Multiple CA certificates in LDAP, questions

On 3.10.2013 09:41, Stef Walter wrote: On 02.10.2013 13:10, Simo Sorce wrote: - Original Message - On 1.10.2013 22:08, Rob Crittenden wrote: Simo Sorce wrote: - Original Message - On 13.9.2013 11:05, Jan Cholasta wrote: On 13.9.2013 10:53, Martin Kosek wrote: On 09/13/201

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On 10/03/2013 03:10 PM, Alexander Bokovoy wrote: > On Wed, 02 Oct 2013, Sumit Bose wrote: >>> Please note that I did not test with more than 1 subdomain, since I >>> do not have more ADs available. >>> >> >> I have done some testing as well and the patches are working as expected >> except the trus

Re: [Freeipa-devel] [PATCHES] 0278-0279 Make it possible to run integration tests without Paramiko

On 09/18/2013 12:30 PM, Petr Viktorin wrote: Hello, These patches take the SSH2 bits out of the integration tests' Host class into a Transport class, and add a new Transport that uses /usr/bin/ssh to talk with remote hosts. The Host class is broken up to help adding AD trust tests (see Tomáš's pa

Re: [Freeipa-devel] [PATCHES] 0282-0286 Test improvements

On 09/24/2013 05:42 PM, Petr Viktorin wrote: Hello, These patches fix issues in the test suite, mainly those in BeakerLib integration. Patch 0282: When requested logs don't exist, tests shouldn't fail. The BeakerLib plugin was too strict here. Patch 0283: The Ordered plugin does not play well

Re: [Freeipa-devel] [PATCHES] 0282-0286 Test improvements

On 10/03/2013 06:50 PM, Petr Vobornik wrote: On 09/24/2013 05:42 PM, Petr Viktorin wrote: Hello, These patches fix issues in the test suite, mainly those in BeakerLib integration. Patch 0282: When requested logs don't exist, tests shouldn't fail. The BeakerLib plugin was too strict here. Patc

[Freeipa-devel] [PATCH 0019] Prefer TCP connections to UDP in krb5 clients

Patch attached.From d32b136fb84ae4d005ee3273980fc28747be74ba Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Thu, 3 Oct 2013 16:56:49 -0400 Subject: [PATCH] Prefer TCP connections to UDP in krb5 clients https://fedorahosted.org/sssd/ticket/914 --- contrib/RHEL4/ipa-client-setup

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On Thu, Oct 03, 2013 at 06:04:24PM +0200, Martin Kosek wrote: > On 10/03/2013 03:10 PM, Alexander Bokovoy wrote: > > On Wed, 02 Oct 2013, Sumit Bose wrote: > >>> Please note that I did not test with more than 1 subdomain, since I > >>> do not have more ADs available. > >>> > >> > >> I have done som

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On Thu, 03 Oct 2013, Martin Kosek wrote: On 10/03/2013 03:10 PM, Alexander Bokovoy wrote: On Wed, 02 Oct 2013, Sumit Bose wrote: Please note that I did not test with more than 1 subdomain, since I do not have more ADs available. I have done some testing as well and the patches are working as

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On Fri, 04 Oct 2013, Alexander Bokovoy wrote: On Thu, 03 Oct 2013, Martin Kosek wrote: On 10/03/2013 03:10 PM, Alexander Bokovoy wrote: On Wed, 02 Oct 2013, Sumit Bose wrote: Please note that I did not test with more than 1 subdomain, since I do not have more ADs available. I have done some

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On Thu, 03 Oct 2013, Sumit Bose wrote: On Thu, Oct 03, 2013 at 06:04:24PM +0200, Martin Kosek wrote: On 10/03/2013 03:10 PM, Alexander Bokovoy wrote: > On Wed, 02 Oct 2013, Sumit Bose wrote: >>> Please note that I did not test with more than 1 subdomain, since I >>> do not have more ADs availabl

Re: [Freeipa-devel] [PATCHES] 0278-0279 Make it possible to run integration tests without Paramiko

On 10/03/2013 06:49 PM, Petr Vobornik wrote: > On 09/18/2013 12:30 PM, Petr Viktorin wrote: >> Hello, >> These patches take the SSH2 bits out of the integration tests' Host >> class into a Transport class, and add a new Transport that uses >> /usr/bin/ssh to talk with remote hosts. >> The Host clas

Re: [Freeipa-devel] [PATCH 0019] Prefer TCP connections to UDP in krb5 clients

On 3.10.2013 23:43, Nathaniel McCallum wrote: Patch attached. I'm curious - what is the purpose of this patch? To prevent 1 second timeouts and re-transmits when OTP is in place? What is the expected performance impact? Could it be configured for OTP separately - somehow? (I guess that it i