Re: [Freeipa-devel] [PATCH] 0019 Stop dogtag when updating its configuration in, ipa-upgradeconfig

2014-10-15 Thread Martin Kosek
On 10/14/2014 03:59 PM, Jan Cholasta wrote: Dne 14.10.2014 v 15:18 David Kupka napsal(a): On 10/14/2014 02:28 PM, Jan Cholasta wrote: Dne 14.10.2014 v 14:19 David Kupka napsal(a): On 10/14/2014 01:39 PM, Jan Cholasta wrote: Dne 14.10.2014 v 12:47 David Kupka napsal(a): On 10/10/2014

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

2014-10-15 Thread Martin Kosek
On 10/14/2014 09:01 PM, Nathaniel McCallum wrote: On Thu, 2014-10-09 at 18:48 +0200, thierry bordaz wrote: On 10/09/2014 05:51 PM, Nathaniel McCallum wrote: On Thu, 2014-10-09 at 11:44 +0200, thierry bordaz wrote: On 10/09/2014 12:15 AM, Nathaniel McCallum wrote: On Wed, 2014-10-08 at 17:19

[Freeipa-devel] [PATCH] 0023 Fix typo causing certmonger is provided with wrong path to, ipa-submit.

2014-10-15 Thread David Kupka
https://fedorahosted.org/freeipa/ticket/4624 -- David Kupka From c2808f958c9ee99374aadf808ca01bf7047de509 Mon Sep 17 00:00:00 2001 From: David Kupka dku...@redhat.com Date: Tue, 14 Oct 2014 06:54:00 -0400 Subject: [PATCH] Fix typo causing certmonger is provided with wrong path to ipa-submit.

[Freeipa-devel] [PATCH] 0004 permission-add gives confusing error when adding ACI to generated tree

2014-10-15 Thread thierry bordaz
https://fedorahosted.org/freeipa/ticket/4523 From 27275d46251452175c4cb66222ffeda089a15e2e Mon Sep 17 00:00:00 2001 From: Thierry bordaz (tbordaz) tbor...@redhat.com Date: Tue, 7 Oct 2014 18:41:44 +0200 Subject: [PATCH] permission-add gives confusing error when adding ACI to generated tree

Re: [Freeipa-devel] [PATCH] 0004 permission-add gives confusing error when adding ACI to generated tree

2014-10-15 Thread Martin Kosek
On 10/15/2014 01:08 PM, thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/4523 I see 2 issues with the patch: 1) Patch description should not contain Reviewed by:, this gets added later by a script (or human) 2) The exception handling clause should be as focused as possible, i.e.

Re: [Freeipa-devel] [PATCH] 0004 permission-add gives confusing error when adding ACI to generated tree

2014-10-15 Thread thierry bordaz
On 10/15/2014 01:26 PM, Martin Kosek wrote: On 10/15/2014 01:08 PM, thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/4523 I see 2 issues with the patch: 1) Patch description should not contain Reviewed by:, this gets added later by a script (or human) ok 2) The exception

[Freeipa-devel] [PATCH] 773-777 ranges: prohibit setting --rid-base with ipa-trust-ad-posix type

2014-10-15 Thread Petr Vobornik
ticket: https://fedorahosted.org/freeipa/ticket/4221 == [PATCH] 773 ranges: prohibit setting --rid-base with ipa-trust-ad-posix type == We should not allow setting --rid-base for ranges of ipa-trust-ad-posix since we do not perform any RID - UID/GID mappings for these ranges (objects have

Re: [Freeipa-devel] [PATCH] Fix printing of reverse zones in ipa-dns-install.

2014-10-15 Thread Martin Basti
New contributor :-) ACK Thank you! -- Martin Basti ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Fix printing of reverse zones in ipa-dns-install.

2014-10-15 Thread David Kupka
Submitting the patch again. I sent it from my gmail account accidentally. On 10/15/2014 03:58 PM, Martin Basti wrote: New contributor :-) ACK Thank you! -- David Kupka From 4d094e99ff82f69ad08b0df408d847350e900c7b Mon Sep 17 00:00:00 2001 From: David Kupka dku...@redhat.com Date: Wed, 15

Re: [Freeipa-devel] [PATCH] Fix printing of reverse zones in ipa-dns-install.

2014-10-15 Thread Martin Basti
On 15/10/14 16:04, David Kupka wrote: Submitting the patch again. I sent it from my gmail account accidentally. On 10/15/2014 03:58 PM, Martin Basti wrote: New contributor :-) ACK Thank you! ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 0023 Fix typo causing certmonger is provided with wrong path to, ipa-submit.

2014-10-15 Thread Jan Cholasta
Hi, Dne 15.10.2014 v 12:55 David Kupka napsal(a): I forget to attach patch for ipa-4-0 branch. Attaching both now. On 10/15/2014 11:08 AM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4624 The code could be more robust, but given that it will be gone soon (hopefully), ACK.

Re: [Freeipa-devel] [PATCH] 0004 permission-add gives confusing error when adding ACI to generated tree

2014-10-15 Thread Martin Kosek
On 10/15/2014 01:57 PM, thierry bordaz wrote: On 10/15/2014 01:26 PM, Martin Kosek wrote: On 10/15/2014 01:08 PM, thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/4523 I see 2 issues with the patch: 1) Patch description should not contain Reviewed by:, this gets added later by

[Freeipa-devel] [PATCH] 334 Do not wait for new CA certificate to appear in LDAP in ipa-certupdate

2014-10-15 Thread Jan Cholasta
Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4628. It depends on my patch 333, which is also attached. (The original patch was posted at http://www.redhat.com/archives/freeipa-devel/2014-September/msg00454.html.) How to test: 1. install server 2. run

Re: [Freeipa-devel] [PATCH] 353 Allow specifying signing algorithm of the IPA CA cert in ipa-ca-install

2014-10-15 Thread Petr Vobornik
On 8.10.2014 13:35, Jan Cholasta wrote: Hi, the attached patch provides an additional fix for https://fedorahosted.org/freeipa/ticket/4447. Honza Requires rebase because of `ca_type=options.external_ca_type)`. Works fine with older version. -- Petr Vobornik

[Freeipa-devel] [PATCH] 335 Fail if certmonger can't see new CA certificate in LDAP in ipa-cacert-manage

2014-10-15 Thread Jan Cholasta
Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4629. It depends on my patches 333 and 334, which are also attached. (The original patch was posted at http://www.redhat.com/archives/freeipa-devel/2014-September/msg00454.html.) How to test: 1. install server 2.

[Freeipa-devel] [PATCH 0070] Remove token ID from self-service UI

2014-10-15 Thread Nathaniel McCallum
Also, fix labels to properly use i18n strings for token types. From 244834182add8e927171f6e9f1b4966c829b7aa4 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum npmccal...@redhat.com Date: Tue, 14 Oct 2014 14:30:01 -0400 Subject: [PATCH] Remove token ID from self-service UI Also, fix labels to

[Freeipa-devel] [PATCH 0071] Display token type when viewing token

2014-10-15 Thread Nathaniel McCallum
When viewing a token from the CLI or UI, the type of the token should be displayed. https://fedorahosted.org/freeipa/ticket/4563 From b428b30e2110472d000e2c0e06bc82a3948a8906 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum npmccal...@redhat.com Date: Wed, 15 Oct 2014 12:24:56 -0400 Subject:

[Freeipa-devel] [PATCH 0072] Remove token vendor, model and serial defaults

2014-10-15 Thread Nathaniel McCallum
These defaults are pretty useless and cause more confusion than they are worth. The serial default never worked anyway. And now that we are displaying the token type separately, there is no reason to doubly record these data points. From 8093c2c6d83ed0a1849c5261759df92129b36487 Mon Sep 17 00:00:00

Re: [Freeipa-devel] [HELP] Regular users should not be able to add OTP tokens with custom name

2014-10-15 Thread Petr Spacek
On 14.10.2014 20:33, Nathaniel McCallum wrote: On Tue, 2014-10-14 at 10:38 +0200, Jan Cholasta wrote: Dne 14.10.2014 v 10:23 Petr Viktorin napsal(a): On 10/14/2014 08:51 AM, Jan Cholasta wrote: Dne 14.10.2014 v 08:37 Martin Kosek napsal(a): On 10/13/2014 07:23 PM, Nathaniel McCallum wrote:

[Freeipa-devel] [PATCH] 353 Added initial vault implementation.

2014-10-15 Thread Endi Sukma Dewata
This patch provides the initial vault implementation which allows the admin to create a vault, archive a secret, and retrieve the secret using a standard vault. It currently has limitations including: - The vault only supports the standard vault type. - The vault can only be used by the admin

[Freeipa-devel] [PATCH] 352 Fixed KRA backend.

2014-10-15 Thread Endi Sukma Dewata
The KRA backend has been simplified since most of the tasks have been moved somewhere else. The transport certificate will be installed on the client, and it is not needed by KRA backend. The KRA agent's PEM certificate is now generated during installation due to permission issue. The kra_host()