Re: [Freeipa-devel] Stage users - inconsistent permission names

2015-06-10 Thread Martin Kosek
On 06/10/2015 10:01 AM, David Kupka wrote: On 06/10/2015 09:12 AM, Martin Kosek wrote: Hello Thierry/David, I saw the new privileges and permissions for the Staged Users functionality and found couple spelling/English issues that I think we should fix before Alpha/GA so that we can just

[Freeipa-devel] [PATCHES 434, 443, 444] vault: Fix ipa-kra-install

2015-06-10 Thread Jan Cholasta
Hi, the attached patches fix several shortcomings in ipa-kra-install, see commit messages. https://fedorahosted.org/freeipa/ticket/3872 (Patch 434 was introduced in https://www.redhat.com/archives/freeipa-devel/2015-June/msg00035.html.) Honza -- Jan Cholasta From

Re: [Freeipa-devel] [PATCHES 00012-0013 v7] Profiles and CA ACLs

2015-06-10 Thread Martin Basti
On 10/06/15 06:40, Fraser Tweedale wrote: On Tue, Jun 09, 2015 at 04:37:56PM +0200, Martin Basti wrote: On 09/06/15 08:58, Fraser Tweedale wrote: On Mon, Jun 08, 2015 at 08:49:06AM +0200, Martin Kosek wrote: On 06/08/2015 03:31 AM, Fraser Tweedale wrote: New patches attached. Comments

[Freeipa-devel] [PATCH 0264] Server Upgrade: disconnect ldap2 connection before DS restart

2015-06-10 Thread Martin Basti
Without this patch, upgrade may failed when api.Backend.ldap2 was connected before DS restart. Patch attached. -- Martin Basti From cae5117b505f24fc176196fc953170e3bad0507b Mon Sep 17 00:00:00 2001 From: Martin Basti mba...@redhat.com Date: Wed, 10 Jun 2015 13:24:48 +0200 Subject: [PATCH]

Re: [Freeipa-devel] Stage users - inconsistent permission names

2015-06-10 Thread thierry bordaz
On 06/10/2015 12:16 PM, Martin Kosek wrote: On 06/10/2015 10:01 AM, David Kupka wrote: On 06/10/2015 09:12 AM, Martin Kosek wrote: Hello Thierry/David, I saw the new privileges and permissions for the Staged Users functionality and found couple spelling/English issues that I think we should

Re: [Freeipa-devel] [PATCHES 00012-0013 v7] Profiles and CA ACLs

2015-06-10 Thread Jan Cholasta
Dne 10.6.2015 v 13:44 Martin Basti napsal(a): On 10/06/15 06:40, Fraser Tweedale wrote: On Tue, Jun 09, 2015 at 04:37:56PM +0200, Martin Basti wrote: On 09/06/15 08:58, Fraser Tweedale wrote: On Mon, Jun 08, 2015 at 08:49:06AM +0200, Martin Kosek wrote: On 06/08/2015 03:31 AM, Fraser

Re: [Freeipa-devel] topology issues

2015-06-10 Thread Ludwig Krispenz
Hi, there seems to be somethin going wrong in the code to delete the services. The code is: # delete master entry with all active services try: dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), self.suffix)

[Freeipa-devel] Stage users - inconsistent permission names

2015-06-10 Thread Martin Kosek
Hello Thierry/David, I saw the new privileges and permissions for the Staged Users functionality and found couple spelling/English issues that I think we should fix before Alpha/GA so that we can just rename them and not care about upgrade changes. Namely: # ipa permission-find stage | grep -i

Re: [Freeipa-devel] [PATCH] Password vault

2015-06-10 Thread Jan Cholasta
Dne 8.6.2015 v 12:04 Jan Cholasta napsal(a): Dne 5.6.2015 v 21:50 Endi Sukma Dewata napsal(a): On 6/5/2015 7:13 AM, Jan Cholasta wrote: BTW, ipa-kra-install is broken with pki-core-10.2.4-1, but it works with pki-core-10.2.1-3. There's a bug in IPA:

Re: [Freeipa-devel] [PATCHES 00012-0013 v7] Profiles and CA ACLs

2015-06-10 Thread Martin Kosek
On 06/10/2015 01:50 PM, Jan Cholasta wrote: Dne 10.6.2015 v 13:44 Martin Basti napsal(a): On 10/06/15 06:40, Fraser Tweedale wrote: On Tue, Jun 09, 2015 at 04:37:56PM +0200, Martin Basti wrote: On 09/06/15 08:58, Fraser Tweedale wrote: On Mon, Jun 08, 2015 at 08:49:06AM +0200, Martin Kosek

Re: [Freeipa-devel] topology issues

2015-06-10 Thread thierry bordaz
On 06/10/2015 10:51 AM, Ludwig Krispenz wrote: On 06/10/2015 10:41 AM, Martin Basti wrote: On 10/06/15 09:13, Ludwig Krispenz wrote: Hi, there seems to be somethin going wrong in the code to delete the services. The code is: # delete master entry with all active services

Re: [Freeipa-devel] topology issues

2015-06-10 Thread thierry bordaz
On 06/10/2015 02:19 PM, Ludwig Krispenz wrote: On 06/10/2015 02:13 PM, thierry bordaz wrote: On 06/10/2015 10:51 AM, Ludwig Krispenz wrote: On 06/10/2015 10:41 AM, Martin Basti wrote: On 10/06/15 09:13, Ludwig Krispenz wrote: Hi, there seems to be somethin going wrong in the code to

[Freeipa-devel] [PATCH] 870 disallow mod of topology segment nodes

2015-06-10 Thread Petr Vobornik
Mod of segment end will be disallowed in topology plugin. Reasoning (by Ludwig): if we want to properly allow mods to change connectivity and endpoints, then we would need to check if the mod disconnects the topology, delete existing agreements, check if the new would be a duplicate and create

Re: [Freeipa-devel] [PATCH] 867 topology: hide topologysuffix-add del mod commands

2015-06-10 Thread Petr Vobornik
On 06/08/2015 07:26 PM, Tomas Babej wrote: On 06/08/2015 06:57 PM, Petr Vobornik wrote: Suffices are created on installation/upgrade. Users should not modify them. https://fedorahosted.org/freeipa/ticket/4302 ACK Tomas Pushed to master: 2661a860e0049c75088fffe2765d67b051c31c9b -- Petr

Re: [Freeipa-devel] [PATCH 0011] check-for-existing-and-self-referential-segments

2015-06-10 Thread Ludwig Krispenz
Hi Petr, On 06/08/2015 04:50 PM, Ludwig Krispenz wrote: On 06/08/2015 04:47 PM, Petr Vobornik wrote: On 06/03/2015 06:20 PM, Simo Sorce wrote: On Wed, 2015-06-03 at 14:53 +0200, Ludwig Krispenz wrote: Hi, this should prevent adding duplicate segments or segments with same start and end node

[Freeipa-devel] [PATCH 0052] Stage User: Fix permissions naming and split them where, apropriate.

2015-06-10 Thread David Kupka
https://fedorahosted.org/freeipa/ticket/5057 -- David Kupka From ea25f9942c529ab91f1fe09f4eed087c6e5e92be Mon Sep 17 00:00:00 2001 From: David Kupka dku...@redhat.com Date: Wed, 10 Jun 2015 12:52:10 +0200 Subject: [PATCH] Stage User: Fix permissions naming and split them where apropriate. Split

Re: [Freeipa-devel] [PATCH] 866 topology: allow only one node to be specified in, topologysegment-refresh

2015-06-10 Thread Petr Vobornik
On 06/08/2015 07:24 PM, Tomas Babej wrote: On 06/08/2015 06:57 PM, Petr Vobornik wrote: https://fedorahosted.org/freeipa/ticket/4302 ACK. Tomas Pushed to master: 4232c39f6767d27b9f812a15cfc5ee2c5be69d5e -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] topology issues

2015-06-10 Thread Ludwig Krispenz
On 06/10/2015 02:13 PM, thierry bordaz wrote: On 06/10/2015 10:51 AM, Ludwig Krispenz wrote: On 06/10/2015 10:41 AM, Martin Basti wrote: On 10/06/15 09:13, Ludwig Krispenz wrote: Hi, there seems to be somethin going wrong in the code to delete the services. The code is: #

[Freeipa-devel] [PATCH] 868 rename topologysegment_refresh to topologysegment_reinitialize

2015-06-10 Thread Petr Vobornik
https://fedorahosted.org/freeipa/ticket/5056 -- Petr Vobornik From 30b5a7fcb3ef580335e7d869fcfa9faa3465527c Mon Sep 17 00:00:00 2001 From: Petr Vobornik pvobo...@redhat.com Date: Wed, 10 Jun 2015 14:25:45 +0200 Subject: [PATCH] rename topologysegment_refresh to topologysegment_reinitialize

Re: [Freeipa-devel] topology issues

2015-06-10 Thread Petr Vobornik
On 06/10/2015 02:42 PM, thierry bordaz wrote: On 06/10/2015 02:19 PM, Ludwig Krispenz wrote: On 06/10/2015 02:13 PM, thierry bordaz wrote: On 06/10/2015 10:51 AM, Ludwig Krispenz wrote: On 06/10/2015 10:41 AM, Martin Basti wrote: On 10/06/15 09:13, Ludwig Krispenz wrote: Hi, there seems

[Freeipa-devel] [PATCH] 869 topology: restrict direction changes

2015-06-10 Thread Petr Vobornik
topology plugin doesn't properly handle: - creation of segment with direction 'none' and then upgrade to other direction - downgrade of direction These situations are now forbidden in API. part of: https://fedorahosted.org/freeipa/ticket/4302 -- Petr Vobornik From

Re: [Freeipa-devel] [PATCHES 439-442] install: Migrate ipa-replica-install to the install framework

2015-06-10 Thread David Kupka
On 06/09/2015 02:06 PM, Jan Cholasta wrote: Hi, the attached patches implement another part of https://fedorahosted.org/freeipa/ticket/4468. Honza Works for me, ACK. -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] topology issues

2015-06-10 Thread Martin Basti
On 10/06/15 09:13, Ludwig Krispenz wrote: Hi, there seems to be somethin going wrong in the code to delete the services. The code is: # delete master entry with all active services try: dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'),

Re: [Freeipa-devel] [PATCHES 439-442] install: Migrate ipa-replica-install to the install framework

2015-06-10 Thread Jan Cholasta
Dne 10.6.2015 v 09:28 David Kupka napsal(a): On 06/09/2015 02:06 PM, Jan Cholasta wrote: Hi, the attached patches implement another part of https://fedorahosted.org/freeipa/ticket/4468. Honza Works for me, ACK. Thanks. Pushed to master: 46cbe26b51f7ac8f24351d165c50d415326f -- Jan

Re: [Freeipa-devel] topology issues

2015-06-10 Thread Ludwig Krispenz
On 06/10/2015 10:41 AM, Martin Basti wrote: On 10/06/15 09:13, Ludwig Krispenz wrote: Hi, there seems to be somethin going wrong in the code to delete the services. The code is: # delete master entry with all active services try: dn = DN(('cn', replica), ('cn',

Re: [Freeipa-devel] Stage users - inconsistent permission names

2015-06-10 Thread David Kupka
On 06/10/2015 09:12 AM, Martin Kosek wrote: Hello Thierry/David, I saw the new privileges and permissions for the Staged Users functionality and found couple spelling/English issues that I think we should fix before Alpha/GA so that we can just rename them and not care about upgrade changes.

Re: [Freeipa-devel] [PATCH] 0005 User life cycle: del/mod/find/show stageuser commands

2015-06-10 Thread David Kupka
Dne 20.5.2015 v 11:26 Jan Cholasta napsal(a): Dne 18.5.2015 v 10:33 thierry bordaz napsal(a): On 05/15/2015 04:44 PM, David Kupka wrote: Hello Thierry, thanks for the patch set. Overall functionality of ULC feature looks good to me and is definitely alpha ready. I found following issues but

Re: [Freeipa-devel] [PATCH 0031] Update PKCS#11 mechanism constants for AES key wrapping to PKCS#11 v2.40

2015-06-10 Thread Martin Basti
On 08/06/15 16:18, Petr Spacek wrote: Hello, Update PKCS#11 mechanism constants for AES key wrapping to PKCS#11 v2.40. SoftHSM 2.0.0rc1 was updates to these new constants to avoid collision with Blowfish mechanisms. Older code *cannot* work SoftHSM 2.0.0rc1 and newer. Symptoms include

Re: [Freeipa-devel] Community Portal Milestone

2015-06-10 Thread Drew Erny
On 06/10/2015 02:52 AM, Martin Kosek wrote: On 06/10/2015 05:11 AM, Adam Young wrote: On 06/09/2015 06:34 PM, Simo Sorce wrote: On Tue, 2015-06-09 at 16:15 -0400, Drew Erny wrote: Hey, Freeipa, same thread new subtopic. So, I was bouncing some ideas around with another developer (ayoung) and

Re: [Freeipa-devel] Community Portal Milestone

2015-06-10 Thread Martin Kosek
On 06/10/2015 04:09 PM, Drew Erny wrote: On 06/10/2015 02:52 AM, Martin Kosek wrote: On 06/10/2015 05:11 AM, Adam Young wrote: On 06/09/2015 06:34 PM, Simo Sorce wrote: On Tue, 2015-06-09 at 16:15 -0400, Drew Erny wrote: Hey, Freeipa, same thread new subtopic. So, I was bouncing some ideas

Re: [Freeipa-devel] [PATCHES 00012-0013 v7] Profiles and CA ACLs

2015-06-10 Thread Martin Basti
On 10/06/15 13:57, Martin Kosek wrote: On 06/10/2015 01:50 PM, Jan Cholasta wrote: Dne 10.6.2015 v 13:44 Martin Basti napsal(a): On 10/06/15 06:40, Fraser Tweedale wrote: On Tue, Jun 09, 2015 at 04:37:56PM +0200, Martin Basti wrote: On 09/06/15 08:58, Fraser Tweedale wrote: On Mon, Jun 08,

Re: [Freeipa-devel] [PATCH 0329] ipa-replica-manage: Do not allow topology altering commands

2015-06-10 Thread Petr Vobornik
On 06/02/2015 02:24 PM, Ludwig Krispenz wrote: hi, is there a real replacement for del, it is not in the scope of the topology commands, the removal of teh agreement is rejected and later done by the plugin, but what about removal of the host, services, cleanruv ? Ludwig On 06/02/2015 02:10

Re: [Freeipa-devel] Community Portal Milestone

2015-06-10 Thread Drew Erny
On 06/10/2015 10:16 AM, Martin Kosek wrote: AFAIK, this work would form some standalone page utilizing the FreeIPA Web UI framework we have already, to get the same look and feel. Using FreeIPA API to store/manipulate user entries should be thus much easier, then taking care of separate

Re: [Freeipa-devel] [PATCH 0329] ipa-replica-manage: Do not allow topology altering commands

2015-06-10 Thread Ludwig Krispenz
On 06/10/2015 04:39 PM, Petr Vobornik wrote: On 06/10/2015 04:06 PM, Petr Vobornik wrote: On 06/02/2015 02:24 PM, Ludwig Krispenz wrote: hi, is there a real replacement for del, it is not in the scope of the topology commands, the removal of teh agreement is rejected and later done by the

Re: [Freeipa-devel] [PATCH 0329] ipa-replica-manage: Do not allow topology altering commands

2015-06-10 Thread Petr Vobornik
On 06/10/2015 04:06 PM, Petr Vobornik wrote: On 06/02/2015 02:24 PM, Ludwig Krispenz wrote: hi, is there a real replacement for del, it is not in the scope of the topology commands, the removal of teh agreement is rejected and later done by the plugin, but what about removal of the host,

Re: [Freeipa-devel] Community Portal Milestone

2015-06-10 Thread Martin Kosek
On 06/10/2015 05:11 AM, Adam Young wrote: On 06/09/2015 06:34 PM, Simo Sorce wrote: On Tue, 2015-06-09 at 16:15 -0400, Drew Erny wrote: Hey, Freeipa, same thread new subtopic. So, I was bouncing some ideas around with another developer (ayoung) and I think I have a pretty good idea for

Re: [Freeipa-devel] Community Portal Milestone

2015-06-10 Thread Petr Vobornik
On 06/10/2015 04:55 PM, Drew Erny wrote: On 06/10/2015 10:16 AM, Martin Kosek wrote: AFAIK, this work would form some standalone page utilizing the FreeIPA Web UI framework we have already, to get the same look and feel. Using FreeIPA API to store/manipulate user entries should be thus much

Re: [Freeipa-devel] [PATCHES 434, 443, 444] vault: Fix ipa-kra-install

2015-06-10 Thread Jan Cholasta
Dne 10.6.2015 v 18:14 David Kupka napsal(a): Dne 10.6.2015 v 18:08 David Kupka napsal(a): Dne 10.6.2015 v 13:25 Jan Cholasta napsal(a): Hi, the attached patches fix several shortcomings in ipa-kra-install, see commit messages. https://fedorahosted.org/freeipa/ticket/3872 (Patch 434 was

Re: [Freeipa-devel] [PATCHES 434, 443, 444] vault: Fix ipa-kra-install

2015-06-10 Thread David Kupka
Dne 10.6.2015 v 18:08 David Kupka napsal(a): Dne 10.6.2015 v 13:25 Jan Cholasta napsal(a): Hi, the attached patches fix several shortcomings in ipa-kra-install, see commit messages. https://fedorahosted.org/freeipa/ticket/3872 (Patch 434 was introduced in

Re: [Freeipa-devel] [PATCHES 434, 443, 444] vault: Fix ipa-kra-install

2015-06-10 Thread David Kupka
Dne 10.6.2015 v 13:25 Jan Cholasta napsal(a): Hi, the attached patches fix several shortcomings in ipa-kra-install, see commit messages. https://fedorahosted.org/freeipa/ticket/3872 (Patch 434 was introduced in https://www.redhat.com/archives/freeipa-devel/2015-June/msg00035.html.) Honza

Re: [Freeipa-devel] [PATCH 0329] ipa-replica-manage: Do not allow topology altering commands

2015-06-10 Thread Petr Vobornik
On 06/10/2015 04:39 PM, Petr Vobornik wrote: On 06/10/2015 04:06 PM, Petr Vobornik wrote: On 06/02/2015 02:24 PM, Ludwig Krispenz wrote: hi, is there a real replacement for del, it is not in the scope of the topology commands, the removal of teh agreement is rejected and later done by the

[Freeipa-devel] [PATCH 0384-0385] Replace isc_atomic_* in with reference counter

2015-06-10 Thread Petr Spacek
Hello, Replace isc_atomic_* in MetaLDAP with reference counter abstraction. + Replace isc_atomic_* in instance tainting with reference counter abstraction. Reference counters are used as abstraction which hides missing isc_atomic_*() functions on some architectures. This change is necessary

Re: [Freeipa-devel] [PATCHES 00012-0013 v7] Profiles and CA ACLs

2015-06-10 Thread Fraser Tweedale
On Wed, Jun 10, 2015 at 03:50:22PM +0200, Martin Basti wrote: On 10/06/15 13:57, Martin Kosek wrote: On 06/10/2015 01:50 PM, Jan Cholasta wrote: Dne 10.6.2015 v 13:44 Martin Basti napsal(a): On 10/06/15 06:40, Fraser Tweedale wrote: On Tue, Jun 09, 2015 at 04:37:56PM +0200, Martin Basti