Re: [Freeipa-devel] [PATCH] 892 webui: add mangedby tab to otptoken

2015-07-03 Thread Martin Babinsky
On 07/01/2015 06:59 PM, Petr Vobornik wrote: Added managedby_user tab to manage users who can manage the token. https://fedorahosted.org/freeipa/ticket/5003 Nathaniel, I could not reproduce the following part of the ticket: Careful interaction is required here. In the current code, this also

[Freeipa-devel] [PATCH] 0026..0027 #5096 enforce caacl for SAN principals

2015-07-03 Thread Fraser Tweedale
The attached patches fix: - a bug that caused caacl false negatives for hosts principals - #5096 cert-request: enforce caacl for subjectAltName principals Thanks, Fraser From f6d7f8e58a7fcb09261ae18a8722f28da778779c Mon Sep 17 00:00:00 2001 From: Fraser Tweedale ftwee...@redhat.com Date: Fri, 3

Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk

2015-07-03 Thread Martin Babinsky
On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedorahosted.org/freeipa/ticket/4768 Attaching reworked patch. -- Martin^3 Babinsky From 809a63b86f73cc041f28e223187337dd65f8b1fd Mon Sep 17 00:00:00 2001 From: Martin Babinsky mbabi...@redhat.com Date: Fri, 3 Jul 2015

Re: [Freeipa-devel] CA ACL enforcement when authenticated as root

2015-07-03 Thread Simo Sorce
On Sat, 2015-07-04 at 00:32 +1000, Fraser Tweedale wrote: On Wed, Jul 01, 2015 at 04:06:11PM +1000, Fraser Tweedale wrote: Hi everyone, With the addition of CA ACLs, there are now two levels of permissions checked by the `cert-request' command: - LDAP permission checks. This check

Re: [Freeipa-devel] [PATCH] Password vault

2015-07-03 Thread Endi Sukma Dewata
On 7/1/2015 1:53 AM, Jan Cholasta wrote: I think it would be better to use a new attribute type which inherits from ipaPublicKey (ipaVaultPublicKey?) rather than ipaPublicKey directly for assymetric vault public keys, so that assymetric public key and escrow public key are on the same level and

Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features

2015-07-03 Thread Fraser Tweedale
On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote: On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote: Hi, Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a): Attached patches fix a couple of important gaps in certprofile plugin: - Add --out option to export

Re: [Freeipa-devel] my remaining 4.2 tickets

2015-07-03 Thread Fraser Tweedale
On Fri, Jul 03, 2015 at 08:23:45AM +0200, Martin Kosek wrote: On 07/02/2015 05:58 PM, Jan Cholasta wrote: Hi, Dne 2.7.2015 v 17:18 Fraser Tweedale napsal(a): On Tue, Jun 30, 2015 at 03:46:08PM +0200, Martin Kosek wrote: On 06/30/2015 03:03 PM, Fraser Tweedale wrote: #2915 ipa-getcert does

Re: [Freeipa-devel] Postponing Topology feature

2015-07-03 Thread Ludwig Krispenz
On 07/03/2015 04:50 PM, Simo Sorce wrote: On Fri, 2015-07-03 at 08:44 +0200, Martin Kosek wrote: Hi all, I had several offline discussions about the Topology feature [1] and what to do with it. Many developers worked pretty hard on making the Topology usable for the upcoming FreeIPA 4.2

Re: [Freeipa-devel] CA ACL enforcement when authenticated as root

2015-07-03 Thread Fraser Tweedale
On Wed, Jul 01, 2015 at 04:06:11PM +1000, Fraser Tweedale wrote: Hi everyone, With the addition of CA ACLs, there are now two levels of permissions checked by the `cert-request' command: - LDAP permission checks. This check is performed against the bind principal; `admin' has

Re: [Freeipa-devel] Postponing Topology feature

2015-07-03 Thread Simo Sorce
On Fri, 2015-07-03 at 08:44 +0200, Martin Kosek wrote: Hi all, I had several offline discussions about the Topology feature [1] and what to do with it. Many developers worked pretty hard on making the Topology usable for the upcoming FreeIPA 4.2 release, however, it still misses some of

Re: [Freeipa-devel] [PATCH] Password vault

2015-07-03 Thread Endi Sukma Dewata
Here is the rebased patch for vault access control. -- Endi S. Dewata From 6bec99d51552a6415c45d655f95627e341fae44b Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Fri, 17 Oct 2014 12:05:34 -0400 Subject: [PATCH] Added vault access control. New LDAP ACIs have been added

Re: [Freeipa-devel] [PATCH 0272] Server upgrade: log more into debug log instead of info log

2015-07-03 Thread Jan Cholasta
Hi, Dne 1.7.2015 v 10:34 Martin Basti napsal(a): Update is logging too much info into info log. Patch attached. Works for me, ACK. Pushed to master: 884afb5d38480e23c91ec14876bcf39151a2c2ed -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] 886-890 webui: API browser

2015-07-03 Thread Tomas Babej
On 07/02/2015 04:55 PM, Martin Kosek wrote: On 07/01/2015 04:51 PM, Petr Vobornik wrote: For those of you who don't want to try the patches: * https://pvoborni.fedorapeople.org/images/api-user-show.png * https://pvoborni.fedorapeople.org/images/api-user-add.png On 07/01/2015 09:35 AM,

Re: [Freeipa-devel] [PATCH] 886-890 webui: API browser

2015-07-03 Thread Tomas Babej
On 07/03/2015 10:06 AM, Tomas Babej wrote: On 07/02/2015 04:55 PM, Martin Kosek wrote: On 07/01/2015 04:51 PM, Petr Vobornik wrote: For those of you who don't want to try the patches: * https://pvoborni.fedorapeople.org/images/api-user-show.png *

Re: [Freeipa-devel] my remaining 4.2 tickets

2015-07-03 Thread Martin Kosek
On 07/02/2015 05:58 PM, Jan Cholasta wrote: Hi, Dne 2.7.2015 v 17:18 Fraser Tweedale napsal(a): On Tue, Jun 30, 2015 at 03:46:08PM +0200, Martin Kosek wrote: On 06/30/2015 03:03 PM, Fraser Tweedale wrote: #2915 ipa-getcert does not allow setting specific EKU on certificates Involves

Re: [Freeipa-devel] [PATCH 0054] cermonger: Use private unix socket when DBus SystemBus is not, available.

2015-07-03 Thread Jan Cholasta
Dne 2.7.2015 v 14:34 David Kupka napsal(a): On 01/07/15 16:31, David Kupka wrote: Updated patch attached. Client install works, but uninstall does not: # ipa-client-install --uninstall -U certmonger failed to start: Command ''/bin/systemctl' 'start' 'certmonger.service'' returned

[Freeipa-devel] Postponing Topology feature

2015-07-03 Thread Martin Kosek
Hi all, I had several offline discussions about the Topology feature [1] and what to do with it. Many developers worked pretty hard on making the Topology usable for the upcoming FreeIPA 4.2 release, however, it still misses some of the functionality that would prevent our users from making

Re: [Freeipa-devel] [PATCH 0054] cermonger: Use private unix socket when DBus SystemBus is not, available.

2015-07-03 Thread Martin Kosek
On 07/03/2015 08:41 AM, Jan Cholasta wrote: Dne 2.7.2015 v 14:34 David Kupka napsal(a): On 01/07/15 16:31, David Kupka wrote: Updated patch attached. Client install works, but uninstall does not: # ipa-client-install --uninstall -U certmonger failed to start: Command ''/bin/systemctl'

Re: [Freeipa-devel] [PATCH] 885 topology: make cn of new segment consistent with topology plugin

2015-07-03 Thread Tomas Babej
On 07/02/2015 07:42 PM, David Kupka wrote: On 30/06/15 16:16, Petr Vobornik wrote: SSIA Works for me, ACK. Pushed to master: 66ea322e7e01266cc916156860b684adb21c618d -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 882 ipa-replica-manage del: relax segment deletement check if, topology is disconnected

2015-07-03 Thread Tomas Babej
On 07/02/2015 07:42 PM, David Kupka wrote: On 30/06/15 16:15, Petr Vobornik wrote: Comment from segment deletion check which describes the patch: Relax check if topology was or is disconnected. Disconnected topology can contain segments with already deleted servers. Check only if segments of

Re: [Freeipa-devel] [PATCH] 884 topologysegment: hide direction and enable options

2015-07-03 Thread Tomas Babej
On 07/02/2015 07:42 PM, David Kupka wrote: On 30/06/15 16:15, Petr Vobornik wrote: These options should not be touched by users yet. https://fedorahosted.org/freeipa/ticket/5061 Works for me, ACK. Pushed to master: 2b8e1caa7bfda5e540a94fe26fbcdbfd0ea68928 -- Manage your subscription

Re: [Freeipa-devel] [PATCH 0274] DNS: Check if dns package is installed

2015-07-03 Thread Tomas Babej
On 07/02/2015 02:03 PM, Petr Spacek wrote: On 2.7.2015 13:54, Jan Cholasta wrote: Dne 2.7.2015 v 13:34 Petr Spacek napsal(a): On 2.7.2015 12:57, Tomas Babej wrote: On 07/02/2015 08:50 AM, Petr Spacek wrote: On 1.7.2015 20:29, Tomas Babej wrote: On 07/01/2015 04:45 PM, Petr Spacek