[Freeipa-devel] Final preparations for FreeIPA 4.2 GA

Hello all, Let us do final check before FreeIPA 4.2 GA! With One-Way patch set and KRA final patch pushed, there is just a little bit of work left. From FreeIPA 4.2 milestone tickets, I see: #4238 [RFE] Provide ability to map CAC identity certificates to users in IdM #5045 Add support for mul

Re: [Freeipa-devel] Meaning of two strings in plugins/service.py

On 05/07/15 11:25, Jérôme Fenal wrote: Hi, I stumbled upon those two following strings while translating into French, and just cannot figure out the meaning. Str('ipaallowedtoperform_read_keys', label=_('Failed allowed to retrieve keytab'), ), Str('ipaallowedtoperform_wr

Re: [Freeipa-devel] Meaning of two strings in plugins/service.py

On 07/08/2015 09:31 AM, David Kupka wrote: On 05/07/15 11:25, Jérôme Fenal wrote: Hi, I stumbled upon those two following strings while translating into French, and just cannot figure out the meaning. Str('ipaallowedtoperform_read_keys', label=_('Failed allowed to retrieve keytab

Re: [Freeipa-devel] Meaning of two strings in plugins/service.py

2015-07-08 9:45 GMT+02:00 Petr Vobornik : > On 07/08/2015 09:31 AM, David Kupka wrote: >> >> On 05/07/15 11:25, Jérôme Fenal wrote: >>> >>> Hi, >>> >>> I stumbled upon those two following strings while translating into >>> French, and just cannot figure out the meaning. >>> >>> Str('ipaallowed

[Freeipa-devel] [PATCH] 893 move session_logout command to ipalib/plugins directory

API refactoring caused that session_logout command was not registered. Commands in ipalib/plugins directory are automatically registered. -- Petr Vobornik From 7121a19c19f317093923bde1ecf142fa231d09ef Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 8 Jul 2015 10:32:54 +0200 Subject: [PAT

Re: [Freeipa-devel] [PATCH] 893 move session_logout command to ipalib/plugins directory

On 07/08/2015 10:37 AM, Petr Vobornik wrote: API refactoring caused that session_logout command was not registered. Commands in ipalib/plugins directory are automatically registered. Added NO_CLI = True to hide the command in CLI. -- Petr Vobornik From 6cc9e7f3ff601735887ef566ea02e04a676041e

Re: [Freeipa-devel] [PATCH] 893 move session_logout command to ipalib/plugins directory

On 08/07/15 12:20, Petr Vobornik wrote: On 07/08/2015 10:37 AM, Petr Vobornik wrote: API refactoring caused that session_logout command was not registered. Commands in ipalib/plugins directory are automatically registered. Added NO_CLI = True to hide the command in CLI. Works for me. --

[Freeipa-devel] [PATCH 0277] Upgrade: Do not show upgrade failed message during RPM transaction when IPA is not installed

Patch attached. -- Martin Basti From 5928be7850a773420e1d4e6e001aa225a5bdce17 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 8 Jul 2015 12:19:58 +0200 Subject: [PATCH] Upgrade: Do not show upgrade failed message when IPA is not installed --- freeipa.spec.in |

Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk

Dne 8.7.2015 v 07:43 Jan Cholasta napsal(a): Dne 8.7.2015 v 00:37 Tomas Babej napsal(a): On 07/07/2015 07:49 PM, Martin Basti wrote: On 03/07/15 16:41, Martin Babinsky wrote: On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedorahosted.org/freeipa/ticket/4768 Att

Re: [Freeipa-devel] [PATCH] 893 move session_logout command to ipalib/plugins directory

On 08/07/15 12:51, Martin Basti wrote: On 08/07/15 12:20, Petr Vobornik wrote: On 07/08/2015 10:37 AM, Petr Vobornik wrote: API refactoring caused that session_logout command was not registered. Commands in ipalib/plugins directory are automatically registered. Added NO_CLI = True to hide

[Freeipa-devel] [PATCH 463] spec file: Update minimal versions of required packages

Hi, the attached patch fixes . Honza -- Jan Cholasta >From cc2393aef3500761e81135192278a7780b1ac03b Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 8 Jul 2015 11:18:27 + Subject: [PATCH] spec file: Update minimal versions of required pac

Re: [Freeipa-devel] [PATCH 463] spec file: Update minimal versions of required packages

On Wed, 08 Jul 2015, Jan Cholasta wrote: Hi, the attached patch fixes . ACK. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http:/

Re: [Freeipa-devel] [PATCH] 893 move session_logout command to ipalib/plugins directory

On 07/08/2015 01:20 PM, Martin Basti wrote: On 08/07/15 12:51, Martin Basti wrote: On 08/07/15 12:20, Petr Vobornik wrote: On 07/08/2015 10:37 AM, Petr Vobornik wrote: API refactoring caused that session_logout command was not registered. Commands in ipalib/plugins directory are automatically

[Freeipa-devel] [PATCH 0278] Fix API logging

log must be initilized before first usage in API, otherwise traceback is shown: # ipa -e random-nonexistent-key=1 user-find Traceback (most recent call last): File "/bin/ipa", line 32, in cli.run(api) File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1346, in run api.log.e

[Freeipa-devel] [PATCH] 894-896 webui: certificate profiles and acls

add Web UI for new certificate objects [PATCH] 894 webui: certificate profiles [PATCH] 895 webui: caacl [PATCH] 896 webui: hide facet tab in certificate details facet -- Petr Vobornik From 4d3332098c72545bc4bb179e29ede7fcbd6bbb1e Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 8 Jul 2015

Re: [Freeipa-devel] [PATCH] 893 move session_logout command to ipalib/plugins directory

On 08/07/15 13:46, Petr Vobornik wrote: On 07/08/2015 01:20 PM, Martin Basti wrote: On 08/07/15 12:51, Martin Basti wrote: On 08/07/15 12:20, Petr Vobornik wrote: On 07/08/2015 10:37 AM, Petr Vobornik wrote: API refactoring caused that session_logout command was not registered. Commands in

Re: [Freeipa-devel] [PATCH 0277] Upgrade: Do not show upgrade failed message during RPM transaction when IPA is not installed

Hi, Dne 8.7.2015 v 12:58 Martin Basti napsal(a): Patch attached. Use self.log instead of root_logger. Otherwise ACK. Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www

Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk

On 08/07/15 13:08, Jan Cholasta wrote: Dne 8.7.2015 v 07:43 Jan Cholasta napsal(a): Dne 8.7.2015 v 00:37 Tomas Babej napsal(a): On 07/07/2015 07:49 PM, Martin Basti wrote: On 03/07/15 16:41, Martin Babinsky wrote: On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedo

Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk

Dne 8.7.2015 v 14:34 Martin Basti napsal(a): On 08/07/15 13:08, Jan Cholasta wrote: Dne 8.7.2015 v 07:43 Jan Cholasta napsal(a): Dne 8.7.2015 v 00:37 Tomas Babej napsal(a): On 07/07/2015 07:49 PM, Martin Basti wrote: On 03/07/15 16:41, Martin Babinsky wrote: On 07/02/2015 01:58 PM, Martin

Re: [Freeipa-devel] [PATCH 0277] Upgrade: Do not show upgrade failed message during RPM transaction when IPA is not installed

On 08/07/15 14:35, Jan Cholasta wrote: Hi, Dne 8.7.2015 v 12:58 Martin Basti napsal(a): Patch attached. Use self.log instead of root_logger. Otherwise ACK. Honza Updated patch attached. -- Martin Basti From 8b121d8e202d6b99e4cbffa690d9b05aaeb92cec Mon Sep 17 00:00:00 2001 From: Martin B

Re: [Freeipa-devel] [PATCH 0277] Upgrade: Do not show upgrade failed message during RPM transaction when IPA is not installed

Dne 8.7.2015 v 14:43 Martin Basti napsal(a): On 08/07/15 14:35, Jan Cholasta wrote: Hi, Dne 8.7.2015 v 12:58 Martin Basti napsal(a): Patch attached. Use self.log instead of root_logger. Otherwise ACK. Honza Updated patch attached. Pushed to master: 07d314070ae647254eb47708d7543c4d995f

Re: [Freeipa-devel] [PATCH] 894-896 webui: certificate profiles and acls

On 07/08/2015 02:24 PM, Petr Vobornik wrote: add Web UI for new certificate objects [PATCH] 894 webui: certificate profiles [PATCH] 895 webui: caacl [PATCH] 896 webui: hide facet tab in certificate details facet Fixed bug (adding profiles to caacl) in patch 895. -- Petr Vobornik From 5e92e05

Re: [Freeipa-devel] [PATCH 0050] Fix client ca.crt to match the server's cert

Thanks, Martin. Update patch attached. I was getting an 'No newline at the end of file' in my environment hence an extra '\n' at the end. Please let me know if you see the same thing. Thanks, Gabe On Wed, Jul 1, 2015 at 2:54 AM, Martin Basti wrote: > On 01/07/15 09:05, Martin Basti wrote: >

Re: [Freeipa-devel] [PATCH 463] spec file: Update minimal versions of required packages

On 07/08/2015 01:28 PM, Alexander Bokovoy wrote: > On Wed, 08 Jul 2015, Jan Cholasta wrote: >> Hi, >> >> the attached patch fixes . > ACK. > Pushed to master: 7c0e7f7e3ca3a971d4db64f80f02d4f79e5f5c4d -- Manage your subscription for the Freeipa-dev

Re: [Freeipa-devel] [PATCH] 0026..0027 #5096 enforce caacl for SAN principals

On 03/07/15 16:26, Fraser Tweedale wrote: The attached patches fix: - a bug that caused caacl false negatives for hosts principals - #5096 cert-request: enforce caacl for subjectAltName principals Thanks, Fraser Works for me, ACK. -- David Kupka -- Manage your subscription for the Freeipa

Re: [Freeipa-devel] [PATCH] 894-896 webui: certificate profiles and acls

On 08/07/15 15:11, Petr Vobornik wrote: On 07/08/2015 02:24 PM, Petr Vobornik wrote: add Web UI for new certificate objects [PATCH] 894 webui: certificate profiles [PATCH] 895 webui: caacl [PATCH] 896 webui: hide facet tab in certificate details facet Fixed bug (adding profiles to caacl) in

[Freeipa-devel] [PATCHES 0335-0336] adtrustinstance: Enable and start oddjobd

Hi, Enable and start the oddjobd service as part of the ipa-adtrust-install for the new IPA installations and upgraded ones. Tomas From 66d39f12a77d23e8d8ac2c11650258ed9f3eb200 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 8 Jul 2015 15:44:13 +0200 Subject: [PATCH] adtrustinstance: Enabl

Re: [Freeipa-devel] How to support Designate?

On 07/08/2015 04:31 AM, Petr Spacek wrote: On 1.7.2015 17:12, Rich Megginson wrote: On 07/01/2015 09:10 AM, Petr Spacek wrote: On 1.7.2015 16:43, Rich Megginson wrote: How much work would it be to support IPA as an AXFR/IXFR client or server with Designate? Right now, their miniDNS component

Re: [Freeipa-devel] [PATCH 0278] Fix API logging

On 07/08/2015 02:18 PM, Martin Basti wrote: > log must be initilized before first usage in API, otherwise traceback is > shown: > > # ipa -e random-nonexistent-key=1 user-find > Traceback (most recent call last): > File "/bin/ipa", line 32, in > cli.run(api) > File "/usr/lib/python2.7/s

Re: [Freeipa-devel] [PATCHES 0335-0336] adtrustinstance: Enable and start oddjobd

On Wed, 08 Jul 2015, Tomas Babej wrote: From 66d39f12a77d23e8d8ac2c11650258ed9f3eb200 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 8 Jul 2015 15:44:13 +0200 Subject: [PATCH] adtrustinstance: Enable and start oddjobd Enable and start the oddjobd service as part of the ipa-adtrust-instal

Re: [Freeipa-devel] [PATCH] 894-896 webui: certificate profiles and acls

On 07/08/2015 04:54 PM, Martin Basti wrote: > On 08/07/15 15:11, Petr Vobornik wrote: >> On 07/08/2015 02:24 PM, Petr Vobornik wrote: >>> add Web UI for new certificate objects >>> >>> [PATCH] 894 webui: certificate profiles >>> [PATCH] 895 webui: caacl >>> [PATCH] 896 webui: hide facet tab in ce

Re: [Freeipa-devel] [PATCHES 0335-0336] adtrustinstance: Enable and start oddjobd

On 07/08/2015 05:12 PM, Alexander Bokovoy wrote: > On Wed, 08 Jul 2015, Tomas Babej wrote: >> From 66d39f12a77d23e8d8ac2c11650258ed9f3eb200 Mon Sep 17 00:00:00 2001 >> From: Tomas Babej >> Date: Wed, 8 Jul 2015 15:44:13 +0200 >> Subject: [PATCH] adtrustinstance: Enable and start oddjobd >> >> En

Re: [Freeipa-devel] [PATCHES 0335-0336] adtrustinstance: Enable and start oddjobd

On Wed, 08 Jul 2015, Tomas Babej wrote: From c6135d634cbccbdbb30ab3906c32cd3720bca95e Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 8 Jul 2015 15:45:18 +0200 Subject: [PATCH] upgrade: Enable and start oddjobd if adtrust is available If ipa-adtrust-install has already been run on the sys

Re: [Freeipa-devel] [PATCH] 0026..0027 #5096 enforce caacl for SAN principals

On 07/08/2015 04:30 PM, David Kupka wrote: > On 03/07/15 16:26, Fraser Tweedale wrote: >> The attached patches fix: >> >> - a bug that caused caacl false negatives for hosts principals >> - #5096 cert-request: enforce caacl for subjectAltName principals >> >> Thanks, >> Fraser >> >> >> > Works fo

Re: [Freeipa-devel] [PATCH] 893 move session_logout command to ipalib/plugins directory

On 07/08/2015 02:33 PM, Martin Basti wrote: > On 08/07/15 13:46, Petr Vobornik wrote: >> On 07/08/2015 01:20 PM, Martin Basti wrote: >>> On 08/07/15 12:51, Martin Basti wrote: On 08/07/15 12:20, Petr Vobornik wrote: > On 07/08/2015 10:37 AM, Petr Vobornik wrote: >> API refactoring ca

Re: [Freeipa-devel] How to support Designate?

On 8.7.2015 17:10, Rich Megginson wrote: > On 07/08/2015 04:31 AM, Petr Spacek wrote: >> On 1.7.2015 17:12, Rich Megginson wrote: >>> On 07/01/2015 09:10 AM, Petr Spacek wrote: On 1.7.2015 16:43, Rich Megginson wrote: > How much work would it be to support IPA as an AXFR/IXFR client or ser

Re: [Freeipa-devel] How to support Designate?

On 07/08/2015 10:11 AM, Petr Spacek wrote: On 8.7.2015 17:10, Rich Megginson wrote: On 07/08/2015 04:31 AM, Petr Spacek wrote: On 1.7.2015 17:12, Rich Megginson wrote: On 07/01/2015 09:10 AM, Petr Spacek wrote: On 1.7.2015 16:43, Rich Megginson wrote: How much work would it be to support IPA

Re: [Freeipa-devel] How to support Designate?

On 07/08/2015 11:56 AM, Rich Megginson wrote: On 07/08/2015 10:11 AM, Petr Spacek wrote: On 8.7.2015 17:10, Rich Megginson wrote: On 07/08/2015 04:31 AM, Petr Spacek wrote: On 1.7.2015 17:12, Rich Megginson wrote: On 07/01/2015 09:10 AM, Petr Spacek wrote: On 1.7.2015 16:43, Rich Megginson w

[Freeipa-devel] [PATCH] 897 fix error message when certificate CN is invalid

The error message was probably copied from mail address check below. -- Petr Vobornik From a935e707185d751604c24511ae8b65dd61500469 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 8 Jul 2015 22:11:52 +0200 Subject: [PATCH] fix error message when certificate CN is invalid The error messag

[Freeipa-devel] [PATCH] 898-900 webui: user and multiple certs improvements

== [PATCH] 898 webui: cert-request improvements == Certificate request action and dialog now supports 'profile_id', 'add' and 'principal' options. 'add' and 'principal' are disaplayed only if certificate is added from certificate search facet. Certificate search facet allows to add a certificate.