Re: [Freeipa-devel] [PATCH] 375 Added mechanism to copy vault secrets.

On 2.10.2015 15:23, Martin Basti wrote: On 08/27/2015 01:47 AM, Endi Sukma Dewata wrote: On 8/20/2015 2:08 AM, Endi Sukma Dewata wrote: On 8/19/2015 4:20 AM, Martin Basti wrote: On 08/16/2015 05:29 PM, Endi Sukma Dewata wrote: The vault-add and vault-archive commands have been modified to o

Re: [Freeipa-devel] [PATCH 0054] Update FreeIPA package description

On 2.10.2015 14:32, Gabe Alford wrote: > Bump for review. Sorry for delay. I like the new text, ACK. Petr^2 Spacek > On Mon, Sep 21, 2015 at 9:37 AM, Gabe Alford wrote: > >> Hello, >> >> Fix for https://fedorahosted.org/freeipa/ticket/5284 >> >> Thanks, >> >> Gabe -- Manage your subscription

[Freeipa-devel] FreeIPA CI tests in Vagrant

Hello, I would like to share my script that allows to create topology for FreeIPA CI tests in Vagrant. It is very first "stupid" version, works only with F22 box. It is useful for development. Script creates Vagrant configuration and CI configuration for YAML. Machines created by vagrant are

[Freeipa-devel] [patch 0021] Include ipatests/test_xmlrpc/data directory into distribution

Adds ipatests/test_xmlrpc/data directory and its content into package. The files are needed for certprofile (and CA ACL) tests. Patch attached. -- Milan Kubik From 2e7e84f27590efd7b5097551104f723e018c722f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20Kub=C3=ADk?= Date: Thu, 1 Oct 2015 15:55

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

On Thu, Oct 01, 2015 at 04:33:28PM +0200, Oleg Fayans wrote: > > 1. > Having PTR sync enabled in global DNS configuration and installing client > with --enable-dns-updates option, ipa master still does not create a PTR > record for the client machine. As a result, ipa-repolica-install throws the >

[Freeipa-devel] [PATCHES 0069-0077] support for proper Kerberos principal canonicalization

These patches implement the plumbing required to properly support canonicalization of Kerberos principals ( https://fedorahosted.org/freeipa/ticket/3864). Setting multiple principal aliases on hosts/services is beyond the scope of this patchset and should be done after these patches are pushed.

[Freeipa-devel] [PATCHES] from Debian

Hi Here are a few prep patches to get off the list before getting to discuss how to add Debian platform support.. From 49f2158b4be10b3e82392eda55909f94ee581c1a Mon Sep 17 00:00:00 2001 From: Timo Aaltonen Date: Sat, 3 Oct 2015 11:40:15 +0300 Subject: [PATCH] paths: Add GENERATE_RNDC_KE

Re: [Freeipa-devel] [PATCHES] from Debian

On 05/10/15 09:08, Timo Aaltonen wrote: Hi Here are a few prep patches to get off the list before getting to discuss how to add Debian platform support.. LGTM. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https:/

Re: [Freeipa-devel] [PATCHES] from Debian

On 10/05/2015 03:31 PM, Simo Sorce wrote: On 05/10/15 09:08, Timo Aaltonen wrote: Hi Here are a few prep patches to get off the list before getting to discuss how to add Debian platform support.. LGTM. Simo. IMO this should be written in this way (I didn't test) ipautil.run([

Re: [Freeipa-devel] [PATCHES] from Debian

On 05.10.2015 16:37, Martin Basti wrote: > > > On 10/05/2015 03:31 PM, Simo Sorce wrote: >> On 05/10/15 09:08, Timo Aaltonen wrote: >>> >>> Hi >>> >>>Here are a few prep patches to get off the list before getting to >>> discuss how to add Debian platform support.. >>> >> >> LGTM. >> >> Si

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

On 05/10/15 09:42, Oleg Fayans wrote: Hi Jan, Simo On 10/05/2015 02:15 PM, Jan Pazdziora wrote: On Thu, Oct 01, 2015 at 04:33:28PM +0200, Oleg Fayans wrote: 1. Having PTR sync enabled in global DNS configuration and installing client with --enable-dns-updates option, ipa master still does not

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

Hi Jan, Simo On 10/05/2015 02:15 PM, Jan Pazdziora wrote: On Thu, Oct 01, 2015 at 04:33:28PM +0200, Oleg Fayans wrote: 1. Having PTR sync enabled in global DNS configuration and installing client with --enable-dns-updates option, ipa master still does not create a PTR record for the client mac

Re: [Freeipa-devel] [PATCHES 0069-0077] support for proper Kerberos principal canonicalization

On 05/10/15 09:00, Martin Babinsky wrote: These patches implement the plumbing required to properly support canonicalization of Kerberos principals ( https://fedorahosted.org/freeipa/ticket/3864). Setting multiple principal aliases on hosts/services is beyond the scope of this patchset and shoul

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

On 10/5/2015 8:47 AM, Simo Sorce wrote: 2. The second attempt after re-enrolling client resulted in the error of CA installation: Starting replication, please wait until this has completed. Update in progress, 7 seconds elapsed Update succeeded [4/24]: creating installation admin user [5/

Re: [Freeipa-devel] [PATCHES] from Debian

On 05.10.2015 16:08, Timo Aaltonen wrote: > > Hi > > Here are a few prep patches to get off the list before getting to > discuss how to add Debian platform support.. Here's one more. -- t From 65df37b7b31c0689e452112130236c3fe43971a2 Mon Sep 17 00:00:00 2001 From: Timo Aaltonen Date

Re: [Freeipa-devel] [patch 0021] Include ipatests/test_xmlrpc/data directory into distribution

On 10/05/2015 01:45 PM, Milan Kubík wrote: Adds ipatests/test_xmlrpc/data directory and its content into package. The files are needed for certprofile (and CA ACL) tests. Patch attached. ACK Pushed to: master: dbfdc1d39b7917236270fe4dff6caf0ccb5cd04c ipa-4-2: c99e0aa6fda2bbbfdd871f78ef246

[Freeipa-devel] Remaining issues before adding Debian platform support

Hi I'm not sure if the goal is to be able to build IPA on Debian from git/tarballs, but here's a list of what would need to be fixed first to get there: - places where usernames have been hardcoded need something like ipaplatform/base/paths.py: apache -> www-data in: * ipaserver/in

Re: [Freeipa-devel] [PATCH] 0197 client referral support for trusted domain principal

On Thu, Sep 03, 2015 at 06:22:05PM +0300, Alexander Bokovoy wrote: > On Thu, 03 Sep 2015, Alexander Bokovoy wrote: > >Hi, > > > >attached patch adds support for issuing client referrals when FreeIPA > >KDC is asked to give a TGT for a principal from a trusted forest. > > > >We return a matching for

Re: [Freeipa-devel] [PATCHES] from Debian

On 10/05/2015 03:41 PM, Timo Aaltonen wrote: On 05.10.2015 16:37, Martin Basti wrote: On 10/05/2015 03:31 PM, Simo Sorce wrote: On 05/10/15 09:08, Timo Aaltonen wrote: Hi Here are a few prep patches to get off the list before getting to discuss how to add Debian platform support..

Re: [Freeipa-devel] Remaining issues before adding Debian platform support

On 10/05/2015 05:00 PM, Timo Aaltonen wrote: Hi I'm not sure if the goal is to be able to build IPA on Debian from git/tarballs, but here's a list of what would need to be fixed first to get there: - places where usernames have been hardcoded need something like ipaplatform/base/pa

Re: [Freeipa-devel] [PATCHES] from Debian

On 10/05/2015 04:44 PM, Timo Aaltonen wrote: On 05.10.2015 16:08, Timo Aaltonen wrote: Hi Here are a few prep patches to get off the list before getting to discuss how to add Debian platform support.. Here's one more. ACK Pushed to master: 7c32ecaa0ebdfc879d6d2286974987b9fe

Re: [Freeipa-devel] [PATCHES 0069-0077] support for proper Kerberos principal canonicalization

On 05/10/15 16:12, Simo Sorce wrote: On 05/10/15 09:00, Martin Babinsky wrote: These patches implement the plumbing required to properly support canonicalization of Kerberos principals ( https://fedorahosted.org/freeipa/ticket/3864). Setting multiple principal aliases on hosts/services is beyon