Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

2015-11-30 Thread Simo Sorce
On Thu, 2015-11-26 at 07:47 +0100, Jan Cholasta wrote: > On 25.11.2015 18:46, Simo Sorce wrote: > > On Wed, 2015-11-25 at 10:25 +0100, Jan Cholasta wrote: > >> On 20.11.2015 16:49, Jan Cholasta wrote: > >>> On 19.11.2015 17:43, Simo Sorce wrote: > 510: > - We should probably tightenup

Re: [Freeipa-devel] [PATCH 0366] Fix missing break in ipa_krb_principals.c

2015-11-30 Thread Martin Basti
On 30.11.2015 16:56, Simo Sorce wrote: On Mon, 2015-11-30 at 16:46 +0100, Martin Basti wrote: Patch attached ack Pushed to master: 21f7584f9f44fdc3dee0f9d038f31edd8ee1aab2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-30 Thread Martin Basti
On 30.11.2015 16:43, Martin Babinsky wrote: On 11/30/2015 12:31 PM, Jan Cholasta wrote: Hi, On 27.11.2015 14:58, Martin Babinsky wrote: On 11/19/2015 06:19 PM, Martin Babinsky wrote: These two patches fix the following tickets: https://fedorahosted.org/freeipa/ticket/5377

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

2015-11-30 Thread Lukas Slebodnik
On (30/11/15 13:09), Tomas Babej wrote: >Hi, > >IPA sudo tests worked under the assumption that the clients that >are executing the sudo commands have their IPs assigned within >255.255.255.0 hostmask. > >Removes this (invalid) assumption and adds a dynamic detection of >the hostmask of the IPA

Re: [Freeipa-devel] [PATCH 0069] ipa-replica-install support caless install with promotion.

2015-11-30 Thread Jan Cholasta
Hi, On 27.11.2015 07:57, David Kupka wrote: On 26/11/15 15:22, David Kupka wrote: On 26/11/15 15:13, David Kupka wrote: On 26/11/15 15:01, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5441 Replaced accidentally inserted tabs. Fixed indentation I screwed up when replacing

Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package

2015-11-30 Thread Aleš Mareček
Tested with today's master, ACK. - alich - - Original Message - > From: "Milan Kubík" > To: freeipa-devel@redhat.com > Sent: Friday, November 27, 2015 3:40:29 PM > Subject: Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations > into standalone package >

Re: [Freeipa-devel] [PATCH 0364, 0367] ipa-kra-install: allow first KRA to be installed on replica

2015-11-30 Thread Martin Basti
On 30.11.2015 14:16, Martin Babinsky wrote: On 11/27/2015 05:02 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5460 I tested just master, I will test ipa-4-2 later. patch attached. ACK for the master branch. Thanks, additional patch improves error message when

Re: [Freeipa-devel] [PATCH 0002] Refactor test_group_plugin

2015-11-30 Thread Milan Kubík
On 11/23/2015 04:42 PM, Filip Škola wrote: Sending updated patch. F. On Mon, 23 Nov 2015 14:59:34 +0100 Filip Škola wrote: Found couple of issues (broke some dependencies). NACK F. On Fri, 20 Nov 2015 13:56:36 +0100 Filip Škola wrote: Another one.

Re: [Freeipa-devel] [PATCH 0366] Fix missing break in ipa_krb_principals.c

2015-11-30 Thread Simo Sorce
On Mon, 2015-11-30 at 16:46 +0100, Martin Basti wrote: > Patch attached ack -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-30 Thread Martin Babinsky
On 11/30/2015 12:31 PM, Jan Cholasta wrote: Hi, On 27.11.2015 14:58, Martin Babinsky wrote: On 11/19/2015 06:19 PM, Martin Babinsky wrote: These two patches fix the following tickets: https://fedorahosted.org/freeipa/ticket/5377 https://fedorahosted.org/freeipa/ticket/5409 I have added a

[Freeipa-devel] [PATCH 0365] Remove unused KRA code from ipa-server-install

2015-11-30 Thread Martin Basti
First instance of KRA should be installed only by ipa-kra-install Patch attached. From 7e097902dd107e5bd1d8dbb78e17e34806da53c2 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 30 Nov 2015 15:34:31 +0100 Subject: [PATCH] Remove unused code in server installer related

[Freeipa-devel] [PATCH 0366] Fix missing break in ipa_krb_principals.c

2015-11-30 Thread Martin Basti
Patch attached From eb0b0eb390d33ed888b15552192a39f4d5f92fd2 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 30 Nov 2015 16:42:30 +0100 Subject: [PATCH] FIX: ipa_kdb_principals: add missing break statement Needs a 'break' otherwise prevents correct reporting of data

Re: [Freeipa-devel] [PATCH 560] Allow to set allowed krb authz data type per user

2015-11-30 Thread Simo Sorce
On Wed, 2015-11-25 at 12:43 -0500, Simo Sorce wrote: > On Wed, 2015-11-25 at 08:09 +0100, Jan Cholasta wrote: > > On 25.11.2015 00:09, Simo Sorce wrote: > > > This patch is untested and mostly an RFC. > > > > > > I think it is all we need to allow to specify authz data types per user > > > and by

Re: [Freeipa-devel] [PATCH 558] Allow disabling requireing preauth by default for Service Principal Names

2015-11-30 Thread Simo Sorce
On Wed, 2015-11-25 at 10:33 +0100, Martin Babinsky wrote: > On 11/24/2015 10:20 PM, Simo Sorce wrote: > > This addresses #3860, giving admins the option to not require preauth > > for Hosts and services. > > > > I did not add this option by default, although it does reduce the load > > on the KDC

Re: [Freeipa-devel] [PATCH 0067] ipa-client-install: add support for Ed25519 SSH keys (RFC 7479)

2015-11-30 Thread Martin Basti
On 24.11.2015 09:58, Petr Spacek wrote: On 24.11.2015 09:56, Petr Spacek wrote: Hello, ipa-client-install: add support for Ed25519 SSH keys (RFC 7479) https://fedorahosted.org/freeipa/ticket/5471 Once again ... ACK -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] Removed duplicate domain name validation function

2015-11-30 Thread Martin Basti
On 27.11.2015 16:06, Stanislav Laznicka wrote: Please, see the modified patch attached. Standa On 11/27/2015 03:48 PM, Martin Basti wrote: On 27.11.2015 15:33, Petr Spacek wrote: On 27.11.2015 15:32, Martin Basti wrote: On 25.11.2015 17:18, Stanislav Laznicka wrote: There were two

Re: [Freeipa-devel] [PATCH 556-557] Add option to disable setkeytab extended operations

2015-11-30 Thread Simo Sorce
On Wed, 2015-11-25 at 09:47 -0500, Simo Sorce wrote: > On Wed, 2015-11-25 at 09:02 -0500, Rob Crittenden wrote: > > Jan Cholasta wrote: > > > On 24.11.2015 22:17, Simo Sorce wrote: > > >> On Tue, 2015-11-24 at 14:57 -0500, Simo Sorce wrote: > > >>> On Tue, 2015-11-24 at 14:42 -0500, Simo Sorce

Re: [Freeipa-devel] [PATCH 0364, 0367] ipa-kra-install: allow first KRA to be installed on replica

2015-11-30 Thread Simo Sorce
On Mon, 2015-11-30 at 18:29 +0100, Martin Basti wrote: > > On 30.11.2015 14:16, Martin Babinsky wrote: > > On 11/27/2015 05:02 PM, Martin Basti wrote: > >> https://fedorahosted.org/freeipa/ticket/5460 > >> > >> I tested just master, I will test ipa-4-2 later. > >> patch attached. > >> > >> > > >

Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package

2015-11-30 Thread Martin Basti
NACK 1) With this patch I received this error in test_user_plugin.py E AssertionError: assert_deepequal: expected != got. E 0106: user_status: Query status of "tuser1" E expected = 1 E got = 2 E path = ('count',) I have just admin user

Re: [Freeipa-devel] [PATCH 0364, 0367] ipa-kra-install: allow first KRA to be installed on replica

2015-11-30 Thread Simo Sorce
On Mon, 2015-11-30 at 19:22 +0100, Martin Basti wrote: > > On 30.11.2015 19:20, Simo Sorce wrote: > > On Mon, 2015-11-30 at 18:29 +0100, Martin Basti wrote: > >> On 30.11.2015 14:16, Martin Babinsky wrote: > >>> On 11/27/2015 05:02 PM, Martin Basti wrote: >

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-30 Thread Martin Babinsky
On 11/30/2015 06:15 PM, Martin Basti wrote: On 30.11.2015 16:43, Martin Babinsky wrote: On 11/30/2015 12:31 PM, Jan Cholasta wrote: Hi, On 27.11.2015 14:58, Martin Babinsky wrote: On 11/19/2015 06:19 PM, Martin Babinsky wrote: These two patches fix the following tickets:

Re: [Freeipa-devel] rename topology suffixes

2015-11-30 Thread Simo Sorce
On Fri, 2015-11-27 at 13:52 +0100, Martin Babinsky wrote: > On 11/27/2015 01:39 PM, Jan Cholasta wrote: > > On 27.11.2015 13:10, Petr Vobornik wrote: > >> On 11/27/2015 12:46 PM, Petr Spacek wrote: > >>> On 27.11.2015 09:00, Jan Cholasta wrote: > On 27.11.2015 08:33, Martin Kosek wrote: >

Re: [Freeipa-devel] [PATCH 0385] replicainstall: Add possiblity to install client in one

2015-11-30 Thread Simo Sorce
On Mon, 2015-11-30 at 12:25 +0100, Tomas Babej wrote: > +# Perform only if we have the necessary options > +if not any([installer.admin_password, installer.keytab]): > +sys.exit("IPA client is not configured on this system.\n" > + "You must use a replica file or

Re: [Freeipa-devel] [PATCH 0364, 0367] ipa-kra-install: allow first KRA to be installed on replica

2015-11-30 Thread Martin Basti
On 30.11.2015 19:20, Simo Sorce wrote: On Mon, 2015-11-30 at 18:29 +0100, Martin Basti wrote: On 30.11.2015 14:16, Martin Babinsky wrote: On 11/27/2015 05:02 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5460 I tested just master, I will test ipa-4-2 later. patch

Re: [Freeipa-devel] [PATCH 0106] perform IPA client uninstallation as a last step of server uninstall

2015-11-30 Thread Martin Basti
On 27.11.2015 16:18, Martin Babinsky wrote: This patch fixes https://fedorahosted.org/freeipa/ticket/5410 Functional ACK Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-30 Thread Martin Basti
On 30.11.2015 18:41, Martin Babinsky wrote: On 11/30/2015 06:15 PM, Martin Basti wrote: On 30.11.2015 16:43, Martin Babinsky wrote: On 11/30/2015 12:31 PM, Jan Cholasta wrote: Hi, On 27.11.2015 14:58, Martin Babinsky wrote: On 11/19/2015 06:19 PM, Martin Babinsky wrote: These two

[Freeipa-devel] [PATCH 0065]

2015-11-30 Thread Gabe Alford
Hello, Patch fix for the following tickets: https://fedorahosted.org/freeipa/ticket/5022 https://fedorahosted.org/freeipa/ticket/5320 Thanks, Gabe From 3e0a6c556a3402bbd0e15a6f113498aae27e2cf4 Mon Sep 17 00:00:00 2001 From: Gabe Date: Mon, 30 Nov 2015 18:42:14 -0700

Re: [Freeipa-devel] [PATCH 0106] perform IPA client uninstallation as a last step of server uninstall

2015-11-30 Thread Jan Cholasta
On 30.11.2015 19:27, Martin Basti wrote: On 27.11.2015 16:18, Martin Babinsky wrote: This patch fixes https://fedorahosted.org/freeipa/ticket/5410 Functional ACK Martin^2 Is this waiting for my LGTM? LGTM. -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing

Re: [Freeipa-devel] [PATCH 0385] replicainstall: Add possiblity to install client in one

2015-11-30 Thread Jan Cholasta
On 30.11.2015 19:17, Simo Sorce wrote: On Mon, 2015-11-30 at 12:25 +0100, Tomas Babej wrote: +# Perform only if we have the necessary options +if not any([installer.admin_password, installer.keytab]): +sys.exit("IPA client is not configured on this system.\n" +

Re: [Freeipa-devel] [PATCH 0350] raise time limit for ldapsearch in upgrade

2015-11-30 Thread Jan Cholasta
On 30.11.2015 14:15, Martin Basti wrote: On 30.11.2015 08:19, Jan Cholasta wrote: On 24.11.2015 10:15, Martin Basti wrote: On 20.11.2015 09:00, Jan Cholasta wrote: On 19.11.2015 14:13, Jan Cholasta wrote: On 19.11.2015 14:09, Martin Babinsky wrote: On 11/19/2015 01:08 PM, Martin Basti

Re: [Freeipa-devel] [PATCH] 0748 Handle encoding for ipautil.run

2015-11-30 Thread Jan Cholasta
On 25.11.2015 15:47, Petr Viktorin wrote: On 11/25/2015 11:04 AM, Jan Cholasta wrote: On 24.11.2015 17:21, Petr Viktorin wrote: On 11/23/2015 10:50 AM, Jan Cholasta wrote: On 23.11.2015 07:43, Jan Cholasta wrote: On 19.11.2015 00:55, Petr Viktorin wrote: On 11/03/2015 02:39 PM, Petr

Re: [Freeipa-devel] [PATCH 0385] replicainstall: Add possiblity to install client in one

2015-11-30 Thread Jan Cholasta
On 26.11.2015 14:36, Tomas Babej wrote: On 11/26/2015 01:33 PM, Jan Cholasta wrote: On 25.11.2015 09:01, Jan Cholasta wrote: On 24.11.2015 15:56, Tomas Babej wrote: On 11/23/2015 04:43 PM, Jan Cholasta wrote: 3) +host_name = Knob( +str, None, +description="fully

Re: [Freeipa-devel] [PATCH 0387] custodia: Make sure container is created with first custodia

2015-11-30 Thread Tomas Babej
On 11/27/2015 05:26 PM, Martin Babinsky wrote: > On 11/27/2015 05:13 PM, Tomas Babej wrote: >> >> >> On 11/27/2015 05:04 PM, Martin Babinsky wrote: >>> On 11/27/2015 04:25 PM, Tomas Babej wrote: Hi, If a first 4.3+ replica is installed in the domain, the custodia container

[Freeipa-devel] [PATCH] 938 rename topology suffixes to "domain" and "ca"

2015-11-30 Thread Petr Vobornik
see https://www.redhat.com/archives/freeipa-devel/2015-November/msg00485.html -- Petr Vobornik From ae546045ff286b7787e90e6eed945c70463404a8 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Fri, 27 Nov 2015 17:00:23 +0100 Subject: [PATCH] rename topology suffixes to

[Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

2015-11-30 Thread Tomas Babej
Hi, IPA sudo tests worked under the assumption that the clients that are executing the sudo commands have their IPs assigned within 255.255.255.0 hostmask. Removes this (invalid) assumption and adds a dynamic detection of the hostmask of the IPA client.

Re: [Freeipa-devel] [PATCH] 924 use starttls in CSReplicationManager connection again

2015-11-30 Thread Tomas Babej
On 11/27/2015 04:18 PM, Simo Sorce wrote: > On Fri, 2015-11-27 at 14:51 +0100, Petr Vobornik wrote: >> On 10/23/2015 04:57 PM, Simo Sorce wrote: >>> On 23/10/15 08:39, Petr Vobornik wrote: not sure if the change in2606f5aecd6ac0db31abb515b691529bb7eaf14e was a mistake or done on

Re: [Freeipa-devel] [PATCH] 927 topology: treat server suffix as multivalued attribute in API

2015-11-30 Thread Petr Vobornik
On 11/30/2015 12:15 PM, Jan Cholasta wrote: On 27.11.2015 15:57, Petr Vobornik wrote: On 11/27/2015 02:50 PM, Martin Babinsky wrote: On 11/20/2015 03:56 PM, Petr Vobornik wrote: ACK Pushed to master: c688954c27c219cb18aff968fc1f510afff93981 As we discussed offline, the server plugin

Re: [Freeipa-devel] [IPAQE][REVIEW-REQUEST][TEST PLAN] Replica promotion

2015-11-30 Thread Petr Vobornik
On 11/26/2015 02:39 PM, Petr Vobornik wrote: On 11/23/2015 06:51 PM, Oleg Fayans wrote: Hi all, Here is a draft of the Replica Promotion test plan http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan == Test case: Unprivileged users are not allowed to enroll and promote clients ==

Re: [Freeipa-devel] [PATCH] 927 topology: treat server suffix as multivalued attribute in API

2015-11-30 Thread Jan Cholasta
On 27.11.2015 15:57, Petr Vobornik wrote: On 11/27/2015 02:50 PM, Martin Babinsky wrote: On 11/20/2015 03:56 PM, Petr Vobornik wrote: ACK Pushed to master: c688954c27c219cb18aff968fc1f510afff93981 As we discussed offline, the server plugin should use topologysuffix name instead of the

Re: [Freeipa-devel] [PATCH 0385] replicainstall: Add possiblity to install client in one

2015-11-30 Thread Tomas Babej
On 11/30/2015 09:25 AM, Jan Cholasta wrote: > On 26.11.2015 14:36, Tomas Babej wrote: >> >> >> On 11/26/2015 01:33 PM, Jan Cholasta wrote: >>> On 25.11.2015 09:01, Jan Cholasta wrote: On 24.11.2015 15:56, Tomas Babej wrote: > > > On 11/23/2015 04:43 PM, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

2015-11-30 Thread Jan Cholasta
Hi, On 27.11.2015 14:58, Martin Babinsky wrote: On 11/19/2015 06:19 PM, Martin Babinsky wrote: These two patches fix the following tickets: https://fedorahosted.org/freeipa/ticket/5377 https://fedorahosted.org/freeipa/ticket/5409 I have added a new option '--ignore-disconnected-topology'

Re: [Freeipa-devel] [PATCH] 0749 Package ipapython, ipalib, ipaplatform, ipatests for Python 3

2015-11-30 Thread Jan Cholasta
On 27.11.2015 13:46, Petr Viktorin wrote: On 11/26/2015 11:52 AM, Jan Cholasta wrote: 1) The freeipa-common subpackage is not necessary: /etc/ipa/dnssec should be owned by freeipa-server and everything else in /etc/ipa currently owned by freeipa-python should be owned by freeipa-client. If

Re: [Freeipa-devel] [PATCH 0364] ipa-kra-install: allow first KRA to be installed on replica

2015-11-30 Thread Martin Babinsky
On 11/27/2015 05:02 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5460 I tested just master, I will test ipa-4-2 later. patch attached. ACK for the master branch. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0350] raise time limit for ldapsearch in upgrade

2015-11-30 Thread Martin Basti
On 30.11.2015 08:19, Jan Cholasta wrote: On 24.11.2015 10:15, Martin Basti wrote: On 20.11.2015 09:00, Jan Cholasta wrote: On 19.11.2015 14:13, Jan Cholasta wrote: On 19.11.2015 14:09, Martin Babinsky wrote: On 11/19/2015 01:08 PM, Martin Basti wrote: On 18.11.2015 14:26, Martin Basti