Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 06.05.2016 14:58, Oleg Fayans wrote: On 05/06/2016 11:42 AM, Martin Basti wrote: On 06.05.2016 11:14, Oleg Fayans wrote: On 05/06/2016 09:48 AM, Martin Basti wrote: On 06.05.2016 09:36, Oleg Fayans wrote: Tests are finally stable: = test session starts

Re: [Freeipa-devel] [PATCH] 0770 Switch /usr/bin/ipa to Python 3

On 06.05.2016 16:16, Petr Viktorin wrote: On 05/06/2016 03:52 PM, Martin Basti wrote: On 06.05.2016 15:50, Petr Spacek wrote: On 6.5.2016 15:13, Petr Viktorin wrote: On 05/03/2016 03:01 PM, Petr Spacek wrote: On 29.4.2016 19:49, Petr Viktorin wrote: On 04/12/2016 12:52 PM, Petr Spacek

Re: [Freeipa-devel] [DESIGN] Kerberos principal alias handling

On 05/05/2016 02:58 PM, Milan Kubík wrote: On 04/08/2016 05:10 PM, Martin Babinsky wrote: Hi list, I have put together a draft [1] outlining the effort to reimplement the handling of Kerberos principals in both backend and frontend layers of FreeIPA so that we may have multiple aliases per

Re: [Freeipa-devel] [PATCH 0469] make: fail when API.txt or ACI.txt differ from code

On 29.04.2016 17:32, Lukas Slebodnik wrote: On (29/04/16 16:32), Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5865 Patch attached. >From 511f9bb1645a707ee83571123df9548731cc9387 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Fri, 29 Apr 2016 16:28:28

Re: [Freeipa-devel] [PATCH 0393-0398] Unload automatic empty zones only if conflicting forward zone has policy 'only'Add ability to log warningsUnload automatic empty zones which are super/sub/equal d

On 04/06/2016 01:42 PM, Petr Spacek wrote: > Hello, > > attached patch set implements > https://fedorahosted.org/bind-dyndb-ldap/ticket/160 > described in > https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/AutomaticEmptyZones > > It will be accompanied with upgrade code in FreeIPA which

Re: [Freeipa-devel] Should we stop supporting realm != upper(domain) installations?

On 06.05.2016 15:55, Christian Heimes wrote: On 2016-05-06 15:50, Martin Babinsky wrote: On 05/06/2016 03:43 PM, Petr Spacek wrote: Hello, I wonder if we should stop supporting new installations where Kerberos realm != uppercase(primary DNS domain). It breaks a lot of stuff, is harder to

Re: [Freeipa-devel] [PATCH] 0770 Switch /usr/bin/ipa to Python 3

On 05/06/2016 03:52 PM, Martin Basti wrote: > > > On 06.05.2016 15:50, Petr Spacek wrote: >> On 6.5.2016 15:13, Petr Viktorin wrote: >>> On 05/03/2016 03:01 PM, Petr Spacek wrote: On 29.4.2016 19:49, Petr Viktorin wrote: > On 04/12/2016 12:52 PM, Petr Spacek wrote: >> On 19.2.2016

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 05/06/2016 03:25 PM, Petr Spacek wrote: > On 6.5.2016 15:03, Oleg Fayans wrote: >> >> >> On 05/06/2016 12:08 PM, Martin Babinsky wrote: >>> On 05/06/2016 11:14 AM, Oleg Fayans wrote: On 05/06/2016 09:48 AM, Martin Basti wrote: > > > On 06.05.2016 09:36, Oleg Fayans

Re: [Freeipa-devel] [PATCH 0103] DNS installer: accept --auto-forwarders option in unattended mode

On 03.05.2016 14:56, Petr Spacek wrote: Hello, DNS installer: accept --auto-forwarders option in unattended mode https://fedorahosted.org/freeipa/ticket/5869 ACK -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 06.05.2016 16:38, Oleg Fayans wrote: On 05/06/2016 03:25 PM, Petr Spacek wrote: On 6.5.2016 15:03, Oleg Fayans wrote: On 05/06/2016 12:08 PM, Martin Babinsky wrote: On 05/06/2016 11:14 AM, Oleg Fayans wrote: On 05/06/2016 09:48 AM, Martin Basti wrote: On 06.05.2016 09:36, Oleg

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 6.5.2016 15:03, Oleg Fayans wrote: > > > On 05/06/2016 12:08 PM, Martin Babinsky wrote: >> On 05/06/2016 11:14 AM, Oleg Fayans wrote: >>> >>> >>> On 05/06/2016 09:48 AM, Martin Basti wrote: On 06.05.2016 09:36, Oleg Fayans wrote: > Tests are finally stable: > >

[Freeipa-devel] Should we stop supporting realm != upper(domain) installations?

Hello, I wonder if we should stop supporting new installations where Kerberos realm != uppercase(primary DNS domain). It breaks a lot of stuff, is harder to manager and docs are full of warnings discouraging it anyway. Do we really need to support it for new installs? -- Petr^2 Spacek --

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 05/06/2016 03:03 PM, Oleg Fayans wrote: On 05/06/2016 12:08 PM, Martin Babinsky wrote: On 05/06/2016 11:14 AM, Oleg Fayans wrote: On 05/06/2016 09:48 AM, Martin Basti wrote: On 06.05.2016 09:36, Oleg Fayans wrote: Tests are finally stable: = test session

Re: [Freeipa-devel] Should we stop supporting realm != upper(domain) installations?

On 05/06/2016 03:43 PM, Petr Spacek wrote: Hello, I wonder if we should stop supporting new installations where Kerberos realm != uppercase(primary DNS domain). It breaks a lot of stuff, is harder to manager and docs are full of warnings discouraging it anyway. Do we really need to support it

Re: [Freeipa-devel] [PATCH] 0770 Switch /usr/bin/ipa to Python 3

On 6.5.2016 15:13, Petr Viktorin wrote: > On 05/03/2016 03:01 PM, Petr Spacek wrote: >> On 29.4.2016 19:49, Petr Viktorin wrote: >>> On 04/12/2016 12:52 PM, Petr Spacek wrote: On 19.2.2016 13:50, Petr Viktorin wrote: > Is it time yet? > > This patch switches /usr/bin/ipa to Python

Re: [Freeipa-devel] [PATCH] 0770 Switch /usr/bin/ipa to Python 3

On 06.05.2016 15:50, Petr Spacek wrote: On 6.5.2016 15:13, Petr Viktorin wrote: On 05/03/2016 03:01 PM, Petr Spacek wrote: On 29.4.2016 19:49, Petr Viktorin wrote: On 04/12/2016 12:52 PM, Petr Spacek wrote: On 19.2.2016 13:50, Petr Viktorin wrote: Is it time yet? This patch switches

Re: [Freeipa-devel] Should we stop supporting realm != upper(domain) installations?

On 2016-05-06 15:50, Martin Babinsky wrote: > On 05/06/2016 03:43 PM, Petr Spacek wrote: >> Hello, >> >> I wonder if we should stop supporting new installations where >> Kerberos realm != uppercase(primary DNS domain). >> >> It breaks a lot of stuff, is harder to manager and docs are full of >>

[Freeipa-devel] [DESIGN] Lightweight CA renewal

Hullo all, FreeIPA Lightweight CAs implementation is progressing well. The remaining big unknown in the design is how to do renewal. I have put my ideas into the design page[1] and would appreciate any and all feedback! [1] http://www.freeipa.org/page/V4/Sub-CAs#Renewal Some brief commentary

[Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

Tests are finally stable: = test session starts == platform linux2 -- Python 2.7.11 -- py-1.4.30 -- pytest-2.7.3 rootdir: /usr/lib/python2.7/site-packages/ipatests, inifile: pytest.ini plugins: multihost, sourceorder collected 8 items

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 06.05.2016 09:36, Oleg Fayans wrote: Tests are finally stable: = test session starts == platform linux2 -- Python 2.7.11 -- py-1.4.30 -- pytest-2.7.3 rootdir: /usr/lib/python2.7/site-packages/ipatests, inifile: pytest.ini plugins:

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 06.05.2016 11:14, Oleg Fayans wrote: On 05/06/2016 09:48 AM, Martin Basti wrote: On 06.05.2016 09:36, Oleg Fayans wrote: Tests are finally stable: = test session starts == platform linux2 -- Python 2.7.11 -- py-1.4.30 --

[Freeipa-devel] [PATCH 0473-0476]DNS Locations: Prologue

https://fedorahosted.org/freeipa/ticket/2008 Patches attached. From 9a936740da7cdacec150acc92a45041a98ce7cb3 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 4 May 2016 17:33:52 +0200 Subject: [PATCH 1/4] DNS Locations: Always create DNS related privileges DNS

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 05/06/2016 09:48 AM, Martin Basti wrote: > > > On 06.05.2016 09:36, Oleg Fayans wrote: >> Tests are finally stable: >> >> = test session starts >> == >> platform linux2 -- Python 2.7.11 -- py-1.4.30 -- pytest-2.7.3 >> rootdir:

Re: [Freeipa-devel] [PATCH] 0001 (update 2) provide more information for "ipa cert-revoke -h"

On 04.05.2016 14:30, Gabe Alford wrote: On Wed, May 4, 2016 at 1:35 AM, Patrice Duc-Jacquet > wrote: Hi everyone this is a second update that take into account review feedback. In case the proposal fix is K what are the next step

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 05/06/2016 11:42 AM, Martin Basti wrote: > > > On 06.05.2016 11:14, Oleg Fayans wrote: >> >> On 05/06/2016 09:48 AM, Martin Basti wrote: >>> >>> On 06.05.2016 09:36, Oleg Fayans wrote: Tests are finally stable: = test session starts

Re: [Freeipa-devel] [DESIGN] Kerberos principal alias handling

On 04/18/2016 10:31 AM, Martin Kosek wrote: > On 04/08/2016 05:10 PM, Martin Babinsky wrote: >> Hi list, >> >> I have put together a draft [1] outlining the effort to reimplement the >> handling of Kerberos principals in both backend and frontend layers of >> FreeIPA >> so that we may have

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 05/06/2016 12:08 PM, Martin Babinsky wrote: > On 05/06/2016 11:14 AM, Oleg Fayans wrote: >> >> >> On 05/06/2016 09:48 AM, Martin Basti wrote: >>> >>> >>> On 06.05.2016 09:36, Oleg Fayans wrote: Tests are finally stable: = test session starts

[Freeipa-devel] [PATCHES] 0786-0788 More Python 3 fixes

Hi, With these patches, xmlrpc_tests pass for me (except those that fail on py2, and, if python3-ipaserver is installed, some in permission that use ldap2 plugin). -- Petr Viktorin From 55da506e7fe3a4aa22a4fc5228e168f7af958c74 Mon Sep 17 00:00:00 2001 From: Petr Viktorin

Re: [Freeipa-devel] [PATCH] 0770 Switch /usr/bin/ipa to Python 3

On 05/03/2016 03:01 PM, Petr Spacek wrote: > On 29.4.2016 19:49, Petr Viktorin wrote: >> On 04/12/2016 12:52 PM, Petr Spacek wrote: >>> On 19.2.2016 13:50, Petr Viktorin wrote: Is it time yet? This patch switches /usr/bin/ipa to Python 3 for - the in-tree ./ipa command -

Re: [Freeipa-devel] [DESIGN] Kerberos principal alias handling

On 05/06/2016 02:57 PM, Martin Kosek wrote: On 04/18/2016 10:31 AM, Martin Kosek wrote: On 04/08/2016 05:10 PM, Martin Babinsky wrote: Hi list, I have put together a draft [1] outlining the effort to reimplement the handling of Kerberos principals in both backend and frontend layers of

Re: [Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators

On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel McCallum wrote: > This series of patches implements authentication indicator insertion, > evaluation and management in FreeIPA. Besides these patches, two other > patches are needed to round out support. > > First, we need a UI patch: 

Re: [Freeipa-devel] [WIP] Thin client

On 28.04.2016 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review. The rest is subject to change

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On 05/06/2016 11:14 AM, Oleg Fayans wrote: On 05/06/2016 09:48 AM, Martin Basti wrote: On 06.05.2016 09:36, Oleg Fayans wrote: Tests are finally stable: = test session starts == platform linux2 -- Python 2.7.11 -- py-1.4.30 --

Re: [Freeipa-devel] [TEST][patch-0037]Fixes of dnssec tests

On (06/05/16 11:14), Oleg Fayans wrote: >On 05/06/2016 09:48 AM, Martin Basti wrote: >> On 06.05.2016 09:36, Oleg Fayans wrote: >>> Tests are finally stable: >>> >>> = test session starts >>> == >>> platform linux2 -- Python 2.7.11 --

Re: [Freeipa-devel] [WIP][PATCH] Time-Based HBAC Policies

Hello, The time rules for FreeIPA effort is now to be found on Github. I forked FreeIPA and SSSD repos and added the current state of work there. https://github.com/stlaz/freeipa/tree/timerules https://github.com/stlaz/sssd/tree/freeipa-timerules Please note that if I'll be making changes to