Re: [Freeipa-devel] [PATCH] 0204 adtrust: support GSSAPI authentication to LDAP as Active Directory user

2016-06-10 Thread Petr Vobornik
On 06/10/2016 12:43 PM, Alexander Bokovoy wrote: > On Fri, 10 Jun 2016, Petr Vobornik wrote: >> On 06/09/2016 09:47 PM, Alexander Bokovoy wrote: >>> On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:49, Martin Babinsky wrote: > On 06/06/2016 12:38 PM, Alexander Bokovoy

Re: [Freeipa-devel] [PATCH] 0204 adtrust: support GSSAPI authentication to LDAP as Active Directory user

2016-06-10 Thread Petr Vobornik
On 06/10/2016 01:09 PM, Alexander Bokovoy wrote: > On Fri, 10 Jun 2016, Petr Vobornik wrote: >> On 06/10/2016 12:43 PM, Alexander Bokovoy wrote: >>> On Fri, 10 Jun 2016, Petr Vobornik wrote: On 06/09/2016 09:47 PM, Alexander Bokovoy wrote: > On Thu, 09 Jun 2016, Martin Basti wrote: >>

Re: [Freeipa-devel] [PATCH 0046] Don't fail in find/show methods if userCertificate is invalid

2016-06-10 Thread Stanislav Laznicka
On 06/09/2016 04:32 PM, Rob Crittenden wrote: Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 03:07:34PM +0200, Martin Basti wrote: On 09.06.2016 15:03, Martin Basti wrote: On 09.06.2016 15:02, Stanislav Laznicka wrote: On 06/09/2016 02:51 PM, Rob Crittenden wrote: Stanislav Laznicka wrote:

Re: [Freeipa-devel] [PATCHES 0146-0152] Server Roles v2

2016-06-10 Thread Jan Cholasta
On 9.6.2016 17:06, Martin Babinsky wrote: On 06/09/2016 03:54 PM, Petr Vobornik wrote: On 06/09/2016 01:02 PM, Martin Babinsky wrote: On 06/07/2016 07:01 PM, Pavel Vomacka wrote: On 06/07/2016 12:07 PM, Martin Babinsky wrote: On 06/03/2016 05:25 PM, Martin Babinsky wrote: I am sending

Re: [Freeipa-devel] [PATCH][WIP] DNS Location: generator for location records

2016-06-10 Thread Martin Basti
On 10.06.2016 10:21, Martin Basti wrote: On 09.06.2016 12:21, Martin Basti wrote: Hello, here is WIP version of generator for IPA DNS records and locations, that is responsible for creating and updating all IPA records for all masters. Please note that this is not finished yet and

[Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread Ludwig Krispenz
Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please

Re: [Freeipa-devel] [PATCH] 0204 adtrust: support GSSAPI authentication to LDAP as Active Directory user

2016-06-10 Thread Alexander Bokovoy
On Fri, 10 Jun 2016, Petr Vobornik wrote: On 06/09/2016 09:47 PM, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:49, Martin Babinsky wrote: On 06/06/2016 12:38 PM, Alexander Bokovoy wrote: Hi, In case an ID override was created for an Active Directory

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread Ludwig Krispenz
On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread thierry bordaz
On 06/10/2016 05:56 PM, Ludwig Krispenz wrote: On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread Ludwig Krispenz
On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in

[Freeipa-devel] [Testplan review] Sub CAs

2016-06-10 Thread Milan KubĂ­k
Hi Fraser and list, I've wrote a (minimal) draft [1] of the test plan for the Sub CAs feature and I also have several questions. Could you please take a look at it? Questions: As described in the last (currently) test case, should it be possible to specify both the CA and certificate

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

2016-06-10 Thread Stanislav Laznicka
On 06/08/2016 02:06 PM, Florence Blanc-Renaud wrote: On 06/08/2016 10:07 AM, Petr Spacek wrote: On 7.6.2016 15:11, Stanislav Laznicka wrote: Hello, Thank you for your patch. As the thin-client patches were pushed in the meantime, the patch won't apply. Could you please send a rebased version?

Re: [Freeipa-devel] [PATCH] 0208-0209 webUI changes for external trust and UPN suffixes

2016-06-10 Thread Alexander Bokovoy
On Fri, 10 Jun 2016, Pavel Vomacka wrote: On 06/09/2016 02:19 PM, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Sumit Bose wrote: On Thu, Jun 09, 2016 at 02:30:52PM +0300, Alexander Bokovoy wrote: Hi, webUI changes to support external trust and showing UPN suffixes are attached. UPN

Re: [Freeipa-devel] [PATCHES 0146-0152] Server Roles v2

2016-06-10 Thread Martin Babinsky
On 06/10/2016 02:22 PM, Jan Cholasta wrote: On 9.6.2016 17:06, Martin Babinsky wrote: On 06/09/2016 03:54 PM, Petr Vobornik wrote: On 06/09/2016 01:02 PM, Martin Babinsky wrote: On 06/07/2016 07:01 PM, Pavel Vomacka wrote: On 06/07/2016 12:07 PM, Martin Babinsky wrote: On 06/03/2016 05:25

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread thierry bordaz
On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy

Re: [Freeipa-devel] [PATCH] 0208-0209 webUI changes for external trust and UPN suffixes

2016-06-10 Thread Pavel Vomacka
On 06/09/2016 02:19 PM, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Sumit Bose wrote: On Thu, Jun 09, 2016 at 02:30:52PM +0300, Alexander Bokovoy wrote: Hi, webUI changes to support external trust and showing UPN suffixes are attached. UPN Suffixes defined on AD side and fetched with

Re: [Freeipa-devel] [PATCH 0501] Revert: switch /usr/bin/ipa to python3

2016-06-10 Thread Martin Basti
On 10.06.2016 06:17, Jan Cholasta wrote: On 9.6.2016 20:57, Martin Basti wrote: Py3 support was enabled prematurely, attached patches removes python3 from /usr/bin/ipa Notes: * ipa 4.3.x won't have enabled py3 * master (ipa 4.4+) will have disabled py3 temporarily NACK. you reverted

Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter

2016-06-10 Thread Martin Kosek
On 06/10/2016 10:01 AM, Martin Basti wrote: > > > On 09.06.2016 21:45, Alexander Bokovoy wrote: >> On Thu, 09 Jun 2016, Martin Basti wrote: >>> >>> >>> On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: > On Mon, 06 Jun 2016, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter

2016-06-10 Thread Martin Basti
On 09.06.2016 21:45, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Jan Cholasta wrote: On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14,

Re: [Freeipa-devel] [PATCH][WIP] DNS Location: generator for location records

2016-06-10 Thread Martin Basti
On 09.06.2016 12:21, Martin Basti wrote: Hello, here is WIP version of generator for IPA DNS records and locations, that is responsible for creating and updating all IPA records for all masters. Please note that this is not finished yet and some methods may not work. Patch attached

[Freeipa-devel] Storing directory path in variables

2016-06-10 Thread Florence Blanc-Renaud
Hi, I am working on a bug linked to a trailing / in a directory name. It looks like hardcoded paths for directories sometimes contain the trailing / but not always (for instance dsinstance.config_dirname() returns something like '/etc/dirsrv/slapd-DOM-221-ABC-IDM-LAB-ENG-BRQ-REDHAT-COM*/*'

Re: [Freeipa-devel] [PATCH] 0204 adtrust: support GSSAPI authentication to LDAP as Active Directory user

2016-06-10 Thread Petr Vobornik
On 06/09/2016 09:47 PM, Alexander Bokovoy wrote: > On Thu, 09 Jun 2016, Martin Basti wrote: >> >> >> On 09.06.2016 17:49, Martin Babinsky wrote: >>> On 06/06/2016 12:38 PM, Alexander Bokovoy wrote: Hi, In case an ID override was created for an Active Directory user in the

Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter

2016-06-10 Thread Martin Basti
On 10.06.2016 12:13, Martin Basti wrote: On 10.06.2016 11:01, Martin Kosek wrote: On 06/10/2016 10:01 AM, Martin Basti wrote: On 09.06.2016 21:45, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM,

Re: [Freeipa-devel] [PATCH 0046] Don't fail in find/show methods if userCertificate is invalid

2016-06-10 Thread Petr Spacek
On 9.6.2016 15:07, Martin Basti wrote: > > > On 09.06.2016 15:03, Martin Basti wrote: >> >> >> On 09.06.2016 15:02, Stanislav Laznicka wrote: >>> On 06/09/2016 02:51 PM, Rob Crittenden wrote: Stanislav Laznicka wrote: > Hello, > > Please see the attached patch of >

Re: [Freeipa-devel] [PATCH] 0204 adtrust: support GSSAPI authentication to LDAP as Active Directory user

2016-06-10 Thread Alexander Bokovoy
On Fri, 10 Jun 2016, Petr Vobornik wrote: On 06/10/2016 12:43 PM, Alexander Bokovoy wrote: On Fri, 10 Jun 2016, Petr Vobornik wrote: On 06/09/2016 09:47 PM, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:49, Martin Babinsky wrote: On 06/06/2016 12:38

Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter

2016-06-10 Thread Lukas Slebodnik
On (10/06/16 11:01), Martin Kosek wrote: >On 06/10/2016 10:01 AM, Martin Basti wrote: >> >> >> On 09.06.2016 21:45, Alexander Bokovoy wrote: >>> On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:56, Martin Babinsky wrote: > On 06/06/2016 01:37 PM, Alexander Bokovoy

[Freeipa-devel] [PATCH] 0045-47: webui: Sub-CAs

2016-06-10 Thread Pavel Vomacka
Hello, please review these new patches which add WebUI for Sub-CAs. https://fedorahosted.org/freeipa/ticket/5939 -- Pavel^3 Vomacka From e76324180aa9518a93867fd6c9daa50a8fa79c1f Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Fri, 10 Jun 2016 16:12:45 +0200 Subject:

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread Ludwig Krispenz
On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy paste :-) Also I wonder if a reason of empty

Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter

2016-06-10 Thread Petr Vobornik
On 06/10/2016 04:03 PM, Lukas Slebodnik wrote: > On (10/06/16 11:01), Martin Kosek wrote: >> On 06/10/2016 10:01 AM, Martin Basti wrote: >>> Sorry I misread that ticket in the commit message, because ipatool was >>> unable >>> to parse it from commit message >>> >>> Pushed to master: