Re: [Freeipa-devel] [PATCH] 0059..0064 Lightweight sub-CAs

On 13.6.2016 08:59, Jan Cholasta wrote: On 13.6.2016 08:38, Fraser Tweedale wrote: On Fri, Jun 10, 2016 at 12:48:00AM +1000, Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 12:36:35PM +0200, Jan Cholasta wrote: On 9.6.2016 11:10, Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 10:12:40AM

Re: [Freeipa-devel] Fwd: Re: [PATCH 0166] test-{service, host}-plugin: only expect krbcanonicalname when all=True

On 28.06.2016 09:04, Martin Babinsky wrote: Bringing freeipa-devel list back to loop. Forwarded Message Subject: Re: [PATCH 0166] test-{service,host}-plugin: only expect krbcanonicalname when all=True Date: Tue, 28 Jun 2016 06:54:19 +0200 From: Lenka Doudova

Re: [Freeipa-devel] [PATCH 0167] test_serverroles: ensure that test API is initialized with correct ldap_uri

On 27.06.2016 16:00, Lenka Doudova wrote: On 06/27/2016 02:04 PM, Martin Babinsky wrote: Makes the test suite play nice with others during CI. https://fedorahosted.org/freeipa/ticket/6000 ACK, thank you! Lenka Pushed to master: a79d45ad790d57c0f3f8db88ceae95e34267cda3 -- Manage your

Re: [Freeipa-devel] [PATCH 0139] DNS: Fix tests for realm domains integration with DNS zone ad

On 27/06/16 11:48, Petr Spacek wrote: Hello, DNS: Fix tests for realm domains integration with DNS zone add We forgot to update tests after change in 22f4045f72daf182c44ce574291c0d8a7733713b. https://fedorahosted.org/freeipa/ticket/5980 It should go to master, 4-3, and 4-2 as well (as the

Re: [Freeipa-devel] Broken pki 10.3.3-1 packages in freeipa-master COPR

On Tue, 28 Jun 2016, Petr Vobornik wrote: On 06/27/2016 08:11 PM, Lukas Slebodnik wrote: On (27/06/16 17:55), Milan Kubík wrote: Hi all, the pki packages that are currently in the COPR repo [1] are broken. There is a conflict between pki-server and pki-base: Error: Transaction check error:

Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

On Tue, Jun 28, 2016 at 10:43:00AM +0200, Oleg Fayans wrote: > Hi Sumit, > > The testplan is updated according to your second note. The WebUI part > I'll test once Pavel's patch is merged. Thank you. bye, Sumit > > On 06/27/2016 10:28 AM, Sumit Bose wrote: > > On Mon, Jun 27, 2016 at

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 06/17/2016 09:14 AM, Stanislav Laznicka wrote: On 06/14/2016 04:40 PM, Jan Cholasta wrote: On 14.6.2016 16:35, Martin Basti wrote: On 14.06.2016 16:37, Jan Cholasta wrote: On 14.6.2016 16:29, Martin Basti wrote: On 08.06.2016 14:17, Stanislav Laznicka wrote: On 06/07/2016 10:42 AM,

Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

Hi Sumit, The testplan is updated according to your second note. The WebUI part I'll test once Pavel's patch is merged. On 06/27/2016 10:28 AM, Sumit Bose wrote: > On Mon, Jun 27, 2016 at 10:06:23AM +0200, Oleg Fayans wrote: >> Hi Sumit, >> >> I've updated the testplan. (Thank you for the link

[Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test

Passing test output: https://paste.fedoraproject.org/385774/71035231/ -- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 7bc97eb762c951a8bc3762d8bd23da4ee06a6edb Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Tue, 28 Jun 2016 10:33:13 +0200 Subject: [PATCH] Added

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

On 06/27/2016 10:18 PM, Rob Crittenden wrote: Florence Blanc-Renaud wrote: Hi all, thanks for your suggestions. Updated patch attached. Flo. The invocation in ipactl should say server, not client. Otherwise LGTM (untested). rob Hi all, thanks to Rob for catching the typo. Patch with

Re: [Freeipa-devel] [PATCH 0020][Tests] Make ID views test reflect new krbcanonicalname attribute

On 27.06.2016 11:10, Lenka Doudova wrote: On 06/27/2016 10:26 AM, Martin Babinsky wrote: On 06/23/2016 03:51 PM, Lenka Doudova wrote: Patch attached. Lenka Thanks for catching this. conditional ACK if you add https://fedorahosted.org/freeipa/ticket/3864 to the commit message.

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

On 28.06.2016 10:51, Florence Blanc-Renaud wrote: On 06/27/2016 10:18 PM, Rob Crittenden wrote: Florence Blanc-Renaud wrote: Hi all, thanks for your suggestions. Updated patch attached. Flo. The invocation in ipactl should say server, not client. Otherwise LGTM (untested). rob Hi

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

On Tue, Jun 28, 2016 at 11:00:17AM +0200, Martin Kosek wrote: > Hi Fraser, > > I was testing FreeIPA Sub-CA feature and setup a Sub-CA: > > CN=Certificate Authority,O=VPN,O=DEMO1.FREEIPA.ORG > > Then I set up ACL and generated a certificate request by: > > $ certutil -R -d . -a -g 2048 -s >

Re: [Freeipa-devel] Broken pki 10.3.3-1 packages in freeipa-master COPR

On Tue, 28 Jun 2016, Lukas Slebodnik wrote: On (28/06/16 10:57), Alexander Bokovoy wrote: On Tue, 28 Jun 2016, Petr Vobornik wrote: On 06/27/2016 08:11 PM, Lukas Slebodnik wrote: > On (27/06/16 17:55), Milan Kubík wrote: > > Hi all, > > > > the pki packages that are currently in the COPR repo

Re: [Freeipa-devel] Broken pki 10.3.3-1 packages in freeipa-master COPR

On 06/28/2016 01:20 PM, Alexander Bokovoy wrote: On Tue, 28 Jun 2016, Lukas Slebodnik wrote: On (28/06/16 10:57), Alexander Bokovoy wrote: On Tue, 28 Jun 2016, Petr Vobornik wrote: On 06/27/2016 08:11 PM, Lukas Slebodnik wrote: > On (27/06/16 17:55), Milan Kubík wrote: > > Hi all, > > > > the

Re: [Freeipa-devel] Broken pki 10.3.3-1 packages in freeipa-master COPR

On Tue, 28 Jun 2016, Milan Kubík wrote: It's real packaging bug and have to be fixed. Right. The same files are owned by two packages even though one depens on other. Milan, please fiel a fedora bug. [root@5946ca9bf02b /]# rpm -q pki-server pki-base pki-server-10.3.3-1.fc24.noarch

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

On 28.6.2016 12:33, Martin Kosek wrote: On 06/28/2016 12:23 PM, Fraser Tweedale wrote: On Tue, Jun 28, 2016 at 11:00:17AM +0200, Martin Kosek wrote: Hi Fraser, I was testing FreeIPA Sub-CA feature and setup a Sub-CA: CN=Certificate Authority,O=VPN,O=DEMO1.FREEIPA.ORG Then I set up ACL and

Re: [Freeipa-devel] Broken pki 10.3.3-1 packages in freeipa-master COPR

On (28/06/16 10:57), Alexander Bokovoy wrote: >On Tue, 28 Jun 2016, Petr Vobornik wrote: >> On 06/27/2016 08:11 PM, Lukas Slebodnik wrote: >> > On (27/06/16 17:55), Milan Kubík wrote: >> > > Hi all, >> > > >> > > the pki packages that are currently in the COPR repo [1] are broken. >> > > There

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

On 2016-06-28 12:49, Martin Kosek wrote: > On 06/28/2016 12:49 PM, Jan Cholasta wrote: >> On 28.6.2016 12:33, Martin Kosek wrote: >>> On 06/28/2016 12:23 PM, Fraser Tweedale wrote: On Tue, Jun 28, 2016 at 11:00:17AM +0200, Martin Kosek wrote: > Hi Fraser, > > I was testing FreeIPA

Re: [Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test

Patch-0050 rebased against latest upstream branch On 06/28/2016 10:45 AM, Oleg Fayans wrote: > Passing test output: > > https://paste.fedoraproject.org/385774/71035231/ > > > -- Oleg Fayans Quality Engineer FreeIPA team RedHat. From f032df3a1d58e200d0f8bf8dbc121e5f03eb041e Mon Sep 17

Re: [Freeipa-devel] [PATCH] 0079 Set default OCSP URI on install and upgrade

On 28.06.2016 12:31, Martin Basti wrote: On 27.06.2016 14:22, Martin Basti wrote: On 27.06.2016 14:10, Fraser Tweedale wrote: On Mon, Jun 27, 2016 at 02:02:15PM +0200, Martin Basti wrote: On 27.06.2016 13:58, Fraser Tweedale wrote: Hi all, The attached patch fixes the OCSP URI in the

Re: [Freeipa-devel] [PATCH] 0079 Set default OCSP URI on install and upgrade

On 27.06.2016 14:22, Martin Basti wrote: On 27.06.2016 14:10, Fraser Tweedale wrote: On Mon, Jun 27, 2016 at 02:02:15PM +0200, Martin Basti wrote: On 27.06.2016 13:58, Fraser Tweedale wrote: Hi all, The attached patch fixes the OCSP URI in the Dogtag CA and system certificates

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

On 06/28/2016 12:49 PM, Jan Cholasta wrote: > On 28.6.2016 12:33, Martin Kosek wrote: >> On 06/28/2016 12:23 PM, Fraser Tweedale wrote: >>> On Tue, Jun 28, 2016 at 11:00:17AM +0200, Martin Kosek wrote: Hi Fraser, I was testing FreeIPA Sub-CA feature and setup a Sub-CA:

[Freeipa-devel] [PATCH] API compatibility

Hello! Honza has pushed first patches needed for API compatibility into his GitHub repo [1]. I have reviewed patch set adding command versioning: frontend: forward command calls using full name schema: support plugin versioning plugable: support plugin versioning plugable: use plugin class

Re: [Freeipa-devel] Broken pki 10.3.3-1 packages in freeipa-master COPR

On 06/28/2016 01:03 PM, Lukas Slebodnik wrote: On (28/06/16 10:57), Alexander Bokovoy wrote: On Tue, 28 Jun 2016, Petr Vobornik wrote: On 06/27/2016 08:11 PM, Lukas Slebodnik wrote: On (27/06/16 17:55), Milan Kubík wrote: Hi all, the pki packages that are currently in the COPR repo [1] are

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

On Tue, Jun 28, 2016 at 12:49:26PM +0200, Martin Kosek wrote: > On 06/28/2016 12:49 PM, Jan Cholasta wrote: > > On 28.6.2016 12:33, Martin Kosek wrote: > >> On 06/28/2016 12:23 PM, Fraser Tweedale wrote: > >>> On Tue, Jun 28, 2016 at 11:00:17AM +0200, Martin Kosek wrote: > Hi Fraser, > >

Re: [Freeipa-devel] [PATCH 0053] Fix wrong imports in copy-schema-to-ca

On 28.6.2016 14:52, Stanislav Laznicka wrote: > Hello, > > The attached patch fixes wrong imports in copy-schema-to-ca.py script. > > https://fedorahosted.org/freeipa/ticket/6003 ACK -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] 0061: webui: Add support for 'dns_update_system_records' command

On 06/28/2016 03:12 PM, Petr Spacek wrote: On 27.6.2016 17:48, Pavel Vomacka wrote: On 06/23/2016 04:58 PM, Petr Vobornik wrote: On 06/23/2016 04:34 PM, Martin Basti wrote: On 23.06.2016 09:57, Pavel Vomacka wrote: Hello, please review attached patch. Part of:

Re: [Freeipa-devel] [PATCH 0537] CA replica promotion: add proper CA DNS records

On 06/28/2016 04:59 PM, Martin Basti wrote: On 28.06.2016 16:46, Petr Spacek wrote: On 23.6.2016 12:44, Martin Basti wrote: patch attached. https://fedorahosted.org/freeipa/ticket/5966 ACK Pushed to master: 5693d195501611c6abe9dbdf1370b898ffa6b3c7 Pushed to ipa-4-3:

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

On 06/28/2016 11:05 AM, Martin Basti wrote: On 28.06.2016 10:51, Florence Blanc-Renaud wrote: On 06/27/2016 10:18 PM, Rob Crittenden wrote: Florence Blanc-Renaud wrote: Hi all, thanks for your suggestions. Updated patch attached. Flo. The invocation in ipactl should say server, not

[Freeipa-devel] [Test][Patch-0051] Fixed import error in replica promotion test

-- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 0268535dcc8426667f5742a05f4554f8ff9bd031 Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Tue, 28 Jun 2016 16:00:08 +0200 Subject: [PATCH] Fixed import error --- ipatests/test_integration/test_replica_promotion.py |

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

On 06/28/2016 02:05 PM, Fraser Tweedale wrote: > On Tue, Jun 28, 2016 at 12:49:26PM +0200, Martin Kosek wrote: >> On 06/28/2016 12:49 PM, Jan Cholasta wrote: >>> On 28.6.2016 12:33, Martin Kosek wrote: On 06/28/2016 12:23 PM, Fraser Tweedale wrote: > On Tue, Jun 28, 2016 at 11:00:17AM

Re: [Freeipa-devel] [PATCH 0537] CA replica promotion: add proper CA DNS records

On 28.06.2016 16:46, Petr Spacek wrote: On 23.6.2016 12:44, Martin Basti wrote: patch attached. https://fedorahosted.org/freeipa/ticket/5966 ACK Pushed to master: 5693d195501611c6abe9dbdf1370b898ffa6b3c7 Pushed to ipa-4-3: 8502fe4883d33afab57cfc4cb4695ed8061daa7e -- Manage your

Re: [Freeipa-devel] [PATCH 0537] CA replica promotion: add proper CA DNS records

On 28.06.2016 17:41, Milan Kubík wrote: On 06/28/2016 04:59 PM, Martin Basti wrote: On 28.06.2016 16:46, Petr Spacek wrote: On 23.6.2016 12:44, Martin Basti wrote: patch attached. https://fedorahosted.org/freeipa/ticket/5966 ACK Pushed to master:

Re: [Freeipa-devel] [PATCH] 0079 Set default OCSP URI on install and upgrade

On 28.06.2016 12:32, Martin Basti wrote: On 28.06.2016 12:31, Martin Basti wrote: On 27.06.2016 14:22, Martin Basti wrote: On 27.06.2016 14:10, Fraser Tweedale wrote: On Mon, Jun 27, 2016 at 02:02:15PM +0200, Martin Basti wrote: On 27.06.2016 13:58, Fraser Tweedale wrote: Hi all,

Re: [Freeipa-devel] [WIP] Kerberos principal aliases pt. 2

On 06/24/2016 09:52 AM, Martin Babinsky wrote: Hi list, I am furiously working on tickets related to the proper support and API for managing kerberos principal aliases for hosts, users, and services[1-5]. To better track and comment on my progress, I have forked freeipa on git and created a

[Freeipa-devel] [PATCH 0140-0142] Use NSS for name->resolution in IPA installer & relax some DNS checks

Hello, DNS: Remove unnecessary DNS check from installer Previously we were checking content of DNS before actually adding DNS records for replicas. This is causing cycle in logic and adds weird corner cases to the installer which can blow up on DNS timeout or so. The check was completely

Re: [Freeipa-devel] [PATCH 0138] replica-install: Compare domain names as DNS names and not string

On 27.06.2016 14:03, Martin Basti wrote: On 27.06.2016 14:02, Petr Spacek wrote: On 27.6.2016 11:20, Petr Spacek wrote: On 27.6.2016 10:30, Martin Basti wrote: On 23.06.2016 18:32, Petr Spacek wrote: Hello, replica-install: Compare domain names as DNS names and not strings This fixes

Re: [Freeipa-devel] [PATCH 0538-0540] DNS locations: epilogue

On 27.6.2016 11:43, Martin Basti wrote: > > > On 27.06.2016 10:56, Petr Spacek wrote: >> On 24.6.2016 12:25, Martin Basti wrote: >>> >>> On 23.06.2016 18:26, Petr Spacek wrote: On 23.6.2016 16:38, Martin Basti wrote: > Patches attached. > > >

Re: [Freeipa-devel] [PATCH 0538-0540] DNS locations: epilogue

On 28.06.2016 15:22, Petr Spacek wrote: On 27.6.2016 11:43, Martin Basti wrote: On 27.06.2016 10:56, Petr Spacek wrote: On 24.6.2016 12:25, Martin Basti wrote: On 23.06.2016 18:26, Petr Spacek wrote: On 23.6.2016 16:38, Martin Basti wrote: Patches attached.

[Freeipa-devel] [PATCH] 0082 cert-request: better error msg when 'add' not supported

The attached patch fixes https://fedorahosted.org/freeipa/ticket/5991. Thanks, Fraser From 2363a1fe3486a00c69df781cc9bd43f5916a1733 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 29 Jun 2016 15:02:51 +1000 Subject: [PATCH] cert-request: better error msg when 'add'

[Freeipa-devel] [PATCH] 0081 Add --ca option to cert-revoke and cert-remove-hold

Dear team, The attached patch implements the --ca option for the rest of the cert-blah commands (https://fedorahosted.org/freeipa/ticket/5999). Thanks, Fraser From 668b826d94237d33e34605a5517b40c17de36780 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 29 Jun 2016

Re: [Freeipa-devel] Broken pki 10.3.3-1 packages in freeipa-master COPR

On (28/06/16 14:50), Alexander Bokovoy wrote: >On Tue, 28 Jun 2016, Milan Kubík wrote: >> > > It's real packaging bug and have to be fixed. >> > Right. >> > >> > > The same files are owned by two packages even though one depens >> > > on other. >> > > Milan, please fiel a fedora bug. >> > > >> >

Re: [Freeipa-devel] [PATCH 0139] DNS: Fix tests for realm domains integration with DNS zone ad

On 28.06.2016 12:12, David Kupka wrote: On 27/06/16 11:48, Petr Spacek wrote: Hello, DNS: Fix tests for realm domains integration with DNS zone add We forgot to update tests after change in 22f4045f72daf182c44ce574291c0d8a7733713b. https://fedorahosted.org/freeipa/ticket/5980 It should

Re: [Freeipa-devel] [PATCH] Schema caching for thin client

On 21.6.2016 16:49, Martin Basti wrote: On 21.06.2016 16:51, Jan Cholasta wrote: On 21.6.2016 16:33, Martin Basti wrote: On 21.06.2016 16:24, Jan Cholasta wrote: On 21.6.2016 15:11, Jan Cholasta wrote: On 16.6.2016 09:12, David Kupka wrote: On 06/15/2016 08:15 PM, Petr Vobornik wrote:

[Freeipa-devel] [PATCH 0053] Fix wrong imports in copy-schema-to-ca

Hello, The attached patch fixes wrong imports in copy-schema-to-ca.py script. https://fedorahosted.org/freeipa/ticket/6003 From 8c72d5257f0643ca486f6c7a2649123a72e5ceb2 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Tue, 28 Jun 2016 14:37:34 +0200 Subject:

Re: [Freeipa-devel] [PATCH] 0061: webui: Add support for 'dns_update_system_records' command

On 27.6.2016 17:48, Pavel Vomacka wrote: > > > On 06/23/2016 04:58 PM, Petr Vobornik wrote: >> On 06/23/2016 04:34 PM, Martin Basti wrote: >>> >>> On 23.06.2016 09:57, Pavel Vomacka wrote: Hello, please review attached patch. Part of: