Re: [Freeipa-devel] [WIP] Thin client

On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review. The rest is subject to change (WARNING: I

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 06/28/2016 10:34 AM, Stanislav Laznicka wrote: On 06/17/2016 09:14 AM, Stanislav Laznicka wrote: On 06/14/2016 04:40 PM, Jan Cholasta wrote: On 14.6.2016 16:35, Martin Basti wrote: On 14.06.2016 16:37, Jan Cholasta wrote: On 14.6.2016 16:29, Martin Basti wrote: On 08.06.2016 14:17,

Re: [Freeipa-devel] [WIP] Thin client

On 29.6.2016 09:22, David Kupka wrote: On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review. The

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

On 29.6.2016 10:14, Stanislav Laznicka wrote: On 06/28/2016 10:34 AM, Stanislav Laznicka wrote: On 06/17/2016 09:14 AM, Stanislav Laznicka wrote: On 06/14/2016 04:40 PM, Jan Cholasta wrote: On 14.6.2016 16:35, Martin Basti wrote: On 14.06.2016 16:37, Jan Cholasta wrote: On 14.6.2016 16:29,

Re: [Freeipa-devel] [PATCH] 0072..0075 Lightweight CA renewal

On Wed, Jun 29, 2016 at 09:30:17AM +0200, Jan Cholasta wrote: > On 29.6.2016 08:55, Jan Cholasta wrote: > > On 24.6.2016 08:49, Fraser Tweedale wrote: > > > On Thu, Jun 23, 2016 at 09:51:02AM +0200, Jan Cholasta wrote: > > > > Hi, > > > > > > > > On 21.6.2016 08:24, Fraser Tweedale wrote: > > > >

Re: [Freeipa-devel] [PATCH] 0081 Add --ca option to cert-revoke and cert-remove-hold

On Wed, Jun 29, 2016 at 10:04:05AM +0200, Jan Cholasta wrote: > Hi, > > On 29.6.2016 06:11, Fraser Tweedale wrote: > > Dear team, > > > > The attached patch implements the --ca option for the rest of the > > cert-blah commands (https://fedorahosted.org/freeipa/ticket/5999). > > 1) I don't think

Re: [Freeipa-devel] [PATCH] 0072..0075 Lightweight CA renewal

On 24.6.2016 08:49, Fraser Tweedale wrote: On Thu, Jun 23, 2016 at 09:51:02AM +0200, Jan Cholasta wrote: Hi, On 21.6.2016 08:24, Fraser Tweedale wrote: The attached patches add lightweight CA renewal. There are two substantive aspects: 1. The renew_ca_cert updates the serial number in the

Re: [Freeipa-devel] [PATCH] 0080 cert-find: fix 'issuer' option

On 29.6.2016 06:08, Fraser Tweedale wrote: Hi, The attached patch fixes a regression introduced by a patch https://fedorahosted.org/freeipa/ticket/5381 (commit d44ffdad4285bf2a1c0b044e07ef1b18c7d50de1). Thanks, ACK. Pushed to master: 6e4e522e524f40a6b05aeb1cc4b43655ed722e36 -- Jan Cholasta

Re: [Freeipa-devel] [PATCH] 0072..0075 Lightweight CA renewal

On 29.6.2016 08:55, Jan Cholasta wrote: On 24.6.2016 08:49, Fraser Tweedale wrote: On Thu, Jun 23, 2016 at 09:51:02AM +0200, Jan Cholasta wrote: Hi, On 21.6.2016 08:24, Fraser Tweedale wrote: The attached patches add lightweight CA renewal. There are two substantive aspects: 1. The

Re: [Freeipa-devel] [PATCH] 0081 Add --ca option to cert-revoke and cert-remove-hold

Hi, On 29.6.2016 06:11, Fraser Tweedale wrote: Dear team, The attached patch implements the --ca option for the rest of the cert-blah commands (https://fedorahosted.org/freeipa/ticket/5999). 1) I don't think cert-status should be treated specially. The operation to check status of a

Re: [Freeipa-devel] [WIP] Thin client

On 27.6.2016 16:44, Jan Cholasta wrote: On 27.6.2016 14:55, David Kupka wrote: On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin

[Freeipa-devel] [Test][patch-0052] Test for incorrect client domain

-- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 6fe2f67807a2cd3d9519c1c919c884dd18867f74 Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Wed, 29 Jun 2016 10:53:44 +0200 Subject: [PATCH] Test for incorrect client domain https://fedorahosted.org/freeipa/ticket/5976

Re: [Freeipa-devel] [PATCH] 0082 cert-request: better error msg when 'add' not supported

On 06/29/2016 07:25 AM, Fraser Tweedale wrote: The attached patch fixes https://fedorahosted.org/freeipa/ticket/5991. Thanks, Fraser Hi Fraser, A few cosmetic comments: PEP8 issues: ./ipalib/errors.py:1399:1: E302 expected 2 blank lines, found 1 ./ipaserver/plugins/cert.py:394:80: E501

Re: [Freeipa-devel] [PATCH] 0081 Add --ca option to cert-revoke and cert-remove-hold

On 29.6.2016 10:47, Fraser Tweedale wrote: On Wed, Jun 29, 2016 at 10:04:05AM +0200, Jan Cholasta wrote: Hi, On 29.6.2016 06:11, Fraser Tweedale wrote: Dear team, The attached patch implements the --ca option for the rest of the cert-blah commands

Re: [Freeipa-devel] [Test][patch-0052] Test for incorrect client domain

On 29.06.2016 10:56, Oleg Fayans wrote: Hello, +assert_error(result, + "Failed to verify that %s is an IPA Server" % + self.master.hostname) I would expect this error there: "Cannot promote this client to a replica. Local domain '{local}'

Re: [Freeipa-devel] [PATCH 661] backup: use in-server API in ipa-backup and ipa-restore

On 06/29/2016 02:54 PM, Jan Cholasta wrote: > Hi, > > the attached patch fixes . > > Honza > Milan, could you run backup test suite with this patch? I've a feeling that something else there might be also broken. -- Petr Vobornik -- Manage your

Re: [Freeipa-devel] [PATCH 0096] Add authentication indicators support to Host objects

On 29.06.2016 15:52, Stanislav Laznicka wrote: On 06/24/2016 03:14 PM, Martin Basti wrote: On 24.06.2016 15:11, Sumit Bose wrote: On Tue, Jun 21, 2016 at 02:25:49PM -0400, Nathaniel McCallum wrote: https://fedorahosted.org/freeipa/ticket/433 The patch works for me as expected, but the

Re: [Freeipa-devel] [PATCH 0096] Add authentication indicators support to Host objects

On 06/24/2016 03:14 PM, Martin Basti wrote: On 24.06.2016 15:11, Sumit Bose wrote: On Tue, Jun 21, 2016 at 02:25:49PM -0400, Nathaniel McCallum wrote: https://fedorahosted.org/freeipa/ticket/433 The patch works for me as expected, but the API.txt update is missing in the patch. bye, Sumit

Re: [Freeipa-devel] [PATCH 0096] Add authentication indicators support to Host objects

On 06/29/2016 03:53 PM, Martin Basti wrote: On 29.06.2016 15:52, Stanislav Laznicka wrote: On 06/24/2016 03:14 PM, Martin Basti wrote: On 24.06.2016 15:11, Sumit Bose wrote: On Tue, Jun 21, 2016 at 02:25:49PM -0400, Nathaniel McCallum wrote: https://fedorahosted.org/freeipa/ticket/433

[Freeipa-devel] Kerberos Principal Aliases Testplan review

Hi, I have looked at the testplan[1] and have the following comments: In general LGTM, but I miss the following test scenarios: 1.) Test principal alias removal, more specifically test that the removal of the alias equivalent to the canonical name triggers an error 2.) Test that you cannot

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

On 29.06.2016 13:04, Martin Basti wrote: On 28.06.2016 16:57, Florence Blanc-Renaud wrote: On 06/28/2016 11:05 AM, Martin Basti wrote: On 28.06.2016 10:51, Florence Blanc-Renaud wrote: On 06/27/2016 10:18 PM, Rob Crittenden wrote: Florence Blanc-Renaud wrote: Hi all, thanks for your

Re: [Freeipa-devel] [PATCH] 0061: webui: Add support for 'dns_update_system_records' command

On 06/28/2016 05:50 PM, Petr Vobornik wrote: > On 06/28/2016 05:38 PM, Pavel Vomacka wrote: >> > > ACK > master: * 31a13c9e9849eca794aa7908bc252185c4b36678 Add button for dns_update_system_records command -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0096] Add authentication indicators support to Host objects

On 06/29/2016 04:02 PM, Stanislav Laznicka wrote: On 06/29/2016 03:53 PM, Martin Basti wrote: On 29.06.2016 15:52, Stanislav Laznicka wrote: On 06/24/2016 03:14 PM, Martin Basti wrote: On 24.06.2016 15:11, Sumit Bose wrote: On Tue, Jun 21, 2016 at 02:25:49PM -0400, Nathaniel McCallum

Re: [Freeipa-devel] [PATCH] 0058 WebUI: certificate widget on ID override user page

On 06/27/2016 04:34 PM, Pavel Vomacka wrote: > > > On 06/23/2016 04:25 PM, Petr Vobornik wrote: >> On 06/20/2016 06:54 PM, Pavel Vomacka wrote: >>> Hello, >>> >>> please review attached patch. >>> >>> https://fedorahosted.org/freeipa/ticket/5926 >>> >> 1. I'm not sure whether to include the

Re: [Freeipa-devel] [PATCH] 0064: webui: simplify confirmation messages in confirmation dialogs

On 06/27/2016 05:50 PM, Pavel Vomacka wrote: > Hello, > > Please review attached patch which simplifies confirmation messages for > 'remove cert hold' and 'restore cert' actions. > I'd change: You can select a reason from the pull-down list. To: Select a reason from the pull-down list. --

Re: [Freeipa-devel] [PATCH] 0062, 63: webui: Add button for 'server-del' command

On 06/24/2016 12:40 PM, Pavel Vomacka wrote: > Hello, > > please review attached patches, they add 'Delete Server' button. > 1. there is a whitespace warning while applying patch 63. 2. It breaks expectation of no_init. Instead of var that = IPA.details_facet(spec); Use var that =

Re: [Freeipa-devel] [PATCH 0018][Tests] Fix some of the failing tests in test_ipalib/test_frontend.py

Hello! ACK Best regards, Ganna Kaihorodova Associate Software Quality Engineer - Original Message - From: "Lenka Doudova" To: "freeipa-devel" Sent: Tuesday, June 21, 2016 10:21:44 AM Subject: [Freeipa-devel] [PATCH 0018][Tests] Fix some

Re: [Freeipa-devel] [PATCH 0023][Tests] Fix frontend tests - #5987

Hello! ACK Best regards, Ganna Kaihorodova Associate Software Quality Engineer - Original Message - From: "Lenka Doudova" To: "freeipa-devel" Sent: Tuesday, June 28, 2016 6:34:33 AM Subject: [Freeipa-devel] [PATCH 0023][Tests] Fix

[Freeipa-devel] [PATCH 0024][Tests] Fix integration tests not to produce incorrect /etc/hosts file

Hi all, a function 'fix_etc_hosts' in ipatests/test_integration/tasks.py produces incorrect /etc/hosts file (solitary IPv6 address), and currently parser is not able to resolve the issue, causing ipa-server-install to fail with 'list index out of range' error. Hence I'm attaching patch to

Re: [Freeipa-devel] [PATCH] 0065, 66: webui: authentication indicators on host page

On 06/28/2016 04:32 PM, Pavel Vomacka wrote: > Hello, > > please review attached patches. I moved strings used by authentication > indicators widget to another dict so the second patch changes strings in > custom_checkbox widget on service page. > > https://fedorahosted.org/freeipa/ticket/5872 >

Re: [Freeipa-devel] [PATCH 0024][Tests] Fix integration tests not to produce incorrect /etc/hosts file

In fact, I believe /etc/hosts file should not be touched at all. Hostname resolution is usually governed by the DNS system of the lab in which tests are running. We do not modify it when perform tests manually, so I'd rather remove this method at all. On 06/29/2016 06:27 PM, Lenka Doudova wrote:

Re: [Freeipa-devel] [PATCH 0024][Tests] Fix integration tests not to produce incorrect /etc/hosts file

On 29.6.2016 18:39, Oleg Fayans wrote: > In fact, I believe /etc/hosts file should not be touched at all. > Hostname resolution is usually governed by the DNS system of the lab in > which tests are running. We do not modify it when perform tests > manually, so I'd rather remove this method at all.

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 29.6.2016 18:48, Lenka Doudova wrote: > > > On 06/27/2016 11:05 AM, Lenka Doudova wrote: >> >> >> On 06/27/2016 10:33 AM, Martin Babinsky wrote: >>> On 06/27/2016 10:28 AM, Petr Spacek wrote: On 27.6.2016 10:26, Petr Spacek wrote: > On 27.6.2016 10:18, Martin Babinsky wrote: >>

Re: [Freeipa-devel] [PATCH 661] backup: use in-server API in ipa-backup and ipa-restore

On 06/29/2016 02:54 PM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza The restore works with the patch. ACK. -- Milan Kubik -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [PATCH 0145] DNS: Reinitialize DNS resolver after changing resolv.con

Hello, DNS: Reinitialize DNS resolver after changing resolv.conf Previously the installer did not reinitialize resolver so queries for records created using --ip-address option might not be answered. This led to incorrect results during 'Updating DNS system records' phase at the end of

[Freeipa-devel] [PATCH 0144] Fix `Conflicts` with ipa-python

Hello, Fix `Conflicts` with ipa-python The conflicts should have constant version in it because it is related to package split. https://fedorahosted.org/freeipa/ticket/6004 I've tested the same change in RHEL 7.2->7.3 upgrade and it worked just fine. Upgrade from IPA 4.3.1 to master on Fedora

Re: [Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone

On 29.6.2016 18:52, Lenka Doudova wrote: > > > On 06/29/2016 06:51 PM, Petr Spacek wrote: >> On 29.6.2016 18:48, Lenka Doudova wrote: >>> >>> On 06/27/2016 11:05 AM, Lenka Doudova wrote: On 06/27/2016 10:33 AM, Martin Babinsky wrote: > On 06/27/2016 10:28 AM, Petr Spacek wrote:

[Freeipa-devel] [PATCH] 0001: Silence sshd messages during install

The attached patch silences some annoying messages I've been getting when upgrading the freeipa-client package on F24: """ WARNING: 'UseLogin yes' is not supported in Fedora and may cause several problems. Could not load host key: /etc/ssh/ssh_host_dsa_key """ Since the script causing the

[Freeipa-devel] [PATCH] 0083 Fix regression on ipa-4-3 branch

The attached patch fixes a regression on the ipa-4-3 branch, caused by commit 3d71c43504ea7837ea14bb9dd4a469c07337293f. Thanks, Fraser From 4d4c62a2c26affb82a7f2e40f36ad0de66beabf9 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 30 Jun 2016 14:30:30 +1000 Subject:

Re: [Freeipa-devel] [PATCH 0140-0142] Use NSS for name->resolution in IPA installer & relax some DNS checks

On 28.06.2016 19:40, Petr Spacek wrote: Hello, DNS: Remove unnecessary DNS check from installer Previously we were checking content of DNS before actually adding DNS records for replicas. This is causing cycle in logic and adds weird corner cases to the installer which can blow up on DNS

Re: [Freeipa-devel] [PATCH 0140-0142] Use NSS for name->resolution in IPA installer & relax some DNS checks

On 29.6.2016 14:22, Martin Basti wrote: > > > On 28.06.2016 19:40, Petr Spacek wrote: >> Hello, >> >> DNS: Remove unnecessary DNS check from installer >> >> Previously we were checking content of DNS before actually adding DNS >> records for replicas. This is causing cycle in logic and adds

[Freeipa-devel] [PATCH 661] backup: use in-server API in ipa-backup and ipa-restore

Hi, the attached patch fixes . Honza -- Jan Cholasta From c8ce2e5776a4baa06dfd83090ab2e626ae202e89 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 29 Jun 2016 14:28:29 +0200 Subject: [PATCH] backup: use in-server API in

Re: [Freeipa-devel] [PATCH 0107] test: cert: Reflect change in behavior in tests

On 29.06.2016 14:13, Petr Spacek wrote: On 28.6.2016 16:58, David Kupka wrote: -- David Kupka freeipa-dkupka-0107.0-test-cert-Reflect-change-in-behavior-in-tests.patch From 4331e9a62a3cea81b548c555001a7d7ed1127574 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Tue,

Re: [Freeipa-devel] [PATCH] 0007 Fix ipa-server-certinstall with certs signed by 3rd-party CA

On 06/22/2016 09:29 PM, Florence Blanc-Renaud wrote: Hi, This patch fixes ipa-server-certinstall when used with 3rd-party certs. The scenario is the following: - install the server with an embedded CA - use ipa-cacert-manage to install a 3rd party CA - use ipa-certupdate to put the 3rd party CA

Re: [Freeipa-devel] [PATCH 0107] test: cert: Reflect change in behavior in tests

On 28.6.2016 16:58, David Kupka wrote: > > -- > David Kupka > > freeipa-dkupka-0107.0-test-cert-Reflect-change-in-behavior-in-tests.patch > > > From 4331e9a62a3cea81b548c555001a7d7ed1127574 Mon Sep 17 00:00:00 2001 > From: David Kupka > Date: Tue, 28 Jun 2016 10:47:10

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

On 06/29/2016 01:04 PM, Martin Basti wrote: On 28.06.2016 16:57, Florence Blanc-Renaud wrote: On 06/28/2016 11:05 AM, Martin Basti wrote: On 28.06.2016 10:51, Florence Blanc-Renaud wrote: On 06/27/2016 10:18 PM, Rob Crittenden wrote: Florence Blanc-Renaud wrote: Hi all, thanks for your

Re: [Freeipa-devel] [Test][patch-0052] Test for incorrect client domain

On 29.6.2016 12:23, Martin Basti wrote: > > > On 29.06.2016 10:56, Oleg Fayans wrote: >> >> > > Hello, > > +assert_error(result, > + "Failed to verify that %s is an IPA Server" % > + self.master.hostname) > > > I would expect this error there:

Re: [Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode

On 28.06.2016 16:57, Florence Blanc-Renaud wrote: On 06/28/2016 11:05 AM, Martin Basti wrote: On 28.06.2016 10:51, Florence Blanc-Renaud wrote: On 06/27/2016 10:18 PM, Rob Crittenden wrote: Florence Blanc-Renaud wrote: Hi all, thanks for your suggestions. Updated patch attached. Flo.