Re: [Freeipa-devel] [PATCH] 0086 Add --ca option to cert-status

2016-07-01 Thread Jan Cholasta
On 1.7.2016 08:57, Jan Cholasta wrote: On 1.7.2016 06:54, Jan Cholasta wrote: On 1.7.2016 06:47, Fraser Tweedale wrote: On Fri, Jul 01, 2016 at 05:55:35AM +0200, Jan Cholasta wrote: On 29.6.2016 12:18, Jan Cholasta wrote: On 29.6.2016 10:47, Fraser Tweedale wrote: On Wed, Jun 29, 2016 at

Re: [Freeipa-devel] [PATCH] 0156 extdom: add certificate request

2016-07-01 Thread Martin Basti
On 24.06.2016 20:41, Lukas Slebodnik wrote: On (24/06/16 21:09), Alexander Bokovoy wrote: On Fri, 24 Jun 2016, Lukas Slebodnik wrote: ah sorry, since 1.14.0 is not release yet we use 1.13.9x to track the alpha and beta releases and still have incrementing version numbers. So, it might be

Re: [Freeipa-devel] [PATCH 558] Allow disabling requireing preauth by default for Service Principal Names

2016-07-01 Thread Petr Vobornik
On 03/08/2016 06:02 PM, Martin Babinsky wrote: > On 03/08/2016 05:50 PM, Simo Sorce wrote: >> On Tue, 2016-03-08 at 17:20 +0100, Martin Babinsky wrote: >>> On 03/08/2016 05:00 PM, Simo Sorce wrote: On Tue, 2016-03-08 at 16:51 +0100, Martin Babinsky wrote: > On 03/08/2016 04:49 PM, Simo

[Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

2016-07-01 Thread Christian Heimes
RedHatCAService.wait_until_running() uses dogtag.ca_status() to make a HTTP(s) request to Dogtag in order to check if /ca/admin/ca/getStatus returns OK. The ca_status() function defaults to api.env.ca_host as host. On a replica without CA ca_host is a remote host (e.g. master's FQDN).

Re: [Freeipa-devel] [PATCH 0109] schema: Perform the check for schema update when, force_schema_check is True

2016-07-01 Thread David Kupka
On 01/07/16 07:59, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4739 Offline NACK from Honza, attaching updated patch. -- David Kupka From 3d991e41e9e215c154994948e7d5360f82ea2e29 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Fri, 1 Jul 2016 07:50:08 +0200

Re: [Freeipa-devel] [PATCH 0109] schema: Perform the check for schema update when, force_schema_check is True

2016-07-01 Thread Jan Cholasta
On 1.7.2016 10:03, David Kupka wrote: On 01/07/16 07:59, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4739 Offline NACK from Honza, attaching updated patch. Works for me, ACK. Pushed to master: cea1f33606e85ac83a7bda66fbef318e47412531 -- Jan Cholasta -- Manage your

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

2016-07-01 Thread Pavel Vomacka
Hi David, I did a functional review, and everything works well, so functional-ACK. But I did not do the code review. On 07/01/2016 10:26 AM, thierry bordaz wrote: Hi David, The patch looks good but being not familiar with that code, my comments may be absolutely wrong In

Re: [Freeipa-devel] [PATCH 0146] Fix internal errors in host-add and other commands caused by DNS resolutio

2016-07-01 Thread Martin Basti
On 01.07.2016 09:05, Petr Spacek wrote: On 30.6.2016 21:23, Petr Spacek wrote: Hello, Fix internal errors in host-add and other commands caused by DNS resolution Previously resolver was returning CheckedIPAddress objects. This internal server error in cases where DNS actually returned

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

2016-07-01 Thread Christian Heimes
On 2016-07-01 11:17, Petr Spacek wrote: > On 1.7.2016 11:04, Christian Heimes wrote: >> On 2016-07-01 10:59, Petr Spacek wrote: >>> On 1.7.2016 10:55, Christian Heimes wrote: On 2016-07-01 10:48, Petr Spacek wrote: > On 1.7.2016 10:42, Christian Heimes wrote: >>

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

2016-07-01 Thread Christian Heimes
On 2016-07-01 10:48, Petr Spacek wrote: > On 1.7.2016 10:42, Christian Heimes wrote: >> RedHatCAService.wait_until_running() uses dogtag.ca_status() to make a >> HTTP(s) request to Dogtag in order to check if /ca/admin/ca/getStatus >> returns OK. The ca_status() function defaults to

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

2016-07-01 Thread Petr Spacek
On 1.7.2016 10:55, Christian Heimes wrote: > On 2016-07-01 10:48, Petr Spacek wrote: >> On 1.7.2016 10:42, Christian Heimes wrote: >>> RedHatCAService.wait_until_running() uses dogtag.ca_status() to make a >>> HTTP(s) request to Dogtag in order to check if /ca/admin/ca/getStatus >>> returns OK.

Re: [Freeipa-devel] [PATCH] 0085 Fix upgrade when Dogtag also upgraded from 10.2 -> 10.3

2016-07-01 Thread Martin Babinsky
On 06/30/2016 01:16 PM, Fraser Tweedale wrote: Hullo, The attached patch fixes https://fedorahosted.org/freeipa/ticket/6011. Cheers, Fraser ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 558] Allow disabling requireing preauth by default for Service Principal Names

2016-07-01 Thread Martin Babinsky
On 07/01/2016 10:38 AM, Petr Vobornik wrote: On 03/08/2016 06:02 PM, Martin Babinsky wrote: On 03/08/2016 05:50 PM, Simo Sorce wrote: On Tue, 2016-03-08 at 17:20 +0100, Martin Babinsky wrote: On 03/08/2016 05:00 PM, Simo Sorce wrote: On Tue, 2016-03-08 at 16:51 +0100, Martin Babinsky wrote:

[Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

2016-07-01 Thread Lenka Doudova
Hi all, here's patch with basic test suite for support of UPN. Note: it needs to be applied on top of my patch 0025.2 (or later, if there's will be more fixes to that patch). Lenka -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] 0085 Fix upgrade when Dogtag also upgraded from 10.2 -> 10.3

2016-07-01 Thread Petr Vobornik
On 07/01/2016 11:02 AM, Martin Babinsky wrote: > On 06/30/2016 01:16 PM, Fraser Tweedale wrote: >> Hullo, >> >> The attached patch fixes >> https://fedorahosted.org/freeipa/ticket/6011. >> >> Cheers, >> Fraser >> >> >> > ACK > Pushed to master: 3691e39a62da5134f911f6a798f79a3a2ae0c025 -- Petr

Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

2016-07-01 Thread Lenka Doudova
And, of course, a patch file :) On 07/01/2016 11:09 AM, Lenka Doudova wrote: Hi all, here's patch with basic test suite for support of UPN. Note: it needs to be applied on top of my patch 0025.2 (or later, if there's will be more fixes to that patch). Lenka From

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

2016-07-01 Thread Petr Spacek
On 1.7.2016 11:04, Christian Heimes wrote: > On 2016-07-01 10:59, Petr Spacek wrote: >> On 1.7.2016 10:55, Christian Heimes wrote: >>> On 2016-07-01 10:48, Petr Spacek wrote: On 1.7.2016 10:42, Christian Heimes wrote: > RedHatCAService.wait_until_running() uses dogtag.ca_status() to make

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

2016-07-01 Thread thierry bordaz
On 07/01/2016 10:46 AM, David Kupka wrote: Hello Thierry! Thanks for looking into it. I will try to answer your questions and comments inline. On 01/07/16 10:26, thierry bordaz wrote: Hi David, The patch looks good but being not familiar with that code, my comments may be absolutely

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

2016-07-01 Thread Petr Vobornik
On 07/01/2016 10:46 AM, David Kupka wrote: > Hello Thierry! > > Thanks for looking into it. I will try to answer your questions and > comments inline. > > On 01/07/16 10:26, thierry bordaz wrote: >> Hi David, >> >> The patch looks good but being not familiar with that code, my comments >> may be

Re: [Freeipa-devel] [PATCH 0549] Translations IPA 4.4.0

2016-07-01 Thread Martin Babinsky
On 07/01/2016 10:34 AM, Martin Basti wrote: On 01.07.2016 09:27, Martin Basti wrote: Patch attached. Updated patch ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

2016-07-01 Thread thierry bordaz
Hi David, The patch looks good but being not familiar with that code, my comments may be absolutely wrong In ipadb_get_pwd_expiration, if it is not 'self' we set '*export=mod_time'. If for some reason 'mod_time==0', it has now a specific meaning 'not expiring' . Does it match the comment '*

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

2016-07-01 Thread David Kupka
Hello Thierry! Thanks for looking into it. I will try to answer your questions and comments inline. On 01/07/16 10:26, thierry bordaz wrote: Hi David, The patch looks good but being not familiar with that code, my comments may be absolutely wrong In ipadb_get_pwd_expiration, if it is not

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

2016-07-01 Thread Petr Spacek
On 1.7.2016 10:42, Christian Heimes wrote: > RedHatCAService.wait_until_running() uses dogtag.ca_status() to make a > HTTP(s) request to Dogtag in order to check if /ca/admin/ca/getStatus > returns OK. The ca_status() function defaults to api.env.ca_host as > host. > > On a replica without CA

Re: [Freeipa-devel] [PATCH] 0001: Silence sshd messages during install

2016-07-01 Thread Martin Basti
On 29.06.2016 20:46, Ben Lipton wrote: The attached patch silences some annoying messages I've been getting when upgrading the freeipa-client package on F24: """ WARNING: 'UseLogin yes' is not supported in Fedora and may cause several problems. Could not load host key:

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

2016-07-01 Thread thierry bordaz
On 07/01/2016 11:31 AM, David Kupka wrote: On 01/07/16 11:22, thierry bordaz wrote: On 07/01/2016 10:46 AM, David Kupka wrote: Hello Thierry! Thanks for looking into it. I will try to answer your questions and comments inline. On 01/07/16 10:26, thierry bordaz wrote: Hi David, The

[Freeipa-devel] [PATCH 0148] client-install: log exceptions from certmonger.request_cer

2016-07-01 Thread Petr Spacek
Hello, client-install: log exceptions from certmonger.request_cert -- Petr^2 Spacek From 7082057a37e00c2745d6e5561d78bd5ae307e96c Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Fri, 1 Jul 2016 11:57:35 +0200 Subject: [PATCH] client-install: log exceptions from

[Freeipa-devel] [PATCH 0178] Fix incorrect check for principal type when evaluating CA ACLs

2016-07-01 Thread Martin Babinsky
Fixing first regression caused by principal alias work. Thanks Petr Spacek for finding it. -- Martin^3 Babinsky From da8e18addcc172777977e50f2d4d34603243077f Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 1 Jul 2016 11:55:47 +0200 Subject: [PATCH] Fix incorrect

Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

2016-07-01 Thread Lukas Slebodnik
On (01/07/16 11:13), Lenka Doudova wrote: >And, of course, a patch file :) > > >On 07/01/2016 11:09 AM, Lenka Doudova wrote: >> Hi all, >> >> here's patch with basic test suite for support of UPN. >> >> Note: it needs to be applied on top of my patch 0025.2 (or later, if >> there's will be more

Re: [Freeipa-devel] [PATCH 0025][Tests] RFE: External trust

2016-07-01 Thread Martin Babinsky
On 07/01/2016 06:36 AM, Lenka Doudova wrote: On 06/30/2016 05:01 PM, Martin Babinsky wrote: On 06/30/2016 03:47 PM, Lenka Doudova wrote: Hi, attaching patch with some basic coverage for external trust feature. Bit more detailed info in commit message. Since the feature requires me to run

Re: [Freeipa-devel] [Test][patch-0052] Test for incorrect client domain

2016-07-01 Thread Oleg Fayans
Hi Martin. Now I have this client installation thing sorted out. The test works as expected On 06/30/2016 02:57 PM, Martin Basti wrote: > > > On 30.06.2016 14:40, Oleg Fayans wrote: >> Hi Martin, >> >> Attached is a new version of the patch with two test cases separated. >> >> On 06/29/2016

Re: [Freeipa-devel] [PATCH 0014-0016][Tests] Authentication indicators

2016-07-01 Thread Milan Kubík
On 06/16/2016 03:23 PM, Lenka Doudova wrote: Hi, attached are tests for authentication indicators. Please note: 1. newly created service tracker is not exactly complete, list of unimplemented methods is in doc. These methods can be filled in when existing declarative tests are refactored.

Re: [Freeipa-devel] [PATCH] 0086 Add --ca option to cert-status

2016-07-01 Thread Fraser Tweedale
On Fri, Jul 01, 2016 at 10:05:48AM +0200, Jan Cholasta wrote: > On 1.7.2016 08:57, Jan Cholasta wrote: > > On 1.7.2016 06:54, Jan Cholasta wrote: > > > On 1.7.2016 06:47, Fraser Tweedale wrote: > > > > On Fri, Jul 01, 2016 at 05:55:35AM +0200, Jan Cholasta wrote: > > > > > On 29.6.2016 12:18, Jan

Re: [Freeipa-devel] [PATCH 0548] Fix replica install with CA

2016-07-01 Thread Petr Spacek
On 30.6.2016 18:05, Martin Basti wrote: > > > On 30.06.2016 13:20, Martin Basti wrote: >> >> >> On 30.06.2016 13:18, Petr Spacek wrote: >>> On 30.6.2016 13:04, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5966 This only for master branch, ipa-4-3 fix will be

Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

2016-07-01 Thread Martin Basti
On 01.07.2016 13:08, Alexander Bokovoy wrote: On Fri, 01 Jul 2016, Lukas Slebodnik wrote: On (01/07/16 11:13), Lenka Doudova wrote: And, of course, a patch file :) On 07/01/2016 11:09 AM, Lenka Doudova wrote: Hi all, here's patch with basic test suite for support of UPN. Note: it needs

Re: [Freeipa-devel] [PATCH 0148] client-install: log exceptions from certmonger.request_cer

2016-07-01 Thread Martin Basti
On 01.07.2016 11:57, Petr Spacek wrote: Hello, client-install: log exceptions from certmonger.request_cert ACK Pushed to master: dc5b2eaa772fda5673b222bc9107cf5b85c1295d -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

2016-07-01 Thread David Kupka
On 01/07/16 11:22, thierry bordaz wrote: On 07/01/2016 10:46 AM, David Kupka wrote: Hello Thierry! Thanks for looking into it. I will try to answer your questions and comments inline. On 01/07/16 10:26, thierry bordaz wrote: Hi David, The patch looks good but being not familiar with that

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

2016-07-01 Thread Petr Spacek
On 1.7.2016 11:17, Petr Spacek wrote: > On 1.7.2016 11:04, Christian Heimes wrote: >> On 2016-07-01 10:59, Petr Spacek wrote: >>> On 1.7.2016 10:55, Christian Heimes wrote: On 2016-07-01 10:48, Petr Spacek wrote: > On 1.7.2016 10:42, Christian Heimes wrote: >>

[Freeipa-devel] FreeIPA 4.4.0 tagged

2016-07-01 Thread Petr Vobornik
FreeIPA 4.4.0 was tagged. Release notes will follow soon. * http://www.freeipa.org/page/Downloads#Latest_Release_-_FreeIPA_4.4.0 * http://freeipa.org/downloads/src/freeipa-4.4.0.tar.gz SHA1: 441ef8cb2b0ac103723d03b0478da641d697e104 MD5: 078697b25e02361fca37d00a1144130d -- Petr Vobornik

Re: [Freeipa-devel] [PATCH 0178] Fix incorrect check for principal type when evaluating CA ACLs

2016-07-01 Thread Petr Spacek
On 1.7.2016 11:58, Martin Babinsky wrote: > Fixing first regression caused by principal alias work. > > Thanks Petr Spacek for finding it. ACK, please add ticket number before push: https://fedorahosted.org/freeipa/ticket/3864 -- Petr^2 Spacek -- Manage your subscription for the

Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

2016-07-01 Thread Alexander Bokovoy
On Fri, 01 Jul 2016, Lukas Slebodnik wrote: On (01/07/16 11:13), Lenka Doudova wrote: And, of course, a patch file :) On 07/01/2016 11:09 AM, Lenka Doudova wrote: Hi all, here's patch with basic test suite for support of UPN. Note: it needs to be applied on top of my patch 0025.2 (or

Re: [Freeipa-devel] [PATCH 0178] Fix incorrect check for principal type when evaluating CA ACLs

2016-07-01 Thread Jan Cholasta
On 1.7.2016 13:08, Petr Spacek wrote: On 1.7.2016 11:58, Martin Babinsky wrote: Fixing first regression caused by principal alias work. Thanks Petr Spacek for finding it. ACK, please add ticket number before push: https://fedorahosted.org/freeipa/ticket/3864 Pushed to master:

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

2016-07-01 Thread Petr Spacek
On 1.7.2016 11:43, Petr Spacek wrote: > On 1.7.2016 11:17, Petr Spacek wrote: >> On 1.7.2016 11:04, Christian Heimes wrote: >>> On 2016-07-01 10:59, Petr Spacek wrote: On 1.7.2016 10:55, Christian Heimes wrote: > On 2016-07-01 10:48, Petr Spacek wrote: >> On 1.7.2016 10:42, Christian

Re: [Freeipa-devel] [PATCH] 0046 Create server certs with DNS altname

2016-07-01 Thread Petr Spacek
On 20.1.2016 05:04, Fraser Tweedale wrote: > On Tue, Dec 08, 2015 at 07:06:39PM +1000, Fraser Tweedale wrote: >> On Mon, Dec 07, 2015 at 05:50:05PM -0500, Rob Crittenden wrote: >>> Fraser Tweedale wrote: On Mon, Dec 07, 2015 at 01:53:15PM +0100, Martin Kosek wrote: > On 12/07/2015 06:26

Re: [Freeipa-devel] [PATCH] 0070..0071 Fix replica installation from IPA v4.2

2016-07-01 Thread Fraser Tweedale
On Fri, Jul 01, 2016 at 08:36:29AM +0200, Stanislav Laznicka wrote: > On 06/17/2016 08:59 AM, Fraser Tweedale wrote: > > The attached patches fix > > https://fedorahosted.org/freeipa/ticket/5963 > > > > Thanks Milan for reporting. > > > > Cheers, > > Fraser > > > Tried this patch on 4.4 with

Re: [Freeipa-devel] [PATCH] Fix minor typo

2016-07-01 Thread Martin Basti
On 30.06.2016 18:56, Yuri Chornoivan wrote: Hi, /ipaserver/plugins/cert.py:120: Verify that a certificate is owner by a specific user: It might be Verify that a certificate is owned by a specific user: Thanks for reviewing this possible typo fix. Best regards, Yuri ACK Pushed to

Re: [Freeipa-devel] [PATCH 0146] Fix internal errors in host-add and other commands caused by DNS resolutio

2016-07-01 Thread Petr Spacek
On 30.6.2016 21:23, Petr Spacek wrote: > Hello, > > Fix internal errors in host-add and other commands caused by DNS resolution > > Previously resolver was returning CheckedIPAddress objects. This > internal server error in cases where DNS actually returned reserved IP > addresses. > > Now the

[Freeipa-devel] [PATCH 0108] schema: Decrease schema TTL to one hour

2016-07-01 Thread David Kupka
https://fedorahosted.org/freeipa/ticket/4739 -- David Kupka From 796fd4291dd17128e7bdfecf2d14ae7b151987f5 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Fri, 1 Jul 2016 07:34:43 +0200 Subject: [PATCH] schema: Decrease schema TTL to one hour Since checking schema is

[Freeipa-devel] [PATCH 0109] schema: Perform the check for schema update when, force_schema_check is True

2016-07-01 Thread David Kupka
https://fedorahosted.org/freeipa/ticket/4739 -- David Kupka From 58685f92e8d4c1817f95a7b4042ce0fa4c95a704 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Fri, 1 Jul 2016 07:50:08 +0200 Subject: [PATCH] schema: Perform the check for schema update when force_schema_check is

Re: [Freeipa-devel] [PATCH] 0070..0071 Fix replica installation from IPA v4.2

2016-07-01 Thread Stanislav Laznicka
On 06/17/2016 08:59 AM, Fraser Tweedale wrote: The attached patches fix https://fedorahosted.org/freeipa/ticket/5963 Thanks Milan for reporting. Cheers, Fraser Tried this patch on 4.4 with domain level set to 0 and it does fix the issue for me so ACK for 4.4. Not sure if this is going to

Re: [Freeipa-devel] [PATCH] 0086 Add --ca option to cert-status

2016-07-01 Thread Jan Cholasta
On 1.7.2016 06:54, Jan Cholasta wrote: On 1.7.2016 06:47, Fraser Tweedale wrote: On Fri, Jul 01, 2016 at 05:55:35AM +0200, Jan Cholasta wrote: On 29.6.2016 12:18, Jan Cholasta wrote: On 29.6.2016 10:47, Fraser Tweedale wrote: On Wed, Jun 29, 2016 at 10:04:05AM +0200, Jan Cholasta wrote: Hi,

Re: [Freeipa-devel] [PATCH 0546-0547] use timestamps for ipareplica-conncheck.log

2016-07-01 Thread Martin Basti
On 30.06.2016 19:42, Martin Babinsky wrote: On 06/30/2016 01:54 PM, Martin Basti wrote: On 30.06.2016 12:07, Petr Spacek wrote: On 30.6.2016 10:21, Jan Cholasta wrote: On 30.6.2016 10:12, Petr Spacek wrote: On 30.6.2016 10:14, Jan Cholasta wrote: On 30.6.2016 10:06, Petr Spacek wrote:

Re: [Freeipa-devel] [PATCH 0108] schema: Decrease schema TTL to one hour

2016-07-01 Thread Petr Spacek
On 1.7.2016 07:58, David Kupka wrote: > https://fedorahosted.org/freeipa/ticket/4739 > -- > David Kupka > > freeipa-dkupka-0108.0-schema-Decrease-schema-TTL-to-one-hour.patch > > > From 796fd4291dd17128e7bdfecf2d14ae7b151987f5 Mon Sep 17 00:00:00 2001 > From: David Kupka >

Re: [Freeipa-devel] [PATCH] 0009 Do not log error when removing a non-existing file

2016-07-01 Thread Martin Basti
On 30.06.2016 10:24, Florence Blanc-Renaud wrote: Hi, this patch fixes issue 1) of the following ticket: Uninstallation complains about missing 'ipa.conf' Issue 2) is not reproducible on the master, and issue 3) is handled in a separate ticket. https://fedorahosted.org/freeipa/ticket/6012

Re: [Freeipa-devel] [PATCH 0108] schema: Decrease schema TTL to one hour

2016-07-01 Thread Martin Basti
On 01.07.2016 09:08, Petr Spacek wrote: On 1.7.2016 07:58, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4739 -- David Kupka freeipa-dkupka-0108.0-schema-Decrease-schema-TTL-to-one-hour.patch From 796fd4291dd17128e7bdfecf2d14ae7b151987f5 Mon Sep 17 00:00:00 2001 From: David

Re: [Freeipa-devel] [WIP] Thin client

2016-07-01 Thread David Kupka
On 28/04/16 14:45, Jan Cholasta wrote: Hi, I have pushed my thin client WIP branch to GitHub: . All commits up to "ipalib: use relative imports for cross-plugin imports" should be good for review. The rest is subject to change (WARNING: I

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

2016-07-01 Thread David Kupka
On 30/06/16 21:34, David Kupka wrote: On 04/05/16 17:22, Pavel Vomacka wrote: On 05/04/2016 04:36 PM, Simo Sorce wrote: On Wed, 2016-05-04 at 15:39 +0200, Martin Kosek wrote: On 05/02/2016 02:28 PM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/2795 That patch looks

[Freeipa-devel] Karma Request for Dogtag 10.2.6 on Fedora 23

2016-07-01 Thread Matthew Harmsen
The following bug has been addressed in Fedora 23: * Bugzilla Bug #1323400 - freeipa fails to start correctly after pki-core update on upgraded system Please provide Karma for the following Fedora 23 build located in Bodhi at: *

Re: [Freeipa-devel] [PATCH] 0070..0071 Fix replica installation from IPA v4.2

2016-07-01 Thread Martin Basti
On 01.07.2016 08:42, Fraser Tweedale wrote: On Fri, Jul 01, 2016 at 08:36:29AM +0200, Stanislav Laznicka wrote: On 06/17/2016 08:59 AM, Fraser Tweedale wrote: The attached patches fix https://fedorahosted.org/freeipa/ticket/5963 Thanks Milan for reporting. Cheers, Fraser Tried this patch

Re: [Freeipa-devel] [PATCH] 961 webui: prevent infinite reload for users with krbbprincipal alias set

2016-07-01 Thread Martin Basti
On 30.06.2016 19:54, Martin Babinsky wrote: On 06/30/2016 07:34 PM, Petr Vobornik wrote: Web UI has an inbuilt mechanism to reload in case response from a server contains a different principal than the one loaded during Web UI startup. see rpc.js:381 With kerberos aliases support the loaded

Re: [Freeipa-devel] [PATCH] 0067-72: webui for kerberos aliases

2016-07-01 Thread Pavel Vomacka
On 06/30/2016 05:27 PM, Petr Vobornik wrote: On 06/30/2016 02:48 PM, Pavel Vomacka wrote: Hello, please review these patches. First two patches fix two minor bugs in custom_command_multivalued_widget. The rest of patches add webui for kerberos aliases.

Re: [Freeipa-devel] [WIP] Kerberos principal aliases pt. 2

2016-07-01 Thread Martin Basti
On 01.07.2016 09:25, Martin Babinsky wrote: On 06/30/2016 11:17 PM, David Kupka wrote: On 28/06/16 20:08, Martin Babinsky wrote: On 06/24/2016 09:52 AM, Martin Babinsky wrote: Hi list, I am furiously working on tickets related to the proper support and API for managing kerberos principal

Re: [Freeipa-devel] [PATCH] 0067-72: webui for kerberos aliases

2016-07-01 Thread Petr Vobornik
On 07/01/2016 09:04 AM, Pavel Vomacka wrote: > > > On 06/30/2016 05:27 PM, Petr Vobornik wrote: >> On 06/30/2016 02:48 PM, Pavel Vomacka wrote: >>> Hello, >>> >>> please review these patches. First two patches fix two minor bugs in >>> custom_command_multivalued_widget. >>> >>> The rest of

Re: [Freeipa-devel] [Test][patch-0052] Test for incorrect client domain

2016-07-01 Thread Martin Basti
On 01.07.2016 14:38, Oleg Fayans wrote: Hi Martin. Now I have this client installation thing sorted out. The test works as expected On 06/30/2016 02:57 PM, Martin Basti wrote: On 30.06.2016 14:40, Oleg Fayans wrote: Hi Martin, Attached is a new version of the patch with two test cases

Re: [Freeipa-devel] [PATCH 0025][Tests] RFE: External trust

2016-07-01 Thread Lenka Doudova
On 07/01/2016 02:38 PM, Martin Babinsky wrote: On 07/01/2016 06:36 AM, Lenka Doudova wrote: On 06/30/2016 05:01 PM, Martin Babinsky wrote: On 06/30/2016 03:47 PM, Lenka Doudova wrote: Hi, attaching patch with some basic coverage for external trust feature. Bit more detailed info in

Re: [Freeipa-devel] [PATCH 0146] Fix internal errors in host-add and other commands caused by DNS resolutio

2016-07-01 Thread Martin Basti
On 01.07.2016 10:37, Martin Basti wrote: On 01.07.2016 09:05, Petr Spacek wrote: On 30.6.2016 21:23, Petr Spacek wrote: Hello, Fix internal errors in host-add and other commands caused by DNS resolution Previously resolver was returning CheckedIPAddress objects. This internal server

Re: [Freeipa-devel] [PATCH 0548] Fix replica install with CA

2016-07-01 Thread Martin Basti
On 01.07.2016 14:48, Petr Spacek wrote: On 30.6.2016 18:05, Martin Basti wrote: On 30.06.2016 13:20, Martin Basti wrote: On 30.06.2016 13:18, Petr Spacek wrote: On 30.6.2016 13:04, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5966 This only for master branch, ipa-4-3 fix

Re: [Freeipa-devel] [PATCH 0146] Fix internal errors in host-add and other commands caused by DNS resolutio

2016-07-01 Thread Martin Basti
On 01.07.2016 10:37, Martin Basti wrote: On 01.07.2016 09:05, Petr Spacek wrote: On 30.6.2016 21:23, Petr Spacek wrote: Hello, Fix internal errors in host-add and other commands caused by DNS resolution Previously resolver was returning CheckedIPAddress objects. This internal server

Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

2016-07-01 Thread Martin Babinsky
On 07/01/2016 11:13 AM, Lenka Doudova wrote: And, of course, a patch file :) On 07/01/2016 11:09 AM, Lenka Doudova wrote: Hi all, here's patch with basic test suite for support of UPN. Note: it needs to be applied on top of my patch 0025.2 (or later, if there's will be more fixes to that

Re: [Freeipa-devel] [PATCH] pylint fixes

2016-07-01 Thread Florence Blanc-Renaud
On 06/21/2016 01:51 PM, Martin Basti wrote: On 21.06.2016 08:38, Florence Blanc-Renaud wrote: On 06/20/2016 07:08 PM, Martin Basti wrote: On 20.06.2016 19:06, Martin Basti wrote: On 20.06.2016 12:00, Florence Blanc-Renaud wrote: On 06/09/2016 05:10 PM, Petr Spacek wrote: Hello, I've

Re: [Freeipa-devel] [patch 0038-0040] Sub CA test patches

2016-07-01 Thread Milan Kubík
On 06/27/2016 01:31 PM, Milan Kubík wrote: On 06/27/2016 02:57 AM, Fraser Tweedale wrote: On Fri, Jun 24, 2016 at 12:08:24PM +0200, Milan Kubík wrote: On 06/24/2016 03:42 AM, Fraser Tweedale wrote: On Tue, Jun 21, 2016 at 05:01:35PM +0200, Milan Kubík wrote: Hi Fraser and list, I have made

Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

2016-07-01 Thread Lenka Doudova
On 07/01/2016 03:04 PM, Martin Babinsky wrote: On 07/01/2016 11:13 AM, Lenka Doudova wrote: And, of course, a patch file :) On 07/01/2016 11:09 AM, Lenka Doudova wrote: Hi all, here's patch with basic test suite for support of UPN. Note: it needs to be applied on top of my patch 0025.2

Re: [Freeipa-devel] [Test][patch-0052] Test for incorrect client domain

2016-07-01 Thread Oleg Fayans
Hi Martin, Thanks for the review. The updated patch is attached On 07/01/2016 04:09 PM, Martin Basti wrote: > > > On 01.07.2016 14:38, Oleg Fayans wrote: >> Hi Martin. Now I have this client installation thing sorted out. The >> test works as expected >> >> On 06/30/2016 02:57 PM, Martin Basti

Re: [Freeipa-devel] [PATCH 0014-0016][Tests] Authentication indicators

2016-07-01 Thread Lenka Doudova
On 07/01/2016 02:42 PM, Milan Kubík wrote: On 06/16/2016 03:23 PM, Lenka Doudova wrote: Hi, attached are tests for authentication indicators. Please note: 1. newly created service tracker is not exactly complete, list of unimplemented methods is in doc. These methods can be filled in when

[Freeipa-devel] [PATCH 0179] Preserve user principal aliases during rename operation

2016-07-01 Thread Martin Babinsky
Quick hacky fix for https://fedorahosted.org/freeipa/ticket/6028 Admittedly a more systematic solution exists. We may discuss it further in this thread (such as add options to modrdn plugin to append to multivalue attributes). If time is the issue, we may use this fix instead and revert it

Re: [Freeipa-devel] [Test][patch-0052] Test for incorrect client domain

2016-07-01 Thread Martin Basti
On 01.07.2016 16:55, Oleg Fayans wrote: Hi Martin, Thanks for the review. The updated patch is attached On 07/01/2016 04:09 PM, Martin Basti wrote: On 01.07.2016 14:38, Oleg Fayans wrote: Hi Martin. Now I have this client installation thing sorted out. The test works as expected On