stigation for FreeIPA and is working on some
polished instructions for the FreeIPA WebUI.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-dev
-- obtaining the delegated certificated fails.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On Mon, Aug 08, 2016 at 12:52:33PM +0200, Martin Kosek wrote:
>
> I discussed this with Jan Pazdziora on IRC, outside of this mail thread, so
> let
> me repeat my suggestion here. I still think it is premature to add plugins
> like
> that to FreeIPA core git. We are not agre
nderstand this difference, they may be
> surprised to find out there are clients that do not honor it.
I prefer the first option. We shouldn't introduce new feature and make
its behaviour ambiguous from the very start.
If the access is denied for old clients when the time-based mechanism
is u
would prefer a scheme where they could be
> combined though for maximum flexibility with as little as possible
> ambiguity.
I agree that managing separate host group membership might be
and extra work. But it seems to be the only way to remove the ambiguity.
--
Jan Pazdziora
Senior Principal So
False requirement in the installer come
from and what would break if it was removed altogether?
Thanks,
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/lis
On Wed, Sep 21, 2016 at 12:01:44PM +0200, Jan Pazdziora wrote:
>
> I've recently hit again the situation of IPA installer not happy
> about the provided IP address not being local to it, this time in
> containerized environment:
>
> https://bugzilla.redhat.com/
houldn't be building rpms themselves either, they
should consume nightly/snapshot builds produced by engineering,
either automatically or manually.
Could we add some high level goals for the refactoring effort, and
add a goal of having repoclosure'd yum repo for master and interesting
branc
even when 4.0.4 or 4.1.0 is out, the
4.0.3 content is still available?
I'd like to use these yum repos for Docker images and I wonder what
naming I should use for the branches and tags -- centos-7-upstream,
centos-7-4.0.3, or something else?
--
Jan Pazdziora
Principal Software Engineer, I
latest (with mkosek/freeipa copr)
> centos-7-4-0 (with potential future mkosek/freeipa-4-0 copr)
> centos-7-4-1 (with potential future mkosek/freeipa-4-1 copr)
>
> Makes sense?
Yes, thanks.
--
Jan Pazdziora
Principal Software Engine
play.
Can't you just run the tests once per day, no matter what?
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Mon, Oct 20, 2014 at 03:58:27PM +0200, Petr Vobornik wrote:
>
> The plan is to release 4.1 and then 4.0.4. Besides usual tarballs, 4.1 will
> go into Fedora rawhide, f21-updates-testing and mkosek/freeipa copr repo (to
> be usable on F20).
And RHEL 7 / CentOS 7?
--
Jan Pazdzio
hains by people who know
how their part should build and install.
Currently when we see a huge dependency tree when installing
freeipa-server package, it might not be immediatelly obvious, what
is causing the possible bloat.
--
Jan Pazdziora
Principal Software Engineer, Identity Management
Hello,
presumably explicitly specifying zone is not needed and can be
harmful.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
>From 934c5672cb0f73fc7d237cbf916707693dff9c39 Mon Sep 17 00:00:00 2001
From: Jan Pazdziora
Date: Tue, 2 Dec 2014 11:48
Hello,
Martin suggests dependency on subscription-manager is no longer needed.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
>From 4243c4016d5e9844e555f134ce091cf85c01fcb2 Mon Sep 17 00:00:00 2001
From: Jan Pazdziora
Date: Tue, 2 Dec 2014 17:33
On Wed, Dec 03, 2014 at 05:16:23PM +0100, Martin Basti wrote:
> On 02/12/14 13:00, Jan Pazdziora wrote:
> >Hello,
> >
> >presumably explicitly specifying zone is not needed and can be
> >harmful.
> >
> This should be fixed in template for uploading SSHFP keys a
he one-way
ability when we have the two-way one.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
bute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
might be enough.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Go to http:/
PA might no longer mean identity, policy, *and audit*,
so maybe that second line could be dropped altogether?
Also, it's FreeIPA with capital IPA -- shouldn't the letters on the
box be capitalized as well?
In any case, since Máirín authored the logo, she should be consulted
about th
well? The
https://admin.fedoraproject.org/updates/freeipa-4.1.4-1.fc21
is in testing and it will be a while before it gets to Fedora proper,
copr repo would give us a stable (no fiddling with updates-testing
enablement) yum source.
--
Jan Pazdziora
Principal Software Engineer, Identity Managem
e with testing in all sorts of
scenarios before the bits hit stable Fedora.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIP
ng --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/
http://dl.fedoraproject.org/pub/fedora/linux/updates/testing/21/x86_64/f/
So we did not really provide the release on Fedora 21 to the
community.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mai
On Fri, Mar 27, 2015 at 09:15:29AM +0100, Jan Pazdziora wrote:
> On Thu, Mar 26, 2015 at 06:14:34PM +0100, Petr Vobornik wrote:
> > The FreeIPA team would like to announce FreeIPA v4.1.4 security release!
> >
> > It can be downloaded from http://www.freeipa.org/page/Downloads
uires: mod_wsgi
> -Requires: mod_auth_kerb >= 5.4-16
> +Requires: mod_auth_gssapi
Do we assume we will no longer do an upstream 4.2 release on
Fedora 20? Otherwise this should be covered by some %ifs to use
mod_auth_kerb on Fedora 20.
--
Jan Pazdziora
Principal Software Engineer, Iden
arly, string
> to unicode). Instead, any values that evaluate to False that are neither
> numeric nor boolean should be converted to None.
[...]
Ack, all original values pass the _is_null() test.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
either "on its own"
or "of its own accord".
> If SSH keys are not present (e.g when running the ipa-client-install in
Is it correct that there are no backslashes in this occurence of
ipa-client-install?
> a kickstart, before ever running sshd), they will not be uploa
On Wed, Mar 05, 2014 at 12:33:01PM +0100, Tomas Babej wrote:
> Thanks Jan, both fixed.
Ack.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
ht
viour when the usage of the
new values cannot really be enfoced by the admin (without the daemon
restart).
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
cept errors.NotFound:
> +pass
> +# Re-raise original exception
> +raise
> self.obj.postprocess_result(entry, options)
> return dn
I'm not totally happy about this patch.
What happens when the ACI is already in LDA
ot;) is the last thing done
> in the error handler.
>
> I guess it would be good to add a comment saying this.
Thank you for the explanation.
In that case, ack on the patch, provided you add a nice comment. ;-)
--
Jan Pazdziora
Principal Software Engineer, Identity Management Eng
ssioned call:
> https://fedorahosted.org/freeipa/ticket/4225
The patch does not seem to apply against master.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https:
On Tue, Mar 18, 2014 at 09:02:13AM +0100, Marco Di Sabatino Di Diodoro wrote:
>
> what are the requirements or packages that a client must have to call
> JSON/RPC with java? We have a 401 error.
What packages / code do you attempt to use when you get that 401?
--
Jan Pazdziora
Ack.
Applied against ipa-client-3.0.0-37.el6.x86_64, tried without
--no-sudo and sudo was added to sssd.conf's services list and sudoeers
added to /etc/nsswitch.conf.
Rerun with --uninstall and run again with the --no-sudo parameter,
those settings were not longer there.
--
Jan Pazdziora
P
On Mon, Mar 24, 2014 at 02:57:30PM +0100, Martin Kosek wrote:
> On 03/24/2014 02:47 PM, Jan Pazdziora wrote:
> > On Mon, Mar 03, 2014 at 08:24:41PM +0100, Tomas Babej wrote:
> >> Hi,
> >>
> >> Makes ipa-client-install configure SSSD as the data provider
> &
On Wed, Mar 26, 2014 at 05:30:13PM -0600, Gabe Alford wrote:
> All,
>
> Please review this patch for https://fedorahosted.org/freeipa/ticket/4156
> Added links to documentation on configuring NetworkManager.
Thank you for the patch.
ACK.
--
Jan Pazdziora
Principal Software Engine
_base_rid;
};
-- no forest_root_id and no id_range_type.
So NACK for applying to master. Perhaps there is some dependency
patch?
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
hat makes sense, I don't see why freeipa-docs needs to share
the same list of committers.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redh
iron):
> -full_url = wsgiref.util.request_uri(environ)
> +full_url = request_uri(environ)
Sadly, this antipattern seems needed even if the proper solution would
be to fix wsgi to properly export util. Is there bug filed for that.
Ack based on reading the code and wsgiref documentation wh
On Tue, Apr 01, 2014 at 10:05:39AM +0200, Tomas Babej wrote:
>
> > Yes, that was the intention. Mistake on my part, I'll send updated patches.
> >
>
> Updated patch attached.
Ack based on reading the code and documentation for
slapi_ch_free_string.
--
Jan Pazdziora
P
I found error message
Failed to data from service file: Failed to get list of services to
probe status:
in my logs while experimenting with something and it confused me
a bit, hence this patch.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
id context:
> > unconfined_u:system_r:pki_ca_script_t:s0: Invalid argument"
> >
> > We've seen this before. Sometimes pki-selinux fails to load its policy
> > for some reason. The best thing to do is to force re-install
Did you try to use %posttrans instead of %post?
d as a result,
> can't use them to accomplish admin tasks.
Could we make this functionality part of the ipa-server-install script
itself? It could be useful outside of puppet as well?
Do you have any proposal how to go about ipa-client-install in puppet,
without having the password stored
king wrapper ...
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ration? Can't you just use PATH value (let PATH do its work)?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
the code
but isn't using custom principal _plus_ a keytab for that principal
a valid combination? Right now, it's either principal + password, or
keytab and from that keytab a specific host/* principal. Can't it be
ptincipal + keytab?
--
Jan Pazdziora | ad
? What would be the reason and business case? Why
> not to point to CA2?
Could the business case be an IPA server in DMZ which does not have
access to CA2 but it can get to (public) CA1?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identit
On Tue, Jun 25, 2013 at 10:54:55AM +0200, Jan Cholasta wrote:
>
> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/3705>.
Ack.
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineer
hings twice ?
> Also this will unconditionally try to start the CA even if not
> installed.
>
> NACK, please let ipa.service handle starting and stopping daemons.
Hello, I'm coming late to this thread but: Should ipa really be
a service under systemd? Wouldn't making it a ta
y to cause changes in the local
> cn=config based on plugin configuration but I can't find the ticket
> right now.
> We could add the ability to launch a helper (via dbus or similar).
>
> Once we have that we could move to a native systemd configuration, until
> then ...
:-)
;
> }
>
> errno = 0;
> -c = textdomain(PACKAGE);
> +c = textdomain("ipa");
Ack.
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
because as an informational field in /etc/passwd,
it is not General Electric Comprehensive Operating System. It is the
field that was (I assume) acced by/for GECOS back then but still the
full name is "GECOS field (of /etc/passwd)".
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal
ot;)
[...]
The gcos field in the password file was
[...]
> Historically correct label would probably be 'GECOS identity' but
> that's not usable today as it's purpose is more general.
--
Jan P
all/ipa-client-automount
Running git grep shows
install/tools/ipa-compliance:#!/usr/bin/env python
-- shouldn't it be changed as well?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
__
On Wed, Jul 24, 2013 at 12:52:31PM +0200, Petr Viktorin wrote:
>
> That tool was removed recently. Update your repo :)
Ah, I had some uncommitted change so git pull did not do what I meant
it to do (and I ignored the warning it gave me). Sorry about the
noise.
--
Jan Pazdziora | adel
stand as
valid?
Alternatively, how essential is this requirement for the referer
header -- couldn't it be dropped, maybe via some config option?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
uld
> do any action in IPA, if clicked by a logged-in admin.
Could we change the CSRF protection method from the Referrer check to
some user session specific token?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Ma
t, in which case if the target did not change with upgrade,
the hash would stay the same and the browser would not need to reload
it.
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
___
efit seems to be minimal.
>
> I try to avoid doing modification of Web UI files at build time
> because I think the modifications make development less transparent
> (more changes on different places).
Fair enough.
--
Jan Pazdziora | adelton at #ip
d retrieving it into
any POST operation you do against the server would be my course of
investigation.
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeip
or stored to an element in the DOM? You don't really
need to use cookies for that.
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
viewing things on
the WebUI without modifying anything, you won't need the token at all.
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@
On Tue, Sep 10, 2013 at 11:10:25AM -0400, Dmitri Pal wrote:
> >
> > Regarding SNI, it apparently is not supported in server-side NSS
> > (https://bugzilla.mozilla.org/show_bug.cgi?id=360421)
> > We need to either push for a solution to this or allow to switch to
> &g
ternal names.
Isn't it quite the oposite in cloud? The individual machines are
disposable often and all that matters is that there is a machine which
is able to provide a service, on some well-known stable public host
name. Which physical VM serves that service can change rapidly. A one
VM pr
h more important than leaving mess around with the intent of fixing
it upon the next run. Leaving things in consistent state is higher
value than idempotence.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa
can immediatelly start the rollback. The declarative installer
will continue marching towards the goal you gave it, possibly
increasing the number of (wrong) changes which will need to be
restored.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
plain installing Origin:
https://bugzilla.redhat.com/show_bug.cgi?id=1027089
But if you were able to overcome those issues, nsupdate with GSS-TSIG
should just work.
Just for the note, with OpenShift Enterprise 1.2.x the feature is
there and working.
--
Jan Pazdziora
Principal Software En
paid plans.
this is primarily about OpenShift Online -- the hosted operation.
For Origin and Enterprise, the installers will typically install and
configure bind, so for the on-site scenarios the solution is already
there. And of course, you can use FreeIPA/IdM as well.
--
Jan Pazdziora
Principa
. And maybe in the past it even killed something?
The examples in
https://fedoraproject.org/wiki/Packaging:ScriptletSnippets
all have the redirect but no explanation why.
Maybe poking relevant Fedora people could yield some definitive
answer?
--
Jan Pazdziora
Principal Software Engine
n't the backup
contain the extended attributes, so that the SELinux context gets
restored to the original state (which could be different from what
the restorecon will give you)?
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Thu, Feb 20, 2014 at 12:20:12PM +0100, Petr Viktorin wrote:
> On 02/19/2014 04:54 PM, Jan Pazdziora wrote:
> >
> >However: since this is about restoring a backup, can't the backup
> >contain the extended attributes, so that the SELinux context gets
> >restored to
ve DNS record for the
host but the current
ipa: ERROR: Host does not have corresponding DNS A record
is just bad user experience.
Do you propose to change that ERROR to warning, for example,
relaxing the requirement for the DNS records being present?
--
Jan Pazdziora
Senior Principal S
ldn't that check be removed altogether?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeip
On Tue, Jul 14, 2015 at 08:31:19AM +0200, Petr Spacek wrote:
> On 13.7.2015 19:37, Jan Pazdziora wrote:
> >
> > However -- what is the purpose of the DNS check when adding service?
>
> The service is typically a Kerberos service, which usually is not going to
> work if th
s
> well [1]. The question came up in our Monday meeting as well. Nobody seem to
> know if anyone was using these builds and why we weren't using COPR. The
The Fedora infra admins should be able to provide HTTP logs for the
repo, if you needs some numbers about potential usage.
--
at might have changed in the installer or
in dogtag itself in 4.2 that could cause this. For example, did we make
the timeout shorter?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
On Tue, Jul 28, 2015 at 03:25:50PM +0300, Alexander Bokovoy wrote:
> On Tue, 28 Jul 2015, Jan Pazdziora wrote:
> >
> >I do run it in container so it could be related, so I'm mostly looking
> >for blind hints about what might have changed in the installer or
> >in
On Tue, Jul 28, 2015 at 03:56:47PM +0200, Jan Pazdziora wrote:
>
> INFO: Server startup in 5444 ms
> INFO: Server startup in 5936 ms
> INFO: Server startup in 5804 ms
Running netstat at the time when the tomcat should have restarted and
be ready shows
# /usr/bin/netstat -tln
Act
icket we are waiting for
(https://fedorahosted.org/sssd/ticket/2742 ?) should be added so
that it's clear that this step should be removed when the ticket
is addressed.
Otherwise, great effort with the How to Test section.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management
packages until
the end of the transaction.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
pa-server upgrading transaction, there could be
a selinux-policy downgrade operation, which would leave the newer
version for ipa-server's pre but install older version of
selinux-policy after it's done with ipa-server.
Yes, it's just a theoretical situation but we should not short
t
policy change?
I ask because if it's about labelling of files installed by rpm, the
(pre) might not help because rpm did not reload the file contexts
mid-transaction
https://bugzilla.redhat.com/show_bug.cgi?id=505066#c9
and I'm not sure things have changed since RHEL 5.
us major).
Is that expected?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
nd it would then not be clear what
> version it is fixed in.
Moving all resolved "FreeIPA 4.2.x backlog" to the correct milestone
at the point that release is released and/or branched might be
reasonable approximation.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Manage
one? We don't seem to
suffer from the lack of tickets.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
t; close to the bottom.
Simo,
could you please add the
How To Test
steps to http://www.freeipa.org/page/V4/Replica_Promotion?
It would make the functional check of this patchset easier, spelling
out how the workflow is supposed to work.
Thank you,
--
Jan Pazdziora
Senior Principal So
gt; >I think so, yes.
>
> Turns out it is already there.
Oleg, were you able to build from the branch now?
Simo, could you maybe make a copr repo from your branch?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscri
sts.)
I believe you also need to have the PTR sync enabled in the forward zone
(pesen.net).
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/fr
rror] [pid 1394] [client
192.168.100.229:49031] AH00898: Error reading from remote server returned by
/ipa/keys/ra/ipaCert
[Tue Oct 06 13:24:31.017069 2015] [wsgi:error] [pid 10789] ipa: INFO:
[jsonserver_kerb] ad...@example.test: ping(): SUCCESS
--
Jan Pazdziora
Senior Principal Software Enginee
failed to create that log file.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/C
ounds and
reverting them, so that the tests test the real, expected behaviour?
Also, instead of blind sleeps, wouldn't it be better to have some
polling for status of the services we are waiting for?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red H
27;s not, so (IIUIC) you will keep having
nondeterministic failures in master.
I was mostly interested in the general approach that we have to
workarounds -- how do we track them, how do we make sure they don't
stick in tests forever, even after the issue was already properly
addressed.
--
Ja
d in the test body to
achieve deterministic situation in which running that final check
makes sense.
I can imagine that simple
# workaround 5348
time.sleep(20)
and then some script which would find all these comments and compare
them to resolved tickets might be enough.
--
J
ts, we've cleverly worked around them.
Either that workaround step is needed and needs to be documented, or
that step should not be needed and there should be a ticket describing
the issue.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Mana
One-liner.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
>From 612495129cb84fca972c0331adc591ea59dafd21 Mon Sep 17 00:00:00 2001
From: Jan Pazdziora
Date: Tue, 13 Oct 2015 13:07:24 +0200
Subject: [PATCH] The delegation uris are not set, ma
lity of the 2.0 value in particular -- not
sure who and where checks that value.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
rg/coprs/g/freeipa/freeipa-4-2-rc/
> [2] https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3-rc/
Unfortunately, it seems the existing 4.3.0 repo at
https://copr.fedorainfracloud.org/coprs/pvoborni/freeipa-4-3/
now contains only mod_auth_gssapi, at least for Fedora 23
nstead to separate location could increase visibility
and decrease confusion.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribu
On Wed, Mar 09, 2016 at 06:17:58PM +0100, Petr Vobornik wrote:
>
> pvoborni/freeipa-4-3 was never official it was used for 4-3 pre-release
> testing. mkosek/freeipa-4.3 is (and other in mkosek namespace). But they are
Ah, mean culpa, I've mixed those two.
Sorry for the noise.
--
ve similar functionality to what you propose with the
regular expression approach, except the computers will do the work
of keeping things in sync, not users.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-d
1 - 100 of 116 matches
Mail list logo