[Freeipa-devel] [PATCH] 0007 Performace optimization for ldap_parse_configentry

2012-02-23 Thread Petr Spacek
Hello, this patch is performance optimization of yesterday's fix https://fedorahosted.org/bind-dyndb-ldap/ticket/43 - hold bind and plugin global settings in LDAP. -- Petr^2 Spacek From 61c4da9c39d3b42594dab39779da2495970d34f4 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com

[Freeipa-devel] [PATCH] 0008 Documentation improvement, configuration check

2012-02-24 Thread Petr Spacek
Hello, this patch is documentation improvement configuration check for situations, where persistent search and zone refresh are enabled at same time. (Which is not allowed.) It's related to fix https://fedorahosted.org/bind-dyndb-ldap/ticket/43 - hold bind and plugin global settings in

Re: [Freeipa-devel] [PATCH] 0008 Documentation improvement, configuration check

2012-02-28 Thread Petr Spacek
On 02/24/2012 01:42 PM, Petr Spacek wrote: Hello, this patch is documentation improvement configuration check for situations, where persistent search and zone refresh are enabled at same time. (Which is not allowed.) It's related to fix https://fedorahosted.org/bind-dyndb-ldap/ticket/43

Re: [Freeipa-devel] [PATCH] 0006 Hold bind and plugin global settings in LDAP

2012-02-28 Thread Petr Spacek
On 02/28/2012 02:25 PM, Adam Tkac wrote: On 02/22/2012 12:42 PM, Petr Spacek wrote: Hello, this patch fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/43 - hold bind and plugin global settings in LDAP. Currently it's not optimized for performance. Patch for avoiding unnecessary locking

Re: [Freeipa-devel] [PATCH] 0007 Performace optimization for ldap_parse_configentry

2012-02-28 Thread Petr Spacek
On 02/28/2012 02:29 PM, Adam Tkac wrote: On 02/23/2012 04:31 PM, Petr Spacek wrote: Hello, this patch is performance optimization of yesterday's fix https://fedorahosted.org/bind-dyndb-ldap/ticket/43 - hold bind and plugin global settings in LDAP. Thanks for the patch, Petr, please check my

Re: [Freeipa-devel] [PATCH] 0008 Documentation improvement, configuration check

2012-02-28 Thread Petr Spacek
On 02/28/2012 02:46 PM, Adam Tkac wrote: On 02/28/2012 02:44 PM, Petr Spacek wrote: On 02/24/2012 01:42 PM, Petr Spacek wrote: Hello, this patch is documentation improvement configuration check for situations, where persistent search and zone refresh are enabled at same time. (Which

Re: [Freeipa-devel] [PATCH] 0008 Documentation improvement, configuration check

2012-02-29 Thread Petr Spacek
On 02/29/2012 10:04 AM, Martin Kosek wrote: On Tue, 2012-02-28 at 14:19 -0500, Dmitri Pal wrote: On 02/28/2012 08:46 AM, Adam Tkac wrote: On 02/28/2012 02:44 PM, Petr Spacek wrote: On 02/24/2012 01:42 PM, Petr Spacek wrote: Hello, this patch is documentation improvement configuration check

[Freeipa-devel] [PATCH] discussion needed: 0009 Support for IPv6 elements in idnsForwarders attribute

2012-02-29 Thread Petr Spacek
Hello, this patch fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/49 , but I want to discuss one (unimplemented) change: I propose a change in (currently very strange) forwarders syntax. Current syntax: IP[.port] examples: 1.2.3.4 (without optional port) 1.2.3.4.5553 (optional port

Re: [Freeipa-devel] [PATCH] discussion needed: 0009 Support for IPv6 elements in idnsForwarders attribute

2012-02-29 Thread Petr Spacek
And there is the patch, sorry. Petr^2 On 02/29/2012 03:10 PM, Petr Spacek wrote: Hello, this patch fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/49 , but I want to discuss one (unimplemented) change: I propose a change in (currently very strange) forwarders syntax. Current syntax

Re: [Freeipa-devel] [PATCH] discussion needed: 0009 Support for IPv6 elements in idnsForwarders attribute

2012-02-29 Thread Petr Spacek
attribute, so each value contain single forwarder address. Petr^2 Spacek On Wed, 2012-02-29 at 15:14 +0100, Petr Spacek wrote: And there is the patch, sorry. Petr^2 On 02/29/2012 03:10 PM, Petr Spacek wrote: Hello, this patch fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/49 , but I

Re: [Freeipa-devel] [PATCH] 0009 Support for IPv6 elements in idnsForwarders attribute

2012-03-01 Thread Petr Spacek
as discussed yesterday :-) Adam, please review it. Thanks. Petr^2 Spacek On 03/01/2012 03:22 PM, Petr Spacek wrote: Hello, here is reworked patch for https://fedorahosted.org/bind-dyndb-ldap/ticket/49 . Changes after yesterday's discussion on IRC with Simo and Mkosek: It follows BIND9

Re: [Freeipa-devel] discussion needed: Support for IPv6 elements in idnsForwarders attribute

2012-03-05 Thread Petr Spacek
Hello, we are back with another proposal from Adam. See last lines. On 03/05/2012 12:32 PM, Adam Tkac wrote: On Thu, Mar 01, 2012 at 07:55:33PM +0100, Petr Spacek wrote: Hello, here is (again) reworked patch for https://fedorahosted.org/bind-dyndb-ldap/ticket/49 . Adam pointed me

Re: [Freeipa-devel] discussion needed: Support for IPv6 elements in idnsForwarders attribute

2012-03-05 Thread Petr Spacek
On 03/05/2012 02:03 PM, Adam Tkac wrote: On Mon, Mar 05, 2012 at 01:56:14PM +0100, Petr Spacek wrote: Hello, we are back with another proposal from Adam. See last lines. Hello, reply is below... On 03/05/2012 12:32 PM, Adam Tkac wrote: On Thu, Mar 01, 2012 at 07:55:33PM +0100, Petr

[Freeipa-devel] [PATCH] 0010 Remove unnecessary mctx double checks

2012-03-06 Thread Petr Spacek
: +REQUIRE(mctx != NULL); REQUIRE(mctx != NULL); is not needed, every isc_mem_* function checks mctx validity. I checked each REQUIRE(mctx != NULL) and reference to mctx and Adam is right :-D -- Petr^2 Spacek From 15305dc1707dfa64dba993d33dfb7714b45d8362 Mon Sep 17 00:00:00 2001 From: Petr Spacek

Re: [Freeipa-devel] [PATCH] 0010 Remove unnecessary mctx double checks

2012-03-06 Thread Petr Spacek
On 03/06/2012 01:49 PM, Adam Tkac wrote: On 03/06/2012 01:46 PM, Petr Spacek wrote: Hello, this patch removes unnecessary double checks for isc_mem, which are scattered through the code. This problem was mentioned yesterday (another) patch review: https://www.redhat.com/archives/freeipa-devel

[Freeipa-devel] [PATCH] 0011 Fix ticket #55: BIND cannot be shutdown correctly

2012-03-12 Thread Petr Spacek
:00 2001 From: Petr Spacek pspa...@redhat.com Date: Mon, 12 Mar 2012 13:01:25 +0100 Subject: [PATCH] Fix ticket #55: BIND cannot be shutdown correctly, if psearch is enabled and LDAP connect fails Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_helper.c |3 +++ 1 files changed, 3

Re: [Freeipa-devel] [PATCH] 0011 Fix ticket #55: BIND cannot be shutdown correctly

2012-03-12 Thread Petr Spacek
On 03/12/2012 02:14 PM, Martin Kosek wrote: On Mon, 2012-03-12 at 08:46 -0400, Dmitri Pal wrote: On 03/12/2012 08:15 AM, Petr Spacek wrote: Hello, this patch fixes annoying bug from ticket #55: BIND cannot be shutdown correctly, if psearch is enabled and LDAP connect fails Upstream ticket

Re: [Freeipa-devel] [PATCH] 227-228 Add last missing bits in new bind-dyndb-ldap

2012-03-13 Thread Petr Spacek
On 03/12/2012 07:10 PM, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote: These 2 patches changes the DNS API to support the last missing bits in new bind-dyndb-ldap: 1) Both global and per-zone forwarders now support a conditional custom port

[Freeipa-devel] DNS/bind-dyndb-ldap development plans

2012-03-19 Thread Petr Spacek
Hello list, there are several big features, that are missing in IPA DNS/plugin now. So we have to triage big features for next plugin development. In short - there is a list of biggest features: - DNSSEC (Domain Name System Security Extensions) support - IDN (Internationalized Domain Names)

Re: [Freeipa-devel] DNS/bind-dyndb-ldap development plans

2012-03-19 Thread Petr Spacek
On 03/19/2012 03:28 PM, Martin Kosek wrote: On Mon, 2012-03-19 at 09:54 -0400, Dmitri Pal wrote: On 03/19/2012 09:42 AM, Simo Sorce wrote: On Mon, 2012-03-19 at 14:34 +0100, Petr Spacek wrote: Hello list, there are several big features, that are missing in IPA DNS/plugin now. So we have

[Freeipa-devel] [PATCH] 0013 Fix SOA record update

2012-03-22 Thread Petr Spacek
From f40423b30a0d62dcef9ba4962e4b3d2ece1a0ded Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Thu, 22 Mar 2012 16:15:56 +0100 Subject: [PATCH] Fix SOA record update. Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_helper.c | 15 --- 1 files changed, 12

Re: [Freeipa-devel] [PATCH] 0014 Fix crash on reload without any zones

2012-03-23 Thread Petr Spacek
On 03/23/2012 10:17 AM, Martin Kosek wrote: On Fri, 2012-03-23 at 09:59 +0100, Petr Spacek wrote: Hello, this patch fixes crash on reload/halt. Current code will crash if no zones were loaded from LDAP (because of connection error or bad DN in config). There is no BZ/ticket for this issue

Re: [Freeipa-devel] [PATCH] 0014 Fix crash on reload without any zones

2012-03-23 Thread Petr Spacek
On 03/23/2012 12:25 PM, Adam Tkac wrote: On 03/23/2012 09:59 AM, Petr Spacek wrote: Hello, this patch fixes crash on reload/halt. Current code will crash if no zones were loaded from LDAP (because of connection error or bad DN in config). There is no BZ/ticket for this issue. This patch

Re: [Freeipa-devel] [PATCH] 0013 Fix SOA record update

2012-03-23 Thread Petr Spacek
On 03/23/2012 11:58 AM, Adam Tkac wrote: On 03/22/2012 04:27 PM, Petr Spacek wrote: this patch fixes wrong SOA updates during DNS zone dynamic update (via nsupdate). It fixes LDAP plugin part of BZ: https://bugzilla.redhat.com/show_bug.cgi?id=805871 Good catch, the patch looks fine for me

[Freeipa-devel] [PATCH] 0015 Don't try to remove auxiliary nodes from internal RBT

2012-04-03 Thread Petr Spacek
before I realized where is the problem. Petr^2 Spacek From ce620e1e4bb888d784b8cdfac5ba75182d45b6c3 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 3 Apr 2012 14:50:12 +0200 Subject: [PATCH] Don't try to remove auxiliary nodes from internal RBT Signed-off-by: Petr

Re: [Freeipa-devel] [RANT] --setattr validation is a minefield.

2012-04-10 Thread Petr Spacek
On 04/10/2012 05:31 PM, Petr Viktorin wrote: On 04/10/2012 05:03 PM, Jan Cholasta wrote: On 04/10/2012 05:31 PM, Petr Viktorin wrote: tl;dr: --setattr work on IPA-managed attributes (with validation) is a mistake. +1 It adds no functionality, only complexity. We don't want people to use

[Freeipa-devel] [PATCH] 0016 Remove old work-around for a bug in dns_db_unregister()

2012-04-13 Thread Petr Spacek
/buildinfo?buildID=133161) Patch also adds note to README and bumps dependency version in SPEC file. Petr^2 Spacek From d09edb2d88fb730043c7d1f11b979ea8bc260e37 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Fri, 13 Apr 2012 12:20:42 +0200 Subject: [PATCH] Removed old work

Re: [Freeipa-devel] [PATCH] 0016 Remove old work-around for a bug in dns_db_unregister()

2012-04-16 Thread Petr Spacek
On 04/16/2012 11:54 AM, Adam Tkac wrote: On Fri, Apr 13, 2012 at 12:33:35PM +0200, Petr Spacek wrote: Hello, this patch removes old work-around for a bug in dns_db_unregister(). This bug was fixed in BIND version 9.7.0a1. Oldest available BIND version for RHEL 6.2 contains required fix

[Freeipa-devel] [PATCH] 0017 Fix various memory leaks in Kerberos helper code

2012-04-16 Thread Petr Spacek
: Petr Spacek pspa...@redhat.com Date: Mon, 16 Apr 2012 14:07:20 +0200 Subject: [PATCH] Fix various memory leaks in Kerberos helper code. Signed-off-by: Petr Spacek pspa...@redhat.com --- src/krb5_helper.c | 16 1 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src

Re: [Freeipa-devel] [PATCH] 0017 Fix various memory leaks in Kerberos helper code

2012-04-16 Thread Petr Spacek
On 04/16/2012 02:25 PM, Adam Tkac wrote: On Mon, Apr 16, 2012 at 02:13:06PM +0200, Petr Spacek wrote: Hello, this patch fixes several memory leaks in Kerberos integration code. Fix was tested with Valgrind. There is another memory leak in persistent search code, it will be fixed by separate

[Freeipa-devel] DNS zone serial number updates [#2554]

2012-04-17 Thread Petr Spacek
Hello, there is IPA ticket #2554 DNS zone serial number is not updated [1], which is required by RFE Support zone transfers in bind-dyndb-ldap [2]. I think we need to discuss next steps with this issue: Basic support for zone transfers is already done in bind-dyndb-ldap. We need second part

Re: [Freeipa-devel] DNS zone serial number updates [#2554]

2012-04-18 Thread Petr Spacek
. On 04/17/2012 06:13 PM, Simo Sorce wrote: On Tue, 2012-04-17 at 17:49 +0200, Petr Spacek wrote: Hello, there is IPA ticket #2554 DNS zone serial number is not updated [1], which is required by RFE Support zone transfers in bind-dyndb-ldap [2]. I think we need to discuss next steps with this issue

[Freeipa-devel] IP address check during IPA install

2012-04-18 Thread Petr Spacek
Hello, please, can somebody explain to me, why our installer strictly checks IP addresses? I wonder about it from yesterday's IPA meeting and still can't get it. My naive insight is: It's a network layer problem and application shouldn't care. Of course, there are many protocols with

Re: [Freeipa-devel] DNS zone serial number updates [#2554]

2012-04-18 Thread Petr Spacek
On 04/18/2012 04:04 PM, Simo Sorce wrote: On Wed, 2012-04-18 at 15:29 +0200, Petr Spacek wrote: Hello, first of all - snippet moved from the end: I think we need to try to be more consistent than what we are now. There may always be minor races, but the current races are too big

Re: [Freeipa-devel] IP address check during IPA install

2012-04-19 Thread Petr Spacek
On 04/18/2012 05:02 PM, Dmitri Pal wrote: On 04/18/2012 09:55 AM, Petr Spacek wrote: Hello, please, can somebody explain to me, why our installer strictly checks IP addresses? I wonder about it from yesterday's IPA meeting and still can't get it. My naive insight is: It's a network layer

[Freeipa-devel] [PATCH 0018] Deadlock detection logic

2012-04-24 Thread Petr Spacek
/ticket/66) Deadlock itself will be fixed by separate patch. Petr^2 Spacek From ea961e11cbf67f5493f95ef47d317ad0c90ac0ba Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 24 Apr 2012 15:09:32 +0200 Subject: [PATCH] Add simple semaphore deadlock detection logic. Signed-off

Re: [Freeipa-devel] [PATCH 0018] Deadlock detection logic

2012-04-24 Thread Petr Spacek
On 04/24/2012 03:21 PM, Petr Spacek wrote: Hello, this patch adds deadlock detection (based on simple timeout) to current code. If (probable) deadlock is detected, current action is stopped with proper error. It properly detects Simo's deadlock with 'connections' parameter == 1. (Described

[Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-03 Thread Petr Spacek
. Any improvements are welcome. Petr^2 Spacek From 10bc76498072e554ccfb1504d81f3166a14b79a5 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Mon, 23 Apr 2012 11:38:43 +0200 Subject: [PATCH] Add proper DN escaping before LDAP library calls. Signed-off-by: Petr Spacek pspa

Re: [Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-03 Thread Petr Spacek
On 05/03/2012 11:25 AM, Petr Spacek wrote: Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary to prevent (potential) LDAP injection attacks in future. Code isn't very nice, because DNS users decimal escaping \123, LDAP uses hexadecimal escaping \ab and set of escaped

Re: [Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-03 Thread Petr Spacek
On 05/03/2012 11:25 AM, Petr Spacek wrote: Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary to prevent (potential) LDAP injection attacks in future. Code isn't very nice, because DNS users decimal escaping \123, LDAP uses hexadecimal escaping \ab and set of escaped

Re: [Freeipa-devel] [PATCH 0018] Deadlock detection logic

2012-05-07 Thread Petr Spacek
On 05/03/2012 02:18 PM, Adam Tkac wrote: On Tue, Apr 24, 2012 at 03:52:00PM +0200, Petr Spacek wrote: On 04/24/2012 03:21 PM, Petr Spacek wrote: Hello, this patch adds deadlock detection (based on simple timeout) to current code. If (probable) deadlock is detected, current action is stopped

Re: [Freeipa-devel] [PATCH 0018] Deadlock detection logic

2012-05-07 Thread Petr Spacek
On 05/07/2012 12:50 PM, Adam Tkac wrote: On 05/07/2012 12:35 PM, Petr Spacek wrote: On 05/03/2012 02:18 PM, Adam Tkac wrote: On Tue, Apr 24, 2012 at 03:52:00PM +0200, Petr Spacek wrote: On 04/24/2012 03:21 PM, Petr Spacek wrote: Hello, this patch adds deadlock detection (based on simple

[Freeipa-devel] [PATCH 0020] Separate LDAP result from LDAP connection, fix deadlock.

2012-05-07 Thread Petr Spacek
Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Mon, 7 May 2012 12:51:09 +0200 Subject: [PATCH] Separate LDAP result from LDAP connection, fix deadlock. https://fedorahosted.org/bind-dyndb-ldap/ticket/66 Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_helper.c

Re: [Freeipa-devel] DNS zone serial number updates [#2554]

2012-05-07 Thread Petr Spacek
, Petr Spacek wrote: If this happens, it is possible that on one of the masters the serial will be updated twice even though no other change was performed on the entry-set. That is not a big deal though, at most it will cause a useless zone transfer, but zone transfer should already be somewhat rate

Re: [Freeipa-devel] DNS zone serial number updates [#2554]: local SOA approach

2012-05-07 Thread Petr Spacek
Hello, on the last meeting there was another approach to $SUBJ$ discussed: Each DNS server will maintain its own serial number value independently from other servers. Pros: Should be simpler to implement; no DS plugin required. Cons: Slave DNS servers cannot fall-back to other masters,

Re: [Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-09 Thread Petr Spacek
On 05/09/2012 01:24 PM, Adam Tkac wrote: On 05/03/2012 03:46 PM, Petr Spacek wrote: On 05/03/2012 11:25 AM, Petr Spacek wrote: Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary to prevent (potential) LDAP injection attacks in future. Code isn't very nice, because

Re: [Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-09 Thread Petr Spacek
On 05/09/2012 02:17 PM, Adam Tkac wrote: On 05/09/2012 02:11 PM, Petr Spacek wrote: On 05/09/2012 01:24 PM, Adam Tkac wrote: On 05/03/2012 03:46 PM, Petr Spacek wrote: On 05/03/2012 11:25 AM, Petr Spacek wrote: Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary

Re: [Freeipa-devel] [PATCH 0020] Separate LDAP result from LDAP connection, fix deadlock.

2012-05-14 Thread Petr Spacek
On 05/11/2012 12:26 PM, Adam Tkac wrote: On Mon, May 07, 2012 at 02:49:07PM +0200, Petr Spacek wrote: Hello, this patch fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/66: Plugin deadlocks during new zone load when connections == 1. It fixes structural problem, when LDAP query result

[Freeipa-devel] routing requests to local servers - DNS SRV [discussion needed]

2012-05-24 Thread Petr Spacek
Hello, some time ago there was a request for DNS to support routing requests to local servers. Any opinions if/when do it and proposals how to do it are more than welcome. My best knowledge about this problem follows: This request actually means differentiate answer to DNS query on client's

Re: [Freeipa-devel] routing requests to local servers - DNS SRV [discussion needed]

2012-05-25 Thread Petr Spacek
On 05/24/2012 08:00 PM, Dmitri Pal wrote: On 05/24/2012 01:07 PM, Petr Spacek wrote: Hello, some time ago there was a request for DNS to support routing requests to local servers. Any opinions if/when do it and proposals how to do it are more than welcome. My best knowledge about this problem

Re: [Freeipa-devel] routing requests to local servers - DNS SRV [discussion needed]

2012-05-29 Thread Petr Spacek
for environments with NAT in place - as Amazon EC2.) Discussion about major changes should be read as design for far future. On 05/25/2012 04:10 PM, Simo Sorce wrote: On Thu, 2012-05-24 at 19:07 +0200, Petr Spacek wrote: Hello, some time ago there was a request for DNS to support routing requests to local

Re: [Freeipa-devel] full BIND view support [was: routing requests to local servers - DNS SRV]

2012-05-31 Thread Petr Spacek
Hello, I found RFE for this feature: https://bugzilla.redhat.com/show_bug.cgi?id=815621 It was filled against IPA component in BZ so I didn't find it up to now. On 05/29/2012 05:36 PM, Simo Sorce wrote: On Tue, 2012-05-29 at 17:16 +0200, Petr Spacek wrote: Discussion about major changes

[Freeipa-devel] [PATCH 0022] fix crash during zone unload when NS is not resolvable

2012-06-07 Thread Petr Spacek
) will be in separate patch. Petr^2 Spacek From 970984bc84556ac1355de9f67eb4de20c823f4ce Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Thu, 7 Jun 2012 15:27:27 +0200 Subject: [PATCH] Fix crash during zone unload when NS is not resolvable. https://fedorahosted.org/bind-dyndb-ldap/ticket/77

Re: [Freeipa-devel] [PATCH] 262-265 Enable psearch by default

2012-06-07 Thread Petr Spacek
On 06/05/2012 09:32 AM, Martin Kosek wrote: Thanks for digging out the traceback, I already reported this error to bind-dyndb-ldap: https://bugzilla.redhat.com/show_bug.cgi?id=827401 Petr, what's the status of this bug? I guess we cannot push this set of patches to enable the psearch by default

[Freeipa-devel] [PATCH 0023] SOA serial number auto incrementation

2012-06-27 Thread Petr Spacek
c14eedd35682185702f58c3f6eaabb0237f38b15 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 27 Jun 2012 10:36:26 +0200 Subject: [PATCH] SOA autoincrement feature Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_helper.c | 72

[Freeipa-devel] [PATCH 0024] Add debug message to ldap_cache_addrdatalist()

2012-07-10 Thread Petr Spacek
Hello, this patch adds an debug message to ldap_cache_addrdatalist(). It is very useful for persistent search debugging. Petr^2 Spacek From 29a95bb7480802bfd9f10ccdffca6158eedf4581 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Thu, 28 Jun 2012 13:52:38 +0200 Subject

[Freeipa-devel] [PATCH] 0025-0028 Implement SOA serial number increments for external changes

2012-07-10 Thread Petr Spacek
(and testable) part of functionality. Petr^2 Spacek From 0ed1d3dd4910e1c94617b0209420b1c6598de68e Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 27 Jun 2012 10:36:26 +0200 Subject: [PATCH] Increment SOA serial for each ordinary record received through psearch Signed-off

[Freeipa-devel] [PATCH 0029] Add documention for serial_autoincrement feature

2012-07-11 Thread Petr Spacek
Hello, this patch adds documention for serial_autoincrement feature to README. Petr^2 Spacek From 6abf6d54ca1b61e699118813aa24808edbcede0c Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 11 Jul 2012 15:04:50 +0200 Subject: [PATCH] Add documention

[Freeipa-devel] [PATCH 0030] Prevent doubled LDAP queries during nonexistent DNS name lookup

2012-07-11 Thread Petr Spacek
965a2f9443fcec2b4e32acf726aaa5a6de5b91c3 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 11 Jul 2012 12:10:16 +0200 Subject: [PATCH] Prevent doubled LDAP queries during nonexistent DNS name lookups. This problem was introduced in commit cd33194c5a61e98cba53212458cce02b849077ba (CVE-2012-2134 fix

Re: [Freeipa-devel] [PATCH 0020] Separate LDAP result from LDAP connection, fix deadlock.

2012-07-12 Thread Petr Spacek
On 05/15/2012 02:32 PM, Adam Tkac wrote: On Mon, May 14, 2012 at 04:44:42PM +0200, Petr Spacek wrote: On 05/11/2012 12:26 PM, Adam Tkac wrote: On Mon, May 07, 2012 at 02:49:07PM +0200, Petr Spacek wrote: Hello, this patch fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/66: Plugin

[Freeipa-devel] [PATCH 0031] Prevent crashes in ldap_pool_*() function family

2012-07-12 Thread Petr Spacek
connection has to be established properly and some other connection has to fail. It is not enough to timeout at first connection/try, that case was handled properly. Petr^2 Spacek From 7ef5c14ffa69cc4d60a76c9db63b8e3ce065d27b Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Thu, 12 Jul

Re: [Freeipa-devel] [PATCH 0024] Add debug message to ldap_cache_addrdatalist()

2012-07-13 Thread Petr Spacek
On 07/13/2012 01:17 PM, Adam Tkac wrote: On Tue, Jul 10, 2012 at 03:15:03PM +0200, Petr Spacek wrote: Hello, this patch adds an debug message to ldap_cache_addrdatalist(). It is very useful for persistent search debugging. Hi, although idea of the patch is fine, I don't think

Re: [Freeipa-devel] [PATCH] 0025-0028 Implement SOA serial number increments for external changes

2012-07-13 Thread Petr Spacek
On 07/13/2012 03:42 PM, Adam Tkac wrote: On Tue, Jul 10, 2012 at 03:57:24PM +0200, Petr Spacek wrote: Hello, these patches provides SOA serial auto-increment feature for external changes. Related ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/67 It is necessary to set psearch

Re: [Freeipa-devel] [PATCH 0030] Prevent doubled LDAP queries during nonexistent DNS name lookup

2012-07-13 Thread Petr Spacek
On 07/13/2012 03:47 PM, Adam Tkac wrote: On Wed, Jul 11, 2012 at 03:54:07PM +0200, Petr Spacek wrote: Hello, this patch fixes bug introduced by CVE-2012-2134 fix (commit cd33194c5a61e98cba53212458cce02b849077ba). From cd33194c5a61e98cba53212458cce02b849077ba up to now each query

Re: [Freeipa-devel] [PATCH 0031] Prevent crashes in ldap_pool_*() function family

2012-07-13 Thread Petr Spacek
On 07/13/2012 03:48 PM, Adam Tkac wrote: On Thu, Jul 12, 2012 at 05:18:35PM +0200, Petr Spacek wrote: Hello, this patch fixes occasional crashes caused by incorrect error handling in ldap_pool_*() functions. https://fedorahosted.org/bind-dyndb-ldap/ticket/84 It can be caused by memory

[Freeipa-devel] [PATCH 0032-0035]

2012-07-18 Thread Petr Spacek
Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 18 Jul 2012 13:01:28 +0200 Subject: [PATCH] Add support for modify DN operation to persistent search. Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_helper.c | 108

Re: [Freeipa-devel] [PATCH 0032-0035] Add support for MODDN operation to persistent search implementation

2012-07-18 Thread Petr Spacek
Sorry for the missing subject! Petr^2 Spacek On 07/18/2012 01:32 PM, Petr Spacek wrote: adds support for MODDN operation to persistent search implementation ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman

[Freeipa-devel] [PATCH 0036] Raise connection count automatically if serial_autoincrement is enabled

2012-07-18 Thread Petr Spacek
://fedorahosted.org/bind-dyndb-ldap/ticket/68 . Petr^2 Spacek From b41d06248a199e618fd963f32cf16d2c8384276f Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 18 Jul 2012 13:39:12 +0200 Subject: [PATCH] Raise connection count automatically if serial_autoincrement is enabled. Signed

[Freeipa-devel] [PATCH 0037] Add missing return value check to new_ldap_instance()

2012-07-18 Thread Petr Spacek
Hello, this patch adds missing return value check to new_ldap_instance(). https://fedorahosted.org/bind-dyndb-ldap/ticket/85 Bug was reported by Coverity. Petr^2 Spacek From 85574b9ffe4757b93b6eb9b99ceb1172a5c37002 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 18

Re: [Freeipa-devel] [PATCH] 0070 Fix updating minimum_connections in ipa-upgradeconfig

2012-07-19 Thread Petr Spacek
for https://fedorahosted.org/freeipa/ticket/2554 Your changes look good but I found perhaps another bug. I think Petr Spacek may need to chime in on this part. If you start out with serial_autoincrement yes and psearch undefined and connections undefined the result is: connections 2

Re: [Freeipa-devel] [PATCH 0032-0035] Add support for MODDN operation to persistent search implementation

2012-07-19 Thread Petr Spacek
Hello, I have to explain my motivation behind INSIST a bit. Please see comments below. On 07/19/2012 01:43 PM, Adam Tkac wrote: On Wed, Jul 18, 2012 at 01:32:10PM +0200, Petr Spacek wrote: + CHECK(ldap_query(inst, conn, ldap_qresult_zone, pevent-dn, +LDAP_SCOPE_BASE

Re: [Freeipa-devel] [PATCH 0037] Add missing return value check to new_ldap_instance()

2012-07-19 Thread Petr Spacek
On 07/19/2012 01:46 PM, Adam Tkac wrote: On Wed, Jul 18, 2012 at 02:35:20PM +0200, Petr Spacek wrote: Hello, this patch adds missing return value check to new_ldap_instance(). https://fedorahosted.org/bind-dyndb-ldap/ticket/85 Bug was reported by Coverity. Ack. Pushed to master: ​ http

Re: [Freeipa-devel] [PATCH 0036] Raise connection count automatically if serial_autoincrement is enabled

2012-07-19 Thread Petr Spacek
On 07/19/2012 01:45 PM, Adam Tkac wrote: On Wed, Jul 18, 2012 at 01:46:18PM +0200, Petr Spacek wrote: Hello, this patch reflects new demand from serial_autoincrement feature. Generally, change in configuration file should by IPA install/upgrade scripts. This patch prevents deadlock

[Freeipa-devel] [PATCH 0038] Fix two memory leaks in ldap_query()

2012-07-20 Thread Petr Spacek
=a7cd8ae747b3a81a02ab9e5dbefe1c595aa24ff6 Please double-check this approach. Thanks. Petr^2 Spacek From c8718b98641e7537b2350a625b03b0b7fec6f206 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Fri, 20 Jul 2012 14:18:41 +0200 Subject: [PATCH] Fix two memory leaks in ldap_query

Re: [Freeipa-devel] [PATCH 0038] Fix two memory leaks in ldap_query()

2012-07-23 Thread Petr Spacek
On 07/23/2012 12:03 PM, Adam Tkac wrote: On Fri, Jul 20, 2012 at 02:28:09PM +0200, Petr Spacek wrote: Hello, this patch fixes two memory leaks in ldap_query(). Both memory leaks occurs after non-success queries. It effectively re-implements fix for ldap_query can incorrectly return

[Freeipa-devel] [PATCH 0040] Handle incomplete/invalid zone unload in same way as BIND's ns_server_del_zone()

2012-07-25 Thread Petr Spacek
Hello, this patch prevents potential failure during invalid zone unload. Error handling was changed to the same way as in bind/bin/named/server.c ns_server_del_zone(). Petr^2 Spacek From 02e232632a8a04fcd17f1089553961c18c0b175a Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com

[Freeipa-devel] [PATCH 0041] Cleanup in logging code

2012-07-25 Thread Petr Spacek
Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Thu, 19 Jul 2012 14:13:12 +0200 Subject: [PATCH] Cleanup in logging code. Signed-off-by: Petr Spacek pspa...@redhat.com --- src/log.c | 22 ++ src/log.h | 19 --- 2 files changed, 18 insertions

Re: [Freeipa-devel] [PATCH 0040] Handle incomplete/invalid zone unload in same way as BIND's ns_server_del_zone()

2012-07-25 Thread Petr Spacek
On 07/25/2012 03:10 PM, Adam Tkac wrote: On Wed, Jul 25, 2012 at 10:18:01AM +0200, Petr Spacek wrote: Hello, this patch prevents potential failure during invalid zone unload. Error handling was changed to the same way as in bind/bin/named/server.c ns_server_del_zone(). Ack. Pushed

Re: [Freeipa-devel] [PATCH 0041] Cleanup in logging code

2012-07-26 Thread Petr Spacek
On 07/26/2012 10:06 AM, Adam Tkac wrote: On Wed, Jul 25, 2012 at 03:31:34PM +0200, Petr Spacek wrote: Hello, this patch clears logging code a bit. Adding functions like log_info() and similar will be trivial from now. It will be necessary for ticket #71: Log successful reconnect https

[Freeipa-devel] [PATCH 0042] Flush zones and RRs cache when handling persistent search reconnection

2012-07-27 Thread Petr Spacek
Hello, this patch implements Flush zones and RRs cache when handling persistent search reconnection behaviour as requested in ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/44 . Petr^2 Spacek From 06f38006e841a210d60ae93bb5c9027e40073d84 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa

[Freeipa-devel] [PATCH 0042] Flush zones and RRs cache when handling persistent search reconnection

2012-07-27 Thread Petr Spacek
Hello, this patch implements Flush zones and RRs cache when handling persistent search reconnection behaviour as requested in ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/44 . Petr^2 Spacek From 06f38006e841a210d60ae93bb5c9027e40073d84 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa

[Freeipa-devel] [PATCH 0043] Extend API to be compatible with libdns interface = 90

2012-07-27 Thread Petr Spacek
9481fc6f6032f236d7e5e48f651906b25fd49b61 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Fri, 27 Jul 2012 14:18:15 +0200 Subject: [PATCH] Extend API to be compatible with libdns interface = 90. Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_driver.c | 6 +- 1 file changed, 5

[Freeipa-devel] [PATCH 0045] Fix zone transfers with non-FQDNs

2012-07-30 Thread Petr Spacek
2001 From: Petr Spacek pspa...@redhat.com Date: Mon, 30 Jul 2012 19:39:14 +0200 Subject: [PATCH] Fix zone transfers with non-FQDNs. https://fedorahosted.org/bind-dyndb-ldap/ticket/47 Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_driver.c | 2 +- 1 file changed, 1 insertion(+), 1

Re: [Freeipa-devel] slow response

2012-07-31 Thread Petr Spacek
On 07/31/2012 12:27 AM, John Dennis wrote: What is taking so long with session bookkeeping? I don't know yet. I would need more timing instrumentation. I will say when I looked at the python-krb5 code (which we use to populate the ccache from the session and read back to store in the session)

[Freeipa-devel] [PATCH 0046] Separate RR data parsing from LDAP connections

2012-08-01 Thread Petr Spacek
4ba44be9e9bb7ef5abc9e077d6620de496ae7c0d Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 31 Jul 2012 14:33:53 +0200 Subject: [PATCH] Separate RR data parsing from LDAP connections. Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_helper.c | 76

Re: [Freeipa-devel] [PATCH 0042] Flush zones and RRs cache when handling persistent search reconnection

2012-08-10 Thread Petr Spacek
On 07/27/2012 12:15 PM, Petr Spacek wrote: Hello, this patch implements Flush zones and RRs cache when handling persistent search reconnection behaviour as requested in ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/44 . Petr^2 Spacek Self-NACK :-) This second version has cache

[Freeipa-devel] [PATCH 0049] Fix two memory leaks in persistent search

2012-08-14 Thread Petr Spacek
Hello, This patch fixes two memory leaks in persistent search. Petr^2 Spacek From 892f1d5c59a97cdad7a2807ecd172488605ab181 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 14 Aug 2012 12:38:43 +0200 Subject: [PATCH] Fix two memory leaks in persistent search. Signed-off

[Freeipa-devel] [PATCH 0050] Fix memory leak in configuration with multiple LDAP instances

2012-08-14 Thread Petr Spacek
e314eb7da7bfbbb2ae9d4ce1252d886c9a744e7f Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 14 Aug 2012 15:53:42 +0200 Subject: [PATCH] Fix memory leak in configuration with multiple LDAP instances. Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_driver.c | 6 -- 1 file changed, 4

Re: [Freeipa-devel] [PATCH 0042] Flush zones and RRs cache when handling persistent search reconnection

2012-08-15 Thread Petr Spacek
On 08/14/2012 08:25 PM, Simo Sorce wrote: On 08/12/2012 11:59 AM, Simo Sorce wrote: On 07/27/2012 12:15 PM, Petr Spacek wrote: Hello, this patch implements Flush zones and RRs cache when handling persistent search reconnection behaviour as requested in ticket https://fedorahosted.org/bind

[Freeipa-devel] [PATCH 0051-0052] Log successful reconnection to LDAP server

2012-08-15 Thread Petr Spacek
was modified: Errors are handled exclusively by handle_connection_error() now. Direct calls to ldap_connect() and ldap_reconnect() should be avoided. -- Petr^2 Spacek From 15286f0793d3666845e6b03b565d49f135b115ff Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 15 Aug 2012

[Freeipa-devel] [PATCH 0053] Use richer set of return codes for LDAP connection error handling code

2012-08-15 Thread Petr Spacek
15d6b38c9eda5b05d799c145ede8341f359e8633 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Wed, 15 Aug 2012 13:01:48 +0200 Subject: [PATCH] Use richer set of return codes for LDAP connection error handling code. It should lead to clear log messages. Signed-off-by: Petr Spacek pspa

Re: [Freeipa-devel] [PATCH 0043] Extend API to be compatible with libdns interface = 90

2012-08-15 Thread Petr Spacek
On 08/15/2012 03:11 PM, Adam Tkac wrote: On Fri, Jul 27, 2012 at 02:23:49PM +0200, Petr Spacek wrote: Hello, this patch prevents compiler warning on systems with libdns interface version = 90. This libdns version comes with BIND 9.0.0. Both new methods are not obligatory, see in bind/lib/dns

Re: [Freeipa-devel] [PATCH 0042] Flush zones and RRs cache when handling persistent search reconnection

2012-08-15 Thread Petr Spacek
On 08/15/2012 03:11 PM, Adam Tkac wrote: On Fri, Jul 27, 2012 at 12:16:07PM +0200, Petr Spacek wrote: Hello, this patch implements Flush zones and RRs cache when handling persistent search reconnection behaviour as requested in ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/44 . Petr

Re: [Freeipa-devel] [PATCH 0046] Separate RR data parsing from LDAP connections

2012-08-15 Thread Petr Spacek
On 08/15/2012 03:31 PM, Adam Tkac wrote: On Wed, Aug 01, 2012 at 04:19:11PM +0200, Petr Spacek wrote: Hello, this patch finishes LDAP connection vs. LDAP result separation. It is first step necessary for: https://fedorahosted.org/bind-dyndb-ldap/ticket/68 Avoid manual connection management

Re: [Freeipa-devel] [PATCH 0046] Separate RR data parsing from LDAP connections

2012-08-16 Thread Petr Spacek
On 08/16/2012 11:01 AM, Adam Tkac wrote: On Wed, Aug 15, 2012 at 04:04:26PM +0200, Petr Spacek wrote: On 08/15/2012 03:31 PM, Adam Tkac wrote: On Wed, Aug 01, 2012 at 04:19:11PM +0200, Petr Spacek wrote: Hello, this patch finishes LDAP connection vs. LDAP result separation. It is first step

Re: [Freeipa-devel] [PATCH 0047] Avoid manual connection management outside ldap_query()

2012-08-28 Thread Petr Spacek
On 08/22/2012 03:35 PM, Adam Tkac wrote: On Mon, Aug 13, 2012 at 03:15:52PM +0200, Petr Spacek wrote: Hello, this patch improves connection management in bind-dyndb-ldap and closes https://fedorahosted.org/bind-dyndb-ldap/ticket/68 . It should prevent all deadlocks on connection pool

Re: [Freeipa-devel] [PATCH 0047] Avoid manual connection management outside ldap_query()

2012-08-28 Thread Petr Spacek
On 08/28/2012 09:57 AM, Adam Tkac wrote: On Tue, Aug 28, 2012 at 08:51:31AM +0200, Petr Spacek wrote: On 08/22/2012 03:35 PM, Adam Tkac wrote: On Mon, Aug 13, 2012 at 03:15:52PM +0200, Petr Spacek wrote: Hello, this patch improves connection management in bind-dyndb-ldap and closes https

Re: [Freeipa-devel] [PATCH 0049] Fix two memory leaks in persistent search

2012-08-28 Thread Petr Spacek
On 08/22/2012 03:43 PM, Adam Tkac wrote: On Tue, Aug 14, 2012 at 02:32:55PM +0200, Petr Spacek wrote: Hello, This patch fixes two memory leaks in persistent search. Ack. From 892f1d5c59a97cdad7a2807ecd172488605ab181 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue

Re: [Freeipa-devel] Reevaluation of confirmation of actions in Web UI.

2012-09-03 Thread Petr Spacek
On 08/31/2012 05:00 PM, Petr Vobornik wrote: Hi Endi, I opened https://fedorahosted.org/freeipa/ticket/3035 can you please comment? If everything seems good, I will try to implement some stuff to RC1 (next week). Thanks Hello, I'm not Endi, but I will add my bit: Usually I'm very frustrated

Re: [Freeipa-devel] [PATCH 0050] Fix memory leak in configuration with multiple LDAP instances

2012-09-05 Thread Petr Spacek
On 09/05/2012 01:02 PM, Adam Tkac wrote: On Tue, Aug 14, 2012 at 04:00:21PM +0200, Petr Spacek wrote: Hello, this patch fixes $SUBJ$. Adam, please double-check correctness of this change. I had two assumptions: - all locking is done inside dns_db_(un)register() functions - LDAP instances

  1   2   3   4   5   6   7   8   9   10   >