Re: [Freeipa-devel] Time-Based Account Policies

2015-08-03 Thread Stanislav Laznicka
On 08/03/2015 11:45 AM, Alexander Bokovoy wrote: On Mon, 03 Aug 2015, Stanislav Laznicka wrote: Hi, I have made some changes to the structure of the HBAC time rules extension, namely the code that validates the time rules' strings was moved from the ipalib/parameters to the hbacrule module

[Freeipa-devel] [PATCH 0001] ipa-client-install: warn if IP address is used with --server option

2015-08-11 Thread Stanislav Laznicka
Hi, Attached is the patch that adds warning when an IP is passed to --server in ipa-client-install (https://fedorahosted.org/freeipa/ticket/4932). Standa From 478eb97dd379054e81f01a46fd1641c55628a4a7 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka slazn...@redhat.com Date: Tue, 11 Aug 2015

Re: [Freeipa-devel] Time-Based Account Policies

2015-08-06 Thread Stanislav Laznicka
On 08/03/2015 04:30 PM, Alexander Bokovoy wrote: On Mon, 03 Aug 2015, Stanislav Laznicka wrote: dragons may appear, although with a tiny tiny possibility of a golden treasure in the end. Yes, I think intervals are required. Alright. I gave it a little thought considering the current state

Re: [Freeipa-devel] Time-Based Account Policies

2015-07-13 Thread Stanislav Laznicka
On 07/10/2015 04:17 PM, Martin Basti wrote: On 10/07/15 12:08, Stanislav Laznicka wrote: Hi, Long time no post from me, time to make it up to you. I have been working on the the implementation of the design of time policies for HBAC rules on FreeIPA and SSSD sides. Attached is the current

Re: [Freeipa-devel] [Update]Time-Based Account Policies

2015-11-11 Thread Stanislav Laznicka
On 11/05/2015 06:17 PM, Petr Spacek wrote: On 4.11.2015 15:20, Martin Basti wrote: Hello, we (Standa and I) had offline discussion and I proposed following idea: 1) create new entry in LDAP for "time rule" instead of adding the time rule string directly into HBACRule. This will allow to

[Freeipa-devel] [Update]Time-Based Account Policies

2015-11-04 Thread Stanislav Laznicka
Hi, The fixed patches to Martin^2's and Jakub's reviews are almost ready, there are just a few things left. Martin B. mentioned in his review that '~' might not be the best delimiter for range values in the HBAC time policies language as it is not commonly used for that purpose. I started

[Freeipa-devel] [PATCHES 0002-0008] [RFE] Implement iCal based time managment in HBAC

2015-10-07 Thread Stanislav Laznicka
Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Tue, 7 Jul 2015 09:47:39 +0200 Subject: [PATCH 3/8] Added methods for setting time-based policies. Methods for time-based policies in HBAC rules. https://fedorahosted.org/freeipa/ticket/547 --- ACI.txt

[Freeipa-devel] [PATCH 0009] WebUI: Disappearing automember rule expressions

2015-10-09 Thread Stanislav Laznicka
Hi, please see the patch attached. Standa L. From 8bb771ad0f2f015ea1ebbdf7291ed5c7ae2a0a9b Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 9 Oct 2015 13:32:33 +0200 Subject: [PATCH] Fixes disappearing automember expressions https://fedorahosted.org/f

Re: [Freeipa-devel] Time-Based Account Policies

2015-07-10 Thread Stanislav Laznicka
On 07/10/2015 01:10 PM, Petr Vobornik wrote: On 07/10/2015 12:43 PM, Alexander Bokovoy wrote: On Fri, 10 Jul 2015, Stanislav Laznicka wrote: Hi, Long time no post from me, time to make it up to you. Welcome back! I have been working on the the implementation of the design of time policies

Re: [Freeipa-devel] Time-Based Account Policies

2015-07-10 Thread Stanislav Laznicka
On 07/10/2015 01:12 PM, Matúš Honěk wrote: On 07/10/2015 12:43 PM, Alexander Bokovoy wrote: On Fri, 10 Jul 2015, Stanislav Laznicka wrote: Hi, Long time no post from me, time to make it up to you. Welcome back! I have been working on the the implementation of the design of time policies

[Freeipa-devel] [PATCH 0011-0012][RFE] ipa-replica-manage: automatically clean dangling RUVs

2015-12-18 Thread Stanislav Laznicka
is offline and is prompted to confirm the cleaning so the possible wait should not be a problem I believe. Standa L. From 8e5aff9aa4b121fa5c623aceee5c9bf055111d42 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 18 Dec 2015 10:30:44 +0100 Subject: [PATCH 1/2] L

[Freeipa-devel] [PATCH] Removed duplicate domain name validation function

2015-11-25 Thread Stanislav Laznicka
There were two functions for the same purpose. Removed one. From 15c192fdee0390ca8b6aa923691d66b1081ffae4 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Wed, 25 Nov 2015 16:38:00 +0100 Subject: [PATCH] Removed duplicate domain name validating function --

Re: [Freeipa-devel] [PATCH] Removed duplicate domain name validation function

2015-11-27 Thread Stanislav Laznicka
Please, see the modified patch attached. Standa On 11/27/2015 03:48 PM, Martin Basti wrote: On 27.11.2015 15:33, Petr Spacek wrote: On 27.11.2015 15:32, Martin Basti wrote: On 25.11.2015 17:18, Stanislav Laznicka wrote: There were two functions for the same purpose. Removed one. Hello

Re: [Freeipa-devel] [PATCH] Removed duplicate domain name validation function

2015-12-01 Thread Stanislav Laznicka
Sending the patch with renamed function. Standa On 12/01/2015 09:57 AM, Jan Cholasta wrote: On 1.12.2015 09:37, Petr Spacek wrote: On 30.11.2015 20:00, Martin Basti wrote: On 27.11.2015 16:06, Stanislav Laznicka wrote: Please, see the modified patch attached. Standa On 11/27/2015 03:48

Re: [Freeipa-devel] [PATCH 0041] Increase nsslapd-db-locks

2016-06-09 Thread Stanislav Laznicka
On 06/07/2016 08:56 AM, thierry bordaz wrote: On 06/06/2016 07:23 PM, Martin Basti wrote: On 03.06.2016 13:38, Stanislav Laznicka wrote: Hello, The attached patch implements solution to https://fedorahosted.org/freeipa/ticket/5914. The patch is rather hacky as nsslapd-db-locks requires

[Freeipa-devel] [PATCH 0046] Don't fail in find/show methods if userCertificate is invalid

2016-06-09 Thread Stanislav Laznicka
Hello, Please see the attached patch of https://fedorahosted.org/freeipa/ticket/5797. Standa From 5f59311092d7f2205287d8c2945325d1017c866a Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 9 Jun 2016 13:13:24 +0200 Subject: [PATCH] host/service-sho

Re: [Freeipa-devel] [PATCH] 0006 add context to exception on LdapEntry decode error

2016-06-09 Thread Stanislav Laznicka
On 06/09/2016 11:58 AM, Florence Blanc-Renaud wrote: On 06/08/2016 01:14 PM, Stanislav Laznicka wrote: On 06/08/2016 01:13 PM, Stanislav Laznicka wrote: On 06/07/2016 05:11 PM, Florence Blanc-Renaud wrote: On 06/07/2016 04:08 PM, Stanislav Laznicka wrote: On 06/06/2016 02:47 PM, Florence

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

2016-06-08 Thread Stanislav Laznicka
On 06/08/2016 02:09 PM, Petr Vobornik wrote: On 06/08/2016 10:07 AM, Petr Spacek wrote: On 7.6.2016 15:11, Stanislav Laznicka wrote: Hello, Thank you for your patch. As the thin-client patches were pushed in the meantime, the patch won't apply. Could you please send a rebased version? Also

[Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

2016-06-07 Thread Stanislav Laznicka
https://fedorahosted.org/freeipa/ticket/5775 From 8ba87072d8e998ccb8743390eb541e74f6b1aa96 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Tue, 7 Jun 2016 10:08:45 +0200 Subject: [PATCH] Uninstaller won't fail if service can't be started https://fedorahost

Re: [Freeipa-devel] [PATCH] 0006 add context to exception on LdapEntry decode error

2016-06-08 Thread Stanislav Laznicka
On 06/08/2016 01:13 PM, Stanislav Laznicka wrote: On 06/07/2016 05:11 PM, Florence Blanc-Renaud wrote: On 06/07/2016 04:08 PM, Stanislav Laznicka wrote: On 06/06/2016 02:47 PM, Florence Blanc-Renaud wrote: Hi, please find attached the patch for Ticket 5434 add context to exception

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

2016-06-08 Thread Stanislav Laznicka
On 06/07/2016 10:42 AM, Martin Basti wrote: On 07.06.2016 10:43, Jan Cholasta wrote: On 7.6.2016 10:22, Martin Basti wrote: On 07.06.2016 09:07, Jan Cholasta wrote: On 6.6.2016 18:29, Martin Basti wrote: On 03.06.2016 14:28, Stanislav Laznicka wrote: On 06/03/2016 02:19 PM, Martin

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

2016-06-07 Thread Stanislav Laznicka
Hello, Thank you for your patch. As the thin-client patches were pushed in the meantime, the patch won't apply. Could you please send a rebased version? Also, I have a few comments to the patch: 1) I think that the commit message should be rather a brief conclusion to the changes made in

Re: [Freeipa-devel] [PATCH 0046] Don't fail in find/show methods if userCertificate is invalid

2016-06-10 Thread Stanislav Laznicka
On 06/09/2016 04:32 PM, Rob Crittenden wrote: Fraser Tweedale wrote: On Thu, Jun 09, 2016 at 03:07:34PM +0200, Martin Basti wrote: On 09.06.2016 15:03, Martin Basti wrote: On 09.06.2016 15:02, Stanislav Laznicka wrote: On 06/09/2016 02:51 PM, Rob Crittenden wrote: Stanislav Laznicka wrote

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

2016-06-10 Thread Stanislav Laznicka
On 06/08/2016 02:06 PM, Florence Blanc-Renaud wrote: On 06/08/2016 10:07 AM, Petr Spacek wrote: On 7.6.2016 15:11, Stanislav Laznicka wrote: Hello, Thank you for your patch. As the thin-client patches were pushed in the meantime, the patch won't apply. Could you please send a rebased version

Re: [Freeipa-devel] [PATCH 0046] Don't fail in find/show methods if userCertificate is invalid

2016-06-09 Thread Stanislav Laznicka
On 06/09/2016 02:51 PM, Rob Crittenden wrote: Stanislav Laznicka wrote: Hello, Please see the attached patch of https://fedorahosted.org/freeipa/ticket/5797. Standa Just wondering out loud but should usercertificate be excluded from the output if it is unparsable? Is there any value

Re: [Freeipa-devel] [PATCH 0040] Always add hostname=IPAREALM to krb5.conf

2016-06-03 Thread Stanislav Laznicka
On 06/02/2016 08:11 PM, Martin Basti wrote: On 02.06.2016 16:02, Stanislav Laznicka wrote: Hello, In this patch I am adding the mapping = to krb5.conf as requested in https://fedorahosted.org/freeipa/ticket/5903. ACK I have just one question, where is install/share/krb5.conf.template

[Freeipa-devel] [PATCH 0041] Increase nsslapd-db-locks

2016-06-03 Thread Stanislav Laznicka
Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 3 Jun 2016 13:27:04 +0200 Subject: [PATCH] Increase nsslapd-db-locks to 10 https://fedorahosted.org/freeipa/ticket/5914 --- ipaserver/install/dsinstance.py | 15 ++- 1 file changed, 10 inse

[Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

2016-06-03 Thread Stanislav Laznicka
https://fedorahosted.org/freeipa/ticket/5892 From 350cfa89f34a6f9beddc85a195963966e1aa561d Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 3 Jun 2016 14:08:59 +0200 Subject: [PATCH] Removed dead code from LDAPRemoveReverseMember https://fedorahost

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

2016-06-03 Thread Stanislav Laznicka
On 06/03/2016 02:19 PM, Martin Basti wrote: On 03.06.2016 14:13, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5892 NACK please remove it from LDAPAddReverseMember too, it contains the same code Martin^2 Please see the modified patch. Standa From

Re: [Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

2016-06-14 Thread Stanislav Laznicka
On 06/13/2016 02:51 PM, Martin Babinsky wrote: On 06/07/2016 10:14 AM, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5775 Umm, wouldn't it be better to augment the `Service.start()/restart()` methods themselves with parameters that will suppress exception raising

Re: [Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

2016-06-14 Thread Stanislav Laznicka
On 06/14/2016 09:25 AM, Stanislav Laznicka wrote: On 06/13/2016 02:51 PM, Martin Babinsky wrote: On 06/07/2016 10:14 AM, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5775 Umm, wouldn't it be better to augment the `Service.start()/restart()` methods themselves

Re: [Freeipa-devel] [PATCH] 0003 batch command can be used to trigger internal errors on server

2016-06-14 Thread Stanislav Laznicka
On 06/13/2016 10:15 AM, Petr Vobornik wrote: On 06/10/2016 06:31 PM, Stanislav Laznicka wrote: On 06/08/2016 02:06 PM, Florence Blanc-Renaud wrote: On 06/08/2016 10:07 AM, Petr Spacek wrote: On 7.6.2016 15:11, Stanislav Laznicka wrote: Hello, Thank you for your patch. As the thin-client

Re: [Freeipa-devel] [PATCH 0036] Increased mod_wsgi socket-timeout

2016-05-31 Thread Stanislav Laznicka
On 05/30/2016 02:12 PM, Petr Spacek wrote: On 28.5.2016 15:59, Martin Basti wrote: On 27.05.2016 14:52, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5833 Is possible to remove timeout completely as it used to be before? Even if this timeout is exceeded, command

Re: [Freeipa-devel] [PATCH 0033] Fix CA being presented as running even if it weren't

2016-05-31 Thread Stanislav Laznicka
On 05/31/2016 10:22 AM, Stanislav Laznicka wrote: On 05/30/2016 12:54 PM, Jan Cholasta wrote: On 30.5.2016 12:36, Martin Basti wrote: On 26.05.2016 19:31, Stanislav Laznicka wrote: Self NACK. I should not post patches when tired, sorry. Minor fix is attached. On 05/26/2016 07:21 PM

Re: [Freeipa-devel] [PATCH 0033] Fix CA being presented as running even if it weren't

2016-05-31 Thread Stanislav Laznicka
On 05/30/2016 12:54 PM, Jan Cholasta wrote: On 30.5.2016 12:36, Martin Basti wrote: On 26.05.2016 19:31, Stanislav Laznicka wrote: Self NACK. I should not post patches when tired, sorry. Minor fix is attached. On 05/26/2016 07:21 PM, Stanislav Laznicka wrote: Hello, Please, see

[Freeipa-devel] [PATCH 0037] Added /etc/krb5.conf.d/ to krb5.conf

2016-05-27 Thread Stanislav Laznicka
https://fedorahosted.org/freeipa/ticket/5912 From 7a55f169181ab8647cd2d919f35c004b14d5bc7f Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 27 May 2016 16:12:31 +0200 Subject: [PATCH] Added krb5.conf.d/ to included dirs in krb5.conf The include of /et

[Freeipa-devel] [PATCH 0036] Increased mod_wsgi socket-timeout

2016-05-27 Thread Stanislav Laznicka
https://fedorahosted.org/freeipa/ticket/5833 From e69514ade7bae97bb2bb0e541c080c727ff7056c Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 27 May 2016 14:44:30 +0200 Subject: [PATCH] Increased mod_wsgi socket-timeout Longer-running CLI commands sometime

[Freeipa-devel] [PATCH 0034] Added some attributes to the Modify Users permission

2016-05-27 Thread Stanislav Laznicka
https://fedorahosted.org/freeipa/ticket/5911 From f10e9b782bd92b86eb05ebd947d9799093a14091 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 27 May 2016 13:27:03 +0200 Subject: [PATCH] Added some attributes to Modify Users permission Added 'employee

[Freeipa-devel] [PATCH 35] Added pyusb dependency

2016-05-27 Thread Stanislav Laznicka
https://fedorahosted.org/freeipa/ticket/5886 From 38eda0f2a08b6bff65217d6c4517fffc1e1b0f86 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 27 May 2016 13:45:57 +0200 Subject: [PATCH] Added pyusb as a dependency https://fedorahosted.org/freeipa/ticke

Re: [Freeipa-devel] [PATCH 0033] Fix CA being presented as running even if it weren't

2016-05-26 Thread Stanislav Laznicka
Self NACK. I should not post patches when tired, sorry. Minor fix is attached. On 05/26/2016 07:21 PM, Stanislav Laznicka wrote: Hello, Please, see the attached patch. Fixes https://fedorahosted.org/freeipa/ticket/5898 Standa From b42146384771d95761cbeaab516f559ee87b66cc Mon Sep 17

[Freeipa-devel] [PATCH 0033] Fix CA being presented as running even if it weren't

2016-05-26 Thread Stanislav Laznicka
Hello, Please, see the attached patch. Fixes https://fedorahosted.org/freeipa/ticket/5898 Standa From ba7ecd6eed5cb2d70dbe684539d927c44e4c11b6 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 26 May 2016 15:24:15 +0200 Subject: [PATCH] Fixes CA always

[Freeipa-devel] [PATCH 0039] Deprecate --domain-level option from ipa-server-install

2016-06-02 Thread Stanislav Laznicka
0ee60e059d33d3f55fab2e41e2198853d9116f32 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 2 Jun 2016 14:08:32 +0200 Subject: [PATCH] Deprecated the domain-level option in ipa-server-install https://fedorahosted.org/freeipa/ticket/5907 --- ipaserver/install/server/install.py |

[Freeipa-devel] [PATCH 0040] Always add hostname=IPAREALM to krb5.conf

2016-06-02 Thread Stanislav Laznicka
Hello, In this patch I am adding the mapping = to krb5.conf as requested in https://fedorahosted.org/freeipa/ticket/5903. From a1547a654d60562d7cdad259a06a4072d51f5a4f Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 2 Jun 2016 15:40:03 +0200 Subject:

Re: [Freeipa-devel] [PATCH 0484] remove unused code from automount plugin

2016-05-26 Thread Stanislav Laznicka
On 05/25/2016 06:21 PM, Martin Basti wrote: On 25.05.2016 09:11, Stanislav Laznicka wrote: LGTM, could you please just add the ticket to the commit message? On 05/20/2016 04:28 PM, Martin Basti wrote: On 20.05.2016 15:03, Martin Basti wrote: The removed code is unused for long time

Re: [Freeipa-devel] [PATCH] 0001 Add missing CA options to the manpage for ipa-replica-install

2016-05-26 Thread Stanislav Laznicka
Hello, Thank you for your first patch! It seems fine to me so ACK. Standa On 05/20/2016 12:52 PM, Florence Blanc-Renaud wrote: Hi all, this one will be my first patch submission, so apologies in advance if I make mistakes... The man page for ipa-replica-install was missing some commands

[Freeipa-devel] [PATCH 0038] Reduced time for IO blocking of DS

2016-05-31 Thread Stanislav Laznicka
:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Tue, 31 May 2016 17:01:29 +0200 Subject: [PATCH] Decreased timeout for IO blocking for DS Should fix the DS from going unresponsive in some cases https://fedorahosted.org/freeipa/ticket/5383 --- install/updates/10-config.upda

Re: [Freeipa-devel] [PATCH 0033] Fix CA being presented as running even if it weren't

2016-05-31 Thread Stanislav Laznicka
On 05/31/2016 11:40 AM, Stanislav Laznicka wrote: On 05/31/2016 10:22 AM, Stanislav Laznicka wrote: On 05/30/2016 12:54 PM, Jan Cholasta wrote: On 30.5.2016 12:36, Martin Basti wrote: On 26.05.2016 19:31, Stanislav Laznicka wrote: Self NACK. I should not post patches when tired, sorry

[Freeipa-devel] [PATCH 0049] Fix host principal password required in ipa-ca-install

2016-06-22 Thread Stanislav Laznicka
rpcclient connection fail for some other reason and the control would fall back to SSH, this will still be broken and needs fixing. I will create a ticket for that. Standa From 66e49904f7901fbfebcbd1a8b9f397667e89c60b Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: W

Re: [Freeipa-devel] [PATCH 0048] Remove sys.exit() from installer modules

2016-06-17 Thread Stanislav Laznicka
On 06/17/2016 07:45 AM, Petr Spacek wrote: On 16.6.2016 17:33, Stanislav Laznicka wrote: Hello, This patch removes most sys.exits() from installer modules and scripts and replaces them with ScriptError. I only left sys.exits at places where the user decides yes/no on continuation of the script

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

2016-06-17 Thread Stanislav Laznicka
On 06/14/2016 04:40 PM, Jan Cholasta wrote: On 14.6.2016 16:35, Martin Basti wrote: On 14.06.2016 16:37, Jan Cholasta wrote: On 14.6.2016 16:29, Martin Basti wrote: On 08.06.2016 14:17, Stanislav Laznicka wrote: On 06/07/2016 10:42 AM, Martin Basti wrote: On 07.06.2016 10:43, Jan Cholasta

Re: [Freeipa-devel] [PATCH 0048] Remove sys.exit() from installer modules

2016-06-17 Thread Stanislav Laznicka
On 06/17/2016 08:48 AM, Petr Spacek wrote: On 17.6.2016 08:43, Stanislav Laznicka wrote: On 06/17/2016 07:45 AM, Petr Spacek wrote: On 16.6.2016 17:33, Stanislav Laznicka wrote: Hello, This patch removes most sys.exits() from installer modules and scripts and replaces them with ScriptError

Re: [Freeipa-devel] [PATCH 0048] Remove sys.exit() from installer modules

2016-06-17 Thread Stanislav Laznicka
On 06/17/2016 09:51 AM, Petr Vobornik wrote: On 17.6.2016 09:24, Stanislav Laznicka wrote: On 06/17/2016 08:48 AM, Petr Spacek wrote: On 17.6.2016 08:43, Stanislav Laznicka wrote: On 06/17/2016 07:45 AM, Petr Spacek wrote: On 16.6.2016 17:33, Stanislav Laznicka wrote: Hello, This patch

Re: [Freeipa-devel] [PATCH 0049] Fix host principal password required in ipa-ca-install

2016-06-23 Thread Stanislav Laznicka
On 06/23/2016 08:09 AM, Jan Cholasta wrote: On 22.6.2016 16:22, Stanislav Laznicka wrote: Hello, Please see the patch attached that fixes the issue from https://fedorahosted.org/freeipa/ticket/5965. The patch took me quite a while to create as I thought something was wrong with the SshExec

[Freeipa-devel] [PATCH 0050-0051] Topology fixes for CA suffix

2016-06-23 Thread Stanislav Laznicka
Hello, attached are patches fixing the logic mentioned in https://fedorahosted.org/freeipa/ticket/5967. From 7d833bf0018f4b3e85bae88cbe383568f6d9c3f4 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 23 Jun 2016 16:04:04 +0200 Subject: [PATCH 1/2]

Re: [Freeipa-devel] [PATCH 0047] Fix uninitialized variables in replicainstall

2016-06-21 Thread Stanislav Laznicka
On 06/16/2016 10:16 AM, Stanislav Laznicka wrote: Hello, There was a possible use of uninitialized variables in replicainstall. Discard the patch, Martin sent the same patch yesterday but Honza seems to have already taken care of it. -- Manage your subscription for the Freeipa-devel

[Freeipa-devel] [PATCH 0047] Fix uninitialized variables in replicainstall

2016-06-16 Thread Stanislav Laznicka
Hello, There was a possible use of uninitialized variables in replicainstall. From 1b26d42e00506b007e087c74cafc0327090aec40 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 16 Jun 2016 10:05:34 +0200 Subject: [PATCH] Fix unitialized variables in replicai

[Freeipa-devel] [PATCH 0048] Remove sys.exit() from installer modules

2016-06-16 Thread Stanislav Laznicka
: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 16 Jun 2016 17:12:24 +0200 Subject: [PATCH] Remove sys.exit from install modules and scripts sys.exit() calls sometimes make it hard to find bugs and mask code that does not always work properly. https://fedorahosted.org/freeipa/ticket/5750 --- i

Re: [Freeipa-devel] [PATCH 0050-0051] Topology fixes for CA suffix

2016-06-24 Thread Stanislav Laznicka
On 06/24/2016 11:52 AM, Martin Babinsky wrote: On 06/24/2016 11:30 AM, Petr Vobornik wrote: On 06/23/2016 05:30 PM, Stanislav Laznicka wrote: On 06/23/2016 04:38 PM, Petr Vobornik wrote: On 06/23/2016 04:20 PM, Stanislav Laznicka wrote: Hello, attached are patches fixing the logic mentioned

Re: [Freeipa-devel] [PATCH] 959 mod_auth_gssapi: enable unique credential caches names

2016-06-24 Thread Stanislav Laznicka
On 06/24/2016 03:11 PM, Martin Basti wrote: On 23.06.2016 17:46, Robbie Harwood wrote: Petr Vobornik writes: mod_auth_gssapi > 1.4.0 implements support for unique ccaches names. Excited to see this appear! Sessions are not in use so there's no need to worry about a

Re: [Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

2016-06-24 Thread Stanislav Laznicka
On 06/21/2016 04:39 PM, Martin Basti wrote: On 14.06.2016 17:26, Stanislav Laznicka wrote: -signerd_service.start() +try: +signerd_service.start() +except Exception as e: +root_logger.error("Unable to start '{svcname}':

Re: [Freeipa-devel] [PATCH 0043] Stop uninstaller from failing if a service can't be started

2016-06-24 Thread Stanislav Laznicka
On 06/24/2016 04:04 PM, Martin Basti wrote: On 24.06.2016 15:50, Stanislav Laznicka wrote: On 06/21/2016 04:39 PM, Martin Basti wrote: On 14.06.2016 17:26, Stanislav Laznicka wrote: -signerd_service.start() +try: +signerd_service.start

[Freeipa-devel] [PATCH 0052] Added missing nsSystemIndex attributes to .update file

2016-06-24 Thread Stanislav Laznicka
https://fedorahosted.org/freeipa/ticket/5947 From e177f6377a84691ba1cdb45ff39488d5d8f8f34d Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 24 Jun 2016 14:21:01 +0200 Subject: [PATCH] Add missing nsSystemIndex attributes https://fedorahosted.org/freeipa/

Re: [Freeipa-devel] [PATCH 0011-0012][RFE] ipa-replica-manage: automatically clean dangling RUVs

2016-01-15 Thread Stanislav Laznicka
On 01/14/2016 04:59 PM, Petr Vobornik wrote: On 01/14/2016 04:16 PM, Ludwig Krispenz wrote: On 01/14/2016 03:59 PM, Stanislav Laznicka wrote: On 01/14/2016 03:21 PM, Rob Crittenden wrote: Stanislav Laznicka wrote: Please see the rebased patches attached. On 01/13/2016 02:01 PM, Martin

Re: [Freeipa-devel] [PATCH 0011-0012][RFE] ipa-replica-manage: automatically clean dangling RUVs

2016-01-14 Thread Stanislav Laznicka
Please see the rebased patches attached. On 01/13/2016 02:01 PM, Martin Basti wrote: On 18.12.2015 12:46, Stanislav Laznicka wrote: Hi, Attached are the patches for auto-find and clean of dangling (cs)ruvs. Currently, the cleaning of an RUV waits for all replicas to be online, even

Re: [Freeipa-devel] [PATCH 0011-0012][RFE] ipa-replica-manage: automatically clean dangling RUVs

2016-01-14 Thread Stanislav Laznicka
On 01/14/2016 03:21 PM, Rob Crittenden wrote: Stanislav Laznicka wrote: Please see the rebased patches attached. On 01/13/2016 02:01 PM, Martin Basti wrote: On 18.12.2015 12:46, Stanislav Laznicka wrote: Hi, Attached are the patches for auto-find and clean of dangling (cs)ruvs. Currently

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

2016-06-28 Thread Stanislav Laznicka
On 06/17/2016 09:14 AM, Stanislav Laznicka wrote: On 06/14/2016 04:40 PM, Jan Cholasta wrote: On 14.6.2016 16:35, Martin Basti wrote: On 14.06.2016 16:37, Jan Cholasta wrote: On 14.6.2016 16:29, Martin Basti wrote: On 08.06.2016 14:17, Stanislav Laznicka wrote: On 06/07/2016 10:42 AM

Re: [Freeipa-devel] [PATCH 0048] Remove sys.exit() from installer modules

2016-06-17 Thread Stanislav Laznicka
On 06/17/2016 01:01 PM, Petr Vobornik wrote: On 17.6.2016 12:12, Stanislav Laznicka wrote: On 06/17/2016 09:51 AM, Petr Vobornik wrote: On 17.6.2016 09:24, Stanislav Laznicka wrote: On 06/17/2016 08:48 AM, Petr Spacek wrote: On 17.6.2016 08:43, Stanislav Laznicka wrote: On 06/17/2016 07:45

Re: [Freeipa-devel] [PATCH 0042] Removed dead code from LDAPRemoveReverseMember

2016-06-29 Thread Stanislav Laznicka
On 06/28/2016 10:34 AM, Stanislav Laznicka wrote: On 06/17/2016 09:14 AM, Stanislav Laznicka wrote: On 06/14/2016 04:40 PM, Jan Cholasta wrote: On 14.6.2016 16:35, Martin Basti wrote: On 14.06.2016 16:37, Jan Cholasta wrote: On 14.6.2016 16:29, Martin Basti wrote: On 08.06.2016 14:17

Re: [Freeipa-devel] [PATCH 0013-0021] Coverity patches

2016-01-29 Thread Stanislav Laznicka
Reworded the commits so that they better reflect what's going on in those. On 01/29/2016 02:49 PM, Stanislav Laznicka wrote: Hello, I made some patches based on the Coverity report from 18.1.2016. Cheers, Standa From 56bfba733321388190cf6df0ec0dfab5fff15996 Mon Sep 17 00:00:00 2001 From

[Freeipa-devel] [PATCH 0013-0021] Coverity patches

2016-01-29 Thread Stanislav Laznicka
Hello, I made some patches based on the Coverity report from 18.1.2016. Cheers, Standa From 89a945cb78b324757636dbcaddabc2616d57bde2 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 29 Jan 2016 08:57:06 +0100 Subject: [PATCH 1/9] Removing dead code Co

Re: [Freeipa-devel] [PATCH 0011-0012][RFE] ipa-replica-manage: automatically clean dangling RUVs

2016-01-28 Thread Stanislav Laznicka
On 01/26/2016 06:56 PM, Martin Basti wrote: On 25.01.2016 16:41, Stanislav Laznicka wrote: Hi, Worked those comments into the code. Also added a bit different info message in clean_ruv with ca=True (ipa-replica-manage:430). Also adding stepst to reproduce: 1. Create a master and some

Re: [Freeipa-devel] [PATCH 0022-23] Coverity patches

2016-02-23 Thread Stanislav Laznicka
Reworded the commit messages so that they mention Coverity. On 02/22/2016 07:18 AM, Jan Cholasta wrote: On 2.2.2016 13:36, Stanislav Laznicka wrote: On 02/01/2016 02:24 PM, Jan Cholasta wrote: On 1.2.2016 12:11, Petr Spacek wrote: On 1.2.2016 09:03, Jan Cholasta wrote: Hi, On 29.1.2016 15

Re: [Freeipa-devel] [PATCH 0011-0012][RFE] ipa-replica-manage: automatically clean dangling RUVs

2016-01-25 Thread Stanislav Laznicka
ean_list entry on line 570 10) optional, comment what keys means in info structure From a1421841c88ab233179f175f49000995b2db4acc Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 18 Dec 2015 10:30:44 +0100 Subject: [PATCH 1/2] Listing and cleani

Re: [Freeipa-devel] [PATCH 0022-23] Coverity patches

2016-02-02 Thread Stanislav Laznicka
On 02/01/2016 02:24 PM, Jan Cholasta wrote: On 1.2.2016 12:11, Petr Spacek wrote: On 1.2.2016 09:03, Jan Cholasta wrote: Hi, On 29.1.2016 15:49, Martin Basti wrote: On 29.01.2016 15:49, Stanislav Laznicka wrote: Reworded the commits so that they better reflect what's going on in those

[Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands

2016-03-11 Thread Stanislav Laznicka
with advised use of clean_dangling_ruv). Standa From 4617ed5cdec9b30a527539c6af7c9c9235d458d6 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 11 Mar 2016 10:15:02 +0100 Subject: [PATCH] ipa-replica-manage: added --suffix option Added --suffix option for list-ruv

Re: [Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands

2016-03-16 Thread Stanislav Laznicka
wrote: On 14.03.2016 12:05, Jan Cholasta wrote: Hi, On 11.3.2016 10:39, Stanislav Laznicka wrote: Hi, Please see the patch attached. Contrary to the discussion at https://fedorahosted.org/freeipa/ticket/4987 I also added the suffix option for clean_ruv command. If this command is available

Re: [Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands

2016-04-06 Thread Stanislav Laznicka
On 03/30/2016 04:52 PM, Martin Basti wrote: On 24.03.2016 19:10, Stanislav Laznicka wrote: On 03/23/2016 08:13 PM, Martin Basti wrote: [...] Can you please update design http://www.freeipa.org/page/V4/Manage_replication_topology_4_4 (mainly the --suffix option)? Also there are missing clean

Re: [Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands

2016-03-24 Thread Stanislav Laznicka
ot break anything, but it seemed rather useless). Also had to change the numbers of the patches so that they would apply. From 349a286574dd73a22e834b4bf0afb928c727e4a7 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 24 Mar 2016 15:59:31 +0100 Subject: [PATC

Re: [Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands

2016-03-19 Thread Stanislav Laznicka
On 03/16/2016 10:22 AM, Jan Cholasta wrote: On 16.3.2016 08:33, Stanislav Laznicka wrote: On 03/15/2016 12:47 PM, Petr Vobornik wrote: On 03/15/2016 07:25 AM, Jan Cholasta wrote: On 14.3.2016 17:18, Petr Vobornik wrote: On 03/14/2016 04:55 PM, Jan Cholasta wrote: On 14.3.2016 16:26, Petr

[Freeipa-devel] [WIP] Time-Based HBAC Policies

2016-03-04 Thread Stanislav Laznicka
da ** From 68ca0b4606f16a4906a991da32f689f840233231 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 19 Feb 2016 08:35:31 +0100 Subject: [PATCH 1/2] HBAC Access Time Rules: icalendar format validation https://fedorahosted.org/freeipa/ticket/547 --- API.txt| 31 +-

Re: [Freeipa-devel] [WIP] Time-Based HBAC Policies

2016-03-04 Thread Stanislav Laznicka
Based on Alexander's suggestion I created a copr repo with latest python-icalendar version. https://copr.fedorainfracloud.org/coprs/stlaz/python-icalendar/packages/ On 03/04/2016 02:53 PM, Stanislav Laznicka wrote: Hello, So in the previous month and a bit I was reworking the time-based

Re: [Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands

2016-03-30 Thread Stanislav Laznicka
On 03/24/2016 07:10 PM, Stanislav Laznicka wrote: On 03/23/2016 08:13 PM, Martin Basti wrote: [...] Can you please update design http://www.freeipa.org/page/V4/Manage_replication_topology_4_4 (mainly the --suffix option)? Also there are missing clean-ruv and list-ruv commands in design, and fix

Re: [Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands

2016-03-30 Thread Stanislav Laznicka
On 03/30/2016 09:54 AM, Petr Vobornik wrote: On 03/30/2016 09:37 AM, Stanislav Laznicka wrote: On 03/24/2016 07:10 PM, Stanislav Laznicka wrote: On 03/23/2016 08:13 PM, Martin Basti wrote: [...] Can you please update design http://www.freeipa.org/page/V4/Manage_replication_topology_4_4

Re: [Freeipa-devel] [WIP][PATCH] Time-Based HBAC Policies

2016-03-30 Thread Stanislav Laznicka
On 03/09/2016 05:24 PM, Martin Basti wrote: On 04.03.2016 14:53, Stanislav Laznicka wrote: Hello, So in the previous month and a bit I was reworking the time-based policies according to the changes we agreed on (http://pad.engineering.redhat.com/ipa-time-based-HBAC-design, line 83). Let me

Re: [Freeipa-devel] [PATCH 0441] Configure httpd service from installer

2016-04-22 Thread Stanislav Laznicka
On 04/22/2016 10:08 AM, Martin Basti wrote: On 21.04.2016 22:55, Timo Aaltonen wrote: 21.04.2016, 20:50, Martin Basti kirjoitti: On 21.04.2016 19:28, Stanislav Laznicka wrote: On 04/21/2016 11:19 AM, Martin Basti wrote: On 20.04.2016 17:27, Martin Basti wrote: On 24.03.2016 14:27

Re: [Freeipa-devel] [PATCH 0441] Configure httpd service from installer

2016-04-21 Thread Stanislav Laznicka
On 04/21/2016 11:19 AM, Martin Basti wrote: On 20.04.2016 17:27, Martin Basti wrote: On 24.03.2016 14:27, Martin Basti wrote: On 24.03.2016 13:55, Jan Cholasta wrote: On 18.3.2016 23:27, Timo Aaltonen wrote: On 17.03.2016 18:36, Martin Basti wrote:

Re: [Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands

2016-04-22 Thread Stanislav Laznicka
On 04/22/2016 01:13 PM, Martin Basti wrote: On 15.04.2016 14:30, Stanislav Laznicka wrote: On 04/13/2016 01:40 PM, Martin Basti wrote: On 06.04.2016 14:04, Stanislav Laznicka wrote: On 03/30/2016 04:52 PM, Martin Basti wrote: On 24.03.2016 19:10, Stanislav Laznicka wrote: On 03/23/2016

[Freeipa-devel] [PATCH 0030] fix clean-dangling-ruv in topologies with only one CA

2016-04-29 Thread Stanislav Laznicka
https://fedorahosted.org/freeipa/ticket/5840 Please review the attached patch. From a612e7d642b652b863ba92bfb1c7d6b64de8f4bd Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Mon, 25 Apr 2016 10:11:55 +0200 Subject: [PATCH] Fix to clean-dangling-ruv for sin

Re: [Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands

2016-04-25 Thread Stanislav Laznicka
On 04/22/2016 05:15 PM, Stanislav Laznicka wrote: On 04/22/2016 01:13 PM, Martin Basti wrote: On 15.04.2016 14:30, Stanislav Laznicka wrote: On 04/13/2016 01:40 PM, Martin Basti wrote: On 06.04.2016 14:04, Stanislav Laznicka wrote: On 03/30/2016 04:52 PM, Martin Basti wrote

Re: [Freeipa-devel] [DESIGN] Time-Based HBAC Policies

2016-05-18 Thread Stanislav Laznicka
On 05/17/2016 12:40 PM, Petr Spacek wrote: On 13.5.2016 13:50, Stanislav Laznicka wrote: Hello list, We had a discussion today over integrating the Time Rules into the CLI and WebUI and a problem came up with with the current solution. It seems that while having templating handled

Re: [Freeipa-devel] [PATCH 0477] upgrade: always start CA

2016-05-19 Thread Stanislav Laznicka
/2016 11:10 AM, Stanislav Laznicka wrote: NACK, see my comments below +# following upgrade steps require running CA This is a nitpicky nitpick but could you please change this comment for # the following ... Took me a while to understand what you were trying to say here. +if ca_running

Re: [Freeipa-devel] [PATCH 0477] upgrade: always start CA

2016-05-19 Thread Stanislav Laznicka
NACK, see my comments below +# following upgrade steps require running CA This is a nitpicky nitpick but could you please change this comment for # the following ... Took me a while to understand what you were trying to say here. +if ca_running and not ca.is_running(): +

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

2016-05-19 Thread Stanislav Laznicka
On 05/18/2016 04:44 PM, Petr Vobornik wrote: On 05/18/2016 04:36 PM, Stanislav Laznicka wrote: There's no ticket for this patch but as there was a fix to 389-ds mentioned in https://fedorahosted.org/freeipa/ticket/5396, the TODO section in clean_dangling_ruvs could be removed. What about

Re: [Freeipa-devel] [PATCH 0483] fix referenced before assignment error in baseldap

2016-05-19 Thread Stanislav Laznicka
ACK On 05/18/2016 07:24 PM, Martin Basti wrote: Patch attached -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0032] Remove dangling RUVs even if replicas are offline

2016-05-19 Thread Stanislav Laznicka
On 05/19/2016 08:52 AM, Ludwig Krispenz wrote: On 05/19/2016 08:02 AM, Stanislav Laznicka wrote: On 05/18/2016 04:44 PM, Petr Vobornik wrote: On 05/18/2016 04:36 PM, Stanislav Laznicka wrote: There's no ticket for this patch but as there was a fix to 389-ds mentioned in https

Re: [Freeipa-devel] [PATCH 0471] ipactl: advertise option --ignore-service-failure

2016-05-12 Thread Stanislav Laznicka
ACK On 05/02/2016 05:27 PM, Martin Basti wrote: On 02.05.2016 17:19, Petr Vobornik wrote: On 05/02/2016 04:26 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5820 Patch attached. Copying the err message 3 times is not very nice. It should be in a constant otherwise we

Re: [Freeipa-devel] [PATCH 0470] remove unused code in SchemaCache

2016-05-12 Thread Stanislav Laznicka
ACK, I see no reason for the code to be present there. On 04/29/2016 04:33 PM, Martin Basti wrote: Patch attached. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [DESIGN] Time-Based HBAC Policies

2016-05-13 Thread Stanislav Laznicka
Hello list, We had a discussion today over integrating the Time Rules into the CLI and WebUI and a problem came up with with the current solution. It seems that while having templating handled by CoSTemplates might be nice in terms of easy dereferencing on SSSD side (it's handled by the DS

[Freeipa-devel] [PATCH 0031] Fix replica deletion when there's no RUVs on the server

2016-05-13 Thread Stanislav Laznicka
https://fedorahosted.org/freeipa/ticket/5307 Please see the patch attached. From a8a3d6f6e6b306d84814a0745cb86b973b66d177 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 13 May 2016 15:13:21 +0200 Subject: [PATCH] fixes premature sys.exit in ipa-replica-

Re: [Freeipa-devel] [PATCH 0031] Fix replica deletion when there's no RUVs on the server

2016-05-13 Thread Stanislav Laznicka
Got distracted with the code, beautifying replacement of previous patch attached. On 05/13/2016 03:30 PM, Stanislav Laznicka wrote: https://fedorahosted.org/freeipa/ticket/5307 Please see the patch attached. From fb06c6afc9e2d1d84de7c6119b76a9a5de008d06 Mon Sep 17 00:00:00 2001 From

  1   2   >