Re: [Freeipa-devel] [PATCH 70] validate i18n strings when running "make lint"

On 04/18/2012 09:32 PM, John Dennis wrote: On 04/18/2012 07:33 AM, Petr Viktorin wrote: On 04/16/2012 10:32 PM, John Dennis wrote: On 04/12/2012 09:26 AM, Petr Viktorin wrote: On 03/30/2012 03:45 AM, John Dennis wrote: Translatable strings have certain requirements for proper translation and

Re: [Freeipa-devel] [PATCH] 0014 Add final debug message in installers

On 04/18/2012 12:38 AM, Dmitri Pal wrote: On 04/17/2012 01:13 PM, Petr Viktorin wrote: On 04/17/2012 06:46 PM, John Dennis wrote: Thank you for the explanation Petr, it's very much appreciated. I do have a problem with this patch and I'm inclined to NAK it, but I'm open to discussion. Here's m

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/18/2012 08:30 PM, Rich Megginson wrote: On 04/17/2012 06:42 AM, Simo Sorce wrote: On Tue, 2012-04-17 at 01:13 +0200, Ondrej Hamada wrote: Sorry for inactivity, I was struggling with a lot of school stuff. I've summed up the main goals, do you agree on them or should I add/remove any? G

Re: [Freeipa-devel] More types of replica in FreeIPA

On Thu, 2012-04-19 at 14:18 +0200, Ondrej Hamada wrote: > On 04/18/2012 08:30 PM, Rich Megginson wrote: > >>> * Credentials expiration on replica should be configurable > >> What does this mean ? > We should store credentials for a subset of users only. As this subset > might change over time, w

[Freeipa-devel] [PATCH 74] Fix name error in hbactest

Ticket #2512 In hbactest.py there is a name error wrapped inside a try/except block that ignores all errors so the code block exits prematurely leaving a critical variable uninitialized. The name error is the result of a cut-n-paste error that references a variable that had never been initialized

Re: [Freeipa-devel] IP address check during IPA install

On 04/18/2012 05:02 PM, Dmitri Pal wrote: On 04/18/2012 09:55 AM, Petr Spacek wrote: Hello, please, can somebody explain to me, why our installer strictly checks IP addresses? I wonder about it from yesterday's IPA meeting and still can't get it. My naive insight is: "It's a network layer prob

Re: [Freeipa-devel] [PATCH 74] Fix name error in hbactest

On Thu, 19 Apr 2012, John Dennis wrote: Ticket #2512 In hbactest.py there is a name error wrapped inside a try/except block that ignores all errors so the code block exits prematurely leaving a critical variable uninitialized. The name error is the result of a cut-n-paste error that references

Re: [Freeipa-devel] [PATCH 74] Fix name error in hbactest

On Thu, 2012-04-19 at 16:17 +0300, Alexander Bokovoy wrote: > On Thu, 19 Apr 2012, John Dennis wrote: > >Ticket #2512 > > > >In hbactest.py there is a name error wrapped inside a try/except block > >that ignores all errors so the code block exits prematurely leaving a > >critical variable uninitial

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/19/2012 09:03 AM, Simo Sorce wrote: > On Thu, 2012-04-19 at 14:18 +0200, Ondrej Hamada wrote: >> On 04/18/2012 08:30 PM, Rich Megginson wrote: > * Credentials expiration on replica should be configurable What does this mean ? >> We should store credentials for a subset of users only.

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/19/2012 04:10 PM, Dmitri Pal wrote: On 04/19/2012 09:03 AM, Simo Sorce wrote: On Thu, 2012-04-19 at 14:18 +0200, Ondrej Hamada wrote: On 04/18/2012 08:30 PM, Rich Megginson wrote: * Credentials expiration on replica should be configurable What does this mean ? We should store credentia

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/19/2012 11:26 AM, Ondrej Hamada wrote: >> There is one aspect that is missing in this discussion. If we are >> talking about a remote office and about a Consumer that serves this >> office we need to understand not only the flow of the initial >> authentication but are there other authenticat

Re: [Freeipa-devel] More types of replica in FreeIPA

On Thu, 2012-04-19 at 10:10 -0400, Dmitri Pal wrote: > If the eSSO is not required and we talk about the initial login only > we > can have a DS instance as a consumer do not need to have the whole IPA > becuase KDC, CA and management frameworks are not needed. This DS can > replicate a subset of t

Re: [Freeipa-devel] More types of replica in FreeIPA

On Thu, 2012-04-19 at 17:26 +0200, Ondrej Hamada wrote: > >>> Sorry, I wrote it unclear. I meant that the credentials, we store on > >>> Consumer should be there available only for a specified period of time. > >> Why ? > >> > >>> After that time they should be flushed away (means they are still va

[Freeipa-devel] [PATCH] 253 Fix help of --hostname option in ipa-client-install

Fix issue found during QE testing. Pushed to master, ipa-2-2 under the one-liner rule. Martin >From 7c784d5bbe22ae25ea30107e27c724388c0ffa66 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 19 Apr 2012 19:50:57 +0200 Subject: [PATCH] Fix help of --hostname option in ipa-client-install Rep

Re: [Freeipa-devel] [PATCH 70] validate i18n strings when running "make lint"

On 04/19/2012 07:04 AM, Petr Viktorin wrote: On 04/18/2012 09:32 PM, John Dennis wrote: Now that there are warnings, is pedantic mode necessary? Great question, I also pondered that as well. My conclusion was there was value in separating aggressiveness of error checking from the verbosity of

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/19/2012 12:33 PM, Simo Sorce wrote: > On Thu, 2012-04-19 at 10:10 -0400, Dmitri Pal wrote: >> If the eSSO is not required and we talk about the initial login only >> we >> can have a DS instance as a consumer do not need to have the whole IPA >> becuase KDC, CA and management frameworks are n

Re: [Freeipa-devel] More types of replica in FreeIPA

On Thu, 2012-04-19 at 15:00 -0400, Dmitri Pal wrote: > Local server is the central hub for the authentications in the remote > office. The client machines with SSSD or LDAP clients might not have > access to the central datacenter directly. Another reason for having > such login server is to reduce

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/19/2012 03:44 PM, Simo Sorce wrote: > On Thu, 2012-04-19 at 15:00 -0400, Dmitri Pal wrote: >> Local server is the central hub for the authentications in the remote >> office. The client machines with SSSD or LDAP clients might not have >> access to the central datacenter directly. Another rea

Re: [Freeipa-devel] More types of replica in FreeIPA

On Thu, 2012-04-19 at 16:29 -0400, Dmitri Pal wrote: > On 04/19/2012 03:44 PM, Simo Sorce wrote: > > On Thu, 2012-04-19 at 15:00 -0400, Dmitri Pal wrote: > >> Local server is the central hub for the authentications in the remote > >> office. The client machines with SSSD or LDAP clients might not h

Re: [Freeipa-devel] More types of replica in FreeIPA

On 04/19/2012 05:28 PM, Simo Sorce wrote: > On Thu, 2012-04-19 at 16:29 -0400, Dmitri Pal wrote: >> On 04/19/2012 03:44 PM, Simo Sorce wrote: >>> On Thu, 2012-04-19 at 15:00 -0400, Dmitri Pal wrote: Local server is the central hub for the authentications in the remote office. The client m

Re: [Freeipa-devel] More types of replica in FreeIPA

On Thu, 2012-04-19 at 18:25 -0400, Dmitri Pal wrote: > On 04/19/2012 05:28 PM, Simo Sorce wrote: > > On Thu, 2012-04-19 at 16:29 -0400, Dmitri Pal wrote: > >> On 04/19/2012 03:44 PM, Simo Sorce wrote: > >>> On Thu, 2012-04-19 at 15:00 -0400, Dmitri Pal wrote: > Local server is the central hub

Re: [Freeipa-devel] [PATCH] 0042-0048 AD trusts support (master)

On Thu, 2012-04-12 at 17:16 +0200, Martin Kosek wrote: > On Thu, 2012-04-12 at 18:08 +0300, Alexander Bokovoy wrote: > > Hi Martin! > > > > On Thu, 12 Apr 2012, Martin Kosek wrote: > ... > > >3) I would not try to import ipaserver.dcerpc every time the command is > > >executed: > > >+try: