Re: [Freeipa-devel] [PATCH] 1067 clear out certmonger requests

On 31.10.2012 16:28, Rob Crittenden wrote: Jan Cholasta wrote: On 29.10.2012 20:11, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 24.10.2012 21:22, Rob Crittenden wrote: If uninstall fails in certain ways it is possible that some certificates could still be tracked by certmonger (even if

Re: [Freeipa-devel] Dojo and Web UI in 3.2

On 10/31/2012 11:13 PM, Dmitri Pal wrote: On 10/30/2012 01:20 PM, Petr Vobornik wrote: On 10/30/2012 06:48 AM, Endi Sukma Dewata wrote: On 10/29/2012 4:27 AM, Petr Vobornik wrote: Hi, I would like to make a bigger change in Web UI. Basically I think Web UI would benefit from using a Dojo tool

[Freeipa-devel] RFC: freeipa-asterisk plugin

Hi all, we plan to write a freeIPA configuration plugin for Asterisk, aiming to be general and useful enough to be included in Fedora and EPEL, so we would like to have your input on some issues before we write any code. I wrote down the plans so far on this wiki page: https://github.com/sorbouc

Re: [Freeipa-devel] Dojo and Web UI in 3.2

On 11/01/2012 09:25 AM, Petr Vobornik wrote: On 10/31/2012 11:13 PM, Dmitri Pal wrote: On 10/30/2012 01:20 PM, Petr Vobornik wrote: On 10/30/2012 06:48 AM, Endi Sukma Dewata wrote: On 10/29/2012 4:27 AM, Petr Vobornik wrote: Hi, I would like to make a bigger change in Web UI. Basically I thi

Re: [Freeipa-devel] [PATCH] 1067 clear out certmonger requests

Jan Cholasta wrote: On 31.10.2012 16:28, Rob Crittenden wrote: Jan Cholasta wrote: On 29.10.2012 20:11, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 24.10.2012 21:22, Rob Crittenden wrote: If uninstall fails in certain ways it is possible that some certificates could still be tracked by

[Freeipa-devel] [PATCH] 1070 change user_u context in list

The default user_u context in the selnux user map list didn't match what is actually the selinux default context. This could be confusing, so change it to match what systems will have. rob >From ccfabc84a08020917b2c744661e64a51cb1bca53 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 1

Re: [Freeipa-devel] [PATCH] Get list of service from LDAP only at startup

Rob Crittenden wrote: Simo Sorce wrote: From: Simo Sorce We check (possibly different) data from LDAP only at (re)start. This way we always shutdown exactly the services we started even if the list changed in the meanwhile (we avoid leaving a service running even if it was removed from LDAP as

Re: [Freeipa-devel] [PATCH] 1068 wait for LDAP when renewing the RA

Hi, On 24.10.2012 21:24, Rob Crittenden wrote: All the certs are pretty critical in certificate renewal but the agent cert has the distinction of having to be updated in multiple places. It needs to exist in both LDAP servers. It is possible that one or both of these servers may be down briefly

Re: [Freeipa-devel] RFC: freeipa-asterisk plugin

On Thu, 2012-11-01 at 09:30 -0430, Loris Santamaria wrote: > Hi all, > > we plan to write a freeIPA configuration plugin for Asterisk, aiming to > be general and useful enough to be included in Fedora and EPEL, so we > would like to have your input on some issues before we write any code. Hi Lori

Re: [Freeipa-devel] [PATCH] 1068 wait for LDAP when renewing the RA

Jan Cholasta wrote: Hi, On 24.10.2012 21:24, Rob Crittenden wrote: All the certs are pretty critical in certificate renewal but the agent cert has the distinction of having to be updated in multiple places. It needs to exist in both LDAP servers. It is possible that one or both of these server

Re: [Freeipa-devel] [PATCH] 1068 wait for LDAP when renewing the RA

On 1.11.2012 16:32, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 24.10.2012 21:24, Rob Crittenden wrote: All the certs are pretty critical in certificate renewal but the agent cert has the distinction of having to be updated in multiple places. It needs to exist in both LDAP servers. It i

Re: [Freeipa-devel] [DHCP] tree layout options

On Thu, 2012-07-19 at 22:20 +0930, William Brown wrote: > Find attached two different ldifs showing how the tree for DHCP services > could be layed out. I personally prefer 2 due to the way that > sharedNetwork segments can be named uniquely in a location without > clashing with another location. T

Re: [Freeipa-devel] RFC: freeipa-asterisk plugin

On 11/01/2012 09:32 AM, Simo Sorce wrote: On Thu, 2012-11-01 at 09:30 -0430, Loris Santamaria wrote: Hi all, we plan to write a freeIPA configuration plugin for Asterisk, aiming to be general and useful enough to be included in Fedora and EPEL, so we would like to have your input on some issues

Re: [Freeipa-devel] [PATCH] 1070 change user_u context in list

On Thu, 2012-11-01 at 10:34 -0400, Rob Crittenden wrote: > The default user_u context in the selnux user map list didn't match what > is actually the selinux default context. This could be confusing, so > change it to match what systems will have. ACK. Simo. -- Simo Sorce * Red Hat, Inc * New

Re: [Freeipa-devel] [PATCH] 1068 wait for LDAP when renewing the RA

Jan Cholasta wrote: On 1.11.2012 16:32, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 24.10.2012 21:24, Rob Crittenden wrote: All the certs are pretty critical in certificate renewal but the agent cert has the distinction of having to be updated in multiple places. It needs to exist in bot

Re: [Freeipa-devel] RFC: freeipa-asterisk plugin

On 11/01/2012 11:32 AM, Simo Sorce wrote: > On Thu, 2012-11-01 at 09:30 -0430, Loris Santamaria wrote: >> Hi all, >> >> we plan to write a freeIPA configuration plugin for Asterisk, aiming to >> be general and useful enough to be included in Fedora and EPEL, so we >> would like to have your input o

Re: [Freeipa-devel] [PATCH] Changes to use a single database for dogtag and IPA

On 10/29/2012 04:48 PM, Petr Viktorin wrote: On 10/26/2012 02:25 PM, Petr Viktorin wrote: On 10/26/2012 02:20 PM, Petr Viktorin wrote: Attached are this thread's patches rebased and squashed into one. ... and here is a patch to address replication problems related to merging the schemata of

Re: [Freeipa-devel] [PATCH] Changes to use a single database for dogtag and IPA

On 11/01/2012 06:33 PM, Petr Viktorin wrote: On 10/29/2012 04:48 PM, Petr Viktorin wrote: On 10/26/2012 02:25 PM, Petr Viktorin wrote: On 10/26/2012 02:20 PM, Petr Viktorin wrote: Attached are this thread's patches rebased and squashed into one. ... and here is a patch to address replicatio

Re: [Freeipa-devel] [PATCH] 1068 wait for LDAP when renewing the RA

Jan Cholasta wrote: On 1.11.2012 16:54, Rob Crittenden wrote: Jan Cholasta wrote: On 1.11.2012 16:32, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 24.10.2012 21:24, Rob Crittenden wrote: All the certs are pretty critical in certificate renewal but the agent cert has the distinction of h

Re: [Freeipa-devel] [PATCH] 1068 wait for LDAP when renewing the RA

On 1.11.2012 16:54, Rob Crittenden wrote: Jan Cholasta wrote: On 1.11.2012 16:32, Rob Crittenden wrote: Jan Cholasta wrote: Hi, On 24.10.2012 21:24, Rob Crittenden wrote: All the certs are pretty critical in certificate renewal but the agent cert has the distinction of having to be updated i

Re: [Freeipa-devel] [PATCH] 88 Reword description of the --passsync option of ipa-replica-manage

Rob Crittenden wrote: Jan Cholasta wrote: Hi, this patch fixes . There are two typos, PasSync with only 2 s's. I think there should be a separate section on PassSync explaining what the service is and passwords are modified. There is some informa

Re: [Freeipa-devel] [PATCH] Get list of service from LDAP only at startup

On Thu, 2012-11-01 at 10:59 -0400, Rob Crittenden wrote: > Rob Crittenden wrote: > > Simo Sorce wrote: > >> From: Simo Sorce > >> > >> We check (possibly different) data from LDAP only at (re)start. > >> This way we always shutdown exactly the services we started even if > >> the list > >> changed

Re: [Freeipa-devel] [PATCH] 329 Use common encoding in modlist generation

On Tue, 2012-10-30 at 15:12 +0100, Jan Cholasta wrote: > > > > Thanks for the catch Honza! I missed these errors in false positives > I > > got in my unit tests... > > > > Attaching a fixed patch, unit are clean this time. > > > > Martin > > ACK. > > This patch was pushed a while ago. Simo. --

Re: [Freeipa-devel] [PATCH 1/1] Resolve external members from trusted domain via Global Catalog

On Wed, 2012-10-31 at 22:52 +0200, Alexander Bokovoy wrote: > A sequence is following: > 1. Match external member against existing trusted domain > 2. Find trusted domain's domain controller and preferred GC hosts > 3. Fetch trusted domain account auth info > 4. Set up ccache in /var/run/ipa_memcac

Re: [Freeipa-devel] [PATCH] 330 Disable global forwarding per-zone

Martin Kosek wrote: bind-dyndb-ldap allows disabling global forwarder per-zone. This may be useful in a scenario when we do not want requests to delegated sub-zones (like sub.example.com. in zone example.com.) to be routed through global forwarder. Few lines to help added to explain the feature

Re: [Freeipa-devel] RFC: freeipa-asterisk plugin

El jue, 01-11-2012 a las 11:32 -0400, Simo Sorce escribió: > On Thu, 2012-11-01 at 09:30 -0430, Loris Santamaria wrote: > > Hi all, > > > > we plan to write a freeIPA configuration plugin for Asterisk, aiming to > > be general and useful enough to be included in Fedora and EPEL, so we > > would li

Re: [Freeipa-devel] RFC: freeipa-asterisk plugin

El jue, 01-11-2012 a las 12:47 -0400, Dmitri Pal escribió: > On 11/01/2012 11:32 AM, Simo Sorce wrote: > > On Thu, 2012-11-01 at 09:30 -0430, Loris Santamaria wrote: > >> Hi all, > >> > >> we plan to write a freeIPA configuration plugin for Asterisk, aiming to > >> be general and useful enough to b