Re: [Freeipa-devel] [PATCH 0072] Provide ipa-client-advise tool

On Wednesday 26 of June 2013 10:12:48 Petr Spacek wrote: [snip] > > Appropriate error handling = Return 'Permission denied' if particular > operation requires higher privileges. > > IMHO 'cryptic' error message is bad in any case, so the right way how to fix > 'cryptic' error messages is to f

Re: [Freeipa-devel] [PATCH] 0029 Make sure replication works after DM password is changed

[snip] > > The patch now fixes the issue. > > > > > > > > However, we need to bump the dependency in the specfile since now we require > > > > version 1.3.1.1. > > > > > > > > Tomas > > > > Thanks, updated patch is attached. > I tested the patch both with clean install and upgrade. ACK

Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search

On Friday 21 of June 2013 13:52:40 Ana Krivokapic wrote: > On 06/12/2013 02:28 PM, Tomas Babej wrote: > > Hi, > > > > Drops the code from ipa-server-install, ipa-dns-install and the > > BindInstance itself. Also changed ipa-upgradeconfig script so > > that it does not set zone_refresh to 0 on upgra

Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search

On Thursday 11 of July 2013 11:19:44 Tomas Babej wrote: > On Friday 21 of June 2013 13:52:40 Ana Krivokapic wrote: > > On 06/12/2013 02:28 PM, Tomas Babej wrote: > > > Hi, > > > > > > Drops the code from ipa-server-install, ipa-dns-install and the > > > BindInstance itself. Also changed ipa-upgrade

Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes

On Wed, 10 Jul 2013, Ana Krivokapic wrote: On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached patches fix systemd and ipactl related bugs: https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729 NACK.

Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes

On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Wed, 10 Jul 2013, Ana Krivokapic wrote: On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached patches fix systemd and ipactl related bugs: https://fedorahosted.org/freeipa/ticket/3730 https

Re: [Freeipa-devel] [PATCH] 140 Check trust chain length in CA-less install

On Wed, 10 Jul 2013, Rob Crittenden wrote: Jan Cholasta wrote: Hi, the attached patch fixes . Honza This patch seems to work ok but I've been unable to test it with an external CA installation because that seems to be broken (unrelated to this

Re: [Freeipa-devel] [PATCHES] 143-147 Improve performance with large groups

On Mon, 08 Jul 2013, Alexander Bokovoy wrote: On Thu, 27 Jun 2013, Jan Cholasta wrote: On 27.6.2013 17:34, Rich Megginson wrote: On 06/27/2013 09:31 AM, Jan Cholasta wrote: The search is hard-coded in the referint plugin, see

Re: [Freeipa-devel] [PATCHES] 143-147 Improve performance with large groups

On 11.7.2013 11:58, Alexander Bokovoy wrote: On Mon, 08 Jul 2013, Alexander Bokovoy wrote: On Thu, 27 Jun 2013, Jan Cholasta wrote: On 27.6.2013 17:34, Rich Megginson wrote: On 06/27/2013 09:31 AM, Jan Cholasta wrote: The search is hard-coded in the referint plugin, see

Re: [Freeipa-devel] [PATCHES] 143-147 Improve performance with large groups

On Thu, 11 Jul 2013, Jan Cholasta wrote: On 11.7.2013 11:58, Alexander Bokovoy wrote: On Mon, 08 Jul 2013, Alexander Bokovoy wrote: On Thu, 27 Jun 2013, Jan Cholasta wrote: On 27.6.2013 17:34, Rich Megginson wrote: On 06/27/2013 09:31 AM, Jan Cholasta wrote: The search is hard-coded in the r

Re: [Freeipa-devel] [PATCH] Permit reads to ipatokenRadiusProxyUser objects

On Mon, 01 Jul 2013, Nathaniel McCallum wrote: On Thu, 2013-06-20 at 12:21 +0200, Martin Kosek wrote: On 06/18/2013 08:27 PM, Nathaniel McCallum wrote: > Patch attached. > Hello Nathaniel, Thanks for the patch! I have just few general procedural comments with submitting patch: 1. As you are d

[Freeipa-devel] [PATCH 0173] Improve logging for cases where SOA serial autoincrementation failed

Hello, Improve logging for cases where SOA serial autoincrementation failed. -- Petr^2 Spacek From 9ef4eee3c484557efd7c777458c6800f7c61bdaf Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Mon, 8 Jul 2013 13:15:56 +0200 Subject: [PATCH] Improve logging for cases where SOA serial autoincrementat

Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes

On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Wed, 10 Jul 2013, Ana Krivokapic wrote: On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached patches fix systemd and ipactl related bugs: htt

Re: [Freeipa-devel] [PATCH] 0029 Make sure replication works after DM password is changed

On Thu, 11 Jul 2013, Tomas Babej wrote: [snip] > The patch now fixes the issue. > > > > However, we need to bump the dependency in the specfile since now we require > > version 1.3.1.1. > > > > Tomas > Thanks, updated patch is attached. I tested the patch both with clean install and upgrade

Re: [Freeipa-devel] [PATCH] Fix for small syntax error in OTP schema

On Wed, 10 Jul 2013, Nathaniel McCallum wrote: https://fedorahosted.org/freeipa/ticket/3765 Due to the potentially bad ramifications of a schema syntax error, I tested this in both single server and replica configurations. The worst case in both is a truncated attribute description. The above pa

Re: [Freeipa-devel] [PATCH] 0029 Make sure replication works after DM password is changed

On 07/11/2013 12:34 PM, Alexander Bokovoy wrote: > On Thu, 11 Jul 2013, Tomas Babej wrote: >> [snip] >> >>> > The patch now fixes the issue. >>> > >>> > >>> > >>> > However, we need to bump the dependency in the specfile since now we >>> > require >>> > >>> > version 1.3.1.1. >>> > >>> > >>> > >>>

Re: [Freeipa-devel] [PATCH] 0029 Make sure replication works after DM password is changed

On Thu, 11 Jul 2013, Ana Krivokapic wrote: On 07/11/2013 12:34 PM, Alexander Bokovoy wrote: On Thu, 11 Jul 2013, Tomas Babej wrote: [snip] > The patch now fixes the issue. > > > > However, we need to bump the dependency in the specfile since now we require > > version 1.3.1.1. > > > > Tomas >

Re: [Freeipa-devel] [PATCH] 117 extdom: replace winbind calls with POSIX/SSSD calls

On Wed, 10 Jul 2013, Simo Sorce wrote: On Wed, 2013-07-10 at 19:15 +0300, Alexander Bokovoy wrote: On Tue, 09 Jul 2013, Jakub Hrozek wrote: >On Tue, Jul 09, 2013 at 11:42:00AM +0200, Jakub Hrozek wrote: >> On Tue, Jul 09, 2013 at 10:33:19AM +0300, Alexander Bokovoy wrote: >> > On Mon, 08 Jul 201

Re: [Freeipa-devel] [PATCH] 116 Add PAC to master host TGTs

On Wed, 10 Jul 2013, Simo Sorce wrote: On Wed, 2013-07-10 at 19:55 +0300, Alexander Bokovoy wrote: >>> The patch looks good to me so I'm giving my +1. I would appreciate other >>> review too before a full ack, though. >> >> I've nacked the approach, although the results are as expected. >> Alexa

Re: [Freeipa-devel] [PATCHES] 0230-0244 Integration testing framework

On 10.7.2013 17:50, Petr Viktorin wrote: On 07/10/2013 02:03 PM, Jan Cholasta wrote: make test seems to run fine with patches 230-242 applied, however ipa-run-tests produces the following output: [...Skipping nose output...] I guess the location of the test certificate should be made config

[Freeipa-devel] [PATCH 0077] Add libsss_nss_idmap-devel to BuildRequires

Hi, attached patch fixes build problems introduced by recently pushed Sumit's patches. Tomas>From 41c6c7ca44e7c6ef7c40cbef32b1b5dc3cf36130 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 11 Jul 2013 13:33:31 +0200 Subject: [PATCH] Add libsss_nss_idmap-devel to BuildRequires --- freeipa.

Re: [Freeipa-devel] [PATCH 0077] Add libsss_nss_idmap-devel to BuildRequires

On Thu, 11 Jul 2013, Tomas Babej wrote: Hi, attached patch fixes build problems introduced by recently pushed Sumit's patches. ACK, pushed to master. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.

[Freeipa-devel] [PATCHES] 152-156 ipa-server-certinstall fixes

Hi, this is the first batch of patches for . It contains port of ipa-server-certinstall to the admintool framework and fixes some bugs. Note that there's still some work I have to do to make ipa-server-certinstall work properly for installs with

Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes

On 07/11/2013 11:38 AM, Alexander Bokovoy wrote: > On Thu, 11 Jul 2013, Alexander Bokovoy wrote: >> On Wed, 10 Jul 2013, Ana Krivokapic wrote: >>> On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: > Hello, > > Attached patches fix systemd a

Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search

On 07/11/2013 11:20 AM, Tomas Babej wrote: > boolean_var = {} > -for var in ('persistent_search', 'serial_autoincrement'): > +for var in ('serial_autoincrement'): This won't work - a one element tuple needs a comma at the end: ('serial_autoincrement', ) > boole

Re: [Freeipa-devel] [PATCH] 412 Remove entitlement support

On Thu, 27 Jun 2013, Martin Kosek wrote: On 06/27/2013 12:32 PM, Jan Cholasta wrote: On 26.6.2013 14:03, Tomas Babej wrote: On 06/19/2013 10:31 AM, Petr Vobornik wrote: On 06/19/2013 10:13 AM, Martin Kosek wrote: Entitlements code was not tested nor supported upstream since version 3.0. Remov

Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes

On Thu, 11 Jul 2013, Ana Krivokapic wrote: On 07/11/2013 11:38 AM, Alexander Bokovoy wrote: On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Wed, 10 Jul 2013, Ana Krivokapic wrote: On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached pa

Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search

On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote: > On 07/11/2013 11:20 AM, Tomas Babej wrote: > > boolean_var = {} > > -for var in ('persistent_search', 'serial_autoincrement'): > > +for var in ('serial_autoincrement'): > This won't work - a one element tuple need

Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search

On 07/11/2013 05:10 PM, Tomas Babej wrote: > > On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote: > > > On 07/11/2013 11:20 AM, Tomas Babej wrote: > > > > boolean_var = {} > > > > - for var in ('persistent_search', 'serial_autoincrement'): > > > > + for var in ('serial_autoincrement'): > >

[Freeipa-devel] [PATCH] 3031 Allow TTL to be configured during ipa-client-install

Hi, SSSD 1.10 added the ability to configure the TTL used in dynamic DNS updates. This patch is the mirror of that rebased from the original patch submitted a year ago onto current head. This patch allows the user during ipa-client-install to pick the TTL to be used on the creation of the client

Re: [Freeipa-devel] [PATCHES] 149-151 Ask for PKCS#12 password interactively

Jan Cholasta wrote: Hi, the attached patches fix . Also added a small patch to fix a formatting issue with installutils.read_password. Honza Functionally ok but I found it very jarring the way the passwords were prompted for. I think they should

[Freeipa-devel] [PATCH] 1102 set correct content-type

Set the correct content-type on negotiated XML-RPC requests. It was being set as text/plain when it should be text/xml. rob >From edf8e41cfe1f5142ced53376f509f2e0d4439cfe Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 11 Jul 2013 16:46:34 -0400 Subject: [PATCH] Return the correct Cont

Re: [Freeipa-devel] [PATCHES] 149-151 Ask for PKCS#12 password interactively

On 11.7.2013 20:51, Rob Crittenden wrote: Jan Cholasta wrote: Hi, the attached patches fix . Also added a small patch to fix a formatting issue with installutils.read_password. Honza Functionally ok but I found it very jarring the way the passwo