Re: [Freeipa-devel] DNS views in FreeIPA again

On 10/04/2013 04:31 PM, Adam Young wrote: > On 10/01/2013 04:45 AM, Petr Spacek wrote: >> On 23.9.2013 19:06, Dmitri Pal wrote: >>> On 09/23/2013 10:25 AM, Petr Spacek wrote: On 20.9.2013 19:29, Dmitri Pal wrote: > 5) Met with James (the blogger) and the community guy who created > pup

Re: [Freeipa-devel] DNS views in FreeIPA again

On 10/01/2013 04:45 AM, Petr Spacek wrote: On 23.9.2013 19:06, Dmitri Pal wrote: On 09/23/2013 10:25 AM, Petr Spacek wrote: On 20.9.2013 19:29, Dmitri Pal wrote: 5) Met with James (the blogger) and the community guy who created puppet scripts for IPA. He was trying to convince me that we need

[Freeipa-devel] [PATCH 0024] Add OTP support to ipalib CLI

This patch supersedes my patch 0017 and requires patches 0020-0023. I believe I have solved all of the outstanding issues from the review of patch 0017, unless otherwise noted: 1. I'm not actually sure what the format of the date parameters is. Could someone clarify this for me? Should I do someth

[Freeipa-devel] [PATCH 0023] Add optional_create flag

This patch is preparatory for the OTP CLI patch. >From 56389a8c6cdc811c7b94de9b037d7c859931b69f Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Tue, 1 Oct 2013 13:57:24 -0400 Subject: [PATCH] Add optional_create flag This permits IDs to be automatically generated if not specified. --- ip

[Freeipa-devel] [PATCH 0022] Document no_search in Param flags

This patch is preparatory for the OTP CLI patch. >From 7266de355c15aab383fb1328ce468d08011b545b Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Tue, 1 Oct 2013 13:55:22 -0400 Subject: [PATCH] Document no_search in Param flags --- ipalib/parameters.py | 4 +++- 1 file changed, 3 insertion

[Freeipa-devel] [PATCH 0021] Don't special case the Password class in Param.__init__()

This patch is preparatory for the OTP CLI patch. >From 2678ff4e2f22e7e81bf40b30ffcd0efe0ecf08c2 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Mon, 30 Sep 2013 13:06:37 -0400 Subject: [PATCH] Don't special case the Password class in Param.__init__() --- ipalib/parameters.py | 20 +++

[Freeipa-devel] [PATCH 0020] Add IntEnum parameter to ipalib

This patch is preparatory for the OTP CLI patch. >From 2e1f6213f9516c282857bc9138262a7501f3976f Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Mon, 30 Sep 2013 12:45:37 -0400 Subject: [PATCH] Add IntEnum parameter to ipalib --- ipalib/__init__.py | 2 +- ipalib/parameters.py | 14 +++

[Freeipa-devel] [PATCH] 425 Do not allow '%' in DM password

Having '%' in DM password causes pkispawn to crash. Do not allow users to enter it until pkispawn is fixed. https://bugzilla.redhat.com/show_bug.cgi?id=953488 --- Pushed as a one-liner to master, ipa-3-3. Martin From 5621539945d8ce49a60222989632f32648e09aea Mon Sep 17 00:00:00 2001 From: Martin

[Freeipa-devel] Announcing FreeIPA 3.3.2

The FreeIPA team is proud to announce FreeIPA v3.3.2! It can be downloaded from http://www.freeipa.org/page/Downloads. Fedora 19 builds are already on their way to updates-testing repo. == Highlights in 3.3.2 == === Enhancements === * Multiple domains from a trusted Active Directory forest suppor

Re: [Freeipa-devel] [PATCH] 0304 ipapython.nsslib: Name arguments to NSPRError

On 10/02/2013 05:49 PM, Petr Vobornik wrote: On 10/02/2013 04:34 PM, Petr Viktorin wrote: As I found out when installing on a misconfigured system, we use wrong argument order for NSPRError in nsslib. This patch corrects the problem. ACK A nitpick: $ git diff HEAD~1 | pep8 --diff ./ipapython/

Re: [Freeipa-devel] [PATCH] 0309 Do not fail upgrade if the global anonymous read ACI is not found

On 10/04/2013 01:50 PM, Petr Viktorin wrote: > On 10/04/2013 01:49 PM, Petr Viktorin wrote: >> https://fedorahosted.org/freeipa/ticket/3956 > > ... Once more, without the typo in the subject. > ACK! Works fine. Pushed to master, ipa-3-3. Martin ___ F

Re: [Freeipa-devel] [PATCHES] 0307-0308 Use direct RPC with specified version in client-install

On 10/04/2013 03:34 PM, Jan Cholasta wrote: Hi, On 4.10.2013 13:26, Petr Viktorin wrote: These patches allow a client to enroll with old servers. The bug was reported in uploading SSH keys: https://fedorahosted.org/freeipa/ticket/3931 but while testing against v2.1 I found and fixed another bu

Re: [Freeipa-devel] [PATCHES] 0307-0308 Use direct RPC with specified version in client-install

Hi, On 4.10.2013 13:26, Petr Viktorin wrote: These patches allow a client to enroll with old servers. The bug was reported in uploading SSH keys: https://fedorahosted.org/freeipa/ticket/3931 but while testing against v2.1 I found and fixed another bug that prevented the install. See the commit

Re: [Freeipa-devel] [PATCHES] 0307-0308 Use direct RPC with specified version in client-install

On Fri, 2013-10-04 at 15:03 +0200, Petr Spacek wrote: > On 4.10.2013 13:26, Petr Viktorin wrote: > > These patches allow a client to enroll with old servers. > > > > The bug was reported in uploading SSH keys: > > https://fedorahosted.org/freeipa/ticket/3931 > > but while testing against v2.1 I fou

Re: [Freeipa-devel] [PATCHES] 0307-0308 Use direct RPC with specified version in client-install

On 10/04/2013 03:03 PM, Petr Spacek wrote: On 4.10.2013 13:26, Petr Viktorin wrote: These patches allow a client to enroll with old servers. The bug was reported in uploading SSH keys: https://fedorahosted.org/freeipa/ticket/3931 but while testing against v2.1 I found and fixed another bug that

Re: [Freeipa-devel] [PATCHES] 0307-0308 Use direct RPC with specified version in client-install

On 4.10.2013 13:26, Petr Viktorin wrote: These patches allow a client to enroll with old servers. The bug was reported in uploading SSH keys: https://fedorahosted.org/freeipa/ticket/3931 but while testing against v2.1 I found and fixed another bug that prevented the install. See the commit mess

Re: [Freeipa-devel] [PATCH] 287 Update translations from Transifex

On 09/26/2013 01:10 PM, Petr Viktorin wrote: Hello, There'll be a Fedora 20 L10n test on Thursday, and maintainers are asked to push packages with updated translations by Friday. We're planning another minor release after that deadline; in the mean time I will put this patch into Fedora 20 & Raw

Re: [Freeipa-devel] [PATCH] 424 Remove faulty DNS memberOf Task

On 10/04/2013 01:52 PM, Martin Kosek wrote: This task was added with a DN colliding with privilege update memberOf task being run later and caused this task to be ineffective and thus miss some privilege membership, like "SELinux User Map Administrators" DNS update plugin do not need to run any

[Freeipa-devel] [PATCH] 424 Remove faulty DNS memberOf Task

This task was added with a DN colliding with privilege update memberOf task being run later and caused this task to be ineffective and thus miss some privilege membership, like "SELinux User Map Administrators" DNS update plugin do not need to run any task at all as privileges will be updated late

Re: [Freeipa-devel] [PATCH] 0309 Do not fail upgrade if the global anonymous read ACI is not found

On 10/04/2013 01:49 PM, Petr Viktorin wrote: https://fedorahosted.org/freeipa/ticket/3956 ... Once more, without the typo in the subject. -- Petr³ From 767a49c3ee7c4964453e3b8ffeee23ad2d9bc7bb Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 4 Oct 2013 13:28:16 +0200 Subject: [PATCH] D

[Freeipa-devel] [PATCH] 0309 Do no fail upgrade if the global anonymous read ACI is not, found

https://fedorahosted.org/freeipa/ticket/3956 -- Petr³ From 767a49c3ee7c4964453e3b8ffeee23ad2d9bc7bb Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 4 Oct 2013 13:28:16 +0200 Subject: [PATCH] Do no fail upgrade if the global anonymous read ACI is not found This helps forward compatibili

Re: [Freeipa-devel] [DOC] Chapter 4 text

On 10/03/2013 05:51 PM, Petr Vobornik wrote: On 10/03/2013 12:12 PM, Martin Basti wrote: On Tue, 2013-10-01 at 16:29 +0200, Petr Vobornik wrote: On 09/27/2013 05:52 PM, Martin Basti wrote: On Wed, 2013-09-18 at 17:10 +0200, Martin Basti wrote: Patch fix examples in chapter 4, adds new example

Re: [Freeipa-devel] [DOC] 0005 Updated chapter 4 - login into web UI

On 10/01/2013 04:29 PM, Petr Vobornik wrote: On 09/30/2013 06:45 PM, Martin Basti wrote: On Fri, 2013-09-20 at 17:39 +0200, Petr Vobornik wrote: On 09/20/2013 04:06 PM, Martin Basti wrote: Logging into web UI and configuring web browser sections were outdated Thanks for the path. Here are

Re: [Freeipa-devel] [DOC] Chapter 2 Installation

On 10/04/2013 12:52 PM, Martin Basti wrote: On Mon, 2013-09-30 at 17:48 +0200, Petr Vobornik wrote: On 09/27/2013 11:37 AM, Martin Basti wrote: On Fri, 2013-09-27 at 10:50 +0200, Martin Basti wrote: On Mon, 2013-08-26 at 17:16 +0200, Martin Basti wrote: Hello, this patch fix some setup outpu

Re: [Freeipa-devel] [DOC] 0002 Chapter 3 Installing clients

On 09/30/2013 06:29 PM, Petr Vobornik wrote: On 09/27/2013 05:52 PM, Martin Basti wrote: On Mon, 2013-08-26 at 17:25 +0200, Martin Basti wrote: Hello, this patch fix some setup outputs, add tips and order of command in examples -- Martin Basti Updated patch You did some additional chang

Re: [Freeipa-devel] [DOC] Chapter 4 screenshots

On 09/25/2013 01:24 PM, Petr Vobornik wrote: On 09/18/2013 05:07 PM, Martin Basti wrote: Patch adds new screen-shots for chapter 4 Basic Usage NOTE: Patch doesn't cover part 4.3 Logging with web UI ACK, but I would wait for mbasti 0004 and 0005. Pushed to master -- Petr Vobornik _

[Freeipa-devel] [PATCHES] 0307-0308 Use direct RPC with specified version in client-install

These patches allow a client to enroll with old servers. The bug was reported in uploading SSH keys: https://fedorahosted.org/freeipa/ticket/3931 but while testing against v2.1 I found and fixed another bug that prevented the install. See the commit messages. With these patches I've successf

Re: [Freeipa-devel] [DOC] Chapter 2 Installation

On Mon, 2013-09-30 at 17:48 +0200, Petr Vobornik wrote: > On 09/27/2013 11:37 AM, Martin Basti wrote: > > On Fri, 2013-09-27 at 10:50 +0200, Martin Basti wrote: > >> On Mon, 2013-08-26 at 17:16 +0200, Martin Basti wrote: > >>> Hello, > >>> > >>> this patch fix some setup outputs and remove outdated

Re: [Freeipa-devel] [PATCH 0019] Prefer TCP connections to UDP in krb5 clients

- Original Message - > On 3.10.2013 23:43, Nathaniel McCallum wrote: > > Patch attached. > > I'm curious - what is the purpose of this patch? To prevent 1 second timeouts > and re-transmits when OTP is in place? > > What is the expected performance impact? Could it be configured for OTP

[Freeipa-devel] [RFE] CA certificate renewal

Hi, you can find a draft of the design document for this feature at . Comments are welcome. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com

Re: [Freeipa-devel] [PATCHES] 170-171 Allow PKCS#12 files with empty password in install tools

On 10/04/2013 09:55 AM, Jan Cholasta wrote: On 3.10.2013 17:44, Petr Viktorin wrote: On 10/03/2013 01:15 PM, Petr Viktorin wrote: On 09/25/2013 10:46 AM, Jan Cholasta wrote: Hi, the attached patches fix . Honza I'm still testing; it looks good

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On 10/04/2013 09:40 AM, Alexander Bokovoy wrote: > On Fri, 04 Oct 2013, Alexander Bokovoy wrote: >> On Fri, 04 Oct 2013, Alexander Bokovoy wrote: >>> On Thu, 03 Oct 2013, Martin Kosek wrote: On 10/03/2013 03:10 PM, Alexander Bokovoy wrote: > On Wed, 02 Oct 2013, Sumit Bose wrote: >>> P

Re: [Freeipa-devel] [PATCHES] 170-171 Allow PKCS#12 files with empty password in install tools

On 3.10.2013 17:44, Petr Viktorin wrote: On 10/03/2013 01:15 PM, Petr Viktorin wrote: On 09/25/2013 10:46 AM, Jan Cholasta wrote: Hi, the attached patches fix . Honza I'm still testing; it looks good except for unattended installs. With the att

Re: [Freeipa-devel] [PATCH] 0118 add support for subdomains

On Fri, 04 Oct 2013, Alexander Bokovoy wrote: On Fri, 04 Oct 2013, Alexander Bokovoy wrote: On Thu, 03 Oct 2013, Martin Kosek wrote: On 10/03/2013 03:10 PM, Alexander Bokovoy wrote: On Wed, 02 Oct 2013, Sumit Bose wrote: Please note that I did not test with more than 1 subdomain, since I do n