On 07/04/2014 06:57 PM, Martin Kosek wrote:
On 07/04/2014 06:39 PM, Petr Viktorin wrote:
On 07/04/2014 04:43 PM, Martin Kosek wrote:
- Bump 389-ds-base requires to fix the deref call with new ACIs:
https://fedorahosted.org/freeipa/ticket/4389
- Bump bind-dyndb-ldap Conflicts to fetch the DNSSEC
On 07/04/2014 06:39 PM, Petr Viktorin wrote:
On 07/04/2014 04:43 PM, Martin Kosek wrote:
- Bump 389-ds-base requires to fix the deref call with new ACIs:
https://fedorahosted.org/freeipa/ticket/4389
- Bump bind-dyndb-ldap Conflicts to fetch the DNSSEC capability
- Bump selinux-policy to fix the
On 07/04/2014 04:34 PM, Martin Basti wrote:
Just tests to avoid regressions in future.
Patches attached
ACK, pushed to master: 80cb95da36215a4d0132d943536a3c6f399c18a7
--
PetrĀ³
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.r
On 07/04/2014 04:43 PM, Martin Kosek wrote:
- Bump 389-ds-base requires to fix the deref call with new ACIs:
https://fedorahosted.org/freeipa/ticket/4389
- Bump bind-dyndb-ldap Conflicts to fetch the DNSSEC capability
- Bump selinux-policy to fix the CRL retrieval:
https://fedorahosted.org/freeip
I'm afraid this mail is not very clear for people who didn't participate
in discussions behind these plans.
The planning of future work is of course Red Hat specific -- we can't
dictate how others spend their time. Read our plans as "here's roughly
what we want to do, does it fit in with your
On 4.7.2014 17:20, Petr Viktorin wrote:
On 07/04/2014 04:57 PM, Martin Kosek wrote:
Hello developers!
I would like to thank everyone for the hard work during the last weeks,
when finishing the FreeIPA 4.0 release, I saw many last stabilization
fixes in DNS, OTP, ACIs, upgrade and Web UI areas.
When 4.0 releases, there will be several development trains that we will need
to manage in our git:
1) FreeIPA 4.0 bugfixing - tickets in 4.0.1 milestone, will go to ipa-4-0 branch
2) FreeIPA 4.1 "small" development - 4.1 will be just a short release for the
summer focused on Views, full suppo
On Fri, Jul 04, 2014 at 05:13:35PM +0200, Martin Kosek wrote:
> Given that Fedora 20 is now in stable phase and FreeIPA 4.0 adds a lot of
> functionality, we agreed that we will not publish FreeIPA 4.0 in stable
> Fedora 20 updates now.
>
> When releasing 4.0, we need to:
> 1) Prepare a COPR build
On 07/04/2014 04:57 PM, Martin Kosek wrote:
Hello developers!
I would like to thank everyone for the hard work during the last weeks,
when finishing the FreeIPA 4.0 release, I saw many last stabilization
fixes in DNS, OTP, ACIs, upgrade and Web UI areas.
The last major work that is still not pu
Given that Fedora 20 is now in stable phase and FreeIPA 4.0 adds a lot of
functionality, we agreed that we will not publish FreeIPA 4.0 in stable Fedora
20 updates now.
When releasing 4.0, we need to:
1) Prepare a COPR build for Fedora 20 with all dependencies that are not in
Fedora 20 yet. AF
Hello developers!
I would like to thank everyone for the hard work during the last weeks, when
finishing the FreeIPA 4.0 release, I saw many last stabilization fixes in DNS,
OTP, ACIs, upgrade and Web UI areas.
The last major work that is still not pushed is the CA management tool.
Unfortuna
- Bump 389-ds-base requires to fix the deref call with new ACIs:
https://fedorahosted.org/freeipa/ticket/4389
- Bump bind-dyndb-ldap Conflicts to fetch the DNSSEC capability
- Bump selinux-policy to fix the CRL retrieval:
https://fedorahosted.org/freeipa/ticket/4369
- Remove conditionals for F
Just tests to avoid regressions in future.
Patches attached
--
Martin^2 Basti
>From 37a054a8afad4be000dddc090e200d3793cb7947 Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Fri, 4 Jul 2014 14:11:58 +0200
Subject: [PATCH 1/3] Test DNS: test zone normalization
---
ipatests/test_xmlrpc/test_dns
On 4.7.2014 16:10, Petr Spacek wrote:
On 4.7.2014 16:07, Martin Kosek wrote:
On 07/03/2014 03:06 PM, Petr Vobornik wrote:
On 3.7.2014 08:13, Fraser Tweedale wrote:
On Wed, Jul 02, 2014 at 04:14:13PM +0200, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/4418
according to latest
On 4.7.2014 16:14, Martin Basti wrote:
On Fri, 2014-07-04 at 16:12 +0200, Petr Spacek wrote:
On 3.7.2014 15:30, Petr Vobornik wrote:
API responses can contain warnings in "messages" array. This patch
also adds support for displaying multiple notifications at the same
time in order to show the m
On Fri, 2014-07-04 at 16:12 +0200, Petr Spacek wrote:
> On 3.7.2014 15:30, Petr Vobornik wrote:
> > API responses can contain warnings in "messages" array. This patch
> > also adds support for displaying multiple notifications at the same
> > time in order to show the message and a status of finish
On 3.7.2014 15:30, Petr Vobornik wrote:
API responses can contain warnings in "messages" array. This patch
also adds support for displaying multiple notifications at the same
time in order to show the message and a status of finished operation.
Notes:
- was implemented because of
https://git.fed
On 07/04/2014 04:03 PM, Petr Spacek wrote:
On 4.7.2014 14:17, Martin Basti wrote:
On Fri, 2014-07-04 at 13:10 +0200, Martin Basti wrote:
Ticket: https://fedorahosted.org/freeipa/ticket/4422
Classless reverse zone contains '/' which disallow to add managed
permission.
This should be in IPA 4.0
On 4.7.2014 16:07, Martin Kosek wrote:
On 07/03/2014 03:06 PM, Petr Vobornik wrote:
On 3.7.2014 08:13, Fraser Tweedale wrote:
On Wed, Jul 02, 2014 at 04:14:13PM +0200, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/4418
according to latest
proposal:http://www.redhat.com/archives
On 4.7.2014 14:49, Petr Viktorin wrote:
Hello,
The dns-is-enabled command, used by the Web UI to determine if DNS pages
should be displayed, queries '(&(objectClass=ipaConfigObject)(cn=DNS))' in
cn=masters. However, currently the service entries are not accessible to all
users, so the check will
On 07/03/2014 03:06 PM, Petr Vobornik wrote:
On 3.7.2014 08:13, Fraser Tweedale wrote:
On Wed, Jul 02, 2014 at 04:14:13PM +0200, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/4418
according to latest
proposal:http://www.redhat.com/archives/freeipa-devel/2014-June/msg00839.html
-
On 4.7.2014 14:17, Martin Basti wrote:
On Fri, 2014-07-04 at 13:10 +0200, Martin Basti wrote:
Ticket: https://fedorahosted.org/freeipa/ticket/4422
Classless reverse zone contains '/' which disallow to add managed
permission.
This should be in IPA 4.0 (If ACKed before release)
IPA 3.3.5 support
On 07/04/2014 03:55 PM, Petr Viktorin wrote:
On 07/04/2014 03:40 PM, Martin Kosek wrote:
On 07/04/2014 02:49 PM, Petr Viktorin wrote:
Hello,
The dns-is-enabled command, used by the Web UI to determine if DNS
pages should
be displayed, queries '(&(objectClass=ipaConfigObject)(cn=DNS))' in
cn=ma
On 07/04/2014 03:40 PM, Martin Kosek wrote:
On 07/04/2014 02:49 PM, Petr Viktorin wrote:
Hello,
The dns-is-enabled command, used by the Web UI to determine if DNS
pages should
be displayed, queries '(&(objectClass=ipaConfigObject)(cn=DNS))' in
cn=masters.
However, currently the service entries
On 07/04/2014 12:14 PM, Petr Viktorin wrote:
Some months ago, when working on the schema updater, I broke the 'replace'
directive in ldapupdater. Luckily the regression didn't make it to a released
version.
Here is a fix.
Good catch! Oh, the memories when I look at my old enhanced schema updat
On Fri, 2014-07-04 at 15:30 +0200, Petr Viktorin wrote:
> On 07/04/2014 03:20 PM, Martin Basti wrote:
> > On Fri, 2014-07-04 at 15:13 +0200, Jan Cholasta wrote:
> >> On 4.7.2014 13:34, Martin Basti wrote:
> >>> Hi list,
> >>>
> >>> I need increase version number in ipa-3-3 branch to 2.66, but 2.66
On 07/04/2014 02:49 PM, Petr Viktorin wrote:
Hello,
The dns-is-enabled command, used by the Web UI to determine if DNS pages should
be displayed, queries '(&(objectClass=ipaConfigObject)(cn=DNS))' in cn=masters.
However, currently the service entries are not accessible to all users, so the
check
On 07/04/2014 03:30 PM, Petr Viktorin wrote:
On 07/04/2014 03:20 PM, Martin Basti wrote:
On Fri, 2014-07-04 at 15:13 +0200, Jan Cholasta wrote:
On 4.7.2014 13:34, Martin Basti wrote:
Hi list,
I need increase version number in ipa-3-3 branch to 2.66, but 2.66 is
already used in ipa-master bran
On 07/04/2014 03:20 PM, Martin Basti wrote:
On Fri, 2014-07-04 at 15:13 +0200, Jan Cholasta wrote:
On 4.7.2014 13:34, Martin Basti wrote:
Hi list,
I need increase version number in ipa-3-3 branch to 2.66, but 2.66 is
already used in ipa-master branch (2.66 Add support for managing user
auth ty
On 07/04/2014 03:20 PM, Martin Basti wrote:
On Fri, 2014-07-04 at 15:13 +0200, Jan Cholasta wrote:
On 4.7.2014 13:34, Martin Basti wrote:
Hi list,
I need increase version number in ipa-3-3 branch to 2.66, but 2.66 is
already used in ipa-master branch (2.66 Add support for managing user
auth ty
On Fri, 2014-07-04 at 15:13 +0200, Jan Cholasta wrote:
> On 4.7.2014 13:34, Martin Basti wrote:
> > Hi list,
> >
> > I need increase version number in ipa-3-3 branch to 2.66, but 2.66 is
> > already used in ipa-master branch (2.66 Add support for managing user
> > auth types). Fortunately it is ver
On 07/04/2014 01:34 PM, Martin Basti wrote:
Hi list,
I need increase version number in ipa-3-3 branch to 2.66, but 2.66 is
already used in ipa-master branch (2.66 Add support for managing user
auth types). Fortunately it is very minor change so If I don't increase
the version nothing happens.
H
On 4.7.2014 13:34, Martin Basti wrote:
Hi list,
I need increase version number in ipa-3-3 branch to 2.66, but 2.66 is
already used in ipa-master branch (2.66 Add support for managing user
auth types). Fortunately it is very minor change so If I don't increase
the version nothing happens.
How to
On 4.7.2014 14:49, Petr Viktorin wrote:
Hello,
The dns-is-enabled command, used by the Web UI to determine if DNS pages
should be displayed, queries '(&(objectClass=ipaConfigObject)(cn=DNS))' in
cn=masters. However, currently the service entries are not accessible to all
users, so the check will
Hello,
The dns-is-enabled command, used by the Web UI to determine if DNS pages
should be displayed, queries '(&(objectClass=ipaConfigObject)(cn=DNS))'
in cn=masters. However, currently the service entries are not accessible
to all users, so the check will fail for non-admins.
We talked abou
On Fri, 2014-07-04 at 13:10 +0200, Martin Basti wrote:
> Ticket: https://fedorahosted.org/freeipa/ticket/4422
> Classless reverse zone contains '/' which disallow to add managed
> permission.
>
> This should be in IPA 4.0 (If ACKed before release)
>
> IPA 3.3.5 supports classless reverse zones to
On 4.7.2014 13:34, Martin Basti wrote:
Hi list,
I need increase version number in ipa-3-3 branch to 2.66, but 2.66 is
already used in ipa-master branch (2.66 Add support for managing user
auth types). Fortunately it is very minor change so If I don't increase
the version nothing happens.
How to
Hi list,
I need increase version number in ipa-3-3 branch to 2.66, but 2.66 is
already used in ipa-master branch (2.66 Add support for managing user
auth types). Fortunately it is very minor change so If I don't increase
the version nothing happens.
How to solve this problem? Don't increase the v
Ticket: https://fedorahosted.org/freeipa/ticket/4422
Classless reverse zone contains '/' which disallow to add managed
permission.
This should be in IPA 4.0 (If ACKed before release)
IPA 3.3.5 supports classless reverse zones too. Should be this patch
applied to 3.3.x too?
Both patches attached
On Fri, 2014-07-04 at 12:51 +0200, Petr Viktorin wrote:
> On 07/03/2014 09:24 PM, Petr Spacek wrote:
> > On 3.7.2014 19:00, Martin Basti wrote:
> >> Patch attached
> >
> > Congratulations! I wasn't able to find any bug in this ;-)
> >
> > ACK from functional perspective.
> >
> > It can be pushed if
On 07/03/2014 09:24 PM, Petr Spacek wrote:
On 3.7.2014 19:00, Martin Basti wrote:
Patch attached
Congratulations! I wasn't able to find any bug in this ;-)
ACK from functional perspective.
It can be pushed if there is no problem with Python side of things.
Martin, I see a lot of code li
On 07/04/2014 12:21 PM, Martin Basti wrote:
On Fri, 2014-07-04 at 12:15 +0200, Petr Viktorin wrote:
On 07/04/2014 09:52 AM, Martin Basti wrote:
Updated patch attached
Almost there.
There's a missing space in the "addifexist" ACI, quite important as the
values are checked byte-for-byte on upd
On Fri, 2014-07-04 at 12:15 +0200, Petr Viktorin wrote:
> On 07/04/2014 09:52 AM, Martin Basti wrote:
> > Updated patch attached
> >
>
> Almost there.
> There's a missing space in the "addifexist" ACI, quite important as the
> values are checked byte-for-byte on updates.
>
> Also, it turns out d
On 07/04/2014 12:09 PM, Petr Spacek wrote:
On 4.7.2014 10:08, Martin Kosek wrote:
On 07/04/2014 10:00 AM, Petr Spacek wrote:
On 4.7.2014 09:34, Martin Kosek wrote:
The permission is required for DNS Administrators as realm domains
object is updated when a master zone is added.
https://fedorah
On 07/04/2014 09:52 AM, Martin Basti wrote:
Updated patch attached
Almost there.
There's a missing space in the "addifexist" ACI, quite important as the
values are checked byte-for-byte on updates.
Also, it turns out dns.ldif (which creates cn=dns) is loaded after
updates, so a line there
Some months ago, when working on the schema updater, I broke the
'replace' directive in ldapupdater. Luckily the regression didn't make
it to a released version.
Here is a fix.
--
PetrĀ³
From 2c5c96abb0989a84e9c2bb4bd3bf642a1da1 Mon Sep 17 00:00:00 2001
From: Petr Viktorin
Date: Fri, 4 Ju
On 4.7.2014 10:08, Martin Kosek wrote:
On 07/04/2014 10:00 AM, Petr Spacek wrote:
On 4.7.2014 09:34, Martin Kosek wrote:
The permission is required for DNS Administrators as realm domains
object is updated when a master zone is added.
https://fedorahosted.org/freeipa/ticket/4423
I can't resi
On 07/04/2014 10:18 AM, Martin Basti wrote:
> Patch attached
Yup, this fixed the test.
ACK. Pushed to master: 52bcf5345c9a920db513ed3fc8c2dc029661ecf2
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listin
Patch attached
--
Martin^2 Basti
>From d9f921c2d2e47cc10af419a1e1041d15640faeac Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Fri, 4 Jul 2014 10:14:36 +0200
Subject: [PATCH] Fix tests dns_realmdomains_integration
Added warning message about forwarders
---
ipatests/test_xmlrpc/test_dns_realm
On 07/04/2014 10:00 AM, Petr Spacek wrote:
> On 4.7.2014 09:34, Martin Kosek wrote:
>> The permission is required for DNS Administrators as realm domains
>> object is updated when a master zone is added.
>>
>> https://fedorahosted.org/freeipa/ticket/4423
>
> I can't resist ;-)
>
> NACK: Build fai
On 4.7.2014 09:34, Martin Kosek wrote:
The permission is required for DNS Administrators as realm domains
object is updated when a master zone is added.
https://fedorahosted.org/freeipa/ticket/4423
I can't resist ;-)
NACK: Build failed.
--- existing ACI.txt
+++ new result
@@ -154,6 +154,8 @@
Updated patch attached
>From b17b048598b09d08c4a5a65adfeeb3ae74a0c50b Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Tue, 1 Jul 2014 17:25:43 +0200
Subject: [PATCH] Fix: Missing ACI for records in 40-dns.update
---
install/updates/40-dns.update | 4 ++--
1 file changed, 2 insertions(+), 2 del
The permission is required for DNS Administrators as realm domains
object is updated when a master zone is added.
https://fedorahosted.org/freeipa/ticket/4423
--
Martin Kosek
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
From 87278e622bb5d80fcb5a406f30873726b13ab73c M
On 07/03/2014 09:41 PM, Petr Spacek wrote:
> On 3.7.2014 19:04, Martin Basti wrote:
>> On Thu, 2014-07-03 at 19:03 +0200, Martin Basti wrote:
>>> Regresion caused by removing validation in DNSName for regular domain
>>> names
>>> In original code before IDNA, zones were normalized
>>> Patch attache
On 07/02/2014 06:20 PM, Petr Viktorin wrote:
> Hello,
>
> Some data is not put in the ipatests package. This prevents OTP token import
> tests from passing when run out of tree.
>
> Fix included.
Thanks, package now contains the test date.
ACK. Pushed to master: 6f2451ce9e68e2425c665f5dc11d0800
55 matches
Mail list logo