Re: [Freeipa-devel] [PATCH 0066] Make ipatokenTOTPwatermark a required attribute

On 09/18/2014 08:27 PM, Simo Sorce wrote: On Thu, 18 Sep 2014 14:22:07 -0400 Nathaniel McCallum wrote: On Thu, 2014-09-18 at 14:18 -0400, Simo Sorce wrote: On Thu, 18 Sep 2014 13:56:44 -0400 Nathaniel McCallum wrote: -objectClasses: (2.16.840.1.113730.3.8.16.2.2 NAME 'ipatokenTOTP' SUP

Re: [Freeipa-devel] [PATCHES 0114-0115, 0120-0121, 0123-0125] DNS: allow to add root zone '.'

On 16/09/14 10:29, Petr Spacek wrote: On 16.9.2014 10:09, Martin Kosek wrote: On 09/16/2014 09:57 AM, Martin Basti wrote: On 16/09/14 09:32, Martin Basti wrote: On 15/09/14 20:31, Martin Kosek wrote: On 09/15/2014 05:16 PM, Martin Basti wrote: On 15/09/14 17:10, Petr Spacek wrote: On 12.9.2

Re: [Freeipa-devel] [PATCH] 0105 FIX: LDAP_updater

On 01/09/14 16:31, Martin Basti wrote: On 24/07/14 09:06, Martin Basti wrote: On 23/07/14 15:17, Martin Basti wrote: This patch fixes ordering problem of schema updates Martin should it be in IPA 4.0.x ? It requires rebased ldap_python (will be in Fedora 21) Patch attached I found a bug t

Re: [Freeipa-devel] [PATCH 0116] Refactoring of service autobind

On 01/09/14 16:26, Martin Basti wrote: On 28/08/14 14:01, Jan Cholasta wrote: Hi, Dne 27.8.2014 v 15:22 Martin Basti napsal(a): Patch attached. 1) Please rename object_exists to entry_exists. 2) Use empty attribute list in get_entry() in object_exists/entry_exists. 3) Please update LD

Re: [Freeipa-devel] [PATCH 0118] Allow to disable service (in LDAP)

On 02/09/14 11:59, Martin Basti wrote: On 02/09/14 09:10, Jan Cholasta wrote: Hi, Dne 1.9.2014 v 16:57 Martin Basti napsal(a): This patch allows to disable service in LDAP to prevents service to be started by "ipactl restart" Required by DNSSEC Patch attached I don't think the extra argume

[Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

Hello list, I need to use systemd mask/unmask in ipa service. But as Honza wrote: "IMO masking/unmasking should be part of disabling/enabling a service in systemd. AFAIK in most other init systems when you disable a service, it has the same effect as masking the service in systemd - it will ne

Re: [Freeipa-devel] [PATCHES 0114-0115, 0120-0121, 0123-0125] DNS: allow to add root zone '.'

I did not review, just found something that hit me in the eyes: On 09/19/2014 01:25 PM, Martin Basti wrote: +class OptionDeprecatedWarning(PublicMessage): +""" +**13004** Used when user uses a deprecated option +""" + +errno = 13004 +type = "warning" +format = _(u"'%(opt

Re: [Freeipa-devel] [PATCH 0116] Refactoring of service autobind

Dne 19.9.2014 v 13:32 Martin Basti napsal(a): On 01/09/14 16:26, Martin Basti wrote: On 28/08/14 14:01, Jan Cholasta wrote: Hi, Dne 27.8.2014 v 15:22 Martin Basti napsal(a): Patch attached. 1) Please rename object_exists to entry_exists. 2) Use empty attribute list in get_entry() in obje

[Freeipa-devel] [PATCH] 749-754 webui: new ID views section

Hello, attached patches implements Web UI part of ID Views. Backend is currently on review as well - thread "[PATCHES 247-259] ID views - management part". https://fedorahosted.org/freeipa/ticket/4535 I expect that backed can change and that the UI might influence it as well. Therefore no U

Re: [Freeipa-devel] [PATCH 0116] Refactoring of service autobind

On 19/09/14 14:30, Jan Cholasta wrote: Dne 19.9.2014 v 13:32 Martin Basti napsal(a): On 01/09/14 16:26, Martin Basti wrote: On 28/08/14 14:01, Jan Cholasta wrote: Hi, Dne 27.8.2014 v 15:22 Martin Basti napsal(a): Patch attached. 1) Please rename object_exists to entry_exists. 2) Use emp

Re: [Freeipa-devel] [PATCH 0118] Allow to disable service (in LDAP)

Dne 19.9.2014 v 13:33 Martin Basti napsal(a): On 02/09/14 11:59, Martin Basti wrote: On 02/09/14 09:10, Jan Cholasta wrote: Hi, Dne 1.9.2014 v 16:57 Martin Basti napsal(a): This patch allows to disable service in LDAP to prevents service to be started by "ipactl restart" Required by DNSSEC

Re: [Freeipa-devel] [PATCH 0116] Refactoring of service autobind

Dne 19.9.2014 v 14:39 Martin Basti napsal(a): On 19/09/14 14:30, Jan Cholasta wrote: Dne 19.9.2014 v 13:32 Martin Basti napsal(a): On 01/09/14 16:26, Martin Basti wrote: On 28/08/14 14:01, Jan Cholasta wrote: Hi, Dne 27.8.2014 v 15:22 Martin Basti napsal(a): Patch attached. 1) Please ren

[Freeipa-devel] [PATCH 0298-0302] Implement handling of inactive master zones

Hello, This patch set fixes https://fedorahosted.org/bind-dyndb-ldap/ticket/127 https://bugzilla.redhat.com/show_bug.cgi?id=1138317 Please review it ASAP, it targets IPA 4.1/Fedora 21. Tomas and Martin, please communicate who is going to review what :-) Thank you for your time! -- Petr^2 Spac

Re: [Freeipa-devel] [PATCH] 0015-16 Allow multiple krbprincipalnames + test

On 09/18/2014 09:42 PM, Martin Kosek wrote: On 09/18/2014 09:11 PM, Simo Sorce wrote: On Thu, 18 Sep 2014 14:57:45 -0400 Rob Crittenden wrote: Martin Kosek wrote: On 09/18/2014 04:06 PM, David Kupka wrote: On 09/18/2014 03:44 PM, Rob Crittenden wrote: David Kupka wrote: https://fedorahost

Re: [Freeipa-devel] [PATCH] 0015-16 Allow multiple krbprincipalnames + test

On Fri, 19 Sep 2014 15:55:15 +0200 Martin Kosek wrote: > On 09/18/2014 09:42 PM, Martin Kosek wrote: > > On 09/18/2014 09:11 PM, Simo Sorce wrote: > >> On Thu, 18 Sep 2014 14:57:45 -0400 > >> Rob Crittenden wrote: > >> > >>> Martin Kosek wrote: > On 09/18/2014 04:06 PM, David Kupka wrote: >

[Freeipa-devel] [PATCH 0126 - 0127] DNS: remove --class option

Ticket: https://fedorahosted.org/freeipa/ticket/3414 Patch attached. -- Martin Basti From 7504e4eb46698f0d260e2e4a0582d3bef9d40696 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Fri, 19 Sep 2014 16:05:40 +0200 Subject: [PATCH 1/2] DNS: remove --class option This option haven't been working,

Re: [Freeipa-devel] [PATCHES 0114-0115, 0120-0121, 0123-0125] DNS: allow to add root zone '.'

On 19/09/14 13:54, Martin Kosek wrote: I did not review, just found something that hit me in the eyes: On 09/19/2014 01:25 PM, Martin Basti wrote: +class OptionDeprecatedWarning(PublicMessage): +""" +**13004** Used when user uses a deprecated option +""" + +errno = 13004 +t

Re: [Freeipa-devel] [PATCH 0066] Make ipatokenTOTPwatermark a required attribute

On Fri, 19 Sep 2014 09:08:46 +0200 Ludwig Krispenz wrote: > > On 09/18/2014 08:27 PM, Simo Sorce wrote: > > On Thu, 18 Sep 2014 14:22:07 -0400 > > Nathaniel McCallum wrote: > > > >> On Thu, 2014-09-18 at 14:18 -0400, Simo Sorce wrote: > >>> On Thu, 18 Sep 2014 13:56:44 -0400 > >>> Nathaniel McC

Re: [Freeipa-devel] [PATCH 0066] Make ipatokenTOTPwatermark a required attribute

On 19.9.2014 17:06, Simo Sorce wrote: On Fri, 19 Sep 2014 09:08:46 +0200 Ludwig Krispenz wrote: On 09/18/2014 08:27 PM, Simo Sorce wrote: On Thu, 18 Sep 2014 14:22:07 -0400 Nathaniel McCallum wrote: On Thu, 2014-09-18 at 14:18 -0400, Simo Sorce wrote: On Thu, 18 Sep 2014 13:56:44 -0400 N

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

Martin Basti wrote: > Hello list, > > I need to use systemd mask/unmask in ipa service. > > But as Honza wrote: > "IMO masking/unmasking should be part of disabling/enabling a service in > systemd. AFAIK in most other init systems when you disable a service, it > has the same effect as masking th

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

On 09/19/2014 05:23 PM, Rob Crittenden wrote: Martin Basti wrote: Hello list, I need to use systemd mask/unmask in ipa service. But as Honza wrote: "IMO masking/unmasking should be part of disabling/enabling a service in systemd. AFAIK in most other init systems when you disable a service, it

Re: [Freeipa-devel] Should mask/unmask be part of disabling/enabling services in systemd?

On Fri, 19 Sep 2014 17:50:16 +0200 Martin Kosek wrote: > On 09/19/2014 05:23 PM, Rob Crittenden wrote: > > Martin Basti wrote: > >> Hello list, > >> > >> I need to use systemd mask/unmask in ipa service. > >> > >> But as Honza wrote: > >> "IMO masking/unmasking should be part of disabling/enablin

[Freeipa-devel] [PATCH] 0645 ipa-replica-prepare: Wait for the DNS entry to be resolvable

https://fedorahosted.org/freeipa/ticket/4551 See ticket & commit message for details. -- Petr³ From 2247f62f84ae098451b57fd274b1c87be61ff507 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 19 Sep 2014 15:57:44 +0200 Subject: [PATCH] ipa-replica-prepare: Wait for the DNS entry to be reso

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

The attached version of the patch should solve all of these issues. It should also be more performant and use less memory. Nathaniel On Wed, 2014-09-17 at 15:33 +0200, thierry bordaz wrote: > On 09/15/2014 09:05 PM, Nathaniel McCallum wrote: > > > This plugin ensures that all counter/watermark

Re: [Freeipa-devel] [PATCH 0066] Make ipatokenTOTPwatermark a required attribute

On Thu, 2014-09-18 at 14:27 -0400, Simo Sorce wrote: > On Thu, 18 Sep 2014 14:22:07 -0400 > Nathaniel McCallum wrote: > > > On Thu, 2014-09-18 at 14:18 -0400, Simo Sorce wrote: > > > On Thu, 18 Sep 2014 13:56:44 -0400 > > > Nathaniel McCallum wrote: > > > > > > > -objectClasses: (2.16.840.1.11

Re: [Freeipa-devel] [PATCH 0062] Use delete/add for OTP counter/watermark updates

On Thu, 2014-09-18 at 14:20 -0400, Simo Sorce wrote: > On Thu, 18 Sep 2014 13:59:34 -0400 > Nathaniel McCallum wrote: > > > On Thu, 2014-09-18 at 14:00 +0200, Petr Vobornik wrote: > > > On 15.9.2014 21:08, Nathaniel McCallum wrote: > > > > On Thu, 2014-08-28 at 22:54 -0400, Nathaniel McCallum wro

[Freeipa-devel] [PATCH 0067] Use stack allocation when writing values during otp auth

This is an optimization from patch 0062 (rescinded) which I think is worth keeping. There is no ticket for this. From dd4f5f4849d99cabcc65f9d5bd53e9c8e1ce74df Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Fri, 19 Sep 2014 12:17:32 -0400 Subject: [PATCH] Use stack allocation when writing

[Freeipa-devel] [PATCH 0068] Move OTP synchronization step to after counter writeback

This prevents synchronization when an authentication collision occurs. https://fedorahosted.org/freeipa/ticket/4493 NOTE: this patch is related to the above ticket, but does not solve it. For the solution, please see patch 0064. This behavior fix is from patch 0062 (rescinded) and is worth keepin

[Freeipa-devel] [PATCH] 0647 test_permission_plugin: Check legacy permissions

This has been wrong for some time, now I got around to fixing it properly. It should go to all branches (4.0, 4.1, master). -- Petr³ From e069d262fd7021a3a6841065654de4f32eae4c71 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 19 Sep 2014 12:34:14 +0200 Subject: [PATCH] test_permission_

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

This new version fixes a small style issue pointed out to me by richm (thanks!). On Fri, 2014-09-19 at 13:39 -0400, Nathaniel McCallum wrote: > The attached version of the patch should solve all of these issues. It > should also be more performant and use less memory. > > Nathaniel > > > On Wed

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

Hello Nathaniel, sanitize_input translates MOD/REPLACE into MOD/DEL+MOD/ADD. It looks good but difficult to think to all possible cases. I think to the following corner case: The initial entry has ipatokenHOTPcounter=5 ldapmodify.. changetype: modify add: ipatokenHOTPcounter

Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

On Sat, 20 Sep 2014 00:25:34 +0200 thierry bordaz wrote: > Hello Nathaniel, > > sanitize_input translates MOD/REPLACE into MOD/DEL+MOD/ADD. It > looks good but difficult to think to all possible cases. > I think to the following corner case: > The initial entry has ipatokenHOTPcounte