Re: [Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin

On Thu, 2014-10-09 at 18:48 +0200, thierry bordaz wrote: > On 10/09/2014 05:51 PM, Nathaniel McCallum wrote: > > > On Thu, 2014-10-09 at 11:44 +0200, thierry bordaz wrote: > > > On 10/09/2014 12:15 AM, Nathaniel McCallum wrote: > > > > > > > On Wed, 2014-10-08 at 17:19 -0400, Simo Sorce wrote: >

Re: [Freeipa-devel] [HELP] Regular users should not be able to add OTP tokens with custom name

On Tue, 2014-10-14 at 10:38 +0200, Jan Cholasta wrote: > Dne 14.10.2014 v 10:23 Petr Viktorin napsal(a): > > On 10/14/2014 08:51 AM, Jan Cholasta wrote: > >> Dne 14.10.2014 v 08:37 Martin Kosek napsal(a): > >>> On 10/13/2014 07:23 PM, Nathaniel McCallum wrote: > On Mon, 2014-10-13 at 12:39 +02

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On 10/14/2014 04:38 PM, Simo Sorce wrote: On Tue, 14 Oct 2014 11:46:47 +0200 Ludwig Krispenz wrote: On 10/10/2014 06:21 PM, Simo Sorce wrote: On Fri, 10 Oct 2014 17:52:15 +0200 Ludwig Krispenz wrote: Hello, this is the current status of my work on #4302, and there are a few pieces still

[Freeipa-devel] New git committers

Hello, I am pleased to announce that Tomas Babej and Jan Cholasta were selected as new members of the git committers group for the main repository. So if your patch is acked, you know who to bug :-) I would recommend both to use the "ipatool" [1] for pushing the changes, it makes the whole job mu

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On Tue, 14 Oct 2014 09:17:46 -0400 Rob Crittenden wrote: > Simo Sorce wrote: > > On Tue, 14 Oct 2014 10:21:57 +0200 > > Ludwig Krispenz wrote: > > > >> we already have ipa-replica-manage and ipa-csreplica-manage, and > >> - I did'n want to integrate the topology management into both and > >> d

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On Tue, 14 Oct 2014 11:46:47 +0200 Ludwig Krispenz wrote: > > On 10/10/2014 06:21 PM, Simo Sorce wrote: > > On Fri, 10 Oct 2014 17:52:15 +0200 > > Ludwig Krispenz wrote: > > > >> Hello, > >> > >> this is the current status of my work on #4302, and there are a few > >> pieces still missing, eg t

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On Tue, 14 Oct 2014 15:10:21 +0200 Ludwig Krispenz wrote: > > On 10/14/2014 02:39 PM, Simo Sorce wrote: > > On Tue, 14 Oct 2014 10:12:24 +0200 > > Ludwig Krispenz wrote: > > > >> ok for me, I was just straightforward reading cn=config to get > >> cn=config info, but I like the idea to do it via

Re: [Freeipa-devel] [PATCH] 0019 Stop dogtag when updating its configuration in, ipa-upgradeconfig

Dne 14.10.2014 v 15:18 David Kupka napsal(a): On 10/14/2014 02:28 PM, Jan Cholasta wrote: Dne 14.10.2014 v 14:19 David Kupka napsal(a): On 10/14/2014 01:39 PM, Jan Cholasta wrote: Dne 14.10.2014 v 12:47 David Kupka napsal(a): On 10/10/2014 03:24 PM, Jan Cholasta wrote: Dne 8.10.2014 v 12

Re: [Freeipa-devel] Thesis - Gnome Keyring Key Storage in Vault/KRA

On Tue, 14 Oct 2014 13:21:53 +0200 Martin Kosek wrote: > On 10/13/2014 07:37 PM, Simo Sorce wrote: > > On Mon, 13 Oct 2014 13:24:10 +0200 > > Martin Kosek wrote: > > > >> Hello all, > >> > >> Last week me, Jakub and Stef discussed a design for a candidate > >> for a FreeIPA&Gnome keyring relate

Re: [Freeipa-devel] [PATCH] 0019 Stop dogtag when updating its configuration in, ipa-upgradeconfig

On 10/14/2014 02:28 PM, Jan Cholasta wrote: Dne 14.10.2014 v 14:19 David Kupka napsal(a): On 10/14/2014 01:39 PM, Jan Cholasta wrote: Dne 14.10.2014 v 12:47 David Kupka napsal(a): On 10/10/2014 03:24 PM, Jan Cholasta wrote: Dne 8.10.2014 v 12:36 David Kupka napsal(a): On 10/08/2014 09:29

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

Simo Sorce wrote: > On Tue, 14 Oct 2014 10:21:57 +0200 > Ludwig Krispenz wrote: > >> we already have ipa-replica-manage and ipa-csreplica-manage, and >> - I did'n want to integrate the topology management into both and >> duplicate code >> - there is much change on the way to refactor the ipa co

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On 10/14/2014 02:39 PM, Simo Sorce wrote: On Tue, 14 Oct 2014 10:12:24 +0200 Ludwig Krispenz wrote: ok for me, I was just straightforward reading cn=config to get cn=config info, but I like the idea to do it via rootdse. we have to expose the suffix(es) controlled by the topology plugin and t

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On Tue, 14 Oct 2014 10:21:57 +0200 Ludwig Krispenz wrote: > we already have ipa-replica-manage and ipa-csreplica-manage, and > - I did'n want to integrate the topology management into both and > duplicate code > - there is much change on the way to refactor the ipa commands, to > move code into

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On Tue, 14 Oct 2014 10:12:24 +0200 Ludwig Krispenz wrote: > ok for me, I was just straightforward reading cn=config to get > cn=config info, but I like the idea to do it via rootdse. > we have to expose the suffix(es) controlled by the topology plugin > and the entry point for the shared config i

Re: [Freeipa-devel] [PATCH] 0019 Stop dogtag when updating its configuration in, ipa-upgradeconfig

Dne 14.10.2014 v 14:19 David Kupka napsal(a): On 10/14/2014 01:39 PM, Jan Cholasta wrote: Dne 14.10.2014 v 12:47 David Kupka napsal(a): On 10/10/2014 03:24 PM, Jan Cholasta wrote: Dne 8.10.2014 v 12:36 David Kupka napsal(a): On 10/08/2014 09:29 AM, Jan Cholasta wrote: Hi, Dne 8.10.2014

Re: [Freeipa-devel] [PATCH] 0019 Stop dogtag when updating its configuration in, ipa-upgradeconfig

On 10/14/2014 01:39 PM, Jan Cholasta wrote: Dne 14.10.2014 v 12:47 David Kupka napsal(a): On 10/10/2014 03:24 PM, Jan Cholasta wrote: Dne 8.10.2014 v 12:36 David Kupka napsal(a): On 10/08/2014 09:29 AM, Jan Cholasta wrote: Hi, Dne 8.10.2014 v 09:09 David Kupka napsal(a): https://fedorah

Re: [Freeipa-devel] [PATCH 0131-0132] Add missing attributes to named.conf

On 10/14/2014 01:44 PM, Petr Spacek wrote: > On 10.10.2014 08:05, David Kupka wrote: >> On 10/03/2014 12:45 PM, Martin Basti wrote: >>> Hello! >>> >>> Patch 131: >>> https://fedorahosted.org/freeipa/ticket/3801#comment:31 >>> >>> Patch 132: >>> I modified named.conf in 131, so I change the rest of

Re: [Freeipa-devel] [PATCH 0131-0132] Add missing attributes to named.conf

On 14.10.2014 13:44, Petr Spacek wrote: On 10.10.2014 08:05, David Kupka wrote: On 10/03/2014 12:45 PM, Martin Basti wrote: Hello! Patch 131: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Patch 132: I modified named.conf in 131, so I change the rest of paths to be ipaplatform specif

Re: [Freeipa-devel] [PATCH 0131-0132] Add missing attributes to named.conf

On 10.10.2014 08:05, David Kupka wrote: On 10/03/2014 12:45 PM, Martin Basti wrote: Hello! Patch 131: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Patch 132: I modified named.conf in 131, so I change the rest of paths to be ipaplatform specified. Patches attached ___

Re: [Freeipa-devel] [PATCH] 0019 Stop dogtag when updating its configuration in, ipa-upgradeconfig

Dne 14.10.2014 v 12:47 David Kupka napsal(a): On 10/10/2014 03:24 PM, Jan Cholasta wrote: Dne 8.10.2014 v 12:36 David Kupka napsal(a): On 10/08/2014 09:29 AM, Jan Cholasta wrote: Hi, Dne 8.10.2014 v 09:09 David Kupka napsal(a): https://fedorahosted.org/freeipa/ticket/4569 In renew_ca_cer

Re: [Freeipa-devel] Thesis - Gnome Keyring Key Storage in Vault/KRA

On 10/13/2014 07:37 PM, Simo Sorce wrote: > On Mon, 13 Oct 2014 13:24:10 +0200 > Martin Kosek wrote: > >> Hello all, >> >> Last week me, Jakub and Stef discussed a design for a candidate for a >> FreeIPA&Gnome keyring related thesis: >> >> https://thesis-managementsystem.rhcloud.com/topic/show/21

Re: [Freeipa-devel] [PATCH] 0019 Stop dogtag when updating its configuration in, ipa-upgradeconfig

On 10/10/2014 03:24 PM, Jan Cholasta wrote: Dne 8.10.2014 v 12:36 David Kupka napsal(a): On 10/08/2014 09:29 AM, Jan Cholasta wrote: Hi, Dne 8.10.2014 v 09:09 David Kupka napsal(a): https://fedorahosted.org/freeipa/ticket/4569 In renew_ca_cert and cainstance.py, dogtag should already be s

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On 10/10/2014 06:21 PM, Simo Sorce wrote: On Fri, 10 Oct 2014 17:52:15 +0200 Ludwig Krispenz wrote: Hello, this is the current status of my work on #4302, and there are a few pieces still missing, eg the management command needs more input checking and error handling, but - I wanted to give

Re: [Freeipa-devel] [PATCH] 0002 Ignore irrelevant subtrees in schema compat plugin

On 10/14/2014 08:46 AM, Alexander Bokovoy wrote: On Wed, 08 Oct 2014, Ludwig Krispenz wrote: Please review attached patch for ticket: https://fedorahosted.org/freeipa/ticket/4586 This reduces the number of internal searches and contention for database locks. Together with DS fix for https://fed

Re: [Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates

On 10/14/2014 09:49 AM, Jan Cholasta wrote: Dne 14.10.2014 v 09:43 David Kupka napsal(a): On 10/14/2014 09:32 AM, Jan Cholasta wrote: Dne 14.10.2014 v 08:55 David Kupka napsal(a): On 10/10/2014 04:04 PM, Jan Cholasta wrote: Hi, Dne 7.10.2014 v 16:56 David Kupka napsal(a): https://fedorahost

[Freeipa-devel] [PATCH] 333 Handle profile changes in dogtag-ipa-ca-renew-agent

Hi, the attached patch fixes . (The original patch was posted at .) How to test: 1. install server 2. run "ipa-certupdate" 3. run "getcert list -d /etc/pki/pki-tomcat

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On 10/14/2014 10:21 AM, Ludwig Krispenz wrote: On 10/10/2014 06:21 PM, Simo Sorce wrote: On Fri, 10 Oct 2014 17:52:15 +0200 Ludwig Krispenz wrote: Hello, this is the current status of my work on #4302, and there are a few pieces still missing, eg the management command needs more input chec

[Freeipa-devel] WFH 2014-10-14

-- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [HELP] Regular users should not be able to add OTP tokens with custom name

Dne 14.10.2014 v 10:23 Petr Viktorin napsal(a): On 10/14/2014 08:51 AM, Jan Cholasta wrote: Dne 14.10.2014 v 08:37 Martin Kosek napsal(a): On 10/13/2014 07:23 PM, Nathaniel McCallum wrote: On Mon, 2014-10-13 at 12:39 +0200, Martin Kosek wrote: Also, few comments to your current patch set (tho

Re: [Freeipa-devel] [HELP] Regular users should not be able to add OTP tokens with custom name

On 10/14/2014 08:51 AM, Jan Cholasta wrote: Dne 14.10.2014 v 08:37 Martin Kosek napsal(a): On 10/13/2014 07:23 PM, Nathaniel McCallum wrote: On Mon, 2014-10-13 at 12:39 +0200, Martin Kosek wrote: Also, few comments to your current patch set (though the patches themselves will probably not land

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On 10/10/2014 06:21 PM, Simo Sorce wrote: On Fri, 10 Oct 2014 17:52:15 +0200 Ludwig Krispenz wrote: Hello, this is the current status of my work on #4302, and there are a few pieces still missing, eg the management command needs more input checking and error handling, but - I wanted to give

Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

On 10/13/2014 08:19 AM, Martin Kosek wrote: On 10/10/2014 06:44 PM, Simo Sorce wrote: On Fri, 10 Oct 2014 18:38:36 +0200 Ludwig Krispenz wrote: On 10/10/2014 06:30 PM, James wrote: On 10 October 2014 12:21, Simo Sorce wrote: First thing, I do not think we want a new command here. If we

Re: [Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates

Dne 14.10.2014 v 09:43 David Kupka napsal(a): On 10/14/2014 09:32 AM, Jan Cholasta wrote: Dne 14.10.2014 v 08:55 David Kupka napsal(a): On 10/10/2014 04:04 PM, Jan Cholasta wrote: Hi, Dne 7.10.2014 v 16:56 David Kupka napsal(a): https://fedorahosted.org/freeipa/ticket/4618 This works, but

Re: [Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates

On 10/14/2014 09:32 AM, Jan Cholasta wrote: Dne 14.10.2014 v 08:55 David Kupka napsal(a): On 10/10/2014 04:04 PM, Jan Cholasta wrote: Hi, Dne 7.10.2014 v 16:56 David Kupka napsal(a): https://fedorahosted.org/freeipa/ticket/4618 This works, but I would prefer if the code did not silently ign

Re: [Freeipa-devel] [PATCH] 0020 Set IPA CA for freeipa certificates

Dne 14.10.2014 v 08:55 David Kupka napsal(a): On 10/10/2014 04:04 PM, Jan Cholasta wrote: Hi, Dne 7.10.2014 v 16:56 David Kupka napsal(a): https://fedorahosted.org/freeipa/ticket/4618 This works, but I would prefer if the code did not silently ignore when the CA is not found. Honza Ok, mo