On 29/06/15 17:40, Martin Basti wrote:
Attached patch solves issue when DS was restarted but code still tried
to use old invalid connection.
This patch is not needed after reworking CA patches.
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.r
On 2015-06-29 17:28, Petr Vobornik wrote:
> On 06/29/2015 03:22 PM, Fraser Tweedale wrote:
>> On Mon, Jun 29, 2015 at 10:54:50AM +0200, Christian Heimes wrote:
>>> Hello,
>>>
>>> the attached patch fixes the first bug, that was reported by Fraser
>>> today. installutils.remove_file() uses os.path.e
On 29/06/15 16:03, Fraser Tweedale wrote:
On Thu, Jun 25, 2015 at 11:23:01AM +0200, Martin Basti wrote:
On 19/06/15 09:28, Fraser Tweedale wrote:
The attached patches fix upgrade issues when pki is also updated
>from pre 10.2.4.
pki dependency is bumped to 10.2.5 - the official builds should
Attached patch solves issue when DS was restarted but code still tried
to use old invalid connection.
--
Martin Basti
From b6ab7ddc531bf119c1b9c119fa4d725df3714a69 Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Mon, 29 Jun 2015 17:22:24 +0200
Subject: [PATCH] server upgrade: disconnect ldap
On 06/29/2015 03:33 PM, Fraser Tweedale wrote:
On Mon, Jun 29, 2015 at 11:43:32AM +0200, Christian Heimes wrote:
Hello,
the attached patch makes sure that HTTPInstance has an admin_conn LDAP
connection. Without the LDAP connection, HTTPInstance.enable_kdcproxy()
fails.
Christian
ACK; upgrade
On 06/29/2015 03:22 PM, Fraser Tweedale wrote:
On Mon, Jun 29, 2015 at 10:54:50AM +0200, Christian Heimes wrote:
Hello,
the attached patch fixes the first bug, that was reported by Fraser
today. installutils.remove_file() uses os.path.exists() to check if the
file still exists, which in turn us
On 06/29/2015 04:18 PM, Martin Basti wrote:
On 16/06/15 11:42, Ludwig Krispenz wrote:
This patch addresses coverity issues 13290 and 13291
ACK
Pushed to master: 5e92c981b0e433ee28b953d222a1b531b525ff1c
--
Petr Vobornik
--
Manage your subscription for the Freeipa-devel mailing list:
https
On 06/29/2015 04:20 PM, Martin Basti wrote:
On 15/06/15 18:38, Martin Babinsky wrote:
On 05/28/2015 02:55 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:43 +0200, Martin Babinsky wrote:
A small improvement upon simo's fix for
https://fedorahosted.org/freeipa/ticket/4914
--
Martin^3 Babinsky
On 06/29/2015 04:52 PM, Martin Basti wrote:
On 29/06/15 16:48, Fraser Tweedale wrote:
Attached patch fixes a small error in certprofile plugin
documentation.
Thanks,
Fraser
ACK
Pushed to master: 7f923f922a28aa34eb6ee3b0e94c1cba223d285c
--
Petr Vobornik
--
Manage your subscription for the
On 06/29/2015 03:33 PM, David Kupka wrote:
On 15/06/15 19:27, Petr Vobornik wrote:
in other words limit usage of `agreement_dn` method only for manipulation
and search of agreements which are not managed by topology plugin.
For other cases is safer to search for the agreement.
https://fedoraho
On 06/29/2015 03:33 PM, David Kupka wrote:
On 26/06/15 14:15, Petr Vobornik wrote:
On 06/17/2015 02:00 PM, Petr Vobornik wrote:
ipa-replica-manage del now:
- checks the whole current topology(before deletion), reports issues
- simulates deletion of server and checks the topology again, reports
On 06/29/2015 03:33 PM, David Kupka wrote:
On 26/06/15 14:15, Petr Vobornik wrote:
On 06/17/2015 04:11 PM, Petr Vobornik wrote:
On 06/17/2015 02:15 PM, Ludwig Krispenz wrote:
On 06/17/2015 02:04 PM, Petr Vobornik wrote:
With patch "878 topology: check topology in ipa-replica-manage del"
we
On 29/06/15 16:48, Fraser Tweedale wrote:
Attached patch fixes a small error in certprofile plugin
documentation.
Thanks,
Fraser
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
Attached patch fixes a small error in certprofile plugin
documentation.
Thanks,
Fraser
From 6de3a4fd9d3d250e09a75721ef7b7f0831c47ea6 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale
Date: Mon, 29 Jun 2015 10:28:25 -0400
Subject: [PATCH] certprofile: fix doc error
---
ipalib/plugins/certprofile.py
On 15/06/15 18:38, Martin Babinsky wrote:
On 05/28/2015 02:55 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:43 +0200, Martin Babinsky wrote:
A small improvement upon simo's fix for
https://fedorahosted.org/freeipa/ticket/4914
--
Martin^3 Babinsky
LGTM.
Simo.
Anyone else to review this p
On 16/06/15 11:42, Ludwig Krispenz wrote:
This patch addresses coverity issues 13290 and 13291
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contrib
On Thu, Jun 25, 2015 at 11:23:01AM +0200, Martin Basti wrote:
> On 19/06/15 09:28, Fraser Tweedale wrote:
> >The attached patches fix upgrade issues when pki is also updated
> >from pre 10.2.4.
> >
> >pki dependency is bumped to 10.2.5 - the official builds should be
> >done Friday (US time) but it
On 29/06/15 13:46, Jakub Hrozek wrote:
On Fri, Jun 05, 2015 at 11:31:54AM -0600, Gabe Alford wrote:
Thanks. Updated patch attached.
On Fri, Jun 5, 2015 at 9:53 AM, Jakub Hrozek wrote:
On Fri, Jun 05, 2015 at 09:46:05AM -0600, Gabe Alford wrote:
How should
https://www.redhat.com/archives/f
On Mon, Jun 29, 2015 at 11:43:32AM +0200, Christian Heimes wrote:
> Hello,
>
> the attached patch makes sure that HTTPInstance has an admin_conn LDAP
> connection. Without the LDAP connection, HTTPInstance.enable_kdcproxy()
> fails.
>
> Christian
ACK; upgrade from 4.1.4 to master+patch works.
-
On 26/06/15 14:15, Petr Vobornik wrote:
On 06/17/2015 04:11 PM, Petr Vobornik wrote:
On 06/17/2015 02:15 PM, Ludwig Krispenz wrote:
On 06/17/2015 02:04 PM, Petr Vobornik wrote:
With patch "878 topology: check topology in ipa-replica-manage del"
we can use the same logic for POC of
ipa topo
On 26/06/15 14:15, Petr Vobornik wrote:
On 06/17/2015 02:00 PM, Petr Vobornik wrote:
ipa-replica-manage del now:
- checks the whole current topology(before deletion), reports issues
- simulates deletion of server and checks the topology again, reports
issues
Asks admin if he wants to continue w
On 15/06/15 19:27, Petr Vobornik wrote:
in other words limit usage of `agreement_dn` method only for manipulation
and search of agreements which are not managed by topology plugin.
For other cases is safer to search for the agreement.
https://fedorahosted.org/freeipa/ticket/5066
Works for me
On Mon, Jun 29, 2015 at 10:54:50AM +0200, Christian Heimes wrote:
> Hello,
>
> the attached patch fixes the first bug, that was reported by Fraser
> today. installutils.remove_file() uses os.path.exists() to check if the
> file still exists, which in turn uses stat(2). I have modified the
> functi
On 25/06/15 13:46, Petr Spacek wrote:
On 17.6.2015 13:37, Martin Basti wrote:
On 17/06/15 13:26, Petr Spacek wrote:
On 16.6.2015 15:40, Martin Basti wrote:
On 05/06/15 12:54, Petr Spacek wrote:
On 20.5.2015 18:00, Martin Basti wrote:
This patch allows to disable DNSSEC key master on IPA serv
On 06/29/2015 01:36 PM, Tomas Babej wrote:
>
>
> On 06/29/2015 01:14 PM, Martin Basti wrote:
>> On 26/06/15 18:55, Petr Spacek wrote:
>>> Hello,
>>>
>>> attached patches implement a portion of improvements for ticket
>>> https://fedorahosted.org/freeipa/ticket/4657
>>>
>>> It came to my mind that
On 06/26/2015 01:18 PM, Martin Basti wrote:
> On 19/06/15 14:06, Petr Vobornik wrote:
>> Commit 9f049ca14403f3696d54d186e6b1b15181f055df introduced dependency on
>> python-setuptools on line:
>> from pkg_resources import parse_version
>>
>> This dependency is missing on *minimal* installation a
On 06/26/2015 06:05 PM, Petr Vobornik wrote:
> On 06/26/2015 12:41 PM, Petr Spacek wrote:
>> Hello,
>>
>> Add hint how to re-run IPA upgrade.
>>
>
> ACK
Pushed to master: d5a07b50b4d8900c16dd8672e21de34647fff9ec
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.
On 06/29/2015 01:50 PM, thierry bordaz wrote:
> On 06/29/2015 12:47 PM, Martin Basti wrote:
>> On 17/06/15 11:05, Ludwig Krispenz wrote:
>>>
>>> On 06/17/2015 10:35 AM, thierry bordaz wrote:
On 06/17/2015 09:25 AM, Ludwig Krispenz wrote:
> Hi,
> thanks for review, see answers inline.
On 06/29/2015 10:44 AM, Martin Basti wrote:
> On 22/06/15 17:08, thierry bordaz wrote:
>> Add the permission to Stage users administrators to delete already
>> preserved user
>>
>>
>>
>>
>
> ACK
>
> --
> Martin Basti
>
>
>
Pushed to master: ffd6b039a755016c3de22a11fec037eca7180a79
--
Man
On 06/29/2015 12:47 PM, Martin Basti wrote:
On 17/06/15 11:05, Ludwig Krispenz wrote:
On 06/17/2015 10:35 AM, thierry bordaz wrote:
On 06/17/2015 09:25 AM, Ludwig Krispenz wrote:
Hi,
thanks for review, see answers inline.
On 06/16/2015 05:17 PM, thierry bordaz wrote:
On 06/16/2015 11:41 AM,
On 06/29/2015 11:05 AM, Petr Spacek wrote:
> On 29.6.2015 09:22, David Kupka wrote:
>> On 26/06/15 19:45, Rob Crittenden wrote:
>>> Petr Vobornik wrote:
On 06/26/2015 10:54 AM, David Kupka wrote:
> https://fedorahosted.org/freeipa/ticket/5080
>
>
ACK
>>>
>>> Is there a
On Fri, Jun 05, 2015 at 11:31:54AM -0600, Gabe Alford wrote:
> Thanks. Updated patch attached.
>
> On Fri, Jun 5, 2015 at 9:53 AM, Jakub Hrozek wrote:
>
> > On Fri, Jun 05, 2015 at 09:46:05AM -0600, Gabe Alford wrote:
> > > How should
> > > https://www.redhat.com/archives/freeipa-users/2015-Ju
On 06/29/2015 12:24 PM, Martin Basti wrote:
> On 22/06/15 19:48, Rob Crittenden wrote:
>> Add an ACI to allow a host to add its own services. This only grants
>> add access. It can't subsequently delete or modify the entry.
>>
>> This requires 389-ds-1.3.4.0 GA.
>>
>> rob
>>
>>
> ACK
>
> --
> M
On 06/29/2015 01:23 PM, Martin Babinsky wrote:
> On 06/26/2015 05:50 PM, Martin Basti wrote:
>> Patch fixes wrong value for ntUserDomainId and ntUniqueId indicies.
>>
>> Patch attached.
>>
>>
>>
> ACK
>
Pushed to master: 16f47ed4520d4f89db39d1dc58be7a8efb1d8612
--
Manage your subscription for
On 06/29/2015 01:28 PM, Martin Basti wrote:
> On 26/06/15 15:58, Petr Spacek wrote:
>> Hello,
>>
>> Rate-limit while loop in SystemdService.is_active().
>>
>> Previously is_active() was frenetically calling systemctl is_active in
>> tight loop which in fact made the process slower.
>>
> ACK
>
Pus
On 06/04/2015 05:19 PM, Petr Vobornik wrote:
> based on: http://fpaste.org/228856/25049143/
>
> The patch is not tested.
>
> Description:
> 'info' is optional component in LDAPError
>
> http://www.python-ldap.org/doc/html/ldap.html#exceptions
>
>
Pushed to master: 29c01e5ef4d4bb8c608720c3e0
On 06/29/2015 01:14 PM, Martin Basti wrote:
> On 26/06/15 18:55, Petr Spacek wrote:
>> Hello,
>>
>> attached patches implement a portion of improvements for ticket
>> https://fedorahosted.org/freeipa/ticket/4657
>>
>> It came to my mind that it will be better to review them at once - the
>> previ
On 06/26/2015 09:43 AM, Martin Basti wrote:
> On 23/06/15 14:14, Petr Spacek wrote:
>> Hello,
>>
>> Bump minimal BIND version for CentOS.
>>
>> DNSSEC support added dependency on bind-pkcs11 sub-package.
>>
>> https://fedorahosted.org/freeipa/ticket/4657
>>
>>
>>
> ACK
>
> --
> Martin Basti
>
On 04/06/15 17:19, Petr Vobornik wrote:
based on: http://fpaste.org/228856/25049143/
The patch is not tested.
Description:
'info' is optional component in LDAPError
http://www.python-ldap.org/doc/html/ldap.html#exceptions
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-de
On 26/06/15 15:58, Petr Spacek wrote:
Hello,
Rate-limit while loop in SystemdService.is_active().
Previously is_active() was frenetically calling systemctl is_active in
tight loop which in fact made the process slower.
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel ma
On 06/26/2015 05:50 PM, Martin Basti wrote:
Patch fixes wrong value for ntUserDomainId and ntUniqueId indicies.
Patch attached.
ACK
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeI
On 26/06/15 18:55, Petr Spacek wrote:
Hello,
attached patches implement a portion of improvements for ticket
https://fedorahosted.org/freeipa/ticket/4657
It came to my mind that it will be better to review them at once - the
previous threads with my patches 40 and 41 can be abandoned.
I'm sorr
On 17/06/15 11:05, Ludwig Krispenz wrote:
On 06/17/2015 10:35 AM, thierry bordaz wrote:
On 06/17/2015 09:25 AM, Ludwig Krispenz wrote:
Hi,
thanks for review, see answers inline.
On 06/16/2015 05:17 PM, thierry bordaz wrote:
On 06/16/2015 11:41 AM, Ludwig Krispenz wrote:
this patch adresses i
On 22/06/15 19:48, Rob Crittenden wrote:
Add an ACI to allow a host to add its own services. This only grants
add access. It can't subsequently delete or modify the entry.
This requires 389-ds-1.3.4.0 GA.
rob
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing l
Hello,
the attached patch makes sure that HTTPInstance has an admin_conn LDAP
connection. Without the LDAP connection, HTTPInstance.enable_kdcproxy()
fails.
Christian
From b10dc05edb26b10f4364e64d04ca0f41d7f35794 Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Mon, 29 Jun 2015 11:35:07 +02
On 29.6.2015 09:22, David Kupka wrote:
> On 26/06/15 19:45, Rob Crittenden wrote:
>> Petr Vobornik wrote:
>>> On 06/26/2015 10:54 AM, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/5080
>>>
>>> ACK
>>
>> Is there a reason we don't simply start certmonger and quit if it fa
On 2015-06-29 07:31, Fraser Tweedale wrote:
> Hi Christian,
>
> With the kdcproxy change landed, if IPA has been installed and then
> uninstalled, and then freeipa-server package erased or downgraded,
> the /etc/httpd/conf.d/ipa-kdc-proxy.conf symlink remains, and is
> broken, resulting in an inab
Hello,
the attached patch fixes the first bug, that was reported by Fraser
today. installutils.remove_file() uses os.path.exists() to check if the
file still exists, which in turn uses stat(2). I have modified the
function to use os.path.lexists() instead. It doesn't follow symlinks.
Because http
On 22/06/15 17:08, thierry bordaz wrote:
Add the permission to Stage users administrators to delete already
preserved user
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: htt
On 06/23/2015 01:49 PM, Martin Babinsky wrote:
This patchset implements new API commands for manipulating
user/host/service userCertificate attribute alongside some underlying
plumbing.
PATCH 0045 is a small test suite that I slapped together since manual
testing of this stuff is very cumbersome
On 26/06/15 19:45, Rob Crittenden wrote:
Petr Vobornik wrote:
On 06/26/2015 10:54 AM, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/5080
ACK
Is there a reason we don't simply start certmonger and quit if it fails
to start? Woudln't that be friendlier?
rob
Yes. The certmon
51 matches
Mail list logo