Re: [Freeipa-devel] [PATCH 0067] ipa-cacert-renew: Fix connection to ldap.

On 19.11.2015 17:28, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5468 ipa-cacert-manage is not the only code which uses ldap2 this way. It would be better to find the root cause of this rather than working around it. -- Jan Cholasta -- Manage your subscription for the Freeip

[Freeipa-devel] [PATCH 0098-0099] domain level 1 topology checks during IPA server uninstall

These two patches fix the following tickets: https://fedorahosted.org/freeipa/ticket/5377 https://fedorahosted.org/freeipa/ticket/5409 I have added a new option '--ignore-disconnected-topology' which forces IPA master uninstall despite reported errors in topology. I'm not quite sure if we want

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

On Thu, 2015-11-19 at 15:43 +0100, Jan Cholasta wrote: > Hi, > > the attached patches fix > and . > > I worked around the issue of checking if the user is privileged to > perform replica promotion by us

[Freeipa-devel] [PATCH 0067] ipa-cacert-renew: Fix connection to ldap.

https://fedorahosted.org/freeipa/ticket/5468 -- David Kupka From 818ec6b7729867ae9e22b24aad3b306046d2f37d Mon Sep 17 00:00:00 2001 From: David Kupka Date: Thu, 19 Nov 2015 16:13:38 + Subject: [PATCH] ipa-cacert-renew: Fix connection to ldap. https://fedorahosted.org/freeipa/ticket/5468 ---

Re: [Freeipa-devel] [PATCH 0352] fix caching in get_ipa_config

On 19.11.2015 13:29, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5463 Patch attached. Thanks, ACK. Pushed to: master: 7f0d018c66da1fe2adedd45aa9f5a63c913e4527 ipa-4-2: 0ca4c1db3ee6d9366f447d0d704fa56d98e366b4 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel

[Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

Hi, the attached patches fix and . I worked around the issue of checking if the user is privileged to perform replica promotion by using host credentials instead. The host must be a member of the IPA

Re: [Freeipa-devel] [PATCH 0097] fix critical error messages when adding KRA container that already exists

On 19.11.2015 14:47, Martin Babinsky wrote: On 11/19/2015 02:31 PM, Jan Cholasta wrote: On 19.11.2015 11:23, Martin Babinsky wrote: On 11/19/2015 10:50 AM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5346 Attaching updated patches. 1) It seems the self._ldap_disconnect

Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part

On 19/11/15 12:54, Martin Basti wrote: On 18.11.2015 16:10, Martin Basti wrote: On 12.11.2015 12:39, Martin Basti wrote: On 27.10.2015 14:59, Martin Basti wrote: On 20.10.2015 18:46, Martin Basti wrote: On 20.10.2015 16:07, Martin Basti wrote: On 20.10.2015 15:57, Martin Basti wr

Re: [Freeipa-devel] [PATCH 0332] fix user post_callback

On 12/11/15 12:36, Martin Basti wrote: On 21.10.2015 11:14, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5387 Patch attached. Fix for this ticket has been implemented in patch mbasti-0331-2 Attached patch contains only common postcallback code to from user and stageuser to

Re: [Freeipa-devel] [PATCH 0097] fix critical error messages when adding KRA container that already exists

On 11/19/2015 02:31 PM, Jan Cholasta wrote: On 19.11.2015 11:23, Martin Babinsky wrote: On 11/19/2015 10:50 AM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5346 Attaching updated patches. 1) It seems the self._ldap_disconnect() was actually necessary: cannot conne

Re: [Freeipa-devel] [PATCH 0350] raise time limit for ldapsearch in upgrade

On 11/19/2015 01:08 PM, Martin Basti wrote: On 18.11.2015 14:26, Martin Basti wrote: On 18.11.2015 14:24, Martin Kosek wrote: On 11/18/2015 02:18 PM, Martin Basti wrote: On 18.11.2015 13:55, Martin Kosek wrote: On 11/18/2015 01:30 PM, Martin Basti wrote: +DEFAULT_TIME_LIMIT = -1.0 +

Re: [Freeipa-devel] [PATCH 0097] fix critical error messages when adding KRA container that already exists

On 19.11.2015 11:23, Martin Babinsky wrote: On 11/19/2015 10:50 AM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5346 Attaching updated patches. 1) It seems the self._ldap_disconnect() was actually necessary: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-ABC-IDM-L

Re: [Freeipa-devel] [PATCH 0350] raise time limit for ldapsearch in upgrade

On 19.11.2015 14:09, Martin Babinsky wrote: On 11/19/2015 01:08 PM, Martin Basti wrote: On 18.11.2015 14:26, Martin Basti wrote: On 18.11.2015 14:24, Martin Kosek wrote: On 11/18/2015 02:18 PM, Martin Basti wrote: On 18.11.2015 13:55, Martin Kosek wrote: On 11/18/2015 01:30 PM, Martin B

[Freeipa-devel] [PATCH 0352] fix caching in get_ipa_config

https://fedorahosted.org/freeipa/ticket/5463 Patch attached. From 6f8bbe74a667586b4a3474c88d05b3ea26e22146 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 19 Nov 2015 13:25:49 +0100 Subject: [PATCH] fix caching in get_ipa_config Different opbject types were compared thus always result of

Re: [Freeipa-devel] [PATCH 0350] raise time limit for ldapsearch in upgrade

On 18.11.2015 14:26, Martin Basti wrote: On 18.11.2015 14:24, Martin Kosek wrote: On 11/18/2015 02:18 PM, Martin Basti wrote: On 18.11.2015 13:55, Martin Kosek wrote: On 11/18/2015 01:30 PM, Martin Basti wrote: +DEFAULT_TIME_LIMIT = -1.0 +DEFAULT_SIZE_LIMIT = 0 ... i

Re: [Freeipa-devel] [PATCH 506] cert renewal: make renewal of ipaCert atomic

On 19.11.2015 13:01, David Kupka wrote: On 18/11/15 14:10, Jan Cholasta wrote: On 10.11.2015 19:19, Rob Crittenden wrote: Jan Cholasta wrote: On 9.11.2015 16:51, Rob Crittenden wrote: Jan Cholasta wrote: Hi, the attached patch fixes . Honza

Re: [Freeipa-devel] [PATCH 506] cert renewal: make renewal of ipaCert atomic

On 18/11/15 14:10, Jan Cholasta wrote: On 10.11.2015 19:19, Rob Crittenden wrote: Jan Cholasta wrote: On 9.11.2015 16:51, Rob Crittenden wrote: Jan Cholasta wrote: Hi, the attached patch fixes . Honza There be a note in renew_ra_cert that t

Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part

On 18.11.2015 16:10, Martin Basti wrote: On 12.11.2015 12:39, Martin Basti wrote: On 27.10.2015 14:59, Martin Basti wrote: On 20.10.2015 18:46, Martin Basti wrote: On 20.10.2015 16:07, Martin Basti wrote: On 20.10.2015 15:57, Martin Basti wrote: https://fedorahosted.org/freeipa/t

Re: [Freeipa-devel] [PATCH 0097] fix critical error messages when adding KRA container that already exists

On 11/19/2015 10:50 AM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/5346 Attaching updated patches. -- Martin^3 Babinsky From fa37e2514259d78d1b54c33f18fb95ec8b4a37cf Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Thu, 19 Nov 2015 10:24:40 +0100 Subject: [PATCH] sup

Re: [Freeipa-devel] [PATCH 508] install: export KRA agent PEM file in ipa-kra-install

On 19.11.2015 11:01, Martin Babinsky wrote: On 11/19/2015 09:07 AM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza ACK Thanks. Pushed to: master: 164fb7b1d19ef316d2ec55a8f85876ccf310544f ipa-4-2: 9d4f383a94b28d415396e1529c747c5e5bb

[Freeipa-devel] [PATCH 0351] call directly is_host_resolvable function to verify addresses in NS records

Testing if address is resolvable can be done by directly call of is_host_resovable, instead of call the dns-resolve command which is doing the same (works as proxy). Patch attached. From 19914a0196da6522d75a74ca7f8a196ed2616d7a Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 18 Nov 2015

Re: [Freeipa-devel] [PATCH 0344] Use absolute domain name in detection of A/AAAA records

On 18.11.2015 18:33, Petr Spacek wrote: On 12.11.2015 13:58, Martin Basti wrote: On 09.11.2015 08:47, Petr Spacek wrote: On 4.11.2015 16:16, Martin Basti wrote: Patch attached. https://fedorahosted.org/freeipa/ticket/5421 I'm not entirely sure how this patch will interact with magic inclu

Re: [Freeipa-devel] [PATCH 508] install: export KRA agent PEM file in ipa-kra-install

On 11/19/2015 09:07 AM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeI

[Freeipa-devel] [PATCH 0097] fix critical error messages when adding KRA container that already exists

https://fedorahosted.org/freeipa/ticket/5346 -- Martin^3 Babinsky From cf880b128ca4a4b53b8d70d1dce7d7aadab130c8 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Thu, 19 Nov 2015 10:24:40 +0100 Subject: [PATCH] suppress errors arising from adding existing LDAP entries during KRA install htt

Re: [Freeipa-devel] [TESTS][PATCH 0006] Add comments to stageuser plugin tests

On 11/19/2015 09:30 AM, Lenka Doudova wrote: > On 11/18/2015 04:51 PM, Martin Babinsky wrote: >> On 11/18/2015 02:16 PM, Lenka Doudova wrote: >>> Hi, >>> >>> here's a patch that adds a few comments to stageuser tests in order to >>> allow easier determining of a problem when tests fail. >>> >>> Len

Re: [Freeipa-devel] [TESTS][PATCH 0006] Add comments to stageuser plugin tests

On 11/18/2015 04:51 PM, Martin Babinsky wrote: On 11/18/2015 02:16 PM, Lenka Doudova wrote: Hi, here's a patch that adds a few comments to stageuser tests in order to allow easier determining of a problem when tests fail. Lenka Hi Lenka, Firstly a technical detail: Python indexes lists fr

[Freeipa-devel] [PATCH 508] install: export KRA agent PEM file in ipa-kra-install

Hi, the attached patch fixes . Honza -- Jan Cholasta From d371aa19b35441a408a68034327e302237b71f9e Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 19 Nov 2015 08:50:05 +0100 Subject: [PATCH] install: export KRA agent PEM file in ipa-kra-inst