n accordingly.
Please try to review and comment during today as the window for development is
quickly closing.
LGTM.
[1] http://www.freeipa.org/page/V4/AD_User_Short_Names
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/
aDomainResolutionOrder is not good enough, we could draw some
inspiration from resolv.conf and use e.g. ipaDomainSearchList.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 1.3.2017 14:58, Alexander Bokovoy wrote:
On ke, 01 maalis 2017, Jan Cholasta wrote:
On 1.3.2017 14:05, Alexander Bokovoy wrote:
On ke, 01 maalis 2017, Jan Cholasta wrote:
On 1.3.2017 13:39, Martin Babinsky wrote:
Alexander,
thank you for your comments. Replies inline:
On 02/28/2017 01
On 1.3.2017 14:05, Alexander Bokovoy wrote:
On ke, 01 maalis 2017, Jan Cholasta wrote:
On 1.3.2017 13:39, Martin Babinsky wrote:
Alexander,
thank you for your comments. Replies inline:
On 02/28/2017 01:48 PM, Alexander Bokovoy wrote:
On ti, 28 helmi 2017, Martin Babinsky wrote:
Hello list
I think we can even get away from
this by letting SSSD guys to decide how to handle this case.
- There are typos in the page.
I know there was not much proofreading involved in this iteration. I
have already tried to fix them.
[1]
https://support.microsoft.com/en-us/help/909264/naming-con
hould wait with removal SHA1, don't remove it prematurely.
As MD5 is deprecated for very long time, SHA1 is not and we are not
using it for any cryptographic operation nor certificates. It is just
informational fingerprint.
+1
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mai
a.org/page/Contribute/Code
--
Petr Vobornik
Associate Manager, Engineering, Identity Management
Red Hat, Inc.
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
-
On 8.2.2017 08:06, Fraser Tweedale wrote:
On Wed, Feb 08, 2017 at 08:02:18AM +0100, Jan Cholasta wrote:
On 8.2.2017 07:29, Fraser Tweedale wrote:
On Mon, Feb 06, 2017 at 10:24:31AM +0100, Jan Cholasta wrote:
On 17.1.2017 08:57, David Kupka wrote:
On 13/01/17 08:07, Fraser Tweedale wrote
On 8.2.2017 07:29, Fraser Tweedale wrote:
On Mon, Feb 06, 2017 at 10:24:31AM +0100, Jan Cholasta wrote:
On 17.1.2017 08:57, David Kupka wrote:
On 13/01/17 08:07, Fraser Tweedale wrote:
Related to design:
http://www.freeipa.org/page/V4/Dogtag_GSS-API_Authentication
Currently there are some
On 4.2.2017 16:40, Ben Lipton wrote:
On 01/12/2017 04:35 AM, Jan Cholasta wrote:
On 11.1.2017 00:38, Ben Lipton wrote:
On 01/10/2017 01:58 AM, Jan Cholasta wrote:
On 19.12.2016 21:59, Ben Lipton wrote:
On 12/15/2016 11:11 PM, Ben Lipton wrote:
On 12/12/2016 03:52 AM, Jan Cholasta wrote
o security issues. So I would prefer decoupling
ca-disable and ca-del as you're describing in 1).
IMO having to disable the CA before deletion is an implementation detail
and should not be exposed to the user at all. Why do we have to disable
the CA from IPA in ca-del? I would expec
On 11.1.2017 02:09, Fraser Tweedale wrote:
On Tue, Jan 10, 2017 at 10:48:08AM +0100, Martin Babinsky wrote:
Hi Fraser,
I have some rather inane comments. I guess Jan cholasta will do a more
thorough review of your design. See below:
On 01/06/2017 09:08 AM, Fraser Tweedale wrote:
Hi comrades
then implementation in client side plugin would make better
sense.
+1 to Alexander on '--out nsupdate' option
+1 to both --out and client-side implementation.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeip
On 11.1.2017 00:38, Ben Lipton wrote:
On 01/10/2017 01:58 AM, Jan Cholasta wrote:
On 19.12.2016 21:59, Ben Lipton wrote:
On 12/15/2016 11:11 PM, Ben Lipton wrote:
On 12/12/2016 03:52 AM, Jan Cholasta wrote:
On 5.12.2016 16:48, Ben Lipton wrote:
Hi Jan, thanks for the comments.
On 12/05
On 19.12.2016 21:59, Ben Lipton wrote:
On 12/15/2016 11:11 PM, Ben Lipton wrote:
On 12/12/2016 03:52 AM, Jan Cholasta wrote:
On 5.12.2016 16:48, Ben Lipton wrote:
Hi Jan, thanks for the comments.
On 12/05/2016 04:25 AM, Jan Cholasta wrote:
Hi Ben,
On 3.11.2016 00:12, Ben Lipton wrote
On 6.1.2017 10:48, Sumit Bose wrote:
On Fri, Jan 06, 2017 at 08:40:31AM +0100, Jan Cholasta wrote:
On 5.1.2017 13:15, Sumit Bose wrote:
On Mon, Jan 02, 2017 at 08:06:04AM +0100, Jan Cholasta wrote:
On 19.12.2016 12:13, Sumit Bose wrote:
On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta
On 6.1.2017 10:30, Sumit Bose wrote:
On Fri, Jan 06, 2017 at 08:50:14AM +0100, Jan Cholasta wrote:
On 5.1.2017 10:39, Sumit Bose wrote:
On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
On 18.10.2016 07:34, Jan Cholasta wrote:
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan
On 5.1.2017 10:39, Sumit Bose wrote:
On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
On 18.10.2016 07:34, Jan Cholasta wrote:
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching
On 5.1.2017 13:15, Sumit Bose wrote:
On Mon, Jan 02, 2017 at 08:06:04AM +0100, Jan Cholasta wrote:
On 19.12.2016 12:13, Sumit Bose wrote:
On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta wrote:
I agree with *almost* everything Sumit said. See my inline comments below.
On 16.12.2016 11
On 18.10.2016 07:34, Jan Cholasta wrote:
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching =
Although the MIT Kerberos rules allow to select the issuer of a
certificate there are use cases where a more
oving --prompt-username and
--enable-local-prompt-policy from certmappingconfig.
2) Nitpick: could we please rename certmapping* to certmap*? Not only
would it be quicker to type in the command line, but also named
consistently with selinuxusermap.
--
Jan Cholasta
--
Manage your subscription fo
On 19.12.2016 12:13, Sumit Bose wrote:
On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta wrote:
I agree with *almost* everything Sumit said. See my inline comments below.
On 16.12.2016 11:53, Sumit Bose wrote:
On Tue, Dec 06, 2016 at 04:39:10PM +0100, Florence Blanc-Renaud wrote:
Hi,
I
ter question is "How is userCertificate handled?"
Anyway, self-service permissions can be enabled/disabled, so there is
really no need for a new certmappingconfig option.
That's all :-)
bye,
Sumit
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing
On 12.12.2016 13:49, Fraser Tweedale wrote:
(This is a tangential discussion, but...)
On Mon, Dec 12, 2016 at 09:52:02AM +0100, Jan Cholasta wrote:
IMO profile ID should default to caIPAserviceCert on the client as well.
NACK. Default profile (although fixed at the present time) should
be
On 5.12.2016 16:48, Ben Lipton wrote:
Hi Jan, thanks for the comments.
On 12/05/2016 04:25 AM, Jan Cholasta wrote:
Hi Ben,
On 3.11.2016 00:12, Ben Lipton wrote:
Hi everybody,
Soon I'm going to have to reduce the amount of time I spend on new
development work for the CSR autogener
On 21.11.2016 17:08, Standa Laznicka wrote:
On 10/10/2016 08:47 AM, Standa Laznicka wrote:
On 10/10/2016 07:53 AM, Jan Cholasta wrote:
On 7.10.2016 12:23, Standa Laznicka wrote:
On 10/07/2016 08:31 AM, Jan Cholasta wrote:
On 17.8.2016 13:47, Stanislav Laznicka wrote:
On 08/11/2016 02:59 PM
On 25.11.2016 15:55, Sumit Bose wrote:
On Fri, Nov 25, 2016 at 02:19:10PM +0100, Jan Cholasta wrote:
Bump, Sumit, have you seen my comments? I haven't heard back from you.
Yes, I've seen it and added a comment about it on the page
https://fedorahosted.org/sssd/wiki/
, but it may be a while before I
have time to demo the full XSLT idea.
Was there any progress on this?
So: currently on my to do list are the certmonger helper and the
XER->DER conversion tool. Do you have any comments about these plans,
and is there anything else I can do to wrap up the proje
lls?
I think there should be no implication, the server is a completely
different thing.
The only thing I would maybe do is to detect if there is an existing NTP
server configuration and if there is, do not touch it.
I don't believe there is a precedence for removing a ser
9%. This is far from sane IMHO.
There don't seem to be a ton of NTP tickets and I don't recall a lot of
user's pressing for it to go away (the reverse, many times their
problems revolve around time not being synced). I wonder if a survey on
freeipa-users would be in order to see how
Bump, Sumit, have you seen my comments? I haven't heard back from you.
On 17.10.2016 09:50, Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote:
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
Hi,
On 22.11.2016 18:10, Petr Vobornik wrote:
On 11/22/2016 05:25 PM, Rob Crittenden wrote:
Lukas Slebodnik wrote:
On (22/11/16 16:29), Petr Spacek wrote:
On 22.11.2016 16:27, Jan Cholasta wrote:
Hi,
On 22.11.2016 16:04, Petr Spacek wrote:
Hello,
the recent changes with regard to
http
On 22.11.2016 16:59, Lukas Slebodnik wrote:
On (22/11/16 16:29), Petr Spacek wrote:
On 22.11.2016 16:27, Jan Cholasta wrote:
Hi,
On 22.11.2016 16:04, Petr Spacek wrote:
Hello,
the recent changes with regard to
http://www.freeipa.org/page/V4/Integration_Improvements
beg a question whether we
.
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
rvice in 4.6?
Considering that default config is just fine for normal cases, and given how
poorly integrated it is into FreeIPA, I agree with David. FreeIPA should get
out of configuration management business.
+1
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
n git.
+1
git log reveals that is was added back in 2010 when adding support for
internalization:
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=4461a74
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-
On 21.11.2016 15:25, Jan Cholasta wrote:
On 21.11.2016 15:07, Christian Heimes wrote:
On 2016-11-21 14:44, Petr Spacek wrote:
3.3 ipaplatform auto-configuration
I'm not sure if guessing platform from ID_LIKE is really a good
idea. It
might work fine for centos -> rhel, but in general
On 21.11.2016 14:15, Christian Heimes wrote:
On 2016-11-21 13:31, Jan Cholasta wrote:
Hi,
On 11.11.2016 15:25, Christian Heimes wrote:
Hello,
I have released the first version of a new design document. It describes
how I'm going to improve integration of FreeIPA's client librari
tform depedency in
client libraries and be done with this philosophical debate?
+1
Yes, that would be my preferable solution, too. But it's a lot of work
and I don't have any spare time to work on a redesign of ipaplatform /
ipalib. Who is going to do it?
Christian
--
Jan Cholasta
--
ms listed in ID_LIKE might not
be similar enough to the one in ID. I would rather add an ipaplatform
subpackage for every supported platform (including CentOS) than depend
on error-prone guesswork.
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
http
On 21.11.2016 11:04, Christian Heimes wrote:
On 2016-11-21 10:46, Jan Cholasta wrote:
On 21.11.2016 10:32, Christian Heimes wrote:
On 2016-11-21 10:26, Jan Cholasta wrote:
On 11.11.2016 18:28, Christian Heimes wrote:
On 2016-11-11 17:46, Martin Basti wrote:
On 11.11.2016 15:25, Christian
On 21.11.2016 10:32, Christian Heimes wrote:
On 2016-11-21 10:26, Jan Cholasta wrote:
On 11.11.2016 18:28, Christian Heimes wrote:
On 2016-11-11 17:46, Martin Basti wrote:
On 11.11.2016 15:25, Christian Heimes wrote:
Hello,
I have released the first version of a new design document. It
eck must be TOCTOU safe, too. Env vars are easier to
control, more secure and less fragile.
Christian
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 3.11.2016 00:18, Ben Lipton wrote:
On 10/20/2016 03:52 PM, Ben Lipton wrote:
On 10/17/2016 02:16 AM, Jan Cholasta wrote:
On 13.10.2016 17:23, Ben Lipton wrote:
Thank you, this was a really helpful clarification of your point.
Comments below. Once again, I'm sorry I missed the email f
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching =
Although the MIT Kerberos rules allow to select the issuer of a
certificate there are use cases where a more specific selection is
needed. E.g. if
details, that's what man pages are for.
=== How To Test ===
This section should explain to a person with admin-level of SSSD understanding
how this change affects run time behaviour of SSSD and how can an SSSD user
test this change. If the feature is internal-only, please list what areas of
S
On 13.10.2016 17:23, Ben Lipton wrote:
Thank you, this was a really helpful clarification of your point.
Comments below. Once again, I'm sorry I missed the email for so long.
Ben
On 09/05/2016 06:52 AM, Jan Cholasta wrote:
On 27.8.2016 22:40, Ben Lipton wrote:
On 08/25/2016 04:11 PM
.
- IMO we actually want it - progress will be visible to others
+1
Naming:
I propose:
refactoring-XXX
feature-XXX
I would be perfectly fine with just XXX, but again I don't really care.
Thoughts? Anyone against?
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeip
On 11.10.2016 09:36, Petr Spacek wrote:
On 11.10.2016 09:00, Jan Cholasta wrote:
Hi,
On 7.10.2016 11:56, Petr Spacek wrote:
Dear FreeIPA developers and packagers,
you can find first version of the Build system refactoring design document on:
http://www.freeipa.org/page/V4
ENDOR_VERSION_SUFFIX)
Makefile: sed -i -e "s:__VENDOR_VERSION__:$(IPA_VENDOR_VERSION):"
ipapython/version.py
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 7.6.2016 10:35, Martin Basti wrote:
On 07.06.2016 10:35, Jan Cholasta wrote:
On 7.6.2016 10:29, Martin Basti wrote:
On 07.06.2016 09:08, Jan Cholasta wrote:
On 6.6.2016 14:33, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5923
Patch attached.
Could we drop the error
On 7.10.2016 12:23, Standa Laznicka wrote:
On 10/07/2016 08:31 AM, Jan Cholasta wrote:
On 17.8.2016 13:47, Stanislav Laznicka wrote:
On 08/11/2016 02:59 PM, Stanislav Laznicka wrote:
On 08/11/2016 07:49 AM, Jan Cholasta wrote:
On 2.8.2016 13:47, Stanislav Laznicka wrote:
On 07/19/2016 09:20
On 17.8.2016 13:47, Stanislav Laznicka wrote:
On 08/11/2016 02:59 PM, Stanislav Laznicka wrote:
On 08/11/2016 07:49 AM, Jan Cholasta wrote:
On 2.8.2016 13:47, Stanislav Laznicka wrote:
On 07/19/2016 09:20 AM, Jan Cholasta wrote:
Hi,
On 14.7.2016 14:36, Stanislav Laznicka wrote:
Hello
On 23.9.2016 05:29, Fraser Tweedale wrote:
Bump for review.
Rebased patches attached (there was a trivial conflict in imports).
Thanks,
Fraser
On Tue, Sep 06, 2016 at 02:05:06AM +1000, Fraser Tweedale wrote:
On Fri, Aug 26, 2016 at 10:28:58AM +0200, Jan Cholasta wrote:
On 19.8.2016 13:11
On 23.9.2016 13:23, Standa Laznicka wrote:
On 09/23/2016 07:28 AM, Jan Cholasta wrote:
On 22.9.2016 16:39, Martin Basti wrote:
Hello all,
In 4.5, I would like to remove all unused variables from code and enable
pylint check. Due to big amount of unused variables in the code this
will be
On 23.9.2016 10:40, Petr Spacek wrote:
On 23.9.2016 07:28, Jan Cholasta wrote:
On 22.9.2016 16:39, Martin Basti wrote:
Hello all,
In 4.5, I would like to remove all unused variables from code and enable
pylint check. Due to big amount of unused variables in the code this
will be longterm
On 23.9.2016 09:15, Fraser Tweedale wrote:
On Fri, Sep 23, 2016 at 08:51:02AM +0200, Jan Cholasta wrote:
On 25.8.2016 12:08, Jan Cholasta wrote:
On 22.8.2016 07:00, Fraser Tweedale wrote:
On Fri, Aug 19, 2016 at 08:09:33PM +1000, Fraser Tweedale wrote:
On Mon, Aug 15, 2016 at 10:54:25PM
On 23.9.2016 09:01, Standa Laznicka wrote:
On 09/23/2016 08:50 AM, Jan Cholasta wrote:
On 25.8.2016 15:31, Martin Basti wrote:
On 10.08.2016 07:53, Stanislav Laznicka wrote:
On 08/10/2016 07:31 AM, Jan Cholasta wrote:
On 9.8.2016 18:52, Petr Vobornik wrote:
On 08/09/2016 04:18 PM, Martin
On 25.8.2016 12:08, Jan Cholasta wrote:
On 22.8.2016 07:00, Fraser Tweedale wrote:
On Fri, Aug 19, 2016 at 08:09:33PM +1000, Fraser Tweedale wrote:
On Mon, Aug 15, 2016 at 10:54:25PM +1000, Fraser Tweedale wrote:
On Mon, Aug 15, 2016 at 02:08:54PM +0200, Jan Cholasta wrote:
On 19.7.2016 12
On 25.8.2016 15:31, Martin Basti wrote:
On 10.08.2016 07:53, Stanislav Laznicka wrote:
On 08/10/2016 07:31 AM, Jan Cholasta wrote:
On 9.8.2016 18:52, Petr Vobornik wrote:
On 08/09/2016 04:18 PM, Martin Basti wrote:
On 09.08.2016 16:07, Stanislav Laznicka wrote:
https://fedorahosted.org
On 23.9.2016 05:30, Fraser Tweedale wrote:
Bump for review.
Works for me, ACK.
Pushed to master: 97d4ffc2dc5db00fd7ed10b0b290cc97a506d0ef
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to
;dummy' keyword
Use '_dummy', it's both :-)
As first step I'll enable pylint check and disable it locally per module
where unused variables are, to avoid new regressions. Then I will fix it
module by module.
I'm open to suggestions
Martin^2
--
Jan Cholasta
--
On 7.9.2016 16:13, Martin Babinsky wrote:
On 09/07/2016 03:55 PM, Jan Cholasta wrote:
On 21.7.2016 10:50, Jan Cholasta wrote:
On 21.7.2016 10:13, Martin Babinsky wrote:
On 07/20/2016 12:10 PM, Martin Babinsky wrote:
On 07/19/2016 12:32 PM, Jan Cholasta wrote:
Hi,
On 18.7.2016 13:51, Martin
On 19.7.2016 09:15, Martin Babinsky wrote:
On 07/18/2016 08:46 AM, Jan Cholasta wrote:
Hi,
On 11.7.2016 14:18, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/6044
Note that you should use .name rather than .__name__ to get plugin
names, otherwise the code won't work
On 21.7.2016 10:50, Jan Cholasta wrote:
On 21.7.2016 10:13, Martin Babinsky wrote:
On 07/20/2016 12:10 PM, Martin Babinsky wrote:
On 07/19/2016 12:32 PM, Jan Cholasta wrote:
Hi,
On 18.7.2016 13:51, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/6078
I don't think we
On 7.9.2016 11:05, Fraser Tweedale wrote:
On Wed, Sep 07, 2016 at 10:39:59AM +0200, Jan Cholasta wrote:
On 7.9.2016 10:28, Fraser Tweedale wrote:
On Wed, Sep 07, 2016 at 08:32:42AM +0200, Jan Cholasta wrote:
On 6.9.2016 19:36, Fraser Tweedale wrote:
On Tue, Sep 06, 2016 at 10:19:14AM +0200
On 7.9.2016 10:28, Fraser Tweedale wrote:
On Wed, Sep 07, 2016 at 08:32:42AM +0200, Jan Cholasta wrote:
On 6.9.2016 19:36, Fraser Tweedale wrote:
On Tue, Sep 06, 2016 at 10:19:14AM +0200, Jan Cholasta wrote:
On 5.9.2016 17:30, Fraser Tweedale wrote:
On Mon, Sep 05, 2016 at 11:59:11PM +1000
On 6.9.2016 19:36, Fraser Tweedale wrote:
On Tue, Sep 06, 2016 at 10:19:14AM +0200, Jan Cholasta wrote:
On 5.9.2016 17:30, Fraser Tweedale wrote:
On Mon, Sep 05, 2016 at 11:59:11PM +1000, Fraser Tweedale wrote:
On Tue, Aug 30, 2016 at 10:39:16AM +0200, Jan Cholasta wrote:
Hi,
On 26.8.2016
On 5.9.2016 17:30, Fraser Tweedale wrote:
On Mon, Sep 05, 2016 at 11:59:11PM +1000, Fraser Tweedale wrote:
On Tue, Aug 30, 2016 at 10:39:16AM +0200, Jan Cholasta wrote:
Hi,
On 26.8.2016 07:42, Fraser Tweedale wrote:
On Fri, Aug 26, 2016 at 03:37:17PM +1000, Fraser Tweedale wrote:
Hi all
On 5.9.2016 10:42, Tomas Krizek wrote:
On 09/02/2016 09:05 AM, Florence Blanc-Renaud wrote:
On 09/02/2016 08:08 AM, Jan Cholasta wrote:
On 1.9.2016 19:37, Tomas Krizek wrote:
On 09/01/2016 03:58 PM, Florence Blanc-Renaud wrote:
Hi,
please find attached a patch for ipa-certupdate in CA-less
On 27.8.2016 22:40, Ben Lipton wrote:
On 08/25/2016 04:11 PM, Rob Crittenden wrote:
Ben Lipton wrote:
On 08/23/2016 03:54 AM, Jan Cholasta wrote:
On 8.8.2016 22:23, Ben Lipton wrote:
On 07/25/2016 07:45 AM, Jan Cholasta wrote:
On 25.7.2016 13:11, Alexander Bokovoy wrote:
On Mon, 25 Jul
character to fix it.
Other than that, patch works as expected -> ACK.
Nitpick: please avoid C-isms such as "if (ca_enabled):".
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to
On 30.8.2016 14:09, Martin Basti wrote:
On 30.08.2016 09:27, Jan Cholasta wrote:
On 25.8.2016 13:09, Alexander Bokovoy wrote:
On Thu, 25 Aug 2016, Jan Cholasta wrote:
Hi,
On 25.8.2016 11:27, Alexander Bokovoy wrote:
Hi,
attached patch moves ipa CLI to freeipa-client and obsoletes
freeipa
lp to attach the patch :)
I think it would be better to call cert-find once per
host-del/service-del with the --host/--service option specified. That
way you'll get all certificates for the given host/service at once.
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-dev
def perform_action(self, ca_api, ca_id):
ca_api.enable_ca(ca_id)
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 25.8.2016 13:09, Alexander Bokovoy wrote:
On Thu, 25 Aug 2016, Jan Cholasta wrote:
Hi,
On 25.8.2016 11:27, Alexander Bokovoy wrote:
Hi,
attached patch moves ipa CLI to freeipa-client and obsoletes
freeipa-admintools
The Obsoletes (both) should be on version < 4.4.1 rather than
%{vers
am very happy with what you suggested here :)
TBH I'm not - I don't find adding hacks on top of obsolete deprecated
stuff to be a particularly appealing solution to anything.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 29.8.2016 07:57, Fraser Tweedale wrote:
On Fri, Aug 26, 2016 at 10:41:37AM +0200, Jan Cholasta wrote:
Hi,
On 22.7.2016 07:18, Fraser Tweedale wrote:
While I was poking around SAN-processing code, I decided to
implement a small enhancement: allowing the subject principal's DN
to appe
the
objectlass or something else to similar effect.
Open to discussion.
Simo.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 26.8.2016 12:21, Martin Basti wrote:
On 26.08.2016 12:13, Jan Cholasta wrote:
On 26.8.2016 11:55, Martin Basti wrote:
On 26.08.2016 11:43, Jan Cholasta wrote:
Hi,
On 11.8.2016 12:34, Stanislav Laznicka wrote:
Hello,
I updated the design of the Time-Based HBAC Policies according to
On 26.8.2016 11:55, Martin Basti wrote:
On 26.08.2016 11:43, Jan Cholasta wrote:
Hi,
On 11.8.2016 12:34, Stanislav Laznicka wrote:
Hello,
I updated the design of the Time-Based HBAC Policies according to the
discussion we led here earlier. Please check the design page
http
strings from
options) for better illustration of the design.
https://github.com/stlaz/freeipa/tree/timerules_2
I will add FreeIPA people that recently had some say about this to CC so
that we can get the discussion flowing.
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel
restrictions on subject names with regard to DN of
the subject LDAP entry, so I think we should not do it for DN SANs as
well. Or, alternatively, we should do it for both.
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinf
On 19.8.2016 13:11, Fraser Tweedale wrote:
Bump for review.
On Wed, Aug 17, 2016 at 12:09:39AM +1000, Fraser Tweedale wrote:
On Tue, Aug 16, 2016 at 08:10:08AM +0200, Jan Cholasta wrote:
On 16.8.2016 07:24, Fraser Tweedale wrote:
On Mon, Aug 15, 2016 at 08:19:33AM +0200, Jan Cholasta wrote
On 23.8.2016 11:46, Fraser Tweedale wrote:
Thanks for review; rebased and updated patch attached. Only 0090
has substantive changes.
Cheers,
Fraser
On Mon, Aug 22, 2016 at 09:22:08AM +0200, Jan Cholasta wrote:
On 19.8.2016 13:11, Fraser Tweedale wrote:
Bump for review.
On Mon, Aug 15, 2016
CentOS.
Honza
[1]
<https://fedoraproject.org/wiki/Upgrade_paths_%E2%80%94_renaming_or_splitting_packages>
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 22.8.2016 07:00, Fraser Tweedale wrote:
On Fri, Aug 19, 2016 at 08:09:33PM +1000, Fraser Tweedale wrote:
On Mon, Aug 15, 2016 at 10:54:25PM +1000, Fraser Tweedale wrote:
On Mon, Aug 15, 2016 at 02:08:54PM +0200, Jan Cholasta wrote:
On 19.7.2016 12:05, Jan Cholasta wrote:
On 19.7.2016 11
x27;ipatokenotpkey', autofill=True, cli_name='key')
NACK, this is a backward incompatible change.
AFAICT the option should remain optional, see the doc string:
Token secret (Base32; default: random)
^^^
--
Jan Cholasta
--
Ma
On 8.8.2016 22:23, Ben Lipton wrote:
On 07/25/2016 07:45 AM, Jan Cholasta wrote:
On 25.7.2016 13:11, Alexander Bokovoy wrote:
On Mon, 25 Jul 2016, Jan Cholasta wrote:
On 20.7.2016 16:05, Ben Lipton wrote:
Hi,
Thanks very much for the feedback! Some responses below; I hope you'll
let me
uires extensive
changes not suitable for 4.4.
Thanks,
Fraser
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
comments inline.
Thanks,
Fraser
On Fri, Aug 12, 2016 at 11:33:28AM +0200, Jan Cholasta wrote:
Patch 0092: ACK
Patch 0093: ACK
Patch 0094: ACK
Please fix this PEP8 issue before pushing:
./ipaserver/plugins/cert.py:597:17: W503 line break before binary operator
Patch 0098: ACK
Patch 0090:
1
On 18.8.2016 11:01, Martin Basti wrote:
On 18.08.2016 10:56, Petr Spacek wrote:
On 18.8.2016 10:08, Jan Cholasta wrote:
SSIA
Could you add one sentence or a link to a ticket which forced this
change?
When reading the patch, I have no way to say why the change is
necessary - so
it is
: 7eb1502863408d869dc2e706a5e194ad122997bf
Thanks,
Fraser
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 18.8.2016 11:06, David Kupka wrote:
On 17/08/16 14:17, Jan Cholasta wrote:
On 17.8.2016 13:21, David Kupka wrote:
On 08/08/16 13:26, Jan Cholasta wrote:
On 4.8.2016 16:32, David Kupka wrote:
On 03/08/16 16:33, Jan Cholasta wrote:
On 3.8.2016 16:23, David Kupka wrote:
On 21/07/16 10:12
SSIA
--
Jan Cholasta
From c3f3ffd235b39fbdc61d8ae0b3f55eca97613499 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Thu, 18 Aug 2016 10:04:59 +0200
Subject: [PATCH] tests: fix test_ipalib.test_frontend.test_Object
---
ipatests/test_ipalib/test_frontend.py | 12 +---
1 file changed, 9
>> On 08/11/2016 02:00 PM, Petr Vobornik wrote:
>>> On 08/11/2016 10:54 AM, Alexander Bokovoy wrote:
>>>> On Thu, 11 Aug 2016, Jan Cholasta wrote:
>>>>> On 4.8.2016 17:27, Jan Pazdziora wrote:
>>>>>> O
:00 PM, Petr Vobornik wrote:
On 08/11/2016 10:54 AM, Alexander Bokovoy wrote:
On Thu, 11 Aug 2016, Jan Cholasta wrote:
On 4.8.2016 17:27, Jan Pazdziora wrote:
On Wed, Aug 03, 2016 at 10:29:52AM +0300, Alexander Bokovoy
wrote:
Got it. One thing I would correct, though, -- don't use
kadmin.
AM, Alexander Bokovoy wrote:
On Thu, 11 Aug 2016, Jan Cholasta wrote:
On 4.8.2016 17:27, Jan Pazdziora wrote:
On Wed, Aug 03, 2016 at 10:29:52AM +0300, Alexander Bokovoy wrote:
Got it. One thing I would correct, though, -- don't use
kadmin.local, we
do support setting ok_as_delegate o
On 17.8.2016 15:07, Pavel Vomacka wrote:
On 08/17/2016 10:24 AM, Jan Cholasta wrote:
Hi,
the attached patch fixes <https://fedorahosted.org/freeipa/ticket/6032>.
Honza
ACK.
Thanks.
Pushed to master: 4ee426a68ec60370eee6f5aec917ecce444840c7
--
Jan Cholasta
--
Manag
On 17.8.2016 13:21, David Kupka wrote:
On 08/08/16 13:26, Jan Cholasta wrote:
On 4.8.2016 16:32, David Kupka wrote:
On 03/08/16 16:33, Jan Cholasta wrote:
On 3.8.2016 16:23, David Kupka wrote:
On 21/07/16 10:12, Jan Cholasta wrote:
Hi,
On 20.7.2016 14:32, David Kupka wrote:
On 15/07/16 12
1 - 100 of 2195 matches
Mail list logo