the search returns no such object.
It should be possible to make this work.
thanks
thierry
On 01/13/2017 11:01 AM, Ludwig Krispenz wrote:
Hi,
if you look at:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Viewing_the_ACIs_fo
Hi,
if you look at:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Viewing_the_ACIs_for_an_Entry-Get_Effective_Rights_Control.html#ex-ger-non-entry
then it looks like you can provide GER a bit of information eg
objectclass of the new entry,
On 09/13/2016 10:10 AM, Oleg Fayans wrote:
Hi Ludwig,
The ipa-replica-manage clean-ruv sometimes does not quite work.
For example: I have a master and 2 replicas. Initial output of
'ipa-replica-manage list-ruv' looks like this:
Replica Update Vectors:
f24replica2.pesen.net:389: 7
f
ACK.
good catch, the fix is correct and hopefully fixes the heap corruption
issues
On 06/22/2016 05:30 PM, thierry bordaz wrote:
https://fedorahosted.org/freeipa/ticket/5977
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen
On 06/16/2016 12:14 PM, Petr Spacek wrote:
On 16.6.2016 12:12, Ludwig Krispenz wrote:
On 06/16/2016 12:00 PM, Petr Spacek wrote:
Hello,
Require 389-ds-base >= 1.3.5.6
Old DS handles LDAP filters incorrectly
no. Old DS handles filters strictly as documented in the admin guide,
requir
On 06/16/2016 12:00 PM, Petr Spacek wrote:
Hello,
Require 389-ds-base >= 1.3.5.6
Old DS handles LDAP filters incorrectly
no. Old DS handles filters strictly as documented in the admin guide,
requiring access rights to each attribute used in the search filter.
This was known and applications
On 06/16/2016 11:23 AM, Ludwig Krispenz wrote:
On 06/16/2016 06:55 AM, Petr Spacek wrote:
Hello,
TL;DR version:
Upgrade to 389-ds-base-1.3.5.6-1.fc24.
I was facing weird filter/ACI evaluation with 389 DS
389-ds-base-1.3.5.4-1.fc24.x86_64. Here is full story (written before I
realized that
On 06/16/2016 06:55 AM, Petr Spacek wrote:
Hello,
TL;DR version:
Upgrade to 389-ds-base-1.3.5.6-1.fc24.
I was facing weird filter/ACI evaluation with 389 DS
389-ds-base-1.3.5.4-1.fc24.x86_64. Here is full story (written before I
realized that DS is old one ...):
Test
First, let's try LD
On 06/16/2016 06:55 AM, Petr Spacek wrote:
Hello,
TL;DR version:
Upgrade to 389-ds-base-1.3.5.6-1.fc24.
I was facing weird filter/ACI evaluation with 389 DS
389-ds-base-1.3.5.4-1.fc24.x86_64. Here is full story (written before I
realized that DS is old one ...):
Test
First, let's try LD
On 06/15/2016 03:50 PM, thierry bordaz wrote:
Hello,
The subject of provisioning was discussed
https://www.redhat.com/archives/freeipa-devel/2016-May/msg00065.html.
The documentation of the provisioning procedure is still going on
but reviewing it I have a doubt about RetroCL/Co
revised patch (v2) attached:
changed log level
fixed order of statements in freeing host list
On 06/10/2016 05:56 PM, Ludwig Krispenz wrote:
On 06/10/2016 05:41 PM, thierry bordaz wrote:
On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:
On 06/10/2016 04:44 PM, thierry bordaz wrote:
Hi
On 06/10/2016 05:41 PM, thierry bordaz wrote:
On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:
On 06/10/2016 04:44 PM, thierry bordaz wrote:
Hi Ludwig,
I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in
On 06/10/2016 05:41 PM, thierry bordaz wrote:
On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:
On 06/10/2016 04:44 PM, thierry bordaz wrote:
Hi Ludwig,
I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in
replica structure tconf and in the caller
tconf is set to null, so should never be used again.
thanks
thierry
On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:
Hi,
the attached patch will prevent the crash reported in ticket #5928.
So far I do not understand how this situation can occur, there is no
ander
>From a3c20fb375da1d0c663d587bd25114e131874050 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz
Date: Fri, 10 Jun 2016 10:48:04 +0200
Subject: [PATCH] avoid crash in topology plugin when host list contains host
with no hostname: ticket #5928
---
daemons/ipa-slapi-plugins/topology/topology_c
On 06/06/2016 11:53 AM, Martin Basti wrote:
On 06.06.2016 10:00, Oleg Fayans wrote:
Hi Petr,
I've updated the testplan according to your notes. What should we do
with this testcase about abort-clean-ruv? I mean, it would be quite
complicated to reliably automate. Should we leave the testcase
On 05/19/2016 08:02 AM, Stanislav Laznicka wrote:
On 05/18/2016 04:44 PM, Petr Vobornik wrote:
On 05/18/2016 04:36 PM, Stanislav Laznicka wrote:
There's no ticket for this patch but as there was a fix to 389-ds
mentioned in https://fedorahosted.org/freeipa/ticket/5396, the TODO
section in clea
On 05/13/2016 09:42 AM, Petr Spacek wrote:
On 13.5.2016 09:26, Martin Kosek wrote:
On 05/12/2016 04:16 PM, Ludwig Krispenz wrote:
On 05/12/2016 03:45 PM, Ludwig Krispenz wrote:
On 05/12/2016 02:16 PM, Petr Vobornik wrote:
On 05/10/2016 05:50 PM, thierry bordaz wrote:
On 05/05/2016 03:44 PM
On 05/12/2016 03:45 PM, Ludwig Krispenz wrote:
On 05/12/2016 02:16 PM, Petr Vobornik wrote:
On 05/10/2016 05:50 PM, thierry bordaz wrote:
On 05/05/2016 03:44 PM, Petr Vobornik wrote:
On 05/04/2016 02:20 PM, thierry bordaz wrote:
Hello,
I have been doing some tests/measures using
On 05/12/2016 02:16 PM, Petr Vobornik wrote:
On 05/10/2016 05:50 PM, thierry bordaz wrote:
On 05/05/2016 03:44 PM, Petr Vobornik wrote:
On 05/04/2016 02:20 PM, thierry bordaz wrote:
Hello,
I have been doing some tests/measures using
https://github.com/freeipa/freeipa-tools/blob/
On 04/21/2016 12:12 PM, Petr Vobornik wrote:
On 04/21/2016 10:41 AM, Ludwig Krispenz wrote:
On 04/21/2016 10:11 AM, Martin Babinsky wrote:
On 04/21/2016 09:21 AM, Jan Cholasta wrote:
On 19.4.2016 12:42, Martin Babinsky wrote:
On 04/14/2016 11:46 AM, Ludwig Krispenz wrote:
On 04/14/2016 10
On 04/21/2016 10:11 AM, Martin Babinsky wrote:
On 04/21/2016 09:21 AM, Jan Cholasta wrote:
On 19.4.2016 12:42, Martin Babinsky wrote:
On 04/14/2016 11:46 AM, Ludwig Krispenz wrote:
On 04/14/2016 10:59 AM, Martin Babinsky wrote:
On 04/14/2016 08:24 AM, Jan Cholasta wrote:
On 13.4.2016 17
On 04/14/2016 10:59 AM, Martin Babinsky wrote:
On 04/14/2016 08:24 AM, Jan Cholasta wrote:
On 13.4.2016 17:10, Rob Crittenden wrote:
Martin Babinsky wrote:
This is a WIP patch which moves the `ipa-replica-manage del`
subcommand
to the 'server-del' API method and exposes it as CLI command[1].
the user list, thanks
On 01/25/2016 10:09 AM, Martin Basti wrote:
On 25.01.2016 09:30, Ludwig Krispenz wrote:
Hi,
this is from a discussion on the user-list, there is a difference in
acis on 4.2.0 and 4.2.3
this is the aci which is present in 4.2.0 and is missing in 4.2.3:
Hi,
this is from a discussion on the user-list, there is a difference in
acis on 4.2.0 and 4.2.3
this is the aci which is present in 4.2.0 and is missing in 4.2.3:
aci: (targetattr = "cn || createtimestamp || description || entryusn ||
modify
timestamp || nsds50ruv || nsds5beginreplicarefre
On 01/21/2016 11:21 AM, thierry bordaz wrote:
On 01/21/2016 10:48 AM, Ludwig Krispenz wrote:
On 01/21/2016 10:30 AM, thierry bordaz wrote:
Hi,
The fix look good.
Just a question, the target entry is checked with
ipa_topo_check_entry_type. Is it equivalent to call
ipa_topo_is_entry_managed
proceed. ipa_topo_is_entry_managed() would apply
to an replication agreement to decide if both endpoints are managed
servers ant that the suffix is managed
thanks
thierry
On 01/21/2016 09:11 AM, Ludwig Krispenz wrote:
On 01/20/2016 05:45 PM, Martin Basti wrote:
On 11.12.2015 13:56, Ludwig
On 01/20/2016 05:45 PM, Martin Basti wrote:
On 11.12.2015 13:56, Ludwig Krispenz wrote:
Ticket: https://fedorahosted.org/freeipa/ticket/5536
Patch attached.
Patch works, I cannot move entry out of container via moddn operation.
I have question, is it expected to be able rename entry?
I
On 01/14/2016 03:59 PM, Stanislav Laznicka wrote:
On 01/14/2016 03:21 PM, Rob Crittenden wrote:
Stanislav Laznicka wrote:
Please see the rebased patches attached.
On 01/13/2016 02:01 PM, Martin Basti wrote:
On 18.12.2015 12:46, Stanislav Laznicka wrote:
Hi,
Attached are the patches for au
On 12/16/2015 08:49 AM, Petr Spacek wrote:
On 15.12.2015 19:10, Christian Heimes wrote:
Hi,
in ticket https://fedorahosted.org/freeipa/ticket/5538 Ludwig has
suggested to exclude Dogtag's o=ipaca tree from the changelog. Sometimes
vault-archive fails because of a failed write to the Retro Chan
Ticket: https://fedorahosted.org/freeipa/ticket/5536
Patch attached.
>From 592c2cfece7c1f0860cacc72b642826d5b4a7791 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz
Date: Fri, 11 Dec 2015 13:50:53 +0100
Subject: [PATCH] prevent moving of topology entries out of managed scope by
modrdn operati
On 12/03/2015 02:31 PM, Petr Vobornik wrote:
On 12/03/2015 02:00 PM, Ludwig Krispenz wrote:
On 12/03/2015 01:50 PM, Oleg Fayans wrote:
Hi all,
Should not these two one-directional segments in ipaca suffix be
merged automatically?
yes they should, and normally do. What is your scenario when
On 12/03/2015 01:50 PM, Oleg Fayans wrote:
Hi all,
Should not these two one-directional segments in ipaca suffix be
merged automatically?
yes they should, and normally do. What is your scenario when you get
this, can you reproduce ?
$ ipa topologysegment-find ipaca
--
2 segm
On 11/24/2015 12:17 PM, Petr Vobornik wrote:
On 11/24/2015 12:10 PM, Ludwig Krispenz wrote:
Hi Petr,
I'm testing these patches.Two observations so far:
- in Topology->IPA Servers I see a table of my servers and the managed
suffix column I see both suffixes, ipaca and the realm,
Hi Petr,
I'm testing these patches.Two observations so far:
- in Topology->IPA Servers I see a table of my servers and the managed
suffix column I see both suffixes, ipaca and the realm,
but if I select one of the servers I Only see the realm suffix, this was
different in the demo video
- the g
On 11/16/2015 10:32 AM, Martin Kosek wrote:
On 11/13/2015 04:40 PM, Simo Sorce wrote:
On 13/11/15 10:17, Martin Basti wrote:
...
And in general I am opposed to have a separate object on performance
grounds (for clients) and also on the fact that is becomes tricky to
keep objects in sync.
Wha
On 10/29/2015 01:28 PM, thierry bordaz wrote:
On 10/23/2015 10:44 AM, Ludwig Krispenz wrote:
Hi,
the attached two patches address issues I found when testing ca
management in the topology plugin
Thanks for review,
Ludwig
Hi Ludwig,
Patch 20 is good to me. I have one remark, you call
On 10/27/2015 03:54 PM, Petr Vobornik wrote:
Both tools serve primarily for managing replication agreements and
replicas. ipa-replica-manage also manages winsync agreements and DNA
ranges.
FreeIPA 4.3 will introduce managed topology which affects these tools.
Let's go trough all sub-commands
why it failed, there would be the option to do
it via ipa-replica-manage or ldapmodify, the logging that creating the
task failed should be be enough to start investigation and do a manual
cleanallruv
ACK
thanks
thierry
On 10/23/2015 02:27 PM, Ludwig Krispenz wrote:
Hi Thierry,
hope this
Hi Thierry,
hope this addresses your concerns
Ludwig
On 10/23/2015 11:24 AM, thierry bordaz wrote:
On 10/23/2015 11:00 AM, thierry bordaz wrote:
On 10/12/2015 01:17 PM, Ludwig Krispenz wrote:
On 10/12/2015 12:44 PM, Martin Basti wrote:
On 23.07.2015 10:46, Ludwig Krispenz wrote:
The
On 10/23/2015 11:24 AM, thierry bordaz wrote:
On 10/23/2015 11:00 AM, thierry bordaz wrote:
On 10/12/2015 01:17 PM, Ludwig Krispenz wrote:
On 10/12/2015 12:44 PM, Martin Basti wrote:
On 23.07.2015 10:46, Ludwig Krispenz wrote:
The attached patch moves the cleaning of the RUV into the
Hi,
the attached two patches address issues I found when testing ca
management in the topology plugin
Thanks for review,
Ludwig
>From 64a2ca2d87a0513b54cdd7e2d14f4c321994e9f5 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz
Date: Mon, 24 Aug 2015 13:29:35 +0200
Subject: [PATCH 1/2] rej
Here it is again
On 10/12/2015 01:17 PM, Ludwig Krispenz wrote:
On 10/12/2015 12:44 PM, Martin Basti wrote:
On 23.07.2015 10:46, Ludwig Krispenz wrote:
The attached patch moves the cleaning of the RUV into the topology
plugin.
I encountered a problem when removing a replica, which
On 10/13/2015 12:43 PM, Oleg Fayans wrote:
Hi guys,
On 10/13/2015 12:34 PM, Petr Vobornik wrote:
On 10/13/2015 12:19 PM, Martin Babinsky wrote:
On 10/13/2015 10:15 AM, Petr Vobornik wrote:
On 10/13/2015 10:02 AM, Oleg Fayans wrote:
NACK
UI still shows the connectivity information at
http:
On 10/13/2015 10:15 AM, Petr Vobornik wrote:
On 10/13/2015 10:02 AM, Oleg Fayans wrote:
NACK
UI still shows the connectivity information at
http:///ipa/ui/#/e/topologysuffix/topologysegment/realm
Showing it is correct and desired - both in CLI and Web UI.
agree, it is also information help
On 10/12/2015 12:44 PM, Martin Basti wrote:
On 23.07.2015 10:46, Ludwig Krispenz wrote:
The attached patch moves the cleaning of the RUV into the topology
plugin.
I encountered a problem when removing a replica, which disconnects
the topology, but it was fixed with my WIP for #5072.
I
On 10/01/2015 12:06 PM, Oleg Fayans wrote:
Hi Simo,
I was able to build the packages based on your git repo. However, my
attempt to install the resulting bits failed due to lack of dependencies:
pki-ca >= 10.2.7 is needed by
freeipa-server-4.2.90.201510010815GITb726fa9-0.fc22.x86_64
pki-kra
On 08/13/2015 10:49 AM, Petr Vobornik wrote:
On 08/13/2015 09:55 AM, Ludwig Krispenz wrote:
On 08/10/2015 10:54 AM, Oleg Fayans wrote:
Hi Ludwig,
It seems the Design page for the topology plugin is a bit outdated.
1. It still operates with the terms like plugin version
(http
On 08/10/2015 10:54 AM, Oleg Fayans wrote:
Hi Ludwig,
It seems the Design page for the topology plugin is a bit outdated.
1. It still operates with the terms like plugin version
(http://www.freeipa.org/page/V4/Manage_replication_topology#Check_for_modify_operation),
although it was generally
On 07/31/2015 01:53 PM, Simo Sorce wrote:
On Fri, 2015-07-31 at 13:33 +0200, Petr Vobornik wrote:
Discussed with Ludwig, but it might be interesting to the rest of the
team(and mainly Simo)
In FreeIPA 4.3 - management of CA agmts by a replication plugin, there
is a scenario as follows:
- exis
On 07/30/2015 03:14 PM, Martin Basti wrote:
On 22/07/15 17:03, Martin Basti wrote:
On 20/07/15 19:04, Mark Reynolds wrote:
On 07/20/2015 12:50 PM, Martin Basti wrote:
On 20/07/15 17:48, Petr Vobornik wrote:
On 07/20/2015 05:24 PM, Rob Crittenden wrote:
Martin Basti wrote:
https://fedorah
issues found
Ludwig
>From 08c015c2bca36551239cab39e8f8fc26ed433d56 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz
Date: Wed, 22 Jul 2015 10:59:36 +0200
Subject: [PATCH] handle cleaning of RUV in the topology plugin
After removing a server the replicaid needs to be cleared in the ruv entry and
On 07/22/2015 03:56 PM, Martin Basti wrote:
Hello all,
I attached WIP patch to solve
https://fedorahosted.org/freeipa/ticket/4949
I received several suggestions:
1) (implemented in patch) is to add the option --db-locks to installer
(maybe as hidden option)
2) Configure the nsslapd-db-lo
On 07/15/2015 02:42 PM, Oleg Fayans wrote:
Hi Ludwig,
On 07/15/2015 01:52 PM, Ludwig Krispenz wrote:
On 07/15/2015 01:22 PM, Oleg Fayans wrote:
Hi Ludwig,
On 07/15/2015 12:20 PM, Ludwig Krispenz wrote:
looks like the initial replication is failing:
[15/Jul/2015:04:47:31 -0400
On 07/15/2015 01:22 PM, Oleg Fayans wrote:
Hi Ludwig,
On 07/15/2015 12:20 PM, Ludwig Krispenz wrote:
looks like the initial replication is failing:
[15/Jul/2015:04:47:31 -0400] slapi_ldap_bind - Error: could not bind
id [cn=replication manager,cn=config] authentication mechanism
[SIMPLE
looks like the initial replication is failing:
[15/Jul/2015:04:47:31 -0400] slapi_ldap_bind - Error: could not bind id
[cn=replication manager,cn=config] authentication mechanism [SIMPLE]:
error 32 (No such object) errno 0 (Success)
[15/Jul/2015:04:47:31 -0400] NSMMReplicationPlugin -
agmt="cn=
On 07/03/2015 04:50 PM, Simo Sorce wrote:
On Fri, 2015-07-03 at 08:44 +0200, Martin Kosek wrote:
Hi all,
I had several offline discussions about the Topology feature [1] and what to do
with it. Many developers worked pretty hard on making the Topology usable for
the upcoming FreeIPA 4.2 releas
On 07/01/2015 10:15 PM, Simo Sorce wrote:
On Wed, 2015-07-01 at 15:00 -0400, Simo Sorce wrote:
On Wed, 2015-07-01 at 14:44 -0400, Simo Sorce wrote:
On Wed, 2015-07-01 at 14:34 -0400, Simo Sorce wrote:
I am working on the replica promotion code and suddenly the topology
plugin is getting in th
, especially
if the removed server is no longer working and the topology is already
broken before the removal.
In these cases a manual cleanup must be possible and is addressed in
this patch
Ludwig
>From 82e0e824bfb1b77329bc10ed582e75a951a6bf3c Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz
D
new patch attached
On 06/30/2015 03:37 PM, thierry bordaz wrote:
On 06/30/2015 12:07 PM, Ludwig Krispenz wrote:
added verification for issue reported in ticket 5088 and sanity
checks requested in review for patch 0014
Hello,
The fix looks good except those sanity settings:
* In
added verification for issue reported in ticket 5088 and sanity checks
requested in review for patch 0014
>From 03e55b155bfe517c9be35c9c6c3bd44401716442 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz
Date: Tue, 30 Jun 2015 11:05:32 +0200
Subject: [PATCH] improve processing of invalid d
new patch with comments attached
On 06/30/2015 10:43 AM, thierry bordaz wrote:
On 06/30/2015 09:19 AM, Ludwig Krispenz wrote:
On 06/26/2015 02:14 PM, thierry bordaz wrote:
On 06/22/2015 11:35 AM, Ludwig Krispenz wrote:
fix for ticket #5065, removing start
- after online init copmpleted
On 06/26/2015 02:14 PM, thierry bordaz wrote:
On 06/22/2015 11:35 AM, Ludwig Krispenz wrote:
fix for ticket #5065, removing start
- after online init copmpleted
- additionally check after startup
Hi Ludwig,
The fix looks good to me.
I have just a clarification regarding
On 06/24/2015 09:01 PM, Simo Sorce wrote:
On Wed, 2015-06-24 at 11:25 +0200, Ludwig Krispenz wrote:
Oleg,
the topology plugin relies on existing connection between servers which
remain in a topolgy. If you remove a central node in your topology you
are asking for trouble.
With Petr's pat
On 06/24/2015 04:19 PM, Oleg Fayans wrote:
On 06/24/2015 02:35 PM, Ludwig Krispenz wrote:
On 06/24/2015 02:30 PM, Oleg Fayans wrote:
On 06/24/2015 02:25 PM, Ludwig Krispenz wrote:
On 06/24/2015 01:59 PM, Oleg Fayans wrote:
Hi Petr,
Thanks for clarification! It seems though, that all
On 06/24/2015 02:30 PM, Oleg Fayans wrote:
On 06/24/2015 02:25 PM, Ludwig Krispenz wrote:
On 06/24/2015 01:59 PM, Oleg Fayans wrote:
Hi Petr,
Thanks for clarification! It seems though, that all possible
attributes are already mapped to the topologysegment-mod options:
[13:42:45]ofayans
On 06/24/2015 01:59 PM, Oleg Fayans wrote:
Hi Petr,
Thanks for clarification! It seems though, that all possible
attributes are already mapped to the topologysegment-mod options:
[13:42:45]ofayans@vm-244:~]$ ipa show-mappings topologysegment-mod
Parameter : LDAP attribute
=
On 06/24/2015 12:50 PM, Oleg Fayans wrote:
On 06/24/2015 12:28 PM, Ludwig Krispenz wrote:
On 06/24/2015 12:02 PM, Oleg Fayans wrote:
On 06/24/2015 11:47 AM, Ludwig Krispenz wrote:
On 06/24/2015 11:36 AM, Oleg Fayans wrote:
On 06/24/2015 11:25 AM, Ludwig Krispenz wrote:
Oleg,
the
On 06/24/2015 12:02 PM, Oleg Fayans wrote:
On 06/24/2015 11:47 AM, Ludwig Krispenz wrote:
On 06/24/2015 11:36 AM, Oleg Fayans wrote:
On 06/24/2015 11:25 AM, Ludwig Krispenz wrote:
Oleg,
the topology plugin relies on existing connection between servers
which remain in a topolgy. If you
On 06/24/2015 11:36 AM, Oleg Fayans wrote:
On 06/24/2015 11:25 AM, Ludwig Krispenz wrote:
Oleg,
the topology plugin relies on existing connection between servers
which remain in a topolgy. If you remove a central node in your
topology you are asking for trouble.
With Petr's patch it
Oleg,
the topology plugin relies on existing connection between servers which
remain in a topolgy. If you remove a central node in your topology you
are asking for trouble.
With Petr's patch it warns you that your topology will be disconnected,
and if you insist we cannot guarantee anything.
s
On 06/23/2015 03:43 PM, Oleg Fayans wrote:
On 06/23/2015 02:27 PM, Ludwig Krispenz wrote:
On 06/23/2015 11:44 AM, Oleg Fayans wrote:
It looks like the second issue was caused by not running ipa service
on vm-244.idm.lab.eng.brq.redhat.com.
However, after manual start of the ipa service on
On 06/23/2015 02:27 PM, Ludwig Krispenz wrote:
On 06/23/2015 11:44 AM, Oleg Fayans wrote:
It looks like the second issue was caused by not running ipa service
on vm-244.idm.lab.eng.brq.redhat.com.
However, after manual start of the ipa service on thios node, I was
still unable to setup the
On 06/23/2015 11:44 AM, Oleg Fayans wrote:
It looks like the second issue was caused by not running ipa service
on vm-244.idm.lab.eng.brq.redhat.com.
However, after manual start of the ipa service on thios node, I was
still unable to setup the segment:
[11:38:39]ofayans@vm-069:~]$ ipa topolog
Hi Oleg,
On 06/22/2015 02:49 PM, Oleg Fayans wrote:
Hi Ludwig,
Could you please clarify how should `ipa topologysegment-mod
--enabled=off` work?
My initial understanding was that it disables any changes to go
through the disabled segment, but as it turns out, it does let the
topology-related
/topology_util.c: patch does
not apply
On 06/22/2015 11:35 AM, Ludwig Krispenz wrote:
fix for ticket #5065, removing start
- after online init copmpleted
- additionally check after startup
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
--
Manage your subscription for the Freeipa-devel
fix for ticket #5065, removing start
- after online init copmpleted
- additionally check after startup
>From 1811b55a9890c6edb40d6a1b428a6a8525e4de54 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz
Date: Mon, 22 Jun 2015 10:46:50 +0200
Subject: [PATCH] clear start attr from segment af
Hi Oleg,
don't know if it is relevant for the current problem, but maybe you
shoudl address this warning:#
Configuring DNS (named)
[1/9]: generating rndc key file
WARNING: Your system is running out of entropy, you may experience long
delays
Ludwig
On 06/22/2015 11:01 AM, Oleg Fayans wr
Hi,
I think you did not yet (want) to push patch0014 about one directional
segments.
In that case we should add something that the addition of one
directional segments id not recommended (failure in some cases to chheck
duplicates or removing agreements when deleting a merged segment).
Ludwi
On 06/17/2015 05:43 PM, Oleg Fayans wrote:
On 06/17/2015 05:34 PM, Ludwig Krispenz wrote:
On 06/17/2015 05:26 PM, Oleg Fayans wrote:
Hi Ludwig,
On 06/17/2015 05:13 PM, Ludwig Krispenz wrote:
Hi,
On 06/17/2015 05:07 PM, Oleg Fayans wrote:
On 06/17/2015 04:59 PM, Ludwig Krispenz wrote
On 06/17/2015 05:26 PM, Oleg Fayans wrote:
Hi Ludwig,
On 06/17/2015 05:13 PM, Ludwig Krispenz wrote:
Hi,
On 06/17/2015 05:07 PM, Oleg Fayans wrote:
On 06/17/2015 04:59 PM, Ludwig Krispenz wrote:
On 06/17/2015 04:46 PM, Oleg Fayans wrote:
Hi Ludwig,
On 06/17/2015 04:15 PM, Ludwig
Hi,
On 06/17/2015 05:07 PM, Oleg Fayans wrote:
On 06/17/2015 04:59 PM, Ludwig Krispenz wrote:
On 06/17/2015 04:46 PM, Oleg Fayans wrote:
Hi Ludwig,
On 06/17/2015 04:15 PM, Ludwig Krispenz wrote:
On 06/17/2015 03:37 PM, Oleg Fayans wrote:
Hi Ludwig, Petr,
Presently I have noticed that
On 06/17/2015 04:46 PM, Oleg Fayans wrote:
Hi Ludwig,
On 06/17/2015 04:15 PM, Ludwig Krispenz wrote:
On 06/17/2015 03:37 PM, Oleg Fayans wrote:
Hi Ludwig, Petr,
Presently I have noticed that disabling a segment, using `ipa
topologysegment-mod realm replica1-to-replica2
--enabled=off
On 06/17/2015 03:37 PM, Oleg Fayans wrote:
Hi Ludwig, Petr,
Presently I have noticed that disabling a segment, using `ipa
topologysegment-mod realm replica1-to-replica2
--enabled=off` does not have effect on the way the data is replicated.
I mean that if we have the following tolopogy:
maste
On 06/17/2015 02:04 PM, Petr Vobornik wrote:
With patch "878 topology: check topology in ipa-replica-manage del"
we can use the same logic for POC of
ipa topologysuffix-verify
command.
Checks done:
1. check if the topology is not disconnected. In other words if
there are replication
Hi Oleg,
can you give a bit more info on the scenarios when this happens. Always
or is it a timing problem ?
Ludwig
On 06/16/2015 07:02 PM, thierry bordaz wrote:
Hello
On Master:
User 'onmaster' was deleted
[16/Jun/2015:10:16:45 -0400] conn=402 op=19 SRCH
base="cn=otp,dc=bagam,dc=net
On 06/17/2015 10:35 AM, thierry bordaz wrote:
On 06/17/2015 09:25 AM, Ludwig Krispenz wrote:
Hi,
thanks for review, see answers inline.
On 06/16/2015 05:17 PM, thierry bordaz wrote:
On 06/16/2015 11:41 AM, Ludwig Krispenz wrote:
this patch adresses issues in checking existing segments for
Hi,
thanks for review, see answers inline.
On 06/16/2015 05:17 PM, thierry bordaz wrote:
On 06/16/2015 11:41 AM, Ludwig Krispenz wrote:
this patch adresses issues in checking existing segments for one
directional segments and correctly handles the merging of segments,
so that all agreements
Hi Oleg,
the problem seems to be on replica2, when it logs this error:
[16/Jun/2015:10:18:34 -0400] NSMMReplicationPlugin - changelog program -
_cl5WriteOperationTxn: retry (49) the transaction
(csn=55802fcf00030004) failed (rc=-30993 (BDB0068 DB_LOCK_DEADLOCK:
Locker killed to resolve a
This patch addresses coverity issues 13290 and 13291
>From 830f1f5af9695e35cb0843f8919c8fc555d13308 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz
Date: Tue, 16 Jun 2015 11:14:37 +0200
Subject: [PATCH] fix coverity issues
---
daemons/ipa-slapi-plugins/topology/topology_util.c |
this patch adresses issues in checking existing segments for one
directional segments and correctly handles the merging of segments, so
that all agreements will be removed when the merged segment is deleted
>From ad9850b00f369be67c0240b084afaf2ce1c97a9f Mon Sep 17 00:00:00 2001
From: Lud
On 06/12/2015 04:18 PM, Petr Vobornik wrote:
Some notes:
1. As mentioned in the WIP patch thread: original 'del' worked also
with winsync agreements. I'm not sure why is that. Shouldn't
'disconnect' be used for winsync agreements? At least man page says
that. This patch doesn't support it if
On 06/12/2015 10:20 AM, Petr Vobornik wrote:
On 06/12/2015 09:24 AM, Ludwig Krispenz wrote:
Hi Petr,
On 06/11/2015 06:34 PM, Petr Vobornik wrote:
Attaching a wip patch for `ipa-replica-manage del` to work with
managed topology.
There are two prerequisite patches, they add following commands
Hi Petr,
On 06/11/2015 06:34 PM, Petr Vobornik wrote:
Attaching a wip patch for `ipa-replica-manage del` to work with
managed topology.
There are two prerequisite patches, they add following commands. All
commands has NO_CLI flag which means they are hidden in CLI.
- server-del
- serverservic
On 06/11/2015 01:41 PM, Petr Vobornik wrote:
On 06/11/2015 01:11 PM, Ludwig Krispenz wrote:
On 06/11/2015 12:53 PM, Petr Vobornik wrote:
On 06/11/2015 12:35 PM, Ludwig Krispenz wrote:
On 06/11/2015 12:19 PM, Petr Vobornik wrote:
On 06/11/2015 10:22 AM, Martin Babinsky wrote:
On 06/10
On 06/11/2015 12:53 PM, Petr Vobornik wrote:
On 06/11/2015 12:35 PM, Ludwig Krispenz wrote:
On 06/11/2015 12:19 PM, Petr Vobornik wrote:
On 06/11/2015 10:22 AM, Martin Babinsky wrote:
On 06/10/2015 03:13 PM, Petr Vobornik wrote:
topology plugin doesn't properly handle:
- creati
On 06/11/2015 12:19 PM, Petr Vobornik wrote:
On 06/11/2015 10:22 AM, Martin Babinsky wrote:
On 06/10/2015 03:13 PM, Petr Vobornik wrote:
topology plugin doesn't properly handle:
- creation of segment with direction 'none' and then upgrade to other
direction
- downgrade of direction
These s
Thanks,
attached a new version with comments and trying to use more meaningful
function names
On 06/11/2015 10:49 AM, thierry bordaz wrote:
On 06/11/2015 10:40 AM, Ludwig Krispenz wrote:
On 06/11/2015 10:27 AM, thierry bordaz wrote:
On 06/11/2015 08:12 AM, Ludwig Krispenz wrote:
Attached
connecting A and B, eg A <-->C<-->D<-->B.
On 06/11/2015 08:12 AM, Ludwig Krispenz wrote:
Attached are two patches:
- reject direct modification of segment endpoints and connectivity
- better manage the rdn of a replication agreements represented by a
segment
--
Oleg Fayan
On 06/11/2015 10:27 AM, thierry bordaz wrote:
On 06/11/2015 08:12 AM, Ludwig Krispenz wrote:
Attached are two patches:
- reject direct modification of segment endpoints and connectivity
- better manage the rdn of a replication agreements represented by a
segment
Hello Ludwig,
The patches
1 - 100 of 273 matches
Mail list logo