Re: [Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

On Fri, Mar 24, 2017 at 10:53:49AM +0200, Alexander Bokovoy wrote: >On pe, 24 maalis 2017, Martin Babinsky wrote: >> On Thu, Mar 23, 2017 at 04:46:20PM +0200, Alexander Bokovoy wrote: >> > On to, 23 maalis 2017, Simo Sorce wrote: >> > > On Thu, 2017-03-23 at 16:08

Re: [Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

On Thu, Mar 23, 2017 at 04:46:20PM +0200, Alexander Bokovoy wrote: >On to, 23 maalis 2017, Simo Sorce wrote: >> On Thu, 2017-03-23 at 16:08 +0200, Alexander Bokovoy wrote: >> > On to, 23 maalis 2017, Martin Babinsky wrote: >> > >Hi List, >> > >

[Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

L9gydE=/ -- Martin Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [TESTING] Please test and add karma to pki-core-10.4.0-1

-9c6007b406 -- Martin Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] Temporary breakage of Travis CI

. -- Martin Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On Tue, Feb 28, 2017 at 01:29:50PM +0100, Martin Babinsky wrote: >Hello list, > >I have put together a draft of design page describing server-side >implementation of user short name -> fully-qualified name resolution.[1] > >In the end I have taken the liberty to change a few

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On Wed, Mar 08, 2017 at 07:37:40AM +0100, Jan Cholasta wrote: >On 7.3.2017 15:14, Simo Sorce wrote: >> On Tue, 2017-03-07 at 09:38 +0100, Martin Babinsky wrote: >> > On 03/06/2017 01:48 PM, Simo Sorce wrote: >> > > On Mon, 2017-03-06 at 07:47 +0100, Martin Babinsky wr

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On Tue, Mar 07, 2017 at 04:34:42PM +0200, Alexander Bokovoy wrote: >On ti, 07 maalis 2017, Simo Sorce wrote: >> On Tue, 2017-03-07 at 09:38 +0100, Martin Babinsky wrote: >> > On 03/06/2017 01:48 PM, Simo Sorce wrote: >> > > On Mon, 2017-03-06 at 07:47 +0100, Martin Ba

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On 03/06/2017 01:48 PM, Simo Sorce wrote: On Mon, 2017-03-06 at 07:47 +0100, Martin Babinsky wrote: On 03/02/2017 02:54 PM, Simo Sorce wrote: On Thu, 2017-03-02 at 08:10 +0100, Martin Babinsky wrote: In this case it would probably be a good idea to think about "forward compatib

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On 03/02/2017 02:54 PM, Simo Sorce wrote: On Thu, 2017-03-02 at 08:10 +0100, Martin Babinsky wrote: In this case it would probably be a good idea to think about "forward compatibility" and define a new AUX objectclass bringing in 'ipaDomainResolutionOrder' instead of extending tw

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On 03/01/2017 05:28 PM, Alexander Bokovoy wrote: On ke, 01 maalis 2017, Simo Sorce wrote: > My take is: cut API/UI work, and do the underlying infrastructure work > for the widest set of serves/clients possible instead. > > It is much more important to get the underlying gears done than to add

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On 03/01/2017 05:51 PM, Simo Sorce wrote: On Wed, 2017-03-01 at 17:29 +0100, Martin Basti wrote: On 01.03.2017 17:04, Simo Sorce wrote: On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote: On 03/01/2017 04:32 PM, Simo Sorce wrote: On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On 03/01/2017 04:32 PM, Simo Sorce wrote: On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote: On 03/01/2017 03:42 PM, Simo Sorce wrote: On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky wrote: Hello list, I have put together a draft of design page describing server-side implementation

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On 03/01/2017 03:42 PM, Simo Sorce wrote: On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky wrote: Hello list, I have put together a draft of design page describing server-side implementation of user short name -> fully-qualified name resolution.[1] In the end I have taken the libe

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

Alexander, thank you for your comments. Replies inline: On 02/28/2017 01:48 PM, Alexander Bokovoy wrote: On ti, 28 helmi 2017, Martin Babinsky wrote: Hello list, I have put together a draft of design page describing server-side implementation of user short name -> fully-qualified n

[Freeipa-devel] Please review: V4/AD user short names design draft

Hello list, I have put together a draft of design page describing server-side implementation of user short name -> fully-qualified name resolution.[1] In the end I have taken the liberty to change a few aspects of the design we have agreed on before and I will be grad if we can discuss them

Re: [Freeipa-devel] [IMPORTANT] nss-3.28.1-1.2.fc25 from updates-testing breaks FreeIPA

On 01/20/2017 10:13 AM, Martin Babinsky wrote: On 01/20/2017 10:05 AM, Martin Babinsky wrote: Hi list, I have noticed the following failures in our Travis CI during server installation phase: https://paste.fedoraproject.org/531238/84902361/ After inspecting ipaclient-install.log

Re: [Freeipa-devel] [IMPORTANT] nss-3.28.1-1.2.fc25 from updates-testing breaks FreeIPA

On 01/20/2017 10:05 AM, Martin Babinsky wrote: Hi list, I have noticed the following failures in our Travis CI during server installation phase: https://paste.fedoraproject.org/531238/84902361/ After inspecting ipaclient-install.log the following error can be observed: """ 2

[Freeipa-devel] [IMPORTANT] nss-3.28.1-1.2.fc25 from updates-testing breaks FreeIPA

Hi list, I have noticed the following failures in our Travis CI during server installation phase: https://paste.fedoraproject.org/531238/84902361/ After inspecting ipaclient-install.log the following error can be observed: """ 2017-01-20T08:47:51Z DEBUG Verifying that master.ipa.test (realm

Re: [Freeipa-devel] [DESIGN] Dogtag GSS-API Authentication

Hi Fraser, I have some rather inane comments. I guess Jan cholasta will do a more thorough review of your design. See below: On 01/06/2017 09:08 AM, Fraser Tweedale wrote: Hi comrades, I have written up the high-level details of the FreeIPA->Dogtag GSS-API authentication design. The goal

Re: [Freeipa-devel] CI: exporting test runner output

On 01/05/2017 08:06 AM, Fraser Tweedale wrote: Hi all, Although it has been discussed before and met with some skepticism, here is a POC that exporting test runner output to, e.g. a pastebin, does work: - experimental commit: https://github.com/freeipa/freeipa/pull/370 - example paste:

Re: [Freeipa-devel] Travis CI unexpected PEP8 errors

On 12/14/2016 09:00 AM, Standa Laznicka wrote: On 12/14/2016 02:53 AM, Ben Lipton wrote: Hi all, I'm pretty sure this is unrelated to the CI issues discussed in other threads recently, but they reminded me that I've been having this odd issue.

Re: [Freeipa-devel] Travis CI broke after merging PR 177

On 12/13/2016 09:41 AM, Martin Babinsky wrote: Hi list, https://github.com/freeipa/freeipa/pull/177 was recently merged despite causing nearly half of the tests in our Travis CI gating to fail. This broke Travis CI for all other PR that were rebased after this merge, causing false negative

Re: [Freeipa-devel] Travis CI broke after merging PR 177

On 12/13/2016 01:41 PM, Fraser Tweedale wrote: On Tue, Dec 13, 2016 at 01:11:37PM +0100, Martin Babinsky wrote: On 12/13/2016 01:07 PM, Fraser Tweedale wrote: On Tue, Dec 13, 2016 at 09:41:40AM +0100, Martin Babinsky wrote: Hi list, https://github.com/freeipa/freeipa/pull/177 was recently

Re: [Freeipa-devel] CI failures - I need your help

On 12/13/2016 12:20 PM, Fraser Tweedale wrote: Hi all, The CI failures caused by one of my recent commits have me baffled. It is exactly this commit[1] at which the problems begin. I cannot see anything in the commit to point a finger at. In-tree tests run fine. [1]

Re: [Freeipa-devel] Travis CI broke after merging PR 177

On 12/13/2016 01:07 PM, Fraser Tweedale wrote: On Tue, Dec 13, 2016 at 09:41:40AM +0100, Martin Babinsky wrote: Hi list, https://github.com/freeipa/freeipa/pull/177 was recently merged despite causing nearly half of the tests in our Travis CI gating to fail. This broke Travis CI for all other

[Freeipa-devel] Travis CI broke after merging PR 177

Hi list, https://github.com/freeipa/freeipa/pull/177 was recently merged despite causing nearly half of the tests in our Travis CI gating to fail. This broke Travis CI for all other PR that were rebased after this merge, causing false negative errors everywhere. Fraser reverted the

Re: [Freeipa-devel] pam_winbind(sshd:auth): pam_get_item returned a password

On 11/16/2016 10:41 AM, rajat gupta wrote: I am using FreeIPA version 4.4.0 and Active Directory trust setup. on Active Directory side I am using UPN suffix. Following are my setup. AD DOMANIN :- corp.addomain.com UPN suffix :- usern...@mydomain.com

Re: [Freeipa-devel] Script to setup Kerberized NFS exports using IPA

On 11/07/2016 05:43 PM, Justin Mitchell wrote: I have been working on a python script to setup secure NFS exports using kerberos that relies heavily on FreeIPA, and is in many ways the server side compliment to ipa-client-automount. It attempts to automatically discover the setup, and falls back

Re: [Freeipa-devel] [PATCH] 0221 fix trustdomain-del

On 11/01/2016 09:42 AM, Alexander Bokovoy wrote: On ti, 01 marras 2016, Martin Babinsky wrote: On 10/31/2016 05:23 PM, Alexander Bokovoy wrote: See description. This is a regression since FreeIPA 4.4.0. Hi Alexander, Please link upstream ticket[1] to the commit message, not BZ. I have

Re: [Freeipa-devel] [PATCH] 0221 fix trustdomain-del

On 10/31/2016 05:23 PM, Alexander Bokovoy wrote: See description. This is a regression since FreeIPA 4.4.0. Hi Alexander, Please link upstream ticket[1] to the commit message, not BZ. I have put on my Travis hat and found: 1.) pep8 error: ./ipaserver/plugins/trust.py:1623:25: E128

[Freeipa-devel] tomcat-8.0.37-3.fc24.noarch package from updates testing breaks CA instance spawn

An update for Apache Tmocat recently pushed into bodhi[1] seems to break CA instance spawning in a spectacular way.[2] It seems that the update once again breaks the loading of Java classes during Dogtag server initialization. I gave the package negative karma and I suggest for you to do the

Re: [Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test

On 10/14/2016 03:48 PM, Oleg Fayans wrote: So, did I understand correctly, that there would be 2 patches: one containing test for basic idoverrides functionality without AD-integration, and the second one - with AD-integration and an sssd check, correct? I guess, the

[Freeipa-devel] announcing ipa-docker-test-runner

Hi fellow FreeIPA developers, Did you ever wanted to have a means to build FreeIPA rpms locally without pulling in all the build requires or firing up VMs just to do such a simple task? Did you ever wish to fire up a quick script which will build RPMs and install FreeIPA server for you to

[Freeipa-devel] python-nss-1.0.0-2.fc24.x86_64 from updates-testing breaks FreeIPA client API

Hi list, today I noticed the following exceptions in my VMs when installing/using FreeIPA: """ # ipa ping exception in SSLSocket.handshake_callback Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipapython/nsslib.py", line 258, in handshake_callback channel =

Re: [Freeipa-devel] Suspicious IPA cert test fail after upgrade to pki-ca-10.3.5-6

On 09/22/2016 01:41 PM, Martin Basti wrote: Hello all, Following test is failing: test_cert_find.test_0007_find_revocation_reason_0

Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails

On 09/09/2016 11:30 AM, Lenka Doudova wrote: On 09/09/2016 01:53 AM, Fraser Tweedale wrote: On Thu, Sep 08, 2016 at 01:15:03PM +0200, Martin Babinsky wrote: On 09/08/2016 04:00 AM, Fraser Tweedale wrote: The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa

Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails

On 09/08/2016 04:00 AM, Fraser Tweedale wrote: The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa/ticket/6309 Thanks, Fraser ACK. Does this patch also fix the (reopened) https://fedorahosted.org/freeipa/ticket/3473 ? -- Martin^3 Babinsky -- Manage your

Re: [Freeipa-devel] [PATCH 190] expose `--secret` option in radiusproxy-* commands

On 09/07/2016 03:55 PM, Jan Cholasta wrote: On 21.7.2016 10:50, Jan Cholasta wrote: On 21.7.2016 10:13, Martin Babinsky wrote: On 07/20/2016 12:10 PM, Martin Babinsky wrote: On 07/19/2016 12:32 PM, Jan Cholasta wrote: Hi, On 18.7.2016 13:51, Martin Babinsky wrote: https://fedorahosted.org

Re: [Freeipa-devel] [PATCH] 0102..0105 Better handling for cert-request to disabled CA

On 09/06/2016 04:51 PM, Fraser Tweedale wrote: On Tue, Aug 30, 2016 at 10:54:32AM +0200, Martin Babinsky wrote: On 08/26/2016 04:19 AM, Fraser Tweedale wrote: The attached patches add better handling of cert-request failure due to target CA being disabled (#6260). To do this, rather than go

Re: [Freeipa-devel] [PATCH] 0101 Add ca-disable and ca-enable commands

On 09/06/2016 04:49 PM, Fraser Tweedale wrote: On Tue, Aug 30, 2016 at 10:23:10AM +0200, Martin Babinsky wrote: On 08/30/2016 10:09 AM, Jan Cholasta wrote: Hi, On 30.8.2016 09:56, Martin Babinsky wrote: On 08/25/2016 10:25 AM, Fraser Tweedale wrote: Hi team, The attached patch fixes https

Re: [Freeipa-devel] [PATCH] 0100 Track lightweight CAs on replica installation

On 09/05/2016 07:46 PM, Fraser Tweedale wrote: On Mon, Aug 29, 2016 at 06:39:58PM +0200, Martin Babinsky wrote: On 08/23/2016 08:40 AM, Fraser Tweedale wrote: Hi folks, Please review attached patch which fixes https://fedorahosted.org/freeipa/ticket/6019. Thanks, Fraser Hi Fraser, I

Re: [Freeipa-devel] [PATCH] 0102..0105 Better handling for cert-request to disabled CA

On 08/26/2016 04:19 AM, Fraser Tweedale wrote: The attached patches add better handling of cert-request failure due to target CA being disabled (#6260). To do this, rather than go and do extra work in Dogtag that we would depend on, instead I bite the bullet and refactor ra.request_certificate

Re: [Freeipa-devel] [PATCH] 0101 Add ca-disable and ca-enable commands

On 08/30/2016 10:09 AM, Jan Cholasta wrote: Hi, On 30.8.2016 09:56, Martin Babinsky wrote: On 08/25/2016 10:25 AM, Fraser Tweedale wrote: Hi team, The attached patch fixes https://fedorahosted.org/freeipa/ticket/6257. The behaviour of cert-request when the CA is disabled is not very nice

Re: [Freeipa-devel] [PATCH] 0101 Add ca-disable and ca-enable commands

On 08/25/2016 10:25 AM, Fraser Tweedale wrote: Hi team, The attached patch fixes https://fedorahosted.org/freeipa/ticket/6257. The behaviour of cert-request when the CA is disabled is not very nice (it reports a server error from Dogtag). The Dogtag REST interface gives much better errors so

Re: [Freeipa-devel] [PATCH] 0100 Track lightweight CAs on replica installation

On 08/23/2016 08:40 AM, Fraser Tweedale wrote: Hi folks, Please review attached patch which fixes https://fedorahosted.org/freeipa/ticket/6019. Thanks, Fraser Hi Fraser, I have couple of comments: 1.) -for entry in lwcas: -

Re: [Freeipa-devel] [PATCH 0215-0216] Child domain fixes for AD trust

On 08/19/2016 10:28 AM, Alexander Bokovoy wrote: On Wed, 17 Aug 2016, Martin Babinsky wrote: On 08/08/2016 01:27 PM, Alexander Bokovoy wrote: Hi! Attached two patches attempt to fix some of the issues we see with child domains. SSSD only 'sees' users from child domains if there is an ID

Re: [Freeipa-devel] [PATCH] 0207, 0218-0219 Solving trust conflicts and external trust topology fixes

On 08/18/2016 05:13 PM, Martin Babinsky wrote: On 08/18/2016 01:25 PM, Martin Babinsky wrote: On 08/17/2016 01:20 PM, Alexander Bokovoy wrote: On Wed, 17 Aug 2016, Martin Babinsky wrote: Hi Alexander, patch 207: LGTM, but I have a feeling that the patch should be linked to both #6021

Re: [Freeipa-devel] [PATCH] 0207, 0218-0219 Solving trust conflicts and external trust topology fixes

On 08/18/2016 01:25 PM, Martin Babinsky wrote: On 08/17/2016 01:20 PM, Alexander Bokovoy wrote: On Wed, 17 Aug 2016, Martin Babinsky wrote: Hi Alexander, patch 207: LGTM, but I have a feeling that the patch should be linked to both #6021 and #6076 so that it is not lost during backports

Re: [Freeipa-devel] [PATCH] 0207, 0218-0219 Solving trust conflicts and external trust topology fixes

On 08/17/2016 01:20 PM, Alexander Bokovoy wrote: On Wed, 17 Aug 2016, Martin Babinsky wrote: Hi Alexander, patch 207: LGTM, but I have a feeling that the patch should be linked to both #6021 and #6076 so that it is not lost during backports. patch 218: ipalib/errors.py: 1.) I'm not sure

Re: [Freeipa-devel] [PATCH 0215-0216] Child domain fixes for AD trust

On 08/08/2016 01:27 PM, Alexander Bokovoy wrote: Hi! Attached two patches attempt to fix some of the issues we see with child domains. SSSD only 'sees' users from child domains if there is an ID range for each of them. However, after refactoring of trust code when external trust was

Re: [Freeipa-devel] [PATCH 0063] Raise error on topology disconnect/last-role-host removal during server uninstall

On 08/17/2016 02:38 PM, Stanislav Laznicka wrote: On 08/17/2016 02:17 PM, Martin Babinsky wrote: On 08/16/2016 03:47 PM, Stanislav Laznicka wrote: On 08/15/2016 02:20 PM, Martin Babinsky wrote: On 08/15/2016 02:13 PM, Martin Babinsky wrote: On 08/12/2016 12:08 PM, Stanislav Laznicka wrote

Re: [Freeipa-devel] [PATCH 0063] Raise error on topology disconnect/last-role-host removal during server uninstall

On 08/16/2016 03:47 PM, Stanislav Laznicka wrote: On 08/15/2016 02:20 PM, Martin Babinsky wrote: On 08/15/2016 02:13 PM, Martin Babinsky wrote: On 08/12/2016 12:08 PM, Stanislav Laznicka wrote: Hello, topology disconnect/last-role-host removal errors would just be logged during server

Re: [Freeipa-devel] [PATCH] 0207, 0218-0219 Solving trust conflicts and external trust topology fixes

On 08/17/2016 12:41 PM, Alexander Bokovoy wrote: On Wed, 17 Aug 2016, Martin Babinsky wrote: On 08/15/2016 06:06 PM, Alexander Bokovoy wrote: On Mon, 15 Aug 2016, Alexander Bokovoy wrote: Hi! Attached are trust-related patches. 0207 is a pre-requisite. I did send it before, it is re

Re: [Freeipa-devel] [PATCH] 0207, 0218-0219 Solving trust conflicts and external trust topology fixes

On 08/17/2016 12:13 PM, Martin Babinsky wrote: On 08/15/2016 06:06 PM, Alexander Bokovoy wrote: On Mon, 15 Aug 2016, Alexander Bokovoy wrote: Hi! Attached are trust-related patches. 0207 is a pre-requisite. I did send it before, it is re-formatting of the ipaserver/dcerpc.py to be close

Re: [Freeipa-devel] [PATCH] 0207, 0218-0219 Solving trust conflicts and external trust topology fixes

On 08/15/2016 06:06 PM, Alexander Bokovoy wrote: On Mon, 15 Aug 2016, Alexander Bokovoy wrote: Hi! Attached are trust-related patches. 0207 is a pre-requisite. I did send it before, it is re-formatting of the ipaserver/dcerpc.py to be close to PEP8 requirements. 0218 is an automated trust

Re: [Freeipa-devel] [PATCH 0063] Raise error on topology disconnect/last-role-host removal during server uninstall

On 08/15/2016 02:13 PM, Martin Babinsky wrote: On 08/12/2016 12:08 PM, Stanislav Laznicka wrote: Hello, topology disconnect/last-role-host removal errors would just be logged during server uninstall even if ignore options are not present. The host would still appear in the topology even after

Re: [Freeipa-devel] [PATCH 0063] Raise error on topology disconnect/last-role-host removal during server uninstall

On 08/12/2016 12:08 PM, Stanislav Laznicka wrote: Hello, topology disconnect/last-role-host removal errors would just be logged during server uninstall even if ignore options are not present. The host would still appear in the topology even after "successful" uninstall.

Re: [Freeipa-devel] [PATCH 42-44, 48-51][tests] RFE: Allow users to authenticate with alternative names

On 07/28/2016 01:44 PM, Milan Kubík wrote: On 07/28/2016 12:51 PM, Martin Babinsky wrote: On 07/27/2016 11:54 AM, Milan Kubík wrote: Hi Milan, the tests seem to work as expected except `test_enterprise_principal_UPN_overlap_without_additional_suffix` which crashes on #6099. I have a few

Re: [Freeipa-devel] [PATCH 42-47][tests] RFE: Allow users to authenticate with alternative names

On 07/27/2016 11:54 AM, Milan Kubík wrote: Hi Milan, the tests seem to work as expected except `test_enterprise_principal_UPN_overlap_without_additional_suffix` which crashes on #6099. I have a few comments, however: This is a test that hits a known bug. I have added an expected fail

[Freeipa-devel] [PATCH 0197] re-set canonical principal name on migrated users

migration of user aliases. -- Martin^3 Babinsky From 208ee38df29cf05436b6a1dd6c3556f70bbbd62d Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 28 Jul 2016 10:42:58 +0200 Subject: [PATCH] re-set canonical principal name on migrated users The migration procedu

Re: [Freeipa-devel] [PATCH] 0096 caacl: fix regression in rule instantiation

On 07/28/2016 03:31 AM, Fraser Tweedale wrote: The attached patch fixes a kerberos.Principal-related regression. Thanks, Fraser Hi Fraser, The ticket you linked in the commit message points to a closed milestone. You have to open a new ticket which needs to be triaged. Sorry, those are the

Re: [Freeipa-devel] [PATCH 0194] harden the check for trust namespace overlap in new principals

On 07/27/2016 03:30 PM, David Kupka wrote: On 26/07/16 13:18, Martin Babinsky wrote: On 07/21/2016 12:56 PM, Martin Babinsky wrote: '*-add-principal' would crash with error if the trusted domains did not have any UPN suffixes or NETBIOS name associated with them. This patch fixes that. Big

Re: [Freeipa-devel] [PATCH 0196] baseldap: Fix MidairCollision instantiation during entry modification

On 07/26/2016 05:22 PM, Alexander Bokovoy wrote: On Tue, 26 Jul 2016, Martin Babinsky wrote: Fix for https://fedorahosted.org/freeipa/ticket/6097 Since this issue was found during investigation of other ticket[1], you can test it by performing steps to reproduce #6041, but instead of internal

Re: [Freeipa-devel] [Test][patch-0053] Forced-client-reenrollment test fixed.

On 07/26/2016 03:34 PM, Oleg Fayans wrote: Hi Martin, The patch was updated according to your suggestions. A separate patch removing outdated tests is attached. On 07/08/2016 02:10 PM, Martin Basti wrote: On 07.07.2016 08:09, Oleg Fayans wrote: Updated version of the patch is attached with

[Freeipa-devel] [PATCH 0196] baseldap: Fix MidairCollision instantiation during entry modification

. [1] https://fedorahosted.org/freeipa/ticket/6041 -- Martin^3 Babinsky From 8f0d6dab08f61fe2fd1ad64a63f7ab91fc5227d4 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Mon, 25 Jul 2016 14:05:08 +0200 Subject: [PATCH] baseldap: Fix MidairCollision instantiation

Re: [Freeipa-devel] [PATCH 0553] CI tests: improve log collecting in tests

On 07/25/2016 06:24 PM, Martin Basti wrote: On 25.07.2016 18:02, Martin Babinsky wrote: On 07/22/2016 06:13 PM, Martin Basti wrote: On 20.07.2016 17:41, Martin Basti wrote: On 19.07.2016 17:05, Martin Basti wrote: On 19.07.2016 16:18, Martin Basti wrote: Patch attached. self

Re: [Freeipa-devel] [PATCH 0194] harden the check for trust namespace overlap in new principals

On 07/21/2016 12:56 PM, Martin Babinsky wrote: '*-add-principal' would crash with error if the trusted domains did not have any UPN suffixes or NETBIOS name associated with them. This patch fixes that. Big thanks to Milan who found and reported the issue during writing tests for the feature

Re: [Freeipa-devel] [PATCH 42-47][tests] RFE: Allow users to authenticate with alternative names

On 07/25/2016 02:05 PM, Milan Kubík wrote: On 07/25/2016 01:53 PM, Milan Kubík wrote: Hi, I'm sending the tests for kerberos principal aliases rfe. The tests are implemented according to test plan [1] sent earlier. Some of the patches implement modifications and extensions to previous code to

Re: [Freeipa-devel] [PATCH 0553] CI tests: improve log collecting in tests

On 07/22/2016 06:13 PM, Martin Basti wrote: On 20.07.2016 17:41, Martin Basti wrote: On 19.07.2016 17:05, Martin Basti wrote: On 19.07.2016 16:18, Martin Basti wrote: Patch attached. self-NACK, my assumptions were wrong, this doesn't work if any of log files do not exist

Re: [Freeipa-devel] [PATCH 0029][Tests] Adding authentication test to trust test suite

On 07/22/2016 11:20 AM, Lenka Doudova wrote: On 07/20/2016 02:28 PM, Martin Babinsky wrote: On 07/19/2016 10:41 AM, Lenka Doudova wrote: Hi, this patch adds authentication test (specifically "kinit -E ipauser@IPADOMAIN") to basic trust test suite, as requested by Sumit.

Re: [Freeipa-devel] [PATCH 0555] AVC: use copy during instalation to keep SELinux context valid

On 07/22/2016 04:45 PM, Martin Basti wrote: On 22.07.2016 16:38, Martin Babinsky wrote: On 07/22/2016 03:49 PM, Petr Spacek wrote: On 21.7.2016 19:49, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/6111 I was able to reproduce this locally with vagrant, but I haven't been able

Re: [Freeipa-devel] [PATCH 0555] AVC: use copy during instalation to keep SELinux context valid

On 07/22/2016 03:49 PM, Petr Spacek wrote: On 21.7.2016 19:49, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/6111 I was able to reproduce this locally with vagrant, but I haven't been able to reproduce this in LAB, I don't know where differences are (cloud vs desktop fedora?)

Re: [Freeipa-devel] [PATCH] 0012 Fix session cookies

On 07/22/2016 03:47 PM, Petr Spacek wrote: On 22.7.2016 10:08, Florence Blanc-Renaud wrote: Hi, please find attached a patch related to session cookies used by IPA API. https://fedorahosted.org/freeipa/ticket/5984 ACK Pushed to: master: bc7eb99a2959980c1abf31f77610cec2f098744b ipa-4-3:

Re: [Freeipa-devel] [PATCH 0195] Create indexes for krbCanonicalName attribute

On 07/22/2016 02:37 PM, thierry bordaz wrote: Hi Martin, The patch looks good. Just a question krbPrincipalName is caseExactIA5Match but is also indexed caseIgnoreIA5Match. Do you think it would be need for krbCanonicalName as well ? thanks thierry On 07/22/2016 01:27 PM, Martin Babinsky

[Freeipa-devel] [PATCH 0195] Create indexes for krbCanonicalName attribute

https://fedorahosted.org/freeipa/ticket/6100 -- Martin^3 Babinsky From 618f68499cd3d9537ef0947132155fad6fa61da4 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 22 Jul 2016 13:02:38 +0200 Subject: [PATCH] Create indexes for krbCanonicalName att

Re: [Freeipa-devel] [PATCH] 963 unite log file name of ipa-ca-install

On 07/21/2016 05:49 PM, Petr Vobornik wrote: On 07/21/2016 05:47 PM, Martin Babinsky wrote: On 07/21/2016 05:22 PM, Petr Vobornik wrote: On 07/19/2016 09:27 AM, Petr Vobornik wrote: On 07/19/2016 08:01 AM, Jan Cholasta wrote: Hi, On 18.7.2016 18:50, Florence Blanc-Renaud wrote: On 07/15

Re: [Freeipa-devel] [PATCH] 963 unite log file name of ipa-ca-install

On 07/21/2016 05:22 PM, Petr Vobornik wrote: On 07/19/2016 09:27 AM, Petr Vobornik wrote: On 07/19/2016 08:01 AM, Jan Cholasta wrote: Hi, On 18.7.2016 18:50, Florence Blanc-Renaud wrote: On 07/15/2016 04:29 PM, Petr Vobornik wrote: ipa-ca-install said that it used

[Freeipa-devel] [PATCH 0194] harden the check for trust namespace overlap in new principals

-- Martin^3 Babinsky From bb1b54a1d7432af719c6051b79b9afdef8e87c96 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Wed, 20 Jul 2016 15:46:22 +0200 Subject: [PATCH] harden the check for trust namespace overlap in new principals This check must handle the possi

Re: [Freeipa-devel] [PATCH 190] expose `--secret` option in radiusproxy-* commands

On 07/20/2016 12:10 PM, Martin Babinsky wrote: On 07/19/2016 12:32 PM, Jan Cholasta wrote: Hi, On 18.7.2016 13:51, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/6078 I don't think we want the secret searchable. Add a 'no_search' flag to the param to fix that. Honza

Re: [Freeipa-devel] [PATCH 0028][Tests] Fix failing user tests

On 07/20/2016 04:11 PM, Lenka Doudova wrote: On 07/20/2016 02:04 PM, Martin Babinsky wrote: On 07/15/2016 06:10 PM, Lenka Doudova wrote: Hi, here's patch with fix for failing user tests, specifically tests with renaming users. Failures were caused by RFE Kerberos principal aliases. As part

Re: [Freeipa-devel] [PATCH 0029][Tests] Adding authentication test to trust test suite

On 07/19/2016 10:41 AM, Lenka Doudova wrote: Hi, this patch adds authentication test (specifically "kinit -E ipauser@IPADOMAIN") to basic trust test suite, as requested by Sumit. Intended to be applied after my patches 25.4 and 26.3 (already waiting to be pushed). Lenka Hi Lenka, Code

Re: [Freeipa-devel] [PATCH 0028][Tests] Fix failing user tests

On 07/15/2016 06:10 PM, Lenka Doudova wrote: Hi, here's patch with fix for failing user tests, specifically tests with renaming users. Failures were caused by RFE Kerberos principal aliases. As part of the fix, I had to rewrite few of the tests themselves, since they used "--setattr" option

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 07/20/2016 12:08 PM, Martin Babinsky wrote: On 07/19/2016 01:25 PM, Martin Babinsky wrote: On 07/19/2016 01:13 PM, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Martin Babinsky wrote: On 07/18/2016 12:29 PM, Martin Babinsky wrote: > On 07/18/2016 10:01 AM, Jan Cholasta wrote: >

Re: [Freeipa-devel] [PATCH 190] expose `--secret` option in radiusproxy-* commands

On 07/19/2016 12:32 PM, Jan Cholasta wrote: Hi, On 18.7.2016 13:51, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/6078 I don't think we want the secret searchable. Add a 'no_search' flag to the param to fix that. Honza 'no_search' flag breaks the API backwards

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 07/19/2016 01:25 PM, Martin Babinsky wrote: On 07/19/2016 01:13 PM, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Martin Babinsky wrote: On 07/18/2016 12:29 PM, Martin Babinsky wrote: > On 07/18/2016 10:01 AM, Jan Cholasta wrote: > > Hi, > > > > On 16.7.2016 12:46, Al

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 07/19/2016 01:13 PM, Alexander Bokovoy wrote: On Mon, 18 Jul 2016, Martin Babinsky wrote: On 07/18/2016 12:29 PM, Martin Babinsky wrote: > On 07/18/2016 10:01 AM, Jan Cholasta wrote: > > Hi, > > > > On 16.7.2016 12:46, Alexander Bokovoy wrote: > > > H

Re: [Freeipa-devel] [PATCH 0183] ipa-advise: correct handling of plugin namespace iteration

On 07/18/2016 08:46 AM, Jan Cholasta wrote: Hi, On 11.7.2016 14:18, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/6044 Note that you should use .name rather than .__name__ to get plugin names, otherwise the code won't work with plugins with non-default names

Re: [Freeipa-devel] [PATCH 0025][Tests] RFE: External trust

On 07/18/2016 04:59 PM, Lenka Doudova wrote: On 07/18/2016 04:55 PM, Martin Babinsky wrote: On 07/14/2016 11:42 AM, Lenka Doudova wrote: On 07/13/2016 05:40 PM, Martin Babinsky wrote: On 07/01/2016 04:15 PM, Lenka Doudova wrote: On 07/01/2016 02:38 PM, Martin Babinsky wrote: On 07/01

Re: [Freeipa-devel] [PATCH] 0210 frontend: fix output validation for multiple type choices

On 07/18/2016 12:29 PM, Martin Babinsky wrote: On 07/18/2016 10:01 AM, Jan Cholasta wrote: Hi, On 16.7.2016 12:46, Alexander Bokovoy wrote: Hi, I had some time and was blocked by these bugs to do my tickets so I actually fixed these three problems that are assigned to Martin Babinsky

Re: [Freeipa-devel] [PATCH] 0211-0212 Make sure --raw option works for trust-add

On 07/16/2016 12:50 PM, Alexander Bokovoy wrote: Hi, I had some time and was blocked by these bugs to do my tickets so I actually fixed these three problems that are assigned to Martin Babinsky. Hopefully, Martin wouldn't be offended by that. :) Note that this fix (patch 0211) has potential

[Freeipa-devel] Please use https:// url for freeipa.git repo

It seems that access to upstream freeipa.git repo through Git protocol does not work (or was deliberately disabled by Fedora infra). Please use HTTPS for fetching/cloning/pulling/etc., so replace git://git.fedorahosted.org/git/freeipa.git with https://git.fedorahosted.org/git/freeipa.git in

Re: [Freeipa-devel] [PATCH 0186] DNS install: Ensure that DNS servers container exists

On 07/15/2016 10:32 AM, Stanislav Laznicka wrote: On 07/14/2016 05:51 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/6083 ACK, works as expected. ..and putting the list back into the loop -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing

[Freeipa-devel] [PATCH 0186] DNS install: Ensure that DNS servers container exists

https://fedorahosted.org/freeipa/ticket/6083 -- Martin^3 Babinsky From 91341e5a3e2838825228ea746d42b72d72bb6f6a Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 14 Jul 2016 17:14:59 +0200 Subject: [PATCH] DNS install: Ensure that DNS servers container

Re: [Freeipa-devel] [PATCH 0110] schema: Fix subtopic -> topic mapping

On 07/14/2016 01:21 PM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/6069 ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [PATCH 0185] messages: specify message type for ResultFormattingError

https://fedorahosted.org/freeipa/ticket/6081 -- Martin^3 Babinsky From dd2dfe4bf0a629716145af83c1b7f73595290079 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Wed, 13 Jul 2016 18:22:04 +0200 Subject: [PATCH] messages: specify message type for ResultFormattin

Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

On 07/01/2016 04:45 PM, Lenka Doudova wrote: On 07/01/2016 03:04 PM, Martin Babinsky wrote: On 07/01/2016 11:13 AM, Lenka Doudova wrote: And, of course, a patch file :) On 07/01/2016 11:09 AM, Lenka Doudova wrote: Hi all, here's patch with basic test suite for support of UPN. Note

Re: [Freeipa-devel] [PATCH 0179] Preserve user principal aliases during rename operation

On 07/13/2016 05:00 PM, Simo Sorce wrote: On Wed, 2016-07-13 at 16:35 +0200, Martin Babinsky wrote: On 07/13/2016 04:28 PM, Simo Sorce wrote: On Wed, 2016-07-13 at 16:19 +0200, Martin Babinsky wrote: On 07/13/2016 03:08 PM, Simo Sorce wrote: On Wed, 2016-07-13 at 14:37 +0200, Petr

Re: [Freeipa-devel] [PATCH 0179] Preserve user principal aliases during rename operation

On 07/13/2016 04:28 PM, Simo Sorce wrote: On Wed, 2016-07-13 at 16:19 +0200, Martin Babinsky wrote: On 07/13/2016 03:08 PM, Simo Sorce wrote: On Wed, 2016-07-13 at 14:37 +0200, Petr Vobornik wrote: On 07/12/2016 04:19 PM, Simo Sorce wrote: On Tue, 2016-07-12 at 15:46 +0200, Martin

Re: [Freeipa-devel] [PATCH 0179] Preserve user principal aliases during rename operation

On 07/13/2016 03:08 PM, Simo Sorce wrote: On Wed, 2016-07-13 at 14:37 +0200, Petr Vobornik wrote: On 07/12/2016 04:19 PM, Simo Sorce wrote: On Tue, 2016-07-12 at 15:46 +0200, Martin Babinsky wrote: On 07/12/2016 02:00 PM, Martin Babinsky wrote: On 07/12/2016 01:05 PM, Alexander Bokovoy

  1   2   3   4   5   6   7   8   >