[Freeipa-devel] [freeipa PR#398][opened] Support for Certificate Identity Mapping

URL: https://github.com/freeipa/freeipa/pull/398 Author: flo-renaud Title: #398: Support for Certificate Identity Mapping Action: opened PR body: """ See design http://www.freeipa.org/page/V4/Certificate_Identity_Mapping https://fedorahosted.org/freeipa/ticket/6542 ""

[Freeipa-devel] [freeipa PR#395][comment] Configure PKI ajp redirection to use "localhost" instead of "::1"

URL: https://github.com/freeipa/freeipa/pull/395 Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1" flo-renaud commented: """ Please wait before merging this PR. @pvoborni Endi suggests 2 possible strategies for the upgrade fix: e

[Freeipa-devel] [freeipa PR#395][comment] Configure PKI ajp redirection to use "localhost" instead of "::1"

URL: https://github.com/freeipa/freeipa/pull/395 Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1" flo-renaud commented: """ Hi @tomaskrizek, I was not able to reproduce the master install issue. Here are my steps: On the master:

[Freeipa-devel] [freeipa PR#395][opened] Configure PKI ajp redirection to use "localhost" instead of "::1"

URL: https://github.com/freeipa/freeipa/pull/395 Author: flo-renaud Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1" Action: opened PR body: """ When ipa-server-install configures PKI, it provides a configuration file with th

[Freeipa-devel] [freeipa PR#355][comment] Set up DS TLS on replica in CA-less topology

URL: https://github.com/freeipa/freeipa/pull/355 Title: #355: Set up DS TLS on replica in CA-less topology flo-renaud commented: """ @tomaskrizek FYI, the current documentation states that ipa-certupdate must be run after ipa-ca-install (see https://access.redhat.com/docu

[Freeipa-devel] [freeipa PR#319][+ack] [master] gracefully handle setting replica bind dn group on old masters

URL: https://github.com/freeipa/freeipa/pull/319 Title: #319: [master] gracefully handle setting replica bind dn group on old masters Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://

[Freeipa-devel] [freeipa PR#319][comment] [master] gracefully handle setting replica bind dn group on old masters

URL: https://github.com/freeipa/freeipa/pull/319 Title: #319: [master] gracefully handle setting replica bind dn group on old masters flo-renaud commented: """ Hi, thanks for the patch. It works as expected. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#322][comment] masters DS<1.3.3 do not support bind group

URL: https://github.com/freeipa/freeipa/pull/322 Title: #322: masters DS<1.3.3 do not support bind group flo-renaud commented: """ Hi, there is already an open PR for this issue: https://github.com/freeipa/freeipa/pull/319 for master and https://github.com/freeipa/freeipa/pu

[Freeipa-devel] [freeipa PR#315][comment] [ipa-4-4] gracefully handle setting replica bind dn group on old masters

URL: https://github.com/freeipa/freeipa/pull/315 Title: #315: [ipa-4-4] gracefully handle setting replica bind dn group on old masters flo-renaud commented: """ Hi, thanks for the patch. Everything works as expected. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#315][+ack] [ipa-4-4] gracefully handle setting replica bind dn group on old masters

URL: https://github.com/freeipa/freeipa/pull/315 Title: #315: [ipa-4-4] gracefully handle setting replica bind dn group on old masters Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http:/

[Freeipa-devel] [freeipa PR#318][+ack] server install: fix external CA install

URL: https://github.com/freeipa/freeipa/pull/318 Title: #318: server install: fix external CA install Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/C

[Freeipa-devel] [freeipa PR#318][comment] server install: fix external CA install

URL: https://github.com/freeipa/freeipa/pull/318 Title: #318: server install: fix external CA install flo-renaud commented: """ Works as expected. """ See the full comment at https://github.com/freeipa/freeipa/pull/318#issuecomment-265688266 -- Manage your subs

[Freeipa-devel] [freeipa PR#292][synchronized] Increase the timeout waiting for certificate issuance in installer

URL: https://github.com/freeipa/freeipa/pull/292 Author: flo-renaud Title: #292: Increase the timeout waiting for certificate issuance in installer Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/292

[Freeipa-devel] [freeipa PR#292][synchronized] Increase the timeout waiting for certificate issuance in installer

URL: https://github.com/freeipa/freeipa/pull/292 Author: flo-renaud Title: #292: Increase the timeout waiting for certificate issuance in installer Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/292

[Freeipa-devel] [freeipa PR#292][comment] Increase the timeout waiting for certificate issuance in installer

URL: https://github.com/freeipa/freeipa/pull/292 Title: #292: Increase the timeout waiting for certificate issuance in installer flo-renaud commented: """ @martbab @mbasti-rh: I checked the code and some parts already use api.env.startup_timeout for certmonger requests (in ipa_c

[Freeipa-devel] [freeipa PR#283][comment] [ipa-4-4] Prevent denial of replication updates during CA replica install

URL: https://github.com/freeipa/freeipa/pull/283 Title: #283: [ipa-4-4] Prevent denial of replication updates during CA replica install flo-renaud commented: """ Hi, the patch works as expected. Thanks! """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#283][+ack] [ipa-4-4] Prevent denial of replication updates during CA replica install

URL: https://github.com/freeipa/freeipa/pull/283 Title: #283: [ipa-4-4] Prevent denial of replication updates during CA replica install Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http:

[Freeipa-devel] [freeipa PR#285][comment] Check the result of cert request in replica installer

URL: https://github.com/freeipa/freeipa/pull/285 Title: #285: Check the result of cert request in replica installer flo-renaud commented: """ Thanks for the suggestion. I added certmonger's request status in the exception message. """ See the full com

[Freeipa-devel] [freeipa PR#285][synchronized] Check the result of cert request in replica installer

URL: https://github.com/freeipa/freeipa/pull/285 Author: flo-renaud Title: #285: Check the result of cert request in replica installer Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/285/head:pr285 git

[Freeipa-devel] [freeipa PR#285][opened] Check the result of cert request in replica installer

URL: https://github.com/freeipa/freeipa/pull/285 Author: flo-renaud Title: #285: Check the result of cert request in replica installer Action: opened PR body: """ When running ipa-replica-install in domain-level 1, the installer requests the LDAP and HTTP certificates using

[Freeipa-devel] [freeipa PR#270][comment] Test: uniqueness of certificate renewal master

URL: https://github.com/freeipa/freeipa/pull/270 Title: #270: Test: uniqueness of certificate renewal master flo-renaud commented: """ Hi, you may also want to perform the same test after changing the renewal master with _ipa config-mod --ca-renewal-master-server newrenewalmast

[Freeipa-devel] [freeipa PR#269][+ack] Prevent denial of replication updates during CA replica install

URL: https://github.com/freeipa/freeipa/pull/269 Title: #269: Prevent denial of replication updates during CA replica install Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freei

[Freeipa-devel] [freeipa PR#269][comment] Prevent denial of replication updates during CA replica install

URL: https://github.com/freeipa/freeipa/pull/269 Title: #269: Prevent denial of replication updates during CA replica install flo-renaud commented: """ Hi, thanks for the patch! Everything works as expected. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#222][synchronized] Fix ipa-replica-install when upgrade from ca-less to ca-full

URL: https://github.com/freeipa/freeipa/pull/222 Author: flo-renaud Title: #222: Fix ipa-replica-install when upgrade from ca-less to ca-full Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/222/head:pr222

[Freeipa-devel] [freeipa PR#229][comment] Remove the renewal lock file upon uninstall

URL: https://github.com/freeipa/freeipa/pull/229 Title: #229: Remove the renewal lock file upon uninstall flo-renaud commented: """ Hi, I implemented @jcholast suggestions and finally found the origin of the lock. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#229][synchronized] Remove the renewal lock file upon uninstall

URL: https://github.com/freeipa/freeipa/pull/229 Author: flo-renaud Title: #229: Remove the renewal lock file upon uninstall Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/229/head:pr229 git checkout

[Freeipa-devel] [freeipa PR#239][+ack] cainstance: use correct certificate for replica install check

URL: https://github.com/freeipa/freeipa/pull/239 Title: #239: cainstance: use correct certificate for replica install check Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa

[Freeipa-devel] [freeipa PR#239][comment] cainstance: use correct certificate for replica install check

URL: https://github.com/freeipa/freeipa/pull/239 Title: #239: cainstance: use correct certificate for replica install check flo-renaud commented: """ Hi, works for me. """ See the full comment at https://github.com/freeipa/freeipa/pull/239#issuecomment-26039354

[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates

URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates flo-renaud commented: """ I updated the patch for renewal lock with a new fix. The timeout needs to be increased, but the lock may also happen because the renewal scr

[Freeipa-devel] [freeipa PR#229][synchronized] Remove the renewal lock file upon uninstall

URL: https://github.com/freeipa/freeipa/pull/229 Author: flo-renaud Title: #229: Remove the renewal lock file upon uninstall Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/229/head:pr229 git checkout

[Freeipa-devel] [freeipa PR#229][comment] Remove the renewal lock file upon uninstall

URL: https://github.com/freeipa/freeipa/pull/229 Title: #229: Remove the renewal lock file upon uninstall flo-renaud commented: """ You are right, I updated the PR to put the code at the end of server uninstallation. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#229][synchronized] Remove the renewal lock file upon uninstall

URL: https://github.com/freeipa/freeipa/pull/229 Author: flo-renaud Title: #229: Remove the renewal lock file upon uninstall Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/229/head:pr229 git checkout

[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates

URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates flo-renaud commented: """ Thanks Fraser! The patch for renewal lock file deletion is available at https://github.com/freeipa/freeipa/pull/229 """

[Freeipa-devel] [freeipa PR#229][opened] Remove the renewal lock file upon uninstall

URL: https://github.com/freeipa/freeipa/pull/229 Author: flo-renaud Title: #229: Remove the renewal lock file upon uninstall Action: opened PR body: """ Make sure that the file /var/run/ipa/renewal.lock is deleted upon uninstallation, in order to avoid subsequent installation i

[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates

URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates flo-renaud commented: """ Hi Fraser, can you check if the renewal lock was released after the last uninstallation? The file /var/run/ipa/renewal.lock should display

[Freeipa-devel] [freeipa PR#222][opened] Fix ipa-replica-install when upgrade from ca-less to ca-full

URL: https://github.com/freeipa/freeipa/pull/222 Author: flo-renaud Title: #222: Fix ipa-replica-install when upgrade from ca-less to ca-full Action: opened PR body: """ When ipa-replica-prepare is run on a master upgraded from CA-less to CA-full, it creates the replica file

[Freeipa-devel] [freeipa PR#216][+ack] libexec scripts: ldap conn management

URL: https://github.com/freeipa/freeipa/pull/216 Title: #216: libexec scripts: ldap conn management Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Cod

[Freeipa-devel] [freeipa PR#216][comment] libexec scripts: ldap conn management

URL: https://github.com/freeipa/freeipa/pull/216 Title: #216: libexec scripts: ldap conn management flo-renaud commented: """ Thanks for the update. Works for me. """ See the full comment at https://github.com/freeipa/freeipa/pull/216#issuecomment-259406309 --

[Freeipa-devel] [freeipa PR#219][edited] Refactor installer code requesting certificates

URL: https://github.com/freeipa/freeipa/pull/219 Author: flo-renaud Title: #219: Refactor installer code requesting certificates Action: edited Changed field: body Original value: """ With this PR, the certificates requested during server installation are now consistently o

[Freeipa-devel] [freeipa PR#219][opened] Refactor installer code requesting certificates

URL: https://github.com/freeipa/freeipa/pull/219 Author: flo-renaud Title: #219: Refactor installer code requesting certificates Action: opened PR body: """ With this PR, the certificates requested during server installation are now consistently obtained through certmonger (

[Freeipa-devel] [freeipa PR#126][synchronized] Fix ipa migrate-ds when it finds a search reference

URL: https://github.com/freeipa/freeipa/pull/126 Author: flo-renaud Title: #126: Fix ipa migrate-ds when it finds a search reference Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/126/head:pr126 git

[Freeipa-devel] [freeipa PR#138][comment] Fix ipa-cacert-manage man page

URL: https://github.com/freeipa/freeipa/pull/138 Title: #138: Fix ipa-cacert-manage man page flo-renaud commented: """ Hi, thanks for your comment. Yes, the IDM guide is currently being updated to describe this requirement. See [lastSuccessfulBuild](http://jenkinscat.gsslab

[Freeipa-devel] [freeipa PR#138][comment] Fix ipa-cacert-manage man page

URL: https://github.com/freeipa/freeipa/pull/138 Title: #138: Fix ipa-cacert-manage man page flo-renaud commented: """ Hi, thanks for your comment. Yes, the IDM guide is currently being updated to describe this requirement. See [lastSuccessfulBuild](http://jenkinscat.gsslab

[Freeipa-devel] [freeipa PR#138][opened] Fix ipa-cacert-manage man page

URL: https://github.com/freeipa/freeipa/pull/138 Author: flo-renaud Title: #138: Fix ipa-cacert-manage man page Action: opened PR body: """ When the admin runs ipa-cacert-manage install, he should also run ipa-certupdate on master/replicas/clients in order to update the certifi

[Freeipa-devel] [freeipa PR#126][synchronized] Fix ipa migrate-ds when it finds a search reference

URL: https://github.com/freeipa/freeipa/pull/126 Author: flo-renaud Title: #126: Fix ipa migrate-ds when it finds a search reference Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/126/head:pr126 git

[Freeipa-devel] [freeipa PR#126][opened] Fix ipa migrate-ds when it finds a search reference

URL: https://github.com/freeipa/freeipa/pull/126 Author: flo-renaud Title: #126: Fix ipa migrate-ds when it finds a search reference Action: opened PR body: """ When ipa migrate-ds finds user entries and a search reference, it complains that the LDAP search did not return any

[Freeipa-devel] [freeipa PR#121][comment] Pylint: enable unused-variable check

URL: https://github.com/freeipa/freeipa/pull/121 Title: #121: Pylint: enable unused-variable check flo-renaud commented: """ Agree with you, ACK. """ See the full comment at https://github.com/freeipa/freeipa/pull/121#issuecomment-249822167 -- Manage your subs

[Freeipa-devel] [freeipa PR#94][comment] [ipa-4-2] Keep NSS trust flags of existing certificates

URL: https://github.com/freeipa/freeipa/pull/94 Title: #94: [ipa-4-2] Keep NSS trust flags of existing certificates flo-renaud commented: """ Hi Tomas, the backport works for me as well. """ See the full comment at https://github.com/freeipa/freeipa/pull/94#iss

[Freeipa-devel] [freeipa PR#94][+ack] [ipa-4-2] Keep NSS trust flags of existing certificates

URL: https://github.com/freeipa/freeipa/pull/94 Title: #94: [ipa-4-2] Keep NSS trust flags of existing certificates Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/pag

[Freeipa-devel] [freeipa PR#76][comment] Keep NSS trust flags of existing certificates

URL: https://github.com/freeipa/freeipa/pull/76 Title: #76: Keep NSS trust flags of existing certificates flo-renaud commented: """ (re-sending as setting the review state did not send any email) Hi Tomas, thanks for your patch. Works as expected. """

[Freeipa-devel] [freeipa PR#76][+ack] Keep NSS trust flags of existing certificates

URL: https://github.com/freeipa/freeipa/pull/76 Title: #76: Keep NSS trust flags of existing certificates Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribu

[Freeipa-devel] [freeipa PR#69][comment] Fix ipa-replica-install with RHEL 6.8 master

URL: https://github.com/freeipa/freeipa/pull/69 Title: #69: Fix ipa-replica-install with RHEL 6.8 master flo-renaud commented: """ Please ignore this PR as the issue has been fixed in IPA 3.0 (in ipa-replica-prepare). """ See the full comment at https://gith

[Freeipa-devel] [freeipa PR#50] Add cert checks in ipa-server-certinstall (synchronize)

flo-renaud's pull request #50: "Add cert checks in ipa-server-certinstall" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/50 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/50/head:pr50 gi

[Freeipa-devel] [freeipa PR#50] Add cert checks in ipa-server-certinstall (comment)

flo-renaud commented on a pull request """ Bump for review """ See the full comment at https://github.com/freeipa/freeipa/pull/50#issuecomment-246921696 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freei

[Freeipa-devel] [freeipa PR#71] Fix regression introduced in ipa-certupdate (opened)

flo-renaud's pull request #71: "Fix regression introduced in ipa-certupdate" was opened PR body: """ The fix for 6288 was overwritten by commit 08b768313020c45bfa82d67cd214afabf605f4b3. https://fedorahosted.org/freeipa/ticket/6288 """ See the full pull-request at https://github.com/freeipa/fre

[Freeipa-devel] [freeipa PR#69] Fix ipa-replica-install with RHEL 6.8 master (opened)

flo-renaud's pull request #69: "Fix ipa-replica-install with RHEL 6.8 master" was opened PR body: """ ipa-replica-prepare creates a gpg file containing realm_info/cacert.p12 with the certificates. When run on a RHEL 6.8 instance, cacert.p12 contains twice the same cert (for caSigningCert cert-pki

[Freeipa-devel] [freeipa PR#50] Add cert checks in ipa-server-certinstall (synchronize)

flo-renaud's pull request #50: "Add cert checks in ipa-server-certinstall" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/50 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/50/head:pr50 gi

[Freeipa-devel] [freeipa PR#50] Add cert checks in ipa-server-certinstall (synchronize)

flo-renaud's pull request #50: "Add cert checks in ipa-server-certinstall" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/50 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/50/head:pr50 gi

[Freeipa-devel] [freeipa PR#50] Add cert checks in ipa-server-certinstall (synchronize)

flo-renaud's pull request #50: "Add cert checks in ipa-server-certinstall" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/50 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/50/head:pr50 gi

[Freeipa-devel] [freeipa PR#50] Add cert checks in ipa-server-certinstall (opened)

flo-renaud's pull request #50: "Add cert checks in ipa-server-certinstall" was opened PR body: """ When ipa-server-certinstall is called to install a new server certificate, the prerequisite is that the certificate issuer must be already known by IPA. This fix adds new checks to make sure that th

<    1   2