freeipa.git/ipaserver, branch pwdpolicy FreeIPA patches cert: fix search limit handling in cert-find 2017-01-24T12:53:07+00:00 Jan Cholasta jcholast@redhat.com 2017-01-17T13:34:33+00:00 85834abad655c6aed54c0253bc194ece81d78774 If search limits are not specified in cert-find, use the configured limits. This applies to the certificate search in the CA as well. Detect and report if size limit was exceeded in the certificate search in the CA. Do not apply limits to the internal ca-find call. https://fedorahosted.org/freeipa/ticket/6564 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> 
If search limits are not specified in cert-find, use the configured limits.
This applies to the certificate search in the CA as well.

Detect and report if size limit was exceeded in the certificate search in
the CA.

Do not apply limits to the internal ca-find call.

https://fedorahosted.org/freeipa/ticket/6564

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
dogtag: search past the first 100 certificates 2017-01-24T12:53:07+00:00 Jan Cholasta jcholast@redhat.com 2016-12-21T08:55:40+00:00 d84edc43e55c2f7c30614a4a5268aeb58e33a087 Dogtag requires a size limit to be specified when searching for certificates. When no limit is specified in the dogtag plugin, a limit of 100 entries is assumed. As a result, an unlimited certificate search returns data only for a maximum of 100 certificates. Raise the "unlimited" limit to the maximum value Dogtag accepts. https://fedorahosted.org/freeipa/ticket/6564 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> 
Dogtag requires a size limit to be specified when searching for
certificates. When no limit is specified in the dogtag plugin, a limit of
100 entries is assumed. As a result, an unlimited certificate search
returns data only for a maximum of 100 certificates.

Raise the "unlimited" limit to the maximum value Dogtag accepts.

https://fedorahosted.org/freeipa/ticket/6564

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
py3: decode bytes for json.loads() 2017-01-24T12:25:47+00:00 Martin Basti mbasti@redhat.com 2017-01-12T15:20:43+00:00 18337bf7f7c31a47fe0c7280f82fca043b548bd5 In py 3.5 json.loads requires to have string as input, all bytes must be decoded. Note: python 3.6 supports bytes for json.loads() https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
In py 3.5 json.loads requires to have string as input, all bytes must be
decoded.

Note: python 3.6 supports bytes for json.loads()

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
dogtag.py: fix exception logging of JSON data 2017-01-24T12:25:47+00:00 Martin Basti mbasti@redhat.com 2017-01-11T13:38:25+00:00 0eb5a0e0ec2d232d2921ae5f9e8d0885146a5610 'read_ca' and 'create_ca' have no logging when exception happened and it masks real reason why it failed. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
'read_ca' and 'create_ca' have no logging when exception happened and it
masks real reason why it failed.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
py3: convert_attribute_members: don't use bytes as parameter for DN 2017-01-24T12:25:47+00:00 Martin Basti mbasti@redhat.com 2017-01-11T12:39:04+00:00 1e0f98a146ecedf84b8e3e07fbd41a897ddd399d due perfomance improvement in e4930b3235e5d61d227a7e43d30a8feb7f35664d we have to decode value before it can be used in DN() constructor. https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
due perfomance improvement in e4930b3235e5d61d227a7e43d30a8feb7f35664d
we have to decode value before it can be used in DN() constructor.

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
py3: __add_acl: use standard ipaldap methods 2017-01-24T12:25:47+00:00 Martin Basti mbasti@redhat.com 2017-01-11T11:35:08+00:00 4b148c8ca3d022020fa6caccf02729c090c8dbcb Using raw pyldap interface we have to keep vaules as bytes. Is easier to migrate to ipaldap and use strings without decoding and encoding. https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Using raw pyldap interface we have to keep vaules as bytes. Is easier to
migrate to ipaldap and use strings without decoding and encoding.

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
py3: add_entry_to_group: attribute name must be string not bytes 2017-01-24T12:25:47+00:00 Martin Basti mbasti@redhat.com 2017-01-11T09:23:04+00:00 0a1d7f2e01819ad6e4a19d0416b3a01883dea7d0 With bytes as attribute name pyldap raises type error https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
With bytes as attribute name pyldap raises type error

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
py3: cainstance: replace mkstemp with NamedTemporaryFile 2017-01-24T12:25:47+00:00 Martin Basti mbasti@redhat.com 2017-01-10T15:44:46+00:00 232ceed5bbfb0afa45078d8e95b84dabe4d7cafd With Python3 files must be opened in textual mode to write text, and best practise is to use fileobject instead fo os.write() and manual encodig https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
With Python3 files must be opened in textual mode to write text, and
best practise is to use fileobject instead fo os.write() and manual
encodig

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
py3: write CA/KRA config into file opened in text mode 2017-01-24T12:25:47+00:00 Martin Basti mbasti@redhat.com 2017-01-10T12:33:41+00:00 2547bca8df69e6c4d5f4c67a63fbc3c06ccc95c6 config parser writes data as text so CA/KRA should be opened in textual mode otherwise type errors are raised from installer https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
config parser writes data as text so CA/KRA should be opened in textual
mode otherwise type errors are raised from installer

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
py3: CA/KRA: config parser requires string 2017-01-24T12:25:47+00:00 Martin Basti mbasti@redhat.com 2017-01-09T18:28:57+00:00 0d4074b4f1a57ed6545d819aa5a48e4b35237568 basedn is DN object it has to be converted to string before it can be used with config parser https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
basedn is DN object it has to be converted to string before it can be
used with config parser

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>