<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 11.12.2015 15:40, Jan Cholasta
wrote:<br>
</div>
<blockquote cite="mid:566AE079.2030501@redhat.com" type="cite">On
11.12.2015 08:03, Jan Cholasta wrote:
<br>
<blockquote type="cite">On 11.12.2015 07:08, Jan Cholasta wrote:
<br>
<blockquote type="cite">On 10.12.2015 15:56, Martin Babinsky
wrote:
<br>
<blockquote type="cite">On 12/10/2015 09:48 AM, Jan Cholasta
wrote:
<br>
<blockquote type="cite">On 9.12.2015 16:38, Jan Cholasta
wrote:
<br>
<blockquote type="cite">On 9.12.2015 14:52, Jan Cholasta
wrote:
<br>
<blockquote type="cite">On 9.12.2015 10:02, Jan Cholasta
wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
the attached patches fix
<br>
<a class="moz-txt-link-rfc2396E" href="https://fedorahosted.org/freeipa/ticket/5497"><https://fedorahosted.org/freeipa/ticket/5497></a>.
<br>
</blockquote>
<br>
Note that this needs selinux-policy fix to work, so
put SELinux into
<br>
permissive mode for testing:
<br>
<a class="moz-txt-link-rfc2396E" href="https://bugzilla.redhat.com/show_bug.cgi?id=1289930"><https://bugzilla.redhat.com/show_bug.cgi?id=1289930></a>.
<br>
</blockquote>
<br>
Updated patches attached.
<br>
</blockquote>
<br>
I screwed up a change in patch 524 and accidentally
included a chunk of
<br>
code in patch 525 that doesn't belong in it.
<br>
<br>
Updated patches attached.
<br>
<br>
<br>
<br>
</blockquote>
<br>
Patches work as expected and I was not able to find any
functional
<br>
problem.
<br>
<br>
I have a question about the naming of the oddjob helper
script: the one
<br>
related to trusts is named
'com.redhat.idm.trust-fetch-domains', and the
<br>
conncheck runner is named 'org.freeipa.server.conncheck'. I
don't want
<br>
to start another bikeshedding conversation but shouldn't we
named them
<br>
in a consistent fashion (either rename the first one in
separate patch
<br>
or rename the new helper to
com.redhat.idm.server.conncheck)?
<br>
<br>
I understand that as an upstream, we should go with the
'org.freeipa.*'
<br>
convention, but having two helpers with different prefixes
makes me sad.
<br>
</blockquote>
<br>
If you look at the larger picture, org.freeipa is the
consistent name.
<br>
It makes me sad as well, but mistakes should be corrected.
This is
<br>
similar to how we use PEP8 in new code, but do not fix it in
old code
<br>
just for the sake of fixing it.
<br>
<br>
<blockquote type="cite">
<br>
That is a nitpick though, it does not affect the overall
functionality
<br>
of the patches so ACK.
<br>
</blockquote>
<br>
Thanks for the review. The current patch 523 breaks the trusts
oddjob
<br>
with SELinux in enforcing mode, I will send an update which
corrects
<br>
that, until bug 1289930 is fixed.
<br>
</blockquote>
<br>
Updated patches attached.
<br>
</blockquote>
<br>
Rebased on top of current master.
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Just question, should be any kinited user allowed to run conncheck
via rpc?<br>
<br>
Martin^2<br>
</body>
</html>