[PATCH] - Add DRM to IPA
by Ade Lee
Hi all,
I have rebased all the previous patches against master, and have squashed them all into a single patch.
Its a large patch, but as many folks have already reviewed the constituent precursor patches, most if it
should be familiar and easier to review.
The main difference with what was specified before is that the DRM database is installed as a subtree
to o=ipaca. This means that no new replication agreements will be needed to replicate DRM data.
Replication agreements set up for the Dogtag CA will automatically replicate DRM data.
In order for this patch to work, a new 10.2 build of Dogtag 10.2 is needed - with specific changes to
allow the ability to install a database as a subtree of an existing tree. At this time, these
changes have not yet been checked into the dogtag source. You can obtain such a build from:
http://copr.fedoraproject.org/coprs/vakwetu/dogtag/build/21936/
Please review,
Thanks,
Ade
10 years, 8 months
[PATCH] 226 - allow databse to be installed as subtree of existing ldap tree
by Ade Lee
Add ability to create database as subtree of existing tree
This patch adds the ability to create a subsystem that uses
an existing subtree to create the internal basedn. This is useful
for instance, for IPA which will use the original o=ipaca as the
top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca.
The patch also allows such a system to be cloned, but not to setup the
replication agreements, on the assumption that the data is already being
replicated at the top-level DN or some higher level.
The patch also contains some minor cleanups - removing unused imports and
removal of an invalid reference in the python code.
Ticket 1051
Note: Changes to the man pages will be submitted in a separate follow-on patch.
Please review,
Ade
10 years, 8 months
[PATCH] Removed 'java-atk-wrapper' dependency from 'pki-server'
by Matthew Harmsen
After conversations with other members of the Dogtag team, it was determined that 'java-atk-wrapper' may have once been needed,
but was probably no longer required.
Per their suggestion, I removed the dependency, and successfully built the following scratch builds on Koji:
Fedora 20:
*http://koji.fedoraproject.org/koji/taskinfo?taskID=7147156
*http://koji.fedoraproject.org/koji/taskinfo?taskID=7147161 (x86_64)
Fedora 21:
*http://koji.fedoraproject.org/koji/taskinfo?taskID=7147431
*http://koji.fedoraproject.org/koji/taskinfo?taskID=7147435 (x86_64)
Additionally, as this was a runtime requirement, after removing the 'java-atk-wrapper' package, I successfully downloaded, installed,
configured, and tested the Fedora 20 RPMS.
Please review the attached patch.
-- Matt
10 years, 8 months
LDAP profiles progress update (and patch preview)
by Fraser Tweedale
Hi all,
Drafts of my first two patches in for LDAP profiles are attached.
There are several more patches yet to come, including switching the
ProfileSubsystem from files to LDAP, which is almost complete.
I am not as far along in the implementation as I hoped for this
week, but not too far behind. My main stumbling blocks last week
were typos and other invalid things in my schema definition, and the
Dogtag SELinux doing that rounds that culminated in a Bugzilla
ticket for selinux-policy-targeted[1] and a blog post[2] about it.
Patch 0004 add the LDAP schema for profile profiles, and patch 0005
add an LDAPConfigStore class that profiles will use to load and save
their configuration to the database.
Feedback is most welcome.
Cheers,
Fraser
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1117673
[2] http://blog-ftweedal.rhcloud.com/2014/07/diagnosing-a-dogtag-selinux-issue/
10 years, 8 months
PTO Monday 07/14/2014
by Abhishek Koneru
Will be on PTO for 1 day as i will be out of town.
Thanks,
Abhishek
10 years, 8 months
[PATCH] 100 Refactoring profile.py and fixes a few issues
by Abhishek Koneru
The attached patch contains the following changes.
-- Refactoring profile.py and replacing the usage of property with a
dictionary for attribute name conversions(when sending the objects back
to server).
-- Replace the logic of traversing the dict of NOTYPES with a search in
NOTYPES.itervalues for the instance of an object. The traversal method
causes an issue in-case of inherited classes as
isinstance(cert_review_response, obj)) is true for obj=
CertEnrolmentRequest/CertReviewResponse. Since a dict is not an ordered
data structure, we cannot traverse it correctly. This creates problems
during attr name conversion.
This can still be modified by using a Set for NOTYPES and TYPES and
adding the class objects to the sets and performing a lookup.
Since this requires changes across the python code, i think we should
take this up in a separate patch.
-- Rewrote the attr_name_conversion method in encoder.py to return a new
dict with the changes attribute names rather than make the changes to
the object's __dict__. This would allow re-usage of the object.
Otherwise an AttributeError will be raised when accessing an attribute.
--Abhishek
10 years, 8 months
[PATCH] 516 Added transport cert attributes.
by Endi Sukma Dewata
The REST service has been modified to return additional attributes
for transport certificate including serial number, issuer DN,
subject DN, and resource link.
Ticket #1065
--
Endi S. Dewata
10 years, 8 months
[PATCH] 515 Fixed transport certificate delimiters.
by Endi Sukma Dewata
The REST service and client library have been fixed to use the correct
delimiters for transport certificate.
The REST service was also modified to insert a new line between the
header and the certificate data.
Ticket #1063
--
Endi S. Dewata
10 years, 8 months
