[Freeipa-devel] [Freeipa-interest] Announcing FreeIPA 4.4.0 alpha1
Ellen Newlands
enewland at redhat.com
Wed Jun 22 14:10:13 UTC 2016
Hello Peter and Team -
Excellent news and great work behind this announcement. Congratulations!
On 21 Jun 2016, at 13:56, Petr Vobornik <pvoborni at redhat.com> wrote:
> == FreeIPA 4.4.0 Alpha 1 ===
>
> The FreeIPA team would like to announce FreeIPA v4.4.0 alpha1 release!
>
> A tarball can be downloaded from http://www.freeipa.org/page/Downloads
>
> == Highlights in 4.4.0 Alpha 1 ==
>
> Enhancements:
> * Improved Topology Management
> <http://www.freeipa.org/page/V4/Manage_replication_topology_4_4>
> * Added Overview of IPA server roles:
> <http://www.freeipa.org/page/V4/Server_Roles>
> * Added support certificates for AD users:
> <http://www.freeipa.org/page/V4/Certs_in_ID_overrides>
> * Added support of UPN for trusted domains
> <http://www.freeipa.org/page/V4/Support_of_UPN_for_trusted_domains>
> * Added support for Kerberos Authentication Indicators
> <http://www.freeipa.org/page/V4/Authentication_Indicators>
> * Added DNS Location Mechanism
> <http://www.freeipa.org/page/V4/DNS_Location_Mechanism>
> * Several performance improvements
> <http://www.freeipa.org/page/V4/Performance_Improvements>
> * Refactored IPA command line tool
> <http://www.freeipa.org/page/V4/Thin_Client>
> * Added support for Sub-CAs <http://www.freeipa.org/page/V4/Sub-CAs>
>
> == Detailed Changelog since 4.3.1 ==
>
> Abhijeet Kasurde (12):
> Added kpasswd_server directive in client krb5.conf
> Fixed login error message box in LoginScreen page
> Added fix for notifying user about Kerberos principal expiration
> in WebUI
> Added description related to 'status' in ipactl man page
> Added warning to user for Internet Explorer
> Added fix for notifying user about locked user account in WebUI
> Updated ipa command man page
> Fix added to ipa-compat-manage command line help
> Removed custom implementation of CalledProcessError
> Replaced find_hostname with api.env.host
> Added exception handling for mal-formatted XML Parsing
> Added missing translation to automount.py method
>
> Alexander Bokovoy (11):
> slapi-nis: update configuration to allow external members of IPA
> groups
> extdom: do not fail to process error case when no request is specified
> otptoken: support Python 3 for the qr code
> trusts: Add support for an external trust to Active Directory domain
> adtrust: remove nttrustpartner parameter
> adtrust: remove nttrustpartner parameter
> adtrust: support GSSAPI authentication to LDAP as Active Directory
> user
> adtrust: support UPNs for trusted domain users
> webui: show UPN suffixes in trust properties
> webui: support external flag to trust-add
> adtrust: optimize forest root LDAP filter
>
> Christian Heimes (3):
> Require Dogtag 10.2.6-13 to fix KRA uninstall
> Modernize mod_nss's cipher suites
> Move user/group constants for PKI and DS into ipaplatform
>
> David Kupka (28):
> installer: Propagate option values from components instead of
> copying them.
> installer: Fix logic of reading option values from cache.
> ipa-dns-install: Do not check for zone overlap when DNS installed.
> ipa-replica-prepare: Add '--auto-reverse' and
> '--allow-zone-overlap' options
> installer: Change reverse zones question to better reflect reality.
> Fix: Use unattended parameter instead of options.unattended
> CI: Add '2-connected' topology generator.
> CI: Add simple replication test in 2-connected topology.
> CI: Add test for 2-connected topology generator.
> CI: Fix pep8 errors in 2-connected topology generator
> CI: add empty topology test for 2-connected topology generator
> CI: Add double circle topology.
> CI: Add replication test utilizing double-circle topology.
> CI: Add test for double-circle topology generator.
> CI: Make double circle topology python3 compatible
> upgrade: Match whole pre/post command not just basename.
> dsinstance: add start_tracking_certificates method
> httpinstance: add start_tracking_certificates method
> Look up HTTPD_USER's UID and GID during installation.
> test: test_cli: Do not expect defaults in kwargs.
> man: Decribe ipa-client-install workaround for broken D-Bus
> enviroment.
> installer: positional_arguments must be tuple or list of strings
> installer: index() raises ValueError
> Remove unused locking "context manager"
> schema: Add fingerprint and TTL
> schema: Add known_fingerprints option to schema command
> schema: Cache schema in api instance
> schema: return fingerprint as unicode text
>
> Filip Skola (9):
> Refactor test_user_plugin, use UserTracker for tests
> Refactor test_replace
> Refactor test_attr
> Refactor test_sudocmd_plugin
> Refactor test_sudocmdgroup_plugin
> Refactor test_group_plugin, use GroupTracker for tests
> Refactor test_nesting, create HostGroupTracker
> Refactor test_hostgroup_plugin
> Refactor test_automember_plugin, create AutomemberTracker
>
> Florence Blanc-Renaud (5):
> Add missing CA options to the manpage for ipa-replica-install
> Add the culprit line when a configuration file has an incorrect format
> add context to exception on LdapEntry decode error
> batch command can be used to trigger internal errors on server
> Always qualify requests for admin in ipa-replica-conncheck
>
> Fraser Tweedale (22):
> Do not decode HTTP reason phrase from Dogtag
> Remove workaround for CA running check
> caacl: correctly handle full user principal name
> Prevent replica install from overwriting cert profiles
> Detect and repair incorrect caIPAserviceCert config
> Remove service and host cert issuer validation
> Allow CustodiaClient to be used by arbitrary principals
> Load server plugins in certmonger renewal helper
> Add ACIs for Dogtag custodia client
> Optionally add service name to Custodia key DNs
> Setup lightweight CA key retrieval on install/upgrade
> Authorise CA Agent to manage lightweight CAs
> Add custodia store for lightweight CA key replication
> Add 'ca' plugin
> Add IPA CA entry on install / upgrade
> Update 'caacl' plugin to support lightweight CAs
> Add CA argument to ra.request_certificate
> Update cert-request to allow specifying CA
> Add issuer options to cert-show and cert-find
> replica-install: configure key retriever before starting Dogtag
> upgrade: do not try to start CA if not configured
> restart scripts: bootstrap api with in_server=True
>
> Gabe Alford (1):
> ipa-nis-manage enable: change service name from 'portmap' to 'rpcbind'
>
> Jakub Hrozek (1):
> sudo: Fix a typo in the --help output of sudocmdgroup
>
> James Groffen (1):
> Set close button type attribute to 'button'.
>
> Jan Barta (1):
> pylint: fix: multiple-statements
>
> Jan Cholasta (112):
> ipautil: remove unused import causing cyclic import in tests
> ipalib: assume version 2.0 when skip_version_check is enabled
> ipapython: remove default_encoding_utf8
> ipapython: port p11helper C code to Python
> ipapython: use python-cryptography instead of libcrypto in p11helper
> spec file: package python-ipalib as noarch
> cert renewal: import all external CA certs on IPA CA cert renewal
> replica install: validate DS and HTTP server certificates
> replica promotion: fix AVC denials in remote connection check
> cacert install: fix trust chain validation
> client: stop using /etc/pki/nssdb
> ipalib: provide per-call command context
> ipalib: add convenient Command method for adding messages
> certdb: never use the -r option of certutil
> spec file: bump minimum required pki-core version
> build: fix client-only build
> makeapi: use the same formatting for `int` and `long` values
> replica install: do not set CA renewal master flag
> rpc: do not crash when unable to parse JSON
> parameters: remove unused ConversionError and ValidationError
> arguments
> rpc: include structured error information in responses
> frontend: re-raise remote RequirementError using CLI name in CLI
> frontend: remove the unused Command.soft_validate method
> frontend: perform argument value validation only on server
> batch: do not crash when no argument is specified
> ipalib: make optional positional command arguments actually optional
> frontend: do not forward unspecified positional arguments to server
> user: do not assume the preserve flags have value in user_del
> frontend: do not forward argument defaults to server
> makeapi: optimize API.txt
> ipalib: remove the unused `csv` argument of Param
> makeaci: load additional plugins using API.add_module
> plugable: replace API.import_plugins with new API.add_package
> ipalib, ipaserver: migrate all plugins to Registry-based registration
> ipalib, ipaserver: fix incorrect API.register calls in docstrings
> plugable: remove the unused deprecated API.register method
> plugable: switch API to Registry-based plugin discovery
> frontend: merge baseldap.CallbackRegistry into Command
> frontend: move the interactive_prompt callback type to Command
> automount: do not inherit automountlocation_import from LDAPQuery
> dns: move code called on client to the module level
> dns: do not rely on server data structures in code called on client
> otptoken: fix import of DN
> otptoken_yubikey: fix otptoken_add_yubikey arguments
> vault: move client-side code to the module level
> vault: copy arguments of client commands from server counterparts
> ipalib: use relative imports for cross-plugin imports
> frontend: allow commands to have an argument named `name`
> cli: make optional positional command arguments actually optional
> dns: fix dnsrecord interactive mode
> ipaclient: introduce ipaclient.plugins
> ipalib: move client-side plugins to ipaclient
> help, makeapi: allow setting command topic explicitly
> help, makeapi: specify module topic by name
> help, makeapi: do not use hardcoded plugin package name
> plugable: turn Plugin attributes into properties
> plugable: simplify API plugin initialization code
> plugable: remember overriden plugins in API
> frontend: turn Method attributes into properties
> ipaclient: add client-side command override class
> dns: move code shared by client and server to separate module
> ipalib: split off client-side plugin code into ipaclient
> parameters: introduce cli_metavar keyword argument
> parameters: introduce no_convert keyword argument
> ipalib: replace DeprecatedParam with `deprecated` Param argument
> ipalib: introduce API schema plugins
> rpc: respect API config in RPCClient.create_connection
> rpc: allow overriding NSS DB directory in API config
> rpc: specify connection options in API config
> rpc: optimize JSON-RPC response handling
> rpc: do not validate command name in RPCClient.forward
> client install: finalize API after CA certs are available
> ipactl: use server API
> ipalib: move File command arguments to ipaclient
> misc: hide the unused --all option of `env` and `plugins` in CLI
> ipaclient: implement thin client
> ipalib: move server-side plugins to ipaserver
> frontend: do not check API minor version of the client
> schema: do not validate unrequested params in command_defaults
> replica install: use remote server API to create service entries
> schema: fix topic command output
> schema: fix typo
> spec file: require correct packages to get API plugins
> plugable: allow plugins to be non-classes
> plugable: initialize plugins on demand
> schema: generate client-side commands on demand
> batch, schema: use Dict instead of Any
> misc: fix empty CLI output of `env` and `plugins` commands
> dns, passwd: fix outputs of `dns_resolve` and `passwd` commands
> frontend: call `execute` rather than `forward` in Local
> schema: exclude local commands
> schema: fix client-side dynamic defaults
> makeaci, makeapi: use in-server API
> frontend: don't copy command arguments to output params
> frontend: skip `value` output in output_for_cli
> frontend: do not crash on missing output in output_for_cli
> automember: add object plugin for automember_rebuild
> dns: do not rely on custom param fields in record attributes
> misc: skip `count` and `total` output in env.output_for_cli
> passwd: handle sort order of passwd argument on the client
> permission: handle ipapermright deprecated CLI alias on the client
> schema: add object class schema
> schema: remove output_params
> schema: merge command args and options
> schema: remove redundant information
> schema: remove `no_cli` from command schema
> replica install: fix thin client regression
> ldap: fix handling of binary data in search filters
> cert: add object plugin
> cert: add owner information
> cert: allow search by certificate
> dns: fix dns_update_system_records to work with thin client
>
> Jérôme Fenal (1):
> Fix the man page part for shorter sentences, to avoid dual
> understanding, and punctuation, all spotted while translating to French.
>
> Lenka Doudova (5):
> WebUI tests: fix failing of tests due to unclicable label
> WebUI test: ID views
> WebUI: Test creating user without private group
> Test fix: Cleanup for host certificate
> Test: Maximum username length higher than 255 cannot be set
>
> Ludwig Krispenz (2):
> prevent moving of topology entries out of managed scope by modrdn
> operations
> v2 - avoid crash in topology plugin when host list contains host
> with no hostname
>
> Lukáš Slebodník (6):
> extdom: Remove unused macro
> IPA-SAM: Fix build with samba 4.4
> CONFIGURE: Replace obsolete macros
> ipa-sam: Do not redefine LDAP_PAGE_SIZE
> SPEC: Remove unused build dependency on libwbclient
> BUILD: Remove detection of libcheck
>
> Martin Babinsky (44):
> raise more descriptive Backend connection-related exceptions
> harden domain level 1 topology connectivity checks
> ipalib/x509.py: revert deletion of ipalib api import
> prevent crash of CA-less server upgrade due to absent certmonger
> use FFI call to rpmvercmp function for version comparison
> tests for package version comparison
> fix Py3 incompatible exception instantiation in replica install code
> ipa-csreplica-manage: remove extraneous ldap2 connection
> IPA upgrade: move replication ACIs to the mapping tree entry
> uninstallation: more robust check for master removal from topology
> correctly set LDAP bind related attributes when setting up replication
> disable RA plugins when promoting a replica from CA-less master
> fix standalone installation of externally signed CA on IPA master
> reset ldap.conf to point to newly installer replica after promotion
> always start certmonger during IPA server configuration upgrade
> upgrade: unconditional import of certificate profiles into LDAP
> CI tests: use old schema when testing hostmask-based sudo rules
> use LDAPS during standalone CA/KRA subsystem deployment
> test_cert_plugin: use only first part of the hostname to construct
> short name
> only search for Kerberos SRV records when autodiscovery was requested
> spec: add conflict with bind-chroot to freeipa-server-dns
> spec: require python-cryptography newer than 0.9
> ipa-replica-manage: print traceback on unexpected error when in
> verbose mode
> otptoken-add: improve the robustness of QR code printing
> differentiate between limit types when LDAP search exceeds
> configured limits
> specify type of exceeded limit when warning about truncated search
> results
> replica-prepare: do not add PTR records if there is no IPA managed
> reverse zone
> Server Roles: definitions of server roles and attributes
> Server Roles: Backend plugin to query roles and attributes
> Test suite for `serverroles` backend
> Server Roles: public API for server roles
> Server Roles: make server-{show,find} utilize role information
> Server Roles: make *config-show consume relevant roles/attributes
> Server Roles: provide an API for setting CA renewal master
> Add NTP to the list of services stored in IPA masters LDAP subtree
> Introduce "NTP server" role
> ipaserver module for working with managed topology
> delegate removal of master DNS record and replica keys to separate
> functions
> server-del: perform full master removal in managed topology
> CI test suite for `server-del`
> ipa-replica-manage: use `server_del` when removing domain level 1
> replica
> remove the master from managed topology during uninstallation
> Fix listing of enabled roles in `server-find`
> Do not update result of *-config-show with empty server attributes
>
> Martin Bašti (147):
> Fix DNS tests: dns-resolve returns warning
> Remove unused code in server installer related to KRA
> Fix version comparison
> Fix: replace mkdir with chmod
> Use module variables for timedate_services
> Remove empty test file
> Remove unused imports
> Remove wildcard imports
> Enable multiple warnings checks in Pylint
> Enable pylint lost exception check
> Enable pylint duplicated-key check
> Enable pylint trailing-whitespace check
> Enable pylint missing-final-newline check
> Enable pylint unused-format-string-key check
> Enable pylint expression-not-assigned check
> Enable pylint empty-docstring check
> Enable pylint unnecessary-pass check
> update_uniqueness plugin: fix referenced before assigment error
> Allow to used mixed case for sysrestore
> Upgrade: Fix upgrade of NIS Server configuration
> DNSSEC test: fix adding zones with --skip-overlap-check
> DNSSEC CI: add missing ldns-utils dependency
> Enable pylint unpacking-non-sequence check
> Enable pylint unbalanced-tuple-unpacking check
> CI test: fix regression in task.install_kra
> Warn about potential loss of CA, KRA, DNSSEC during uninstall
> Fix: uninstall does not stop named-pkcs11 and ipa-ods-exporter
> Exclude o=ipaca subtree from Retro Changelog (syncrepl)
> Fix DNSSEC test: add glue record
> Warn user when ipa *-find reach limit
> DNSSEC CI: fix zone delegations
> make lint: use config file and plugin for pylint
> Upgrade: log to ipaupgrade.log when IPA server is not installed
> Disable new pylint checks
> Py3: do not use dict.iteritems()
> upgrade: fix config of sidgen and extdom plugins
> trusts: use ipaNTTrustPartner attribute to detect trust entries
> Warn user if trust is broken
> fix upgrade: wait for proper DS socket after DS restart
> Revert "test: Temporarily increase timeout in vault test."
> Remove duplicated except
> Pylint: add missing attributes of errors to definitions
> fix permission: Read Replication Agreements
> Make PTR records check optional for IPA installation
> Fix connections to DS during installation
> pylint: supress false positive no-member errors
> CI: allow customized DS install test to work with domain levels
> fix suspicious except statements
> Remove unused arguments from update_ssh_keys method
> Configure 389ds with "default" cipher suite
> krb5conf: use 'true' instead of 'yes' for forwardable option
> stageuser-activate: Normalize manager value
> Remove redundant parameters from CS.cfg in dogtaginstance
> Use platform path constant for SSSD log dir
> Fix broken trust warnings
> spec: Add missing dependencies to python*-ipalib package
> client: enable ChallengeResponseAuthentication in sshd_config
> pylint: remove bare except
> Pylint: fix definition of global variables
> Pylint: enable pointless-except check
> Pylint: enable reimported check
> Pylint: use list comprehension instead of iteration
> Pylint: import max one module per line
> Pylint: remove unnecessary-semicolon
> Pylint: enable invalid-name check
> SPEC: do not run upgrade when ipa server is not installed
> Fix: catch Exception instead of more specific exception types
> Fix stageuser-activate - managers test
> Add missing pre_common_callback to stageuser_add
> host_del: fix removal of host records
> host_del: replace dns-record find command with show
> host_del: remove unneeded dnszone-show command call
> host_del: split removing A/AAAA and PTR records to separate functions
> host_del: remove only A, AAAA, SSHFP, PTR records
> host_del: update help for --updatedns option
> host-del --updatedns: print warnings instead of error
> Use netifaces module instead of 'ip' command
> Limit max username length to 255 in config-mod
> Increase API version for 'ipamaxusernamelength' attribute change
> Configure httpd service from installer instead of directly from RPM
> Performace: don't download password attributes in host/user-find
> Do not do extra search for ipasshpubkey to generate fingerprints
> Always set hostname
> Remove deprecated hostname restoration from Fedora18
> Remove unused hostname variables
> Log errors from backup_and_replace hostname to logger
> Tasks: raise NotImplementedError for not implemented methods
> fix stageuser tests (removal of has_keytab and has_password from find)
> make: fail when ACI.txt or API.txt differs from values in source code
> ipactl: advertise --ignore-service-failure option
> Remove unused variable and finally block in SchemaCache
> Fix referenced before assigment variables in except statements
> Upgrade: always start CA
> Remove unused variables in automount plugin
> fix pylint false positive errors
> Translations: remove deprecated locale configuration
> Make option --no-members public in CLI
> Performance: Find commands: do not process members by default
> Test: fix failing host_test
> Fix: replace incorrect no_cli with no_option flag
> Fix: topologysuffix_find doesn't have no_members option
> DNS Locations: Always create DNS related privileges
> DNS Locations: add new attributes and objectclasses
> DNS Locations: location-* commands
> DNS Locations: API tests
> Allow to use non-Str attributes as keys for members
> DNS Locations: extend server-* command with locations
> DNS Location: location-show: return list of servers in location
> DNS Locations: when removing location remove it from servers first
> DNS Locations: extend tests with server-* commands
> Upgrade mod_wsgi socket-timeout on existing installation
> Exclude unneeded dirs and files from pylint check
> Fix resolve_rrsets: RRSet is not hashable
> Revert "adtrust: remove nttrustpartner parameter"
> Fix: Local variable s_indent might be referenced before defined
> Revert "Switch /usr/bin/ipa to Python 3"
> Use python2 for ipa cli
> DNS Locations: add index for ipalocation attribute
> DNS Locations: fix location-del
> DNS Locations: add idnsTemplateObject objectclass
> DNS Locations: DNS data management
> DNS Locations: permission: allow to read status of services
> DNS Locations: add ACI for template attribute
> DNS Locations: command dns-update-system-records
> DNS Locations: use dns_update_service_records in installers
> DNS Locations: adtrustinstance simplify dns management
> DNS Locations: use automatic records update in ipa-adtrust-install
> DNS Locations: server-mod: add automatic records update
> DNS Locations: dnsservers: add required objectclasses
> DNS Locations: dnsserver-* commands
> DNS Locations: dnsserver: put server_id option into named.conf
> DNS Locations: dnsserver: use the newer config way in installer
> DNS Locations: dnsserver: remove config when replica is removed
> DNS Locations: set proper substitution variable
> DNS Locations: require to restart named-pkcs11 affter location change
> DNS Locations: show warning if there is no DNS servers in location
> DNS Locations: prevent to remove used locations
> DNS Locations: do not generate location records for unused locations
> DNS Locations: location-del: remove location record
> DNS Locations: Rename ipalocationweight to ipaserviceweight
> DNS Locations: generate NTP records
> upgrade: don't fail if zone does not exists in in find
> DNS Location: add list of roles and DNS servers to location-show
> DNS Locations: dnsserver: print specific error when DNS is not
> installed
> Fix possibly undefined variable in ipa_smb_conf_exists()
> Updated IPA translations
> Replica promotion: use the correct IPA domain for replica
>
> Martin Košek (1):
> Update Developers in Contributors.txt
>
> Matt Rogers (1):
> ipa_kdb: add krbPrincipalAuthInd handling
>
> Michael Simacek (1):
> Fix bytes/string handling in rpc
>
> Milan Kubík (11):
> ipatests: replace the test-example.com domain in tests
> ipatests: Roll back the forwarder config after a test case
> ipatests: Fix configuration problems in dns tests
> ipatests: Make the A record for hosts in topology conditional
> ipatests: fix the install of external ca
> ipatests: Add missing certificate profile fixture
> ipatests: extend permission plugin test with new expected output
> spec file: rename the python-polib dependency name to python2-polib
> ipatests: fix for change_principal context manager
> ipatests: Add test case for requesting a certificate with full
> principal.
> spec: Add python-sssdconfig dependency for python-ipatests package
>
> Nathaniel McCallum (7):
> Don't error when find_base() fails if a base is not required
> Rename syncreq.[ch] to otpctrl.[ch]
> Ensure that ipa-otpd bind auths validate an OTP
> Return password-only preauth if passwords are allowed
> Enable authentication indicators for OTP and RADIUS
> Migrate from #ifndef guards to #pragma once
> Enable service authentication indicator management
>
> Oleg Fayans (26):
> CI tests: Enabled automatic creation of reverse zone during master
> installation
> CI tests: Added domain realm as a parameter to master installation
> in integration tests
> Fixed install_ca and install_kra under domain level 0
> fixed an issue with master installation not creating reverse zone
> Enabled recreation of test directory in apply_common_fixes function
> Updated connect/disconnect replica to work with both domainlevels
> Removed --ip-address option from replica installation
> Removed messing around with resolv.conf
> Integration tests for replica promotion feature
> Enabled setting domain level explicitly in test class
> Removed a constantly failing call to prepare_host
> Made apply_common_fixes call at replica installation independent
> on domain_level
> Workaround for ticket 5627
> Added copyright info to replica promotion tests
> rewrite a misprocessed teardown_method method as a custom decorator
> Reverted changes in mh fixture causing some tests to fail
> Fixed a bug with prepare_host failing upon existing ipatests folder
> Added a kdestroy call to clean ccache at master/client uninstallation
> Added 5 more tests to Replica Promotion testsuite
> Fixed a failure in legacy_client tests
> Add test if replica is working after domain upgrade
> Improve reporting of failed tests in topology test suite
> Bugfixes in managed topology tests
> A workaround for ticket N 5348
> Added necessary A record for the replica to root zone
> Increased certmonger timeout
>
> Patrice Duc-Jacquet (2):
> Incorrect message when KRA already installed
> Add more information regarding where to find revocation reason in
> "ipa cert_revoke -h" and "ipa cert_find -h".
>
> Pavel Vomacka (41):
> Add tool tips for Revert, Refresh, Undo, and Undo All
> Add support for the 'user' url parameter for the reset_password.html
> Add validation to Issue new certificate dialog
> Add pan and zoom functionality to the topology graph
> Nodes stay fixed after initial animation.
> Add field for group id in user add dialog
> Resize topology graph canvas according to window size
> Add X-Frame-Options and frame-ancestors options
> Add activate option to stage user details page
> Add 'skip overlap check' checkbox into add zone dialog
> Add 'skip overlap check' checkbox to the add dns forward zone dialog
> Add option to show OTP when adding host
> Update the delete dialog on details user page
> Add ability to stage multiple users
> Add option to stage user from details page
> Change lang.hitch to javascript bind method
> Change 'Restore' to 'Remove Hold'
> Extend the certificate request dialog
> Auth Indicators WebUI part
> Fix bad searching of reverse DNS zone
> Add adapter attribute for choosing record
> DNS Locations: WebUI part
> Add lists of hosts allowed to create or retrieve keytabs
> Correct a jslint warning
> Association table can be read only
> Extend table facet
> Add server roles on topology page
> Search facet can be without search field
> Add ability to review cert request dialog
> Add new webui plugin - ca
> Extend certificate entity page
> Extend caacl entity
> Make Actions string translatable
> Extend DNS config page
> Extend trust config page
> Add creating a segment using mouse
> Add listener which opens add segment dialog
> Add placeholder to add segment dialog
> Add DNS default TTL field
> Allow to set weight of a server without location
> DNS Servers: Web UI part
>
> Peter Lacko (1):
> Ping module tests.
>
> Petr Viktorin (46):
> Package ipapython, ipalib, ipaplatform, ipatests for Python 3
> Use explicit truncating division
> Don't index exceptions directly
> Use print_function future definition wherever print() is used
> Alias "unicode" to "str" under Python 3
> Avoid builtins that were removed in Python 3
> dnsutil: Rename __nonzero__ to __bool__
> Remove deprecated contrib/RHEL4
> make-lint: Allow running pylint --py3k to detect Python3 issues
> Split ipa-client/ into ipaclient/ (Python library) and client/ (C,
> scripts)
> test_parameters: Ignore specific error message
> ipaldap, ldapupdate: Encoding fixes for Python 3
> ipautil.run, kernel_keyring: Encoding fixes for Python 3
> tests: Use absolute imports
> ipautil: Use mode 'w+' in write_tmp_file
> test_util: str/bytes check fixes for Python 3
> p11helper: Port to Python 3
> cli: Don't encode/decode for stdin/stdout on Python 3
> Package python3-ipaclient
> Move get_ipa_basedn from ipautil to ipadiscovery
> ipadiscovery: Decode to unicode in ipacheckldap(), get_ipa_basedn()
> ipapython.sysrestore: Use str methods instead of functions from
> the string module
> ipalib.x809: Accept bytes for make_pem
> dns plugin: Fix zone normalization under Python 3
> sysrestore: Iterate over a list of dict keys
> test_xmlrpc: Use absolute imports
> xmlrpc_test: Rename exception instance before working with it
> radiusproxy plugin: Use str(error) rather than error.message
> xmlrpc_test: Expect bytes rather than strings for binary attributes
> ipalib.rpc: Send base64-encoded data as string under Python 3
> range plugin tests: Use bytes with MockLDAP under Python 3
> radiusproxy plugin tests: Expect bytes, not text, for
> ipatokenradiussecret
> certprofile plugin: Use binary mode for file with binary data
> test_add_remove_cert_cmd: Use bytes for base64.b64encode()
> Switch /usr/bin/ipa to Python 3
> Fix remaining relative import and enable Pylint check
> ipalib.cli: Improve reporting of binary values in the CLI
> test_cert_plugin: Encode 'certificate' for comparison with
> 'usercertificate'
> ipaldap: Keep attribute names as text, not bytes
> ipapython.secrets.kem: Use ConfigParser from six.moves
> test_topology_plugin: Don't rely on order of an attribute's values
> test_rpcserver: Expect updated error message under Python 3
> ipaplatform.redhat: Use bytestrings when calling rpm.so for
> version comparison
> test_ipaserver.test_ldap: Use bytestrings for raw LDAP values
> ipaldap: Convert dict items to list before iterating
> test_ipaserver.test_ldap: Adjust tests to Python 3's KeyView
>
> Petr Voborník (16):
> Bump 4.4 development version to 4.3.90
> webui: add examples to network address validator error message
> webui: pwpolicy cospriority field was marked as required
> spec: do not require arch specific ipalib package from noarch packages
> webui: dislay server suffixes in server search page
> stop installer when setup-ds.pl fail
> webui: crash nicely if sessionStorage is not available
> webui: remove moot error from webui build
> webui: use API call ca_is_enabled instead of enable_ra env variable.
> webui: fixed showing of success message after password change on login
> advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap
> plugins
> cookie parser: do not fail on cookie with empty value
> fix incorrect name of ipa-winsync-migrate command in help
> webui: fail nicely if cookies are disabled
> ipa-client-install: fix typo in nslcd service name
> Become IPA 4.4.0 Alpha 1
>
> Petr Špaček (51):
> dns: Handle SERVFAIL in check if domain already exists.
> DNSSEC: Improve error reporting from ipa-ods-exporter
> DNSSEC: Make sure that current state in OpenDNSSEC matches key
> state in LDAP
> DNSSEC: Make sure that current key state in LDAP matches key state
> in BIND
> DNSSEC: remove obsolete TODO note
> DNSSEC: add debug mode to ldapkeydb.py
> DNSSEC: logging improvements in ipa-ods-exporter
> DNSSEC: remove keys purged by OpenDNSSEC from master HSM from LDAP
> DNSSEC: ipa-dnskeysyncd: Skip zones with old DNSSEC metadata in LDAP
> DNSSEC: ipa-ods-exporter: add ldap-cleanup command
> DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removal
> DNSSEC: Log debug messages at log level DEBUG
> Fix --auto-reverse option in --unattended mode.
> Fix dns_is_enabled() API command to throw exceptions as appropriate
> Fix DNS zone overlap check to allow ipa-replica-install to work
> Fix ipa-adtrust-install to always generate SRV records with FQDNs
> Fix URL for reporting bugs in strings
> Pylint: enable parallelism
> Makefile: replace perl with sed
> Remove function ipapython.ipautil.host_exists()
> Extend installers with --forward-policy option
> Move automatic empty zone list into ipapython.dnsutil and make it
> reusable
> Add assert_absolute_dnsname() helper to ipapython.dnsutil
> Move function is_auto_empty_zone() into ipapython.dnsutil
> Use shared sanity check and tests
> ipapython.dnsutil.is_auto_empty_zone()
> Add function ipapython.dnsutil.inside_auto_empty_zone()
> Auto-detect default value for --forward-policy option in installers
> ipa-nis-manage: Replace text references to compat plugin with NIS
> ipa-nis-manage: mention return code 3 in man page
> DNS: Fix upgrade - master to forward zone transformation
> DNS installer: accept --auto-forwarders option in unattended mode
> Remove unused file install/share/fedora-ds.init.patch
> Batch command: avoid accessing potentially undefined context.principal
> pylint: replace Refactor category with individual check names
> ipa-nis-manage: add status option
> DNS: Warn if forwarding policy conflicts with automatic empty zones
> Move check_zone_overlap() from ipapython.ipautil to ipapython.dnsutil
> Use root_logger for verify_host_resolvable()
> Move IP address resolution from ipaserver.install.installutils to
> ipapython.dnsutil
> Turn verify_host_resolvable() into a wrapper around ipapython.dnsutil
> Add ipaDNSVersion option to dnsconfig* commands and use new attribute
> DNS upgrade: separate backup logic to make it reusable
> Add function ipapython.dnsutil.related_to_auto_empty_zone()
> DNS upgrade: change forwarding policy to = only for conflicting
> forward zones
> DNS upgrade: change global forwarding policy in LDAP to "only" if
> private IPs are used
> DNS upgrade: change global forwarding policy in named.conf to
> "only" if private IPs are used
> Require 389-ds-base >= 1.3.5.6
> DNS Locations: make ipa-ca record generation more robust
> DNS: Support default TTL setting for master DNS zones
> DNS: Warn about restart when default TTL setting DNS is changed
> DNS: Fix realm domains integration with DNS zone add.
>
> Simo Sorce (6):
> Use only AES enctypes by default
> Always verify we have a valid ldap context.
> Improve keytab code to select the right principal.
> Convert ipa-sam to use the new getkeytab control
> Allow admins to disable preauth for SPNs.
> Allow to specify Kerberos authz data type per user
>
> Stanislav Laznicka (21):
> Listing and cleaning RUV extended for CA suffix
> Automatically detect and remove dangling RUVs
> Cosmetic changes to the code
> Fixes minor issues
> replica-manage: fail nicely when DM psswd required
> ipa-replica-manage refactoring
> abort-clean/list/clean-ruv now work for both suffixes
> Moved password check from clean_dangling_ruv
> Fix to clean-dangling-ruv for single CA topologies
> Added pyusb as a dependency
> Added some attributes to Modify Users permission
> Deprecated the domain-level option in ipa-server-install
> Increased mod_wsgi socket-timeout
> Added <my_hostname>=<IPA REALM> mapping to krb5.conf
> Decreased timeout for IO blocking for DS
> fixes premature sys.exit in ipa-replica-manage del
> Remove dangling RUVs even if replicas are offline
> Added krb5.conf.d/ to included dirs in krb5.conf
> Removed dead code from LDAP{Remove,Add}ReverseMember
> Fixes CA always being presented as running
> Increase nsslapd-db-locks to 50000
>
> Sumit Bose (3):
> ipa-kdb: get_authz_data_types() make sure entry can be NULL
> ipa-kdb: map_groups() consider all results
> extdom: add certificate request
>
> Thierry Bordaz (3):
> configure DNA plugin shared config entries to allow connection
> with GSSAPI
> DS deadlock when memberof scopes topology plugin updates
> Make sure ipapwd_extop takes precedence over passwd_modify_extop
>
> Thorsten Scherf (1):
> Fixed typo in service-add
>
> Timo Aaltonen (6):
> Use HTTPD_USER in dogtaginstance.py
> Move freeipa certmonger helpers to libexecdir.
> ipa_restore: Import only FQDN from ipalib.constants
> ipaplatform: Move remaining user/group constants to
> ipaplatform.constants.
> Use ODS_USER/ODS_GROUP in opendnssec_conf.template
> Fix kdc.conf.template to use ipaplatform.paths.
>
> Tomáš Babej (10):
> py3: Remove py3 incompatible exception handling
> logger: Use warning instead of warn
> Loggger: Use warning instead of warn - dns plugin
> ipa-getkeytab: Handle the possibility of not obtaining a result
> ipa-adtrust-install: Allow dash in the NETBIOS name
> spec: Bump required sssd version to 1.13.3-5
> adtrustinstance: Make sure smb.conf exists
> l10n: Remove Transifex configuration
> ipalib: Fix user certificate docstrings
> idviews: Add user certificate attribute to user ID overrides
>
> Yuri Chornoivan (3):
> Fix minor typo
> Fix minor typos
> Fix minor typos
> --
> Petr Vobornik
>
> _______________________________________________
> Freeipa-interest mailing list
> Freeipa-interest at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-interest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160622/79c97086/attachment.sig>
More information about the Freeipa-devel
mailing list