[Freeipa-interest] FreeIPA 4.6.8 released

Alexander Bokovoy abokovoy at redhat.com
Fri Apr 3 13:25:32 UTC 2020 

Hello!

The FreeIPA team would like to announce FreeIPA 4.6.8 release!

It can be downloaded from http://www.freeipa.org/page/Downloads.

== Highlights in 4.6.8

* 5662: ID Views: do not allow custom Views for the masters

     Custom ID views cannot be applied to IPA masters. A check was added
     to both IPA CLI and Web UI to prevent applying custom ID views to
     avoid confusion and unintended side-effects.

* 6783: [RFE] Host-group names command rename

     host groups can now be renamed with IPA CLI: 'ipa hostgroup-mod
     group-name --rename new-name'. Protected hostgroups ('ipaservers')
     cannot be renamed.

* 7181: ipa-replica-prepare fails for 2nd replica when passwordHistory
is enabled

     FreeIPA password policy plugin in 389-ds was extended to exempt
     non-Kerberos LDAP objects from checking Kerberos policy during
     password changes by the Directory Manager or a password
     synchronization manager. This issue affected, among others, an
     integrated CA administrator account during deployment of more than
     one replica in some cases.

* 8236: Enforce a check to prevent adding objects from IPA as external
members of external groups

     Command 'ipa group-add-member' allowed to specify any user or group
     for '--external' option. A stricter check is added to verify that a
     group or user to be added as an external member does not come from
     IPA domain.

* 8239: Actualize Bootstrap version

     Bootstrap Javascript framework used by FreeIPA web UI was updated to
     version 3.4.1.

=== Enhancements

=== Known Issues

=== Bug fixes

FreeIPA 4.6.8 is a stabilization release for the features delivered as a
part of 4.6 version series.

There are more than 50 bug-fixes details of which can be seen in the
list of resolved tickets below.

== Upgrading

Upgrade instructions are available on Upgrade page.

== Feedback

Please provide comments, bugs and other feedback via the freeipa-users
mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/)
or #freeipa channel on Freenode.

== Resolved tickets

* https://pagure.io/freeipa/issue/4972[#4972]
(https://bugzilla.redhat.com/show_bug.cgi?id=1206690[rhbz#1206690])
check for existence of private group is done even if UPG definition is
disabled
* https://pagure.io/freeipa/issue/5662[#5662]
(https://bugzilla.redhat.com/show_bug.cgi?id=1404770[rhbz#1404770]) ID
Views: do not allow custom Views for the masters
* https://pagure.io/freeipa/issue/6210[#6210]
(https://bugzilla.redhat.com/show_bug.cgi?id=1364139[rhbz#1364139],
https://bugzilla.redhat.com/show_bug.cgi?id=1751951[rhbz#1751951]) When
master's IP address does not resolve to its name, ipa-replica-install
fails
* https://pagure.io/freeipa/issue/6783[#6783]
(https://bugzilla.redhat.com/show_bug.cgi?id=1430365[rhbz#1430365])
[RFE] Host-group names command rename
* https://pagure.io/freeipa/issue/6951[#6951]
(https://bugzilla.redhat.com/show_bug.cgi?id=1449133[rhbz#1449133])
Update samba config file and use sss idmap module
* https://pagure.io/freeipa/issue/7181[#7181]
(https://bugzilla.redhat.com/show_bug.cgi?id=1545755[rhbz#1545755])
ipa-replica-prepare fails for 2nd replica when passwordHistory is
enabled
* https://pagure.io/freeipa/issue/7307[#7307]
(https://bugzilla.redhat.com/show_bug.cgi?id=1518939[rhbz#1518939]) RFE:
Extend IPA to support unadvertised replicas
* https://pagure.io/freeipa/issue/7470[#7470]
TestBasicADTrust.test_ipauser_authentication is failing with error
"Confidentiality required"
* https://pagure.io/freeipa/issue/7566[#7566]
(https://bugzilla.redhat.com/show_bug.cgi?id=1591824[rhbz#1591824])
Installation of replica against a specific master
* https://pagure.io/freeipa/issue/7597[#7597]
(https://bugzilla.redhat.com/show_bug.cgi?id=1583950[rhbz#1583950]) IPA:
IDM drops all custom attributes when moving account from preserved to
stage
* https://pagure.io/freeipa/issue/7600[#7600]
(https://bugzilla.redhat.com/show_bug.cgi?id=1585020[rhbz#1585020])
Enable compat tree to provide information about AD users and groups on
trust agents
* https://pagure.io/freeipa/issue/7725[#7725]
(https://bugzilla.redhat.com/show_bug.cgi?id=1636765[rhbz#1636765])
ipa-restore set wrong file permissions and ownership for
/var/log/dirsrv/slapd- directory
* https://pagure.io/freeipa/issue/7795[#7795]
(https://bugzilla.redhat.com/show_bug.cgi?id=1795890[rhbz#1795890])
ipa-pkinit-manage enable fails on replica if it doesn't host the CA
* https://pagure.io/freeipa/issue/7804[#7804]
(https://bugzilla.redhat.com/show_bug.cgi?id=1777811[rhbz#1777811]) `ipa
otptoken-sync` fails with stack trace
* https://pagure.io/freeipa/issue/7807[#7807]
(https://bugzilla.redhat.com/show_bug.cgi?id=1752005[rhbz#1752005])
Detect container installation to avoid Kernel keyring
* https://pagure.io/freeipa/issue/7870[#7870]
(https://bugzilla.redhat.com/show_bug.cgi?id=1680039[rhbz#1680039])
[certmonger][upgrade] "Failed to get request: bus, object_path and
dbus_interface must not be None."
* https://pagure.io/freeipa/issue/7893[#7893] ipasam needs changes for
Samba 4.10
* https://pagure.io/freeipa/issue/7895[#7895]
(https://bugzilla.redhat.com/show_bug.cgi?id=1686302[rhbz#1686302]) ipa
trust fetch-domains, server parameter ignored
* https://pagure.io/freeipa/issue/7964[#7964] GSSAPI failure causing
LWCA key replication failure on f30
* https://pagure.io/freeipa/issue/7995[#7995]
(https://bugzilla.redhat.com/show_bug.cgi?id=1711172[rhbz#1711172])
Removing TLSv1.0, TLSv1.1 from nss.conf
* https://pagure.io/freeipa/issue/8001[#8001] Need default
authentication indicators for SPAKE, PKINIT and encrypted challenge
preauth
* https://pagure.io/freeipa/issue/8017[#8017]
(https://bugzilla.redhat.com/show_bug.cgi?id=1817927[rhbz#1817927])
host-add --password logs cleartext userpassword to Apache error log
* https://pagure.io/freeipa/issue/8026[#8026] Update pr-ci definitions
with master_3client topology
* https://pagure.io/freeipa/issue/8029[#8029]
(https://bugzilla.redhat.com/show_bug.cgi?id=1749788[rhbz#1749788]) ipa
host-find --pkey-only includes SSH keys in output
* https://pagure.io/freeipa/issue/8044[#8044]
(https://bugzilla.redhat.com/show_bug.cgi?id=1717008[rhbz#1717008])
Extdom plugin should not return LDAP_NO_SUCH_OBJECT if there are timeout
or other errors
* https://pagure.io/freeipa/issue/8058[#8058]
(https://bugzilla.redhat.com/show_bug.cgi?id=1745108[rhbz#1745108])
ipa-4-6: ipa-client-install should not refuse single-label domains
* https://pagure.io/freeipa/issue/8067[#8067]
(https://bugzilla.redhat.com/show_bug.cgi?id=1750700[rhbz#1750700]) add
default access control configuration to trusted domain objects
* https://pagure.io/freeipa/issue/8070[#8070] Test failure in
test_integration/test_replica_promotion.py::TestHiddenReplicaPromotion::()::test_hidden_replica_install
* https://pagure.io/freeipa/issue/8077[#8077] New pylint 2.4.0 errors
* https://pagure.io/freeipa/issue/8082[#8082]
(https://bugzilla.redhat.com/show_bug.cgi?id=1756432[rhbz#1756432])
Default client configuration breaks ssh in FIPS mode.
* https://pagure.io/freeipa/issue/8084[#8084]
(https://bugzilla.redhat.com/show_bug.cgi?id=1758406[rhbz#1758406]) KRA
authentication fails when IPA CA has custom Subject DN
* https://pagure.io/freeipa/issue/8086[#8086]
(https://bugzilla.redhat.com/show_bug.cgi?id=1756568[rhbz#1756568])
ipa-server-certinstall man page does not match built-in help.
* https://pagure.io/freeipa/issue/8099[#8099]
(https://bugzilla.redhat.com/show_bug.cgi?id=1762317[rhbz#1762317])
ipa-backup command is failing on rhel-7.8
* https://pagure.io/freeipa/issue/8102[#8102] Pylint 2.4.3 + Astroid
2.3.2 errors
* https://pagure.io/freeipa/issue/8113[#8113]
(https://bugzilla.redhat.com/show_bug.cgi?id=1755535[rhbz#1755535])
ipa-advise on a RHEL7 IdM server is not able to generate a configuration
script for a RHEL8 IdM client
* https://pagure.io/freeipa/issue/8115[#8115] Nightly test failure in
fedora-30/test_smb and fedora-29/test_smb
* https://pagure.io/freeipa/issue/8120[#8120]
(https://bugzilla.redhat.com/show_bug.cgi?id=1769791[rhbz#1769791])
Invisible part of notification area in Web UI intercepts clicks of some
page elements
* https://pagure.io/freeipa/issue/8126[#8126] Nightly test failure in
fedora-27/test_ca_custom_sdn
* https://pagure.io/freeipa/issue/8131[#8131]
(https://bugzilla.redhat.com/show_bug.cgi?id=1777920[rhbz#1777920])
covscan memory leaks report
* https://pagure.io/freeipa/issue/8138[#8138]
(https://bugzilla.redhat.com/show_bug.cgi?id=1780548[rhbz#1780548]) Man
page ipa-cacert-manage does not display correctly on RHEL
* https://pagure.io/freeipa/issue/8148[#8148]
(https://bugzilla.redhat.com/show_bug.cgi?id=1782587[rhbz#1782587]) add
"systemctl restart sssd" to warning message when adding trust agents to
replicas
* https://pagure.io/freeipa/issue/8152[#8152] ipatests: Enhance
install_replica() method with promote option for ipa-4-6
* https://pagure.io/freeipa/issue/8164[#8164]
(https://bugzilla.redhat.com/show_bug.cgi?id=1788907[rhbz#1788907])
Renewed certs are not picked up by IPA CAs
* https://pagure.io/freeipa/issue/8170[#8170] Nightly test failure in
fedora-rawhide/test_backup_and_restore_TestBackupReinstallRestoreWithDNS
* https://pagure.io/freeipa/issue/8176[#8176] External CA is tracked for
renewals and replaced with a self-signed certificate
* https://pagure.io/freeipa/issue/8193[#8193]
(https://bugzilla.redhat.com/show_bug.cgi?id=1801791[rhbz#1801791])
Re-order 50-externalmembers.update to be after 80-schema_compat.update
* https://pagure.io/freeipa/issue/8213[#8213] Test failure in Travis CI:
missing IPv6 loopback interface
* https://pagure.io/freeipa/issue/8219[#8219] ipatests: unify editing of
sssd.conf
* https://pagure.io/freeipa/issue/8220[#8220] Pylint for python2
complains about import from ipaplatform
* https://pagure.io/freeipa/issue/8221[#8221]
(https://bugzilla.redhat.com/show_bug.cgi?id=1812169[rhbz#1812169])
Secure AJP connector between Dogtag and Apache proxy
* https://pagure.io/freeipa/issue/8236[#8236]
(https://bugzilla.redhat.com/show_bug.cgi?id=1809835[rhbz#1809835])
Enforce a check to prevent adding objects from IPA as external members
of external groups
* https://pagure.io/freeipa/issue/8238[#8238] Nightly test failure in
fedora-27/test_sssd
* https://pagure.io/freeipa/issue/8239[#8239] Actualize Bootstrap
version
* https://pagure.io/freeipa/issue/8242[#8242]
(https://bugzilla.redhat.com/show_bug.cgi?id=1788718[rhbz#1788718])
ipa-server-install incorrectly setting slew mode (-x) when setting up
ntpd

== Detailed changelog since 4.6.7

=== Armando Neto (2)

* Travis: Enable IPv6 support for Docker
https://pagure.io/freeipa/c/423a052700889d075d5dba3711679375e8990437[commit]
https://pagure.io/freeipa/issue/8213[#8213]
* prci: Update box used in branch ipa-4-6
https://pagure.io/freeipa/c/b93258d004ccd5da8b526ea554031315d756b57b[commit]

=== Alexander Bokovoy (24)

* Return to development snapshots
https://pagure.io/freeipa/c/33088c027424573209367ee6531910da30501519[commit]
* Become FreeIPA 4.6.8
https://pagure.io/freeipa/c/a718e4a4ab11ab1949bb45c8f15054bd7f2427ab[commit]
* Update list of contributors
https://pagure.io/freeipa/c/1c0749a3c12c3799fd772da17dd864896fc6f908[commit]
* Allow rename of a host group
https://pagure.io/freeipa/c/4c0a2a113d707166cca8cba857937fd624426745[commit]
https://pagure.io/freeipa/issue/6783[#6783]
* Add 'api' and 'aci' targets to make
https://pagure.io/freeipa/c/7ce5e79dae8cae2790717f68adacd039dc913ab4[commit]
* ipa-pwd-extop: don't check password policy for non-Kerberos account
set by DM or a passsync manager
https://pagure.io/freeipa/c/3d41453138c0d730a94acd8c22ef345d910a4e42[commit]
https://pagure.io/freeipa/issue/7181[#7181]
* ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN
https://pagure.io/freeipa/c/d038fc70f8e904a492c5ec0874e0fd0be254ead6[commit]
https://pagure.io/freeipa/issue/7181[#7181]
* ipatests: test sysaccount password change with a password policy
applied
https://pagure.io/freeipa/c/41fc40a6b18d26d92869f278b2b8436378653b38[commit]
https://pagure.io/freeipa/issue/7181[#7181]
* ipatests: allow changing sysaccount passwords as cn=Directory Manager
https://pagure.io/freeipa/c/e4f3cd0f26efda56db44bf55aa0bb65d8470b160[commit]
https://pagure.io/freeipa/issue/7181[#7181]
* Fix indentation levels
https://pagure.io/freeipa/c/aaa79c872aad2a5458acefdc16203b9efd62c6c9[commit]
* Prevent adding IPA objects as external members of external groups
https://pagure.io/freeipa/c/c14e385141ea05f2709364b6f0fca844578a7652[commit]
https://pagure.io/freeipa/issue/8236[#8236]
* Secure AJP connector between Dogtag and Apache proxy
https://pagure.io/freeipa/c/901d0eca7d462c74c1664aae9b3415ede7ba3dfc[commit]
https://pagure.io/freeipa/issue/8221[#8221]
* Tighten permissions on PKI proxy configuration
https://pagure.io/freeipa/c/af2dca13d0cc24e0cf32bc23e4edb86fbbf60d03[commit]
https://pagure.io/freeipa/issue/8221[#8221]
* install/updates: move external members past schema compat update
https://pagure.io/freeipa/c/a5a201fc008b19841f98bb70d44ede7d04ef1126[commit]
https://pagure.io/freeipa/issue/8193[#8193]
* covscan: free ucs2-encoded password copy when generating NTLM hash
https://pagure.io/freeipa/c/830466c0489466d385a333cb829fe8cd5e59644c[commit]
https://pagure.io/freeipa/issue/8131[#8131]
* covscan: free encryption types in case there is an error
https://pagure.io/freeipa/c/e8983f69ce1788144b2b348a65f709412c68e47e[commit]
https://pagure.io/freeipa/issue/8131[#8131]
* Become FreeIPA 4.6.7
https://pagure.io/freeipa/c/71c4dd1f0ba5bd4ddee841d69821398bec35cef8[commit]
* Do not run trust upgrade code if master lacks Samba bindings
https://pagure.io/freeipa/c/fa23f5a13a326b4cedf6705be7d14da8bc813763[commit]
https://pagure.io/freeipa/issue/8001[#8001]
* adtrust: add default read_keys permission for TDO objects
https://pagure.io/freeipa/c/b764b386f66fdf813f3914362985b4944c13090f[commit]
https://pagure.io/freeipa/issue/8067[#8067]
* add default access control when migrating trust objects
https://pagure.io/freeipa/c/5741e031318267b28f5812154fa34ff2ff6c3483[commit]
https://pagure.io/freeipa/issue/8067[#8067]
* ipasam: use SID formatting calls to libsss_idmap
https://pagure.io/freeipa/c/95c91b5709d0c7fec20eef5ef69a084a74868c2d[commit]
https://pagure.io/freeipa/issue/7893[#7893]
* Use unicode strings for Python 2 version
https://pagure.io/freeipa/c/37fa917fa2630dd90dd3a12bab213aeb6adfe182[commit]
https://pagure.io/freeipa/issue/6951[#6951]
* ipa-extdom-extop: test timed out getgrgid_r
https://pagure.io/freeipa/c/387ed98e59ba4df8d3fd435cfc84f055970c064e[commit]
https://pagure.io/freeipa/issue/8044[#8044]
* Revert back to git snapshots
https://pagure.io/freeipa/c/ca00a83c79677c22aed5ff77044cb09c59182448[commit]

=== Anuja More (13)

* Mark test to skip sssd-1.16.3 [sssd/issue/4073]
https://pagure.io/freeipa/c/edbf8f78019709d4af396ba6ad3724a11dd2b576[commit]
* ipatests: User and group with same name should not break reading AD
user data.
https://pagure.io/freeipa/c/4ca75cf610335cfc2be43aeb8c0ddc1fde2e0c08[commit]
* Mark xfail for tests using sssd-1.16.3
https://pagure.io/freeipa/c/734121fa1497ef2e074d2879ab9fc54c0ace95b8[commit]
* ipatests: Added test when 2FA prompting configurations is set.
https://pagure.io/freeipa/c/b36c4a70fc0e577265bb587de1e1b7bd739a8709[commit]
* Mark xfail for sssd-version 1.16.3
https://pagure.io/freeipa/c/0c828dad4cfd3df9db8056b2497543c022c7680a[commit]
* ipatests: SSSD should fetch external groups without any limit.
https://pagure.io/freeipa/c/fd74fcf75606ded2987753337161c163e8ae9a44[commit]
* Add sssd.py in nightly ipa-4-6.yaml
https://pagure.io/freeipa/c/2e4e1b37a71d7a9d8bd834fefcc241eaac19e1e7[commit]
* ipatests: Add test for ipa-extdom-extop plugin should allow @ in group
name
https://pagure.io/freeipa/c/a736449a217dc38e98054e8018fe7c7fd11f54be[commit]
* Mark xfail for test_is_user_filtered
https://pagure.io/freeipa/c/d3b740e3df70c37bb3b7aa1fcd77acf5d68dc2bc[commit]
* ipatests: filter_users should be applied correctly.
https://pagure.io/freeipa/c/4b70132c83f417b83aa4905de73f720336a90128[commit]
* Mark xfail for test_sss_ssh_authorizedkeys()
https://pagure.io/freeipa/c/3ddddad50d98274a065781f2238c102badc8cea7[commit]
* ipatests: 'sss_ssh_authorizedkeys user' should return ssh key
https://pagure.io/freeipa/c/0c452369f753116496f3a170d1bb7fde4cdfb12f[commit]
* Extdom plugin should not return error (32)/'No such object'
https://pagure.io/freeipa/c/17536af58b5a2d1ae1adf7e741dade7b3f84179a[commit]
https://pagure.io/freeipa/issue/8044[#8044]

=== Christian Heimes (7)

* Add test case for OTP login
https://pagure.io/freeipa/c/cabb7abfc07b093a9912b20ee712baaa40d16d19[commit]
https://pagure.io/freeipa/issue/7804[#7804]
* Cherry-picked only ldapmodify_dm()
https://pagure.io/freeipa/c/48ecb92afdbd577fbb4fe05ea15cfaf44e504f89[commit]
* Use default ssh host key algorithms
https://pagure.io/freeipa/c/7cd1d565ac2b240eda697dbebb043a1a2885d23a[commit]
https://pagure.io/freeipa/issue/8082[#8082]
* Log stderr in run_command
https://pagure.io/freeipa/c/c5ff32870d22f7c42edec63c686a730d7bcf21cc[commit]
* Fix CustodiaClient ccache handling
https://pagure.io/freeipa/c/436214aea7fd5893525292cb03b3c28cdbc249f2[commit]
https://pagure.io/freeipa/issue/7964[#7964]
* Don't configure KEYRING ccache in containers
https://pagure.io/freeipa/c/91e54057f130f0c2d9da8506e34c3cadc9cd9c6e[commit]
https://pagure.io/freeipa/issue/7807[#7807]
* Remove ZERO_STRUCT() call
https://pagure.io/freeipa/c/910e56333d4631244053b5c506ba2bec905d1c27[commit]

=== François Cami (2)

* adtrust.py: mention restarting sssd when adding trust agents
https://pagure.io/freeipa/c/5bc4218bf8716d28339a3f30d1be8471d04cb4b4[commit]
https://pagure.io/freeipa/issue/8148[#8148]
* prci_definitions: add master_3client topology
https://pagure.io/freeipa/c/663163cbcf0bb12236a675b60784fdf36f917343[commit]
https://pagure.io/freeipa/issue/8026[#8026]

=== Florence Blanc-Renaud (28)

* ipatests: fix group-add-member in test_sssd
https://pagure.io/freeipa/c/7b9cdfb2556bd290d5f18b0680a1cf907b4dff0c[commit]
https://pagure.io/freeipa/issue/8238[#8238]
* ipatests: fix KeyError in test_sssd
https://pagure.io/freeipa/c/bce50976ca5363e2097171b36a0d9a5df652a988[commit]
https://pagure.io/freeipa/issue/8238[#8238]
* xmlrpc tests: add a test for idview-apply on a master
https://pagure.io/freeipa/c/e946b879750d0b316b25902f15b7f5a0a078012e[commit]
https://pagure.io/freeipa/issue/5662[#5662]
* idviews: prevent applying to a master
https://pagure.io/freeipa/c/0d62f3de06520282c9656e13ca07e503f1d48c59[commit]
https://pagure.io/freeipa/issue/5662[#5662]
* ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg
missing
https://pagure.io/freeipa/c/79f9ba5557d14e74ab29b85407c5de5622d7ea35[commit]
https://pagure.io/freeipa/issue/7600[#7600]
* ipatests: add test for ipa-adtrust-install --add-agents
https://pagure.io/freeipa/c/796c86ac701d23d1dd281d0d5c5331b9a66c2888[commit]
https://pagure.io/freeipa/issue/7600[#7600]
* ipa-adtrust-install: run remote configuration for new agents
https://pagure.io/freeipa/c/f9fcd2c7fb7823becb3a6b68da4b0bf2c1db229f[commit]
https://pagure.io/freeipa/issue/7600[#7600]
* Privilege: add a helper checking if a principal has a given privilege
https://pagure.io/freeipa/c/d051d2d47a36c79fd2c20733437fda95f443f053[commit]
https://pagure.io/freeipa/issue/7600[#7600]
* ipatests: fix TestSubCAkeyReplication
https://pagure.io/freeipa/c/ed71305be9e236d8f49e3298516c6f6bfadb958c[commit]
* ipatests: fix modify_sssd_conf()
https://pagure.io/freeipa/c/f605f21cc092300640a27dfc4652c2748407664f[commit]
* test: add non-reg test checking pkinit after server install
https://pagure.io/freeipa/c/18ed56acc58bb379d5187fbcaafc6d7f16178cdb[commit]
https://pagure.io/freeipa/issue/7795[#7795]
* pkinit setup: fix regression on master install
https://pagure.io/freeipa/c/50e8c5d652bc2b6c937a3def52621f0c60e085f1[commit]
https://pagure.io/freeipa/issue/7795[#7795]
* ipatests: add integration test for pkinit enable on replica
https://pagure.io/freeipa/c/95cbf7003ff7b391311a1da6f1065aa1d2c6addf[commit]
https://pagure.io/freeipa/issue/7795[#7795]
* pkinit enable: use local dogtag only if host has CA
https://pagure.io/freeipa/c/f7c47341c217312b4b4265fcbea80088bc06381f[commit]
https://pagure.io/freeipa/issue/7795[#7795]
* ipatests: fix backup and restore
https://pagure.io/freeipa/c/4bd5da1417f12e9f1f22d20b09ed58dcbcfca5cc[commit]
https://pagure.io/freeipa/issue/8170[#8170]
* ipa-cacert-manage man page: fix indentation
https://pagure.io/freeipa/c/3d8b16b9457a3a4d7eceb326b3c53be13bb6543c[commit]
https://pagure.io/freeipa/issue/8138[#8138]
* trust upgrade: ensure that host is member of adtrust agents
https://pagure.io/freeipa/c/bb4ec6fcb4547bc624cde93e16a9201dfa8d4426[commit]
* ipatests: fix test_ca_custom_sdn
https://pagure.io/freeipa/c/526c184a8729c36a54a81eeff73bac3428ed6e5a[commit]
https://pagure.io/freeipa/issue/8126[#8126]
* smartcard: make the ipa-advise script compatible with
authselect/authconfig
https://pagure.io/freeipa/c/7a19c0d730ae3d16a9763f4769a37bf19680622a[commit]
https://pagure.io/freeipa/issue/8113[#8113]
* ipa-backup: fix python2 issue with os.mkdir
https://pagure.io/freeipa/c/11921266df6e2600afc207b3a721f00bc7e63e99[commit]
https://pagure.io/freeipa/issue/8099[#8099]
* ipa-server-certinstall manpage: add missing options
https://pagure.io/freeipa/c/ddc00468b74b170721c1769029f771e163621c70[commit]
https://pagure.io/freeipa/issue/8086[#8086]
* ipatests: fix test_replica_promotion.py::TestHiddenReplicaPromotion
https://pagure.io/freeipa/c/a5228a7fb94fdcb16ec4571677af5b5ec33979d2[commit]
https://pagure.io/freeipa/issue/8070[#8070]
* ipatests: add XMLRPC test for user-add when UPG plugin is disabled
https://pagure.io/freeipa/c/317c111b830fbeb4cd907a6812ce35b7fbf1c174[commit]
https://pagure.io/freeipa/issue/4972[#4972]
* ipa user_add: do not check group if UPG is disabled
https://pagure.io/freeipa/c/0b574c130a1d28a6c7d085f795a9fdd3ef91f016[commit]
https://pagure.io/freeipa/issue/4972[#4972]
* replica install: enforce --server arg
https://pagure.io/freeipa/c/22e4eef6cb54c74fc9907db1385549db670094fa[commit]
https://pagure.io/freeipa/issue/7566[#7566]
* check for single-label domains only during server install
https://pagure.io/freeipa/c/8ae6c1af1e6ef25fdfbbf7e72265372366e6b106[commit]
https://pagure.io/freeipa/issue/8058[#8058]
* xmlrpc test: add test for preserved > stage user
https://pagure.io/freeipa/c/5ab31a9c3b16536b02416c6b996aec2c1f3ba962[commit]
https://pagure.io/freeipa/issue/7597[#7597]
* user-stage: transfer all attributes from preserved to stage user
https://pagure.io/freeipa/c/6a9f1c802bb28fde8e1d9f38673e554ef23e5620[commit]
https://pagure.io/freeipa/issue/7597[#7597]

=== Fraser Tweedale (8)

* Do not renew externally-signed CA as self-signed
https://pagure.io/freeipa/c/c30af44b8a55ebf85f4657ee13eb1554e3b2a2ad[commit]
https://pagure.io/freeipa/issue/8176[#8176]
* test_integration: add tests for custom CA subject DN
https://pagure.io/freeipa/c/0a0e802bd47188fe31d6bf02b28ef0ea51567194[commit]
https://pagure.io/freeipa/issue/8084[#8084]
* upgrade: fix ipakra people entry 'description' attribute
https://pagure.io/freeipa/c/2fa8c6903405294f0e11e373db321172663d6cfd[commit]
https://pagure.io/freeipa/issue/8084[#8084]
* krainstance: set correct issuer DN in uid=ipakra entry
https://pagure.io/freeipa/c/946d96f6c3fd5766d60222da940c27d5d4e41158[commit]
https://pagure.io/freeipa/issue/8084[#8084]
* Bump krb5 min version
https://pagure.io/freeipa/c/e686949dcdc46486061d23d5e18f21e2a2038f58[commit]
* CustodiaClient: fix IPASecStore config on ipa-4-7
https://pagure.io/freeipa/c/c9d0ba0c355c433ae883cafa3c1e99fea1a85220[commit]
https://pagure.io/freeipa/issue/7964[#7964]
* CustodiaClient: use ldapi when ldap_uri not specified
https://pagure.io/freeipa/c/1f455867f82407c0dfab0b9f123c75ca0d1a0090[commit]
https://pagure.io/freeipa/issue/7964[#7964]
* Handle missing LWCA certificate or chain
https://pagure.io/freeipa/c/82a9fe7e655115befbdde10907a5aa7669c35fde[commit]
https://pagure.io/freeipa/issue/7964[#7964]

=== Gaurav Talreja (1)

* Normalize test definations titles
https://pagure.io/freeipa/c/636ea489bb59ed0b26951299053db5651c78a20f[commit]

=== Ganna Kaihorodova (1)

* TestBasicADTrust.test_ipauser_authentication
https://pagure.io/freeipa/c/2b6638becbfbae746cef35176890ae3f4a8b01a6[commit]
https://pagure.io/freeipa/issue/7470[#7470]

=== Jayesh Garg (2)

* Test if ipactl starts services stopped by systemctl
https://pagure.io/freeipa/c/c1099f7298a7e175bb90bc65f3dd1af58995bc07[commit]
* Test for ipa-ca-install on replica
https://pagure.io/freeipa/c/c559e41e8ce87f2a16958113ef08effe5b5e8875[commit]

=== Kaleemullah Siddiqui (1)

* Tests for autounmembership feature
https://pagure.io/freeipa/c/4a8316d308a34a4a3e590ab1d3c4bb1de2b9d89b[commit]

=== Mohammad Rizwan Yusuf (7)

* ipatests: Test if slew mode is not set while configuring ntpd
https://pagure.io/freeipa/c/81b859795c72f6c96b27137cc24d6df327ca8471[commit]
https://pagure.io/freeipa/issue/8242[#8242]
* Test if schema-compat-entry-attribute is set
https://pagure.io/freeipa/c/b739bc2089774cea0437347283c821ac86f8251d[commit]
https://pagure.io/freeipa/issue/8193[#8193]
* Test if schema-compat-entry-attribute is set
https://pagure.io/freeipa/c/e6960b7af2e8d8e4746245d8ba82a46225174529[commit]
https://pagure.io/freeipa/issue/8193[#8193]
* Add promote option to install_replica() method
https://pagure.io/freeipa/c/0d91a78ee409e66f96e7b2555ca33fb2128fdfa3[commit]
https://pagure.io/freeipa/issue/8152[#8152]
* Add test to nightly.yaml
https://pagure.io/freeipa/c/9b3855ec486990ecd08a9f3a0ca408425ee7fbf7[commit]
* Installation of replica against a specific server
https://pagure.io/freeipa/c/f4dc0ee169689974020a4a77b8bb58b26f360369[commit]
https://pagure.io/freeipa/issue/7566[#7566]
* Check file ownership and permission for dirsrv log instance
https://pagure.io/freeipa/c/de0afeaf5e07028af8ec7247ce37efc789add2ae[commit]
https://pagure.io/freeipa/issue/7725[#7725]

=== ndehadra (1)

* Hidden Replica: Add a test for Automatic CRL configuration
https://pagure.io/freeipa/c/ad3ddbb80d9f1dd3556afdc9cf506f3bae7f6783[commit]
https://pagure.io/freeipa/issue/7307[#7307]

=== Rob Crittenden (11)

* Don't configure ntpd with -x
https://pagure.io/freeipa/c/2c1495460fcb0d58d27579bfbd6aba63b91bf985[commit]
https://pagure.io/freeipa/issue/8242[#8242]
* Test that pwpolicy only applied on Kerberos entries
https://pagure.io/freeipa/c/5a98670e4abfac2b7de2f604f8fe19fbea988b16[commit]
* Add ability to change a user password as the Directory Manager
https://pagure.io/freeipa/c/19e872e653705bb178457ebe39c90d4f550f438b[commit]
* Don't save password history on non-Kerberos accounts
https://pagure.io/freeipa/c/dc833948006fac6920581e56ec69763bde3f1d4a[commit]
* Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit
https://pagure.io/freeipa/c/73d415b72da8a57a2369a55b1533b45f36daf544[commit]
https://pagure.io/freeipa/issue/8164[#8164]
* CVE-2019-10195: Don't log passwords embedded in commands in calls
using batch
https://pagure.io/freeipa/c/5913826a4654a115cd5ff2dbf4a2b3ad38a93081[commit]
* ipa-restore: Restore ownership and perms on 389-ds log directory
https://pagure.io/freeipa/c/8cd2052c3cb6d8a2569903593762d64669303ff6[commit]
https://pagure.io/freeipa/issue/7725[#7725]
* Report if a certmonger CA is missing
https://pagure.io/freeipa/c/9eb7763b76c7f4f3d78c76fa324560a8af9342ae[commit]
https://pagure.io/freeipa/issue/7870[#7870]
* Don't log host passwords when they are set/modified
https://pagure.io/freeipa/c/86529f5e21a5b09f026b9787178426a8b8b96bb4[commit]
https://pagure.io/freeipa/issue/8017[#8017]
* Disable deprecated-lambda check in adtrust upgrade code
https://pagure.io/freeipa/c/582e7a35121e0f5ff331699d29a485408f5e17ff[commit]
* Don't return SSH keys with ipa host-find --pkey-only
https://pagure.io/freeipa/c/643a1d6747e523ac456aefc4707772aebde5573a[commit]
https://pagure.io/freeipa/issue/8029[#8029]

=== Robbie Harwood (3)

* Fix NULL pointer dereference in maybe_require_preauth()
https://pagure.io/freeipa/c/95f50d7f51fe6b2bca29daa45b795de2517469a7[commit]
* Log INFO message when LDAP connection fails on startup
https://pagure.io/freeipa/c/f132def4812a5b9bb1d14672f8e33e66bc778229[commit]
* Fix segfault in ipadb_parse_ldap_entry()
https://pagure.io/freeipa/c/ed0d7561a148e23519a1097b3bdf99abf5edcc6d[commit]

=== Sumit Bose (2)

* ipa_sam: remove dependency to talloc_strackframe.h
https://pagure.io/freeipa/c/fa0b273874760503c7f57f279721e97aaf007ca5[commit]
* extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT
https://pagure.io/freeipa/c/574a615e61ca74b08e2bd7e1e820757f88150418[commit]
https://pagure.io/freeipa/issue/8044[#8044]

=== Stanislav Levin (2)

* Fix errors found by Pylint-2.4.3
https://pagure.io/freeipa/c/f0f839326c8c0de83cb875a473b3fb5d4a014296[commit]
https://pagure.io/freeipa/issue/8102[#8102]
* Fixed errors newly exposed by pylint 2.4.0
https://pagure.io/freeipa/c/700a6c9313188a0448e46cca17a08146deb21c2a[commit]
https://pagure.io/freeipa/issue/8077[#8077]

=== Sergey Orlov (24)

* ipatests: remove test_ordering
https://pagure.io/freeipa/c/3a2244ce7fd8be03f7340afa18971cbfa306a196[commit]
* ipatests: add test_trust suite to nightly runs
https://pagure.io/freeipa/c/d44374e761a1e7f5aaca22399631f77fccc45f94[commit]
* ipatests: add workaround for unfixed sssd bug in Fedora 27
https://pagure.io/freeipa/c/37e383aae94b0450c06f0e78354245e4b14d70f5[commit]
* ipatests: use less strict check for error message
https://pagure.io/freeipa/c/941c231b692216f3dc4b66944dd170b5380fe981[commit]
* ipatests: provide AD admin password when trying to establish trust
https://pagure.io/freeipa/c/795a973c00c2fe862b1eff8bd851d8eafe9d970a[commit]
https://pagure.io/freeipa/issue/7895[#7895]
* ipatests: remove workaround for pylint error no-name-in-module
https://pagure.io/freeipa/c/46b9139ac9ecbbd89495239e380982514db3a5f4[commit]
https://pagure.io/freeipa/issue/8220[#8220]
* ipatests: temporary disable pylint check no-name-in-module
https://pagure.io/freeipa/c/044748b5724f408643fe9f95c3a63d29ca646002[commit]
https://pagure.io/freeipa/issue/8220[#8220]
* ipatests: remove invalid parameter from sssd.conf
https://pagure.io/freeipa/c/551dabe5f933475e4609b6b23eb1200dec90945b[commit]
https://pagure.io/freeipa/issue/8219[#8219]
* ipatests: use remote_sssd_config to modify sssd.conf
https://pagure.io/freeipa/c/aff397b9ef09b1f2dc6c02a6bb85b96fb16b9ded[commit]
https://pagure.io/freeipa/issue/8219[#8219]
* ipatests: replace utility for editing sssd.conf
https://pagure.io/freeipa/c/7f18f08ca607fdf3b730a6b5e66dc97535007259[commit]
https://pagure.io/freeipa/issue/8219[#8219]
* ipatests: update docstring to reflect changes in FileBackup.restore()
https://pagure.io/freeipa/c/e25b10ef3a4da973300cd7d888f1506291fa882d[commit]
* ipatests: refactor FileBackup helper
https://pagure.io/freeipa/c/714b61f3605f53ecde73dd7e3d23ae92d219f926[commit]
https://pagure.io/freeipa/issue/8115[#8115]
* ipatests: fix collection of tests from test_trust suite
https://pagure.io/freeipa/c/d12e4bdeef92415c081b99c5b3235997bb086529[commit]
* Add convenient template for temp commits
https://pagure.io/freeipa/c/3d0ffe2ca8b67715328596b18c8603ff55ecc4fc[commit]
* ipatests: add test_winsyncmigrate suite to nightly runs
https://pagure.io/freeipa/c/28df8cef01de0c7adac348774e243e72df7e8f96[commit]
* ipatests: fix compatibility with python2 (import ConfigParser)
https://pagure.io/freeipa/c/0ad66fc17db76187fb869983ded2b2c60e40d4a3[commit]
* ipatests: add new utilities for file management
https://pagure.io/freeipa/c/ba4aaa73f19035433bbd98b536540c86b87f87c8[commit]
* ipatests: add utility functions related to using and managing user
accounts
https://pagure.io/freeipa/c/ee3d998599bf96c4f0ddb1ab0abf049e3e0e892c[commit]
* ipatests: add check that ipa-adtrust-install generates sane smb.conf
https://pagure.io/freeipa/c/a8fbbb1d3528952685d7b3259329313cc112080e[commit]
https://pagure.io/freeipa/issue/6951[#6951]
* ipatests: add test to check that only TLS 1.2 is enabled in Apache
https://pagure.io/freeipa/c/4487fc43d036481a315574bfe719b10a57c54a64[commit]
https://pagure.io/freeipa/issue/7995[#7995]
* ipatests: modify run_command to allow specify successful return codes
https://pagure.io/freeipa/c/aa0ecc93ff0faad6663add73d5e013775ce4a68f[commit]
* ipatests: in DNS zone file add A record for name server
https://pagure.io/freeipa/c/cf61f74a2e67c03000ecd1020eb692f1d7364c28[commit]
* ipatests: strip newline character when getting name of temp file
https://pagure.io/freeipa/c/99e8d80bc5bc43cf84dd0b403b8a318d3353c936[commit]
* ipatests: fix DNS forwarders setup for AD trust tests with non-root
domains
https://pagure.io/freeipa/c/f803c2c935c03d4bf7bb328a0ee62463f209c487[commit]

=== Sumedh Sidhaye (2)

* Added a test to check if ipa host-find --pkey-only does not return SSH
public key
https://pagure.io/freeipa/c/189fc03a52c80dc675ea1015d97a4e4c357549b5[commit]
https://pagure.io/freeipa/issue/8029[#8029]
* Test: Test to check whether ssh from ipa client to ipa master is
successful after adding ldap_deref_threshold=0 in sssd.conf
https://pagure.io/freeipa/c/5d8936c44aaf1531a8f6de1ec747cd28db266fc6[commit]

=== Simo Sorce (1)

* Make sure to have storage space for tag
https://pagure.io/freeipa/c/cc45a3970cf7a9735a80df5342844339fc66faa3[commit]

=== Serhii Tsymbaliuk (2)

* WebUI: Fix notification area layout
https://pagure.io/freeipa/c/6e6223419de9a50f1357fc7478a95cf623bf5a10[commit]
https://pagure.io/freeipa/issue/8120[#8120]
* Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1
https://pagure.io/freeipa/c/927e339cae309226b654997871c9f8b5cdf32b0b[commit]
https://pagure.io/freeipa/issue/8239[#8239]

=== Tibor Dudlák (1)

* Add container environment check to replicainstall
https://pagure.io/freeipa/c/a016ed75ecbe7e2698530036043ef19df1bd718f[commit]
https://pagure.io/freeipa/issue/6210[#6210]

=== Tomas Halman (4)

* extdom: add extdom protocol documentation
https://pagure.io/freeipa/c/9a140cdc269bbde9e9ebb99d9cd8c643a94afb6c[commit]
* extdom: use sss_nss_*_timeout calls
https://pagure.io/freeipa/c/0a1ad84adfedc141fbbaece3a7dee1ade69c1fdc[commit]
* extdom: plugin doesn't use timeout in blocking call
https://pagure.io/freeipa/c/20612db06516ec59922827e16f5226d21815751a[commit]
* extdom: plugin doesn't allow @ in group name
https://pagure.io/freeipa/c/b182a96226de46b6d194fb924b7374d923c14733[commit]




-- 
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland

More information about the Freeipa-interest mailing list