[Freeipa-interest] FreeIPA 4.7.5 released, last release in 4.7 series
Alexander Bokovoy
abokovoy at redhat.com
Fri Mar 27 08:14:56 UTC 2020
The FreeIPA team would like to announce FreeIPA 4.7.5 release!
FreeIPA 4.7.5 is the final release in 4.7 series. No new releases will
be provided for FreeIPA 4.7 as there are no distributors using the
series anymore.
Two long term support release series are available:
* FreeIPA 4.6
* FreeIPA 4.8
Source code for the release can be downloaded from
http://www.freeipa.org/page/Downloads.
== Highlights in 4.7.5
* 5662: ID Views: do not allow custom Views for the masters
Custom ID views cannot be applied to IPA masters. A check was added
to both IPA CLI and Web UI to prevent applying custom ID views to
avoid confusion and unintended side-effects.
* 7181: ipa-replica-prepare fails for 2nd replica when passwordHistory
is enabled
FreeIPA password policy plugin in 389-ds was extended to exempt
non-Kerberos LDAP objects from checking Kerberos policy during
password changes by the Directory Manager or a password
synchronization manager. This issue affected, among others, an
integrated CA administrator account during deployment of more than
one replica in some cases.
* 8233: 4.8.5 master Installation error
On Debian and ALT Linux setup of AJP connector did restart Apache
instance before it was configured. The restart wasn't actually
needed and thus was removed.
* 8236: Enforce a check to prevent adding objects from IPA as external
members of external groups
Command 'ipa group-add-member' allowed to specify any user or group
for '--external' option. A stricter check is added to verify that a
group or user to be added as an external member does not come from
IPA domain.
* 8239: Actualize Bootstrap version
Bootstrap Javascript framework used by FreeIPA web UI was updated to
version 3.4.1.
=== Enhancements
=== Known Issues
=== Bug fixes
FreeIPA 4.7.5 is a stabilization release for the features delivered as a
part of 4.7 version series.
There are more than 60 bug-fixes details of which can be seen in the
list of resolved tickets below.
== Upgrading
Upgrade instructions are available on Upgrade page.
== Feedback
Please provide comments, bugs and other feedback via the freeipa-users
mailing list
(https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/)
or #freeipa channel on Freenode.
== Resolved tickets
* https://pagure.io/freeipa/issue/2018[#2018] Change hostname length
limit to 64
* https://pagure.io/freeipa/issue/4972[#4972] check for existence of
private group is done even if UPG definition is disabled
* https://pagure.io/freeipa/issue/5062[#5062] [WebUI] Unlock option is
enabled for all user.
* https://pagure.io/freeipa/issue/5662[#5662] ID Views: do not allow
custom Views for the masters
* https://pagure.io/freeipa/issue/6210[#6210] When master's IP address
does not resolve to its name, ipa-replica-install fails
* https://pagure.io/freeipa/issue/6843[#6843] ipa-backup does not create
log file at /var/log/
* https://pagure.io/freeipa/issue/6951[#6951] Update samba config file
and use sss idmap module
* https://pagure.io/freeipa/issue/7181[#7181] ipa-replica-prepare fails
for 2nd replica when passwordHistory is enabled
* https://pagure.io/freeipa/issue/7307[#7307] RFE: Extend IPA to support
unadvertised replicas
* https://pagure.io/freeipa/issue/7566[#7566] Installation of replica
against a specific master
* https://pagure.io/freeipa/issue/7600[#7600] Enable compat tree to
provide information about AD users and groups on trust agents
* https://pagure.io/freeipa/issue/7725[#7725] ipa-restore set wrong file
permissions and ownership for /var/log/dirsrv/slapd- directory
* https://pagure.io/freeipa/issue/7804[#7804] `ipa otptoken-sync` fails
with stack trace
* https://pagure.io/freeipa/issue/7810[#7810] [F28] Require NSS with fix
for p11-kit issue.
* https://pagure.io/freeipa/issue/7834[#7834] Fix certificate revocation
tests for Web UI
* https://pagure.io/freeipa/issue/7870[#7870] [certmonger][upgrade]
"Failed to get request: bus, object_path and dbus_interface must not be
None."
* https://pagure.io/freeipa/issue/7895[#7895] ipa trust fetch-domains,
server parameter ignored
* https://pagure.io/freeipa/issue/7908[#7908] Write tests for
interactive prompt for NTP options.
* https://pagure.io/freeipa/issue/7917[#7917] Occasional 'whoami.data is
undefined' error in FreeIPA web UI
* https://pagure.io/freeipa/issue/7949[#7949]
test_integration/test_nfs.py fails at cleanup
* https://pagure.io/freeipa/issue/7995[#7995] Removing TLSv1.0, TLSv1.1
from nss.conf
* https://pagure.io/freeipa/issue/8001[#8001] Need default
authentication indicators for SPAKE, PKINIT and encrypted challenge
preauth
* https://pagure.io/freeipa/issue/8017[#8017] host-add --password logs
cleartext userpassword to Apache error log
* https://pagure.io/freeipa/issue/8026[#8026] Update pr-ci definitions
with master_3client topology
* https://pagure.io/freeipa/issue/8027[#8027] test_nfs.py: migrate to
master_3client
* https://pagure.io/freeipa/issue/8029[#8029] ipa host-find --pkey-only
includes SSH keys in output
* https://pagure.io/freeipa/issue/8034[#8034] Existing p11-kit config
file is not restored on uninstall
* https://pagure.io/freeipa/issue/8044[#8044] Extdom plugin should not
return LDAP_NO_SUCH_OBJECT if there are timeout or other errors
* https://pagure.io/freeipa/issue/8055[#8055] Test for PG6843:
ipa-backup does not create log file at /var/log is failing
* https://pagure.io/freeipa/issue/8067[#8067] add default access control
configuration to trusted domain objects
* https://pagure.io/freeipa/issue/8070[#8070] Test failure in
test_integration/test_replica_promotion.py::TestHiddenReplicaPromotion::()::test_hidden_replica_install
* https://pagure.io/freeipa/issue/8073[#8073] Backup/restore does not
restore /etc/pkcs11/modules/softhsm2.module
* https://pagure.io/freeipa/issue/8077[#8077] New pylint 2.4.0 errors
* https://pagure.io/freeipa/issue/8082[#8082] Default client
configuration breaks ssh in FIPS mode.
* https://pagure.io/freeipa/issue/8084[#8084] KRA authentication fails
when IPA CA has custom Subject DN
* https://pagure.io/freeipa/issue/8086[#8086] ipa-server-certinstall man
page does not match built-in help.
* https://pagure.io/freeipa/issue/8099[#8099] ipa-backup command is
failing on rhel-7.8
* https://pagure.io/freeipa/issue/8102[#8102] Pylint 2.4.3 + Astroid
2.3.2 errors
* https://pagure.io/freeipa/issue/8113[#8113] ipa-advise on a RHEL7 IdM
server is not able to generate a configuration script for a RHEL8 IdM
client
* https://pagure.io/freeipa/issue/8115[#8115] Nightly test failure in
fedora-30/test_smb and fedora-29/test_smb
* https://pagure.io/freeipa/issue/8120[#8120] Invisible part of
notification area in Web UI intercepts clicks of some page elements
* https://pagure.io/freeipa/issue/8131[#8131] covscan memory leaks
report
* https://pagure.io/freeipa/issue/8138[#8138] Man page ipa-cacert-manage
does not display correctly on RHEL
* https://pagure.io/freeipa/issue/8148[#8148] add "systemctl restart
sssd" to warning message when adding trust agents to replicas
* https://pagure.io/freeipa/issue/8151[#8151] test_commands timing-out
* https://pagure.io/freeipa/issue/8157[#8157] NIghtly test failure in
fedora-rawhide/test_webui_network
* https://pagure.io/freeipa/issue/8163[#8163] "Internal Server Error"
reported for minor issues implies IPA is broken [IdmHackfest2019]
* https://pagure.io/freeipa/issue/8164[#8164] Renewed certs are not
picked up by IPA CAs
* https://pagure.io/freeipa/issue/8169[#8169] NIghtly test failure in
fedora-rawhide/test_webui_policy
* https://pagure.io/freeipa/issue/8170[#8170] Nightly test failure in
fedora-rawhide/test_backup_and_restore_TestBackupReinstallRestoreWithDNS
* https://pagure.io/freeipa/issue/8176[#8176] External CA is tracked for
renewals and replaced with a self-signed certificate
* https://pagure.io/freeipa/issue/8193[#8193] Re-order
50-externalmembers.update to be after 80-schema_compat.update
* https://pagure.io/freeipa/issue/8213[#8213] Test failure in Travis CI:
missing IPv6 loopback interface
* https://pagure.io/freeipa/issue/8219[#8219] ipatests: unify editing of
sssd.conf
* https://pagure.io/freeipa/issue/8221[#8221] Secure AJP connector
between Dogtag and Apache proxy
* https://pagure.io/freeipa/issue/8226[#8226] ipa-restore does not
restart httpd
* https://pagure.io/freeipa/issue/8228[#8228] Nightly failure in
backup/restore while calling 'id admin'
* https://pagure.io/freeipa/issue/8233[#8233] 4.8.5 master Installation
error
* https://pagure.io/freeipa/issue/8236[#8236] Enforce a check to prevent
adding objects from IPA as external members of external groups
* https://pagure.io/freeipa/issue/8239[#8239] Actualize Bootstrap
version
== Detailed changelog since 4.7.4
=== Armando Neto (6)
* Travis: Enable IPv6 support for Docker
https://pagure.io/freeipa/c/4cddbfd8cc7b46b78cb8e27200a12941a3781e3e[commit]
https://pagure.io/freeipa/issue/8213[#8213]
* prci: Bump template version
https://pagure.io/freeipa/c/529d571d505e83e764596496db5d2dfc9a43960f[commit]
* ipatests: Skip test_sss_ssh_authorizedkeys method
https://pagure.io/freeipa/c/54b14f4cb3e65571be54b94ab5f42d471b92a23d[commit]
https://pagure.io/freeipa/issue/8151[#8151]
* prci: bump template version
https://pagure.io/freeipa/c/4fec68611059069205086b88829d9dddbd7f78c7[commit]
* prci: increase timeout argument for test_sssd.py
https://pagure.io/freeipa/c/51a531ddbfacec75abe2c4d16b16baf0cd323798[commit]
* prci: Update box used in branch ipa-4-7
https://pagure.io/freeipa/c/db305621fcaf46606cd8a9078f96dd19048140d1[commit]
=== Alexander Bokovoy (20)
* ipa-pwd-extop: don't check password policy for non-Kerberos account
set by DM or a passsync manager
https://pagure.io/freeipa/c/eaec7584195ce173a6de5101d745be35b7c4cb5f[commit]
https://pagure.io/freeipa/issue/7181[#7181]
* ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN
https://pagure.io/freeipa/c/79fab655ceca9d1ea0791d3a0fb584ea51a9849d[commit]
https://pagure.io/freeipa/issue/7181[#7181]
* ipatests: test sysaccount password change with a password policy
applied
https://pagure.io/freeipa/c/74c5a96b8441f0d6b5a64ede2e9de95b4f3fcc4b[commit]
https://pagure.io/freeipa/issue/7181[#7181]
* ipatests: allow changing sysaccount passwords as cn=Directory Manager
https://pagure.io/freeipa/c/d91c4d638c6db3183bd0c5e3f18f25ed229a1f3f[commit]
https://pagure.io/freeipa/issue/7181[#7181]
* Fix indentation levels
https://pagure.io/freeipa/c/57e30f88242d926c9487e7ca26dc5ded40700192[commit]
* ipatests: always skip additional input for group-add-member --external
https://pagure.io/freeipa/c/935c356dace23a60be8a0fba4ac482eeccb95948[commit]
https://pagure.io/freeipa/issue/8236[#8236]
* Prevent adding IPA objects as external members of external groups
https://pagure.io/freeipa/c/5a2f27fe036d61415a128b650d6750e2c2048b4b[commit]
https://pagure.io/freeipa/issue/8236[#8236]
* Secure AJP connector between Dogtag and Apache proxy
https://pagure.io/freeipa/c/fc82b966c054b8a6a98441f08d9ccf2f5737e623[commit]
https://pagure.io/freeipa/issue/8221[#8221]
* Tighten permissions on PKI proxy configuration
https://pagure.io/freeipa/c/d4ad2c24df2477a5b4ced14a592d99547a0c029e[commit]
https://pagure.io/freeipa/issue/8221[#8221]
* install/updates: move external members past schema compat update
https://pagure.io/freeipa/c/9db61a51f4cfcaae5e51d10c9ce2ed751cce4c49[commit]
https://pagure.io/freeipa/issue/8193[#8193]
* covscan: free ucs2-encoded password copy when generating NTLM hash
https://pagure.io/freeipa/c/c37081576d2f282e702b42652c04e053886c47cf[commit]
https://pagure.io/freeipa/issue/8131[#8131]
* covscan: free encryption types in case there is an error
https://pagure.io/freeipa/c/212e86eee15e883bffd01f969219ce644c3e45c6[commit]
https://pagure.io/freeipa/issue/8131[#8131]
* Become FreeIPA 4.7.4
https://pagure.io/freeipa/c/f5e60ffe9e0b909075071511ffa041390a9a87b6[commit]
* Do not run trust upgrade code if master lacks Samba bindings
https://pagure.io/freeipa/c/2f8f257d9a9c076bf1a2d28aee06fbac0532aa72[commit]
https://pagure.io/freeipa/issue/8001[#8001]
* adtrust: add default read_keys permission for TDO objects
https://pagure.io/freeipa/c/df19bf51730e1762f3c1e8a1fe196ec5c5381b98[commit]
https://pagure.io/freeipa/issue/8067[#8067]
* add default access control when migrating trust objects
https://pagure.io/freeipa/c/cf23e732f521f6b6dca8a3b7043cabb161dcbca9[commit]
https://pagure.io/freeipa/issue/8067[#8067]
* ipa-extdom-extop: test timed out getgrgid_r
https://pagure.io/freeipa/c/f87ee14da5c734e6c6d2455da6272712c567c091[commit]
https://pagure.io/freeipa/issue/8044[#8044]
* Update sudo test as SSSD 2.2.0 is available in the test image
https://pagure.io/freeipa/c/ce2dcd7b6188416c5c7024786e258a524eb98288[commit]
* Restore SELinux context for p11-kit config overrides
https://pagure.io/freeipa/c/e16099a6097ed73d647e5a20d969bd15b5f4df0f[commit]
https://pagure.io/freeipa/issue/7810[#7810]
* Back to git builds
https://pagure.io/freeipa/c/f4c55e144e7e73a3ed5f2875f5bddc271d4cbb38[commit]
=== Anuja More (11)
* Mark test to skip sssd-2.2.0 [sssd/issue/4073]
https://pagure.io/freeipa/c/2ea0a1dd3cf5bacf8599ecbe2f3f2b97b524895d[commit]
* ipatests: User and group with same name should not break reading AD
user data.
https://pagure.io/freeipa/c/7c452d70ab7b2223770592e11299574284cfaa05[commit]
* ipatests: Added test when 2FA prompting configurations is set.
https://pagure.io/freeipa/c/40359d2e1a1c4038ac9fc1afa2841e55b11073d8[commit]
* Mark xfail for sssd-version < 2.2.2
https://pagure.io/freeipa/c/bd350690c6e984697b767279c1ec930c028f8a4f[commit]
* ipatests: SSSD should fetch external groups without any limit.
https://pagure.io/freeipa/c/6d65406e2baf751415c29c331b95580b70ac1706[commit]
* ipatests: Add test for ipa-extdom-extop plugin should allow @ in group
name
https://pagure.io/freeipa/c/b0ad2c432362e88764bb11e14cc852c2616fd952[commit]
* Update topology for test_integration/test_sssd.py
https://pagure.io/freeipa/c/9a0f6cb2582e265a5d1bb87aaff6049ccd5a5b35[commit]
* Fix fedora version for xfail for sssd test
https://pagure.io/freeipa/c/62777234a45627ff6e9b3417ce77a81194d15193[commit]
* ipatests: filter_users should be applied correctly.
https://pagure.io/freeipa/c/e8a629d2ae59566593c9855e4050f53773b325fa[commit]
* ipatests: 'sss_ssh_authorizedkeys user' should return ssh key
https://pagure.io/freeipa/c/480ac797439e24609f7154a168b2ddcfa32575a4[commit]
* Extdom plugin should not return error (32)/'No such object'
https://pagure.io/freeipa/c/83e3f5d105a8d52328fbd966bf82404760c51668[commit]
https://pagure.io/freeipa/issue/8044[#8044]
=== Christian Heimes (4)
* Add test case for OTP login
https://pagure.io/freeipa/c/85b595aefacd8a52ca9cadf53bdd74184aeb2ba8[commit]
https://pagure.io/freeipa/issue/7804[#7804]
* Cherry-picked only ldapmodify_dm()
https://pagure.io/freeipa/c/f66df362c31f1bed322d891568d888b2e2e48bfa[commit]
* Print LDAP diagnostic messages on error
https://pagure.io/freeipa/c/1ffe826caa0283b2b2a15e341e178bac7a748fe5[commit]
* Use default ssh host key algorithms
https://pagure.io/freeipa/c/fb313d83adf04bc52f047c9167ade9be4c28e946[commit]
https://pagure.io/freeipa/issue/8082[#8082]
=== François Cami (6)
* ipa-restore: restart services at the end
https://pagure.io/freeipa/c/e7fcffcc7209428f2775c97f76db3ecff8499689[commit]
https://pagure.io/freeipa/issue/8226[#8226]
* adtrust.py: mention restarting sssd when adding trust agents
https://pagure.io/freeipa/c/14de3644ea1e8ce3954b1da6a0e99f6e27d4db03[commit]
https://pagure.io/freeipa/issue/8148[#8148]
* test_nfs.py: switch to master_3repl
https://pagure.io/freeipa/c/98d3b63ca95aafbba3075b5d38fb0bc0ee6d559e[commit]
https://pagure.io/freeipa/issue/8027[#8027]
* ipatests: rename config_replica_resolvconf_with_master_data()
https://pagure.io/freeipa/c/912c38a661874274206948f8bc1befa827b2d959[commit]
* test_nfs.py: switch to
tasks.config_replica_resolvconf_with_master_data()
https://pagure.io/freeipa/c/b79f8d8d38860097bfad98bd29a60a7511f02a4b[commit]
https://pagure.io/freeipa/issue/7949[#7949]
* prci_definitions: add master_3client topology
https://pagure.io/freeipa/c/f5b11567488ac2c6a6abd242ef3bf37eb8781234[commit]
https://pagure.io/freeipa/issue/8026[#8026]
=== Florence Blanc-Renaud (22)
* ipatests: wait for SSSD to become online in backup/restore tests
https://pagure.io/freeipa/c/dcdab7b8f8f82077943b5842368e5797a141dbb3[commit]
https://pagure.io/freeipa/issue/8228[#8228]
* xmlrpc tests: add a test for idview-apply on a master
https://pagure.io/freeipa/c/454168fadd19e0b613e76266ca62157bf2befe67[commit]
https://pagure.io/freeipa/issue/5662[#5662]
* idviews: prevent applying to a master
https://pagure.io/freeipa/c/e9bf4edbee28ea28d9d0a0ead834773c46861c4c[commit]
https://pagure.io/freeipa/issue/5662[#5662]
* ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg
missing
https://pagure.io/freeipa/c/1fccdd00d53bc71e87ab5a4b1c68ab6e3efcce8c[commit]
https://pagure.io/freeipa/issue/7600[#7600]
* ipatests: add test for ipa-adtrust-install --add-agents
https://pagure.io/freeipa/c/59b09f154b9d85d937da64d6fe271d09c5b61bc1[commit]
https://pagure.io/freeipa/issue/7600[#7600]
* ipa-adtrust-install: run remote configuration for new agents
https://pagure.io/freeipa/c/3a880ff64d44156fa274ef13ea726fe78cd37f2e[commit]
https://pagure.io/freeipa/issue/7600[#7600]
* Privilege: add a helper checking if a principal has a given privilege
https://pagure.io/freeipa/c/2b5c409c3031696a358d57def4dc2e98142ef643[commit]
https://pagure.io/freeipa/issue/7600[#7600]
* ipatests: fix TestSubCAkeyReplication
https://pagure.io/freeipa/c/15ab3a21dcfca6d11de0179455a09f3816f30bf3[commit]
* ipatests: fix modify_sssd_conf()
https://pagure.io/freeipa/c/6b25791f791e716f566dc945b58f241c71312cb6[commit]
* ipatests: fix backup and restore
https://pagure.io/freeipa/c/aa0bcb1380198fee4028eeb327c6541828779391[commit]
https://pagure.io/freeipa/issue/8170[#8170]
* AD user without override receive InternalServerError with API
https://pagure.io/freeipa/c/f9f822ac10c0a5fffca906d5f5412c8d35adcc18[commit]
https://pagure.io/freeipa/issue/8163[#8163]
* ipa-cacert-manage man page: fix indentation
https://pagure.io/freeipa/c/a281a42ed89c1e901c7f4676423998c6764ec765[commit]
https://pagure.io/freeipa/issue/8138[#8138]
* trust upgrade: ensure that host is member of adtrust agents
https://pagure.io/freeipa/c/206e1f94efda11dd773860c9bbf9609d797688d4[commit]
* smartcard: make the ipa-advise script compatible with
authselect/authconfig
https://pagure.io/freeipa/c/134c6bd1243329ec41f7a6648e78af57955bc6a6[commit]
https://pagure.io/freeipa/issue/8113[#8113]
* ipa-backup: fix python2 issue with os.mkdir
https://pagure.io/freeipa/c/3a399e1dfa4d64ad1a1030f86dbdb13486aa69f7[commit]
https://pagure.io/freeipa/issue/8099[#8099]
* ipa-server-certinstall manpage: add missing options
https://pagure.io/freeipa/c/5448797ee8a0d1e83599a58bb1b0b8257a9ff35a[commit]
https://pagure.io/freeipa/issue/8086[#8086]
* ipatests: fix test_replica_promotion.py::TestHiddenReplicaPromotion
https://pagure.io/freeipa/c/548b697fbdc9a851ce22745a477f938c5816bf43[commit]
https://pagure.io/freeipa/issue/8070[#8070]
* ipatests: add XMLRPC test for user-add when UPG plugin is disabled
https://pagure.io/freeipa/c/6f512b00ee4b5cce9e5b8a658cb7388e2aa3a52a[commit]
https://pagure.io/freeipa/issue/4972[#4972]
* ipa user_add: do not check group if UPG is disabled
https://pagure.io/freeipa/c/ee0b0f66c15b4062c214f6993bc0b1e0da9a8a6d[commit]
https://pagure.io/freeipa/issue/4972[#4972]
* replica install: enforce --server arg
https://pagure.io/freeipa/c/6c5e72aee4dffb353b79b99324858bf2a1ec7314[commit]
https://pagure.io/freeipa/issue/7566[#7566]
* ipatests: ensure that backup/restore restores pkcs 11 modules config
file
https://pagure.io/freeipa/c/a7168658210c85e746c6bb2d1a0be9b546702677[commit]
https://pagure.io/freeipa/issue/8073[#8073]
* ipa-backup: backup the PKCS module config files setup by IPA
https://pagure.io/freeipa/c/5bf6a39ceab02e0dca0626a556eadfe6a853a61a[commit]
https://pagure.io/freeipa/issue/8073[#8073]
=== Fraser Tweedale (4)
* Do not renew externally-signed CA as self-signed
https://pagure.io/freeipa/c/3afd13a0b45de7349e2cb27cb45e7b3a02edf1c6[commit]
https://pagure.io/freeipa/issue/8176[#8176]
* test_integration: add tests for custom CA subject DN
https://pagure.io/freeipa/c/4767add057353280274b884b1bd15f7f63408970[commit]
https://pagure.io/freeipa/issue/8084[#8084]
* upgrade: fix ipakra people entry 'description' attribute
https://pagure.io/freeipa/c/4aad2c9b5ed7c7f4b6cba1e0328cf2ff88175d1c[commit]
https://pagure.io/freeipa/issue/8084[#8084]
* krainstance: set correct issuer DN in uid=ipakra entry
https://pagure.io/freeipa/c/1071eb2c64ef94fde13ba7a146d75635b4d56244[commit]
https://pagure.io/freeipa/issue/8084[#8084]
=== Gaurav Talreja (1)
* Normalize test definations titles
https://pagure.io/freeipa/c/c22da325586eff18b1bb732d7e18b7161ea06fd3[commit]
=== Jayesh Garg (2)
* Test if ipactl starts services stopped by systemctl
https://pagure.io/freeipa/c/db6d0a6563644a003a6842ea712d9d6af99ee28c[commit]
* Test for ipa-ca-install on replica
https://pagure.io/freeipa/c/1cd2ff5577af1043389e9bf59cb741b184ca31a1[commit]
=== Michal Polovka (3)
* ipatests: add tests for ipa host-add with non-default
maxhostnamelength
https://pagure.io/freeipa/c/353062abc635d6fd310680461618d1cc32d5e07a[commit]
https://pagure.io/freeipa/issue/2018[#2018]
* ipatests: fix topology for TestIpaNotConfigured in PR-CI nightly
definitions
https://pagure.io/freeipa/c/465706ac98cd7608916090610418a15943e791e0[commit]
https://pagure.io/freeipa/issue/6843[#6843],
https://pagure.io/freeipa/issue/8055[#8055]
* ipatests: Test for ipa-backup with ipa not configured
https://pagure.io/freeipa/c/b384b297f44e3fb96b1509affabcd9f0011592a7[commit]
https://pagure.io/freeipa/issue/6843[#6843]
=== Mohammad Rizwan Yusuf (5)
* Test if schema-compat-entry-attribute is set
https://pagure.io/freeipa/c/651d97a47d1f60875648ae72c2c0e6fe6ffabe04[commit]
https://pagure.io/freeipa/issue/8193[#8193]
* Test if schema-compat-entry-attribute is set
https://pagure.io/freeipa/c/405363baa62c7a2e875aae516abc8080031094f2[commit]
https://pagure.io/freeipa/issue/8193[#8193]
* add test to nightly yaml
https://pagure.io/freeipa/c/16c794d8a3d7d690883da5b29c5c04a203a2b8db[commit]
* Installation of replica against a specific server
https://pagure.io/freeipa/c/e12fa0b88371962e3684c6b932980c3ac0ab8e1d[commit]
https://pagure.io/freeipa/issue/7566[#7566]
* Check file ownership and permission for dirsrv log instance
https://pagure.io/freeipa/c/140111cd53803194a6c41a576cab9b3c282ed54f[commit]
https://pagure.io/freeipa/issue/7725[#7725]
=== ndehadra (1)
* Hidden Replica: Add a test for Automatic CRL configuration
https://pagure.io/freeipa/c/90c22dbc46910739b1ed43c5a1e94afdc464fe75[commit]
https://pagure.io/freeipa/issue/7307[#7307]
=== Rob Crittenden (10)
* Test that pwpolicy only applied on Kerberos entries
https://pagure.io/freeipa/c/1e6f6f590342fd5c3cf90dee8f23ca1d2651c551[commit]
* Add ability to change a user password as the Directory Manager
https://pagure.io/freeipa/c/6d28e82b2616ccc8b67cbe1b60d5e914e02636ca[commit]
* Don't save password history on non-Kerberos accounts
https://pagure.io/freeipa/c/82585849cfbad0c7cf2225d2766cb0aed0dce898[commit]
* Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit
https://pagure.io/freeipa/c/e5983600bfc0f143c3a6732be6532e48d9faaf15[commit]
https://pagure.io/freeipa/issue/8164[#8164]
* CVE-2019-10195: Don't log passwords embedded in commands in calls
using batch
https://pagure.io/freeipa/c/e8ed8b0b242e3c8e4107090f56a4771b53b777e5[commit]
* ipa-restore: Restore ownership and perms on 389-ds log directory
https://pagure.io/freeipa/c/05b173c1a7fb0b18b371771bafe01c0083547c79[commit]
https://pagure.io/freeipa/issue/7725[#7725]
* Report if a certmonger CA is missing
https://pagure.io/freeipa/c/eda9a51110a645de2ffe459a5101631af4d7772b[commit]
https://pagure.io/freeipa/issue/7870[#7870]
* Re-order tasks.restore_pkcs11_modules() to run earlier
https://pagure.io/freeipa/c/a62e3c011992ca8d4d9dbd0a8d97b036820a5cd2[commit]
https://pagure.io/freeipa/issue/8034[#8034]
* Don't log host passwords when they are set/modified
https://pagure.io/freeipa/c/2d58e3bcaa8732f448e01e75448092fe53fd6d13[commit]
https://pagure.io/freeipa/issue/8017[#8017]
* Don't return SSH keys with ipa host-find --pkey-only
https://pagure.io/freeipa/c/bdbc918724275e19c81e2e8fa6edfa1972e63f95[commit]
https://pagure.io/freeipa/issue/8029[#8029]
=== Robbie Harwood (3)
* Fix segfault in ipadb_parse_ldap_entry()
https://pagure.io/freeipa/c/6b4a80e889a2603a65e869f4fd492c9c4fe5c896[commit]
* Fix NULL pointer dereference in maybe_require_preauth()
https://pagure.io/freeipa/c/47aa96e7ff0bf31edefaa8cbe76c0acb360a7fb3[commit]
* Log INFO message when LDAP connection fails on startup
https://pagure.io/freeipa/c/dbdd15966b035c657517a373e6b91c35e0ac1cb8[commit]
=== Sumit Bose (1)
* extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT
https://pagure.io/freeipa/c/a0a16df8a9a171c6508a04970ba3b5321d43ddfa[commit]
https://pagure.io/freeipa/issue/8044[#8044]
=== Stanislav Levin (3)
* pki-proxy: Don't rely on running apache until it's configured
https://pagure.io/freeipa/c/0db996906bbc0fcfd02c81dd468276aae67f0e53[commit]
https://pagure.io/freeipa/issue/8233[#8233]
* Fix errors found by Pylint-2.4.3
https://pagure.io/freeipa/c/20548ef82f470e11c11722b549f4aac21e8ca5a7[commit]
https://pagure.io/freeipa/issue/8102[#8102]
* Fixed errors newly exposed by pylint 2.4.0
https://pagure.io/freeipa/c/1248050e19fef3aa39a95fecd2257f841ef6392e[commit]
https://pagure.io/freeipa/issue/8077[#8077]
=== Sergey Orlov (19)
* ipatests: provide AD admin password when trying to establish trust
https://pagure.io/freeipa/c/db1b9fc428d8932f4fa9da79501ff2be8e4e7cc2[commit]
https://pagure.io/freeipa/issue/7895[#7895]
* ipatests: remove test_ordering
https://pagure.io/freeipa/c/ca8cd6ad722590eec545bfb2a68208a0ba8557f0[commit]
* ipatests: remove invalid parameter from sssd.conf
https://pagure.io/freeipa/c/c89dbf2440ef0da37b1f766f7a424408b3202966[commit]
https://pagure.io/freeipa/issue/8219[#8219]
* ipatests: use remote_sssd_config to modify sssd.conf
https://pagure.io/freeipa/c/90d88634ef0b05fdfe6879e03c7c44cd2246668d[commit]
https://pagure.io/freeipa/issue/8219[#8219]
* ipatests: replace utility for editing sssd.conf
https://pagure.io/freeipa/c/7a4d30717e1d4a65e0e9277e6a52e369df3989bf[commit]
https://pagure.io/freeipa/issue/8219[#8219]
* ipatests: update docstring to reflect changes in FileBackup.restore()
https://pagure.io/freeipa/c/aa722083cea3d3d238d80699de21201242888116[commit]
* ipatests: add test_trust suite to nightly runs
https://pagure.io/freeipa/c/5ed1b87c384ce4df6dfeb34424295280cf92dde8[commit]
* ipatests: fix collection of tests from test_trust suite
https://pagure.io/freeipa/c/39a0b12fca2ea4b760f6c1aad99f1fa6614c159b[commit]
* ipatests: add test_winsyncmigrate suite to nightly runs
https://pagure.io/freeipa/c/a60c057310db5ad11f4358890fc9e3784681e663[commit]
* ipatests: add check that ipa-adtrust-install generates sane smb.conf
https://pagure.io/freeipa/c/e2a7e73f86d66740f8e6c8e64929bcad6793b6f6[commit]
https://pagure.io/freeipa/issue/6951[#6951]
* ipatests: refactor FileBackup helper
https://pagure.io/freeipa/c/f92c28da7bbc03c2ef47f0617e8dabbdfd0bf65e[commit]
https://pagure.io/freeipa/issue/8115[#8115]
* ipatests: in DNS zone file add A record for name server
https://pagure.io/freeipa/c/13fbe2c8642906711c660ab7edc1b7b883b295a7[commit]
* ipatests: strip newline character when getting name of temp file
https://pagure.io/freeipa/c/6b59ceeb37f4c94fe2903fdd7ff81149147f7bd9[commit]
* ipatests: add test to check that only TLS 1.2 is enabled in Apache
https://pagure.io/freeipa/c/f9566100a512656b98b72baf708becc7870750c4[commit]
https://pagure.io/freeipa/issue/7995[#7995]
* ipatests: fix DNS forwarders setup for AD trust tests with non-root
domains
https://pagure.io/freeipa/c/180259f20c4170b96b3a0433d4db0950eda6cd20[commit]
* ipatests: add tests for cached_auth_timeout in sssd.conf
https://pagure.io/freeipa/c/72dc394614300ee4dac25b4509eb216d5104c224[commit]
* ipatests: add new utilities for file management
https://pagure.io/freeipa/c/f44dc80c52d0357fb582a0999958221dab33b952[commit]
* ipatests: add utility functions related to using and managing user
accounts
https://pagure.io/freeipa/c/62fe597a68a218eebf106ca7dc5d107b14ea4e3d[commit]
* ipatests: modify run_command to allow specify successful return codes
https://pagure.io/freeipa/c/a092198a0bd9ac6fa37635a21163061cc186d0fb[commit]
=== Sumedh Sidhaye (2)
* Added a test to check if ipa host-find --pkey-only does not return SSH
public key
https://pagure.io/freeipa/c/f4fdfaac3bea3b1301222f6362275f34b1b710e9[commit]
https://pagure.io/freeipa/issue/8029[#8029]
* Test: Test to check whether ssh from ipa client to ipa master is
successful after adding ldap_deref_threshold=0 in sssd.conf
https://pagure.io/freeipa/c/4c421ec4d5dbfa63027c8c41b8b699a2b938e3de[commit]
=== Simo Sorce (1)
* Make sure to have storage space for tag
https://pagure.io/freeipa/c/975c1a3d6c48bf5d71fbe12373603298a5573754[commit]
=== Serhii Tsymbaliuk (7)
* Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1
https://pagure.io/freeipa/c/5e122aa20594e8f34ffa175401d6ada4c05bbb5e[commit]
https://pagure.io/freeipa/issue/8239[#8239]
* WebUI tests: Fix broken reference to parent facet in table record
check
https://pagure.io/freeipa/c/a45679047f82a3fbb98422a023a782766df0ca25[commit]
https://pagure.io/freeipa/issue/8157[#8157]
* WebUI tests: Fix 'Button is not displayed' exception
https://pagure.io/freeipa/c/220aba3119c2243e890540a95404f14cfffc6ca5[commit]
https://pagure.io/freeipa/issue/8169[#8169]
* Fix occasional 'whoami.data is undefined' error in FreeIPA web UI
https://pagure.io/freeipa/c/74e66ba3aac2fcf751f58a89879e2031078c7960[commit]
https://pagure.io/freeipa/issue/7917[#7917]
* Fix certificate revocation tests for Web UI
https://pagure.io/freeipa/c/e054f681a301bdde2ed92334957fe906229b3bcf[commit]
https://pagure.io/freeipa/issue/7834[#7834]
* WebUI: Fix notification area layout
https://pagure.io/freeipa/c/128a8bcf7b18a7e295ac8cb811021cf462282877[commit]
https://pagure.io/freeipa/issue/8120[#8120]
* WebUI: Make 'Unlock' option is available only on locked user page
https://pagure.io/freeipa/c/ad006f7008cf6d97c0ff435b5bcb6d17a450a94b[commit]
https://pagure.io/freeipa/issue/5062[#5062]
=== Tibor Dudlák (5)
* Add container environment check to replicainstall
https://pagure.io/freeipa/c/82351f1e09e9d592e3b0bef521c2c94b0d222cce[commit]
https://pagure.io/freeipa/issue/6210[#6210]
* Increase ntp_options test timeout
https://pagure.io/freeipa/c/0f40193c6301174f54865fd867ad279456fe3ddd[commit]
* ipatests: refactor TestNTPoptions
https://pagure.io/freeipa/c/6a046c525d61f5962c02a7ede808080089420604[commit]
* ipatests: Add tests for interactive chronyd config
https://pagure.io/freeipa/c/b2c79ecbc1e47e36cbc7e65a575a398bd005f95c[commit]
https://pagure.io/freeipa/issue/7908[#7908]
* ipatests: Update test tasks for client to be interactive
https://pagure.io/freeipa/c/4e08b90bb785416582f4e993206b9342b1f0dbf9[commit]
https://pagure.io/freeipa/issue/7908[#7908]
=== Tomas Halman (4)
* extdom: add extdom protocol documentation
https://pagure.io/freeipa/c/f8b070587c5c2779b6b76237d1c712a0947f9438[commit]
* extdom: use sss_nss_*_timeout calls
https://pagure.io/freeipa/c/5340a03e30d37015777eafb58d7f36fc3d81c5eb[commit]
* extdom: plugin doesn't use timeout in blocking call
https://pagure.io/freeipa/c/b442b82b4a4c80b9e7992b33eb008f4f0dea44e2[commit]
* extdom: plugin doesn't allow @ in group name
https://pagure.io/freeipa/c/2e8a2a564a46a2a4f04236e08dda26d6126135ea[commit]
=== Theodor van Nahl (1)
* Fix UnboundLocalError in ipa-replica-manage on errors
https://pagure.io/freeipa/c/635c4db608e0dcb8fa2bfd88fe291e9f3ce838db[commit]
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
More information about the Freeipa-interest
mailing list