The FreeIPA team would like to announce FreeIPA 4.9.8 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.
== Highlights in 4.9.8
* 8397: Cannot remove First master server with KRA after the server hard
disk failed ( destructed)
The KRA role search was too narrow resulting in false positives when
trying to delete a server with a KRA, resulting in an error that the
last KRA was being removed when this was not the case.
* 8492: RFE: Include the server schema version in communication with the
client
IPA clients store a copy of the server command schema, with a TTL of
1 hour by default. During plugin development command options,
labels, etc may change and because some values are cached, new
values will not display until the cache expires. This change adds a
new configuration option, schema_ttl, so that a user can control how
long the data is cached. A setting of 0 disables the cache. Tuning
this is not recommended on production servers.
* 8962: Info about searchrecordslimit set search limit to 10,000 after
upgrade
Set the server-side search size limit to 10,000 entries. By default
the client side will still be 100. Consider carefully when
increasing the client side value as it adds additional load on the
server to retrieve more entries.
* 8968: Add URI records for KDC
FreeIPA DNS integration now provides URI records for a dynamic
discovery of Kerberos KDCs. This allows automatic discover and use
of MS-KKDCP proxies. URI records are also Kubernetes-friendly as
Kubernetes does not support SRV records with the same name and
different protocols.
* 8974: RHEL 8.5 IPA Replica setup fails against a RHEL 7.9 IPA server
When creating a new replica against an older existing server that
lacks the sanToCNDefaultImpl capability, the ACME certificate
profile cannot be added. Running ipa-server-upgrade manually after
ipa-replica-install has completed will correctly add in the missing
profile.
* 8980: Nightly test failure in
pki-fedora/test_integration/test_backup_and_restore
Make Dogtag return XML for ipa cert-find
* 8986: ipa cert-request replaces user certificate instead of adding
By default IPA caches LDAP entries within a given request. Entries
with a userCertificate value are not cached because the attribute
may be represented with or without a ;binary tag and this confuses
the cache. This will be revisted in the future but for now we are
favoring correctness over speed.
* 8995: Integrate SID configuration into base IPA installers
New installations of IPA now configure the server to generate SIDs
by default. Previously, this setup was executed as part of the
ipa-adtrust-install command.
* 9031: Harden FreeIPA KDC processing of PAC buffers
FreeIPA now implements PAC structure hardening as coordinated with
Samba Team and Microsoft in CVE-2020-25719 and CVE-2021-42287
correspondingly.
* 9038: Concerns regarding 'ipa pwpolicy-mod --minlife 24 --maxlife 1'
ipa pwpolicy-mod --minlife $min --maxlife $max accepts $max >= $min,
yet the error message says: "Maximum password life must be greater
than minimum." Change the error message so that it conveys the
actual logic.
=== Enhancements
* 8492: RFE: Include the server schema version in communication with the
client
IPA clients store a copy of the server command schema, with a TTL of
1 hour by default. During plugin development command options,
labels, etc may change and because some values are cached, new
values will not display until the cache expires. This change adds a
new configuration option, schema_ttl, so that a user can control how
long the data is cached. A setting of 0 disables the cache. Tuning
this is not recommended on production servers.
* 8968: Add URI records for KDC
FreeIPA DNS integration now provides URI records for a dynamic
discovery of Kerberos KDCs. This allows automatic discover and use
of MS-KKDCP proxies. URI records are also Kubernetes-friendly as
Kubernetes does not support SRV records with the same name and
different protocols.
* 8995: Integrate SID configuration into base IPA installers
New installations of IPA now configure the server to generate SIDs
by default. Previously, this setup was executed as part of the
ipa-adtrust-install command.
* 9031: Harden FreeIPA KDC processing of PAC buffers
FreeIPA now implements PAC structure hardening as coordinated with
Samba Team and Microsoft in CVE-2020-25719 and CVE-2021-42287
correspondingly.
=== Known Issues
* 8700: ipa-server-install --auto-reverse does not create reverse DNS
zone in Fedora 33
Previously, systemd-resolved presented reverse record for host's IP
address which made ipa-server-install skip creation of reverse zone.
The issue was fixed in systemd on Fedora 35 and is not a problem
anymore.
* 9026: Missing bind-pkcs11-utils causing failures in OpenDNSSec
OpenDNSSec integration: depend on bind-dnssec-utils on all Fedora
releases and RHEL == 9+. Switch to "/usr/sbin/dnssec-keyfromlabel -E
pkcs11" instead of "/usr/sbin/dnssec-keyfromlabel-pkcs11" there too.
=== Bug fixes
FreeIPA 4.9.8 is a stabilization release for the features delivered as a
part of 4.9.0 version series.
There are more than 30 bug-fixes since FreeIPA 4.9.7 release. Details of
the bug-fixes can be seen in the list of resolved tickets below.
== Upgrading
Upgrade instructions are available on Upgrade page.
== Feedback
Please provide comments, bugs and other feedback via the freeipa-users
mailing list
(https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/)
or #freeipa channel on libera.chat.
== Resolved tickets
* https://pagure.io/freeipa/issue/7885[#7885]
(https://bugzilla.redhat.com/show_bug.cgi?id=1690191[rhbz#1690191]) RFE:
wrapper for Dogtag cert-fix command
* https://pagure.io/freeipa/issue/8353[#8353] Sporadic: Nightly test
failure in
test_adtrust_install.py::TestIpaAdTrustInstall::test_add_agent_not_allowed
- kinit: Password has expired while getting initial credentials
* https://pagure.io/freeipa/issue/8397[#8397]
(https://bugzilla.redhat.com/show_bug.cgi?id=1985069[rhbz#1985069])
Cannot remove First master server with KRA after the server hard disk
failed ( destructed)
* https://pagure.io/freeipa/issue/8492[#8492] RFE: Include the server
schema version in communication with the client
* https://pagure.io/freeipa/issue/8687[#8687]
(https://bugzilla.redhat.com/show_bug.cgi?id=1980356[rhbz#1980356])
Nightly failure (rawhide/f34) reinstalling samba client: winbindd
coredump
* https://pagure.io/freeipa/issue/8700[#8700] ipa-server-install
--auto-reverse does not create reverse DNS zone in Fedora 33
* https://pagure.io/freeipa/issue/8755[#8755]
(https://bugzilla.redhat.com/show_bug.cgi?id=1921007[rhbz#1921007])
ipa-server-install : No such file or directory:
'/etc/authselect/user-nsswitch.conf'
* https://pagure.io/freeipa/issue/8815[#8815] Nightly test failure in
new test test_ipa_cert_fix.py::TestCertFixReplica
* https://pagure.io/freeipa/issue/8846[#8846] Nightly test failure in
test_webui_policy::test_selinuxusermap::test_undo_refresh_reset_update_cancel
* https://pagure.io/freeipa/issue/8932[#8932] ipatests: move_date is
defined twice
* https://pagure.io/freeipa/issue/8953[#8953]
test_certmonger_ipa_responder_jsonrpc random failure
* https://pagure.io/freeipa/issue/8954[#8954] Issues in commands of
`schema` plugin
* https://pagure.io/freeipa/issue/8955[#8955] Unstable fingerprints for
the same API schema
* https://pagure.io/freeipa/issue/8961[#8961] [azure] inconsistent
results for `Quick code style check` and `Lint` tasks
* https://pagure.io/freeipa/issue/8962[#8962]
(https://bugzilla.redhat.com/show_bug.cgi?id=1966289[rhbz#1966289]) Info
about searchrecordslimit set search limit to 10,000 after upgrade
* https://pagure.io/freeipa/issue/8965[#8965]
(https://bugzilla.redhat.com/show_bug.cgi?id=2000261[rhbz#2000261])
extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT
* https://pagure.io/freeipa/issue/8966[#8966] Invoke pkispawn with
--log-file
* https://pagure.io/freeipa/issue/8968[#8968] Add URI records for KDC
* https://pagure.io/freeipa/issue/8972[#8972]
(https://bugzilla.redhat.com/show_bug.cgi?id=1998129[rhbz#1998129]) AVC
denied \{ read } comm="ipa-custodia" on aarch64 during installation of
ipa-server
* https://pagure.io/freeipa/issue/8974[#8974]
(https://bugzilla.redhat.com/show_bug.cgi?id=1999142[rhbz#1999142]) RHEL
8.5 IPA Replica setup fails against a RHEL 7.9 IPA server
* https://pagure.io/freeipa/issue/8975[#8975] Nightly test failure in
test_integration/test_commands.py/TestIPACommand/test_reset_password_unlock
* https://pagure.io/freeipa/issue/8979[#8979] Nightly test failure
(rawhide) in
test_trust.py::TestTrust::test_establish_forest_trust_with_shared_secret
* https://pagure.io/freeipa/issue/8980[#8980] Nightly test failure in
pki-fedora/test_integration/test_backup_and_restore
* https://pagure.io/freeipa/issue/8983[#8983] [azure] tar sometimes
fails on changed in process files
* https://pagure.io/freeipa/issue/8984[#8984]
(https://bugzilla.redhat.com/show_bug.cgi?id=1999992[rhbz#1999992]) ipa
migrate-ds command fails to warn when compat plugin is enabled
* https://pagure.io/freeipa/issue/8985[#8985] [azure] docs build fails
with Pygments 2.8.0+
* https://pagure.io/freeipa/issue/8986[#8986]
(https://bugzilla.redhat.com/show_bug.cgi?id=1999893[rhbz#1999893]) ipa
cert-request replaces user certificate instead of adding
* https://pagure.io/freeipa/issue/8987[#8987] Nightly test failure in
test_integration/test_trust.py/TestTrust/test_extdom_plugin
* https://pagure.io/freeipa/issue/8989[#8989] Nightly failure (rawhide)
in tasks.run_ssh_cmd
* https://pagure.io/freeipa/issue/8995[#8995] Integrate SID
configuration into base IPA installers
* https://pagure.io/freeipa/issue/8999[#8999] Nightly failure (rawhide)
in
test_ipahealthcheck.py::TestIpaHealthCheckWithExternalCA::test_ipahealthcheck_ipaopensslchainvalidation
* https://pagure.io/freeipa/issue/9000[#9000] Nightly failure (rawhide)
in
test_ipahealthcheck.py::TestIpaHealthCheck::test_sosreport_includes_healthcheck
* https://pagure.io/freeipa/issue/9006[#9006] Nightly failure in
test_commands.py::TestIPACommand::test_cacert_manage
* https://pagure.io/freeipa/issue/9008[#9008] [azure] clone3 and glibc
2.34 in container
* https://pagure.io/freeipa/issue/9009[#9009] Nightly failure (rawhide)
in webui_tests: yaml.load() now requires Loader
* https://pagure.io/freeipa/issue/9011[#9011] [azure] pip's builddir
* https://pagure.io/freeipa/issue/9013[#9013] [ipatests]
test_external_ca.py::TestMultipleExternalCA::test_master_install_ca1
fails
* https://pagure.io/freeipa/issue/9026[#9026]
(https://bugzilla.redhat.com/show_bug.cgi?id=2020207[rhbz#2020207])
Missing bind-pkcs11-utils causing failures in OpenDNSSec
* https://pagure.io/freeipa/issue/9029[#9029] Nightly webui test failure
(rawhide): selenium issue
* https://pagure.io/freeipa/issue/9031[#9031] Harden FreeIPA KDC
processing of PAC buffers
* https://pagure.io/freeipa/issue/9036[#9036]
(https://bugzilla.redhat.com/show_bug.cgi?id=2009114[rhbz#2009114])
Invalid PTR records created when navigated from host details page
* https://pagure.io/freeipa/issue/9038[#9038]
(https://bugzilla.redhat.com/show_bug.cgi?id=1825010[rhbz#1825010])
Concerns regarding 'ipa pwpolicy-mod --minlife 24 --maxlife 1'
* https://pagure.io/freeipa/issue/9046[#9046] Stacktrace when using 'ipa
server-del' in non-English locale
== Detailed changelog since 4.9.7
=== Armando Neto (2)
* ipatests: Fix UI_driver method after Selenium upgrade
https://pagure.io/freeipa/c/bb5ef716070cb564b3455ddf7a6656de5e228d0e[commit]
https://pagure.io/freeipa/issue/9029[#9029]
* ipatests: Bump PR-CI latest templates to Fedora 35
https://pagure.io/freeipa/c/d97250fac563c4a41dc0c4dddc84502c0af16ff6[commit]
=== Alexander Bokovoy (12)
* freeipa.spec.in: -server subpackage should require samba-client-libs
https://pagure.io/freeipa/c/c850cd52dcee8d2e5107af5ddf33e79b4e33527f[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: validate domain SID in incoming PAC for trusted domains for
S4U
https://pagure.io/freeipa/c/5213c1e42cdedf4a862bf7173d7c632d0c1460b5[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: honor SID from the host or service entry
https://pagure.io/freeipa/c/a95ccd908f9e04375380f5dba1110f6c55a93638[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* SMB: switch IPA domain controller role
https://pagure.io/freeipa/c/693c165ce83df9e21a4928cde64bdea9f997d1a6[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: Use proper account flags for Kerberos principal in PAC
https://pagure.io/freeipa/c/adf5ab7344b810106cb4b493c798af597d14a080[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: add PAC_ATTRIBUTES_INFO PAC buffer support
https://pagure.io/freeipa/c/b71467e2fe5942688d2d988999340ef398b97a29[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: add support for PAC_REQUESTER_SID buffer
https://pagure.io/freeipa/c/879ef1b1a69ed187fcfa8fff007ab95ec72a1a65[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: add support for PAC_UPN_DNS_INFO_EX
https://pagure.io/freeipa/c/4cafdac1dfbd95087c3d0510cbf2638fc31c4d94[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: S4U2Proxy target should use a service name without realm
https://pagure.io/freeipa/c/8b5e496101963c7059fac2a4a5c8b5e15ad9f726[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: use entry DN to compare aliased entries in S4U operations
https://pagure.io/freeipa/c/eb5a93ddbe0ab17c36d5c78e5c0fcf020745484a[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: enforce SID checks when generating PAC
https://pagure.io/freeipa/c/9ecbdd8e5968b1b4033bedb90fccdd0f05720b40[commit]
https://pagure.io/freeipa/issue/9031[#9031]
* ipa-kdb: store SID in the principal entry
https://pagure.io/freeipa/c/9ded98b66ed62a2edc7b27c02e0b94a6e6fa8ae9[commit]
https://pagure.io/freeipa/issue/9031[#9031]
=== Antonio Torres (4)
* Back to git snapshots
https://pagure.io/freeipa/c/8042bdc90c0ca8080f94c9baf54b713e08873232[commit]
* Become IPA 4.9.8
https://pagure.io/freeipa/c/a9620a5d7171de49f176a9504d1bb32db2d9650e[commit]
* Update list of contributors
https://pagure.io/freeipa/c/b4f9026e80cd936f2e21420a9b6d233f53cb894a[commit]
* Update translations to FreeIPA ipa-4-9 state
https://pagure.io/freeipa/c/c587db883df9ae28a6d2500dbe32de14c6c4c119[commit]
=== Christian Heimes (1)
* Add URI system records for KDC
https://pagure.io/freeipa/c/2cf0ad5cfd2d558c844bc9640c121fa35ebb1c30[commit]
https://pagure.io/freeipa/issue/8968[#8968]
=== Chris Kelley (1)
* Make Dogtag return XML for ipa cert-find
https://pagure.io/freeipa/c/bbda3590bb20a2915261f2fd9b8a8e0b169f93f4[commit]
https://pagure.io/freeipa/issue/8980[#8980]
=== Endi Sukma Dewata (1)
* Specify PKI installation log paths
https://pagure.io/freeipa/c/5abf1bc79f8b32c6638ff98fbe2e4a8dec9a5010[commit]
https://pagure.io/freeipa/issue/8966[#8966]
=== François Cami (6)
* freeipa.spec: depend on bind-dnssec-utils
https://pagure.io/freeipa/c/f89d59b6e18b54967682f6a37ce92ae67ab3fcda[commit]
https://pagure.io/freeipa/issue/9026[#9026]
* pwpolicy: change lifetime error message
https://pagure.io/freeipa/c/76afa643f4afd0167fd670142aa70369d91d7af2[commit]
https://pagure.io/freeipa/issue/9038[#9038]
* subid: subid-match: display the owner's ID not DN
https://pagure.io/freeipa/c/4785a90946ec694ccc082f062b2181b23c7099e3[commit]
* ipatests: refactor test_ipa_cert_fix with tasks
https://pagure.io/freeipa/c/4a3a15f45aad016730252c09e3e173a18184603e[commit]
https://pagure.io/freeipa/issue/8932[#8932]
* freeipa.spec.in: update 389-DS version
https://pagure.io/freeipa/c/210c53dd41a85b7619eb7a2ad427055c994ee1e5[commit]
* Back to git snapshots
https://pagure.io/freeipa/c/60745116a2bc71bef508be5a7a2e1f6082f24bca[commit]
=== Florence Blanc-Renaud (27)
* ipatests: remove xfail on f35+ for test_number_of_zones
https://pagure.io/freeipa/c/a9c080734cb533d7a494b7259ac8d1ef89394d2c[commit]
https://pagure.io/freeipa/issue/8700[#8700]
* ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail
https://pagure.io/freeipa/c/8ca5b094f829f47b0629301c23818096a5834609[commit]
https://pagure.io/freeipa/issue/8700[#8700]
* ipatests: fix get_user_result method
https://pagure.io/freeipa/c/421e12468d3ebaf8e259789bdba173a785c9e5d4[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* ipatests: update the expected output of user-add cmd
https://pagure.io/freeipa/c/009a8cdfcba78ab6153e132ef653792018e1662b[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* User plugin: do not return the SID on user creation
https://pagure.io/freeipa/c/61f42aefe35d60432d5542ed5fa3f546e6d71f0b[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* Webui tests: new idrange now requires base RID
https://pagure.io/freeipa/c/9c7e8c669740528812a06f9af73fe927313270c9[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* ipatests: backup-reinstall-restore needs to clear sssd cache
https://pagure.io/freeipa/c/c6fd0d00bacf56f1c3bffb2674042058a4608f10[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* User lifecycle: ignore SID when moving from preserved to staged
https://pagure.io/freeipa/c/86d1683e0966a5d33e570b9cc2bb032e9af98bf0[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* ipatests: adapt expected output with SID
https://pagure.io/freeipa/c/efc9df086725a151e15fc93b7550bc01df8d1151[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* ipatests: interactive install prompts for netbios name
https://pagure.io/freeipa/c/31d095eac1aa7158761de29aa4f3c42604e83f17[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* ipatests: add test ensuring SIDs are generated for new installs
https://pagure.io/freeipa/c/5bb56f910c39b3db762b6802a6dfaa25a0e77c76[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* ipa config: add --enable-sid option
https://pagure.io/freeipa/c/b98ecabba196107c692825e081fd1c7a6123c2aa[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* adtrust install: define constants for rid bases
https://pagure.io/freeipa/c/a91e6712e80a19070cb9f201b2d2f15ac8b28ff4[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* Installers: configure sid generation in server/replica installer
https://pagure.io/freeipa/c/e527857d000e558b3288a7a210400abaf2171237[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* SID generation: define SIDInstallInterface
https://pagure.io/freeipa/c/dd07db29eec92b421569a194a1d2294852cd6a5c[commit]
https://pagure.io/freeipa/issue/8995[#8995]
* ipa-server-install uninstall: remove tdb files
https://pagure.io/freeipa/c/6302769b83af75f267c76fe6f854d5b42b6b80f5[commit]
https://pagure.io/freeipa/issue/8687[#8687]
* ipa-client-samba uninstall: remove tdb files
https://pagure.io/freeipa/c/82eaa2eac454aed75a498d2c6ccd9e921f9c8a89[commit]
https://pagure.io/freeipa/issue/8687[#8687]
* ipatests: Update the subca used in TestIPACommand::test_cacert_manage
https://pagure.io/freeipa/c/34d6f51fb8ddc97d21470db9a638386127c4c581[commit]
https://pagure.io/freeipa/issue/9006[#9006]
* webui test: close notification after selinux user map update
https://pagure.io/freeipa/c/b706483c827a971aeae855199b9d4ce6005e53b1[commit]
https://pagure.io/freeipa/issue/8846[#8846]
* ipatests: increase sosreport verbosity
https://pagure.io/freeipa/c/fc384b0773c92e1743152b6c04af12b0f17e842b[commit]
https://pagure.io/freeipa/issue/9000[#9000]
* ipatests: update expected error message for openssl verify
https://pagure.io/freeipa/c/01dfce68d97f373c92dd82e355392e5123df8f07[commit]
https://pagure.io/freeipa/issue/8999[#8999]
* ipatests: fix expected msg in tasks.run_ssh_cmd
https://pagure.io/freeipa/c/ef58efe7e4c3f8ed3e31623035eba2a3bdba6e46[commit]
https://pagure.io/freeipa/issue/8989[#8989]
* ipatests: fix logic waiting for repl in TestIPACommand
https://pagure.io/freeipa/c/4f569c68cde408865389c61f9befb2ea23bd6d30[commit]
https://pagure.io/freeipa/issue/8975[#8975]
* migrate-ds: workaround to detect compat tree
https://pagure.io/freeipa/c/3c4f9e7347965ff9a887147df34e720224ffa7cc[commit]
https://pagure.io/freeipa/issue/8984[#8984]
* ipatests: rpcclient now uses --use-kerberos=desired
https://pagure.io/freeipa/c/395b0d26d0b042d5384bc8e7272f0121db0989ed[commit]
https://pagure.io/freeipa/issue/8979[#8979]
* selinux policy: allow custodia to access /proc/cpuinfo
https://pagure.io/freeipa/c/07e2bf732f54f936cccc4e0c7b468d77f97e911a[commit]
https://pagure.io/freeipa/issue/8972[#8972]
* ipatests: use whole date for journalctl --since
https://pagure.io/freeipa/c/b5036b5ce9ae4fab011e57fe2b37a35fdd098a70[commit]
https://pagure.io/freeipa/issue/8953[#8953]
=== Jochen Kellner (1)
* Remove duplicate _() in the error path
https://pagure.io/freeipa/c/1660cfa3d2ec4a27c0456b3545a40eadbae45cfb[commit]
https://pagure.io/freeipa/issue/9046[#9046]
=== Michal Polovka (1)
* ipatests: webui: Specify configuration loader
https://pagure.io/freeipa/c/17ba2732f90a69b860f70662133e6904d7373b04[commit]
https://pagure.io/freeipa/issue/9009[#9009]
=== Mohammad Rizwan (4)
* ipatests: remove redundant kinit from test
https://pagure.io/freeipa/c/d3edc039419e9a944ee37dd9e02edfd6a627db5a[commit]
* ipatests: update the timemout for test_ipa_cert_fix.py in nightlies
https://pagure.io/freeipa/c/1b38afc0487efde57f04cf4a8c15f03be46971f3[commit]
* ipatests: wait while http/ldap/pkinit cert get renew on replica
https://pagure.io/freeipa/c/a620e5e9e152defe144705913521c3cf556faa0e[commit]
https://pagure.io/freeipa/issue/8815[#8815]
* ipatests: test to renew certs on replica using ipa-cert-fix
https://pagure.io/freeipa/c/e0aef5296b66c0b460f7e10993610fe68b312241[commit]
https://pagure.io/freeipa/issue/7885[#7885]
=== Pavel Březina (1)
* kdb: fix typo in ipa_kdcpolicy_check_as
https://pagure.io/freeipa/c/bdf479e8cdab14a3985d8acc9fe234e13820108a[commit]
=== Petr Voborník (2)
* webui tests: remove unnecessary code in add_record
https://pagure.io/freeipa/c/a286cd31ec031e07b4d196715ae501f873a4bde2[commit]
https://pagure.io/freeipa/issue/9036[#9036]
* fix(webui): create correct PTR record when navigated from host page
https://pagure.io/freeipa/c/4f5ed837b43d378ed9e003c279e311656b1773ab[commit]
https://pagure.io/freeipa/issue/9036[#9036]
=== Rob Crittenden (7)
* Don't limit role-find by hostname when searching for last KRA
https://pagure.io/freeipa/c/1c66226e83bb8797122d3925b555516201edb8bd[commit]
https://pagure.io/freeipa/issue/8397[#8397]
* Make the schema cache TTL user-configurable
https://pagure.io/freeipa/c/331cadd8f25ab627fc419c48f2db6cc9cafafe40[commit]
https://pagure.io/freeipa/issue/8492[#8492]
* On redhat-based platforms rely on authselect to enable sudo
https://pagure.io/freeipa/c/c1baae842529d89b7fda78ace5ffcff165a995ce[commit]
https://pagure.io/freeipa/issue/8755[#8755]
* ipatests: Test that a user can be issued multiple certificates
https://pagure.io/freeipa/c/86588640137562b2016fdb0f91142d00bc38e54a[commit]
https://pagure.io/freeipa/issue/8986[#8986]
* Don't store entries with a usercertificate in the LDAP cache
https://pagure.io/freeipa/c/be1e3bbfc13aff9a583108376f245b81cc3666fb[commit]
https://pagure.io/freeipa/issue/8986[#8986]
* Increase default limit on LDAP searches to 100k
https://pagure.io/freeipa/c/3fb0f5333613beabeead3feb73dc0fea9694bcdc[commit]
https://pagure.io/freeipa/issue/8962[#8962]
* Catch and log errors when adding CA profiles
https://pagure.io/freeipa/c/a6e708ab4006d6623c37de1692de5362fcdb5dd6[commit]
https://pagure.io/freeipa/issue/8974[#8974]
=== Sumit Bose (1)
* extdom: return LDAP_NO_SUCH_OBJECT if domains differ
https://pagure.io/freeipa/c/4fca95751ca32a1ed16a6d8a4e557c5799ec5c78[commit]
https://pagure.io/freeipa/issue/8965[#8965]
=== Stanislav Levin (15)
* ipatests: TestMultipleExternalCA: Create tempfiles on remote host
https://pagure.io/freeipa/c/7480844765e029ccb5e7149059efd4c56e400982[commit]
https://pagure.io/freeipa/issue/9013[#9013]
* azure: Don't customize pip's builddir
https://pagure.io/freeipa/c/8dd788daf9fbf694754771082db9ee1d7f64fef0[commit]
https://pagure.io/freeipa/issue/9011[#9011]
* seccomp profile: Default to ENOSYS instead of EPERM
https://pagure.io/freeipa/c/488fb1049397c3adc10a2b80737374cff5a87af4[commit]
https://pagure.io/freeipa/issue/9008[#9008]
* test_schema_plugin: Add missing tests for command, class and topic
commands
https://pagure.io/freeipa/c/973334c9fc247ce6334bcd67f5cd9c3c6b35c660[commit]
https://pagure.io/freeipa/issue/8954[#8954]
* test_schema_plugin: Drop dependency on Tracker
https://pagure.io/freeipa/c/83405a75c2496c8728f9560823738f8ad51cdc33[commit]
https://pagure.io/freeipa/issue/8954[#8954]
* command_defaults: Don't crash on nonexistent command
https://pagure.io/freeipa/c/e4839b048040877cc7d780d2d98b25233db62537[commit]
https://pagure.io/freeipa/issue/8954[#8954]
* schema plugin: Fix commands without metaobject arg
https://pagure.io/freeipa/c/a9f7300732f1be90bfb736a8ec3e5fb58c8ce288[commit]
https://pagure.io/freeipa/issue/8954[#8954]
* ipatests: Log debug messages for locator plugin
https://pagure.io/freeipa/c/12ebc658a8bcde3cf5a9665e10981f822fa00dad[commit]
https://pagure.io/freeipa/issue/8353[#8353]
* krb5: Pin kpasswd server to a primary one
https://pagure.io/freeipa/c/8fcc0f077bc24e0c7d0c7434fbd4e91372021217[commit]
https://pagure.io/freeipa/issue/8353[#8353]
* azure: Ignore tar errors
https://pagure.io/freeipa/c/dfe94640ed8befbf29e3c35f0cb57e702211ef44[commit]
https://pagure.io/freeipa/issue/8983[#8983]
* docs: Make use of `text` highlighting
https://pagure.io/freeipa/c/d1343e8f539679227c8dbfb58ba634810d3857da[commit]
https://pagure.io/freeipa/issue/8985[#8985]
* ipatests: Add tests for `schema` Command
https://pagure.io/freeipa/c/14ad52238543ab845a8d6dadd65ff2fb6e67d8df[commit]
https://pagure.io/freeipa/issue/8955[#8955]
* schema plugin: Generate stable fingerprint
https://pagure.io/freeipa/c/939d0f5df67aa39cd31f68a6da4153460066ca66[commit]
https://pagure.io/freeipa/issue/8955[#8955]
* pycodestyle: Check *.in Python files
https://pagure.io/freeipa/c/31afc004bc034f3170247d4c7ccd3a7cc0d32551[commit]
https://pagure.io/freeipa/issue/8961[#8961]
* Azure: Run pycodestyle check in Lint job
https://pagure.io/freeipa/c/0b359fbdef8174b9f53d4af0770a6a2e72198e3b[commit]
https://pagure.io/freeipa/issue/8961[#8961]
=== Sergey Orlov (2)
* ipatests: use AD domain name from config instead of hardcoded value
https://pagure.io/freeipa/c/b3bee9b52a037b8ae44ceb6c7d40608a352325a7[commit]
* ipatests: check for message in sssd log only during actual test action
https://pagure.io/freeipa/c/e60076690cc02105d4a6abd9afb6aba5dd70b6bd[commit]
https://pagure.io/freeipa/issue/8987[#8987]
=== Sumedh Sidhaye (1)
* Test to verify if the case of a request for
/ca/rest/authority/\{id}/cert (or .../chain)
https://pagure.io/freeipa/c/4c14b8cfddf78d4e792eb944ef1a765a115e3f10[commit]
=== Vit Mojzis (1)
* selinux: Fix file context definition for /var/run
https://pagure.io/freeipa/c/186497cb790a81d43c35659f81fab2eb47ea65cd[commit]
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
