Hi,
below is the first cut on 4.8.0 rc1 release notes. I had to modify
release-notes.py from freeipa-tools quite a lot to get Pagure issues for
git master branch pulled out of the commit messages and then merged with
the list of issues referenced by the target milestone as we don't really
have those in use for 4.8.0 yet.
In total, a jump from 4.7.2 to 4.8.0rc1 is more than 210 referenced
Pagure issues. Please add (as replies) comments on what should be
highlighted in enhancements and known issues specifically.
I will do few more experiments with a new release-notes.py, that's why
I'm not publishing the draft on freeipa.org yet but rather including it
in this email.
--------------------------------------------------------------------------------
{{ReleaseDate|2019-04-30}}
The FreeIPA team would like to announce FreeIPA 4.8.0rc1 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora 4.8.0rc1 will be available in the official
[https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-8/ COPR
repository].
== Highlights in 4.8.0 ==
--------
=== Enhancements ===
=== Known Issues ===
=== Bug fixes ===
There are more than 210 bug-fixes details of which can be seen in
the list of resolved tickets below.
== Upgrading ==
Upgrade instructions are available on [[Upgrade]] page.
== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users mailing
list
(https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/)
or #freeipa channel on Freenode.
== Resolved tickets ==
* 631 ipa-getkeytab does not support -W option
* 4270 CA-less installation should not continue if dirsrv/httpd certificate is
revoked
* 4271 CA-less test suite always generate failures
* 4440 Add support for bounce_url to /ipa/ui/reset_password.html
* 4491 Investigate utilizing lib389
* 4580 Investigate SSF values when SASL/GSSAPI is used to authenticate to LDAP
* 4607 ipa-getkeytab fails if -k points to empty file or a symlink to
nonexistent file
* 5378 Incorrect error message at wrong password from private key file
* 5608 [RFE] Add Dogtag HSM support
* 5803 Add utility to promote CA replica to CRL master
* 5880 Second call to ldapmodify in
ipatests.test_integration.tasks.enable_replication_debugging fails
* 5887 IDNA domains does not work under py3
* 6077 [RFE] Support One-Way Trust authenticated by trust secret
* 6261 Replace ERROR: cannot connect to 'http://localhost:8888/ipa/json':
[Errno 111] Connection refused with 'IPA is not configured on this system'
* 6353 During one step replica install the command accepts both OTP and Admin
password simultaneously
* 6468 Make ipaclient pip install-able
* 6476 automember-rebuild crashes
* 6594 ipa idoverrideuser-find view --anchor fails to return output
* 6790 [RFE] Allow creating IPA CA with 4096-bit key.
* 6844 ipa-restore fails when umask is set to 0027
* 6959 ipa-server-certinstall should add any intermediate CA certificate a
server certificate is signed with
* 6979 Suggest user to install libyubikey package instead of traceback
* 7082 FreeIPA 4.5 is not compatible with latest pyasn1
* 7140 Configure DS to use minssf = 128
* 7193 [RFE] Warn or adjust umask if it is too restrictive to break installation
* 7196 ipa-replica-install fails with 'HTTPError: 403 Client Error: Forbidden'
due to a custodia issue
* 7200 ipa-pkinit-manage reports a switch from local pkinit to full pkinit
configuration was successful although it was not.
* 7206 [RFE] Provide an option to include FQDN in IDM topology graph
* 7217 Significantly reduce the KDC LDAP driver search timeout
* 7262 Authn/TOTP defined users periodically prompt for just password
credentials to access resources
* 7288 set_directive can overwrite wrong directives
* 7347 ipa-server-install breaks if subject base RDN has an escaped comma
* 7362 Update FreeIPA project logo
* 7365 [RFE] make kdcproxy errors in httpd error log less annoying in case AD KDCs are not reachable
* 7366 RFE: ipa client should setup openldap for GSSAPI
* 7369 The ipa-replica-install command failed, exception: ValidationError:
invalid 'dnszoneidnsname': only master zones can contain records
* 7408 ipa-replica-install command should display proper message on the console.
* 7451 Allow issuing certificates with IP addresses in subjectAltName
* 7455 Add a test for backup-restore in multimaster topology
* 7517 Failures in test_server_del test suite
* 7528 Upon ipa-server-install on Ubuntu 18.04, Apache unable to use encrypted
httpd.key
* 7532 ipa-advise config-client-for-smart-card-auth: enable smart card auth in
sssd.conf
* 7537 PR-CI: external_ca tests are hitting timeout
* 7538 sudo rule for "admins" members should be created by default
* 7545 TestCASpecificRUVs.test_replica_uninstall_deletes_ruvs start failing
with assertion error
* 7548 Need integration test for --external-ca-type=ms-cs
* 7559 UI LoginScreen widget cannot be translated
* 7566 Installation of replica against a specific master
* 7568 Deprecate Python 2
* 7569 Users with user creation/modification privileges fail to add the
"--radius-username" option when creating users
* 7570 Create a system permission for access to radius proxy entries
* 7578 IPA server upgrade should remove stale kdcinfo_* generated by SSSD
* 7579 ipa-cacert-manage cannot import PKCS#7 files
* 7587 Increase WSGI worker process count
* 7598 ipa-client-install: autodiscovery must refuse single label domains
* 7601 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not
RHEL7
* 7602 ipa-replica-install allows to use --setup-adtrust without the package
freeipa-server-trust-ad installed
* 7603 In IPA WebUI, a warning appears in the background(warning message behind
the dialog box).
* 7608 FreeIPA 4.6.3 install fails when `/proc/sys/crypto` is absent
* 7617 ipa-replica-install defines nsds5replicabinddngroup before the group
contains the DN of the replication manager
* 7619 [Translation] reset password page is not translated
* 7620 client uninstall fails when installed using non-existing hostname
* 7621 [Translation] sync otp page is not translated completely
* 7625 ipa-client-install fails with ScriptError(rval=CLIENT_INSTALL_ERROR)
* 7628 ipa ca-show <ca> --certificate-out=/tmp/ca fails with python type error
* 7629 Replica installation fails with connection refused error
* 7632 [RFE] Allow IPA Services to Start After the IPA Backup Has Completed
* 7638 PR-CI: Make "Not enough resources configured" an error
* 7640 [Translation] ipa/config/{unauthorized,ssbrowser}.html are not translated
* 7641 [Translation] ipa/migration/{error,index,invalid}.html are not translated
* 7642 Installation fails: Replica Busy
* 7644 ipa-server-upgrade displays 'DN: cn=Schema
Compatibility,cn=plugins,cn=config does not exists or haven't been updated'
* 7649 error shown when options are added to an existing sudo rule
* 7650 client installer uses invalid format in chmod (0x...)
* 7651 ipa-replica-install --setup-kra broken on DL1
* 7652 ipaserver/plugins/cert.py: Add reason to raise of errors.NotFound
* 7654 ipa-kra-install fails on DL1
* 7656 ipa-replica-install on DL0 doesn't completely honor --no-host-dns
* 7657 Leaving IPA domain fails: Failed to remove krb5/LDAP configuration:
expected str, bytes or os.PathLike object, not NoneType
* 7658 [RFE] sysadm_r should be included in default SELinux user map order
* 7659 ipa trust-add fails in FIPS mode.
* 7661 SELinux is preventing /usr/sbin/httpd from getattr access on the file
/usr/lib/systemd/system/fedora-domainname.service
* 7662 SELinux is preventing /usr/sbin/httpd from write access on the directory
/etc/httpd/alias/
* 7663 pytest 3.7.0 fails on pytest_plugins in ipatests.plugins
* 7664 ipa_tests: test ssh keys login
* 7666 ipa-server-install script is failing when using the "--no-dnssec-validation"
parameter combined with the "--forwarder"
* 7669 Hide domain level 0 specific options from tools and commands
* 7671 Remove --no-sssd and --noac options
* 7674 client install fails on Fedora 29
* 7678 [WebUI] JS error of 'reset' view
* 7679 [WebUI] all validation items are rendered on each key typing at login
form
* 7680 Detect Python interpreter during configure
* 7681 ipa server uninstall with -v option displays "IOError: [Errno 9] Bad file
descriptor Logged from file ipautil.py, line 442"
* 7684 Re-installing replica on the same system displays 'WARNING: cannot check
if port 443 is already configured'
* 7685 [pyasn1] not supported upstream's version
* 7687 Integration test for sssd_ssh leaks
* 7688 ipa-server-upgrade does not store the upgrade state for subCa
* 7689 Remove Domain Level 0 specific code
* 7691 'ipa vault-retrieve' is failing with "ipa: ERROR: an internal error has
occurred"
* 7699 [Translation] [remove dialog] not entire sentences
* 7700 ipa cert-show --chain --certificate-out fails with an internal error
* 7702 [Translation] not entire sentence of title of 'Remove' dialog for
'Association' facet
* 7704 [Translation] not entire sentence of title of 'Remove' dialog for
'association_table' widget
* 7705 Support Samba 4.9
* 7707 [Translation] not entire sentence of title of Entity's 'Add' dialog
* 7708 Create a warning that SSSD needs restart after idrange-mod
* 7709 [WebUI] Tests for "ID Ranges"
* 7710 Update spec file to require sssd-ipa, not an sssd meta-package
* 7711 python 3 fallout in ipa-server-install
* 7712 [Translation] not entire sentence of title of association facet's 'Add'
dialog
* 7714 [Translation] not entire sentence of title of 'Add' dialog for
'association_table' widget
* 7715 Remove Python 2 specific elements
* 7717 jslint is not running in pr ci tests
* 7718 javascript 'errors' found by jslint
* 7719 Automation added for NTP Replacement test scenarios
* 7721 [WebUI] Tests for "Automember"
* 7723 NTP options fails on ipa replica
* 7728 RFE: Validation and better error messages when novajoin fails because of SSL errors
* 7729 Bad output on failed client installation rollback
* 7731 ipa-advise command points to old URL's.
* 7732 systemd complains about legacy of /var/run
* 7735 [WebUI] Tests for "Automount"
* 7738 Fix C issues found by coverity and other tools
* 7740 continuous-integration/travis-ci/pr fails with latest gcc update
* 7741 Smart card advise script uses hard-coded Python interpreter
* 7742 External CA installer removes Dogtag's client DB after step 1
* 7743 Create automation to ensure that all integration tests are executed
* 7744 ipa-replica-install picks wrong replica for CA initial replication
* 7744 ipa-replica-install picks wrong replica for CA initial replication
* 7745 nss.conf needs to be zero length, not removed.
* 7746 IPA help command fails in an environment without the `less` binary
* 7747 [RFE] Support interactive prompt for NTP options for FreeIPA
* 7750 ipaldap: invalid modlist when attribute encoding can vary
* 7751 add ipaapi user to the list of allowed uids in [ifp] section in sssd
configuration
* 7752 ipa client throws http.client.ResponseNotReady error
* 7753 CID 323644: logically dead code in ipaserver.install.adtrust.py
* 7754 Replace archaic term messagebus with dbus
* 7755 Enable firewall in the tests
* 7756 Split Web UI test suite in nightly PR CI configuration
* 7758 pylint-2.1.1 errors on Fedora 29
* 7759 ipa-server-certinstall --http allows to install a server cert even
though the CA is not known
* 7761 External CA renewal accepts issuer key < 2048-bit
* 7762 External CA renewal accepts IPA CA cert with empty Subject Key Identifier
* 7767 make fasttest errors because of missing python3-lib389
* 7769 Installer does not detect that kadmin port 749/UDP is blocked
* 7770 searching for ipa users by certificate fails
* 7771 [WebUI] "ID views" tests fail after running "Automember" tests
* 7772 pylint 2.2.0 violations
* 7775 IPA Upgrade failed with "unable to convert the attribute
u'cACertificate;binary'"
* 7776 authselect 1.0.2 fails on unknown feature
* 7777 new prci_definitions memory requirements
* 7778 test_full_backup_and_restore_with_replica fails with "Unknown host
replica1.ipa.test"
* 7779 Update PR-CI definitions to use Fedora 29
* 7780 Make ipa-client-automount --uninstall more robust
* 7781 Don't start/enable nfs-idmap nor nfs-secure
* 7783 use non-symlink (aliases) NFS unit names
* 7786 Index accessruletype, hostcategory, ipaenabledflag, ipserviceport, and
ipserviceprotocol by default
* 7787 Missing indexes for automountmapname and automountkey
* 7788 Majority of gating tests are not part of nightly flows.
* 7790 ipa host-del --updatedns FQDN yeilds unindexed searches
* 7792 Missing index on ipaconfigstring
* 7793 ipa service-del service fails with internal error
* 7795 ipa-pkinit-manage enable fails on replica if it doesn't host the CA
* 7796 ipa-replica-install fails migrating CentOS 6 to 7
* 7797 SSSD's getservby*() causes performance issues
* 7803 Missing index on idnsName
* 7805 [NFS] test kerberized NFS
* 7807 Detect container installation to avoid Kernel keyring
* 7809 All Web UI tests fail with UnexpectedAlertPresentException
* 7810 [F28] Require NSS with fix for p11-kit issue.
* 7811 Fix compile issue with new 389-ds
* 7828 ipa trust-add fails with ipa: ERROR: an internal error has occurred
* 7829 ipa-server-upgrade when run displays 'No such file name in the index'
on the console
* 7830 FreeIPA installation fails with 389-DS 1.4.0.20-1
* 7831 add systemd-user HBAC service to default set of HBAC services
* 7832 [WebUI] cross-origin request
* 7834 Fix certificate revocation tests for Web UI
* 7835 Cert revokation for services and hosts is inefficient
* 7837 Replace os.getenv('HOME') with os.path.expanduser
* 7838 configure_openldap_conf() does not handle multi-value URI
* 7841 Remove tests for client installation with --no-sssd and --noac options
* 7843 [WebUI] Use generated certificates and CSR for testing
* 7844 testcase test_change_sysaccount_password_issue7561 fails with some test configurations
* 7855 Automember XML-RPC test failure
* 7856 Nightly test failure in
test_uninstallation.py::TestUninstallBase::()::test_failed_uninstall
* 7856 Nightly test failure in
test_uninstallation.py::TestUninstallBase::()::test_failed_uninstall
* 7858 Define C feature macros
* 7860 389-ds-base will no longer use /etc/sysconfig
* 7861 Make IPADiscovery available in PyPI packages
* 7861 Make IPADiscovery available in PyPI packages
* 7862 "ccache" may not exist if GSSError occurs in ipa-client-automount
causing an exception to be thrown
* 7864 [WebUI] Review and increase timeouts for UI tests in Nightly PR
configuration
* 7865 test_topology_TestTopologyOptions:test_add_remove_segment nightly
failure in fed28 and fed29
* 7866 FreeIPA server deployment fails due to 'Permission denied' error under
/tmp during pki-tomcatd deployment
* 7868 ipa-client-automount exception backing up /etc/sysconfig/nfs
* 7873 remove all occurrences of osinfo.version_id from ipatests/
* 7874 testcase test_commands.py::TestIPACommand::test_ssh_key_connection fails
with some test configurations
* 7876 Fail replica install
* 7877 External CA installation: sanity check pathLenConstraints
* 7881 [WebUI] Automember UI tests are broken
* 7883 Cannot install ipa-server on rhel7.7
* 7884 Coverity: New defect found in ipa-4.6.5
* 7886 ipa-replica-manage force-sync --from keeps prompting "No status yet"
* 7889 test_integration/test_trust.py need improvement
* 7891 Extend test for #6476 automember-rebuild crashes
* 7892 Implement hidden / unadvertised IPA replicas
* 7893 ipasam needs changes for Samba 4.10
* 7894 restoring a backup done on a hidden replica results
* 7895 ipa trust fetch-domains, server parameter ignored
* 7896 ipa-server-upgrade fails with ConversionError: invalid 'cn': must be
Unicode text
* 7897 ipa-kra-install failing with invalid 'role_servrole': must be Unicode
text error
* 7900 dns and search not fixed for dns enabled deployments
* 7901 IPA Web UI is slow to display user details page.
* 7902 389-ds-base-1.4.0.22-1 breaks
TestAutomemberFindOrphans.test_find_orphan_automember_rules
* 7903 d-bus interface signature failure for oddjobd helper trust-fetch-domains
* 7905 ipa-dnskeysync-replica should handle LDAP down gracefully
* 7906 ipa-kra-install fails due to fs.protected_regular=1
* 7907 ipa-replica-install due to permission error, leaves ipa server in
unstable condition
* 7909 Wrong evaluation of replication update status
== Detailed changelog since 4.7.2 ==
=== Armando Neto (3) ===
* Add test for client installation with empty keytab file
* Fix certificate type error when exporting to file
* Delete empty keytab during client installation
=== Alexander Bokovoy (27) ===
* Bypass D-BUS interface definition deficiences for trust-fetch-domains
* Remove DsInstance.request_service_keytab as it is not needed anymore
* oddjob: allow to pass options to trust-fetch-domains
* ipasam: use SID formatting calls to libsss_idmap
* upgrade: add trust upgrade to actual upgrade code
* upgrade: upgrade existing trust agreements to new layout
* trusts: add support for one-way shared secret trust
* trust: allow trust agents to read POSIX identities of trust
* Add design page for one-way trust to AD with shared secret
* domainlevel-get: fix various issues when running as non-admin
* make sure IPA_CONFDIR is used to check that client is configured
* ipaserver/dcerpc: fix exclusion entry with a forest trust domain info returned
* ipa-sidgen: make internal fetch_attr helper really internal
* Update translations from Zanata
* ipa-kdb: reduce LDAP operations timeout to 30 seconds
* Update translations from Zanata
* ipaserver.install.adtrust: fix CID 323644
* net groupmap: force using empty config when mapping Guests
* adtrust: define Guests mapping after creating cifs/ principal
* Update list of contributors
* Import updated translations from Zanata
* Re-sort the translations before importing new ones from Zanata
* When stripping PO files, sort the output
* Support Samba 4.9
* ipasam: do not use RC4 in FIPS mode
* Move fips_enabled to a common library to share across different plugins
* ipa-extdom-extop: Update licenses to GPLv3 or later with exceptions
=== Ian Pilcher (1) ===
* Allow issuing certificates with IP addresses in subjectAltName
=== Alexander Scheel (2) ===
* Add missing docstrings to kernel_keyring.py
* Add docstring to verify_kdc_cert_validity
=== Adam Williamson (1) ===
* Fix authselect invocations to work with 1.0.2
=== Christian Heimes (158) ===
* Remove deprecated object logger
* Explain why tests still use 2048bit external CA
* Reuse key type and size in certmonger resubmit
* Increase default key size for CA to 3072 bits
* Use Network Manager to configure resolv.conf
* Add --pki-config-override to man pages
* Add test case for pki config override
* Verify pki ini override early
* Simplify and consolidate ipaca.ini
* Add pki.ini override option
* Use new pki_ipaca.ini to spawn instances
* Add IPA specific vars to ipaca_default.ini
* Simplify and slim down ipaca_default.ini
* Add current default.cfg from Dogtag
* Improve error handling in DNSSEC helpers
* Gating: remove vault and kdcproxy tests
* automount: rmtree temp directory
* Make netifaces optional
* Adapt cert-find performance workaround for users
* Skip orphan automember rule test
* Verify external CA's basic constraint pathlen
* Require a minimum SASL security factor of 56
* Move DS's Kerberos env vars to unit file
* Add tasks.systemd_daemon_reload()
* Add option to remove lines from a file
* Disable flaky hidden replica backup test
* Add test case for configure_openldap_conf
* Don't fail if config-show does not return servers
* Add design draft
* Test replica installation from hidden replica
* Synchronize hidden state from IPA master role
* Don't allow to hide last server for a role
* More test fixes
* Improve config-show to show hidden servers
* Consider hidden servers as role provider
* Implement server-state --state=enabled/hidden
* Simplify and improve tests
* Add hidden replica feature
* Consolidate container_masters queries
* Use api.env.container_masters
* replica install: acknowledge ca_host override
* Fix assign instead of compare
* GIT: ignore ipa-crlgen-manage
* Reformat and PEP8 ipaclient.discovery
* Make IPADiscovery available in PyPI packages
* Disable dependency on dogtag-pki PyPI package
* Test --external-ca-type=ms-cs
* Remove ZERO_STRUCT() call
* Update build requirements on twine
* Compile IPA modules with C11 extensions
* Add ldapmodify/search helper functions
* Let 389-DS configure LDAPI for us
* Use LDAPS when installing CA on replica
* Use secure LDAP connection in tests
* Use new LDAPClient constructors
* Add constructors to ldap client
* Move realm_to_serverid/ldap_uri to ipaldap
* Mark two failing automember tests as xfail
* Require 389-ds 1.4.0.21
* ipa-getkeytab: resolve symlink
* Optimize cert remove case
* Add workaround for slow host/service del
* Add workaround for lib389 HOME bug
* Use expanduser instead of HOME env var
* Don't configure KEYRING ccache in containers
* Mark failing NTP test as expected failure
* Fix systemd-user HBAC rule
* Create systemd-user HBAC service and rule
* Require krb5 with fix for CVE-2018-20217
* Don't use Python dependency generator yet
* Use debug logger in ntpd_cleanup()
* Make conftest compatible with pytest 4.x
* Require 389-DS = 1.4.0.16
* Add index on idnsName
* Require 3.41.0-3 on Fedora 28
* Fix test_advise in nightly runs
* Create reindex task for ipaca DB
* Add more LDAP indices
* LDAPUpdate: Batch index tasks
* Always collect test logs
* Disable nss-p11-kit crypto policy for tests
* Add install/remove package helpers to advise
* Test smart card advise scripts
* Log stderr in run_command
* Smart card auth advise: Allow Apache user
* Allow HTTPd user to access SSSD IFP
* Remove dead code
* Add index and container for RFC 2307 IP services
* Handle service_del with bad service name
* Run idviews integration tests in nightly
* Add integration tests for idviews
* Resolve user/group names in idoverride*-find
* Require Dogtag PKI 10.6.8-3
* Update temp commit template to F29
* Increase debugging for blocked port 749 and 464
* Address misc pylint issues in CLI scripts
* pylint: also verify scripts
* pylint: Fix duplicate-string-formatting-argument
* pylint 2.2: Fix unnecessary pass statement
* TestBackupAndRestoreWithReplica needs 2 replicas
* Unify and simplify LDAP service discovery
* PR-CI: Restart rpcbind when it blocks kadmin port
* Fix pytest deprecation warning
* certdb: validate server cert signature
* Require pylint 2.1.1-2
* Silence comparison-with-itself in tests
* Fix raising-format-tuple
* Fix various dict related pylint warnings
* Fix Module 'pytest' has no 'config' member
* Fix useless-import-alias
* Fix comparison-with-callable
* Address consider-using-in
* Ignore consider-using-enumerate for now
* Address inconsistent-return-statements
* Address pylint violations in lite-server
* Ignore W504 code style like in travis config
* Remove DS perl paths from debian platform
* Drop dependency on 389-ds-base-legacy-tools
* Speed up test_customized_ds_config_install
* Add missing tests to nighly runs
* Replace messagebus with modern name dbus
* Fix test_cli_fsencoding on Python 3.7, take 2
* Copy-paste error in permssions plugin, CID 323649
* Allow ipaapi user to access SSSD's info pipe
* Fix test_cli_fsencoding on Python 3.7
* ipapwd_pre_mod: NULL ptr deref
* ipadb_mspac_get_trusted_domains: NULL ptr deref
* has_krbprincipalkey: avoid double free
* Require Dogtag 10.6.7-3
* Use tasks.install_master() in external_ca tests
* Keep Dogtag's client db in external CA step 1
* Improve Python configuration for LGTM
* Add Coverity Scan target
* Replace hard-coded interpreter with sys.executable
* Don't abuse strncpy() length limitation
* Fix ipadb_multires resource handling
* Add lgtm.yml to analyzse C code with LGTM
* Fix zonemgr encoding issue
* Py3: Replace six.moves imports
* Lint yaml and RPM spec
* Py3: Replace six.bytes_type with bytes
* Py3: Replace six.text_type with str
* Py3: Replace six.integer_types with int
* Py3: Replace six.string_types with str
* Require sssd-ipa instead of sssd meta pkg
* Py3: Remove subclassing from object
* Sprinkle raw strings across the code base
* Workaround for pyasn1 0.4
* Remove Python 2 support and packages
* Don't check for systemd service
* Refactor os-release and platform information
* Generate scripts from templates
* Rename Python scripts and add dynamic shebang
* Detect and prefer platform Python
* Disable DL0 specific tests
* Rename pytest_plugins to ipatests.pytest_ipa
* Add convenient template for temp commits
* Fix topology configuration of nightly runs
=== Diogo Nunes (3) ===
* Fix f52e0e31f7c76a3cd6b9b51aeba120c4ba3f38c9 typo in tests label definition.
* PR-CI: Add gating tests to nightly_[master, f28, rawhide]
* PR-CI: Move to Fedora 29 template, version 0.2.0
=== Felipe Barreto (1) ===
* Making nigthly test definition editable by FreeIPA's contributors
=== François Cami (17) ===
* ipatests: add nfs tests
* ipaserver/install/cainstance.py: unlink before creating new file in /tmp
* ipaserver/install/krainstance.py: chown after write
* ipatests: Exercise hidden replica feature
* ipa-{server,replica}-install: add too-restritive mask detection
* ipatests: add too-restritive mask tests
* ipa-client-automount: fix PEP8 issues
* ipatests: remove all occurrences of osinfo.version_id
* pylintrc: ignore R1720 no-else-raise errors
* ipa-client-automount: handle NFS configuration file changes
* ipa-server-install: fix ca setup when fs.protected_regular=1
* ipatests: add a test for ipa-client-automount
* ipa-client-automount: use nfs-utils unit
* Fix NFS unit names
* Add a "Find enabled services" ACI in 20-aci.update so that all users can find
IPA servers and services. ACI suggested by Christian Heimes.
* Add a shared-vault-retrieve test
* Add sysadm_r to default SELinux user map order
=== William Brown (1) ===
* Support the 1.4.x python installer tools in 389-ds
=== Florence Blanc-Renaud (76) ===
* Fix wrong evaluation of attributes in check_repl_update
* ipa-client-install: autodiscovery must refuse single-label domains
* ipa-setup-kra: fix python2 parameter
* ipa-server-upgrade: fix add_systemd_user_hbac
* ipa-replica-manage: fix force-sync
* Coverity: fix issue in ipa_extdom_extop.c
* XML RPC test: fix test_automember_plugin
* ipa server: prevent uninstallation if the server is CRL master
* Test: add new tests for ipa-crlgen-manage
* CRL generation master: new utility to enable|disable
* test: add non-reg test checking pkinit after server install
* pkinit setup: fix regression on master install
* tests: fix failure in
test_topology_TestTopologyOptions:test_add_remove_segment
* tests: mark xfail for test_selinux_user_optimized on fed<=28
* Tests: fix option name for dsctl
* ipatests: add test for replica in forward zone
* replica installation: add master record only if in managed zone
* ipatests: add integration test for pkinit enable on replica
* pkinit enable: use local dogtag only if host has CA
* replica install: set the same master as preferred source for domain and CA
* replication: check remote ds version before editing attributes
* ipatests: fix test_full_backup_and_restore
* ipatests: fix TestUpgrade::test_double_encoded_cacert
* PKINIT: fix ipa-pkinit-manage enable|disable
* ipatest: add test for ipa-pkinit-manage enable|disable
* ipatests: add upgrade test for double-encoded cacert
* ipa upgrade: handle double-encoded certificates
* ipatests: add xmlrpc test for user|host-find --certificate
* ipaldap.py: fix method creating a ldap filter for IPACertificate
* ipatests: add missing tests for test_replica_promotion.py
* ipatests: add missing tests for test_installation.py
* ipatests: add missing tests for test_external_ca.py
* ipatests: add test for ipa-replica-install options
* ipa-replica-install: password and admin-password options mutually exclusive
* ipatests: fix test_replica_uninstall_deletes_ruvs
* freeipa.spec.in: add BuildRequires for python3-lib389
* ipatests: add missing tests in test_backup_and_restore.py
* Revert "temp commit: run test_integration/test_caless.py::TestCertInstall"
* temp commit: run test_integration/test_caless.py::TestCertInstall
* ipatests: update tests for ipa-server-certinstall
* ipatests: add missing tests for test_caless
* ipatests: add integration test for "Read radius servers" perm
* radiusproxy: add permission for reading radius proxy servers
* tests: add xmlrpc test for ipa user-add --radius-username
* ipa user-add: add optional objectclass for radius-username
* ipatests: fix CA less expectations
* Nightly tests: add test_user_permissions.py
* ipatest: add functional test for ipa-backup
* ipa-backup: restart services before compressing the backup
* ipa-replica-install --setup-adtrust: check for package ipa-server-trust-ad
* ipatests: fix path in expected error message
* Bump requires 389-ds-base
* ipatests: mark known failures as xfail
* ipa tests: CA less
* certdb: provide meaningful err msg for wrong PIN
* ipatests: remove TestReplicaManageDel (dl0)
* ipatests: mark known failure for installation_TestInstallWithCA2
* ipa-server-upgrade: fix inconsistency in setup_lightweight_ca_key_retrieval
* Tests: remove dl0 tests from nightly definition
* ipatests: mark known failures as xfail
* tests: add test for uninstall with incomplete sysrestore.state
* authselect: harden uninstallation of ipa client
* ipa-advise: configure pam_cert_auth=True for smart card on client
* Test: scenario replica install/uninstall should restore ssl.conf
* ipa-replica-install: properly use the file store
* Tests: test successful PKINIT install on replica
* ipa-replica-install: fix pkinit setup
* tests: add test for server install with --no-dnssec-validation
* ipa-server-install: do not perform forwarder validation with
--no-dnssec-validation
* DS replication settings: fix regression with <3.3 master
* Test: test ipa-* commands when IPA is not configured
* ipa commands: print 'IPA is not configured' when ipa is not setup
* ipautil.run: add test for runas parameter
* uninstall -v: remove Tracebacks
* PRCI: extend timeouts for gating
* Tests: add integration test for password changes by dir mgr
=== Francisco Trivino (2) ===
* prci_definitions: Add nightly flow for pki dep testing
* prci_definitions: update vagrant memory topology requirements
=== Fraser Tweedale (16) ===
* Fix installation when CA subject DN has escapes
* cert-request: handle missing zone
* cert-request: more specific errors in IP address validation
* Add tests for cert-request IP address SAN support
* cert-request: report all unmatched SAN IP addresses
* cert-request: generalise _san_dnsname_ips for arbitrary cname depth
* cert-request: collect only qualified DNS names for IPAddress validation
* cert-request: restrict IPAddress SAN to host/service principals
* certupdate: add commentary about certmonger behaviour
* certdb: validate certificate signatures
* Print correct subject on CA cert verification failure
* certdb: ensure non-empty Subject Key Identifier
* rpc: always read response
* ipaldap: avoid invalid modlist when attribute encoding differs
* Restore KRA clone installation integration test
* Fix writing certificate chain to file
=== Ganna Kaihorodova (1) ===
* Add check for occuring traceback during uninstallation ipa master
=== Michal Reznik (8) ===
* bump PRCI template version to 0.1.9
* add strip_cert_header() to tasks.py
* tests: sssd_ssh fd leaks when user cert converted into SSH key
* bump PRCI template version to 0.1.8
* Add "389-ds-base-legacy-tools" to requires.
* test: client uninstall fails when installed using non-existing hostname
* ipa_tests: test ssh keys login
* prci_definitions: fix wrong indentation in the nightly yaml
=== Varun Mylaraiah (4) ===
* nightly_rawhide.yaml Added test_integration/test_ntp_options.py
* nightly_master.yaml Added test_integration/test_ntp_options.py
* ipatests: add tests for NTP options usage on server, replica, and client
* Added test for ipa-client-install with a non-standard ldap.conf file Ticket:
https://pagure.io/freeipa/issue/7418
=== Mohammad Rizwan Yusuf (6) ===
* ipatests: check if username are not optimized out in semanage context
* Check if issuer DN is updated after external-ca > self-signed
* Test error when yubikey hardware not present
* Test KRA installtion after ca agent cert renewal
* Test if WSGI worker process count is set to 4
* Check if user permssions and umask 0022 is set when executing ipa-restore
=== Oleg Kozlov (4) ===
* Show a notification that sssd needs restarting after idrange-mod
* Remove stale kdc requests info files when upgrading IPA server
* Replace nss.conf with zero-length file instead of removing
* Check pager's executable before subprocess.Popen
=== Orion Poplawski (1) ===
* ipaclient-install: chmod needs octal permissions
=== Peter Keresztes Schmidt (1) ===
* README: Update link to freeipa-devel archive
=== Pavel Picka (3) ===
* PRCI failures fix
* PR-CI extend timeouts
* WebUI Tests stabilize
=== Petr Vobornik (4) ===
* ipa-advise: update url of cacerdir_rehash tool
* webui: redable color of invalid fields on login-screen-like pages
* webui: remove mixed indentation in App and LoginScreen
* webui: change indentation of freeipa/_base/debug.js
=== Rob Crittenden (27) ===
* Add interactive prompt for the LDAP bind password to ipa-getkeytab
* Send only the path and not the full URI to httplib.request
* Update mod_nss cipher list so there is overlap with a 4.x master
* tests: Don't provide explicit hostname to ldapmodify
* Remove 389-ds templates now that lib389 is used for installs
* Add support for multiple certificates/formats to ipa-cacert-manage
* Add tests for ipa-cacert-manage install
* Enable replica install info logging to match ipa-server-install
* Demote log message in custodia _wait_keys to debug
* Pass a list of values into add_master_dns_records
* Collect the client and server uninstall logs in tests
* Fix misleading errors during client install rollback
* Remove the authselect profile warning if sssd was not configured.
* Handle NTP configuration in a replica server installation
* Remove tests which install KRA on replica w/o KRA on master
* Enable LDAP debug output in client to display TLS errors in join
* Add entry for Serhii to mailmap
* Fix identifier typo in UI
* Add uninstallation tests to night master and rawhide
* Fix uninstallation test, use different method to stop dirsrv
* Try to resolve the name passed into the password reader to a file
* Advise plugin for enabling sudo for members of the admins group
* Update required version of dogtag to detect when FIPS is available
* Retrieve certificate subject base directly instead of ipa-join
* Honor no-host-dns when creating client host in replica install
* Convert members into types in sudorule-*-option
* Set development version to 4.7.90
=== Robbie Harwood (3) ===
* Fix unnecessary usrmerge assumptions
* Add cmocka unit tests for ipa otpd queue code
* Clear next field when returnining list elements in queue.c
=== Sumit Bose (2) ===
* ipa-extdom-exop: add instance counter and limit
* ipa_sam: remove dependency to talloc_strackframe.h
=== Stanislav Laznicka (7) ===
* Use the newer way of removing the DS instance
* DS install: don't fail if SSL already configured
* DS install: fix DS asking for NSS pin during install
* DS uninstall: fix serverid missing in state restore
* Move lib389 imports to module scope
* Don't try legacy installs
* Remove some basic pystyle and pylint errors
=== Stanislav Levin (118) ===
* Completely drop /var/cache/ipa/sessions
* Don't use cross-origin request
* Move ipa's systemd tmpfiles from /var/run to /run
* Add title to 'add' dialog for 'association_table' widget of Topology entity
* Add title to 'add' dialog for 'association_table' widget of Vaults entity
* Add title to 'add' dialog for 'association_table' widget of Certificates
entity
* Add title to 'add' dialog for 'association_table' widget of SELinux User Maps
entity
* Add title to 'add' dialog for 'association_table' widget of Sudo entity
* Add title to 'add' dialog for 'association_table' widget of HBAC entity
* Add title to 'add' dialog for 'association_table' widget of Groups entity
* Add title to 'add' dialog for 'association_table' widget of Services entity
* Add title to 'add' dialog for 'association_table' widget of Hosts entity
* Drop concatenated title of add dialog for association_table widget
* Add title to 'add' dialog for details of 'RBAC' entity
* Add title to 'add' dialog for details of 'OTP Tokens' entity
* Add title to 'add' dialog for details of 'Sudo' entity
* Add title to 'add' dialog for details of 'HBAC' entity
* Add title to 'add' dialog for details of 'ID Views' entity
* Add title to 'add' dialog for details of 'Groups' entity
* Add title to 'add' dialog for details of 'Services' entity
* Add title to 'add' dialog for details of 'Hosts' entity
* Add title to 'add' dialog for details of 'Users' entity
* Add title to 'add' dialog for details of 'Certificate' entity
* Drop concatenated title of 'Add' dialog for details of entity
* Add title to 'add' dialog for 'Topology' entity
* Add title to 'add' dialog for 'Trusts' entity
* Add title to 'add' dialog for 'ID Ranges' entity
* Add title to 'add' dialog for 'RBAC' entity
* Add title to 'add' dialog for 'Vault' entity
* Add title to 'add' dialog for 'DNS' entity
* Add title to 'add' dialog for 'Automount' entity
* Add title to 'add' dialog for 'Certificate Identity' entity
* Add title to 'add' dialog for 'RADIUS' entity
* Add title to 'add' dialog for 'Certificates' entity
* Add title to 'add' dialog for 'Password Policies' entity
* Add title to 'add' dialog for 'SELinux' entity
* Add title to 'add' dialog for 'Sudo' entity
* Add title to 'add' dialog for 'HBAC' entity
* Add title to 'add' dialog for 'Automember' entity
* Drop concatenated title of 'add' dialog for 'attribute_table' widget
* Add title to 'add' dialog for 'ID Views' entity
* Add title to 'add' dialog for 'Groups' entity
* Add title to 'add' dialog for 'Service' entity
* Add title to 'add' dialog for 'Host' entity
* Add title to 'add' dialog for 'OTP' entity
* Add title to 'add' dialog for 'Users' entity
* Drop concatenated title of 'add' dialog
* Add jslint check to PR CI tests
* Fix javascript 'errors' found by jslint
* Add title to remove dialog of 'DNS' entity
* Add title to 'unprovision' dialog
* Add title to 'Remove' dialog for 'association_table' widget of 'Vault' entity
* Add title to 'Remove' dialog for 'association_table' widget of 'Topology'
entity
* Add title to 'Remove' dialog for 'association_table' widget of 'CA' entity
* Add title to 'Remove' dialog for 'association_table' widget of 'SELinux'
entity
* Add title to 'Remove' dialog for 'association_table' widget of 'Sudo' entity
* Add title to 'Remove' dialog for 'association_table' widget of 'HBAC' entity
* Add title to 'Remove' dialog for 'association_table' widget of 'Automember'
entity
* Allow having a custom title of 'Remove' dialog for 'attribute_table' widget
* Add title to 'remove' dialog for 'association_table' widget of 'Groups' entity
* Add title to 'remove' dialog for 'association_table' widget of 'Services'
entity
* Add title to 'remove' dialog for 'association_table' widget of 'Hosts' entity
* Drop concatenated title of remove dialog
* Fix loading 'freeipa/text' at production mode
* Add a title to 'remove' dialog for details of 'Trusts' entity
* Add a title to 'remove' dialog for details of 'RBAC' entity
* Add a title to 'remove' dialog for details of 'OTP Tokens' entity
* Add a title to 'remove' dialog for details of 'Sudo' entity
* Add a title to 'remove' dialog for details of 'HBAC' entity
* Add a title to 'remove' dialog for details of 'Groups' entity
* Add a title to 'remove' dialog for details of 'Services' entity
* Add a title to 'remove' dialog for details of 'Hosts' entity
* Add a title to 'remove' dialog for details of 'Users' entity
* Drop concatenated title of remove dialog
* Add title to remove dialog of 'Trusts' entity
* Add title to remove dialog of 'Topology' entity
* Add title to remove dialog of 'ID Ranges' entity
* Add title to remove dialog of 'RBAC' entity
* Add title to remove dialog of 'DNS' entity
* Add title to remove dialog of 'Automount Locations' entity
* Add title to remove dialog of 'Certificate Identity Mapping Rules' entity
* Add title to remove dialog of 'RADIUS Servers' entity
* Add title to remove dialog of 'OTP Tokens' entity
* Add title to remove dialog of 'Certificates' entity
* Add title to remove dialog of 'Password Policies' entity
* Add title to remove dialog of 'SELinux User Maps' entity
* Add title to remove dialog of 'Sudo' entity
* Add title to remove dialog of 'HBAC' entity
* Add title to remove dialog of 'Automember' entity
* Add title to remove dialog of 'ID Views' entity
* Add title to remove dialog of 'Groups' entity
* Add title to remove dialog of 'Services' entity
* Add title to remove dialog of 'Hosts' entity
* Add title to remove dialog of 'Users' entity
* Drop concatenated title of remove dialog
* Add tests for LoginScreen widget
* Add "bounce" logic from "reset_password.js"
* Fix translations of messages in LoginScreen widget
* Clean up reset_password.js file from project
* Use "login" plugin instead of standalone JS file
* Add "reset_and_login" view to LoginScreen widget
* Replace the direct URL with config's one
* Add basic tests to web pages which are located at /ipa/config/
* Fix translation of "ssbrowser.html" Web page
* Fix translation of "unauthorized.html" Web page
* Fix render validation items on keypress event at login form
* Reindex 'key_indicies' after item delete
* Fix "get_key_index" to fit caller's expectations
* Add basic tests for "migration" end point
* Clean up migration "error" and "invalid" pages from project
* Provide translatable messages for MigrateScreen widget
* Integrate "migration" page to IPA Web framework.
* Return the result of "password migration" procedure
* Add "migrate" Web UI plugin
* Add MigrateScreen widget
* Fix translation of "SyncOTPScreen" widget
* Fix translation of "sync_otp" plugin
* Replace the direct URL with config's one
=== Sergey Orlov (16) ===
* ipatests: refactor test_trust.py
* ipatests: adapt test_trust.py for changes in multihost fixture
* ipatests: allow AD hosts to be placed in separate domain config objects
* ipatests: relax requirements for time server quality
* ipatests: fix expectations of `ipa trust-find` output for trust with root
domain
* ipatests: in test_trust.py fix parent class
* ipatests: disable bind dns validation when preparing to establish AD trust
* ipatests: in test_trust.py fix prameters in invocation of
tasks.configure_dns_for_trust
* Revert "Tests: Remove DNS configuration from trust tests"
* ipatests: fix host name for ssh connection from controller to master
* ipatests: add test for correct modlist when value encoding differs
* ipatests: fix ldap server url
* Remove obsolete tests from test_caless.py
* Remove unused tests
* ipatests: add test for ipa-restore in multi-master configuration
* ipatests: add test for ipa-advise for enabling sudo for admins group
=== Serhii Tsymbaliuk (1) ===
* Replace logo images with new one (version 4.7)
=== Serhii Tsymbaliuk (52) ===
* Web UI (topology graph): Show FQDN for nodes if they have no common DNS zone
* WebUI test: Fix automember tests according to new behavior
* Web UI: Increase timeouts for UI tests in Nightly PR configuration
* Fix test_arbitrary_certificates for Web UI
* Web UI tests: Get rid of *_cert_path and *_csr_path config variables
* Fix certificate revocation tests for Web UI
* Split test_webui_hosts PRCI tests
* Fix "Configured size limit exceeded" warning on Web UI
* WebUI: Temporary fix for UnexpectedAlertPresentException
* Fix "ID views" tests fail after running "Automember" tests
* Fix nightly PR CI configuration for Web UI tests
* Split Web UI test suite in nightly PR CI configuration
* Increase memory size for ipaserver topology (nightly-master.yaml)
* WebUI tests: Make possible to use kwargs with @screenshot decorator
* UI tests for "Automount": check dialog confirmation using ENTER
* UI tests for "Automount": check some negative cases
* UI tests for "Automount": check indirect map duplication
* UI tests for "Automount": check creating automount key without some fields
* UI tests for "Automount": check creating indirect automount map without some
fields
* UI tests for "Automount": Fix item deleting
* UI tests for "Automount": check modifying map and key settings
* UI tests for "Automount": check "Add Automount..." dialogs
* UI tests for "Automember": Extend search cases
* UI tests for "Automember": Negative cases
* UI tests for "Automember": check setting default user/host group
* UI tests for "Automember": check creating and deleting of automember rule
conditions
* UI tests for "Automember": check creating and deleting of multiple rules
* UI tests for "Automember": check search filter
* UI tests for "ID Range": Clean unnecessary Python2 compatible code
constructions
* UI tests for "ID Range": check deleting primary local range
* UI tests for "ID Range": check creating ID Range with overlapping of primary
and secondary RID base
* UI tests for "ID Range": - check creating ID range with special characters in
name - check modifying ID range with existing secondary RID base
* UI tests for "ID Range": check modifying ID range with invalid or missing
values
* UI tests for "ID Range": check adding range with overlapping of existing
local range
* UI tests for "ID Range": check primary RID base duplication
* UI tests for "ID Range": check adding range without primary and secondary RID
bases
* UI tests for "ID Range": check range name and base ID duplication
* Change Web UI tests setup flow
* Fix UI_driver.has_class exception. Handle situation when element has no class
attribute
* Increase some timeouts in Web UI tests
* Remove unnecessary session clearing in some Web UI tests
* Add cookies clearing for all Web UI tests
* Generate CSR for test_host::test_certificates (Web UI test)
* Add SAN extension for CSR generation in test_cert (Web UI tests)
* Fix unpermitted user session in test_selfservice (Web UI test)
* Fix test_user::test_login_without_username (Web UI test)
* Use random realmdomains in test_webui/test_realmdomains.py
* Fix test_realmdomains::test_add_single_labeled_domain (Web UI test)
* Increase request timeout for WebUI tests
* Use random IPs and domains in test_webui/test_host.py
* Fix hardcoded CSR in test_webui/test_cert.py
* Replace old login screen logo with new one
=== sudharsanomprakash (1) ===
* Don't use deprecated Apache Access options.
=== Thierry Bordaz (1) ===
* In IPA 4.4 when updating userpassword with ldapmodify does not update
krbPasswordExpiration nor krbLastPwdChange
=== Tibor Dudlák (5) ===
* Support interactive prompt for ntp options
* Fix test_ntp_options to use tasks' methods
* Do not set ca_host when --setup-ca is used
* Add assert to check output of upgrade
* Re-open the ldif file to prevent error message
=== Thomas Woerner (56) ===
* Extend test for orphan automember rules (issue/6476)
* Enable firewall in the tests for PR CI
* ipatests/test_integration/test_server_del.py: Enable dns in fw for dnssec
* ipatests/test_integration/test_replica_promotion.py: Fix firewall config
* ipatests/test_integration/test_backup_and_restore.py: No clean master
uninstall
* ipatests integration/tasks.py: Honor clean for firewall in uninstall_master
* ipatests/test_integration/test_replica_promotion.py: Configure firewall
* ipatests/test_integration/test_dnssec.py: Enable dns firewall service
* ipatests/test_integration/test_http_kdc_proxy.py: Use new firewall import
* ipatests/test_integration/test_forced_client_reenrollment.py: Use unshare
* ipatests/pytest_ipa/integration/tasks.py: Configure firewall
* New firewall support class in ipatests/pytest_ipa/integration/firewall
* Fix ressource leak in
daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c ipa_cldap_netlogon
* Fix ressource leak in client/config.c get_config_entry
* Update annobin to fix continuous-integration/travis-ci/pr issues
* Find orphan automember rules
* Remove DL0 specific code from ipatests/test_integration/test_caless.py
* Remove DL0 specific code from ipatests/pytest_ipa/integration/tasks.py
* Remove DL0 specific tests from
ipatests/test_integration/test_replica_promotion.py
* Remove replica_file knob from ipalib/install/service.py
* Remove replica_file from ClientInstall class in ipaclient/install/client.py
* Remove options.promote from install in ipaserver/install/server/install
* Rename CustodiaModes.STANDALONE to CustodiaModes.FIRST_MASTER
* Remove DL0 specific code from custodiainstance in ipaserver/install
* Remove create_replica_config from installutils in ipaserver/install
* Remove DL0 specific code from replicainstall in ipaserver/install/server
* Remove DL0 specific code from __init__ in ipaserver/install/server
* Remove DL0 specific code from ipa_replica_install in ipaserver/install
* Remove unused promote arg in krbinstance.create_replica in ipaserver/install
* Remove DL0 specific code from kra in ipaserver/install
* Remove DL0 specific code from dsinstance ipaserver/install
* Remove DL0 specific code from ipa_kra_install in ipaserver/install
* Remove DL0 specific code from cainstance and ca in ipaserver/install
* Remove DL0 specific code from ipa-ca-install
* Remove ipa-replica-prepare script and man page
* Adapt freeipa.spec.in for latest Fedora, fix python2 ipatests packaging bug
* replicainstall: Make sure that domain fulfills minimal domain level
requirement
* ipatests/test_xmlrpc/tracker/server_plugin.py: Increase hard coded
mindomainlevel
* ipaserver/install/adtrust.py: Do not use DOMAIN_LEVEL_0 for minimum
* ipatests/test_ipaserver/test_install/test_installer.py: Drop tempfile import
* ipatests: Drop test_password_option_DL0
* Move DL0 raises outside if existing conditionals to calm down pylint
* Remove "at DL1" from ipa-server-install man page
* Remove "at DL1" from ipa-replica-manage man page
* Remove DL0 specific sections from ipa-replica-install man page
* Remove support for replica_file option from ipa-kra-install
* Remove support for replica_file option from ipa-ca-install
* Raise error if DL is set to 0 or DL0 options are used
* Mark replica_file option as deprecated
* Increase MIN_DOMAIN_LEVEL to DOMAIN_LEVEL_1
* Do not install ipa-replica-prepare
* ipaclient: Remove --no-sssd and --no-ac options
* ipa_restore: Restore SELinux context of template_dir /var/log/dirsrv/slapd-X
* httpinstance: Restore SELinux context of session_dir /etc/httpd/alias
* ipaserver/plugins/cert.py: Added reason to raise of errors.NotFound
* Fix $-style format string in ipa_ldap_init (util/ipa_ldap.c)
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
