December 2017 - FreeIPA-devel - Fedora Mailing-Lists

[freeipa PR#1359][opened] install: report CA Subject DN and subject base to be used

by frasertweedale

URL: https://github.com/freeipa/freeipa/pull/1359 Author: frasertweedale Title: #1359: install: report CA Subject DN and subject base to be used Action: opened PR body: """ Currently we do not report what Subject DN or subject base will be used for the CA installation. This leads to situations where the administrator wants a different Subject DN later. Display these data as part of the "summary" prior to the final go/no-go prompt in ipa-server-install and ipa-ca-install. The go/no-go prompt in ipa-ca-install is new. It is suppressed for unattended installations. Fixes: https://pagure.io/freeipa/issue/7246 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1359/head:pr1359 git checkout pr1359

6 years, 4 months

2
1
0 / 0

[freeipa PR#1358][opened] test_x509: test very long OID

by Rezney

URL: https://github.com/freeipa/freeipa/pull/1358 Author: Rezney Title: #1358: test_x509: test very long OID Action: opened PR body: """ Active Directory creates OIDs long enough to trigger a failure. This can cause e.g. ipa-server-install failure when installing with an externally-signed CA. https://pagure.io/freeipa/issue/7300 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1358/head:pr1358 git checkout pr1358

6 years, 4 months

2
1
0 / 0

[freeipa PR#1382][opened] [Backport][ipa-4-6] Making ipa-ca-install more resilient

by tiran

URL: https://github.com/freeipa/freeipa/pull/1382 Author: tiran Title: #1382: [Backport][ipa-4-6] Making ipa-ca-install more resilient Action: opened PR body: """ This PR was opened automatically because PR #1232 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1382/head:pr1382 git checkout pr1382

6 years, 4 months

1
1
0 / 0

[freeipa PR#1381][opened] [Backport][ipa-4-6] ipatest: replica install with existing entry on master

by tiran

URL: https://github.com/freeipa/freeipa/pull/1381 Author: tiran Title: #1381: [Backport][ipa-4-6] ipatest: replica install with existing entry on master Action: opened PR body: """ This PR was opened automatically because PR #1320 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1381/head:pr1381 git checkout pr1381

6 years, 4 months

1
1
0 / 0

[freeipa PR#1232][opened] Making ipa-ca-install more resilient

by frasertweedale

URL: https://github.com/freeipa/freeipa/pull/1232 Author: frasertweedale Title: #1232: Making ipa-ca-install more resilient Action: opened PR body: """ , or: *Proactively run ipa-certupdate for great good!* These commits fix a couple of issues that can occur after a deployment has been promoted from CA-less to CA-ful, and the admin does not follow up with `ipa-certupdate`. (And why should they have to?) ``` a9ad3b5ab (Fraser Tweedale, 6 days ago) Run certupdate after promoting to CA-ful deployment After installing a CA in a CA-less installations (using ipa-ca-install), the new CA certificate is not installed in /etc/httpd/alias. This causes communication failure between IPA framework and Dogtag (it cannot verify the Dogtag server certificate). Perform a CertUpdate as the final step when promoting a CA-less deployment to CA-ful. Fixes: https://pagure.io/freeipa/issue/7230 21fbf7088 (Fraser Tweedale, 7 days ago) ipa-ca-install: run certupdate as initial step When installing a CA replica, perform a certupdate to ensure that the relevant CA cert is present. This is necessary if the admin has just promoted the topology from CA-less to CA-ful but didn't manually run ipa-certupdate afterwards. Fixes: https://pagure.io/freeipa/issue/6577 9520781fb (Fraser Tweedale, 7 days ago) CertUpdate: make it easy to invoke from other programs The guts of ipa-certupdate are useful to execute as part of other programs (e.g. as a first step of ipa-ca-install). Refactor ipa_certupdate.CertUpdate to make it easy to do that. In particular, make it possible to use an already-initialised API object. Part of: https://pagure.io/freeipa/issue/6577 ``` """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1232/head:pr1232 git checkout pr1232

6 years, 4 months

2
1
0 / 0

[freeipa PR#1320][opened] ipatest: automation for bz-1493145

by mrizwan93

URL: https://github.com/freeipa/freeipa/pull/1320 Author: mrizwan93 Title: #1320: ipatest: automation for bz-1493145 Action: opened PR body: """ This fix adds automation for above mentioned bugzilla. Fixes: https://pagure.io/freeipa/issue/7276 Signed-off-by: Mohammad Rizwan Yusuf <myusuf(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1320/head:pr1320 git checkout pr1320

6 years, 4 months

2
7
0 / 0

[freeipa PR#1347][opened] Prevent set_directive from clobbering other keys

by frasertweedale

URL: https://github.com/freeipa/freeipa/pull/1347 Author: frasertweedale Title: #1347: Prevent set_directive from clobbering other keys Action: opened PR body: """ `set_directive` only looks for a prefix of the line matching the given directive (key). If a directive is encountered for which the given key is prefix, it will be vanquished. This occurs in the case of `{ca,kra}.sslserver.cert[req]`; the `cert` directive gets updated after certificate renewal, and the `certreq` directive gets clobbered. This can cause failures later on during KRA installation, and possibly cloning. Match the whole directive to avoid this issue. Fixes: https://pagure.io/freeipa/issue/7288 ----- Cause: corner case. How to test: 1. ensure `ca.sslserver.certreq=<base64 CSR>` exists in `ca/CS.cfg`. 2. resubmit Certmonger tracking request for `Server-Cert cert-pki-ca` Dogtag system cert. 3. verify that `ca.sslserver.certreq=<base64 CSR>` still exists in `ca/CS.cfg`. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1347/head:pr1347 git checkout pr1347

6 years, 4 months

1
1
0 / 0

[freeipa PR#1376][opened] [Backport][ipa-4-6] Trust avoid mitkrb trust

by abbra

URL: https://github.com/freeipa/freeipa/pull/1376 Author: abbra Title: #1376: [Backport][ipa-4-6] Trust avoid mitkrb trust Action: opened PR body: """ This PR was opened automatically because PR #1294 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1376/head:pr1376 git checkout pr1376

6 years, 4 months

1
1
0 / 0

[freeipa PR#1355][opened] [Backport][ipa-4-6] Use the user-provided CA chain file in connections & check for file existence

by rcritten

URL: https://github.com/freeipa/freeipa/pull/1355 Author: rcritten Title: #1355: [Backport][ipa-4-6] Use the user-provided CA chain file in connections & check for file existence Action: opened PR body: """ This PR was opened automatically because PR #1047 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1355/head:pr1355 git checkout pr1355

6 years, 4 months

2
1
0 / 0

[freeipa PR#1375][closed] [Backport][ipa-4-6] renew_ra_cert: fix update of IPA RA user entry

by tiran

URL: https://github.com/freeipa/freeipa/pull/1375 Author: tiran Title: #1375: [Backport][ipa-4-6] renew_ra_cert: fix update of IPA RA user entry Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1375/head:pr1375 git checkout pr1375

6 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel December 2017