June 2017 - FreeIPA-devel - Fedora mailing-lists

[freeipa PR#821][opened] fix incorrect suffix handling in topology checks
by martbab 05 Jun '17

05 Jun '17

URL: https://github.com/freeipa/freeipa/pull/821 Author: martbab Title: #821: fix incorrect suffix handling in topology checks Action: opened PR body: """ When trying to delete a partially removed master entry lacking 'iparepltopomanagedsuffix' attribute, the code that tries to retrieve tha value for further computations passes None and causes unhandled internal errors. If the attribute is empty or not present, we should return empty list instead as to not break calling cod attribute, the code that tries to retrieve tha value for further computations passes None and causes unhandled internal errors. We should return empty list instead. https://pagure.io/freeipa/issue/6965 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/821/head:pr821 git checkout pr821

3 8

[freeipa PR#851][opened] ipa-kdb: add pkinit authentication indicator in case of a successful certauth
by abbra 05 Jun '17

05 Jun '17

URL: https://github.com/freeipa/freeipa/pull/851 Author: abbra Title: #851: ipa-kdb: add pkinit authentication indicator in case of a successful certauth Action: opened PR body: """ We automatically add 'otp' and 'radius' authentication indicators when pre-authentication with OTP or RADIUS did succeed. Do the same for certauth-based pre-authentication (PKINIT). A default PKINIT configuration does not add any authentication indicators unless 'pkinit_indicator = pkinit' is set in kdc.conf. Unfortunately, modifying kdc.conf automatically is a bit more complicated than modifying krb5.conf. Given that we have 'otp' and 'radius' authentication indicators also defined in the code not in the kdc.conf, this change is following an established trend. SSSD certauth interface does not provide additional information about which rule(s) succeeded in matching the incoming certificate. Thus, there is not much information we can automatically provide in the indicator. It would be good to generate indicators that include some information from the certmapping rules in future but for now a single 'pkinit' indicator is enough. Fixes https://pagure.io/freeipa/issue/6736 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/851/head:pr851 git checkout pr851

3 4

[freeipa PR#812][opened] Refactoring cert-find to use API call directly instead of using
by felipevolpone 02 Jun '17

02 Jun '17

URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: Refactoring cert-find to use API call directly instead of using Action: opened PR body: """ Refactoring cert-find to use API calls directly instead of using raw LDAP search. Upstream ticket: https://pagure.io/freeipa/issue/6948 I removed the raw LDAP search and used the API directly. In the old code, the call ` self.obj._owners()` returns `service, hots and user`. However, when testing the code, only the service was being used, so I made it only use the service API. If there another scenario where `user and host` are used, I thought to do something like: ```python for owner in self.obj._owners(): api_name = owner.name response = api.Command[api_name+'_find'](options[api_name]) ... # continues ``` Is that correct? """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/812/head:pr812 git checkout pr812

7 25

[freeipa PR#818][opened] Avoid possible recursion in RPC call from client
by stlaz 02 Jun '17

02 Jun '17

URL: https://github.com/freeipa/freeipa/pull/818 Author: stlaz Title: #818: Avoid possible recursion in RPC call from client Action: opened PR body: """ This commit removes recursion which may lack end condition. https://pagure.io/freeipa/issue/6796 =============================== This is my try to fix ^--. The methods and their arguments in the module are very poorly documented (they are not documented), so I just hope I can initialize the variables used in logs prior to the cycle. I also think this actually relates more to https://pagure.io/freeipa/issue/6775 than the ticket mentioned here and that the person "fixing" https://pagure.io/freeipa/issue/6796 messed up the tickets but it's hopefully OK to fix it this way. Aside from just moving everything into a cycle, I also improved logging a bit and had same error handling for different errors merged into one `except` block (`SSLError`, `socket.error`). """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/818/head:pr818 git checkout pr818

3 15

[freeipa PR#823][opened] ipa-kdb: reload certificate mapping rules periodically
by sumit-bose 02 Jun '17

02 Jun '17

URL: https://github.com/freeipa/freeipa/pull/823 Author: sumit-bose Title: #823: ipa-kdb: reload certificate mapping rules periodically Action: opened PR body: """ With this patch the certificate mapping rules are reloaded every 5 minutes. Resolves https://pagure.io/freeipa/issue/6963 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/823/head:pr823 git checkout pr823

4 13

[freeipa PR#701][comment] ipa help doesn't always work
by neffs 02 Jun '17

02 Jun '17

URL: https://github.com/freeipa/freeipa/pull/701 Title: #701: ipa help doesn't always work neffs commented: """ Not sure why pylint is reporting this, it looks fine to me and I didn't change this function. ```python if isinstance(self._help, bytes): self._help = json.loads(self._help.decode('utf-8')) ``` maybe we can trick it with a change like this (similar to read_namespace_member): ```python value = self._help if isinstance(value, bytes): self._help = json.loads(value.decode('utf-8')) ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/701#issuecomment-304273513

1 0

[freeipa PR#844][opened] py3: fix regression in schemaupdate
by frasertweedale 02 Jun '17

02 Jun '17

URL: https://github.com/freeipa/freeipa/pull/844 Author: frasertweedale Title: #844: py3: fix regression in schemaupdate Action: opened PR body: """ The python-ldap classes that process schema definitions require a unicode string, not a byte string. A recent py3 compatibility fix (d89de4219d0e8ee33e81d6b6d1bc6c22ac9ffbaa) changed the constructor argument to a unicode string to dispel a warning, but this broke schema update. Change it back to a bytestring. Part of: https://fedorahosted.org/freeipa/ticket/4985 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/844/head:pr844 git checkout pr844

3 6

[freeipa PR#803][opened] ipatests: add systemd journal collection for multihost tests
by tomaskrizek 01 Jun '17

01 Jun '17

URL: https://github.com/freeipa/freeipa/pull/803 Author: tomaskrizek Title: #803: ipatests: add systemd journal collection for multihost tests Action: opened PR body: """ Some messages are only logged in journal. Collection of journal makes debugging failed tests from logs easier. Fixes: https://pagure.io/freeipa/issue/6971 Signed-off-by: Tomas Krizek <tkrizek(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/803/head:pr803 git checkout pr803

2 10

[freeipa PR#827][opened] pylint: explicitly depends on python2-pylint
by MartinBasti 01 Jun '17

01 Jun '17

URL: https://github.com/freeipa/freeipa/pull/827 Author: MartinBasti Title: #827: pylint: explicitly depends on python2-pylint Action: opened PR body: """ F26 defaults to python3 with pylint package, we have to explicitly ask for python2 version of pylint https://pagure.io/freeipa/issue/6986 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/827/head:pr827 git checkout pr827

3 14

[freeipa PR#834][opened] [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure
by tomaskrizek 01 Jun '17

01 Jun '17

URL: https://github.com/freeipa/freeipa/pull/834 Author: tomaskrizek Title: #834: [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure Action: opened PR body: """ Original PR: https://github.com/freeipa/freeipa/pull/347 https://pagure.io/freeipa/issue/6991 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/834/head:pr834 git checkout pr834

2 4

[freeipa PR#824][opened] ca-add: validate Subject DN name attributes
by frasertweedale 01 Jun '17

01 Jun '17

URL: https://github.com/freeipa/freeipa/pull/824 Author: frasertweedale Title: #824: ca-add: validate Subject DN name attributes Action: opened PR body: """ If the Subject DN is syntactically valid but contains unrecognised name attributes, FreeIPA accepts it but Dogtag rejects it, returning status 400 and causing the framework to raise RemoteRetrieveError. Update the ca-add command to perform some additional validation on the user-supplied Subject DN, making sure that we recognise all the attributes. Fixes: https://pagure.io/freeipa/issue/6987 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/824/head:pr824 git checkout pr824

4 9

[freeipa PR#460][comment] ipa-server-install, ipa-server-upgrade fixes
by MartinBasti 01 Jun '17

01 Jun '17

URL: https://github.com/freeipa/freeipa/pull/460 Title: #460: ipa-server-install, ipa-server-upgrade fixes MartinBasti commented: """ master: * 2e63ec42d0f879f2d129c4f81f88a1712ce86b8c py3: use ConfigParser instead of SafeConfigParser * 6e7071d6add24e8923d705d35a362761f356d56d py3: ConfigParser: replace deprecated readfd with read * 27f8f9f03d69276f9ee410169b76574da2461794 py3: ipaldap: encode Boolean as bytes * d7a9e81fbd7a339dddd41a8c5ae9f29252522944 py3: softhsm key_id must be bytes * bc9addac30d69d88f5040e194be1e32a881cfba9 py3: LDAP updates: use only bytes/raw values * d89de4219d0e8ee33e81d6b6d1bc6c22ac9ffbaa py3: schemaupdate: fix BytesWarning * b09a941f34507cfce682d8c5a3acf6dfe7fa624e py3: cainstance: fix BytesWarning * c6a57d8091aeefb6067711189ee0ce11411dee57 py3: urlfetch: use "file://" prefix with filenames * 99771ceb9ffcf21d0364bf57994716322b24551e py3: update_mod_nss_cipher_suite: ordering doesn't work with None """ See the full comment at https://github.com/freeipa/freeipa/pull/460#issuecomment-305411368

1 0

[freeipa PR#460][closed] ipa-server-install, ipa-server-upgrade fixes
by MartinBasti 01 Jun '17

01 Jun '17

URL: https://github.com/freeipa/freeipa/pull/460 Author: MartinBasti Title: #460: ipa-server-install, ipa-server-upgrade fixes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/460/head:pr460 git checkout pr460

1 0

[freeipa PR#460][+pushed] ipa-server-install, ipa-server-upgrade fixes
by MartinBasti 01 Jun '17

01 Jun '17

URL: https://github.com/freeipa/freeipa/pull/460 Title: #460: ipa-server-install, ipa-server-upgrade fixes Label: +pushed

1 0

[freeipa PR#814][opened] Add new permission to grant 'add' on cas container
by Tiboris 01 Jun '17

01 Jun '17

URL: https://github.com/freeipa/freeipa/pull/814 Author: Tiboris Title: #814: Add new permission to grant 'add' on cas container Action: opened PR body: """ https://pagure.io/freeipa/issue/6609 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/814/head:pr814 git checkout pr814

3 11

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel June 2017