[freeipa PR#2661][opened] [WIP] Add index and container for RFC 2307 IP services
by tiran
URL: https://github.com/freeipa/freeipa/pull/2661
Author: tiran
Title: #2661: [WIP] Add index and container for RFC 2307 IP services
Action: opened
PR body:
"""
**WIP**, also see #2649
IPA doesn't officially support RFC 2307 IP services. However SSSD has a
nsswitch plugin to provide service lookups. The subtree search for
(&(ipserviceport=$PORT)(ipserviceprotocol=$SRV)(objectclass=ipservice)) in
cn=accounts,$SUFFIX has caused performance issues on large
installations.
This patch introduced a dedicated container
cn=ipservices,cn=accounts,$SUFFIX for IP services for future use or 3rd
party extensions. SSSD will be change its search base in an upcoming
release, too.
A new ipServicePort index is added to optimize searches for an IP
service by port. There is no index on ipServiceProtocol because the index
would have poor selectivity. An ipService entry has either 'tcp' or 'udp'
as protocol.
Fixes: https://pagure.io/freeipa/issue/7797
See: https://pagure.io/freeipa/issue/7786
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2661/head:pr2661
git checkout pr2661
5 years, 4 months
[freeipa PR#2640][opened] Handle service_del with bad service name
by tiran
URL: https://github.com/freeipa/freeipa/pull/2640
Author: tiran
Title: #2640: Handle service_del with bad service name
Action: opened
PR body:
"""
The command 'ipa service-del badservice' used to fail with an internal
server error, because check_required_principal() could not handle a
principal that is not a service principal. All del commands have less
strict error checking of primary keys so they can reference any stored
key, even illegal ones.
check_required_principal() skips required principal check if the
principal is not a service principal. A non-service principal can never
be a required principal.
Fixes: https://pagure.io/freeipa/issue/7793
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2640/head:pr2640
git checkout pr2640
5 years, 4 months
[freeipa PR#2659][opened] ipatests: fix test_full_backup_and_restore
by flo-renaud
URL: https://github.com/freeipa/freeipa/pull/2659
Author: flo-renaud
Title: #2659: ipatests: fix test_full_backup_and_restore
Action: opened
PR body:
"""
The test is failing when calling (on the replica) `ipa-replica-manage re-initialize --from <master>` because the tool needs to resolve master.
The test does not set `/etc/resolv.conf` on the replica, as a consequence it relies on whatever DNS server is configured in your test environment prior to launching the test, and makes the test unreliable.
In PR-CI env, `/etc/resolv.conf` points to the machine hosting the replica vm, which is unable to resolve master.ipa.test.
The fix is modifying the replica's /etc/resolv.conf to use the master as DNS.
Fixes https://pagure.io/freeipa/issue/7778
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2659/head:pr2659
git checkout pr2659
5 years, 4 months