IPA master now using mod_ssl
by Rob Crittenden
Heads up. A large patchset was pushed today that switches from using
mod_nss as the TLS engine for Apache to using mod_ssl. Please watch out
for any oddities, particularly related to upgrades. We spent a lot of
time trying to get this right but it's very possible we missed something.
This may also have the side effect of requiring a bunch of PR rebases,
sorry about that :-(
rob
6 years, 2 months
sssd went away (again)
by Harald Dunkel
Hi folks,
I still have problems with sssd on my MTA: Sometimes the user
lookup via nss is broken and EMails to valid recipients are
rejected with "User unknown". Bad thing.
But this time sssd was running with "debug_level = 6".
Attached you can find the logfile. Does anybody have an idea
what has happened?
sssd is version 1.15.2, built for Stretch.
Every helpful comment is highly appreciated.
Harri
6 years, 2 months
[freeipa PR#1449][opened] WIP: Switch from mod_nss to mod_ssl
by rcritten
URL: https://github.com/freeipa/freeipa/pull/1449
Author: rcritten
Title: #1449: WIP: Switch from mod_nss to mod_ssl
Action: opened
PR body:
"""
New installs using an IPA CA should work
Upgrades should work
Not tested and some known to not work:
- CA-less install
- promoting a replica
- promoting a replica CA-less
- backup and restore (particularly edge cases like restoring from a mod_nss backup)
This PR is meant to to obtain status of current patches and as a jumping-off point to finish the rest of the transition.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1449/head:pr1449
git checkout pr1449
6 years, 2 months
[freeipa PR#1596][opened] webui:test realm domain add with DNS check
by pvoborni
URL: https://github.com/freeipa/freeipa/pull/1596
Author: pvoborni
Title: #1596: webui:test realm domain add with DNS check
Action: opened
PR body:
"""
Try adding and deleting with "Check DNS" (in html 'ok' button)
DNS check expects that the added domain will have DNS record:
TXT kerberos.$domain "$REALM"
When a new domain is added using dnszone-add it automatically adds
this TXT record and adds a realm domain. So in order to test without
external DNS we must get into state where realm domain is not added
(in order to add it) but DNS domain with the TXT record exists.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1596/head:pr1596
git checkout pr1596
6 years, 2 months
[freeipa PR#1594][opened] Add better CalledProcessError and run() logging
by tiran
URL: https://github.com/freeipa/freeipa/pull/1594
Author: tiran
Title: #1594: Add better CalledProcessError and run() logging
Action: opened
PR body:
"""
In case of an error, ipapython.ipautil.run() now raises an exception that
contains the error message of the failed command. Before the exception
only contained the command and error code.
The command is no longer collapsed into one string. The error message
and logging output contains the actual command and arguments with intact
quoting.
Example:
```
CalledProcessError(Command ['/usr/bin/python3', '-c', 'import sys; sys.exit(" ".join(("error", "XXXXXXXX")))'] returned non-zero exit status 1: 'error XXXXXXXX\n')
```
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1594/head:pr1594
git checkout pr1594
6 years, 2 months
