[freeipa PR#1714][opened] use LDAP Whoami command when creating an OTP token
by abbra
URL: https://github.com/freeipa/freeipa/pull/1714
Author: abbra
Title: #1714: use LDAP Whoami command when creating an OTP token
Action: opened
PR body:
"""
ipa user-find --whoami is used by ipa otptoken-add to populate
ipaTokenOwner and managedBy attributes. These attributes, in turn are
checked by the self-service ACI which allows to create OTP tokens
assigned to the creator.
With 389-ds-base 1.4.0.6-2.fc28 in Fedora 28 beta there is a bug in
searches with scope 'one' that result in ipa user-find --whoami
returning 0 results.
Because ipa user-find --whoami does not work, non-admin user cannot
create a token. This is a regression that can be fixed by using LDAP
Whoami command.
Fixes: https://pagure.io/freeipa/issue/7456
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1714/head:pr1714
git checkout pr1714
6 years, 2 months
[freeipa PR#1721][opened] Fix installer CA port check to include 8080
by m3gat0nn4ge
URL: https://github.com/freeipa/freeipa/pull/1721
Author: m3gat0nn4ge
Title: #1721: Fix installer CA port check to include 8080
Action: opened
PR body:
"""
component: installer - CA
The installer was not checking the availability of port 8080, cainstance.check_port() function has been renamed to cainstance.check_ports() and updated to check for port 8080 also.
The ipautil.host_port_open() function was being used incorrectly to test for a free port, I have added a new ipautil.host_port_free() function based on host_port_open() with different logic.
cainstance.check_port() now calls ipautil.host_port_free() instead of negating the result from ipautil.host_port_open().
https://pagure.io/freeipa/issue/7415
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1721/head:pr1721
git checkout pr1721
6 years, 2 months
[freeipa PR#1708][opened] Processing of server roles should ignore errors.EmptyResult
by abbra
URL: https://github.com/freeipa/freeipa/pull/1708
Author: abbra
Title: #1708: Processing of server roles should ignore errors.EmptyResult
Action: opened
PR body:
"""
When non-admin user issues a command that utilizes
api.Object.config.show_servroles_attributes(), some server roles might
return errors.EmptyResult, indicating that a role is not visible to this
identity.
Most of the callers to api.Object.config.show_servroles_attributes() do
not process errors.EmptyResult so it goes up to an API caller. In case
of Web UI it breaks retrieval of the initial configuration due to ipa
config-show failing completely rather than avoiding to show available
server roles.
Fixes: https://pagure.io/freeipa/issue/7452
Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1708/head:pr1708
git checkout pr1708
6 years, 2 months