URL: https://github.com/freeipa/freeipa/pull/2084
Author: tiran
Title: #2084: Catch ACIError instead of invalid credentials
Action: opened
PR body:
"""
ipaldap's LDAPClient client turns INVALID_CREDENTIAL error into
ACIError. Catch the ACIError and wait until the user has been
replicated.
Apparently no manual or automated test ran into the timeout during
testing.
Fixes: Fixes: https://pagure.io/freeipa/issue/7593
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2084/head:pr2084
git checkout pr2084
URL: https://github.com/freeipa/freeipa/pull/2083
Author: Tiboris
Title: #2083: [Backport][ipa-4-6] Test for : ipa-client-install should not use hardcoded admin principal
Action: opened
PR body:
"""
This PR was opened automatically because PR #2043 was pushed to master and backport to ipa-4-6 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2083/head:pr2083
git checkout pr2083
URL: https://github.com/freeipa/freeipa/pull/2081
Author: tiran
Title: #2081: [Backport][ipa-4-6] Ensure that public cert and CA bundle are readable
Action: opened
PR body:
"""
In CIS hardened mode, the process umask is 027. This results in some
files not being world readable. Ensure that write_certificate_list()
calls in client installer, server installer, and upgrader create cert
bundles with permission bits 0644.
Make CA bundles, certs, and cert directories world-accessible in
upgrader.
Fixes: pagure.io/freeipa/issue/7594
Manual backport of PR #2057
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2081/head:pr2081
git checkout pr2081
URL: https://github.com/freeipa/freeipa/pull/2078
Author: netoarmando
Title: #2078: [Backport][ipa-4-6] Prevent the creation on users and groups with numeric characters only
Action: opened
PR body:
"""
Update regular expression validator to prevent user and group creation.
Fixes: https://pagure.io/freeipa/issue/7572
Signed-off-by: Armando Neto <abiagion(a)redhat.com>
Manual backport of #2067
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2078/head:pr2078
git checkout pr2078
URL: https://github.com/freeipa/freeipa/pull/2077
Author: abbra
Title: #2077: ipaserver/dcerpc.py: handle indirect topology conflicts
Action: opened
PR body:
"""
Backport for 4.6:
When AD forest A has a trust with a forest B that claims ownership
of a domain name (TLN) owned by an IPA forest, we need to build
exclusion record for that specific TLN, not our domain name.
Use realmdomains to find a correct exclusion entry to build.
Fixes: https://pagure.io/freeipa/issue/7370
Reviewed-By: Armando Neto <abiagion(a)redhat.com>
Reviewed-By: Rob Crittenden <rcritten(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2077/head:pr2077
git checkout pr2077
URL: https://github.com/freeipa/freeipa/pull/2079
Author: flo-renaud
Title: #2079: ipa-client-install: enable and start oddjobd if mkhomedir
Action: opened
PR body:
"""
Since the switch to authselect, the service oddjobd is not automatically enabled when ipa client is installed with `--mkhomedir`.
The fix makes sure that the service is enabled/started, and stores the pre-install state in sysrestore.state, in order to revert to the pre-install state when uninstall is called
The commit also add a test.
https://pagure.io/freeipa/issue/7604
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2079/head:pr2079
git checkout pr2079