April 2019 - FreeIPA-devel - Fedora mailing-lists

[freeipa PR#3030][opened] [Backport][ipa-4-7] Support interactive prompt for ntp options
by Tiboris 11 Apr '19

11 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3030 Author: Tiboris Title: #3030: [Backport][ipa-4-7] Support interactive prompt for ntp options Action: opened PR body: """ This PR is a manual backport of https://github.com/freeipa/freeipa/pull/2464 please wait for CI before pushing. In case of questions or problems contact @Tiboris who is author of the original PR. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3030/head:pr3030 git checkout pr3030

1 1

[freeipa PR#2464][opened] Support interactive prompt for ntp options
by Tiboris 11 Apr '19

11 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2464 Author: Tiboris Title: #2464: Support interactive prompt for ntp options Action: opened PR body: """ FreeIPA will now ask user for NTP source server or pool address in interactive mode if there is no server nor pool specified and autodiscovery has not found any NTP source in DNS records. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2464/head:pr2464 git checkout pr2464

2 1

[freeipa PR#3022][opened] ipaserver/install/krainstance.py: chown after write
by fcami 11 Apr '19

11 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3022 Author: fcami Title: #3022: ipaserver/install/krainstance.py: chown after write Action: opened PR body: """ When fs.protected_regular=1 root cannot open temp files that are owned by other users read-write. So move os.chown after write. Fixes: https://pagure.io/freeipa/issue/7906 Signed-off-by: François Cami <fcami(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3022/head:pr3022 git checkout pr3022

1 1

[freeipa PR#3010][opened] [testing_master] Nightly PR
by freeipa-pr-ci 10 Apr '19

10 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3010 Author: freeipa-pr-ci Title: #3010: [testing_master] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3010/head:pr3010 git checkout pr3010

1 1

[freeipa PR#3021][opened] ipa-client-install: autodiscovery must refuse single-label domains
by flo-renaud 10 Apr '19

10 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3021 Author: flo-renaud Title: #3021: ipa-client-install: autodiscovery must refuse single-label domains Action: opened PR body: """ Since commit 905ab93, ipa-server-install refuses single-label domains, but older IPA server versions could be installed with a single-label domain/realm. ipa-client-install is already refusing single-label domain/realm when provided to the CLI with --domain / --realm but does not perform the same check when the domain is discovered. This commit adds a check to domain names automatically discovered and skips single-label domains. Fixes: https://pagure.io/freeipa/issue/7598 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3021/head:pr3021 git checkout pr3021

2 1

[freeipa PR#2976][opened] Add PKI config override option
by tiran 10 Apr '19

10 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2976 Author: tiran Title: #2976: Add PKI config override option Action: opened PR body: """ Add an option to override CA and KRA settings passed to pkispawn. The feature allows users to change key size, signature algorithm, and other parameters. It's a prerequisite for HSM support. The patchset also simplifies and improves how IPA creates the pki.ini files that gets passed to pkispawn. See https://pagure.io/freeipa/issue/5608 Split of PR #2307 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2976/head:pr2976 git checkout pr2976

1 1

[freeipa PR#3020][opened] [Backport][ipa-4-7] Improve error handling in DNSSEC helpers
by tiran 10 Apr '19

10 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3020 Author: tiran Title: #3020: [Backport][ipa-4-7] Improve error handling in DNSSEC helpers Action: opened PR body: """ This PR was opened automatically because PR #3017 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3020/head:pr3020 git checkout pr3020

2 1

[freeipa PR#3017][opened] Improve error handling in DNSSEC helpers
by tiran 10 Apr '19

10 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3017 Author: tiran Title: #3017: Improve error handling in DNSSEC helpers Action: opened PR body: """ * ipa-dnskeysyncd now handles CONNECT_ERROR during bind * ipa-dnskeysyncd no longer logs full traceback on connection error. * ipa-dnskeysync-replica now handles SERVER_DOWN/CONNECT_ERROR exceptions and turns them into pretty error messages. Fixes: https://pagure.io/freeipa/issue/7905 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3017/head:pr3017 git checkout pr3017

1 1

[freeipa PR#2993][opened] [ipa-4-6] Create nightly test definition
by flo-renaud 10 Apr '19

10 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2993 Author: flo-renaud Title: #2993: [ipa-4-6] Create nightly test definition Action: opened PR body: """ ### PRCI: add nightly definition for ipa-4-6 branch Replace .freeipa-pr-ci.yaml with a link to ipatests/prci_definitions/gating.yaml Create a nightly test definition ### tests: fix test_user_permissions.py::TestInstallClientNoAdmin Adapt the test to ipa-4-6 branch. On this branch, the calls to external commands are logged with ---8<--- Starting external process args=/usr/bin/getent passwd testuser1(a)domain.com ---8<--- while on master branch the logs are ---8<--- Starting external process args=['/usr/bin/getent', 'passwd', 'testuser1(a)domain.com'] ---8<--- This is because 9c2c3df was not backported to ipa-4-6 branch and modified the debug logs when calling ipautil.run() """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2993/head:pr2993 git checkout pr2993

1 1

[freeipa PR#2995][opened] [testing_f28] Nightly PR
by freeipa-pr-ci 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2995 Author: freeipa-pr-ci Title: #2995: [testing_f28] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2995/head:pr2995 git checkout pr2995

1 1

[freeipa PR#3016][opened] [Backport][ipa-4-7] Gating: remove vault and kdcproxy tests
by tiran 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3016 Author: tiran Title: #3016: [Backport][ipa-4-7] Gating: remove vault and kdcproxy tests Action: opened PR body: """ This PR was opened automatically because PR #3013 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3016/head:pr3016 git checkout pr3016

1 1

[freeipa PR#3013][opened] Gating: remove vault and kdcproxy tests
by tiran 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3013 Author: tiran Title: #3013: Gating: remove vault and kdcproxy tests Action: opened PR body: """ Vault and KDC proxy are neither critical subsystems nor are they likely to fail. They have been pretty stable and don't see any major development. It's sufficient to run them in nightly tests only. The removal speed up gating a bit. Especially vault tests are slow and usually take more than 30 minutes to complete Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3013/head:pr3013 git checkout pr3013

1 1

[freeipa PR#3015][opened] [Backport][ipa-4-7] automount: rmtree temp directory
by fcami 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3015 Author: fcami Title: #3015: [Backport][ipa-4-7] automount: rmtree temp directory Action: opened PR body: """ This PR was opened automatically because PR #3002 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3015/head:pr3015 git checkout pr3015

2 1

[freeipa PR#3012][opened] [Backport][ipa-4-6] Adapt cert-find performance workaround for users
by tiran 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3012 Author: tiran Title: #3012: [Backport][ipa-4-6] Adapt cert-find performance workaround for users Action: opened PR body: """ This PR was opened automatically because PR #2990 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3012/head:pr3012 git checkout pr3012

1 1

[freeipa PR#3011][opened] [Backport][ipa-4-7] Adapt cert-find performance workaround for users
by tiran 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3011 Author: tiran Title: #3011: [Backport][ipa-4-7] Adapt cert-find performance workaround for users Action: opened PR body: """ This PR was opened automatically because PR #2990 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3011/head:pr3011 git checkout pr3011

1 1

[freeipa PR#3014][opened] [Backport][ipa-4-7] Make netifaces optional
by tiran 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3014 Author: tiran Title: #3014: [Backport][ipa-4-7] Make netifaces optional Action: opened PR body: """ Manual backport of PR #3001 netifaces is a binary Python extension. Outside of the installer, it's only used by CheckedIPAddress.get_matching_interface, which is only called from installer code. Make the import of netifaces optional to reduce the amount of dependencies for PyPI package use case. Binary extensions are especially annoying, because they depend on shared libraries, compiler, and header files to be present. Related: https://pagure.io/freeipa/issue/6468 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> Reviewed-By: Oleg Kozlov <okozlov(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3014/head:pr3014 git checkout pr3014

1 1

[freeipa PR#3002][opened] automount: rmtree temp directory
by tiran 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3002 Author: tiran Title: #3002: automount: rmtree temp directory Action: opened PR body: """ ipa-client-automount uses the host keytab to acquire a TGT. The script sets up a temporary directory for its ccache. At the end of the script it removes the ccache and temp directory again. In case of a failed kinit, the ccache is not created and the removal of the ccache causes an exception. The automount installer now uses shutil.rmtree() to remove the temporary directory and all its content. Fixes: https://pagure.io/freeipa/issue/7862 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3002/head:pr3002 git checkout pr3002

2 1

[freeipa PR#3001][opened] Make netifaces optional
by tiran 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3001 Author: tiran Title: #3001: Make netifaces optional Action: opened PR body: """ netifaces is a binary Python extension. Outside of the installer, it's only used by CheckedIPAddress.get_matching_interface, which is only called from installer code. Make the import of netifaces optional to reduce the amount of dependencies for PyPI package use case. Binary extensions are especially annoying, because they depend on shared libraries, compiler, and header files to be present. Related: https://pagure.io/freeipa/issue/6468 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3001/head:pr3001 git checkout pr3001

1 1

[freeipa PR#2990][opened] Adapt cert-find performance workaround for users
by tiran 09 Apr '19

09 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2990 Author: tiran Title: #2990: Adapt cert-find performance workaround for users Action: opened PR body: """ **experimental patch** ipa cert-find --users=NAME was slow on system with lots of certificates. User certificates have CN=$username, therefore the performance tweak from ticket 7835 also works for user certificates. Related: https://pagure.io/freeipa/issue/7835 Fixes: https://pagure.io/freeipa/issue/7901 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2990/head:pr2990 git checkout pr2990

1 1

[freeipa PR#2998][opened] [testing_master] Nightly PR
by freeipa-pr-ci 08 Apr '19

08 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2998 Author: freeipa-pr-ci Title: #2998: [testing_master] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2998/head:pr2998 git checkout pr2998

1 1

[freeipa PR#3009][opened] Drop upper bound on krb5 version in freeipa.spec
by frozencemetery 08 Apr '19

08 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3009 Author: frozencemetery Title: #3009: Drop upper bound on krb5 version in freeipa.spec Action: opened PR body: """ This check is no longer needed now that krb5 exports the KDB version. Signed-off-by: Robbie Harwood <rharwood(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3009/head:pr3009 git checkout pr3009

1 1

[freeipa PR#3008][opened] [Backport ipa-4-6] Bypass D-BUS interface definition deficiences for trust-fetch-domains
by abbra 08 Apr '19

08 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3008 Author: abbra Title: #3008: [Backport ipa-4-6] Bypass D-BUS interface definition deficiences for trust-fetch-domains Action: opened PR body: """ In oddjobd it is possible to pass arguments as command line or on the stdin. We use command line to pass them but the way oddjobd registers the D-BUS method signatures is by specifying all arguments as mandatory. Internally, oddjobd simply ignores if you passed less arguments than specified in the D-BUS defition. Unfortunately, it is not possible to specify less than maximum due to D-BUS seeing all arguments in the list (30 is defined for the trust-fetch-domains). To pass options, have to pad a list of arguments to maximum with empty strings and then filter out unneeded ones in the script. Option parser already removes all options from the list of arguments so all we need to do is to take our actual arguments. In case of trust-fetch-domains, it is the name of the domain so we can only care about args[0]. Fixes: https://pagure.io/freeipa/issue/7903 Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> (cherry picked from commit add6180ae5c5771b0b0f1c743df069ece4256512) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3008/head:pr3008 git checkout pr3008

2 1

[freeipa PR#3007][opened] [Backport][ipa-4-7] Bypass D-BUS interface definition deficiencies for trust-fetch-domains
by tiran 08 Apr '19

08 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3007 Author: tiran Title: #3007: [Backport][ipa-4-7] Bypass D-BUS interface definition deficiencies for trust-fetch-domains Action: opened PR body: """ This PR was opened automatically because PR #3003 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3007/head:pr3007 git checkout pr3007

1 1

[freeipa PR#3003][opened] Bypass D-BUS interface definition deficiencies for trust-fetch-domains
by abbra 08 Apr '19

08 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3003 Author: abbra Title: #3003: Bypass D-BUS interface definition deficiencies for trust-fetch-domains Action: opened PR body: """ In oddjobd it is possible to pass arguments as command line or on the stdin. We use command line to pass them but the way oddjobd registers the D-BUS method signatures is by specifying all arguments as mandatory. Internally, oddjobd simply ignores if you passed less arguments than specified in the D-BUS defition. Unfortunately, it is not possible to specify less than maximum due to D-BUS seeing all arguments in the list (30 is defined for the trust-fetch-domains). To pass options, have to pad a list of arguments to maximum with empty strings and then filter out unneeded ones in the script. Option parser already removes all options from the list of arguments so all we need to do is to take our actual arguments. In case of trust-fetch-domains, it is the name of the domain so we can only care about args[0]. Fixes: https://pagure.io/freeipa/issue/7903 Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3003/head:pr3003 git checkout pr3003

2 1

[freeipa PR#3006][opened] [Backport][ipa-4-7] Skip orphan automember rule test
by tiran 08 Apr '19

08 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3006 Author: tiran Title: #3006: [Backport][ipa-4-7] Skip orphan automember rule test Action: opened PR body: """ This PR was opened automatically because PR #3005 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3006/head:pr3006 git checkout pr3006

1 1

[freeipa PR#3005][opened] Skip orphan automember rule test
by tiran 08 Apr '19

08 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3005 Author: tiran Title: #3005: Skip orphan automember rule test Action: opened PR body: """ 389-DS 1.4.0.22 was pushed to Fedora over the weekend. The new versin breaks test_find_orphan_automember_rules. Skip the test case for now until we have more time to investigate the issue. Related: https://pagure.io/freeipa/issue/7902 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3005/head:pr3005 git checkout pr3005

1 1

[freeipa PR#2997][opened] Add interactive prompt for the LDAP bind password to ipa-getkeytab
by rcritten 08 Apr '19

08 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2997 Author: rcritten Title: #2997: Add interactive prompt for the LDAP bind password to ipa-getkeytab Action: opened PR body: """ This provides a mechanism to bind over LDAP without exposing the password on the command-line. https://pagure.io/freeipa/issue/631 Signed-off-by: Rob Crittenden <rcritten(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2997/head:pr2997 git checkout pr2997

2 1

[freeipa PR#3000][opened] [Backport][ipa-4-7] Remove DsInstance.request_service_keytab as it is not needed anymore
by tiran 08 Apr '19

08 Apr '19

URL: https://github.com/freeipa/freeipa/pull/3000 Author: tiran Title: #3000: [Backport][ipa-4-7] Remove DsInstance.request_service_keytab as it is not needed anymore Action: opened PR body: """ This PR was opened automatically because PR #2999 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3000/head:pr3000 git checkout pr3000

1 1

[freeipa PR#2999][opened] Remove DsInstance.request_service_keytab as it is not needed anymore
by abbra 07 Apr '19

07 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2999 Author: abbra Title: #2999: Remove DsInstance.request_service_keytab as it is not needed anymore Action: opened PR body: """ DsInstance.request_service_keytab() used to configure /etc/sysconfig/dirsrv which is not needed anymore with 389-ds-base 1.4.1.2. Thus, the method became indistinguishable from the parent and can be removed completely. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2999/head:pr2999 git checkout pr2999

2 1

[freeipa PR#2991][opened] [testing_master] Nightly PR
by freeipa-pr-ci 05 Apr '19

05 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2991 Author: freeipa-pr-ci Title: #2991: [testing_master] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2991/head:pr2991 git checkout pr2991

1 1

[freeipa PR#2987][opened] [testing_f28] Nightly PR
by freeipa-pr-ci 04 Apr '19

04 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2987 Author: freeipa-pr-ci Title: #2987: [testing_f28] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2987/head:pr2987 git checkout pr2987

1 1

[freeipa PR#2994][opened] [Backport][ipa-4-7] Verify external CA's basic constraint pathlen
by tiran 04 Apr '19

04 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2994 Author: tiran Title: #2994: [Backport][ipa-4-7] Verify external CA's basic constraint pathlen Action: opened PR body: """ Manual backport of PR #7877 IPA no verifies that intermediate certs of external CAs have a basic constraint path len of at least 1 and increasing. Fixes: https://pagure.io/freeipa/issue/7877 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> Reviewed-By: Fraser Tweedale <ftweedal(a)redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2994/head:pr2994 git checkout pr2994

1 1

[freeipa PR#2989][opened] Verify external CA's basic constraint pathlen
by tiran 04 Apr '19

04 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2989 Author: tiran Title: #2989: Verify external CA's basic constraint pathlen Action: opened PR body: """ IPA no verifies that intermediate certs of external CAs have a basic constraint path len of at least 1 and increasing. Fixes: https://pagure.io/freeipa/issue/7877 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2989/head:pr2989 git checkout pr2989

1 1

[freeipa PR#2992][opened] PoC for stable, minimal Python API
by tiran 04 Apr '19

04 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2992 Author: tiran Title: #2992: PoC for stable, minimal Python API Action: opened PR body: """ Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2992/head:pr2992 git checkout pr2992

1 0

[freeipa PR#2980][opened] [testing_master] Nightly PR
by freeipa-pr-ci 03 Apr '19

03 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2980 Author: freeipa-pr-ci Title: #2980: [testing_master] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2980/head:pr2980 git checkout pr2980

1 1

[freeipa PR#2813][opened] Require a minimum SASL security factor of 56
by tiran 03 Apr '19

03 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2813 Author: tiran Title: #2813: Require a minimum SASL security factor of 56 Action: opened PR body: """ SSF_MINX 56 level ensures data integrity and confidentiality for SASL GSSAPI and SASL GSS SPNEGO connections. Although at least AES128 is enforced pretty much everywhere, 56 is required for backwards compatibility with systems that announce wrong SSF. Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2813/head:pr2813 git checkout pr2813

2 1

[freeipa PR#2988][opened] Samba 4.9 related backport to ipa-4-6
by abbra 03 Apr '19

03 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2988 Author: abbra Title: #2988: Samba 4.9 related backport to ipa-4-6 Action: opened PR body: """ When backporting Samba related patches for ticket https://pagure.io/freeipa/issue/7705, we missed two patches on top of those in ipa-4-6 backport. As result, FreeIPA 4.6.5 does not work with Samba 4.9 because we aren't able to set up group mapping for BUILTIN\Guests properly. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2988/head:pr2988 git checkout pr2988

2 1

[freeipa PR#2986][opened] [Backport][ipa-4-7] Move DS's Kerberos env vars to unit file
by tiran 03 Apr '19

03 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2986 Author: tiran Title: #2986: [Backport][ipa-4-7] Move DS's Kerberos env vars to unit file Action: opened PR body: """ Manual backport of PR #2982 to ipa-4-7 branch. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2986/head:pr2986 git checkout pr2986

1 1

[freeipa PR#2981][opened] [Backport][ipa-4-6] Fix uninstallation test, use different method to stop dirsrv
by flo-renaud 03 Apr '19

03 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2981 Author: flo-renaud Title: #2981: [Backport][ipa-4-6] Fix uninstallation test, use different method to stop dirsrv Action: opened PR body: """ This is a manual backport of PR #2266. I cherry-picked only the first commit: 2064c72 Fix uninstallation test, use different method to stop dirsrv and left out 11b3cdf Add uninstallation tests to night master and rawhide because there is currently no nightly tests on ipa-4-6 branch """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2981/head:pr2981 git checkout pr2981

1 1

[freeipa PR#2957][opened] [testing_f28] Nightly PR
by freeipa-pr-ci 02 Apr '19

02 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2957 Author: freeipa-pr-ci Title: #2957: [testing_f28] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2957/head:pr2957 git checkout pr2957

1 1

[freeipa PR#2982][opened] Move DS's Kerberos env vars to unit file
by tiran 02 Apr '19

02 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2982 Author: tiran Title: #2982: Move DS's Kerberos env vars to unit file Action: opened PR body: """ The IPA specific env vars KRB5_KTNAME and KRB5CCNAME are now defined in a instance specific ipa-env.conf unit file. Fixes: https://pagure.io/freeipa/issue/7860 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2982/head:pr2982 git checkout pr2982

1 1

Nightly tests are Green on master!
by Florence Blanc-Renaud 02 Apr '19

02 Apr '19

Hi, today we reached an important milestone. Maybe you didn't notice but the nightly tests on the master branch are all GREEN today! https://github.com/freeipa/freeipa/pull/2980 A big thank you to all FreeIPA developers for their hard work, and let's make sure to keep 100% test success. flo

2 1

[freeipa PR#2985][opened] [Backport][ipa-4-6] ipatests: fix host name for ssh connection from controller to master
by wladich 02 Apr '19

02 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2985 Author: wladich Title: #2985: [Backport][ipa-4-6] ipatests: fix host name for ssh connection from controller to master Action: opened PR body: """ This is a manual backport of #2873 ACKing it as it is a backport """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2985/head:pr2985 git checkout pr2985

2 1

[freeipa PR#2984][opened] [Backport][ipa-4-6] ipatests: fix ldap server url in ldappasswd_sysaccount_change()
by wladich 02 Apr '19

02 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2984 Author: wladich Title: #2984: [Backport][ipa-4-6] ipatests: fix ldap server url in ldappasswd_sysaccount_change() Action: opened PR body: """ This is a manual backport of #2778. ACKing it as it is a backport. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2984/head:pr2984 git checkout pr2984

2 1

[freeipa PR#2979][opened] [Backport][ipa-4-6] Fix and refactor test_trust.py
by wladich 02 Apr '19

02 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2979 Author: wladich Title: #2979: [Backport][ipa-4-6] Fix and refactor test_trust.py Action: opened PR body: """ This is manual backport for PR #2956. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2979/head:pr2979 git checkout pr2979

1 1

[freeipa PR#2978][opened] [Backport][ipa-4-7] Fix and refactor test_trust.py
by rcritten 02 Apr '19

02 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2978 Author: rcritten Title: #2978: [Backport][ipa-4-7] Fix and refactor test_trust.py Action: opened PR body: """ This PR was opened automatically because PR #2956 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2978/head:pr2978 git checkout pr2978

2 1

[freeipa PR#2977][opened] [Backport ipa-4-6] Trust pass args and options
by abbra 02 Apr '19

02 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2977 Author: abbra Title: #2977: [Backport ipa-4-6] Trust pass args and options Action: opened PR body: """ Refactor com.redhat.idm.trust-fetch.domains oddjob helper to allow passing administrative credentials and a domain controller to talk to. This approach allows to avoid rediscovering a domain controller in case a user actually specified the domain controller when establishing trust. It also allows to pass through admin credentials if user decides to do so. The latter will be used later to allow updating trust topology in a similar oddjob helper. Resolves: https://pagure.io/freeipa/issue/7895 Reviewed-By: Christian Heimes <cheimes(a)redhat.com> (cherry picked from commit de4a9875d410c68ae4f9602b70c753a11034b31b) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2977/head:pr2977 git checkout pr2977

2 1

[freeipa PR#2964][opened] [testing_master] Nightly PR
by freeipa-pr-ci 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2964 Author: freeipa-pr-ci Title: #2964: [testing_master] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2964/head:pr2964 git checkout pr2964

1 1

[freeipa PR#2956][opened] Fix and refactor test_trust.py
by wladich 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2956 Author: wladich Title: #2956: Fix and refactor test_trust.py Action: opened PR body: """ Multiple problems were found in trust tests and trust-related test utility functions. Detailed description of changes provided in commit messages Issues with test described in https://pagure.io/freeipa/issue/7889 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2956/head:pr2956 git checkout pr2956

2 1

[freeipa PR#2970][opened] Disable flaky hidden replica backup test
by tiran 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2970 Author: tiran Title: #2970: Disable flaky hidden replica backup test Action: opened PR body: """ The test case for hidden replica restore is flaky and sometimes fails. The general issues is covered by upstream bug 7894. See: https://pagure.io/freeipa/issue/7894 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2970/head:pr2970 git checkout pr2970

2 1

[freeipa PR#2975][opened] [Backport][ipa-4-7] oddjob: allow to pass options to trust-fetch-domains
by tiran 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2975 Author: tiran Title: #2975: [Backport][ipa-4-7] oddjob: allow to pass options to trust-fetch-domains Action: opened PR body: """ This PR was opened automatically because PR #2965 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2975/head:pr2975 git checkout pr2975

1 1

[freeipa PR#2974][opened] [Backport][ipa-4-6] ipa-setup-kra: fix python2 parameter
by tiran 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2974 Author: tiran Title: #2974: [Backport][ipa-4-6] ipa-setup-kra: fix python2 parameter Action: opened PR body: """ This PR was opened automatically because PR #2968 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2974/head:pr2974 git checkout pr2974

1 1

[freeipa PR#2973][opened] [Backport][ipa-4-7] ipa-setup-kra: fix python2 parameter
by tiran 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2973 Author: tiran Title: #2973: [Backport][ipa-4-7] ipa-setup-kra: fix python2 parameter Action: opened PR body: """ This PR was opened automatically because PR #2968 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2973/head:pr2973 git checkout pr2973

2 1

[freeipa PR#2972][opened] [Backport][ipa-4-6] ipa-server-upgrade: fix add_systemd_user_hbac
by tiran 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2972 Author: tiran Title: #2972: [Backport][ipa-4-6] ipa-server-upgrade: fix add_systemd_user_hbac Action: opened PR body: """ This PR was opened automatically because PR #2967 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2972/head:pr2972 git checkout pr2972

2 1

[freeipa PR#2971][opened] [Backport][ipa-4-7] ipa-server-upgrade: fix add_systemd_user_hbac
by tiran 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2971 Author: tiran Title: #2971: [Backport][ipa-4-7] ipa-server-upgrade: fix add_systemd_user_hbac Action: opened PR body: """ This PR was opened automatically because PR #2967 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2971/head:pr2971 git checkout pr2971

2 1

[freeipa PR#2969][opened] [Backport][ipa-4-7] ipasam: use SID formatting calls to libsss_idmap
by tiran 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2969 Author: tiran Title: #2969: [Backport][ipa-4-7] ipasam: use SID formatting calls to libsss_idmap Action: opened PR body: """ This PR was opened automatically because PR #2966 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2969/head:pr2969 git checkout pr2969

1 1

[freeipa PR#2965][opened] oddjob: allow to pass options to trust-fetch-domains
by abbra 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2965 Author: abbra Title: #2965: oddjob: allow to pass options to trust-fetch-domains Action: opened PR body: """ Refactor com.redhat.idm.trust-fetch.domains oddjob helper to allow passing administrative credentials and a domain controller to talk to. This approach allows to avoid rediscovering a domain controller in case a user actually specified the domain controller when establishing trust. It also allows to pass through admin credentials if user decides to do so. The latter will be used later to allow updating trust topology in a similar oddjob helper. Resolves: https://pagure.io/freeipa/issue/7895 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2965/head:pr2965 git checkout pr2965

2 1

[freeipa PR#2968][opened] ipa-setup-kra: fix python2 parameter
by flo-renaud 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2968 Author: flo-renaud Title: #2968: ipa-setup-kra: fix python2 parameter Action: opened PR body: """ ipa-setup-kra is failing in python2 with invalid 'role_servrole': must be Unicode text because of a unicode conversion error. The method api.Command.server_role_find is called with the parameter role_servrole='IPA master' but it should rather be role_servrole=u'IPA master' Fixes: https://pagure.io/freeipa/issue/7897 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2968/head:pr2968 git checkout pr2968

2 1

[freeipa PR#2967][opened] ipa-server-upgrade: fix add_systemd_user_hbac
by flo-renaud 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2967 Author: flo-renaud Title: #2967: ipa-server-upgrade: fix add_systemd_user_hbac Action: opened PR body: """ During upgrade, the method add_systemd_user_hbac is creating a hbacsvc and a hbacrule, but fails in python2 because of unicode conversion errors. The arguments should be defined as u'value'. Fixes: https://pagure.io/freeipa/issue/7896 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2967/head:pr2967 git checkout pr2967

2 1

[freeipa PR#2943][opened] ipa_sam: remove dependency to sid_string_talloc() and sid_string_dbg()
by mastersin 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2943 Author: mastersin Title: #2943: ipa_sam: remove dependency to sid_string_talloc() and sid_string_dbg() Action: opened PR body: """ ipa_sam uses Samba's sid to string construction functions. Recent Samba versions removed this functions from libsmbconf.so and replace new functions to internal libsamba-security-samba4.so Thus, we reimplement new style function dom_sid_str_buf() from Samba-4.10. Resolves: https://pagure.io/freeipa/issue/7893 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2943/head:pr2943 git checkout pr2943

2 1

[freeipa PR#2966][opened] ipasam: use SID formatting calls to libsss_idmap
by abbra 01 Apr '19

01 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2966 Author: abbra Title: #2966: ipasam: use SID formatting calls to libsss_idmap Action: opened PR body: """ Samba 4.10 moved away to private libraries two functions we used to convert a binary SID structre to strings: - sid_talloc_string() - sid_string_dbg() We already used libsss_idmap to convert textual representation of SIDs to a binary one, use the reverse function too. libsss_idmap code operates on talloc structures, so we need to adopt a bit a place where sid_string_dbg() was used because it assumed a static buffer was provided by sid_string_dbg(). Finally, sid_talloc_string()'s replacement moves allocated memory to the right context so that a memory will be freed earlier. Our SSSD idmap context is a long-living one while in all cases where we were using sid_talloc_string() we free the context much earlier. Resolves: https://pagure.io/freeipa/issue/7893 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2966/head:pr2966 git checkout pr2966

2 1

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel April 2019