January 2021 - FreeIPA-devel - Fedora Mailing-Lists

[freeipa PR#5391][opened] Translations update from Weblate

by weblate

URL: https://github.com/freeipa/freeipa/pull/5391 Author: weblate Title: #5391: Translations update from Weblate Action: opened PR body: """ Translations update from [Weblate](https://translate.fedoraproject.org/projects/freeipa/ipa-4-8/) for freeipa/ipa-4-8. Current translation status: ![Weblate translation status](https://translate.fedoraproject.org/widgets/freeipa/-/ipa-4-8/hor... """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5391/head:pr5391 git checkout pr5391

1 year, 10 months

2
1
0 / 0

[freeipa PR#4909][opened] Add unauthenticated nsupdate

by fcami

URL: https://github.com/freeipa/freeipa/pull/4909 Author: fcami Title: #4909: Add unauthenticated nsupdate Action: opened PR body: """ ipa-client-install: update sssd.conf if nsupdate requires -g If dynamic DNS updates are selected, sssd will use GSS-TSIG by default for nsupdate. When ipa-client-install notices that plain nsupdate is required, switch sssd to use no authentication for dynamic updates too. Fixes: https://pagure.io/freeipa/issue/8402 + ipa-client-install: invoke nsupdate twice (GSS-TSIG, plain) ipa-client-install invokes nsupdate with GSS-TSIG at client enrollment time. If that fails, no retry is done. Change that behavior to try again without GSS-TSIG. Fixes: https://pagure.io/freeipa/issue/8402 #### This is purely WIP: - it needs a proper test - there are more nsupdate calls that should be adapted. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4909/head:pr4909 git checkout pr4909

1 year, 11 months

2
1
0 / 0

[freeipa PR#5325][opened] LDAP autobind authenticateAsDN for BIND named

by tiran

URL: https://github.com/freeipa/freeipa/pull/5325 Author: tiran Title: #5325: LDAP autobind authenticateAsDN for BIND named Action: opened PR body: """ Use new nsslapd-ldapiautoauthdnattr feature to switch BIND named from GSSAPI bind to EXTERNAL LDAPI bind. Requires 389-DS build https://copr.fedorainfracloud.org/coprs/build/1811023 - [ ] Requires new build of 389-DS - [ ] Add new OIDs to FreeIPA's OID registry Fixes: https://pagure.io/freeipa/issue/8544 See: https://github.com/389ds/389-ds-base/issues/4381 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5325/head:pr5325 git checkout pr5325

1 year, 11 months

2
1
0 / 0

[freeipa PR#5388][opened] Better mod_wsgi configuration

by tiran

URL: https://github.com/freeipa/freeipa/pull/5388 Author: tiran Title: #5388: Better mod_wsgi configuration Action: opened PR body: """ * Remove WSGIImportScript * Configure process-group in WSGIScriptAlias * Run WSGI app in main interpreter of daemon script * move WSGI app code to main code base so it can be used with other WSGI servers that expect a Python package. * populate LDAP schema early to speed up first request by ~200ms * gc.collect() and gc.freeze() to improve memory handling and GC See: https://github.com/GrahamDumpleton/mod_wsgi/issues/642#issuecomment-74949... Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5388/head:pr5388 git checkout pr5388

2 years, 1 month

2
1
0 / 0

[freeipa PR#5256][opened] Handle multiple AJP adapters during upgrade

by cipherboy

URL: https://github.com/freeipa/freeipa/pull/5256 Author: cipherboy Title: #5256: Handle multiple AJP adapters during upgrade Action: opened PR body: """ In this patch, we ensure we upgrade all AJP adapters with the same secret value if any are missing. This ensures that both IPv4 and IPv6 adapters have the same secret value, so whichever httpd connects to will be in sync. This is consistent with what Dogtag does when provisioning them. Notably missing from this patch is handling of multiple unrelated AJP adapters. In an IPA scenario (and default PKI scenario) this shouldn't be necessary. However, with external load balancing, this might happen. This patch benefits IPA in the scenario when: 1. `pkispawn` runs on an older PKI version (pre-AJP secret, so ~8.2?) 2. pki gets upgraded to 10.10.1 before IPA can provision a secret, resulting in split IPv4/IPv6 adapters -- this would only happen on a direct migration from 8.2 -> 8.4 3. ipa upgrade script then runs to provision an AJP secret value for use with both Dogtag and IPA. Without this patch, only the first (IPv4) adapter would have a secret value provisioned in the above scenario. `Signed-off-by: Alexander Scheel <ascheel(a)redhat.com>` --- Is this scenario likely? Or will IPA have provisioned a secret anyway on older PKI versions? I do not know. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5256/head:pr5256 git checkout pr5256

2 years, 2 months

2
1
0 / 0

[freeipa PR#5438][opened] [PoC] Add support for subuid and subgid

by tiran

URL: https://github.com/freeipa/freeipa/pull/5438 Author: tiran Title: #5438: [PoC] Add support for subuid and subgid Action: opened PR body: """ See: https://pagure.io/freeipa/issue/8361 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5438/head:pr5438 git checkout pr5438

2 years, 2 months

1
1
0 / 0

[freeipa PR#4923][opened] Add support for app passwords

by RichardKalinec

URL: https://github.com/freeipa/freeipa/pull/4923 Author: RichardKalinec Title: #4923: Add support for app passwords Action: opened PR body: """ Users will be able to have additional passwords besides the primary one - app passwords. They will be usable for accessing all systems and services that his/her FreeIPA account is used for, but not to manage the account (including configuring the app passwords). Resolves: https://pagure.io/freeipa/issue/4510 Design page and its discussion: https://github.com/freeipa/freeipa/pull/4061 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4923/head:pr4923 git checkout pr4923

2 years, 2 months

2
1
0 / 0

[freeipa PR#4061][opened] doc/designs: Add a design page for application-specific passwords

by RichardKalinec

URL: https://github.com/freeipa/freeipa/pull/4061 Author: RichardKalinec Title: #4061: doc/designs: Add a design page for application-specific passwords Action: opened PR body: """ This design page describes a new enhancement: application-specific passwords and permissions management for them. Users will be able to have additional passwords besides the primary one, and set permissions for them specifying what systems and services will each application-specific password have access to. Application-specific passwords will also be usable with other authentication mechanisms incorporating passwords, namely otp, radius and hardened. They will also be supported by ipa-kdb for Kerberos authentication. https://pagure.io/freeipa/issue/4510 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4061/head:pr4061 git checkout pr4061

2 years, 2 months

2
1
0 / 0

[freeipa PR#5456][opened] ipatests: Test to check sosreport collects healthcheck.log file

by menonsudhir

URL: https://github.com/freeipa/freeipa/pull/5456 Author: menonsudhir Title: #5456: ipatests: Test to check sosreport collects healthcheck.log file Action: opened PR body: """ This test creates healthcheck.log file in /var/log/ipa/healthcheck/ directory if its not present and then checks that when sosreport command is run it collects the healthcheck log file by checking the console log """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5456/head:pr5456 git checkout pr5456

2 years, 2 months

2
1
0 / 0

[freeipa PR#5474][opened] WIP: Dns resolvers management

by wladich

URL: https://github.com/freeipa/freeipa/pull/5474 Author: wladich Title: #5474: WIP: Dns resolvers management Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5474/head:pr5474 git checkout pr5474

2 years, 2 months

1
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel January 2021