URL: https://github.com/freeipa/freeipa/pull/6122
Author: jh23453
Title: #6122: Remove deprecation warning when installing a CA replica
Action: opened
PR body:
"""
I got the following message when installing a replica with CA:
2021-11-22T21:15:35Z DEBUG [5/30]: configuring certificate server instance
...
WARNING: The 'pki_ssl_server_token' in [CA] has been deprecated. Use 'pki_sslserver_token' instead.
Installation log: /var/log/pki/pki-ca-spawn.20211122221535.log
Installing CA into /var/lib/pki/pki-tomcat.
With the following change the message no longer appears when installing a replica.
Signed-off-by: Jochen Kellner <jochen(a)jochen.org>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6122/head:pr6122
git checkout pr6122
URL: https://github.com/freeipa/freeipa/pull/6126
Author: flo-renaud
Title: #6126: Bz2031825
Action: opened
PR body:
"""
### Config plugin: return EmptyModlist when no change is applied
When ipa config-mod is called with the option --enable-sid,
the code needs to trap EmptyModlist exception (it is expected
that no LDAP attribute is modified by this operation).
The code had a flaw and was checking:
'enable_sid' in options
instead of
options['enable_sid']
"'enable_sid' in options" always returns true as this option
is a Flag with a default value, hence always present even if
not specified on the command line.
Fixes: https://pagure.io/freeipa/issue/9063
### config plugin: add a test ensuring EmptyModlist is returned
Add a test to test_config_plugin, that calls ipa config-mod
with the same value as already present in LDAP.
The call must return EmptyModlist.
Related: https://pagure.io/freeipa/issue/9063
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6126/head:pr6126
git checkout pr6126
URL: https://github.com/freeipa/freeipa/pull/6092
Author: mrizwan93
Title: #6092: ipatests: Test cases for ipa-replica-conncheck command
Action: opened
PR body:
"""
Following test cases would be checked:
- when called with --principal (it should then prompt for a password)
- when called with --principal / --password
- when called without principal and password but with a kerberos TGT,
kinit admin done before calling ipa-replica-conncheck
- when called without principal and password, and without any kerberos
TGT (it should default to principal=admin and prompt for a password)
Signed-off-by: Mohammad Rizwan <myusuf(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6092/head:pr6092
git checkout pr6092
URL: https://github.com/freeipa/freeipa/pull/6128
Author: flo-renaud
Title: #6128: [Backport][ipa-4-9] ipatests: Test empty cert request doesn't force certmonger to segfault
Action: opened
PR body:
"""
This PR was opened automatically because PR #6107 was pushed to master and backport to ipa-4-9 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6128/head:pr6128
git checkout pr6128
URL: https://github.com/freeipa/freeipa/pull/6107
Author: mrizwan93
Title: #6107: ipatests: Test empty cert request doesn't force certmonger to segfault
Action: opened
PR body:
"""
When empty cert request is submitted to certmonger, it goes to
segfault. This fix test that if something like this happens,
certmonger should gracefuly handle it
related: https://pagure.io/certmonger/issue/191
Signed-off-by: Mohammad Rizwan <myusuf(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6107/head:pr6107
git checkout pr6107
URL: https://github.com/freeipa/freeipa/pull/6127
Author: flo-renaud
Title: #6127: [Backport][ipa-4-9] ipatests: Test default value of nsslapd-sizelimit.
Action: opened
PR body:
"""
This PR was opened automatically because PR #6123 was pushed to master and backport to ipa-4-9 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6127/head:pr6127
git checkout pr6127
URL: https://github.com/freeipa/freeipa/pull/6125
Author: flo-renaud
Title: #6125: ipatests: Fix expected object classes
Action: opened
PR body:
"""
Because the sidgen plugin is a postop plugin, it is not
always triggered before the result of an ADD is returned
and the objectclasses of the user may / may not contain
ipantuserattrs.
Fix the expected object classes.
Related: https://pagure.io/freeipa/issue/9062
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6125/head:pr6125
git checkout pr6125
URL: https://github.com/freeipa/freeipa/pull/6124
Author: flo-renaud
Title: #6124: [Backport][ipa-4-9] ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout
Action: opened
PR body:
"""
This PR was opened automatically because PR #6119 was pushed to master and backport to ipa-4-9 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6124/head:pr6124
git checkout pr6124
URL: https://github.com/freeipa/freeipa/pull/6119
Author: flo-renaud
Title: #6119: ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout
Action: opened
PR body:
"""
The test sets 389-ds nsslapd-idletimeout to 60s, then does a
kinit with an otp token (which makes ipa-otpd create a LDAP
connection), then sleeps for 60s. The expectation is that
ns-slapd will detect that the LDAP conn from ipa-otpd is idle
and close the connection.
According to 389ds doc, the idle timeout is enforced when the
connection table is walked. By doing a ldapsearch, the test
"wakes up" ns-slapd and forces the detection of ipa-otpd
idle connection.
Fixes: https://pagure.io/freeipa/issue/9044
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6119/head:pr6119
git checkout pr6119
URL: https://github.com/freeipa/freeipa/pull/6120
Author: menonsudhir
Title: #6120: ipatests: Adding --no-dnssec-validation option for healthcheck
Action: opened
PR body:
"""
healthcheck related tests are failing because of the below issue
"client @0x7f8ee47c4d48 : servfail cache hit (CD=0)" and as a result healthcheck related packages
are not downloaded on test system.
Hence adding the --no-dnssec-validation option to install_master and install_replica function
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6120/head:pr6120
git checkout pr6120