FreeIPA-devel February 2021

freeipa-devel@lists.fedorahosted.org

3 participants
115 discussions

Prepare for FreeIPA 4.9.2
by Alexander Bokovoy 04 Feb '21

04 Feb '21

Hi, I am planning to do a FreeIPA 4.9.2 release around February 12th-15th. Most of the fixes are to IPA tests and various small fixes to problems found in RHEL 8 nightly testing. The only 'bigger' change would be to try to reduce downstream branding patches to a minimum -- this is what Rob already got to the master branch in some extent but it needs more work. I'll keep updating draft release notes here every day when there are pushes to ipa-4-9 branch: https://vda.li/drafts/freeipa-4.9.2-release-notes.html It is not edited manually right now so usual rules apply: - if you want to add a changelog note, modify changelog field in the ticket mentioned in the release notes or - add RN: ... lines into the commit message itself. The release notes are mostly about user-facing changes so tests typically don't need to have individual release notes. Current list of resolved tickets for 4.9.2: #6739 Cannot login to replica's WebUI #8404 Detect and fail if not enough memory is available for installation #8550 (rhbz#1902173) Uninstallation of server with KRA diplays error but proceeds successfully (unable to access security domain) #8554 (rhbz#1891056) ipa-kdb: support subordinate/superior UPN suffixes #8588 The 'ipactl status' command exit code does not fail on a partial error #8630 (rhbz#1909876) Do not resolve user/group UID/GID in the service constructors #8636 (rhbz#1923900) Samba on IdM member failure #8658 (rhbz#1924501) Value stored to 'krberr' is never read in ipa-rmkeytab.c #8669 Reduce difference between upstream and downstream releases #8675 Update failed: NSS is built without support of the legacy database(DBM) #8685 KDC cert has no SAN DNSname #8686 (rhbz#1922955) Resubmitting KDC cert fails with internal server error #8690 Add a tool to control interactive programs on remote hosts in IPA tests -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland

1 0

[freeipa PR#5176][opened] freeipa.spec.in: depend on libsss_sudo
by fcami 04 Feb '21

04 Feb '21

URL: https://github.com/freeipa/freeipa/pull/5176 Author: fcami Title: #5176: freeipa.spec.in: depend on libsss_sudo Action: opened PR body: """ On 10.10+ releases od Dogtag, the PKI installer will not depend on sudo anymore. This opens the possibility of creating IPA servers without a properly configured sudo. Depend on libsss_sudo to make sure all IPA servers can have sudo. Fixes: https://pagure.io/freeipa/issue/8530 Signed-off-by: François Cami <fcami(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5176/head:pr5176 git checkout pr5176

2 1

[freeipa PR#5519][opened] Update samba configuration on IPA master to explicitly use 'server role' setting
by antoniotorresm 04 Feb '21

04 Feb '21

URL: https://github.com/freeipa/freeipa/pull/5519 Author: antoniotorresm Title: #5519: Update samba configuration on IPA master to explicitly use 'server role' setting Action: opened PR body: """ The default for this setting is 'auto', which may affect IPA Samba configuration on future Samba versions. By explicitly setting this parameter in the template, future manual intervention is prevented. Fixes: https://pagure.io/freeipa/issue/8452 Signed-off-by: Antonio Torres <antorres(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5519/head:pr5519 git checkout pr5519

2 1

[freeipa PR#5522][opened] [Backport][ipa-4-9] Ensure IPA is running (ideally) before uninstalling the KRA
by flo-renaud 04 Feb '21

04 Feb '21

URL: https://github.com/freeipa/freeipa/pull/5522 Author: flo-renaud Title: #5522: [Backport][ipa-4-9] Ensure IPA is running (ideally) before uninstalling the KRA Action: opened PR body: """ This PR was opened automatically because PR #5485 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5522/head:pr5522 git checkout pr5522

1 1

[freeipa PR#5481][opened] Webui test hostgroup
by miskopo 04 Feb '21

04 Feb '21

URL: https://github.com/freeipa/freeipa/pull/5481 Author: miskopo Title: #5481: Webui test hostgroup Action: opened PR body: """ NOT READY FOR REVIEW, TESTING SCENARIO """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5481/head:pr5481 git checkout pr5481

1 1

[freeipa PR#5461][opened] experiments with DNS resolvers
by wladich 04 Feb '21

04 Feb '21

URL: https://github.com/freeipa/freeipa/pull/5461 Author: wladich Title: #5461: experiments with DNS resolvers Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5461/head:pr5461 git checkout pr5461

1 1

[freeipa PR#5485][opened] Ensure IPA is running (ideally) before uninstalling the KRA
by rcritten 04 Feb '21

04 Feb '21

URL: https://github.com/freeipa/freeipa/pull/5485 Author: rcritten Title: #5485: Ensure IPA is running (ideally) before uninstalling the KRA Action: opened PR body: """ Ensure IPA is running (ideally) before uninstalling the KRA The KRA attempts to unregister itself from the security domain which requires that IPA be running for this to succeed. 1. Move the KRA uninstall call prior to stopping all IPA services 2. Try to start IPA if it isn't running and a KRA is configured It isn't mandatory that IPA be running for the KRA uninstall to succeed but it will suppress a pretty scary backtrace and error message. https://pagure.io/freeipa/issue/8550 Signed-off-by: Rob Crittenden <rcritten(a)redhat.com> This also removes two deprecated API warnings from dogtag and changes a log level from info to debug to suppress unnecessary output. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5485/head:pr5485 git checkout pr5485

2 1

[freeipa PR#5521][opened] [Backport][ipa-4-9] client: synchronize ignored return codes with ipa-rmkeytab
by rcritten 04 Feb '21

04 Feb '21

URL: https://github.com/freeipa/freeipa/pull/5521 Author: rcritten Title: #5521: [Backport][ipa-4-9] client: synchronize ignored return codes with ipa-rmkeytab Action: opened PR body: """ This PR was opened automatically because PR #5515 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5521/head:pr5521 git checkout pr5521

2 1

[freeipa PR#5473][opened] ipatests: when talking to AD DCs, use FQDN credentials
by abbra 04 Feb '21

04 Feb '21

URL: https://github.com/freeipa/freeipa/pull/5473 Author: abbra Title: #5473: ipatests: when talking to AD DCs, use FQDN credentials Action: opened PR body: """ Samba 4.13+ in Fedora 33+ and RHEL 8.4+ defaults to Kerberos authentication. This means user name used for authentication must be mapped to a target realm. Fixes: https://pagure.io/freeipa/issue/8678 Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5473/head:pr5473 git checkout pr5473

2 1

[freeipa PR#5515][opened] client: synchronize ignored return codes with ipa-rmkeytab
by abbra 03 Feb '21

03 Feb '21

URL: https://github.com/freeipa/freeipa/pull/5515 Author: abbra Title: #5515: client: synchronize ignored return codes with ipa-rmkeytab Action: opened PR body: """ Refactoring ipa-rmkeytab with commit f3f9672d527008dc741ac90aa465bac842eea08d led to new error code 7 when MIT Kerberos fails to iterate through the keys. It appears now in places where in past error code 3 was returned. Related: https://pagure.io/freeipa/issue/8658 Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5515/head:pr5515 git checkout pr5515

2 1

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel February 2021