The FreeIPA team would like to announce FreeIPA 4.7.5 release!
FreeIPA 4.7.5 is the final release in 4.7 series. No new releases will be provided for FreeIPA 4.7 as there are no distributors using the series anymore.
Two long term support release series are available:
* FreeIPA 4.6 * FreeIPA 4.8
Source code for the release can be downloaded from http://www.freeipa.org/page/Downloads.
== Highlights in 4.7.5
* 5662: ID Views: do not allow custom Views for the masters
Custom ID views cannot be applied to IPA masters. A check was added to both IPA CLI and Web UI to prevent applying custom ID views to avoid confusion and unintended side-effects.
* 7181: ipa-replica-prepare fails for 2nd replica when passwordHistory is enabled
FreeIPA password policy plugin in 389-ds was extended to exempt non-Kerberos LDAP objects from checking Kerberos policy during password changes by the Directory Manager or a password synchronization manager. This issue affected, among others, an integrated CA administrator account during deployment of more than one replica in some cases.
* 8233: 4.8.5 master Installation error
On Debian and ALT Linux setup of AJP connector did restart Apache instance before it was configured. The restart wasn't actually needed and thus was removed.
* 8236: Enforce a check to prevent adding objects from IPA as external members of external groups
Command 'ipa group-add-member' allowed to specify any user or group for '--external' option. A stricter check is added to verify that a group or user to be added as an external member does not come from IPA domain.
* 8239: Actualize Bootstrap version
Bootstrap Javascript framework used by FreeIPA web UI was updated to version 3.4.1.
=== Enhancements
=== Known Issues
=== Bug fixes
FreeIPA 4.7.5 is a stabilization release for the features delivered as a part of 4.7 version series.
There are more than 60 bug-fixes details of which can be seen in the list of resolved tickets below.
== Upgrading
Upgrade instructions are available on Upgrade page.
== Feedback
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...) or #freeipa channel on Freenode.
== Resolved tickets
* https://pagure.io/freeipa/issue/2018%5B#2018] Change hostname length limit to 64 * https://pagure.io/freeipa/issue/4972%5B#4972] check for existence of private group is done even if UPG definition is disabled * https://pagure.io/freeipa/issue/5062%5B#5062] [WebUI] Unlock option is enabled for all user. * https://pagure.io/freeipa/issue/5662%5B#5662] ID Views: do not allow custom Views for the masters * https://pagure.io/freeipa/issue/6210%5B#6210] When master's IP address does not resolve to its name, ipa-replica-install fails * https://pagure.io/freeipa/issue/6843%5B#6843] ipa-backup does not create log file at /var/log/ * https://pagure.io/freeipa/issue/6951%5B#6951] Update samba config file and use sss idmap module * https://pagure.io/freeipa/issue/7181%5B#7181] ipa-replica-prepare fails for 2nd replica when passwordHistory is enabled * https://pagure.io/freeipa/issue/7307%5B#7307] RFE: Extend IPA to support unadvertised replicas * https://pagure.io/freeipa/issue/7566%5B#7566] Installation of replica against a specific master * https://pagure.io/freeipa/issue/7600%5B#7600] Enable compat tree to provide information about AD users and groups on trust agents * https://pagure.io/freeipa/issue/7725%5B#7725] ipa-restore set wrong file permissions and ownership for /var/log/dirsrv/slapd- directory * https://pagure.io/freeipa/issue/7804%5B#7804] `ipa otptoken-sync` fails with stack trace * https://pagure.io/freeipa/issue/7810%5B#7810] [F28] Require NSS with fix for p11-kit issue. * https://pagure.io/freeipa/issue/7834%5B#7834] Fix certificate revocation tests for Web UI * https://pagure.io/freeipa/issue/7870%5B#7870] [certmonger][upgrade] "Failed to get request: bus, object_path and dbus_interface must not be None." * https://pagure.io/freeipa/issue/7895%5B#7895] ipa trust fetch-domains, server parameter ignored * https://pagure.io/freeipa/issue/7908%5B#7908] Write tests for interactive prompt for NTP options. * https://pagure.io/freeipa/issue/7917%5B#7917] Occasional 'whoami.data is undefined' error in FreeIPA web UI * https://pagure.io/freeipa/issue/7949%5B#7949] test_integration/test_nfs.py fails at cleanup * https://pagure.io/freeipa/issue/7995%5B#7995] Removing TLSv1.0, TLSv1.1 from nss.conf * https://pagure.io/freeipa/issue/8001%5B#8001] Need default authentication indicators for SPAKE, PKINIT and encrypted challenge preauth * https://pagure.io/freeipa/issue/8017%5B#8017] host-add --password logs cleartext userpassword to Apache error log * https://pagure.io/freeipa/issue/8026%5B#8026] Update pr-ci definitions with master_3client topology * https://pagure.io/freeipa/issue/8027%5B#8027] test_nfs.py: migrate to master_3client * https://pagure.io/freeipa/issue/8029%5B#8029] ipa host-find --pkey-only includes SSH keys in output * https://pagure.io/freeipa/issue/8034%5B#8034] Existing p11-kit config file is not restored on uninstall * https://pagure.io/freeipa/issue/8044%5B#8044] Extdom plugin should not return LDAP_NO_SUCH_OBJECT if there are timeout or other errors * https://pagure.io/freeipa/issue/8055%5B#8055] Test for PG6843: ipa-backup does not create log file at /var/log is failing * https://pagure.io/freeipa/issue/8067%5B#8067] add default access control configuration to trusted domain objects * https://pagure.io/freeipa/issue/8070%5B#8070] Test failure in test_integration/test_replica_promotion.py::TestHiddenReplicaPromotion::()::test_hidden_replica_install * https://pagure.io/freeipa/issue/8073%5B#8073] Backup/restore does not restore /etc/pkcs11/modules/softhsm2.module * https://pagure.io/freeipa/issue/8077%5B#8077] New pylint 2.4.0 errors * https://pagure.io/freeipa/issue/8082%5B#8082] Default client configuration breaks ssh in FIPS mode. * https://pagure.io/freeipa/issue/8084%5B#8084] KRA authentication fails when IPA CA has custom Subject DN * https://pagure.io/freeipa/issue/8086%5B#8086] ipa-server-certinstall man page does not match built-in help. * https://pagure.io/freeipa/issue/8099%5B#8099] ipa-backup command is failing on rhel-7.8 * https://pagure.io/freeipa/issue/8102%5B#8102] Pylint 2.4.3 + Astroid 2.3.2 errors * https://pagure.io/freeipa/issue/8113%5B#8113] ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client * https://pagure.io/freeipa/issue/8115%5B#8115] Nightly test failure in fedora-30/test_smb and fedora-29/test_smb * https://pagure.io/freeipa/issue/8120%5B#8120] Invisible part of notification area in Web UI intercepts clicks of some page elements * https://pagure.io/freeipa/issue/8131%5B#8131] covscan memory leaks report * https://pagure.io/freeipa/issue/8138%5B#8138] Man page ipa-cacert-manage does not display correctly on RHEL * https://pagure.io/freeipa/issue/8148%5B#8148] add "systemctl restart sssd" to warning message when adding trust agents to replicas * https://pagure.io/freeipa/issue/8151%5B#8151] test_commands timing-out * https://pagure.io/freeipa/issue/8157%5B#8157] NIghtly test failure in fedora-rawhide/test_webui_network * https://pagure.io/freeipa/issue/8163%5B#8163] "Internal Server Error" reported for minor issues implies IPA is broken [IdmHackfest2019] * https://pagure.io/freeipa/issue/8164%5B#8164] Renewed certs are not picked up by IPA CAs * https://pagure.io/freeipa/issue/8169%5B#8169] NIghtly test failure in fedora-rawhide/test_webui_policy * https://pagure.io/freeipa/issue/8170%5B#8170] Nightly test failure in fedora-rawhide/test_backup_and_restore_TestBackupReinstallRestoreWithDNS * https://pagure.io/freeipa/issue/8176%5B#8176] External CA is tracked for renewals and replaced with a self-signed certificate * https://pagure.io/freeipa/issue/8193%5B#8193] Re-order 50-externalmembers.update to be after 80-schema_compat.update * https://pagure.io/freeipa/issue/8213%5B#8213] Test failure in Travis CI: missing IPv6 loopback interface * https://pagure.io/freeipa/issue/8219%5B#8219] ipatests: unify editing of sssd.conf * https://pagure.io/freeipa/issue/8221%5B#8221] Secure AJP connector between Dogtag and Apache proxy * https://pagure.io/freeipa/issue/8226%5B#8226] ipa-restore does not restart httpd * https://pagure.io/freeipa/issue/8228%5B#8228] Nightly failure in backup/restore while calling 'id admin' * https://pagure.io/freeipa/issue/8233%5B#8233] 4.8.5 master Installation error * https://pagure.io/freeipa/issue/8236%5B#8236] Enforce a check to prevent adding objects from IPA as external members of external groups * https://pagure.io/freeipa/issue/8239%5B#8239] Actualize Bootstrap version
== Detailed changelog since 4.7.4
=== Armando Neto (6)
* Travis: Enable IPv6 support for Docker https://pagure.io/freeipa/c/4cddbfd8cc7b46b78cb8e27200a12941a3781e3e%5Bcommi...] https://pagure.io/freeipa/issue/8213%5B#8213] * prci: Bump template version https://pagure.io/freeipa/c/529d571d505e83e764596496db5d2dfc9a43960f%5Bcommi...] * ipatests: Skip test_sss_ssh_authorizedkeys method https://pagure.io/freeipa/c/54b14f4cb3e65571be54b94ab5f42d471b92a23d%5Bcommi...] https://pagure.io/freeipa/issue/8151%5B#8151] * prci: bump template version https://pagure.io/freeipa/c/4fec68611059069205086b88829d9dddbd7f78c7%5Bcommi...] * prci: increase timeout argument for test_sssd.py https://pagure.io/freeipa/c/51a531ddbfacec75abe2c4d16b16baf0cd323798%5Bcommi...] * prci: Update box used in branch ipa-4-7 https://pagure.io/freeipa/c/db305621fcaf46606cd8a9078f96dd19048140d1%5Bcommi...]
=== Alexander Bokovoy (20)
* ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager https://pagure.io/freeipa/c/eaec7584195ce173a6de5101d745be35b7c4cb5f%5Bcommi...] https://pagure.io/freeipa/issue/7181%5B#7181] * ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN https://pagure.io/freeipa/c/79fab655ceca9d1ea0791d3a0fb584ea51a9849d%5Bcommi...] https://pagure.io/freeipa/issue/7181%5B#7181] * ipatests: test sysaccount password change with a password policy applied https://pagure.io/freeipa/c/74c5a96b8441f0d6b5a64ede2e9de95b4f3fcc4b%5Bcommi...] https://pagure.io/freeipa/issue/7181%5B#7181] * ipatests: allow changing sysaccount passwords as cn=Directory Manager https://pagure.io/freeipa/c/d91c4d638c6db3183bd0c5e3f18f25ed229a1f3f%5Bcommi...] https://pagure.io/freeipa/issue/7181%5B#7181] * Fix indentation levels https://pagure.io/freeipa/c/57e30f88242d926c9487e7ca26dc5ded40700192%5Bcommi...] * ipatests: always skip additional input for group-add-member --external https://pagure.io/freeipa/c/935c356dace23a60be8a0fba4ac482eeccb95948%5Bcommi...] https://pagure.io/freeipa/issue/8236%5B#8236] * Prevent adding IPA objects as external members of external groups https://pagure.io/freeipa/c/5a2f27fe036d61415a128b650d6750e2c2048b4b%5Bcommi...] https://pagure.io/freeipa/issue/8236%5B#8236] * Secure AJP connector between Dogtag and Apache proxy https://pagure.io/freeipa/c/fc82b966c054b8a6a98441f08d9ccf2f5737e623%5Bcommi...] https://pagure.io/freeipa/issue/8221%5B#8221] * Tighten permissions on PKI proxy configuration https://pagure.io/freeipa/c/d4ad2c24df2477a5b4ced14a592d99547a0c029e%5Bcommi...] https://pagure.io/freeipa/issue/8221%5B#8221] * install/updates: move external members past schema compat update https://pagure.io/freeipa/c/9db61a51f4cfcaae5e51d10c9ce2ed751cce4c49%5Bcommi...] https://pagure.io/freeipa/issue/8193%5B#8193] * covscan: free ucs2-encoded password copy when generating NTLM hash https://pagure.io/freeipa/c/c37081576d2f282e702b42652c04e053886c47cf%5Bcommi...] https://pagure.io/freeipa/issue/8131%5B#8131] * covscan: free encryption types in case there is an error https://pagure.io/freeipa/c/212e86eee15e883bffd01f969219ce644c3e45c6%5Bcommi...] https://pagure.io/freeipa/issue/8131%5B#8131] * Become FreeIPA 4.7.4 https://pagure.io/freeipa/c/f5e60ffe9e0b909075071511ffa041390a9a87b6%5Bcommi...] * Do not run trust upgrade code if master lacks Samba bindings https://pagure.io/freeipa/c/2f8f257d9a9c076bf1a2d28aee06fbac0532aa72%5Bcommi...] https://pagure.io/freeipa/issue/8001%5B#8001] * adtrust: add default read_keys permission for TDO objects https://pagure.io/freeipa/c/df19bf51730e1762f3c1e8a1fe196ec5c5381b98%5Bcommi...] https://pagure.io/freeipa/issue/8067%5B#8067] * add default access control when migrating trust objects https://pagure.io/freeipa/c/cf23e732f521f6b6dca8a3b7043cabb161dcbca9%5Bcommi...] https://pagure.io/freeipa/issue/8067%5B#8067] * ipa-extdom-extop: test timed out getgrgid_r https://pagure.io/freeipa/c/f87ee14da5c734e6c6d2455da6272712c567c091%5Bcommi...] https://pagure.io/freeipa/issue/8044%5B#8044] * Update sudo test as SSSD 2.2.0 is available in the test image https://pagure.io/freeipa/c/ce2dcd7b6188416c5c7024786e258a524eb98288%5Bcommi...] * Restore SELinux context for p11-kit config overrides https://pagure.io/freeipa/c/e16099a6097ed73d647e5a20d969bd15b5f4df0f%5Bcommi...] https://pagure.io/freeipa/issue/7810%5B#7810] * Back to git builds https://pagure.io/freeipa/c/f4c55e144e7e73a3ed5f2875f5bddc271d4cbb38%5Bcommi...]
=== Anuja More (11)
* Mark test to skip sssd-2.2.0 [sssd/issue/4073] https://pagure.io/freeipa/c/2ea0a1dd3cf5bacf8599ecbe2f3f2b97b524895d%5Bcommi...] * ipatests: User and group with same name should not break reading AD user data. https://pagure.io/freeipa/c/7c452d70ab7b2223770592e11299574284cfaa05%5Bcommi...] * ipatests: Added test when 2FA prompting configurations is set. https://pagure.io/freeipa/c/40359d2e1a1c4038ac9fc1afa2841e55b11073d8%5Bcommi...] * Mark xfail for sssd-version < 2.2.2 https://pagure.io/freeipa/c/bd350690c6e984697b767279c1ec930c028f8a4f%5Bcommi...] * ipatests: SSSD should fetch external groups without any limit. https://pagure.io/freeipa/c/6d65406e2baf751415c29c331b95580b70ac1706%5Bcommi...] * ipatests: Add test for ipa-extdom-extop plugin should allow @ in group name https://pagure.io/freeipa/c/b0ad2c432362e88764bb11e14cc852c2616fd952%5Bcommi...] * Update topology for test_integration/test_sssd.py https://pagure.io/freeipa/c/9a0f6cb2582e265a5d1bb87aaff6049ccd5a5b35%5Bcommi...] * Fix fedora version for xfail for sssd test https://pagure.io/freeipa/c/62777234a45627ff6e9b3417ce77a81194d15193%5Bcommi...] * ipatests: filter_users should be applied correctly. https://pagure.io/freeipa/c/e8a629d2ae59566593c9855e4050f53773b325fa%5Bcommi...] * ipatests: 'sss_ssh_authorizedkeys user' should return ssh key https://pagure.io/freeipa/c/480ac797439e24609f7154a168b2ddcfa32575a4%5Bcommi...] * Extdom plugin should not return error (32)/'No such object' https://pagure.io/freeipa/c/83e3f5d105a8d52328fbd966bf82404760c51668%5Bcommi...] https://pagure.io/freeipa/issue/8044%5B#8044]
=== Christian Heimes (4)
* Add test case for OTP login https://pagure.io/freeipa/c/85b595aefacd8a52ca9cadf53bdd74184aeb2ba8%5Bcommi...] https://pagure.io/freeipa/issue/7804%5B#7804] * Cherry-picked only ldapmodify_dm() https://pagure.io/freeipa/c/f66df362c31f1bed322d891568d888b2e2e48bfa%5Bcommi...] * Print LDAP diagnostic messages on error https://pagure.io/freeipa/c/1ffe826caa0283b2b2a15e341e178bac7a748fe5%5Bcommi...] * Use default ssh host key algorithms https://pagure.io/freeipa/c/fb313d83adf04bc52f047c9167ade9be4c28e946%5Bcommi...] https://pagure.io/freeipa/issue/8082%5B#8082]
=== François Cami (6)
* ipa-restore: restart services at the end https://pagure.io/freeipa/c/e7fcffcc7209428f2775c97f76db3ecff8499689%5Bcommi...] https://pagure.io/freeipa/issue/8226%5B#8226] * adtrust.py: mention restarting sssd when adding trust agents https://pagure.io/freeipa/c/14de3644ea1e8ce3954b1da6a0e99f6e27d4db03%5Bcommi...] https://pagure.io/freeipa/issue/8148%5B#8148] * test_nfs.py: switch to master_3repl https://pagure.io/freeipa/c/98d3b63ca95aafbba3075b5d38fb0bc0ee6d559e%5Bcommi...] https://pagure.io/freeipa/issue/8027%5B#8027] * ipatests: rename config_replica_resolvconf_with_master_data() https://pagure.io/freeipa/c/912c38a661874274206948f8bc1befa827b2d959%5Bcommi...] * test_nfs.py: switch to tasks.config_replica_resolvconf_with_master_data() https://pagure.io/freeipa/c/b79f8d8d38860097bfad98bd29a60a7511f02a4b%5Bcommi...] https://pagure.io/freeipa/issue/7949%5B#7949] * prci_definitions: add master_3client topology https://pagure.io/freeipa/c/f5b11567488ac2c6a6abd242ef3bf37eb8781234%5Bcommi...] https://pagure.io/freeipa/issue/8026%5B#8026]
=== Florence Blanc-Renaud (22)
* ipatests: wait for SSSD to become online in backup/restore tests https://pagure.io/freeipa/c/dcdab7b8f8f82077943b5842368e5797a141dbb3%5Bcommi...] https://pagure.io/freeipa/issue/8228%5B#8228] * xmlrpc tests: add a test for idview-apply on a master https://pagure.io/freeipa/c/454168fadd19e0b613e76266ca62157bf2befe67%5Bcommi...] https://pagure.io/freeipa/issue/5662%5B#5662] * idviews: prevent applying to a master https://pagure.io/freeipa/c/e9bf4edbee28ea28d9d0a0ead834773c46861c4c%5Bcommi...] https://pagure.io/freeipa/issue/5662%5B#5662] * ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg missing https://pagure.io/freeipa/c/1fccdd00d53bc71e87ab5a4b1c68ab6e3efcce8c%5Bcommi...] https://pagure.io/freeipa/issue/7600%5B#7600] * ipatests: add test for ipa-adtrust-install --add-agents https://pagure.io/freeipa/c/59b09f154b9d85d937da64d6fe271d09c5b61bc1%5Bcommi...] https://pagure.io/freeipa/issue/7600%5B#7600] * ipa-adtrust-install: run remote configuration for new agents https://pagure.io/freeipa/c/3a880ff64d44156fa274ef13ea726fe78cd37f2e%5Bcommi...] https://pagure.io/freeipa/issue/7600%5B#7600] * Privilege: add a helper checking if a principal has a given privilege https://pagure.io/freeipa/c/2b5c409c3031696a358d57def4dc2e98142ef643%5Bcommi...] https://pagure.io/freeipa/issue/7600%5B#7600] * ipatests: fix TestSubCAkeyReplication https://pagure.io/freeipa/c/15ab3a21dcfca6d11de0179455a09f3816f30bf3%5Bcommi...] * ipatests: fix modify_sssd_conf() https://pagure.io/freeipa/c/6b25791f791e716f566dc945b58f241c71312cb6%5Bcommi...] * ipatests: fix backup and restore https://pagure.io/freeipa/c/aa0bcb1380198fee4028eeb327c6541828779391%5Bcommi...] https://pagure.io/freeipa/issue/8170%5B#8170] * AD user without override receive InternalServerError with API https://pagure.io/freeipa/c/f9f822ac10c0a5fffca906d5f5412c8d35adcc18%5Bcommi...] https://pagure.io/freeipa/issue/8163%5B#8163] * ipa-cacert-manage man page: fix indentation https://pagure.io/freeipa/c/a281a42ed89c1e901c7f4676423998c6764ec765%5Bcommi...] https://pagure.io/freeipa/issue/8138%5B#8138] * trust upgrade: ensure that host is member of adtrust agents https://pagure.io/freeipa/c/206e1f94efda11dd773860c9bbf9609d797688d4%5Bcommi...] * smartcard: make the ipa-advise script compatible with authselect/authconfig https://pagure.io/freeipa/c/134c6bd1243329ec41f7a6648e78af57955bc6a6%5Bcommi...] https://pagure.io/freeipa/issue/8113%5B#8113] * ipa-backup: fix python2 issue with os.mkdir https://pagure.io/freeipa/c/3a399e1dfa4d64ad1a1030f86dbdb13486aa69f7%5Bcommi...] https://pagure.io/freeipa/issue/8099%5B#8099] * ipa-server-certinstall manpage: add missing options https://pagure.io/freeipa/c/5448797ee8a0d1e83599a58bb1b0b8257a9ff35a%5Bcommi...] https://pagure.io/freeipa/issue/8086%5B#8086] * ipatests: fix test_replica_promotion.py::TestHiddenReplicaPromotion https://pagure.io/freeipa/c/548b697fbdc9a851ce22745a477f938c5816bf43%5Bcommi...] https://pagure.io/freeipa/issue/8070%5B#8070] * ipatests: add XMLRPC test for user-add when UPG plugin is disabled https://pagure.io/freeipa/c/6f512b00ee4b5cce9e5b8a658cb7388e2aa3a52a%5Bcommi...] https://pagure.io/freeipa/issue/4972%5B#4972] * ipa user_add: do not check group if UPG is disabled https://pagure.io/freeipa/c/ee0b0f66c15b4062c214f6993bc0b1e0da9a8a6d%5Bcommi...] https://pagure.io/freeipa/issue/4972%5B#4972] * replica install: enforce --server arg https://pagure.io/freeipa/c/6c5e72aee4dffb353b79b99324858bf2a1ec7314%5Bcommi...] https://pagure.io/freeipa/issue/7566%5B#7566] * ipatests: ensure that backup/restore restores pkcs 11 modules config file https://pagure.io/freeipa/c/a7168658210c85e746c6bb2d1a0be9b546702677%5Bcommi...] https://pagure.io/freeipa/issue/8073%5B#8073] * ipa-backup: backup the PKCS module config files setup by IPA https://pagure.io/freeipa/c/5bf6a39ceab02e0dca0626a556eadfe6a853a61a%5Bcommi...] https://pagure.io/freeipa/issue/8073%5B#8073]
=== Fraser Tweedale (4)
* Do not renew externally-signed CA as self-signed https://pagure.io/freeipa/c/3afd13a0b45de7349e2cb27cb45e7b3a02edf1c6%5Bcommi...] https://pagure.io/freeipa/issue/8176%5B#8176] * test_integration: add tests for custom CA subject DN https://pagure.io/freeipa/c/4767add057353280274b884b1bd15f7f63408970%5Bcommi...] https://pagure.io/freeipa/issue/8084%5B#8084] * upgrade: fix ipakra people entry 'description' attribute https://pagure.io/freeipa/c/4aad2c9b5ed7c7f4b6cba1e0328cf2ff88175d1c%5Bcommi...] https://pagure.io/freeipa/issue/8084%5B#8084] * krainstance: set correct issuer DN in uid=ipakra entry https://pagure.io/freeipa/c/1071eb2c64ef94fde13ba7a146d75635b4d56244%5Bcommi...] https://pagure.io/freeipa/issue/8084%5B#8084]
=== Gaurav Talreja (1)
* Normalize test definations titles https://pagure.io/freeipa/c/c22da325586eff18b1bb732d7e18b7161ea06fd3%5Bcommi...]
=== Jayesh Garg (2)
* Test if ipactl starts services stopped by systemctl https://pagure.io/freeipa/c/db6d0a6563644a003a6842ea712d9d6af99ee28c%5Bcommi...] * Test for ipa-ca-install on replica https://pagure.io/freeipa/c/1cd2ff5577af1043389e9bf59cb741b184ca31a1%5Bcommi...]
=== Michal Polovka (3)
* ipatests: add tests for ipa host-add with non-default maxhostnamelength https://pagure.io/freeipa/c/353062abc635d6fd310680461618d1cc32d5e07a%5Bcommi...] https://pagure.io/freeipa/issue/2018%5B#2018] * ipatests: fix topology for TestIpaNotConfigured in PR-CI nightly definitions https://pagure.io/freeipa/c/465706ac98cd7608916090610418a15943e791e0%5Bcommi...] https://pagure.io/freeipa/issue/6843%5B#6843], https://pagure.io/freeipa/issue/8055%5B#8055] * ipatests: Test for ipa-backup with ipa not configured https://pagure.io/freeipa/c/b384b297f44e3fb96b1509affabcd9f0011592a7%5Bcommi...] https://pagure.io/freeipa/issue/6843%5B#6843]
=== Mohammad Rizwan Yusuf (5)
* Test if schema-compat-entry-attribute is set https://pagure.io/freeipa/c/651d97a47d1f60875648ae72c2c0e6fe6ffabe04%5Bcommi...] https://pagure.io/freeipa/issue/8193%5B#8193] * Test if schema-compat-entry-attribute is set https://pagure.io/freeipa/c/405363baa62c7a2e875aae516abc8080031094f2%5Bcommi...] https://pagure.io/freeipa/issue/8193%5B#8193] * add test to nightly yaml https://pagure.io/freeipa/c/16c794d8a3d7d690883da5b29c5c04a203a2b8db%5Bcommi...] * Installation of replica against a specific server https://pagure.io/freeipa/c/e12fa0b88371962e3684c6b932980c3ac0ab8e1d%5Bcommi...] https://pagure.io/freeipa/issue/7566%5B#7566] * Check file ownership and permission for dirsrv log instance https://pagure.io/freeipa/c/140111cd53803194a6c41a576cab9b3c282ed54f%5Bcommi...] https://pagure.io/freeipa/issue/7725%5B#7725]
=== ndehadra (1)
* Hidden Replica: Add a test for Automatic CRL configuration https://pagure.io/freeipa/c/90c22dbc46910739b1ed43c5a1e94afdc464fe75%5Bcommi...] https://pagure.io/freeipa/issue/7307%5B#7307]
=== Rob Crittenden (10)
* Test that pwpolicy only applied on Kerberos entries https://pagure.io/freeipa/c/1e6f6f590342fd5c3cf90dee8f23ca1d2651c551%5Bcommi...] * Add ability to change a user password as the Directory Manager https://pagure.io/freeipa/c/6d28e82b2616ccc8b67cbe1b60d5e914e02636ca%5Bcommi...] * Don't save password history on non-Kerberos accounts https://pagure.io/freeipa/c/82585849cfbad0c7cf2225d2766cb0aed0dce898%5Bcommi...] * Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit https://pagure.io/freeipa/c/e5983600bfc0f143c3a6732be6532e48d9faaf15%5Bcommi...] https://pagure.io/freeipa/issue/8164%5B#8164] * CVE-2019-10195: Don't log passwords embedded in commands in calls using batch https://pagure.io/freeipa/c/e8ed8b0b242e3c8e4107090f56a4771b53b777e5%5Bcommi...] * ipa-restore: Restore ownership and perms on 389-ds log directory https://pagure.io/freeipa/c/05b173c1a7fb0b18b371771bafe01c0083547c79%5Bcommi...] https://pagure.io/freeipa/issue/7725%5B#7725] * Report if a certmonger CA is missing https://pagure.io/freeipa/c/eda9a51110a645de2ffe459a5101631af4d7772b%5Bcommi...] https://pagure.io/freeipa/issue/7870%5B#7870] * Re-order tasks.restore_pkcs11_modules() to run earlier https://pagure.io/freeipa/c/a62e3c011992ca8d4d9dbd0a8d97b036820a5cd2%5Bcommi...] https://pagure.io/freeipa/issue/8034%5B#8034] * Don't log host passwords when they are set/modified https://pagure.io/freeipa/c/2d58e3bcaa8732f448e01e75448092fe53fd6d13%5Bcommi...] https://pagure.io/freeipa/issue/8017%5B#8017] * Don't return SSH keys with ipa host-find --pkey-only https://pagure.io/freeipa/c/bdbc918724275e19c81e2e8fa6edfa1972e63f95%5Bcommi...] https://pagure.io/freeipa/issue/8029%5B#8029]
=== Robbie Harwood (3)
* Fix segfault in ipadb_parse_ldap_entry() https://pagure.io/freeipa/c/6b4a80e889a2603a65e869f4fd492c9c4fe5c896%5Bcommi...] * Fix NULL pointer dereference in maybe_require_preauth() https://pagure.io/freeipa/c/47aa96e7ff0bf31edefaa8cbe76c0acb360a7fb3%5Bcommi...] * Log INFO message when LDAP connection fails on startup https://pagure.io/freeipa/c/dbdd15966b035c657517a373e6b91c35e0ac1cb8%5Bcommi...]
=== Sumit Bose (1)
* extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT https://pagure.io/freeipa/c/a0a16df8a9a171c6508a04970ba3b5321d43ddfa%5Bcommi...] https://pagure.io/freeipa/issue/8044%5B#8044]
=== Stanislav Levin (3)
* pki-proxy: Don't rely on running apache until it's configured https://pagure.io/freeipa/c/0db996906bbc0fcfd02c81dd468276aae67f0e53%5Bcommi...] https://pagure.io/freeipa/issue/8233%5B#8233] * Fix errors found by Pylint-2.4.3 https://pagure.io/freeipa/c/20548ef82f470e11c11722b549f4aac21e8ca5a7%5Bcommi...] https://pagure.io/freeipa/issue/8102%5B#8102] * Fixed errors newly exposed by pylint 2.4.0 https://pagure.io/freeipa/c/1248050e19fef3aa39a95fecd2257f841ef6392e%5Bcommi...] https://pagure.io/freeipa/issue/8077%5B#8077]
=== Sergey Orlov (19)
* ipatests: provide AD admin password when trying to establish trust https://pagure.io/freeipa/c/db1b9fc428d8932f4fa9da79501ff2be8e4e7cc2%5Bcommi...] https://pagure.io/freeipa/issue/7895%5B#7895] * ipatests: remove test_ordering https://pagure.io/freeipa/c/ca8cd6ad722590eec545bfb2a68208a0ba8557f0%5Bcommi...] * ipatests: remove invalid parameter from sssd.conf https://pagure.io/freeipa/c/c89dbf2440ef0da37b1f766f7a424408b3202966%5Bcommi...] https://pagure.io/freeipa/issue/8219%5B#8219] * ipatests: use remote_sssd_config to modify sssd.conf https://pagure.io/freeipa/c/90d88634ef0b05fdfe6879e03c7c44cd2246668d%5Bcommi...] https://pagure.io/freeipa/issue/8219%5B#8219] * ipatests: replace utility for editing sssd.conf https://pagure.io/freeipa/c/7a4d30717e1d4a65e0e9277e6a52e369df3989bf%5Bcommi...] https://pagure.io/freeipa/issue/8219%5B#8219] * ipatests: update docstring to reflect changes in FileBackup.restore() https://pagure.io/freeipa/c/aa722083cea3d3d238d80699de21201242888116%5Bcommi...] * ipatests: add test_trust suite to nightly runs https://pagure.io/freeipa/c/5ed1b87c384ce4df6dfeb34424295280cf92dde8%5Bcommi...] * ipatests: fix collection of tests from test_trust suite https://pagure.io/freeipa/c/39a0b12fca2ea4b760f6c1aad99f1fa6614c159b%5Bcommi...] * ipatests: add test_winsyncmigrate suite to nightly runs https://pagure.io/freeipa/c/a60c057310db5ad11f4358890fc9e3784681e663%5Bcommi...] * ipatests: add check that ipa-adtrust-install generates sane smb.conf https://pagure.io/freeipa/c/e2a7e73f86d66740f8e6c8e64929bcad6793b6f6%5Bcommi...] https://pagure.io/freeipa/issue/6951%5B#6951] * ipatests: refactor FileBackup helper https://pagure.io/freeipa/c/f92c28da7bbc03c2ef47f0617e8dabbdfd0bf65e%5Bcommi...] https://pagure.io/freeipa/issue/8115%5B#8115] * ipatests: in DNS zone file add A record for name server https://pagure.io/freeipa/c/13fbe2c8642906711c660ab7edc1b7b883b295a7%5Bcommi...] * ipatests: strip newline character when getting name of temp file https://pagure.io/freeipa/c/6b59ceeb37f4c94fe2903fdd7ff81149147f7bd9%5Bcommi...] * ipatests: add test to check that only TLS 1.2 is enabled in Apache https://pagure.io/freeipa/c/f9566100a512656b98b72baf708becc7870750c4%5Bcommi...] https://pagure.io/freeipa/issue/7995%5B#7995] * ipatests: fix DNS forwarders setup for AD trust tests with non-root domains https://pagure.io/freeipa/c/180259f20c4170b96b3a0433d4db0950eda6cd20%5Bcommi...] * ipatests: add tests for cached_auth_timeout in sssd.conf https://pagure.io/freeipa/c/72dc394614300ee4dac25b4509eb216d5104c224%5Bcommi...] * ipatests: add new utilities for file management https://pagure.io/freeipa/c/f44dc80c52d0357fb582a0999958221dab33b952%5Bcommi...] * ipatests: add utility functions related to using and managing user accounts https://pagure.io/freeipa/c/62fe597a68a218eebf106ca7dc5d107b14ea4e3d%5Bcommi...] * ipatests: modify run_command to allow specify successful return codes https://pagure.io/freeipa/c/a092198a0bd9ac6fa37635a21163061cc186d0fb%5Bcommi...]
=== Sumedh Sidhaye (2)
* Added a test to check if ipa host-find --pkey-only does not return SSH public key https://pagure.io/freeipa/c/f4fdfaac3bea3b1301222f6362275f34b1b710e9%5Bcommi...] https://pagure.io/freeipa/issue/8029%5B#8029] * Test: Test to check whether ssh from ipa client to ipa master is successful after adding ldap_deref_threshold=0 in sssd.conf https://pagure.io/freeipa/c/4c421ec4d5dbfa63027c8c41b8b699a2b938e3de%5Bcommi...]
=== Simo Sorce (1)
* Make sure to have storage space for tag https://pagure.io/freeipa/c/975c1a3d6c48bf5d71fbe12373603298a5573754%5Bcommi...]
=== Serhii Tsymbaliuk (7)
* Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1 https://pagure.io/freeipa/c/5e122aa20594e8f34ffa175401d6ada4c05bbb5e%5Bcommi...] https://pagure.io/freeipa/issue/8239%5B#8239] * WebUI tests: Fix broken reference to parent facet in table record check https://pagure.io/freeipa/c/a45679047f82a3fbb98422a023a782766df0ca25%5Bcommi...] https://pagure.io/freeipa/issue/8157%5B#8157] * WebUI tests: Fix 'Button is not displayed' exception https://pagure.io/freeipa/c/220aba3119c2243e890540a95404f14cfffc6ca5%5Bcommi...] https://pagure.io/freeipa/issue/8169%5B#8169] * Fix occasional 'whoami.data is undefined' error in FreeIPA web UI https://pagure.io/freeipa/c/74e66ba3aac2fcf751f58a89879e2031078c7960%5Bcommi...] https://pagure.io/freeipa/issue/7917%5B#7917] * Fix certificate revocation tests for Web UI https://pagure.io/freeipa/c/e054f681a301bdde2ed92334957fe906229b3bcf%5Bcommi...] https://pagure.io/freeipa/issue/7834%5B#7834] * WebUI: Fix notification area layout https://pagure.io/freeipa/c/128a8bcf7b18a7e295ac8cb811021cf462282877%5Bcommi...] https://pagure.io/freeipa/issue/8120%5B#8120] * WebUI: Make 'Unlock' option is available only on locked user page https://pagure.io/freeipa/c/ad006f7008cf6d97c0ff435b5bcb6d17a450a94b%5Bcommi...] https://pagure.io/freeipa/issue/5062%5B#5062]
=== Tibor Dudlák (5)
* Add container environment check to replicainstall https://pagure.io/freeipa/c/82351f1e09e9d592e3b0bef521c2c94b0d222cce%5Bcommi...] https://pagure.io/freeipa/issue/6210%5B#6210] * Increase ntp_options test timeout https://pagure.io/freeipa/c/0f40193c6301174f54865fd867ad279456fe3ddd%5Bcommi...] * ipatests: refactor TestNTPoptions https://pagure.io/freeipa/c/6a046c525d61f5962c02a7ede808080089420604%5Bcommi...] * ipatests: Add tests for interactive chronyd config https://pagure.io/freeipa/c/b2c79ecbc1e47e36cbc7e65a575a398bd005f95c%5Bcommi...] https://pagure.io/freeipa/issue/7908%5B#7908] * ipatests: Update test tasks for client to be interactive https://pagure.io/freeipa/c/4e08b90bb785416582f4e993206b9342b1f0dbf9%5Bcommi...] https://pagure.io/freeipa/issue/7908%5B#7908]
=== Tomas Halman (4)
* extdom: add extdom protocol documentation https://pagure.io/freeipa/c/f8b070587c5c2779b6b76237d1c712a0947f9438%5Bcommi...] * extdom: use sss_nss_*_timeout calls https://pagure.io/freeipa/c/5340a03e30d37015777eafb58d7f36fc3d81c5eb%5Bcommi...] * extdom: plugin doesn't use timeout in blocking call https://pagure.io/freeipa/c/b442b82b4a4c80b9e7992b33eb008f4f0dea44e2%5Bcommi...] * extdom: plugin doesn't allow @ in group name https://pagure.io/freeipa/c/2e8a2a564a46a2a4f04236e08dda26d6126135ea%5Bcommi...]
=== Theodor van Nahl (1)
* Fix UnboundLocalError in ipa-replica-manage on errors https://pagure.io/freeipa/c/635c4db608e0dcb8fa2bfd88fe291e9f3ce838db%5Bcommi...]
On 27/03/2020 09.14, Alexander Bokovoy via FreeIPA-devel wrote:
The FreeIPA team would like to announce FreeIPA 4.7.5 release!
FreeIPA 4.7.5 is the final release in 4.7 series. No new releases will be provided for FreeIPA 4.7 as there are no distributors using the series anymore.
Because it's the last and final release of the FreeIPA 4.7 the development team is no longer backporting bug and security fixes to 4.7. I have closed the remaining PRs for 4.7 (all CI/testing related) and removed the backport label ipa-4-7.
Christian
freeipa-users@lists.fedorahosted.org