The FreeIPA team would like to announce FreeIPA 4.10.1 release!
It can be downloaded from
http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.
[[highlights_in_4.10.1]]
== Highlights in 4.10.1
* 8803: Add support for managing IdP references
::
;;
FreeIPA can now authenticate users with the help of OAuth 2.0
identity providers supporting OAuth 2.0 Device Authorization Flow.
IdPs known to work are Keycloak, Microsoft Azure, Google, Github,
and Okta. Details on how to use Keycloak can be found in FreeIPA
workshop:
https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support...
'''''
* 9083: Support MIT Kerberos KDB version 9
::
;;
FreeIPA now supports MIT Kerberos 1.20. Resource-based constrained
delegation is not yet implemented.
'''''
* 9228: ipa-client-install does not maintain server affinity during
installation
::
;;
ipa-client-install will use a single server for the duration of the
installation process, either one discovered or provided on the
command-line. Previously it would use a temporary configuration to
do enrollment, then switch to a final one for the remaining
operations. This could lead to the installer talking with multiple
servers. If the client installer is faster than replication this
could lead to errors.
'''''
* 9237: Show order in sudo rule list in web interface
::
;;
In the 'sudo rules' page, the WebUI is now displaying a 'sudo order'
column so that the users can easily see which rules override other
rules based on their order.
'''''
* 9258: Do not add TLS CA configuration to ldap.conf anymore
::
;;
FreeIPA client installer does not add explicit TLS CA configuration
to OpenLDAP's ldap.conf anymore. Since OpenLDAP 2.4.45, explicit CA
configuration is not required as OpenLDAP uses the default CA store
provided by OpenSSL and IPA CA is installed in the default store by
the installer already.
'''''
* 9273: [RFE] Support IPA CA installation on an HSM
::
;;
FreeIPA CA can now be deployed with a hardware security module as a
CA storage device. Supported use case details can be found in HSM
design document:
https://freeipa.readthedocs.io/en/ipa-4-10/designs/hsm.html
'''''
[[bug_fixes]]
=== Bug fixes
FreeIPA 4.10.1 is a stabilization release for the features delivered as
a part of 4.10 version series.
There are more than 50 bug-fixes since FreeIPA 4.10.0 release. Details
of the bug-fixes can be seen in the list of resolved tickets below.
== Upgrading
Upgrade instructions are available on Upgrade page.
== Feedback
Please provide comments, bugs and other feedback via the freeipa-users
mailing list
(
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...)
or #freeipa channel on libera.chat.
[[resolved_tickets]]
== Resolved tickets
*
https://pagure.io/freeipa/issue/8803[#8803] Add support for managing
IdP references
*
https://pagure.io/freeipa/issue/8804[#8804] Extend supported user
authentication methods in IPA to allow IdP auth
*
https://pagure.io/freeipa/issue/8805[#8805] Extend `ipa-otpd` daemon
to recognize IdP references
*
https://pagure.io/freeipa/issue/8946[#8946] RFE: Add label name to
Certificates section in WebUI to enable testing
*
https://pagure.io/freeipa/issue/8951[#8951] Test for RFE
ipa-healthcheck tool can include check to see if the system is FIPS
enabled or not
*
https://pagure.io/freeipa/issue/9062[#9062] [ipatests] SID generation
and test_xmlrpc/test_user_plugin.py
*
https://pagure.io/freeipa/issue/9083[#9083] Support MIT Kerberos KDB
version 9
*
https://pagure.io/freeipa/issue/9158[#9158] Internal error when
setting dnsconfig or dnsforwardzone forwarders.
*
https://pagure.io/freeipa/issue/9160[#9160]
cryptography.utils.register_interface is scheduled for removal
*
https://pagure.io/freeipa/issue/9161[#9161] Nightly test failure in
test_selinuxusermap.py::test_selinuxusermap::test_misc
*
https://pagure.io/freeipa/issue/9179[#9179]
test_caless_TestServerCALessToExternalCA_RSN fails in teardown
*
https://pagure.io/freeipa/issue/9188[#9188]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2098187[rhbz#2098187]) Add
warning for empty targetattr when creating ACI with RBAC
*
https://pagure.io/freeipa/issue/9192[#9192]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2094672[rhbz#2094672]) IdM
WebUI Pagination Size should not allow empty value
*
https://pagure.io/freeipa/issue/9198[#9198] [Tracker] nightly failure:
after ipa trust-add, cred cache contains cifs/master.ipa.test(a)IPA.TEST
instead of admin principal
*
https://pagure.io/freeipa/issue/9204[#9204] [Tracker] In
ipa-server-upgrade ca_upgrade_schema() results in unnecessary pki
restarts
*
https://pagure.io/freeipa/issue/9206[#9206]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2109236[rhbz#2109236]) ldap
bind occurs when admin user changes password with gracelimit=0
*
https://pagure.io/freeipa/issue/9207[#9207] Failure in
AzurePipeline.freeipa (GATING InstallDNSSECFirst_1_to_5)
*
https://pagure.io/freeipa/issue/9208[#9208] ap: Doc build fails
against Sphinx 5.1.0
*
https://pagure.io/freeipa/issue/9211[#9211]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2109243[rhbz#2109243]) RFE:
Allow grace login limit to be set in IPA WebUI.
*
https://pagure.io/freeipa/issue/9212[#9212]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2115475[rhbz#2115475])
Nightly test failure in
test_user.py::test_user::test_password_expiration_notification
*
https://pagure.io/freeipa/issue/9214[#9214] Nightly failure in webui
test test_subid.py::test_subid::test_subid_range_deletion_not_allowed
*
https://pagure.io/freeipa/issue/9218[#9218]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2116966[rhbz#2116966])
Random failure in test-winsyncmigrate
*
https://pagure.io/freeipa/issue/9225[#9225] pytest library module
rename from quarkus to keycloak
*
https://pagure.io/freeipa/issue/9226[#9226]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2124547[rhbz#2124547])
Infinite redirect loop in the WebUI for user root
*
https://pagure.io/freeipa/issue/9227[#9227] Need test for Keycloak
Bridge authentication
*
https://pagure.io/freeipa/issue/9228[#9228] ipa-client-install does
not maintain server affinity during installation
*
https://pagure.io/freeipa/issue/9230[#9230] build failure against gcc
< 11
*
https://pagure.io/freeipa/issue/9231[#9231] /run/ipa/ccaches uses all
available tmpfs space
*
https://pagure.io/freeipa/issue/9237[#9237] Show order in sudo rule
list in web interface
*
https://pagure.io/freeipa/issue/9238[#9238] Nightly test failure
(rawhide) in
test_ipahealthcheck.py::TestIpaHealthCheck::test_ds_configcheck_passwordstorage
*
https://pagure.io/freeipa/issue/9243[#9243]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2127833[rhbz#2127833])
Password Policy Grace login limit allows invalid maximum value
*
https://pagure.io/freeipa/issue/9244[#9244] Nightly test failure in
test_commands.py::TestIPACommand::test_ipa_cacert_manage_prune
*
https://pagure.io/freeipa/issue/9245[#9245]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2117167[rhbz#2117167])
`extdom` plugin can return object from a wrong domain.
*
https://pagure.io/freeipa/issue/9246[#9246] Nightly test failure in
test_user_permissions.TestInstallClientNoAdmin
*
https://pagure.io/freeipa/issue/9248[#9248]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2124369[rhbz#2124369]) OTP
token sync always returns OK even with random numbers
*
https://pagure.io/freeipa/issue/9249[#9249]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2108630[rhbz#2108630])
Deprecated feature idnssoaserial in IdM appears when creating reverse
dns zones
*
https://pagure.io/freeipa/issue/9250[#9250] Add basic test for
authenticating as Keycloak user on IPA client
*
https://pagure.io/freeipa/issue/9252[#9252]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2129895[rhbz#2129895])
[DDF] The Examples in the RHEL ipa(1) man page show "ipa help commands"
with content for "ipa halp topics" and "ipa hel
*
https://pagure.io/freeipa/issue/9254[#9254] Exclude installed policy
module file from RPM verification
*
https://pagure.io/freeipa/issue/9255[#9255] ipapython.dn_ctypes is not
compatible with libldap 2.6
*
https://pagure.io/freeipa/issue/9257[#9257]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2104185[rhbz#2104185])
Introduction of URI records for kerberos breaks location functionality
*
https://pagure.io/freeipa/issue/9258[#9258]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2094673[rhbz#2094673]) Do
not add TLS CA configuration to ldap.conf anymore
*
https://pagure.io/freeipa/issue/9259[#9259]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2144737[rhbz#2144737])
vault interoperability with older RHEL systems is broken
*
https://pagure.io/freeipa/issue/9264[#9264] Nightly failure in
test_integration/test_sso.py::TestSsoBridge::test_ipa_login_with_sso_user
*
https://pagure.io/freeipa/issue/9269[#9269]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2143224[rhbz#2143224],
https://bugzilla.redhat.com/show_bug.cgi?id=2075452[rhbz#2075452])
ipa-certupdate does not restart/reload KDC on servers
*
https://pagure.io/freeipa/issue/9271[#9271]
(
https://bugzilla.redhat.com/show_bug.cgi?id=2143224[rhbz#2143224])
Support PKINIT with ipa-client-install
*
https://pagure.io/freeipa/issue/9273[#9273]
(
https://bugzilla.redhat.com/show_bug.cgi?id=1405935[rhbz#1405935])
[RFE] Support IPA CA installation on an HSM
*
https://pagure.io/freeipa/issue/9274[#9274] ipa-join: pass the curl
write function by name, not address
[[detailed_changelog_since_4.10.0]]
== Detailed changelog since 4.10.0
[[armando_neto_1]]
=== Armando Neto (1)
* webui: Do not allow empty pagination size
https://pagure.io/freeipa/c/02d3fb8266d8199fd1ed983de6c57b269546df82[commit]
https://pagure.io/freeipa/issue/9192[#9192]
[[alexander_bokovoy_11]]
=== Alexander Bokovoy (11)
* ipa-kdb: for delegation check, use different error codes before and
after krb5 1.20
https://pagure.io/freeipa/c/465d5f5c6a956109b66abf60af0edd31fa2bce41[commit]
https://pagure.io/freeipa/issue/9083[#9083]
* ipa-kdb: fix comment to make sure we talk about krb5 1.20 or later
https://pagure.io/freeipa/c/d3c7a4faae8fd58a8d08bf6191d47fefe276ddba[commit]
* ipa-kdb: fix PAC requester check
https://pagure.io/freeipa/c/88c1293f3a92451b6d5d5f7cb1a81d55a789b793[commit]
https://pagure.io/freeipa/issue/9083[#9083]
* ipa-kdb: handle empty S4U proxy in allowed_to_delegate
https://pagure.io/freeipa/c/1d4db340461298fed66607bde5fb0ca0f033c5aa[commit]
https://pagure.io/freeipa/issue/9083[#9083]
* ipa-kdb: handle cross-realm TGT entries when generating PAC
https://pagure.io/freeipa/c/a5ca25003da5906703e8bd12b0759d48bc52e6b2[commit]
https://pagure.io/freeipa/issue/9083[#9083]
* ipa-kdb: add krb5 1.20 support
https://pagure.io/freeipa/c/e9ae0e350dcee5c9bbcd5a6932b4eb0daa90fea7[commit]
https://pagure.io/freeipa/issue/9083[#9083]
* ipa-kdb: refactor MS-PAC processing to prepare for krb5 1.20
https://pagure.io/freeipa/c/f0c72dcb87f86b9b00d0c087a959e64ce10eea98[commit]
https://pagure.io/freeipa/issue/9083[#9083]
* ipaclient: do not set TLS CA options in ldap.conf anymore
https://pagure.io/freeipa/c/93b0e6a96a1aea45adc0d4c8bb26b226ce683573[commit]
https://pagure.io/freeipa/issue/9258[#9258]
* Remove empty translation for 'si' which breaks linter
https://pagure.io/freeipa/c/41ba166c77ca8011a35f80f2791a211c429a271e[commit]
* fix canonicalization issue in Web UI
https://pagure.io/freeipa/c/a0928fe164712303a7c24ee61500ac7326bd9e4a[commit]
https://pagure.io/freeipa/issue/9226[#9226]
* ipa-otpd: initialize local pointers and handle gcc 10
https://pagure.io/freeipa/c/9441d7ed1ac67dc74ca6177b474d10da97b06a2f[commit]
https://pagure.io/freeipa/issue/9230[#9230]
[[anuja_more_1]]
=== Anuja More (1)
* ipatests : Test query to AD specific attributes is successful.
https://pagure.io/freeipa/c/db7cd79858ec8fad7d094ca883d8b7d82c7c1ac1[commit]
https://pagure.io/freeipa/issue/9127[#9127]
[[andika_triwidada_1]]
=== Andika Triwidada (1)
* Translated using Weblate (Indonesian)
https://pagure.io/freeipa/c/3885bd6fd75e984f990dc0e0f760f61815139181[commit]
[[antonio_torres_6]]
=== Antonio Torres (6)
* Back to git snapshots
https://pagure.io/freeipa/c/657a7b2556e22b70802809dd784fe576d3edea95[commit]
* Become IPA 4.10.1
https://pagure.io/freeipa/c/e5819bcae6779b89b6d11a144f293a4838344738[commit]
* Update translations to FreeIPA ipa-4-10 state
https://pagure.io/freeipa/c/4baee5ca23b279d6905cdd5f01e95b75e5f08c96[commit]
* Add basic API usage guide
https://pagure.io/freeipa/c/4e490d20a031d619cb4cae46d27f66e1fc2c9dc5[commit]
* doc: generate API Reference
https://pagure.io/freeipa/c/5626976ef03dbfe271b6f3a1d76a69fabdf06e8a[commit]
* Back to git snapshots
https://pagure.io/freeipa/c/c9d9fb3a3a63f66d60541f21f2f3466b6d9a89b3[commit]
[[alexey_tikhonov_3]]
=== Alexey Tikhonov (3)
* extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns
object from a wrong domain (performance optimization)
https://pagure.io/freeipa/c/1360c8b09f0862fe961fbb015f55d6b3cbd9aee9[commit]
* extdom: make sure result doesn't miss domain part
https://pagure.io/freeipa/c/4685f9d881c09fa317cb68fba1b94c29e48a7a8b[commit]
https://pagure.io/freeipa/issue/9245[#9245]
* extdom: internal functions should be static
https://pagure.io/freeipa/c/113cb8d715cf7bed8bcc36845940acc20fed8e60[commit]
[[carla_martinez_9]]
=== Carla Martinez (9)
* webui: Add name to 'Certificates' table
https://pagure.io/freeipa/c/813df68b086113cb093108ebfec3bdad86703841[commit]
https://pagure.io/freeipa/issue/8946[#8946]
* webui: Add label name to 'Certificates' section
https://pagure.io/freeipa/c/54470c6b3b3958dbc0eeb2cda17e306123cb9f3a[commit]
https://pagure.io/freeipa/issue/8946[#8946]
* Update API and VERSION
https://pagure.io/freeipa/c/48b9cc3345f8596904bce14d580cd4b19bfbda15[commit]
https://pagure.io/freeipa/issue/9249[#9249]
* webui: Set 'SOA serial' field as read-only
https://pagure.io/freeipa/c/9b274bc5d01c58806f18e549b566d93e25b40214[commit]
https://pagure.io/freeipa/issue/9249[#9249]
* ipatest: Remove warning message for 'idnssoaserial'
https://pagure.io/freeipa/c/3d34673b8c04c9ec849f8276876fd8bbd4fe2234[commit]
https://pagure.io/freeipa/issue/9249[#9249]
* Set 'idnssoaserial' to deprecated
https://pagure.io/freeipa/c/242ed2e500510f33f4595fb1b29adb25b1517982[commit]
https://pagure.io/freeipa/issue/9249[#9249]
* webui: Show 'Sudo order' column
https://pagure.io/freeipa/c/54b81617674be79577b8c3abf0949725d9a428c7[commit]
https://pagure.io/freeipa/issue/9237[#9237]
* Set pkeys in test_selinuxusermap.py::test_misc::delete_record
https://pagure.io/freeipa/c/ea792e11eb85a5b05b2b78f0215c147a52d2d265[commit]
https://pagure.io/freeipa/issue/9161[#9161]
* webui: Allow grace login limit
https://pagure.io/freeipa/c/7a1e1d9f1cb13679c28f12d05b156a08bcc4d856[commit]
https://pagure.io/freeipa/issue/9211[#9211]
[[christian_heimes_1]]
=== Christian Heimes (1)
* Add PKINIT support to ipa-client-install
https://pagure.io/freeipa/c/9d902d340793d01aa6b65d01a1facaf480819526[commit]
https://pagure.io/freeipa/issue/9269[#9269],
https://pagure.io/freeipa/issue/9271[#9271]
[[jan_kuparinen_14]]
=== Jan Kuparinen (14)
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/d4b9203376115508f596c6469c9c3be24d719ff2[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/242a0dadcf86bb27efccdc1be1946c39f0ba2931[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/98e80985bae7fa7104d8dd621c73c2b848630417[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/2b0c9d91285282df5f545fc6c331b5b9a219048e[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/dbe49df1b3d2fb254315ed26190792c8aaf89c38[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/0caffa37c01a7a77301368413854473520e5e055[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/63fceacb176162210cd5d64f73ecf10b1bf8d402[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/606ce6d52aa4b29e1af787c7830d30d6846c932e[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/10a51197f27d90fab78bdf6a4a0cae6779589299[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/1c1187beedb23f91614f131fda15c6c6f6264556[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/a1c0031c9044135ae00ac9f3e22beb22bd5fbb07[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/bcc5819830e23867a5c1471f3a37576d705ce8d8[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/3452c6fcf0730351b45ecbeb7d89ff318319f7c0[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/a4202264936dca51b476178f5061692cd569373b[commit]
[[david_pascual_2]]
=== David Pascual (2)
* ipatest: fix prci checker target masked return code & add pylint
https://pagure.io/freeipa/c/51f1321b9c2263edd3f725abe3f90e56678adf94[commit]
* ipatests: Checker script for prci definitions
https://pagure.io/freeipa/c/3d827979d2688607bd5376501ef71c2b63124603[commit]
[[erik_belko_3]]
=== Erik Belko (3)
* ipatests: Add test for grace login limit
https://pagure.io/freeipa/c/a2a3d45ed790aaa1a618413df0a1181f8eeb1aa8[commit]
https://pagure.io/freeipa/issue/9211[#9211]
* ipatests: test for root using admin password in webUI
https://pagure.io/freeipa/c/0085757806e32c63bc1e1a2a2d762d4df2036f73[commit]
https://pagure.io/freeipa/issue/9226[#9226]
* ipatests: healthcheck: test if system is FIPS enabled
https://pagure.io/freeipa/c/c55185d3dc3c6cd2ffebab77fbf8caa40a32bcd1[commit]
https://pagure.io/freeipa/issue/8951[#8951]
[[endi_sukma_dewata_2]]
=== Endi Sukma Dewata (2)
* Explicitly use legacy ID generators by default
https://pagure.io/freeipa/c/580881104e873e8eaf977e750b29660cfbeb680e[commit]
* Remove pki_restart_configured_instance
https://pagure.io/freeipa/c/79f765586e8f18e37f3dbe036b12715bef49e442[commit]
[[florence_blanc_renaud_20]]
=== Florence Blanc-Renaud (20)
* ipatests: update vagrant boxes
https://pagure.io/freeipa/c/f5fb8b05a75c4b88534cddd4aa298a741d221b59[commit]
* ipatests: remove xfail for tests using sssctl domain-status
https://pagure.io/freeipa/c/9a95c51577bfd5b4dcaf84369495585fbce57b20[commit]
https://pagure.io/freeipa/issue/9234[#9234]
* spec file: bump sssd version
https://pagure.io/freeipa/c/eb25f89f2d0e756579b2969e8408fd7563ac5aaf[commit]
https://pagure.io/freeipa/issue/9234[#9234]
* ipatests: re-enable dnssec tests
https://pagure.io/freeipa/c/9b1af71637cba49c7c9dd4eae36cb25fa5ecbd33[commit]
https://pagure.io/freeipa/issue/9216[#9216]
* Spec file: bump bind version on f37+
https://pagure.io/freeipa/c/1dfb5d56f14a532bfe0df2bbd2f8abc10651faab[commit]
https://pagure.io/freeipa/issue/9216[#9216]
* Spec file: bump the selinux-policy version
https://pagure.io/freeipa/c/4e201ec97e5c54ad8d5fa02285e628d1a36d9ea7[commit]
https://pagure.io/freeipa/issue/9198[#9198]
* webui tests: fix test_subid suite
https://pagure.io/freeipa/c/9936379c9f0d6c888785ccca8766ed7074054270[commit]
https://pagure.io/freeipa/issue/9214[#9214]
* ipatests: mark xfail tests using dnssec
https://pagure.io/freeipa/c/3d093c66f21c57afeb8cfc242390d0d032509ab3[commit]
https://pagure.io/freeipa/issue/9216[#9216]
* ipatests: mark xfail tests using sssctl domain-status
https://pagure.io/freeipa/c/40b9c6fc4746cfa32d8bf7c2038745cc037c673b[commit]
https://pagure.io/freeipa/issue/9234[#9234]
* Tests: test on f37 and f36
https://pagure.io/freeipa/c/a6485d6325585d0f80b659c473b3675728556ce1[commit]
* ipa man page: format the EXAMPLES section
https://pagure.io/freeipa/c/1546c0b206e02902b4aba631ee83f2f7ba5acb1f[commit]
https://pagure.io/freeipa/issue/9252[#9252]
* ipatests: add negative test for otptoken-sync
https://pagure.io/freeipa/c/d9f33b7cd7e336be90d889e2db4c4bce18753918[commit]
https://pagure.io/freeipa/issue/9248[#9248]
* ipa otptoken-sync: return error when sync fails
https://pagure.io/freeipa/c/221768f882784755c6449ff70f291fab780cce16[commit]
https://pagure.io/freeipa/issue/9248[#9248]
* ipa-cacert-manage prune: remove all expired certs
https://pagure.io/freeipa/c/c5bcaab8f1e09ab7a0464f5a532f154d43ffcadb[commit]
https://pagure.io/freeipa/issue/9244[#9244]
* gitignore: add install/oddjob/org.freeipa.server.config-enable-sid
https://pagure.io/freeipa/c/458dcebd2542de70c987ca89fe49f15d3f40ee82[commit]
* ipatests: Fix expected object classes
https://pagure.io/freeipa/c/b6520bef2ef05dd87636d8b57e3247d451af81d8[commit]
https://pagure.io/freeipa/issue/9062[#9062]
* check_repl_update: in progress is a boolean
https://pagure.io/freeipa/c/2003eb6b3d4a27a5de5eaa79418f115dd99886cd[commit]
https://pagure.io/freeipa/issue/9218[#9218]
* azure tests: disable TestInstallDNSSECFirst
https://pagure.io/freeipa/c/eb9f606ffd1ad3ccd846173c152c52a171be8f86[commit]
https://pagure.io/freeipa/issue/9216[#9216]
* Nightly tests: fix template for nightly_ipa-4-10_latest.yaml
https://pagure.io/freeipa/c/4499c7379b5531501bb1a5ea58ab575bf3b08907[commit]
* ipatests: add nightly definitions for ipa-4-10 branch
https://pagure.io/freeipa/c/6c6a43c9090b5f61726512182a36958cbdafc9a4[commit]
[[francisco_trivino_1]]
=== Francisco Trivino (1)
* Vault: fix interoperability issues with older RHEL systems
https://pagure.io/freeipa/c/ba962632cd008edd057f61e7e6fadbf464ff94f2[commit]
https://pagure.io/freeipa/issue/9259[#9259]
[[fraser_tweedale_2]]
=== Fraser Tweedale (2)
* install: suggest --skip-mem-check when mem check fails
https://pagure.io/freeipa/c/cebfb8792006af1a41c4c26c49372f0ea822dbaf[commit]
https://pagure.io/freeipa/issue/8404[#8404]
* man: add --skip-mem-check to man pages
https://pagure.io/freeipa/c/e7bee5b668fee083d8ada167f307857761c25d80[commit]
https://pagure.io/freeipa/issue/8404[#8404]
[[jesse_sandberg_1]]
=== Jesse Sandberg (1)
* Fix ipa-ccache-sweeper activation timer and clean up service file
https://pagure.io/freeipa/c/f6a661bdaf0560eac99ca63ffb25ec739281a19a[commit]
https://pagure.io/freeipa/issue/9231[#9231]
[[julien_rische_1]]
=== Julien Rische (1)
* Generate CNAMEs for TXT+URI location krb records
https://pagure.io/freeipa/c/b0d909968bfa323f16aae46f6126abf7625d11e9[commit]
https://pagure.io/freeipa/issue/9257[#9257]
[[mohammad_rizwan_1]]
=== Mohammad Rizwan (1)
* ipatests: Test newly added certificate lable
https://pagure.io/freeipa/c/580e62a1615483c9ae94fabce8bd8eacc83028f2[commit]
[[nikola_knazekova_1]]
=== Nikola Knazekova (1)
* Exclude installed policy module file from RPM verification
https://pagure.io/freeipa/c/ad7bdd46fb64c3fbb8104a9599459795fc193389[commit]
https://pagure.io/freeipa/issue/9254[#9254]
[[weblate_5]]
=== Weblate (5)
* Update translation files
https://pagure.io/freeipa/c/357dd550ce3568e37edebd4bb3394a706eb81182[commit]
* Update translation files
https://pagure.io/freeipa/c/c8c4e93fd64329df76b4754f74d70cfceed6c452[commit]
* Update translation files
https://pagure.io/freeipa/c/921fdd2ca879b8d6c1e601a17eb3eb9b197f9797[commit]
* Update translation files
https://pagure.io/freeipa/c/3500d05f8904d7bab84d950c81563d9bfb6d1474[commit]
* Update translation files
https://pagure.io/freeipa/c/d0b336025fd0408e1f81811330cac6682ba0bed6[commit]
[[pavel_březina_1]]
=== Pavel Březina (1)
* docs: add security section to idp
https://pagure.io/freeipa/c/56d287248039f56c7b6bba3860061cb2b4460337[commit]
https://pagure.io/freeipa/issue/8803[#8803],
https://pagure.io/freeipa/issue/8804[#8804],
https://pagure.io/freeipa/issue/8805[#8805]
[[piotr_drąg_2]]
=== Piotr Drąg (2)
* Translated using Weblate (Polish)
https://pagure.io/freeipa/c/31f7860d089a628a4ccfaf8db507ecadfaa75805[commit]
* Translated using Weblate (Polish)
https://pagure.io/freeipa/c/f9419bdad41a87aa4454fcb1d725988b27c634a1[commit]
[[rob_crittenden_13]]
=== Rob Crittenden (13)
* doc: Design for HSM support
https://pagure.io/freeipa/c/2aa8ec1df1468ef2ed8e54ec76f53b858ce0d241[commit]
https://pagure.io/freeipa/issue/9273[#9273]
* Support tokens and optional password files when opening an NSS db
https://pagure.io/freeipa/c/1de3f6c5580dfe57e39c72268dc54b9dfeb17e69[commit]
https://pagure.io/freeipa/issue/9273[#9273]
* Pass the curl write callback by name instead of address
https://pagure.io/freeipa/c/5631e4747073b7bba42a323e60a7822e712a740f[commit]
https://pagure.io/freeipa/issue/9274[#9274]
* Move client certificate request after krb5.conf is created
https://pagure.io/freeipa/c/f3c861b9fcbf7815161b46e5eab582813c1021dc[commit]
https://pagure.io/freeipa/issue/9246[#9246]
* Defer creating the final krb5.conf on clients
https://pagure.io/freeipa/c/3cbf2b25422100cc4105dfb09ee8c7bf87232198[commit]
https://pagure.io/freeipa/issue/9228[#9228]
* Fix upper bound of password policy grace limit
https://pagure.io/freeipa/c/3c4386ce057a0fd50c7494db43c71405c9674b8f[commit]
https://pagure.io/freeipa/issue/9243[#9243]
* Set default on group pwpolicy with no grace limit in upgrade
https://pagure.io/freeipa/c/de6f074538f6641fd9d84bed204a3d4d50eccbe5[commit]
https://pagure.io/freeipa/issue/9212[#9212]
* Set default gracelimit on group password policies to -1
https://pagure.io/freeipa/c/45e6d49b94da78cd82eb016b3266a17a1359a087[commit]
https://pagure.io/freeipa/issue/9212[#9212]
* doc: Update LDAP grace period design with default values
https://pagure.io/freeipa/c/1aa39529cda4ab9620539dbad705cedd23c21b42[commit]
https://pagure.io/freeipa/issue/9212[#9212]
* upgrades: Don't restart the CA on ACME and profile schema change
https://pagure.io/freeipa/c/459b81b196b7bf36100aa2f4e5c4d36b1e4526f6[commit]
https://pagure.io/freeipa/issue/9204[#9204]
* Disabling gracelimit does not prevent LDAP binds
https://pagure.io/freeipa/c/1bb4ff9ed2313fb3c2bd1418258c5bcec557b6a5[commit]
https://pagure.io/freeipa/issue/9206[#9206]
* Warn for permissions with read/write/search/compare and no attrs
https://pagure.io/freeipa/c/499f71729b8689d40608d9c99db703eb2c00a934[commit]
https://pagure.io/freeipa/issue/9188[#9188]
* Only calculate LDAP password grace when the password is expired
https://pagure.io/freeipa/c/33cd62e0daa68fa6a9b3ca495d97ac5ce8713349[commit]
https://pagure.io/freeipa/issue/1539[#1539]
[[ricky_tigg_3]]
=== Ricky Tigg (3)
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/67c54ce7a9b7c11a56475e1d8de586b18abce228[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/86f828a7e52ee09ae6e666dce11183c0dd091540[commit]
* Translated using Weblate (Finnish)
https://pagure.io/freeipa/c/4b10b6dab45c87472bb1fe0baeeee987ae1b23ba[commit]
[[sumit_bose_1]]
=== Sumit Bose (1)
* ipa-kdb: do not fail if certmap rule cannot be added
https://pagure.io/freeipa/c/ae445f72a009d14135e11ff932eded2dc2dc9c86[commit]
[[김인수_4]]
=== 김인수 (4)
* Translated using Weblate (Korean)
https://pagure.io/freeipa/c/d5ea8d6c9f7208a2ae8b5379c88ae36e7c4f62e6[commit]
* Translated using Weblate (Korean)
https://pagure.io/freeipa/c/4ea9b5ef0f3ee1361a59622e4d6c3274cf2e7ad4[commit]
* Translated using Weblate (Korean)
https://pagure.io/freeipa/c/9d1541f17d44cbb38bc9a477c5e88eaee71ce6d8[commit]
* Added translation using Weblate (Korean)
https://pagure.io/freeipa/c/f420c19bb62fb3c735563cb462fd6be7b8018691[commit]
[[stanislav_levin_6]]
=== Stanislav Levin (6)
* ipapython: Support openldap 2.6
https://pagure.io/freeipa/c/51c31e0ad3387c07aad1035f00871bdcc201812a[commit]
https://pagure.io/freeipa/issue/9255[#9255]
* x509: Replace removed register_interface with subclassing
https://pagure.io/freeipa/c/a7beaa0b4de6b6b00ee1b5b770f0d2e72fad58df[commit]
https://pagure.io/freeipa/issue/9160[#9160]
* ap: Constrain supported docutils
https://pagure.io/freeipa/c/e5f7356e7e83b605a821ece9f242ac924925f27e[commit]
https://pagure.io/freeipa/issue/9208[#9208]
* ap: Rearrange overloaded jobs
https://pagure.io/freeipa/c/8ff0c1a5ee33946202031a8bc83e855216cd0c95[commit]
https://pagure.io/freeipa/issue/9207[#9207]
* ap: Disable azure's security daemon
https://pagure.io/freeipa/c/acd1d127938aa9feefbbc7ee325963a2e44ef3c3[commit]
https://pagure.io/freeipa/issue/9207[#9207]
* ap: Raise dbus timeout
https://pagure.io/freeipa/c/260d6378ec59d244e5f247f4af81f7ae8c72ac87[commit]
https://pagure.io/freeipa/issue/9207[#9207]
[[scott_poore_5]]
=== Scott Poore (5)
* ipatests: xfail test_ipa_login_with_sso_user
https://pagure.io/freeipa/c/10604ead7d90a9573368dd09c8ab06740cf14bb7[commit]
https://pagure.io/freeipa/issue/9264[#9264]
* ipatests: add keycloak user login to ipa test
https://pagure.io/freeipa/c/e197c743f3ea1a98d444c0eb01339cc22eab64d5[commit]
https://pagure.io/freeipa/issue/9250[#9250]
* ipatests: add prci definitions for test_sso jobs
https://pagure.io/freeipa/c/db1d05176d8072b05fea179af2ac97caaeb65dd1[commit]
* ipatests: add Keycloak Bridge test
https://pagure.io/freeipa/c/ac776987d30ecd3444a9b25f49a714fddc3c4232[commit]
https://pagure.io/freeipa/issue/9227[#9227]
* ipatests: Rename create_quarkus to create_keycloak
https://pagure.io/freeipa/c/a0a104a42c2ccd89394e48c2375bb0eb95183c5b[commit]
https://pagure.io/freeipa/issue/9225[#9225]
[[sumedh_sidhaye_3]]
=== Sumedh Sidhaye (3)
* With the commit #99a74d7, 389-ds changed the message returned in
ipa-healthcheck.
https://pagure.io/freeipa/c/5477a07d91ef2c506cc943699612e5e27d0c93e4[commit]
https://pagure.io/freeipa/issue/9238[#9238]
* Additional tests for RSN v3
https://pagure.io/freeipa/c/bfe074ed478c20a9537dc2a714bba50dbc2cd34f[commit]
https://pagure.io/freeipa/issue/2016[#2016]
* Added a check while removing 'cert_dir'. The teardown method is called
even if all the tests are skipped since the required PKI version is not
present. The teardown is trying to remove a non-existent directory.
https://pagure.io/freeipa/c/aca97507cd119ad55e0c3c18ca65087cb5576c82[commit]
https://pagure.io/freeipa/issue/9179[#9179]
[[sudhir_menon_2]]
=== Sudhir Menon (2)
* ipatests: ipa-client-install --subid adds entry in nsswitch.conf
https://pagure.io/freeipa/c/a39af6b7228d8ba85b9e97aa5decbc056d081c77[commit]
https://pagure.io/freeipa/issue/9159[#9159]
* ipatests: WebUI: do not allow subid range deletion
https://pagure.io/freeipa/c/38e5bcf719a0e7c7550837ffb14300db8efe09e4[commit]
https://pagure.io/freeipa/issue/9150[#9150]
[[temuri_doghonadze_4]]
=== Temuri Doghonadze (4)
* Translated using Weblate (Georgian)
https://pagure.io/freeipa/c/3379aa0aa85ca40fbce94f9d2307c6b501054c5a[commit]
* Translated using Weblate (Georgian)
https://pagure.io/freeipa/c/054bd14bcfe999e7722c812e7509c31e6f012bb3[commit]
* Translated using Weblate (Georgian)
https://pagure.io/freeipa/c/a1e66f5c050d8c9226f23af9b7d0c68bfd32a4d9[commit]
* Added translation using Weblate (Georgian)
https://pagure.io/freeipa/c/a30db2030c730d835e28ceb8cdc3c64d18edb4f9[commit]
[[thomas_woerner_1]]
=== Thomas Woerner (1)
* DNSResolver: Fix use of nameservers with ports
https://pagure.io/freeipa/c/6c5530c509793f66a162ed4153d5425a0eda02d6[commit]
https://pagure.io/freeipa/issue/9158[#9158]
[[viacheslav_sychov_1]]
=== Viacheslav Sychov (1)
* fix: Handle /proc/1/sched missing error
https://pagure.io/freeipa/c/7aa845730999951c8f340f43ed5872c54458c6a3[commit]
[[yuri_chornoivan_6]]
=== Yuri Chornoivan (6)
* Translated using Weblate (Ukrainian)
https://pagure.io/freeipa/c/6846b953361bc96b322734e23e566c93a1879046[commit]
* Translated using Weblate (Ukrainian)
https://pagure.io/freeipa/c/867a38a4636915df62a28b61855780b02ff55d56[commit]
* Translated using Weblate (Ukrainian)
https://pagure.io/freeipa/c/6de25a0f201f0591bc551503b95f8d22c79fe7aa[commit]
* Translated using Weblate (Ukrainian)
https://pagure.io/freeipa/c/63d332ff9ebbdd59fac65748025f8eea4270704d[commit]
* Translated using Weblate (Ukrainian)
https://pagure.io/freeipa/c/d6d7c5d28bcf7ed341f0a5d4e1b0f167a195a4c2[commit]
* Translated using Weblate (Ukrainian)
https://pagure.io/freeipa/c/a21bf7fe8213c6b041ab500ab533e2a5888d1c3e[commit]