The FreeIPA team would like to announce FreeIPA 4.10.1 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
[[highlights_in_4.10.1]] == Highlights in 4.10.1
* 8803: Add support for managing IdP references
:: ;; FreeIPA can now authenticate users with the help of OAuth 2.0 identity providers supporting OAuth 2.0 Device Authorization Flow. IdPs known to work are Keycloak, Microsoft Azure, Google, Github, and Okta. Details on how to use Keycloak can be found in FreeIPA workshop: https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.ht...
'''''
* 9083: Support MIT Kerberos KDB version 9
:: ;; FreeIPA now supports MIT Kerberos 1.20. Resource-based constrained delegation is not yet implemented.
'''''
* 9228: ipa-client-install does not maintain server affinity during installation
:: ;; ipa-client-install will use a single server for the duration of the installation process, either one discovered or provided on the command-line. Previously it would use a temporary configuration to do enrollment, then switch to a final one for the remaining operations. This could lead to the installer talking with multiple servers. If the client installer is faster than replication this could lead to errors.
'''''
* 9237: Show order in sudo rule list in web interface
:: ;; In the 'sudo rules' page, the WebUI is now displaying a 'sudo order' column so that the users can easily see which rules override other rules based on their order.
'''''
* 9258: Do not add TLS CA configuration to ldap.conf anymore
:: ;; FreeIPA client installer does not add explicit TLS CA configuration to OpenLDAP's ldap.conf anymore. Since OpenLDAP 2.4.45, explicit CA configuration is not required as OpenLDAP uses the default CA store provided by OpenSSL and IPA CA is installed in the default store by the installer already.
'''''
* 9273: [RFE] Support IPA CA installation on an HSM
:: ;; FreeIPA CA can now be deployed with a hardware security module as a CA storage device. Supported use case details can be found in HSM design document: https://freeipa.readthedocs.io/en/ipa-4-10/designs/hsm.html
'''''
[[bug_fixes]] === Bug fixes
FreeIPA 4.10.1 is a stabilization release for the features delivered as a part of 4.10 version series.
There are more than 50 bug-fixes since FreeIPA 4.10.0 release. Details of the bug-fixes can be seen in the list of resolved tickets below.
== Upgrading
Upgrade instructions are available on Upgrade page.
== Feedback
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...) or #freeipa channel on libera.chat.
[[resolved_tickets]] == Resolved tickets
* https://pagure.io/freeipa/issue/8803%5B#8803] Add support for managing IdP references * https://pagure.io/freeipa/issue/8804%5B#8804] Extend supported user authentication methods in IPA to allow IdP auth * https://pagure.io/freeipa/issue/8805%5B#8805] Extend `ipa-otpd` daemon to recognize IdP references * https://pagure.io/freeipa/issue/8946%5B#8946] RFE: Add label name to Certificates section in WebUI to enable testing * https://pagure.io/freeipa/issue/8951%5B#8951] Test for RFE ipa-healthcheck tool can include check to see if the system is FIPS enabled or not * https://pagure.io/freeipa/issue/9062%5B#9062] [ipatests] SID generation and test_xmlrpc/test_user_plugin.py * https://pagure.io/freeipa/issue/9083%5B#9083] Support MIT Kerberos KDB version 9 * https://pagure.io/freeipa/issue/9158%5B#9158] Internal error when setting dnsconfig or dnsforwardzone forwarders. * https://pagure.io/freeipa/issue/9160%5B#9160] cryptography.utils.register_interface is scheduled for removal * https://pagure.io/freeipa/issue/9161%5B#9161] Nightly test failure in test_selinuxusermap.py::test_selinuxusermap::test_misc * https://pagure.io/freeipa/issue/9179%5B#9179] test_caless_TestServerCALessToExternalCA_RSN fails in teardown * https://pagure.io/freeipa/issue/9188%5B#9188] (https://bugzilla.redhat.com/show_bug.cgi?id=2098187%5Brhbz#2098187]) Add warning for empty targetattr when creating ACI with RBAC * https://pagure.io/freeipa/issue/9192%5B#9192] (https://bugzilla.redhat.com/show_bug.cgi?id=2094672%5Brhbz#2094672]) IdM WebUI Pagination Size should not allow empty value * https://pagure.io/freeipa/issue/9198%5B#9198] [Tracker] nightly failure: after ipa trust-add, cred cache contains cifs/master.ipa.test@IPA.TEST instead of admin principal * https://pagure.io/freeipa/issue/9204%5B#9204] [Tracker] In ipa-server-upgrade ca_upgrade_schema() results in unnecessary pki restarts * https://pagure.io/freeipa/issue/9206%5B#9206] (https://bugzilla.redhat.com/show_bug.cgi?id=2109236%5Brhbz#2109236]) ldap bind occurs when admin user changes password with gracelimit=0 * https://pagure.io/freeipa/issue/9207%5B#9207] Failure in AzurePipeline.freeipa (GATING InstallDNSSECFirst_1_to_5) * https://pagure.io/freeipa/issue/9208%5B#9208] ap: Doc build fails against Sphinx 5.1.0 * https://pagure.io/freeipa/issue/9211%5B#9211] (https://bugzilla.redhat.com/show_bug.cgi?id=2109243%5Brhbz#2109243]) RFE: Allow grace login limit to be set in IPA WebUI. * https://pagure.io/freeipa/issue/9212%5B#9212] (https://bugzilla.redhat.com/show_bug.cgi?id=2115475%5Brhbz#2115475]) Nightly test failure in test_user.py::test_user::test_password_expiration_notification * https://pagure.io/freeipa/issue/9214%5B#9214] Nightly failure in webui test test_subid.py::test_subid::test_subid_range_deletion_not_allowed * https://pagure.io/freeipa/issue/9218%5B#9218] (https://bugzilla.redhat.com/show_bug.cgi?id=2116966%5Brhbz#2116966]) Random failure in test-winsyncmigrate * https://pagure.io/freeipa/issue/9225%5B#9225] pytest library module rename from quarkus to keycloak * https://pagure.io/freeipa/issue/9226%5B#9226] (https://bugzilla.redhat.com/show_bug.cgi?id=2124547%5Brhbz#2124547]) Infinite redirect loop in the WebUI for user root * https://pagure.io/freeipa/issue/9227%5B#9227] Need test for Keycloak Bridge authentication * https://pagure.io/freeipa/issue/9228%5B#9228] ipa-client-install does not maintain server affinity during installation * https://pagure.io/freeipa/issue/9230%5B#9230] build failure against gcc < 11 * https://pagure.io/freeipa/issue/9231%5B#9231] /run/ipa/ccaches uses all available tmpfs space * https://pagure.io/freeipa/issue/9237%5B#9237] Show order in sudo rule list in web interface * https://pagure.io/freeipa/issue/9238%5B#9238] Nightly test failure (rawhide) in test_ipahealthcheck.py::TestIpaHealthCheck::test_ds_configcheck_passwordstorage * https://pagure.io/freeipa/issue/9243%5B#9243] (https://bugzilla.redhat.com/show_bug.cgi?id=2127833%5Brhbz#2127833]) Password Policy Grace login limit allows invalid maximum value * https://pagure.io/freeipa/issue/9244%5B#9244] Nightly test failure in test_commands.py::TestIPACommand::test_ipa_cacert_manage_prune * https://pagure.io/freeipa/issue/9245%5B#9245] (https://bugzilla.redhat.com/show_bug.cgi?id=2117167%5Brhbz#2117167]) `extdom` plugin can return object from a wrong domain. * https://pagure.io/freeipa/issue/9246%5B#9246] Nightly test failure in test_user_permissions.TestInstallClientNoAdmin * https://pagure.io/freeipa/issue/9248%5B#9248] (https://bugzilla.redhat.com/show_bug.cgi?id=2124369%5Brhbz#2124369]) OTP token sync always returns OK even with random numbers * https://pagure.io/freeipa/issue/9249%5B#9249] (https://bugzilla.redhat.com/show_bug.cgi?id=2108630%5Brhbz#2108630]) Deprecated feature idnssoaserial in IdM appears when creating reverse dns zones * https://pagure.io/freeipa/issue/9250%5B#9250] Add basic test for authenticating as Keycloak user on IPA client * https://pagure.io/freeipa/issue/9252%5B#9252] (https://bugzilla.redhat.com/show_bug.cgi?id=2129895%5Brhbz#2129895]) [DDF] The Examples in the RHEL ipa(1) man page show "ipa help commands" with content for "ipa halp topics" and "ipa hel * https://pagure.io/freeipa/issue/9254%5B#9254] Exclude installed policy module file from RPM verification * https://pagure.io/freeipa/issue/9255%5B#9255] ipapython.dn_ctypes is not compatible with libldap 2.6 * https://pagure.io/freeipa/issue/9257%5B#9257] (https://bugzilla.redhat.com/show_bug.cgi?id=2104185%5Brhbz#2104185]) Introduction of URI records for kerberos breaks location functionality * https://pagure.io/freeipa/issue/9258%5B#9258] (https://bugzilla.redhat.com/show_bug.cgi?id=2094673%5Brhbz#2094673]) Do not add TLS CA configuration to ldap.conf anymore * https://pagure.io/freeipa/issue/9259%5B#9259] (https://bugzilla.redhat.com/show_bug.cgi?id=2144737%5Brhbz#2144737]) vault interoperability with older RHEL systems is broken * https://pagure.io/freeipa/issue/9264%5B#9264] Nightly failure in test_integration/test_sso.py::TestSsoBridge::test_ipa_login_with_sso_user * https://pagure.io/freeipa/issue/9269%5B#9269] (https://bugzilla.redhat.com/show_bug.cgi?id=2143224%5Brhbz#2143224], https://bugzilla.redhat.com/show_bug.cgi?id=2075452%5Brhbz#2075452]) ipa-certupdate does not restart/reload KDC on servers * https://pagure.io/freeipa/issue/9271%5B#9271] (https://bugzilla.redhat.com/show_bug.cgi?id=2143224%5Brhbz#2143224]) Support PKINIT with ipa-client-install * https://pagure.io/freeipa/issue/9273%5B#9273] (https://bugzilla.redhat.com/show_bug.cgi?id=1405935%5Brhbz#1405935]) [RFE] Support IPA CA installation on an HSM * https://pagure.io/freeipa/issue/9274%5B#9274] ipa-join: pass the curl write function by name, not address
[[detailed_changelog_since_4.10.0]] == Detailed changelog since 4.10.0
[[armando_neto_1]] === Armando Neto (1)
* webui: Do not allow empty pagination size https://pagure.io/freeipa/c/02d3fb8266d8199fd1ed983de6c57b269546df82%5Bcommi...] https://pagure.io/freeipa/issue/9192%5B#9192]
[[alexander_bokovoy_11]] === Alexander Bokovoy (11)
* ipa-kdb: for delegation check, use different error codes before and after krb5 1.20 https://pagure.io/freeipa/c/465d5f5c6a956109b66abf60af0edd31fa2bce41%5Bcommi...] https://pagure.io/freeipa/issue/9083%5B#9083] * ipa-kdb: fix comment to make sure we talk about krb5 1.20 or later https://pagure.io/freeipa/c/d3c7a4faae8fd58a8d08bf6191d47fefe276ddba%5Bcommi...] * ipa-kdb: fix PAC requester check https://pagure.io/freeipa/c/88c1293f3a92451b6d5d5f7cb1a81d55a789b793%5Bcommi...] https://pagure.io/freeipa/issue/9083%5B#9083] * ipa-kdb: handle empty S4U proxy in allowed_to_delegate https://pagure.io/freeipa/c/1d4db340461298fed66607bde5fb0ca0f033c5aa%5Bcommi...] https://pagure.io/freeipa/issue/9083%5B#9083] * ipa-kdb: handle cross-realm TGT entries when generating PAC https://pagure.io/freeipa/c/a5ca25003da5906703e8bd12b0759d48bc52e6b2%5Bcommi...] https://pagure.io/freeipa/issue/9083%5B#9083] * ipa-kdb: add krb5 1.20 support https://pagure.io/freeipa/c/e9ae0e350dcee5c9bbcd5a6932b4eb0daa90fea7%5Bcommi...] https://pagure.io/freeipa/issue/9083%5B#9083] * ipa-kdb: refactor MS-PAC processing to prepare for krb5 1.20 https://pagure.io/freeipa/c/f0c72dcb87f86b9b00d0c087a959e64ce10eea98%5Bcommi...] https://pagure.io/freeipa/issue/9083%5B#9083] * ipaclient: do not set TLS CA options in ldap.conf anymore https://pagure.io/freeipa/c/93b0e6a96a1aea45adc0d4c8bb26b226ce683573%5Bcommi...] https://pagure.io/freeipa/issue/9258%5B#9258] * Remove empty translation for 'si' which breaks linter https://pagure.io/freeipa/c/41ba166c77ca8011a35f80f2791a211c429a271e%5Bcommi...] * fix canonicalization issue in Web UI https://pagure.io/freeipa/c/a0928fe164712303a7c24ee61500ac7326bd9e4a%5Bcommi...] https://pagure.io/freeipa/issue/9226%5B#9226] * ipa-otpd: initialize local pointers and handle gcc 10 https://pagure.io/freeipa/c/9441d7ed1ac67dc74ca6177b474d10da97b06a2f%5Bcommi...] https://pagure.io/freeipa/issue/9230%5B#9230]
[[anuja_more_1]] === Anuja More (1)
* ipatests : Test query to AD specific attributes is successful. https://pagure.io/freeipa/c/db7cd79858ec8fad7d094ca883d8b7d82c7c1ac1%5Bcommi...] https://pagure.io/freeipa/issue/9127%5B#9127]
[[andika_triwidada_1]] === Andika Triwidada (1)
* Translated using Weblate (Indonesian) https://pagure.io/freeipa/c/3885bd6fd75e984f990dc0e0f760f61815139181%5Bcommi...]
[[antonio_torres_6]] === Antonio Torres (6)
* Back to git snapshots https://pagure.io/freeipa/c/657a7b2556e22b70802809dd784fe576d3edea95%5Bcommi...] * Become IPA 4.10.1 https://pagure.io/freeipa/c/e5819bcae6779b89b6d11a144f293a4838344738%5Bcommi...] * Update translations to FreeIPA ipa-4-10 state https://pagure.io/freeipa/c/4baee5ca23b279d6905cdd5f01e95b75e5f08c96%5Bcommi...] * Add basic API usage guide https://pagure.io/freeipa/c/4e490d20a031d619cb4cae46d27f66e1fc2c9dc5%5Bcommi...] * doc: generate API Reference https://pagure.io/freeipa/c/5626976ef03dbfe271b6f3a1d76a69fabdf06e8a%5Bcommi...] * Back to git snapshots https://pagure.io/freeipa/c/c9d9fb3a3a63f66d60541f21f2f3466b6d9a89b3%5Bcommi...]
[[alexey_tikhonov_3]] === Alexey Tikhonov (3)
* extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns object from a wrong domain (performance optimization) https://pagure.io/freeipa/c/1360c8b09f0862fe961fbb015f55d6b3cbd9aee9%5Bcommi...] * extdom: make sure result doesn't miss domain part https://pagure.io/freeipa/c/4685f9d881c09fa317cb68fba1b94c29e48a7a8b%5Bcommi...] https://pagure.io/freeipa/issue/9245%5B#9245] * extdom: internal functions should be static https://pagure.io/freeipa/c/113cb8d715cf7bed8bcc36845940acc20fed8e60%5Bcommi...]
[[carla_martinez_9]] === Carla Martinez (9)
* webui: Add name to 'Certificates' table https://pagure.io/freeipa/c/813df68b086113cb093108ebfec3bdad86703841%5Bcommi...] https://pagure.io/freeipa/issue/8946%5B#8946] * webui: Add label name to 'Certificates' section https://pagure.io/freeipa/c/54470c6b3b3958dbc0eeb2cda17e306123cb9f3a%5Bcommi...] https://pagure.io/freeipa/issue/8946%5B#8946] * Update API and VERSION https://pagure.io/freeipa/c/48b9cc3345f8596904bce14d580cd4b19bfbda15%5Bcommi...] https://pagure.io/freeipa/issue/9249%5B#9249] * webui: Set 'SOA serial' field as read-only https://pagure.io/freeipa/c/9b274bc5d01c58806f18e549b566d93e25b40214%5Bcommi...] https://pagure.io/freeipa/issue/9249%5B#9249] * ipatest: Remove warning message for 'idnssoaserial' https://pagure.io/freeipa/c/3d34673b8c04c9ec849f8276876fd8bbd4fe2234%5Bcommi...] https://pagure.io/freeipa/issue/9249%5B#9249] * Set 'idnssoaserial' to deprecated https://pagure.io/freeipa/c/242ed2e500510f33f4595fb1b29adb25b1517982%5Bcommi...] https://pagure.io/freeipa/issue/9249%5B#9249] * webui: Show 'Sudo order' column https://pagure.io/freeipa/c/54b81617674be79577b8c3abf0949725d9a428c7%5Bcommi...] https://pagure.io/freeipa/issue/9237%5B#9237] * Set pkeys in test_selinuxusermap.py::test_misc::delete_record https://pagure.io/freeipa/c/ea792e11eb85a5b05b2b78f0215c147a52d2d265%5Bcommi...] https://pagure.io/freeipa/issue/9161%5B#9161] * webui: Allow grace login limit https://pagure.io/freeipa/c/7a1e1d9f1cb13679c28f12d05b156a08bcc4d856%5Bcommi...] https://pagure.io/freeipa/issue/9211%5B#9211]
[[christian_heimes_1]] === Christian Heimes (1)
* Add PKINIT support to ipa-client-install https://pagure.io/freeipa/c/9d902d340793d01aa6b65d01a1facaf480819526%5Bcommi...] https://pagure.io/freeipa/issue/9269%5B#9269], https://pagure.io/freeipa/issue/9271%5B#9271]
[[jan_kuparinen_14]] === Jan Kuparinen (14)
* Translated using Weblate (Finnish) https://pagure.io/freeipa/c/d4b9203376115508f596c6469c9c3be24d719ff2%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/242a0dadcf86bb27efccdc1be1946c39f0ba2931%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/98e80985bae7fa7104d8dd621c73c2b848630417%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/2b0c9d91285282df5f545fc6c331b5b9a219048e%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/dbe49df1b3d2fb254315ed26190792c8aaf89c38%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/0caffa37c01a7a77301368413854473520e5e055%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/63fceacb176162210cd5d64f73ecf10b1bf8d402%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/606ce6d52aa4b29e1af787c7830d30d6846c932e%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/10a51197f27d90fab78bdf6a4a0cae6779589299%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/1c1187beedb23f91614f131fda15c6c6f6264556%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/a1c0031c9044135ae00ac9f3e22beb22bd5fbb07%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/bcc5819830e23867a5c1471f3a37576d705ce8d8%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/3452c6fcf0730351b45ecbeb7d89ff318319f7c0%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/a4202264936dca51b476178f5061692cd569373b%5Bcommi...]
[[david_pascual_2]] === David Pascual (2)
* ipatest: fix prci checker target masked return code & add pylint https://pagure.io/freeipa/c/51f1321b9c2263edd3f725abe3f90e56678adf94%5Bcommi...] * ipatests: Checker script for prci definitions https://pagure.io/freeipa/c/3d827979d2688607bd5376501ef71c2b63124603%5Bcommi...]
[[erik_belko_3]] === Erik Belko (3)
* ipatests: Add test for grace login limit https://pagure.io/freeipa/c/a2a3d45ed790aaa1a618413df0a1181f8eeb1aa8%5Bcommi...] https://pagure.io/freeipa/issue/9211%5B#9211] * ipatests: test for root using admin password in webUI https://pagure.io/freeipa/c/0085757806e32c63bc1e1a2a2d762d4df2036f73%5Bcommi...] https://pagure.io/freeipa/issue/9226%5B#9226] * ipatests: healthcheck: test if system is FIPS enabled https://pagure.io/freeipa/c/c55185d3dc3c6cd2ffebab77fbf8caa40a32bcd1%5Bcommi...] https://pagure.io/freeipa/issue/8951%5B#8951]
[[endi_sukma_dewata_2]] === Endi Sukma Dewata (2)
* Explicitly use legacy ID generators by default https://pagure.io/freeipa/c/580881104e873e8eaf977e750b29660cfbeb680e%5Bcommi...] * Remove pki_restart_configured_instance https://pagure.io/freeipa/c/79f765586e8f18e37f3dbe036b12715bef49e442%5Bcommi...]
[[florence_blanc_renaud_20]] === Florence Blanc-Renaud (20)
* ipatests: update vagrant boxes https://pagure.io/freeipa/c/f5fb8b05a75c4b88534cddd4aa298a741d221b59%5Bcommi...] * ipatests: remove xfail for tests using sssctl domain-status https://pagure.io/freeipa/c/9a95c51577bfd5b4dcaf84369495585fbce57b20%5Bcommi...] https://pagure.io/freeipa/issue/9234%5B#9234] * spec file: bump sssd version https://pagure.io/freeipa/c/eb25f89f2d0e756579b2969e8408fd7563ac5aaf%5Bcommi...] https://pagure.io/freeipa/issue/9234%5B#9234] * ipatests: re-enable dnssec tests https://pagure.io/freeipa/c/9b1af71637cba49c7c9dd4eae36cb25fa5ecbd33%5Bcommi...] https://pagure.io/freeipa/issue/9216%5B#9216] * Spec file: bump bind version on f37+ https://pagure.io/freeipa/c/1dfb5d56f14a532bfe0df2bbd2f8abc10651faab%5Bcommi...] https://pagure.io/freeipa/issue/9216%5B#9216] * Spec file: bump the selinux-policy version https://pagure.io/freeipa/c/4e201ec97e5c54ad8d5fa02285e628d1a36d9ea7%5Bcommi...] https://pagure.io/freeipa/issue/9198%5B#9198] * webui tests: fix test_subid suite https://pagure.io/freeipa/c/9936379c9f0d6c888785ccca8766ed7074054270%5Bcommi...] https://pagure.io/freeipa/issue/9214%5B#9214] * ipatests: mark xfail tests using dnssec https://pagure.io/freeipa/c/3d093c66f21c57afeb8cfc242390d0d032509ab3%5Bcommi...] https://pagure.io/freeipa/issue/9216%5B#9216] * ipatests: mark xfail tests using sssctl domain-status https://pagure.io/freeipa/c/40b9c6fc4746cfa32d8bf7c2038745cc037c673b%5Bcommi...] https://pagure.io/freeipa/issue/9234%5B#9234] * Tests: test on f37 and f36 https://pagure.io/freeipa/c/a6485d6325585d0f80b659c473b3675728556ce1%5Bcommi...] * ipa man page: format the EXAMPLES section https://pagure.io/freeipa/c/1546c0b206e02902b4aba631ee83f2f7ba5acb1f%5Bcommi...] https://pagure.io/freeipa/issue/9252%5B#9252] * ipatests: add negative test for otptoken-sync https://pagure.io/freeipa/c/d9f33b7cd7e336be90d889e2db4c4bce18753918%5Bcommi...] https://pagure.io/freeipa/issue/9248%5B#9248] * ipa otptoken-sync: return error when sync fails https://pagure.io/freeipa/c/221768f882784755c6449ff70f291fab780cce16%5Bcommi...] https://pagure.io/freeipa/issue/9248%5B#9248] * ipa-cacert-manage prune: remove all expired certs https://pagure.io/freeipa/c/c5bcaab8f1e09ab7a0464f5a532f154d43ffcadb%5Bcommi...] https://pagure.io/freeipa/issue/9244%5B#9244] * gitignore: add install/oddjob/org.freeipa.server.config-enable-sid https://pagure.io/freeipa/c/458dcebd2542de70c987ca89fe49f15d3f40ee82%5Bcommi...] * ipatests: Fix expected object classes https://pagure.io/freeipa/c/b6520bef2ef05dd87636d8b57e3247d451af81d8%5Bcommi...] https://pagure.io/freeipa/issue/9062%5B#9062] * check_repl_update: in progress is a boolean https://pagure.io/freeipa/c/2003eb6b3d4a27a5de5eaa79418f115dd99886cd%5Bcommi...] https://pagure.io/freeipa/issue/9218%5B#9218] * azure tests: disable TestInstallDNSSECFirst https://pagure.io/freeipa/c/eb9f606ffd1ad3ccd846173c152c52a171be8f86%5Bcommi...] https://pagure.io/freeipa/issue/9216%5B#9216] * Nightly tests: fix template for nightly_ipa-4-10_latest.yaml https://pagure.io/freeipa/c/4499c7379b5531501bb1a5ea58ab575bf3b08907%5Bcommi...] * ipatests: add nightly definitions for ipa-4-10 branch https://pagure.io/freeipa/c/6c6a43c9090b5f61726512182a36958cbdafc9a4%5Bcommi...]
[[francisco_trivino_1]] === Francisco Trivino (1)
* Vault: fix interoperability issues with older RHEL systems https://pagure.io/freeipa/c/ba962632cd008edd057f61e7e6fadbf464ff94f2%5Bcommi...] https://pagure.io/freeipa/issue/9259%5B#9259]
[[fraser_tweedale_2]] === Fraser Tweedale (2)
* install: suggest --skip-mem-check when mem check fails https://pagure.io/freeipa/c/cebfb8792006af1a41c4c26c49372f0ea822dbaf%5Bcommi...] https://pagure.io/freeipa/issue/8404%5B#8404] * man: add --skip-mem-check to man pages https://pagure.io/freeipa/c/e7bee5b668fee083d8ada167f307857761c25d80%5Bcommi...] https://pagure.io/freeipa/issue/8404%5B#8404]
[[jesse_sandberg_1]] === Jesse Sandberg (1)
* Fix ipa-ccache-sweeper activation timer and clean up service file https://pagure.io/freeipa/c/f6a661bdaf0560eac99ca63ffb25ec739281a19a%5Bcommi...] https://pagure.io/freeipa/issue/9231%5B#9231]
[[julien_rische_1]] === Julien Rische (1)
* Generate CNAMEs for TXT+URI location krb records https://pagure.io/freeipa/c/b0d909968bfa323f16aae46f6126abf7625d11e9%5Bcommi...] https://pagure.io/freeipa/issue/9257%5B#9257]
[[mohammad_rizwan_1]] === Mohammad Rizwan (1)
* ipatests: Test newly added certificate lable https://pagure.io/freeipa/c/580e62a1615483c9ae94fabce8bd8eacc83028f2%5Bcommi...]
[[nikola_knazekova_1]] === Nikola Knazekova (1)
* Exclude installed policy module file from RPM verification https://pagure.io/freeipa/c/ad7bdd46fb64c3fbb8104a9599459795fc193389%5Bcommi...] https://pagure.io/freeipa/issue/9254%5B#9254]
[[weblate_5]] === Weblate (5)
* Update translation files https://pagure.io/freeipa/c/357dd550ce3568e37edebd4bb3394a706eb81182%5Bcommi...] * Update translation files https://pagure.io/freeipa/c/c8c4e93fd64329df76b4754f74d70cfceed6c452%5Bcommi...] * Update translation files https://pagure.io/freeipa/c/921fdd2ca879b8d6c1e601a17eb3eb9b197f9797%5Bcommi...] * Update translation files https://pagure.io/freeipa/c/3500d05f8904d7bab84d950c81563d9bfb6d1474%5Bcommi...] * Update translation files https://pagure.io/freeipa/c/d0b336025fd0408e1f81811330cac6682ba0bed6%5Bcommi...]
[[pavel_březina_1]] === Pavel Březina (1)
* docs: add security section to idp https://pagure.io/freeipa/c/56d287248039f56c7b6bba3860061cb2b4460337%5Bcommi...] https://pagure.io/freeipa/issue/8803%5B#8803], https://pagure.io/freeipa/issue/8804%5B#8804], https://pagure.io/freeipa/issue/8805%5B#8805]
[[piotr_drąg_2]] === Piotr Drąg (2)
* Translated using Weblate (Polish) https://pagure.io/freeipa/c/31f7860d089a628a4ccfaf8db507ecadfaa75805%5Bcommi...] * Translated using Weblate (Polish) https://pagure.io/freeipa/c/f9419bdad41a87aa4454fcb1d725988b27c634a1%5Bcommi...]
[[rob_crittenden_13]] === Rob Crittenden (13)
* doc: Design for HSM support https://pagure.io/freeipa/c/2aa8ec1df1468ef2ed8e54ec76f53b858ce0d241%5Bcommi...] https://pagure.io/freeipa/issue/9273%5B#9273] * Support tokens and optional password files when opening an NSS db https://pagure.io/freeipa/c/1de3f6c5580dfe57e39c72268dc54b9dfeb17e69%5Bcommi...] https://pagure.io/freeipa/issue/9273%5B#9273] * Pass the curl write callback by name instead of address https://pagure.io/freeipa/c/5631e4747073b7bba42a323e60a7822e712a740f%5Bcommi...] https://pagure.io/freeipa/issue/9274%5B#9274] * Move client certificate request after krb5.conf is created https://pagure.io/freeipa/c/f3c861b9fcbf7815161b46e5eab582813c1021dc%5Bcommi...] https://pagure.io/freeipa/issue/9246%5B#9246] * Defer creating the final krb5.conf on clients https://pagure.io/freeipa/c/3cbf2b25422100cc4105dfb09ee8c7bf87232198%5Bcommi...] https://pagure.io/freeipa/issue/9228%5B#9228] * Fix upper bound of password policy grace limit https://pagure.io/freeipa/c/3c4386ce057a0fd50c7494db43c71405c9674b8f%5Bcommi...] https://pagure.io/freeipa/issue/9243%5B#9243] * Set default on group pwpolicy with no grace limit in upgrade https://pagure.io/freeipa/c/de6f074538f6641fd9d84bed204a3d4d50eccbe5%5Bcommi...] https://pagure.io/freeipa/issue/9212%5B#9212] * Set default gracelimit on group password policies to -1 https://pagure.io/freeipa/c/45e6d49b94da78cd82eb016b3266a17a1359a087%5Bcommi...] https://pagure.io/freeipa/issue/9212%5B#9212] * doc: Update LDAP grace period design with default values https://pagure.io/freeipa/c/1aa39529cda4ab9620539dbad705cedd23c21b42%5Bcommi...] https://pagure.io/freeipa/issue/9212%5B#9212] * upgrades: Don't restart the CA on ACME and profile schema change https://pagure.io/freeipa/c/459b81b196b7bf36100aa2f4e5c4d36b1e4526f6%5Bcommi...] https://pagure.io/freeipa/issue/9204%5B#9204] * Disabling gracelimit does not prevent LDAP binds https://pagure.io/freeipa/c/1bb4ff9ed2313fb3c2bd1418258c5bcec557b6a5%5Bcommi...] https://pagure.io/freeipa/issue/9206%5B#9206] * Warn for permissions with read/write/search/compare and no attrs https://pagure.io/freeipa/c/499f71729b8689d40608d9c99db703eb2c00a934%5Bcommi...] https://pagure.io/freeipa/issue/9188%5B#9188] * Only calculate LDAP password grace when the password is expired https://pagure.io/freeipa/c/33cd62e0daa68fa6a9b3ca495d97ac5ce8713349%5Bcommi...] https://pagure.io/freeipa/issue/1539%5B#1539]
[[ricky_tigg_3]] === Ricky Tigg (3)
* Translated using Weblate (Finnish) https://pagure.io/freeipa/c/67c54ce7a9b7c11a56475e1d8de586b18abce228%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/86f828a7e52ee09ae6e666dce11183c0dd091540%5Bcommi...] * Translated using Weblate (Finnish) https://pagure.io/freeipa/c/4b10b6dab45c87472bb1fe0baeeee987ae1b23ba%5Bcommi...]
[[sumit_bose_1]] === Sumit Bose (1)
* ipa-kdb: do not fail if certmap rule cannot be added https://pagure.io/freeipa/c/ae445f72a009d14135e11ff932eded2dc2dc9c86%5Bcommi...]
[[김인수_4]] === 김인수 (4)
* Translated using Weblate (Korean) https://pagure.io/freeipa/c/d5ea8d6c9f7208a2ae8b5379c88ae36e7c4f62e6%5Bcommi...] * Translated using Weblate (Korean) https://pagure.io/freeipa/c/4ea9b5ef0f3ee1361a59622e4d6c3274cf2e7ad4%5Bcommi...] * Translated using Weblate (Korean) https://pagure.io/freeipa/c/9d1541f17d44cbb38bc9a477c5e88eaee71ce6d8%5Bcommi...] * Added translation using Weblate (Korean) https://pagure.io/freeipa/c/f420c19bb62fb3c735563cb462fd6be7b8018691%5Bcommi...]
[[stanislav_levin_6]] === Stanislav Levin (6)
* ipapython: Support openldap 2.6 https://pagure.io/freeipa/c/51c31e0ad3387c07aad1035f00871bdcc201812a%5Bcommi...] https://pagure.io/freeipa/issue/9255%5B#9255] * x509: Replace removed register_interface with subclassing https://pagure.io/freeipa/c/a7beaa0b4de6b6b00ee1b5b770f0d2e72fad58df%5Bcommi...] https://pagure.io/freeipa/issue/9160%5B#9160] * ap: Constrain supported docutils https://pagure.io/freeipa/c/e5f7356e7e83b605a821ece9f242ac924925f27e%5Bcommi...] https://pagure.io/freeipa/issue/9208%5B#9208] * ap: Rearrange overloaded jobs https://pagure.io/freeipa/c/8ff0c1a5ee33946202031a8bc83e855216cd0c95%5Bcommi...] https://pagure.io/freeipa/issue/9207%5B#9207] * ap: Disable azure's security daemon https://pagure.io/freeipa/c/acd1d127938aa9feefbbc7ee325963a2e44ef3c3%5Bcommi...] https://pagure.io/freeipa/issue/9207%5B#9207] * ap: Raise dbus timeout https://pagure.io/freeipa/c/260d6378ec59d244e5f247f4af81f7ae8c72ac87%5Bcommi...] https://pagure.io/freeipa/issue/9207%5B#9207]
[[scott_poore_5]] === Scott Poore (5)
* ipatests: xfail test_ipa_login_with_sso_user https://pagure.io/freeipa/c/10604ead7d90a9573368dd09c8ab06740cf14bb7%5Bcommi...] https://pagure.io/freeipa/issue/9264%5B#9264] * ipatests: add keycloak user login to ipa test https://pagure.io/freeipa/c/e197c743f3ea1a98d444c0eb01339cc22eab64d5%5Bcommi...] https://pagure.io/freeipa/issue/9250%5B#9250] * ipatests: add prci definitions for test_sso jobs https://pagure.io/freeipa/c/db1d05176d8072b05fea179af2ac97caaeb65dd1%5Bcommi...] * ipatests: add Keycloak Bridge test https://pagure.io/freeipa/c/ac776987d30ecd3444a9b25f49a714fddc3c4232%5Bcommi...] https://pagure.io/freeipa/issue/9227%5B#9227] * ipatests: Rename create_quarkus to create_keycloak https://pagure.io/freeipa/c/a0a104a42c2ccd89394e48c2375bb0eb95183c5b%5Bcommi...] https://pagure.io/freeipa/issue/9225%5B#9225]
[[sumedh_sidhaye_3]] === Sumedh Sidhaye (3)
* With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck. https://pagure.io/freeipa/c/5477a07d91ef2c506cc943699612e5e27d0c93e4%5Bcommi...] https://pagure.io/freeipa/issue/9238%5B#9238] * Additional tests for RSN v3 https://pagure.io/freeipa/c/bfe074ed478c20a9537dc2a714bba50dbc2cd34f%5Bcommi...] https://pagure.io/freeipa/issue/2016%5B#2016] * Added a check while removing 'cert_dir'. The teardown method is called even if all the tests are skipped since the required PKI version is not present. The teardown is trying to remove a non-existent directory. https://pagure.io/freeipa/c/aca97507cd119ad55e0c3c18ca65087cb5576c82%5Bcommi...] https://pagure.io/freeipa/issue/9179%5B#9179]
[[sudhir_menon_2]] === Sudhir Menon (2)
* ipatests: ipa-client-install --subid adds entry in nsswitch.conf https://pagure.io/freeipa/c/a39af6b7228d8ba85b9e97aa5decbc056d081c77%5Bcommi...] https://pagure.io/freeipa/issue/9159%5B#9159] * ipatests: WebUI: do not allow subid range deletion https://pagure.io/freeipa/c/38e5bcf719a0e7c7550837ffb14300db8efe09e4%5Bcommi...] https://pagure.io/freeipa/issue/9150%5B#9150]
[[temuri_doghonadze_4]] === Temuri Doghonadze (4)
* Translated using Weblate (Georgian) https://pagure.io/freeipa/c/3379aa0aa85ca40fbce94f9d2307c6b501054c5a%5Bcommi...] * Translated using Weblate (Georgian) https://pagure.io/freeipa/c/054bd14bcfe999e7722c812e7509c31e6f012bb3%5Bcommi...] * Translated using Weblate (Georgian) https://pagure.io/freeipa/c/a1e66f5c050d8c9226f23af9b7d0c68bfd32a4d9%5Bcommi...] * Added translation using Weblate (Georgian) https://pagure.io/freeipa/c/a30db2030c730d835e28ceb8cdc3c64d18edb4f9%5Bcommi...]
[[thomas_woerner_1]] === Thomas Woerner (1)
* DNSResolver: Fix use of nameservers with ports https://pagure.io/freeipa/c/6c5530c509793f66a162ed4153d5425a0eda02d6%5Bcommi...] https://pagure.io/freeipa/issue/9158%5B#9158]
[[viacheslav_sychov_1]] === Viacheslav Sychov (1)
* fix: Handle /proc/1/sched missing error https://pagure.io/freeipa/c/7aa845730999951c8f340f43ed5872c54458c6a3%5Bcommi...]
[[yuri_chornoivan_6]] === Yuri Chornoivan (6)
* Translated using Weblate (Ukrainian) https://pagure.io/freeipa/c/6846b953361bc96b322734e23e566c93a1879046%5Bcommi...] * Translated using Weblate (Ukrainian) https://pagure.io/freeipa/c/867a38a4636915df62a28b61855780b02ff55d56%5Bcommi...] * Translated using Weblate (Ukrainian) https://pagure.io/freeipa/c/6de25a0f201f0591bc551503b95f8d22c79fe7aa%5Bcommi...] * Translated using Weblate (Ukrainian) https://pagure.io/freeipa/c/63d332ff9ebbdd59fac65748025f8eea4270704d%5Bcommi...] * Translated using Weblate (Ukrainian) https://pagure.io/freeipa/c/d6d7c5d28bcf7ed341f0a5d4e1b0f167a195a4c2%5Bcommi...] * Translated using Weblate (Ukrainian) https://pagure.io/freeipa/c/a21bf7fe8213c6b041ab500ab533e2a5888d1c3e%5Bcommi...]
freeipa-users@lists.fedorahosted.org