URL: https://github.com/freeipa/freeipa/pull/1116
Author: rcritten
Title: #1116: Enable ephemeral KRA requests
Action: opened
PR body:
"""
Enabling ephemeral KRA requests will reduce the amount of LDAP
write operations and improve overall performance.
https://pagure.io/freeipa/issue/6703
NOTE: I'm not 100% sure on the upgrade for existing instances. My logic is that tomcat is always stopped and then within that block the CA (if any) will be updated. Given that the KRA runs in the same service that is why I stuck that update code there. It worked in my testing.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1116/head:pr1116
git checkout pr1116
URL: https://github.com/freeipa/freeipa/pull/1011
Author: tomaskrizek
Title: #1011: py3: dnssec
Action: opened
PR body:
"""
This PR is a partial fix that should allow DNSSEC installation for master. Keys will not be distributed to replicas. With my limited DNSSEC/IPA knowledge, I wasn't able to verify the data stored in LDAP are actually correct. In case they are not, this would prevent installation of DNSSEC replicas in the future.
Our DNSSEC tests are not passing, thus we can't use them to verify this PR. Given these circumstances, I propose to officially discourage DNSSEC installation in 4.6.0.
This PR supersedes #898. For review, it is highly recommended to rebase on #999.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1011/head:pr1011
git checkout pr1011
URL: https://github.com/freeipa/freeipa/pull/1047
Author: rcritten
Title: #1047: Use the user-provided CA chain file in connections & check for file existence
Action: opened
PR body:
"""
The user now may provide their own CA chain to the make API commands but it isn't honored.
The value is also not checked for existence throwing a generic "no such file" error rather than "file <foo> doesn't exist"
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1047/head:pr1047
git checkout pr1047
URL: https://github.com/freeipa/freeipa/pull/1120
Author: celestian
Title: #1120: tests: Mark failing tests as failing
Action: opened
PR body:
"""
Some tests from installation suite assume that it is possible
to --setup-kra, respectively --setu-ca if there is no kra,
respectively ca on IPA master.
This patch marks those tests as failing.
Signed-off-by: Petr Čech <pcech(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1120/head:pr1120
git checkout pr1120
URL: https://github.com/freeipa/freeipa/pull/1056
Author: stlaz
Title: #1056: Remove temporary workaround for Travis CI
Action: opened
PR body:
"""
Once Travis fixes their issue/will post resolution, we can remove the workaround.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1056/head:pr1056
git checkout pr1056
URL: https://github.com/freeipa/freeipa/pull/1178
Author: pvomacka
Title: #1178: WebUI: make Domain Resolution Order writable
Action: opened
PR body:
"""
Objectclass which defines the Domain Resolution Order is added to
the object only after modification. Therefore before modification of
object the attributelevelrights does not contain the 'domainresolutionorder'
attribute and the WebUI evaluates field as not writable.
'w_if_no_aci' flag was designed to make writable those fields
for which we don't have attributelevelrights.
https://pagure.io/freeipa/issue/7169
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1178/head:pr1178
git checkout pr1178
URL: https://github.com/freeipa/freeipa/pull/1143
Author: Akasurde
Title: #1143: [tests] Fix negative tests in CA-less testsuite
Action: opened
PR body:
"""
This fix adds check for non-existing files which are given
by negative testcases to copy from controller to system under tests.
This fixes test_nonexistent_ds_pkcs12_file and test_nonexistent_http_pkcs12_file
tests in CA-less testsuite.
Fixes: https://pagure.io/freeipa/issue/7182
Signed-off-by: Abhijeet Kasurde <akasurde(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1143/head:pr1143
git checkout pr1143
URL: https://github.com/freeipa/freeipa/pull/1179
Author: abbra
Title: #1179: adtrust: filter out subdomains when defining our topology to AD
Action: opened
PR body:
"""
When definining a topology of a forest to be visible over a cross-forest
trust, we set *.<forest name> as all-catch top level name already.
This means that all DNS subdomains of the forest will already be matched
by this TLN. If we add more TLNs for subdomains, Active Directory will
respond with NT_STATUS_INVALID_PARAMETER.
Filter out all subdomains of the forest root domain. All other realm
domains will be added with explicit TLN records.
Fixes https://pagure.io/freeipa/issue/6666
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1179/head:pr1179
git checkout pr1179