January 2019 - FreeIPA-devel - Fedora mailing-lists

[freeipa PR#2797][opened] Move Custodia secrets handler to scripts
by tiran 26 Apr '19

26 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2797 Author: tiran Title: #2797: Move Custodia secrets handler to scripts Action: opened PR body: """ Implement the import and export handlers for Custodia keys as external scripts. It's a prerequisite to drop DAC override permission and proper SELinux rules for ipa-custodia. Fixes: https://pagure.io/freeipa/issue/6888 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2797/head:pr2797 git checkout pr2797

1 1

[freeipa PR#2411][opened] Test ipa-server-install when mandatory params not specified.
by onkarkarale 12 Apr '19

12 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2411 Author: onkarkarale Title: #2411: Test ipa-server-install when mandatory params not specified. Action: opened PR body: """ When installing ipa-server in unattended mode (i.e -U option), some manadatory params should be specified with the install commands like -p, -r and -a etc. If we don't specify these params, installation will fail. Signed-off-by: Onkar Karale <karaleonkar19(a)gmail.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2411/head:pr2411 git checkout pr2411

2 1

[freeipa PR#2464][opened] Support interactive prompt for ntp options
by Tiboris 11 Apr '19

11 Apr '19

URL: https://github.com/freeipa/freeipa/pull/2464 Author: Tiboris Title: #2464: Support interactive prompt for ntp options Action: opened PR body: """ FreeIPA will now ask user for NTP source server or pool address in interactive mode if there is no server nor pool specified and autodiscovery has not found any NTP source in DNS records. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2464/head:pr2464 git checkout pr2464

2 1

[freeipa PR#2635][opened] [Backport][ipa-4-7] Added automation for NTP options test scenarios
by Tiboris 29 Mar '19

29 Mar '19

URL: https://github.com/freeipa/freeipa/pull/2635 Author: Tiboris Title: #2635: [Backport][ipa-4-7] Added automation for NTP options test scenarios Action: opened PR body: """ This PR is **manual backport** of https://github.com/freeipa/freeipa/pull/2404 please wait for CI before pushing. In case of questions or problems contact @varunmylaraiah who is author of the original PR. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2635/head:pr2635 git checkout pr2635

1 1

[freeipa PR#2638][opened] Fix test_ntp_options
by Tiboris 29 Mar '19

29 Mar '19

URL: https://github.com/freeipa/freeipa/pull/2638 Author: Tiboris Title: #2638: Fix test_ntp_options Action: opened PR body: """ On nightly tests are failing because custom client and replica install methods Use methods: - tasks.replica_install() - tasks.client_isntall() instead of custom methods. Move ntp_pool/server to class scope. Related to: https://pagure.io/freeipa/issue/7719 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2638/head:pr2638 git checkout pr2638

1 1

[freeipa PR#1726][opened] [RFE] IPA server installation with successful message
by amitkumar50 29 Mar '19

29 Mar '19

URL: https://github.com/freeipa/freeipa/pull/1726 Author: amitkumar50 Title: #1726: [RFE] IPA server installation with successful message Action: opened PR body: """ This PR updates IPA success installation message as this: ============================================= IPA server installation successful You can access Web UI using https://ipaserver1.testrelm.test/ipa/ui Obtain a Kerberos Ticket for issuing IPA command 'kinit admin' Server is installed with following roles : * Directory Server * Kerbeors Server * Httpd Server * CA Server * DNS Server For troubleshooting and errors : Please visit : https://www.redhat.com/en For documentation : Please visit : https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/ht… Resolves: https://pagure.io/freeipa/issue/6355 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1726/head:pr1726 git checkout pr1726

2 1

[freeipa PR#2756][opened] Add test case for configure_openldap_conf
by tiran 29 Mar '19

29 Mar '19

URL: https://github.com/freeipa/freeipa/pull/2756 Author: tiran Title: #2756: Add test case for configure_openldap_conf Action: opened PR body: """ New test case is failing with: ``` ======================================================================= test session starts ======================================================================== platform linux -- Python 3.7.2, pytest-3.6.4, py-1.5.4, pluggy-0.6.0 -- /usr/bin/python3 cachedir: ipatests/.pytest_cache rootdir: /home/heimes/redhat/freeipa/ipatests, inifile: plugins: sourceorder-0.5, multihost-3.0 collected 1 item ipatests/test_ipaclient/test_ldapconf.py::test_configure_openldap_conf FAILED [100%] ============================================================================= FAILURES ============================================================================= ___________________________________________________________________ test_configure_openldap_conf ___________________________________________________________________ def test_configure_openldap_conf(): text, settings = ldap_conf("") assert '# File modified by ipa-client-install' in text assert settings == { 'BASE': ['cn=ipa,cn=example'], 'URI': ['ldaps://ldap.ipa.example'], 'TLS_CACERT': ['/etc/ipa/ca.crt'], 'SASL_MECH': ['GSSAPI'] } text, settings = ldap_conf(LDAP_CONF) assert '# File modified by ipa-client-install' in text > assert settings == { 'BASE': ['dc=example,dc=com'], 'URI': ['ldaps://ldap.ipa.example'], 'SASL_NOCANON': ['on'], 'TLS_CACERT': ['/etc/ipa/ca.crt'], 'SASL_MECH': ['GSSAPI'] } E AssertionError: assert {'BASE': ['dc...ca.crt'], ...} == {'BASE': ['dc=...ca.crt'], ...} E Omitting 4 identical items, use -vv to show E Differing items: E {'URI': ['ldap://ldap.example.com ldap://ldap-master.example.com:666', 'ldaps://ldap.ipa.example']} != {'URI': ['ldaps://ldap.ipa.example']} E Full diff: E {'BASE': ['dc=example,dc=com'], E 'SASL_MECH': ['GSSAPI'], E 'SASL_NOCANON': ['on'],... E E ...Full output truncated (7 lines hidden), use '-vv' to show ipatests/test_ipaclient/test_ldapconf.py:67: AssertionError ``` """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2756/head:pr2756 git checkout pr2756

1 1

[freeipa PR#2584][opened] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
by tiran 29 Mar '19

29 Mar '19

URL: https://github.com/freeipa/freeipa/pull/2584 Author: tiran Title: #2584: ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: opened PR body: """ The PR was originally PR @abbra's PR https://github.com/freeipa/freeipa/pull/2106. PR-CI was broken for that PR. I also squashed some intermediate commits. ## Original PR message Password changes performed by cn=Directory Manager are excluded from password policy checks according to [1]. This is correctly handled by ipa-pwd-extop in case of a normal Kerberos principal in IPA. However, non-kerberos accounts were not excluded from the check. As result, password updates for PKI CA admin account in o=ipaca were failing if a password policy does not allow a password reuse. We are re-setting the password for PKI CA admin in ipa-replica-prepare in case the original directory manager's password was updated since creation of `cacert.p12`. Do password policy check for non-Kerberos accounts only if it was set by a regular user or admin. Changes performed by a cn=Directory Manager and passsync managers should be excluded from the policy check. Fixes: https://pagure.io/freeipa/issue/7181 Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> [1] https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/h… """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2584/head:pr2584 git checkout pr2584

1 1

[freeipa PR#2772][opened] [testing_rawhide] Nightly PR
by freeipa-pr-ci 28 Mar '19

28 Mar '19

URL: https://github.com/freeipa/freeipa/pull/2772 Author: freeipa-pr-ci Title: #2772: [testing_rawhide] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2772/head:pr2772 git checkout pr2772

2 1

[freeipa PR#2163][opened] Make ipaclient.csrgen optional
by tiran 27 Mar '19

27 Mar '19

URL: https://github.com/freeipa/freeipa/pull/2163 Author: tiran Title: #2163: Make ipaclient.csrgen optional Action: opened PR body: """ ipaclient's csrgen plugin has been turned into an optional dependency. The ipaclient plugin, helper modules like ipaclient.csrgen and templates are shipped conditionally. The ipaclient cert plugin and ipatests handle missing csrgen gracefully. Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2163/head:pr2163 git checkout pr2163

1 1

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel January 2019