February 2020 - FreeIPA-devel - Fedora mailing-lists

[freeipa PR#2106][opened] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
by abbra 23 Mar '20

23 Mar '20

URL: https://github.com/freeipa/freeipa/pull/2106 Author: abbra Title: #2106: ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: opened PR body: """ Password changes performed by cn=Directory Manager are excluded from password policy checks according to [1]. This is correctly handled by ipa-pwd-extop in case of a normal Kerberos principal in IPA. However, non-kerberos accounts were not excluded from the check. As result, password updates for PKI CA admin account in o=ipaca were failing if a password policy does not allow a password reuse. We are re-setting the password for PKI CA admin in ipa-replica-prepare in case the original directory manager's password was updated since creation of `cacert.p12`. Do password policy check for non-Kerberos accounts only if it was set by a regular user or admin. Changes performed by a cn=Directory Manager and passsync managers should be excluded from the policy check. Fixes: https://pagure.io/freeipa/issue/7181 Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> [1] https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/h… """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2106/head:pr2106 git checkout pr2106

2 1

[freeipa PR#4211][opened] [Backport][ipa-4-7] ipatests: add test_trust suite to nightly runs
by wladich 23 Mar '20

23 Mar '20

URL: https://github.com/freeipa/freeipa/pull/4211 Author: wladich Title: #4211: [Backport][ipa-4-7] ipatests: add test_trust suite to nightly runs Action: opened PR body: """ This is a manual backport of #4208 The test suite test_trust was missing in nightly definitions because PR-CI was not able to provision multi-AD topology. Now that PR-CI is updated, we can start executing this test suite. It is not reasonable to add it to gating as this suite is time consuming like other tests requiring provisioning of AD instances. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4211/head:pr4211 git checkout pr4211

1 1

[freeipa PR#3724][opened] ipatests: Added testcase to check /var/log/ipahealthcheck directory contains healthcheck.log file
by menonsudhir 20 Mar '20

20 Mar '20

URL: https://github.com/freeipa/freeipa/pull/3724 Author: menonsudhir Title: #3724: ipatests: Added testcase to check /var/log/ipahealthcheck directory contains healthcheck.log file Action: opened PR body: """ ipatests: Added testcase to check /var/log/ipahealthcheck directory contains healthcheck.log file Issue: freeipa/freeipa-healthcheck#35 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3724/head:pr3724 git checkout pr3724

2 1

[freeipa PR#4078][opened] ipatests: lookup IPA object directly from LDAP on the IPA server
by amore17 17 Mar '20

17 Mar '20

URL: https://github.com/freeipa/freeipa/pull/4078 Author: amore17 Title: #4078: ipatests: lookup IPA object directly from LDAP on the IPA server Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4078/head:pr4078 git checkout pr4078

2 1

[freeipa PR#4000][opened] ipatests: Test if ipa-backup throws error if /var/lib/ipa/ runs out of space
by mrizwan93 16 Mar '20

16 Mar '20

URL: https://github.com/freeipa/freeipa/pull/4000 Author: mrizwan93 Title: #4000: ipatests: Test if ipa-backup throws error if /var/lib/ipa/ runs out of space Action: opened PR body: """ ipa-backup throws error when /var/lib/ipa runs out of space. Earlier the error was not so clear. Fix mentions about insufficient space. related : https://pagure.io/freeipa/issue/7647 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4000/head:pr4000 git checkout pr4000

1 1

[freeipa PR#3645][opened] ipatests: Added testcase to check that ipa-healthcheck tool displays warning if no range is set
by menonsudhir 12 Mar '20

12 Mar '20

URL: https://github.com/freeipa/freeipa/pull/3645 Author: menonsudhir Title: #3645: ipatests: Added testcase to check that ipa-healthcheck tool displays warning if no range is set Action: opened PR body: """ ipatests: Added testcase to check that ipa-healthcheck tool displays warning if no range is set. Issue: https://github.com/freeipa/freeipa-healthcheck/issues/60 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3645/head:pr3645 git checkout pr3645

2 3

[freeipa PR#3955][opened] ipatests: add test for SSSD updating expired cache items
by wladich 12 Mar '20

12 Mar '20

URL: https://github.com/freeipa/freeipa/pull/3955 Author: wladich Title: #3955: ipatests: add test for SSSD updating expired cache items Action: opened PR body: """ **Patch 1:** New test checks that sssd updates expired cahce values both for IPA domain and trusted AD domain. Related to: https://pagure.io/SSSD/sssd/issue/4012 **Patch 2:** ipatests: refactor sssd tests for cached_auth_timeout option No changes in test scenarios or coverage. Changes: * Renamed parameter user => user_origin for consistency with new tests * evaluate user name once per testcase to reduce copy-pastes * evauate wait time in a more natural way """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3955/head:pr3955 git checkout pr3955

2 1

[freeipa PR#4289][opened] [testing_ipa-4.8] Nightly PR
by freeipa-pr-ci 08 Mar '20

08 Mar '20

URL: https://github.com/freeipa/freeipa/pull/4289 Author: freeipa-pr-ci Title: #4289: [testing_ipa-4.8] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4289/head:pr4289 git checkout pr4289

2 1

[freeipa PR#4277][opened] ipa-adtrust-install: run remote configuration for new agents
by flo-renaud 05 Mar '20

05 Mar '20

URL: https://github.com/freeipa/freeipa/pull/4277 Author: flo-renaud Title: #4277: ipa-adtrust-install: run remote configuration for new agents Action: opened PR body: """ ### ipa-adtrust-install: run remote configuration for new agents When ipa-adtrust-install is run, the tool detects masters that are not enabled as trust agents and propose to configure them. With the current code, the Schema Compat plugin is not enabled on these new trust agents and a manual restart of LDAP server + SSSD is required. With this commit, ipa-adtrust-install now calls remote code on the new agents through JSON RPC api, in order to configure the missing parts. On the remote agent, the command is using DBus and oddjob to launch a new command, /usr/sbin/ipa-trust-enable-agent [--enable-compat] This command configures the Schema Compat plugin if --enable-compat is provided, then restarts LDAP server and SSSD. If the remote agent is an older version and does not support remote enablement, or if the remote server is not responding, the tool ipa-adtrust-install prints a WARNING explaining the steps that need to be manually executed in order to complete the installation, and exits successfully (keeping the current behavior). Fixes: https://pagure.io/freeipa/issue/7600 ### ipatests: add test for ipa-adtrust-install --add-agents Add tests checking the behavior of ipa-adtrust-install when adding trust agents: - try adding a trust agent when the remote node is stopped. The installer must detect that he's not able to run the remote commands and print a WARNING. - try adding a trust agent when the remote node is running. The WARNING must not be printed as the remote configuration is done. - try adding a trust agent with --enable-compat. The WARNING must not be printed and the Schema Compatibility plugin must be enabled (the entries cn=users/groups,cn=Schema Compatibility,cn=plugins,cn=config must contain a new attribute schema-compat-lookup-nsswitch (=user/group). Notes: - this PR will have to be rebased after PR #4260 is merged as it's modifying the same test suite - TBD: add a SELinux policy rule allowing to call the remote command when #4251 is merged """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4277/head:pr4277 git checkout pr4277

1 1

[freeipa PR#4251][opened] Add freeipa-selinux subpackage
by vmojzis 05 Mar '20

05 Mar '20

URL: https://github.com/freeipa/freeipa/pull/4251 Author: vmojzis Title: #4251: Add freeipa-selinux subpackage Action: opened PR body: """ Add freeipa-selinux subpackage containing selinux policy for FreeIPA server. This policy module will override the distribution policy. Policy files where extracted from https://github.com/fedora-selinux/selinux-policy See Independent policy project guidelines for more details about shipping custom SELinux policy. https://fedoraproject.org/wiki/SELinux/IndependentPolicy """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4251/head:pr4251 git checkout pr4251

2 1

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel February 2020