<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>
<style>img {
max-width: 100%; height: auto;
}
body {
font-size: 0.875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;
}
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";'>
<div class="content">
<h3 style="margin-top: 20px; margin-bottom: 10px;">
Timo Aaltonen pushed to branch master at <a href="https://salsa.debian.org/freeipa-team/freeipa">FreeIPA packaging / freeipa</a>
</h3>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
Commits:
</h4>
<ul>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/8042bdc90c0ca8080f94c9baf54b713e08873232">8042bdc9</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2021-11-25T19:23:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Back to git snapshots
Signed-off-by: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a0eb02cfb6635eff82482b297965ff5348c660cd">a0eb02cf</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2021-11-29T15:27:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipaplatform/debian: Fix HTTPD_ALIAS_DIR, and drop some obsolete paths.
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cf9c4cc7dabace4f7971a810bbdde4c258d7a4be">cf9c4cc7</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2021-11-29T15:27:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipaplatform: Add support for recognizing systemd-timesyncd
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/da9be70f7030dfa8c99efd6952dfa0f24b590fc5">da9be70f</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2021-11-29T15:27:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipaplatform/debian: Fix named keytab name
This was changed in bind9 9.16 packaging
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/dcdc31b6f9f750b617b23717f7c39ec560133c2d">dcdc31b6</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2021-11-29T15:27:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipaplatform/debian: Fix ntpd service name
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e99870f7d0b58d88e9c18ad8ecc7edc1adb16051">e99870f7</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2021-11-29T15:27:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests/test_ipaplatform: Skip test_ipa_version on Debian
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/739d3566951e50b6467c80835945b2697fab8576">739d3566</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2021-11-29T15:27:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipaplatform: Modify paths to fips-mode-setup and systemd-tmpfiles
Debian hasn't yet migrated to a unified /usr.
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/69f5f319d1b8bf1b18a8798149d2fcffa43642ec">69f5f319</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2021-11-29T15:27:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>configure: Use HTTPD_GROUP in init/tmpfiles/ipa.conf.in
This is a platform specific value.
Fixes: https://pagure.io/freeipa/issue/9014
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/669f3d71161741c676ddd6a08bd08d4a4ccd495b">669f3d71</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2021-11-30T09:51:21+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: issue PAC_REQUESTER_SID only for TGTs
MS-KILE 3.3.5.6.4.8 in revision after Windows Server November 2021
security fixes added the following requirement:
- PAC_REQUESTER_SID is only added in TGT case (including referrals and
tickets to RODCs)
Fixes: https://pagure.io/freeipa/issue/9031
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7d93bda31ce0b4e0e22c6e464c9138800dcf8b1c">7d93bda3</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2021-11-30T09:51:21+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: fix requester SID check according to MS-KILE and MS-SFU updates
New versions of MS-KILE and MS-SFU after Windows Server November 2021
security updates add PAC_REQUESTER_SID buffer check behavior:
- PAC_REQUESTER_SID should only be added for TGT requests
- if PAC_REQUESTER_SID is present, KDC must verify that the cname on
the ticket resolves to the account with the same SID as the
PAC_REQUESTER_SID. If it doesn't KDC must respond with
KDC_ERR_TKT_REVOKED
Change requester SID check to skip exact check for non-local
PAC_REQUESTER_SID but harden to ensure it comes from the trusted domains
we know about.
If requester SID is the same as in PAC, we already do cname vs PAC SID
verification.
With these changes FreeIPA works against Windows Server 2019 with
November 2021 security fixes in cross-realm S4U2Self operations.
Fixes: https://pagure.io/freeipa/issue/9031
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ba7ec71ba96280da3841ebe47df2a6dc1cd6341e">ba7ec71b</a></strong>
<div>
<span> by Mohammad Rizwan </span> <i> at 2021-11-30T09:56:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown
Fixture `expire_certs` moves date back after renewing the certs.
This is causing the ipa-replica to fail. This fix first uninstalls
the server then moves back the date.
Fixes: https://pagure.io/freeipa/issue/9052
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/8b22ee018c3bb7f58a1b6694a7fd611688f8e74f">8b22ee01</a></strong>
<div>
<span> by Sumedh Sidhaye </span> <i> at 2021-11-30T09:58:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Extend test to see if replica is not shown when running `ipa-replica-manage list -v <FQDN>`
Related: https://pagure.io/freeipa/issue/8605
Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4c54e9d6ddb72eab6f654bf3dc2d29f27498ac96">4c54e9d6</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2021-12-14T15:13:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout
The test sets 389-ds nsslapd-idletimeout to 60s, then does a
kinit with an otp token (which makes ipa-otpd create a LDAP
connection), then sleeps for 60s. The expectation is that
ns-slapd will detect that the LDAP conn from ipa-otpd is idle
and close the connection.
According to 389ds doc, the idle timeout is enforced when the
connection table is walked. By doing a ldapsearch, the test
"wakes up" ns-slapd and forces the detection of ipa-otpd
idle connection.
Fixes: https://pagure.io/freeipa/issue/9044
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/465f1669a6c5abc72da1ecaf9aefa8488f80806c">465f1669</a></strong>
<div>
<span> by Anuja More </span> <i> at 2021-12-16T13:52:12+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Test default value of nsslapd-sizelimit.
related : https://pagure.io/freeipa/issue/8962
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cbd9ac6ab07dfb60f67da762fdd70856ad35c230">cbd9ac6a</a></strong>
<div>
<span> by Mohammad Rizwan </span> <i> at 2021-12-18T08:25:27+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Test empty cert request doesn't force certmonger to segfault
When empty cert request is submitted to certmonger, it goes to
segfault. This fix test that if something like this happens,
certmonger should gracefuly handle it
and some PEP8 fixes
related: https://pagure.io/certmonger/issue/191
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ce112e68bd711199baee1f7103d31a4bb0c5ad97">ce112e68</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-01-12T11:19:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Support building against OpenLDAP 2.6+
OpenLDAP 2.6 deprecated separate libldap/libldap_r, there is only one
(reentrant) variant for the library.
Attempt to use _r variant by default. In case it is missing, assume we
are using OpenLDAP 2.6 which has libraries without _r suffix. The
functions are still reentrant so there is not functional difference.
Fixes: https://pagure.io/freeipa/issue/9080
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1d19b860d4cd3bd65a4b143b588425d9a64237fd">1d19b860</a></strong>
<div>
<span> by Mohammad Rizwan </span> <i> at 2022-01-12T15:03:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Test cases for ipa-replica-conncheck command
Following test cases would be checked:
- when called with --principal (it should then prompt for a password)
- when called with --principal / --password
- when called without principal and password but with a kerberos TGT,
kinit admin done before calling ipa-replica-conncheck
- when called without principal and password, and without any kerberos
TGT (it should default to principal=admin and prompt for a password)
related: https://pagure.io/freeipa/issue/9047
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5444da016edc416c0c9481c660c013053dbb93b5">5444da01</a></strong>
<div>
<span> by Mohammad Rizwan </span> <i> at 2022-01-12T15:03:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>PEP8 Fixes
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1efdda078e502e1d67a047ccd06e8b7f555f8802">1efdda07</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-01-13T08:22:56+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: update images for f34 and f35
New versions of pki-server fix the following issues:
Fixes: https://pagure.io/freeipa/issue/9024
Fixes: https://pagure.io/freeipa/issue/8865
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/edbd8f692a28fc999b92e9032614d366511db323">edbd8f69</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-01-13T08:26:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: webui: Tests for subordinate ids.
Added web-ui tests to verify where operations
using subordinate ids are working as expected.
Related : https://pagure.io/freeipa/issue/8361
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/878859f4a27aa03c905b82f68327815825ceb1fa">878859f4</a></strong>
<div>
<span> by Michal Polovka </span> <i> at 2022-01-13T08:26:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pr-ci definitions: add web-ui subid-related jobs
Related: https://pagure.io/freeipa/issue/8361
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6ff7491172961fe210a6ec51b556231af9e123ba">6ff74911</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-01-14T09:47:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>automember default group: remove --desc parameter
The automember-default-group commands inherit from
the automember commands but should not provide the
--desc parameter.
Remove 'description' from the list of parameters.
Fixes: https://pagure.io/freeipa/issue/9068
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b9c42fed9b6f60801f908c368d0d97a2a69f7bb2">b9c42fed</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-01-14T09:50:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Config plugin: return EmptyModlist when no change is applied
When ipa config-mod is called with the option --enable-sid,
the code needs to trap EmptyModlist exception (it is expected
that no LDAP attribute is modified by this operation).
The code had a flaw and was checking:
'enable_sid' in options
instead of
options['enable_sid']
"'enable_sid' in options" always returns true as this option
is a Flag with a default value, hence always present even if
not specified on the command line.
Fixes: https://pagure.io/freeipa/issue/9063
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cd735099e86304294217147ed578ac902fcf3dd3">cd735099</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-01-14T09:50:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>config plugin: add a test ensuring EmptyModlist is returned
Add a test to test_config_plugin, that calls ipa config-mod
with the same value as already present in LDAP.
The call must return EmptyModlist.
Related: https://pagure.io/freeipa/issue/9063
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/419d7fd6e5a9ed2d356ad05eef1043309f5646ef">419d7fd6</a></strong>
<div>
<span> by Michal Polovka </span> <i> at 2022-01-14T16:57:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: webui: Use safe-loader for loading YAML configuration file
FullLoader class for YAML loader was introduced in version 5.1 which
also deprecated default loader. SafeLoader, however, stays consistent
across the versions and brings added security.
This fix is necessary as PyYAML > 5.1 is not available in downstream.
Related: https://pagure.io/freeipa/issue/9009
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e11cf7f489d34adeca990a5f58d9c6d247b33ec1">e11cf7f4</a></strong>
<div>
<span> by jh23453 </span> <i> at 2022-01-17T10:27:12+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Remove deprecation warning when installing a CA replica
I got the following message when installing a replica with CA:
2021-11-22T21:15:35Z DEBUG [5/30]: configuring certificate server instance
...
WARNING: The 'pki_ssl_server_token' in [CA] has been deprecated. Use 'pki_sslserver_token' instead.
Installation log: /var/log/pki/pki-ca-spawn.20211122221535.log
Installing CA into /var/lib/pki/pki-tomcat.
With the following change the message no longer appears when installing a replica.
This commit fixes the firt (and simple) part of https://pagure.io/freeipa/issue/9056
Signed-off-by: Jochen Kellner <jochen@jochen.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0edf915efbb39fac45c784171dd715ec6b28861a">0edf915e</a></strong>
<div>
<span> by Sumedh Sidhaye </span> <i> at 2022-01-17T13:36:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Added test automation for SHA384withRSA CSR support
Scenario 1:
Setup master with --ca-signing-algorithm=SHA384withRSA
Run certutil and check Signing Algorithm
Scenario 2:
Setup a master
Stop services
Modify default.params.signingAlg in CS.cfg
Restart services
Resubmit cert (Resubmitted cert should have new Algorithm)
Pagure Link: https://pagure.io/freeipa/issue/8906
Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ef43ea03ef90cd34f2ce55a946df9a1d8e17badf">ef43ea03</a></strong>
<div>
<span> by Sumedh Sidhaye </span> <i> at 2022-01-17T13:36:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Added nightly job definitions
Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d8a7f15e32e9fb62125aa910e18c32117285d672">d8a7f15e</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-01-20T16:42:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: update images for f34 and f35
The new images contain the pkg kernel-modules
Fixes: https://pagure.io/freeipa/issue/9087
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ace0bbfdc8eb02a4ba47f8293809ff4734856ab8">ace0bbfd</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-01-25T09:09:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: refactor KDB driver to prepare for KDB version 9
MIT Kerberos 1.20 changes DAL interface around PAC record issuance:
sign_authdata callback is removed and replaced with issue_pac one.
The signatures are different and logic changed as well.
Prepare for KDB version 9 by moving PAC implementation into separate
source files. ipa_kdb_mspac.c is left with most of the common code.
FreeIPA supports sign_authdata callback since KDB version 6, move current
implementation to ipa_kdb_mspac_v6.c.
KDB version 8 actually changed sign_authdata interface and we accounted
to that in ipa_kdb.c with a stub that re-uses v6 version. Keep it as it
is right now.
Finally, add KDB version 9 stub files. Compiling against MIT Kerberos
1.20 does not work yet, thus explicit #error message in ipa_kdb.c. This
will be worked on later.
Related: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cd8e9ce173303e192e848e4973aaf2c7bd31ee0a">cd8e9ce1</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-01-25T17:33:23+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: fix expected automount config in nsswitch.conf
The test TestIpaClientAutomountFileRestore expects a
specific order for the automount sources to query
in /etc/nsswitch.conf.
With authselect update 1.3.0, the databases are sorted in
order of likelihood and the following line in seen:
automount: files sss
instead of
automount: sss files
Since the test doesn't care about the order but rather about
the list of sources, ignore the order.
Fixes: https://pagure.io/freeipa/issue/9067
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9bae5492270d8b695999cd82831cbee62b04626b">9bae5492</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-02-01T08:53:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-pki-proxy.conf: provide access to /kra/admin/kra/getStatus
The access to /kra/admin/kra/getStatus will be needed
in order to fix pki-healthcheck.
Note that this commit is a pre-requisite for the fix
to be done on PKI side. No test added since the full
integration test already exists in test_replica_promotion.py,
in TestHiddenReplicaPromotion::test_ipahealthcheck_hidden_replica
Fixes: https://pagure.io/freeipa/issue/9099
Related: https://pagure.io/freeipa/issue/8582
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/653a7fe02880c168755984133ee143567cc7bb4e">653a7fe0</a></strong>
<div>
<span> by Francisco Trivino </span> <i> at 2022-02-01T08:57:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Custodia: use a stronger encryption algo when exporting keys
The Custodia key export handler is using the default's OpenSSL encryption
scheme for PKCS#12.
This represents an issue when performing a migration from CentOS Stream 8 (C8S)
to CentOS Steam 9 (C9S) where the Custodia client running in the new C9S
replica talks to the Custodia server on C8S source server. The later creates an
encrypted PKCS#12 file that contains the cert and the key using the OpenSSL's
default encryption scheme, which is no longer supported on C9S.
This commit enforces a stronger encryption algorigthm by adding following
arguments to the Custodia server handler:
-keypbe AES-256-CBC -certpbe AES-256-CBC -macalg sha384
The new arguments enforce stronger PBEv2 instead of the insecure PBEv1.
Fixes: https://pagure.io/freeipa/issue/9101
Signed-off-by: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6d70421f57d0eca066a922e09416ef7195ee96d4">6d70421f</a></strong>
<div>
<span> by Julien Rische </span> <i> at 2022-02-02T21:51:44+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: do not remove keys for hardened auth-enabled users
Since 5d51ae5, principal keys were dropped in case user auth indicator
was not including password. Thereafter, the key removal behavior was
removed by 15ff9c8 in the context of the kdcpolicy plugin introduction.
Support for hardened pre-auth methods (FAST and SPAKE) was added in
d057040, and the removal of principal keys was restored afterwards by
f0d12b7, but not taking the new hardened auth indicator into account.
Fixes: https://pagure.io/freeipa/issue/9065
Related to: https://pagure.io/freeipa/issue/8001
Signed-off-by: Julien Rische <jrische@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/294ae35a61e6ca8816b261c57508e4be21221864">294ae35a</a></strong>
<div>
<span> by Julien Rische </span> <i> at 2022-02-02T21:51:44+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: add case for hardened-only ticket policy
Signed-off-by: Julien Rische <jrische@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/edb216849e4f47d6cae95981edf0c3fe2653fd7a">edb21684</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-02-04T09:32:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Don't always override the port in import_included_profiles
I can only guess to the original purpose of this override. I
believe it was because this is called in the installer prior
to Apache being set up. The expectation was that this would
only be called locally. It predates the RestClient class.
RestClient will attempt to find an available service. In this
case, during a CA installation, the local server is not
considered available because it lacks an entry in
cn=masters. So it will never be returned as an option.
So by overriding the port to 8443 the remote connection will
likely fail because we don't require that the port be open.
So instead, instantiate a RestClient and see what happens.
There are several use-cases:
1. Installing an initial server. The RestClient connection
should fail, so we will fall back to the override port and
use the local server. If Apache happens to be running with
a globally-issued certificate then the RestClient will
succeed. In this case if the connected host and the local
hostname are the same, override in that case as well.
2. Installing as a replica. In this case the local server should
be ignored in all cases and a remote CA will be picked with
no override done.
3. Switching from CA-less to CA-ful. The web server will be
trusted but the RestClient login will fail with a 404. Fall
back to the override port in this case.
The motivation for this is trying to install an EL 8.x replica
against an EL 7.9 server. 8.5+ includes the ACME service and
a new profile is needed which doesn't exist in 7. This was
failing because the RestClient determined that the local server
wasn't running a CA so tried the remote one (7.9) on the override
port 8443. Since this port isn't open: failure.
Chances are that adding the profile is still going to fail
because again, 7.9 lacks ACME capabilities, but it will fail in
a way that allows the installation to continue.
I suspect that all of the overrides can similarly handled, or
handled directly within the RestClient class, but for the sake
of "do no harm" I'm only changing this instance for now.
https://pagure.io/freeipa/issue/9100
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7c5540bb47799b4db95673d22f61995ad5c56440">7c5540bb</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-02-07T09:16:32+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Remove ipa-join errors from behind the debug option
This brings it inline with the previous XML-RPC output which
only hid the request and response from the output and not
any errors returned.
https://pagure.io/freeipa/issue/9103
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Peter Keresztes Schmidt <carbenium@outlook.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/85ce7acb733e09ea7916a8a26d42fb3d4b5fe3bd">85ce7acb</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-02-07T13:03:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>OpenLDAP 2.6+: use only -H option to specify LDAP url
OpenLDAP 2.6+ finally deprecated -h and -p options in all its command
line tools. They are not allowed anymore and cause ldap* tools to stop
hard with 'unknown option' error.
Fix this by always using -H url option instead. Deriving default value
for -H url from the configuration file still works, it is only -h and -p
that were deprecated.
See also: https://bugs.openldap.org/show_bug.cgi?id=8618
Fixes: https://pagure.io/freeipa/issue/9106
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/10d32d43e4640f61aa3d021b3e8136ca6132e493">10d32d43</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-02-07T13:03:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: workaround incorrect pylint detection of a local function
pylint 2.9 thinks that __add_principal is a class-level method that is
unused. It is a local function inside one of class methods and is used
directly inside that method.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0d034d7fd409a8dbbc48a7307ad6d042a4098a74">0d034d7f</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-02-07T13:03:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>translations: regenerate translations after changes in help message in sudorule
A change to replace -h and -p options in OpenLDAP command line utilities
causes also an update in the help text in sudorule plugin. This, sadly,
makes existing translations of that text not valid anymore. However, we
have to change the text as OpenLDAP 2.6+ will make the command
referenced in the help text incorrect.
The change in OpenLDAP 2.6+ implements deprecation that was announced by
OpenLDAP project around 20 years ago, so all existing tools support -H
option.
See also: https://bugs.openldap.org/show_bug.cgi?id=8618
Related: https://pagure.io/freeipa/issue/9106
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/896d0f351646e6a7c96037cb13957b7be0408776">896d0f35</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-02-08T18:32:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: update images for f34 and f35
The new images include 389-ds-base 2.0.14-1
which contains the fixes for the following tickets:
389-ds-base #5079 Freeipa nightly test failure with winsync agreement
389-ds-base #5031 ipa-restore broken in selinux enforcing mode
Fixes: https://pagure.io/freeipa/issue/9069
Fixes: https://pagure.io/freeipa/issue/9051
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9b6d0bb1245c4891ccc270f360d0f72a4b1444c1">9b6d0bb1</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-02-10T08:33:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Enable the ccache sweep timer during installation
The timer was only being enabled during package installation
if IPA was configured. So effectively only on upgrade.
Add as a separate installation step after the ccache directory
is configured.
Fixes: https://pagure.io/freeipa/issue/9107
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0d9eb3d515385412abefe9c33e0099ea14f33cbc">0d9eb3d5</a></strong>
<div>
<span> by Mohammad Rizwan </span> <i> at 2022-02-10T08:33:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Test ipa-ccache-sweep.timer enabled by default during installation
This test checks that ipa-ccache-sweep.timer is enabled by default
during the ipa installation.
related: https://pagure.io/freeipa/issue/9107
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/86b98b86f62fae195c0f84fa9a5891166f69c786">86b98b86</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-02-10T08:39:47+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: healthcheck: Sync the expected system RRs
The support for the DNS URI RRs has been added in freeipa-healthcheck:
https://github.com/freeipa/freeipa-healthcheck/issues/222
Fixes: https://pagure.io/freeipa/issue/9054
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cc2348aedbee3e59b31df75a23aa14d1c6bbe10c">cc2348ae</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-02-14T11:09:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Remove certmonger tracking before uninstall in cert tests
There is some contention between certmonger starting during the
uninstallation process in order to stop the tracking and activity
going on within certmonger helpers.
As near as I can tell certmonger is not running, then IPA is
stopped in order to uninstall, then certmonger is started to stop
the tracking. certmonger checks cert status on startup but since
IPA isn't running it can't get a host ticket. During this time any
request over DBus may time out, causing a test to fail when we're
just trying to clean up.
https://pagure.io/freeipa/issue/8506
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b36bcf4ea5ed93baa4dc63f8e2be542d678211fb">b36bcf4e</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-02-14T11:13:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: remove additional check for failed units.
On RHEL tests are randomly failing because of this check
and the test doesn't need to check this.
Related : https://pagure.io/freeipa/issue/9108
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/837702199c0bc8df1b2a29defaebed083c51d7b2">83770219</a></strong>
<div>
<span> by Brian Turek </span> <i> at 2022-02-14T11:18:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipalib: Handle percent signs in saved values
Turn off string interpolation on the FileStore class to avoid
exceptions when a value to be saved contains a percent sign (%).
The underlying SafeConfigParser that is used interprets percent
signs as placeholders to be interpolated which then causes an
exception as the placeholder isn't properly formatted.
ipa-client-install uses the FileStore class to backup certain
values that it overwrites as part of the installation. If those
pre-existing, backed-up values contained a percent sign,
ipa-client-install would throw an exception and thus prevent
installation.
https://pagure.io/freeipa/issue/9085
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/186ebe311bc9545d7a9860cd5e8c748131bbe41e">186ebe31</a></strong>
<div>
<span> by Francisco Trivino </span> <i> at 2022-02-14T11:33:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa_cldap: fix memory leak
ipa_cldap_encode_netlogon() allocates memory to store binary data as part of
berval (bv_val) when processing a CLDAP packet request from a worker. The
data is used by ipa_cldap_respond() but bv_val is not freed later on.
This commit is adding the corresponding free() after ipa_cldap_respond()
is completed.
Discovered by LeakSanitizer
Fixes: https://pagure.io/freeipa/issue/9110
Signed-off-by: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/f2731107db5703efbba12cd608b738347a987649">f2731107</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-02-22T14:46:44+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Commit template: use either Fixes or Related
Update the commit template to be consistent with the
commit message requirements described at
https://www.freeipa.org/page/Contribute/Code#Commit_message_requirements
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d8174b0ca60ef123f268f34f47b8be123b8d1c89">d8174b0c</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-02-23T10:04:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Set the mode on ipaupgrade.log during RPM %post snipppet
The IPA tools will create /var/log/ipaupgrade.log with mode
0600. If for some reason this file doesn't exist during
upgrade then it will be created by the RPM transaction with
mode 0644 (because of umask).
So always set the mode once the snippets are done. This
will ensure that a newly created log will have the expected
mode and also fix any previous incorrectly set mode.
Fixes: https://pagure.io/freeipa/issue/8899
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6b70e3c49acc55b5553101cf850fc40978861979">6b70e3c4</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-02-24T08:46:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Tests for Autoprivate group.
Added tests using posix AD trust and non posix AD trust.
For option --auto-private-groups=[hybrid/true/false]
Related : https://pagure.io/freeipa/issue/8807
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/84381001d2e114b1f29fe89e16155c040b56b80f">84381001</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-02-24T08:46:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>mark xfail for test_idoverride_with_auto_private_group[hybrid]
Related : https://github.com/SSSD/sssd/issues/5989
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7ad500e5d3f7d9af81e8a3137158672c6fafb0b4">7ad500e5</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-02-24T08:46:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Mark xfail test_gidnumber_not_corresponding_existing_group[true,hybrid]
Related : https://github.com/SSSD/sssd/issues/5988
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ab9e7dac4138ba222c86d0594937ff4d663ba060">ab9e7dac</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-02-24T08:53:34+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-restore: Mark a restored server as enabled
There is no use-case to keep a restored server in a hidden
state. It can be re-marked as hidden once the installation is
recovered from the restore. So mark all restored services as
enabled so they are visible to existing clients during the
remaining recovery.
Fixes: https://pagure.io/freeipa/issue/9095
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7ac8e9696ea1eae9f20640102c0d83fee89db9fa">7ac8e969</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-02-25T11:15:39+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Verify the user-provided hostname in the server installer
The refactor change 9094dfc had a slight error where the
user-input provided value in input wasn't being validated. Only
the command-line or the current FQDN was being verified so
if the FQDN was bad any value input by the user was being skipped.
Fixes: https://pagure.io/freeipa/issue/9111
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/57de18e914e5b448402c18ffe938538cbac5e0a3">57de18e9</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-02-25T11:15:39+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Strip off trailing period of a user-provided FQDN in installer
The example text included a trailing dot which isn't actually
allowed in a system hostname (just DNS). Remove the suggestion
to include it and strip off any trailing dot so that the install
can proceed.
Related: https://pagure.io/freeipa/issue/9111
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/42f41ff637452e5025b205396638b26dfaae77e1">42f41ff6</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-03-03T08:12:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: add missing test in the nightly defs
The test
test_integration/test_installation.py::TestInstallWithoutNamed
was missing in some nightly definitions.
Add the job definition for nightly_ipa-4-9_latest_selinux.yaml
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a51900819bd5332bc05ec9d513f062844b3a7763">a5190081</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-08T17:15:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>KRB instance: make provision to work with crypto policy without SHA-1 HMAC types
RHEL 9 system-wide crypto policies aim at eventual removal of SHA-1 use.
Due to bootstrapping process, force explicitly supported encryption
types in kdc.conf or we may end up with AES128-SHA1 and AES256-SHA2 only
in FIPS mode at bootstrap time which then fails to initialize kadmin
principals requiring use of AES256-SHA2 and AES128-SHA2.
Camellia ciphers must be filtered out in FIPS mode, we do that already
in the kerberos.ldif.
At this point we are not changing the master key encryption type to
AES256-SHA2 because upgrading existing deployments is complicated and
at the time when a replica configuration is deployed, we don't know what
is the encryption type of the master key of the original server as well.
Fixes: https://pagure.io/freeipa/issue/9119
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b016683552a58f9cc2a05cf628cc467234eaf599">b0166835</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-08T17:15:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>tests: ensure AD-SUPPORT subpolicy is active
Use AD-SUPPORT subpolicy when testing trust to Active Directory in FIPS
mode. This is required in FIPS mode due to AD not supporting Kerberos
AES-bases encryption types using FIPS-compliant PBKDF2 and KDF, as
defined in RFC 8009.
Fixes: https://pagure.io/freeipa/issue/9119
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/49d9147e38c5b50c52a1ebc7283753c779c2f81f">49d9147e</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-08T17:15:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: extend AES keyset to SHA2-based ones
Fixes: https://pagure.io/freeipa/issue/9119
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ee39de46a1c1ea96bbe524f159ae435319b2d072">ee39de46</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-08T17:15:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>freeipa.spec: bump crypto-policies dependency for CentOS 9 Stream
Fixes: https://pagure.io/freeipa/issue/9119
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7f8b4f036859db570b2874b6c87ba3ba4de70eb1">7f8b4f03</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip redundant-u-string-prefix
Pylint 2.10 introduced new checker `redundant-u-string-prefix`:
> Used when we detect a string with a u prefix. These prefixes were
necessary in Python 2 to indicate a string was Unicode, but since Python
3.0 strings are Unicode by default.
There are ~31K emitted warnings right now. They can be fixed on
refactorings without any rush.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b5fc2eeff9779cb868ff56edefd7e3355fcd5bca">b5fc2eef</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip consider-using-f-string
Pylint 2.11 introduced new checker:
> Used when we detect a string that is being formatted with format() or
% which could potentially be a f-string. The use of f-strings is
preferred. Requires Python 3.6 and ``py-version >= 3.6``.
- f-strings are not mandatory
- format can be more readable
- there are ~5.5K spotted issues
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/40ee6a47ac62419caf302882914f2df885abd589">40ee6a47</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip use-dict-literal/use-list-literal
Pylint 2.10 introduced new checkers:
> Emitted when using dict() to create an empty dictionary instead of the
literal {}. The literal is faster as it avoids an additional function
call.
> Emitted when using list() to create an empty list instead of the
literal []. The literal is faster as it avoids an additional function
call.
Too many unessential changes.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/106d011e5f39eea73b4d5db62c82398144a61ec8">106d011e</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip unspecified-encoding
Pylint 2.10 introduced new checker:
> It is better to specify an encoding when opening documents. Using the
system default implicitly can create problems on other operating
systems. See https://www.python.org/dev/peps/pep-0597/
According to that PEP:
> open(filename) isn't explicit about which encoding is expected:
- If ASCII is assumed, this isn't a bug, but may result in decreased
performance on Windows, particularly with non-Latin-1 locale
encodings
- If UTF-8 is assumed, this may be a bug or a platform-specific script
- If the locale encoding is assumed, the behavior is as expected (but
could change if future versions of Python modify the default)
IPA requires UTF-8 environments.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6fd75de5a72e5f5889c33cdcc802d93dc6f067f3">6fd75de5</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix use-maxsplit-arg
Pylint 2.9.0 new checker:
> Emitted when accessing only the first or last element of str.split()..
The first and last element can be accessed by using str.split(sep,
maxsplit=1)[0] or str.rsplit(sep, maxsplit=1)[-1] instead.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/04c4032370dddafe5c8c5bd6e26882a24c597628">04c40323</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Clean up __convert_to_gssapi_replication
__convert_to_gssapi_replication has been added in a0bfbec19 and
then removed in ce2bb47cc without clean up.
Found by Pylint:
```
ipaserver/install/krbinstance.py:589: [W0238(unused-private-member),
KrbInstance.__convert_to_gssapi_replication] Unused private member
`KrbInstance.__convert_to_gssapi_replication(self)`)
```
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3c77949ab458d6e5f8250fe7c2a8757091f8da76">3c77949a</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Drop never used __remove_lightweight_ca_key_retrieval_custodia
__remove_lightweight_ca_key_retrieval_custodia has been added in
8700101d9, but it was never used.
Caught by Pylint:
```
ipaserver/install/cainstance.py:1308: [W0238(unused-private-member),
CAInstance.__remove_lightweight_ca_key_retrieval_custodia]
Unused private member
`CAInstance.__remove_lightweight_ca_key_retrieval_custodia(self)`)
```
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/dfa1ceac6f70e32184d2ef19706cd2c582df1cc7">dfa1ceac</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Drop no longer used __finalized
The private member `__finalized` has been added in
7db3aae1b26588b3650dae442b07dca0f33ab0c8, later removed in
6b8abb0d78a8d86d7ca52083a267fe226bf74656, but `_API__finalized`
(access via mangled attribute name) was not cleaned up and finally
refactored back to `__finalized` in
b1fc875c3ac74be91df8f1cf8b4369b77a156677.
Found by Pylint:
```
ipalib/plugable.py:807: [W0238(unused-private-member), API.finalize]
Unused private member `API.__finalized`)
```
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9ca818b1797e03dd41f05eb14d9181546995c246">9ca818b1</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip unused-private-member for property case
See https://github.com/PyCQA/pylint/issues/4756 for details
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/bffde84c813ddd45ec7971c96c74c2e5b54e3d72">bffde84c</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip unused-private-member for unsupported cases
> This mangling is done without regard to the syntactic position of the
identifier, as long as it occurs within the definition of a class.
`__set_attr` is called for instance of the class within its
classmethod.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4da897c3dc71f99911878e0f05ed8ed386867dec">4da897c3</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix unused-private-member
Pylint 2.9.0 introduced new checker:
> Emitted when a private member of a class is defined but not used
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/91ff7b87d9b3231ec1145ffec0f8bb072130b701">91ff7b87</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Drop no longer used __home
`__home` has been added in 8ca44bcbfa2aec0c7c84205dc08c81f711a22c5d,
later `tests.util` was refactored in
fd43b39145382b96cd2e0d0da3d5dcbe0d3a4a2a, but `__home` wasn't cleaned
up.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0ebf09e061b79e12f3b80fbc224e3aac49608c21">0ebf09e0</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Remove unused __convert_iter
__convert_iter was added in 24b6cb89d, but it was never used.
Found by Pylint:
```
ipalib/frontend.py:696: [W0238(unused-private-member),
Command.__convert_iter] Unused private member
`Command.__convert_iter(self, kw)`)
```
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ccf9334da9c51aa9a379141fd2fead0a5b5bf55d">ccf9334d</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix deprecated-class
There is no actual usage of deprecated classes for Python3.
Pylint complains about such for Python2. Since Python2 is no
longer supported these imports were removed.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d3b384b5ca18a555b54ce4385bcca603ad7251b9">d3b384b5</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix unnecessary-dict-index-lookup
Pylint 2.9 introduced new check:
> Emitted when iterating over the dictionary items (key-item pairs) and
accessing the value by index lookup. The value can be accessed directly
instead.
Note: in Python3 removing from dict during an iteration is not
possible even. For example,
```
cat a.py
d = {"a": 1}
for k, v in d.items():
if v is not None:
del d[k]
python3 a.py
Traceback (most recent call last):
File "/usr/src/RPM/BUILD/freeipa/a.py", line 3, in <module>
for k, v in d.items():
RuntimeError: dictionary changed size during iteration
```
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/054376c1a0aa0f600458ad6415e72f2198c7339e">054376c1</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix deprecated-decorator
Pylint 2.9 introduced new checker:
> The decorator is marked as deprecated and will be removed in the
future.
- @abstractproperty has been deprecated since Python3.3 [0]
- @abstractclassmethod has been deprecated since Python3.3 [1]
[0]: https://docs.python.org/3/library/abc.html#abc.abstractproperty
[1]: https://docs.python.org/3/library/abc.html#abc.abstractclassmethod
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/afba414770ad01a6fe4aec6015e2722860764c2f">afba4147</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip isinstance-second-argument-not-valid-type
The type of value to be compared is class attribute.
Today's Pylint doesn't support this.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/08f2db78555ff1da56122c58275680fd98916c4d">08f2db78</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix no-member
Teach pylint or skip newly exposed no-members.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/76c2c08fdb47b5692d3023ebf0a1b9b35a528518">76c2c08f</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix unused-variable
Fixed newly exposed unused variables.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/13e5720d184b1f6e31e65be5435cdcca8229b319">13e5720d</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip not-callable
The klass property is referenced to class attribute.
Today's Pylint doesn't support this.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/322d08921a126183358b8d68d350c33e37453871">322d0892</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix consider-using-dict-items
Pylint 2.9 introduced new check:
> New checker consider-using-dict-items. Emitted when iterating over
dictionary keys and then indexing the same dictionary with the key
within loop body.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/bb515f41b384b3947451bef454acd7c355d67084">bb515f41</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip raising-bad-type
See https://github.com/PyCQA/pylint/issues/4772 for details.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/2db2c6cb323014580baa5cb2aa4fdbe179327bc8">2db2c6cb</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Enable useless-suppression
https://pylint.pycqa.org/en/latest/user_guide/message-control.html#detecting-useless-disables:
> As pylint gets better and false positives are removed, disables that
became useless can accumulate and clutter the code. In order to clean
them you can enable the useless-suppression warning.
This doesn't enforce useless-suppression warnings as errors. The idea is
cleanup of these warings on every Pylint's bump.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/03cd914381de3fbcd9dbfe228a569fab6a6d62a9">03cd9143</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip use-implicit-booleaness-not-comparison
Pylint 2.12.0 introduced new checker:
> Used when Pylint detects that collection literal comparison is being
used to check for emptiness; Use implicit booleaness insteadof a
collection classes; empty collections are considered as false
Comparison of variable to equality to collection:
> Lexicographical comparison between built-in collections works as follows:
For two collections to compare equal, they must be of the same type,
have the same length, and each pair of corresponding elements must
compare equal (for example, [1,2] == (1,2) is false because the type is
not the same).
Collections that support order comparison are ordered the same as their
first unequal elements (for example, [1,2,x] <= [1,2,y] has the same
value as x <= y). If a corresponding element does not exist, the shorter
collection is ordered first (for example, [1,2] < [1,2,3] is true).
So, `assert value == {}` is not the same as `assert not value`.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a960adc6c26fb4fc9d8f5f4f10029419d8fc3b69">a960adc6</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix arguments-renamed
Pylint 2.9.0 introduced new checker which was a subset of
arguments-differ:
> Used when a method parameter has a different name than in the
implemented interface or in an overridden method.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3ea0e1bd8d25c2f553852c1a0882618d2da86dd3">3ea0e1bd</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix consider-using-in
Pylint 2.11.0 extends consider-using-in check to work for
attribute access.
> To check if a variable is equal to one of many values,combine the
values into a tuple and check if the variable is contained "in" it
instead of checking for equality against each of the values.This
is faster and less verbose.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1f17ade67f21bfde9eda4d810394577f5a28906d">1f17ade6</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip deprecated-method for match_hostname
Python3.7 switched to
`X509_VERIFY_PARAM_set1_host`/`X509_VERIFY_PARAM_set1_ip`
and deprecated `match_hostname` without replacement. Probably,
on removal `match_hostname` the similar functionality may be
implemented on IPA side.
https://docs.python.org/3/library/ssl.html#ssl.match_hostname
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/fd99e4d47a4bb1518686b55e4cf04636d76128ca">fd99e4d4</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix deprecated-method for threading
As of Python3 `currentThread`, `thread.getName` are aliases for
`threading.current_thread()` and `threading.Thread.name`
respectively.
In Python3.10:
> bpo-43723: The following threading methods are now deprecated and
should be replaced:
currentThread => threading.current_thread()
activeCount => threading.active_count()
Condition.notifyAll => threading.Condition.notify_all()
Event.isSet => threading.Event.is_set()
Thread.setName => threading.Thread.name
thread.getName => threading.Thread.name
Thread.isDaemon => threading.Thread.daemon
Thread.setDaemon => threading.Thread.daemon
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/bfb233185a7bb863dd94a65674489890c79f6f2f">bfb23318</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip unsupported-assignment-operation
Pylint thinks that the values are None because doesn't support
flow analysis.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c5b4657869738d6173eaff310bc243df0fff289e">c5b46578</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix format-string-without-interpolation
Found by new Pylint:
> ipaclient/install/client.py:1926:
[W1310(format-string-without-interpolation), get_ca_certs] Using
formatting for a string that does not have any interpolated variables)
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6202a7d85bea2b8717e19fc2f09cca66276dcd9d">6202a7d8</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Fix useless-suppression
Cleanup up no longer used Pylint's disables where possible.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b58ec49da983bcd25473ef6ae246eaadf32cd174">b58ec49d</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pylint: Skip false-positive invalid-sequence-index
Pylint doesn't handle flow control and thus, doesn't understand
that a key of type `str` is not reachable at this point:
> ipalib/base.py:472: [E1126(invalid-sequence-index),
NameSpace.__getitem__] Sequence index is not an int, slice, or instance
with __index__)
Note: I faced this error on Python3.9 and didn't see it using
Python3.10.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1e2cf55150e9e4a44c29193e764a709cfec0fa08">1e2cf551</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-03-14T10:44:55-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>azure: Bump supported Pylint
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b413a327f33c5d97a1f830fe7a9a8aef39c847c1">b413a327</a></strong>
<div>
<span> by Fraser Tweedale </span> <i> at 2022-03-15T08:32:56+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>allow overriding systemd-tmpfiles program
In some contexts, filesystem mounts may be owned by unmapped users
(e.g. `emptyDir` mounts in Kubernetes / OpenShift when using user
namespaces). This causes `systemd-tmpfiles(8)` to fail, as a
consequence of systemd's path processing routines which reject this
scenario. Therefore, in Fedora container context, if the
`IPA_TMPFILES_PROG` environment value is set, use the program
specified by its value instead of `/bin/systemd-tmpfiles`.
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Fixes: https://pagure.io/freeipa/issue/9126
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3a4238ba96e7f4ad5790d65ec4123983062b28a1">3a4238ba</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-03-16T11:07:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Give the subCA more time to be loaded by the CA
The subCA keys are loaded out-of-band after creation into the
CA so they may have been replicated but not loaded. Give more
time for them to appear in the remote CA.
Use a loop for the checking instead of a raw sleep because most
of the time this is very fast (< 15 seconds) but sometimes it
requires just a bit more. Allow up to 60 seconds.
To avoid output difference, strip the token name out of certutil
output. We don't care about the token a certificate is stored
in, the internal or the FIPS token. We just care that they exist
on both servers and that the keys match.
Apparently in some cases the token name is displayed and not in
others so lets normalize the output to make comparisons more
consistent.
Fixes: https://pagure.io/freeipa/issue/9096
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cedca75f4fbae3293b2f2443fa6ee479d59a8ef1">cedca75f</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2022-03-16T16:19:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>extdom: user getorigby{user|group}name if available
New calls, getorigbyusername() and getorigbygroupname(), are added to
libsss_nss_idmap. They allow to query the AD specific attributes for a
user or a group directly. Besides a minor performance benefit it helps
to avoid issues if there are users and groups with the same name and the
group is not a user-private group but a real group with members.
Fixes: https://pagure.io/freeipa/issue/9127
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3e54c4362490b4da1b6cb3e141bb6e08fecc58c0">3e54c436</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-16T16:21:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Kerberos instance: default to AES256-SHA2 for master key encryption
KDC configuration in /var/kerberos/krb5kdc/kdc.conf is generated from
the template in install/share/kdc.conf.template. Master key encryption
type specified there is used to bootstrap the master key in LDAP
database. Once it is done, actual deployment does not rely on the
master_key_type value anymore. The actual master key(s) get loaded from
LDAP database where they stored in a BER-encoded format, preserving all
parameters, including encryption type.
This means we can safely migrate to AES256-SHA2 as the default master
key encryption type for new installations. Replicas will get their
master key encryption type details from the server they were provisioned
from.
MIT Kerberos supports AES256-SHA2 since 1.15 (2015), meaning RHEL 7.4 is
the earliest supported version as it provides krb5 1.15.1. Current
supported RHEL 7 version is RHEL 7.9. Since RHEL 6 already cannot be
used as a replica to IPA 4.5+ due to a domain level 1 upgrade, this
change does not affect old releases.
Migration from the previously deployed master key encryption type is
described by MIT Kerberos upstream in
http://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/retiring-des.html#the-database-master-key
One would need to use '-x ipa-setup-override-restrictions' to allow
the `kdb5_util` utility to modify the data over IPA KDB driver.
Fixes: https://pagure.io/freeipa/issue/9119
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3baae8d1bd0a0c4c707314524289e86e6ecbc0df">3baae8d1</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-16T16:21:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>test_otp: do not use paramiko unless it is really needed
paramiko cannot be used in FIPS mode. We have few tests that import
generic methods from test_otp (add_token/del_token) and those tests fail
in FIPS mode due to unconditional 'import paramiko'.
Instead, move 'import paramiko' to the ssh_2f() helper which is not used
in FIPS mode (the whole SSH 2FA test is skipped then).
Related: https://pagure.io/freeipa/issue/9119
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/2e70535f74e7d9dd76e728eca1119ce522fd138a">2e70535f</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-16T16:21:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>test_krbtpolicy: skip SPAKE-related tests in FIPS mode
SPAKE is based on the crypto primitives which are not FIPS compliant
yet. This means that in FIPS mode use of 'hardened' authentication
indicator is not possible. Skip corresponding tests in FIPS mode.
Related: https://pagure.io/freeipa/issue/9119
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/895e99b6843c2fa2274acab824607c33c1a560a4">895e99b6</a></strong>
<div>
<span> by Christian Heimes </span> <i> at 2022-03-16T16:24:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Support AES for KRA archival wrapping
The vault plugin has used TripleDES (des-ede3-cbc) as default wrapping
algorithm since the plugin was introduced. Allow use of AES-128-CBC as
alternative wrapping algorithm for transport of secrets.
Fixes: https://pagure.io/freeipa/issue/6524
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/984190eea01ac42cd1f97567a67dd9446e5b0bf9">984190ee</a></strong>
<div>
<span> by Francisco Trivino </span> <i> at 2022-03-16T16:24:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Set AES as default for KRA archival wrapping
This commit sets AES-128-CBC as default wrapping algorithm as
TripleDES (des-ede3-cbc) is not supported anymore in C9S.
Fixes: https://pagure.io/freeipa/issue/6524
Signed-off-by: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/83551693b36c852ba455185469e4e459de435f0e">83551693</a></strong>
<div>
<span> by Mohammad Rizwan </span> <i> at 2022-03-16T16:26:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Check maxlife error message where minlife > maxlife specified
When minlife > maxlife specified on commandline, it says:
"ipa: ERROR: invalid 'maxlife': Maximum password life must be
greater than minimum."
But when minlife == maxlife specfied, It works.
This test check that error message says what exactly it does
related: https://pagure.io/freeipa/issue/9038
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/bd8748f6b7bf5edc3f5a2023393e503ee4399f8c">bd8748f6</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-03-16T16:27:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Convert values using _SYNTAX_MAPPING with --delattr
When an entry is loaded the incoming values are converted
into python datatypes automatically based on the _SYNTAX_MAPPING
value in ipaldap.
When using delattr to remove a mapped value it will fail because
the datatypes do not match up. For example date types are
datetime.datetime structions and won't match a generalized time
string.
So try to map the value to delete using _SYNTAX_MAPPING before
trying to remove the value. Fall back to trying to remove the
raw value if the mapping fails.
This won't work for some mapping types, DNs for example. Providing
only the RDN value for a DN-type, manager for example, lacks the
context to know how to construct the DN (RDN and contaner).
Fixes: https://pagure.io/freeipa/issue/9004
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3e8a355dd49a6c080103a030ced03597ee4baece">3e8a355d</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-18T09:38:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipalib/util.py: switch to ssl.PROTOCOL_TLS_CLIENT by default
Python 3.10 deprecated ssl.PROTOCOL_TLS and ssl.PROTOCOL_SSLv23
constants which were aliases to each other. Use of them now causes a
warning to be displayed:
/usr/lib/python3.10/site-packages/ipalib/util.py:347: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
Use ssl.PROTOCOL_TLS_CLIENT instead, this constant is available since
Python 3.6.
Fixes: https://pagure.io/freeipa/issue/9129
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c46ea21ed33f606a6ca5c3c6aad9f8cd1ae1f796">c46ea21e</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-03-18T14:28:11+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Remove the --no-sssd option from ipa-client-automount
This makes automount configurable only using sssd and not LDAP.
The reason is that authselect 1.3 no longer supports
user-nsswitch.conf which is where we made direct changes to the
nss configuration on Fedora/RHEL.
The equivalent option was removed from ipa-client-install in
https://pagure.io/freeipa/issue/7671
Fixes: https://pagure.io/freeipa/issue/9084
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/12785a3657996def6c7c142898c6a61b2edc16fe">12785a36</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-03-19T17:36:33+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: remove certmonger tracking before uninstall
test_ipahealthcheck_expiring is moving the date in the future
in order to check that certmonger properly warns about expiring
certificates, then uninstalls the master.
The uninstallation randomly fails with a DBus error communicating
with certmonger because of a contention between certmonger being
waken up by the call to stop tracking certs and the certmonger
helpers trying to renew the certs.
The test is stopping PKI server, then moves the date in the future.
At this point, certmonger is still running (we are testing that
getcert list properly warns about near expiration). This means that
chances are high that certmonger has enough time to launch the CA helper
for renewal, that takes the lock. But since PKI is down, the helper
remains running for a while and does not release the lock. Then
certmonger is stopped, the tracking files are removed, certmonger is
restarted.
To avoid the contention, manually remove the tracking before
calling uninstall and remove the renewal lock file.
Fixes: https://pagure.io/freeipa/issue/9123
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/85b2c8191b8622a5cfe3c8c6e3811ef5e1eee0eb">85b2c819</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-03-19T17:36:33+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Fix a call to run_command with wildcard
The test is calling run_command with a list of arguments:
run_command(['rm', '-f', paths.CERTMONGER_REQUESTS_DIR + '/*'])
but this format does not support shell expansion.
Replace with a str parameter:
run_command('rm -fv' + paths.CERTMONGER_REQUESTS_DIR + '/*')
to make sure all the files in the directory are actually removed.
Fixes: https://pagure.io/freeipa/issue/8506
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/98eb661fd8eed87119e7b299379cba48bde0f387">98eb661f</a></strong>
<div>
<span> by Sudhir Menon </span> <i> at 2022-03-22T13:51:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Test for pki.server.healthcheck.clones.connectivity_and_data
This test checks that when
'pki.server.healthcheck.clones.connectivity_and_data' check is run
'Source 'pki.server.healthcheck.clones.connectivity_and_data' not found'
is not displayed.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2041995
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/09481117b58f1a237bb1048d3fe8d44caf9e167f">09481117</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-25T14:34:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>tests: ensure AD-SUPPORT subpolicy is active in more cases
Continuation of the commit 2eee5931d714ca237290be7dc2fb7233ce747eca:
Use AD-SUPPORT subpolicy when testing trust to Active Directory in FIPS
mode. This is required in FIPS mode due to AD not supporting Kerberos
AES-bases encryption types using FIPS-compliant PBKDF2 and KDF, as
defined in RFC 8009.
Fixes: https://pagure.io/freeipa/issue/9119
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b6b5f6073bf4e12b8357a6ec9f5a4f6bb683437f">b6b5f607</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-03-28T20:33:54+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: fix check for AD topology being present
Fixes: https://pagure.io/freeipa/issue/9133
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a53b190a4203b8fe913cf95754b86553fe748e66">a53b190a</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2022-03-29T12:04:35+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>control: Add systemd-timesyncd to freeipa-client Conflicts. (Closes: #1008195)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9cd48d1854b19a40a2026891f9e28c1b79af2637">9cd48d18</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2022-04-01T09:44:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: fix make check
The recent refactoring split out code into two new files which are
needed for the test binary as well.
Related: https://pagure.io/freeipa/issue/9083
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c3bd6908fa29b479fbd5e8e785c7237c477e29a2">c3bd6908</a></strong>
<div>
<span> by Mohammad Rizwan </span> <i> at 2022-04-08T10:31:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: fix the topologysegment-reinitialize command
There is no guarantee for the topologysegement name, it could be
master-to-replica or replica-to-master. If it is master-to-replica
then --right should be used with the command else --left.
Fixes: https://pagure.io/freeipa/issue/9137
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/de1f4467fb1bd9be857b8c95b2b7398962656342">de1f4467</a></strong>
<div>
<span> by Mohammad Rizwan </span> <i> at 2022-04-08T10:31:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: extend find_segment with suffix param
topologysegment name can be different depending on suffix.
This patch determines and supply the name of topologysgement
as per the suffix
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/710314a794eb3446f0467d33133d70d2425fbf65">710314a7</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-04-14T21:33:53+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-pwd-extop: allow ipasam to request RC4-HMAC in Kerberos keys for trusted domain objects
This is a problem since we added commit b5fbbd1 in 2019. Its logic
allowed to add RC4-HMAC keys for cifs/.. service principal but it didn't
account for the case when cifs/.. principal initiates the request.
Since ipasam only uses GETKEYTAB control, provide this extension only
here and don't allow the same for SETKEYTAB. At the point of check for
the bind DN, we already have verified that the DN is allowed to write to
the krbPrincipalKey attribute so there is no leap of faith to 'any
cifs/... principal' here.
A principal must be member of cn=adtrust
agents,cn=sysaccounts,cn=etc,$SUFFIX to allow perform this operation
Fixes: https://pagure.io/freeipa/issue/9134
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/91d083c36e1daf88686bf8096691b3913d2ad23c">91d083c3</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-04-14T21:33:53+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-sam: retrieve trusted domain account credential from the TDO itself
When NRPC netr_ServerAuthenticate3 call is performed, a trusted AD DC
would use trusted domain account to authenticate to Samba. This means
that Samba would do internally samr_QueryUserInfo2 request with level 16
(UserControlInformation), coming to PDB module via pdb_getsampwsid()
call.
For normal user or workstation accounts we expect to have Kerberos keys
available and may be able to extract NTLM hash data from them. However,
trusted domain account is not a normal Kebreros principal. It stores TDO
credential in a different way. Since we never processed it through the
pdb_getsampwsid() call, it was not possible to retrieve the NTLM hash
for TDO account at all, hence netr_ServerAuthenticate3 call was failing.
NTLM hash is used internally in Samba. An external communication with AD
DC will use an AES-based session key that is derived from the TDO
credential. The credential itself can be treated as a plaintext here.
Fix it by adding a recognition of the trusted domain object account and
retrieve the NTLM hash from the correct attribute of the TDO.
Fixes: https://pagure.io/freeipa/issue/9134
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ee6472cee20ff99d16cde1a97c3dd5167b7cd893">ee6472ce</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-04-14T21:33:53+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: collect samba logs when setting up trust to AD
In many cases it is impossible to investigate test failures of
environments where a trust to Active Directory is establishe without
Samba logs.
Collect Samba logs by default and make sure Samba is configured with
higher log levels if we are going to configure IPA to setup trust to
Active Directory.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5ba5143f9ed55e94668501123969e64a9ec180d2">5ba5143f</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-04-26T10:00:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: fix wrong condition in xfail_context for auto private grp
The tests
TestNonPosixAutoPrivateGroup::test_idoverride_with_auto_private_group
and
TestPosixAutoPrivateGroup::test_gidnumber_not_corresponding_existing_group
are expected to fail until SSSD fixes issues 5988 and 5989.
They currently define an xfail_context with a condition based on
sssd version but that condition is wrong (as of today, no version
of sssd provides the fix).
Remove the wrong condition so that the test is always expected to fail.
Fixes: https://pagure.io/freeipa/issue/9141
Reviewed-By: Anuja More <amore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/2ffa2b4254918a0bc0981af094278cb7c1baa26d">2ffa2b42</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-04-26T16:40:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Update translations to FreeIPA ipa-4-9 state
Signed-off-by: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/8a28154a3282970d868c5987699fa0f052b4d3cd">8a28154a</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-04-26T16:44:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Update list of contributors
Signed-off-by: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/029c4fc6e63511796509c1fae3dd57fa21a9e8e8">029c4fc6</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-04-26T16:53:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Become IPA 4.9.9
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0cdbe00a72eeb8b1f18a37ca75fb16eea5b25119">0cdbe00a</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-04-26T17:04:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Back to git snapshots
Signed-off-by: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d37d1f717ec725726d770ea73b4ab2e418c485e2">d37d1f71</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-05-03T08:31:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>EPN: document missing option msg_subject
In /etc/ipa/epn.conf it is possible to customize the
e-mail subject by setting msg_subject=<value> but this
setting is not documented in the man page.
Add the options in epn.conf man page and in the template.
Fixes: https://pagure.io/freeipa/issue/9145
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5877c4e17a92c73aa68b8ba3c7a47555e32a13ca">5877c4e1</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-05-03T08:32:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: update the expected sha256sum of epn.conf file
The file epn.conf has been updated when fixing issue 9145
and the test test_epn.py::TestEPN::test_EPN_config_file
is comparing its sha256sum with the checksum of the
shipped file from the package ipa-client-epn.
The expected checksum needs to be updated.
Fixes: https://pagure.io/freeipa/issue/9146
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/de918aea190401183da4742fc9d56101a13f1b17">de918aea</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-04T15:50:39+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>doc: migrate to m2r2 and newer sphinx, add plantuml to venv
m2r project was forked to m2r2 which is actively developed.
m2r2 works with new Sphinx versions.
Update our list of documentation requirements and add support for
plantuml to be able to integrate diagrams.
Fixes: https://pagure.io/freeipa/issue/9148
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7ddef72fbbf779da32660d54389d68a7c3b35a1a">7ddef72f</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-04T15:50:39+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>docs: add plantuml and use virtual environment to generate docs
Documentation generator can be run inside Python virtual environment.
This allows to isolate from the system-wide changes and add Sphinx
extensions that aren't packaged in a distribution.
The only exception right now is plantuml package. We rely on plantuml to
generate diagrams and since it is written in Java, it cannot be
installed directly into the Python venv through 'pip' tool.
Fixes: https://pagure.io/freeipa/issue/9148
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/68c20846cf80eb2d46a05e0f8879ddfbd19fbbec">68c20846</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-04T15:50:39+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>docs: add the readthedocs configuration
We need to install additional plantuml package before the build
Fixes: https://pagure.io/freeipa/issue/9148
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ffd8f14af2a1d2d1bce9011473449706902d884d">ffd8f14a</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-04T15:50:39+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>docs: update Sphinx requirements in ipasphinx package
One-liner rule to update ipasphinx dependency as we are using m2r2
package which is compatible with newer Sphinx.
Fixes: https://pagure.io/freeipa/issue/9148
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5ea1866f1bdea4e20894906e7dbdbde27f9715cd">5ea1866f</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-04T15:50:39+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>docs: force sphinx version above 3.0 to avoid caching in RTD
ReadTheDocs somehow caches requirements and insists in using old
version of Sphinx (1.8). We have to force using newer one (4.5)
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b3093d9c3990f8e899487087965f008607a519c6">b3093d9c</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-05-04T15:00:04-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: remove test_rekey_keytype_DSA
The test is calling getcert rekey -G DSA in order to rekey
a certificate with a DSA key, but DSA support has been disabled
in the default crypto policy, and certmonger does not support it
any more (see the BZ
https://bugzilla.redhat.com/show_bug.cgi?id=2066439)
Remove the test as it's not relevant anymore. The rekey
operation is tested anyway in other tests:
- test_certmonger_rekey_keysize
- test_rekey_keytype_RSA
- test_rekey_request_id
Fixes: https://pagure.io/freeipa/issue/9140
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/59cf9017a009bb5eb4f6ef0ed07aa21e60614ab3">59cf9017</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-05T15:02:38+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>web ui: do not provide Remove button in subid page
subid range management does not allow to delete ranges
If subid range was allocated, it cannot be removed because there might
be file objects associated with it on one of IPA clients.
In Web UI a button to remove the range should not be shown.
Remove corresponding test from the Web UI test for subid as the button
to remove the subid range is not present anymore.
Fixes: https://pagure.io/freeipa/issue/9150
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1e882144bb5c5661906eeaefa6ce6f511005bfb2">1e882144</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-05T17:44:04+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Switch Azure CI to Fedora 36 pre-release
Use fedora-toolbox:36 image as it is prepared to work with systemd and
sudo
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/137e62cc2faade831abc4b1955a0c0319f2d8a0f">137e62cc</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-05T17:44:04+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Azure CI: temporarily add libldap_r.so symlink for python-ldap PIP use
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c2434c4e52fa2121331ab358325345b308fbc3dd">c2434c4e</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-05T17:44:04+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Azure CI: don't force non-existing OpenSSL configuration anymore
Newer grunt will pull a PhantomJS that is compatible with newer OpenSSL
so the workaround is not needed anymore.
Additionally, OpenSSL 3.0 is more strict and does not tolerate
non-existing default configuration file.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ea0275f6113854feb02715265a5a85904023816d">ea0275f6</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-05T17:44:04+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>js tests: use latest grunt
Allow npm to install and use latest grunt that is compatible with newer
OpenSSL.
This, in turn, requires ATK interfaces to be present for the chromium
installed by puppeteer.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/f11b7b3bf50f7ccf4689b1b0f80894b0b1247983">f11b7b3b</a></strong>
<div>
<span> by Sudhir Menon </span> <i> at 2022-05-06T12:06:33-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Adding --no-dnssec-validation option for healthcheck
healthcheck related tests are failing because of the below issue
"client @0x7f8ee47c4d48 : servfail cache hit (CD=0)"
and as a result healthcheck related packages are not downloaded on test
system.
Hence adding the --no-dnssec-validation option to install_master
and install_replica function
https://pagure.io/freeipa/issue/9151
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7f814d9f54207a53c99155e542cc5b210707d0fd">7f814d9f</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-05-09T09:05:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: --no-dnssec-validation requires --setup-dns
The test test_ipahealthcheck.py::TestIpaHealthCheckWithoutDNS
is installing the server without DNS but calls the installer
with --no-dnssec-validation option.
Remove the --no-dnssec-validation option as it is incompatible
with a non-DNS setup.
Fixes: https://pagure.io/freeipa/issue/9152
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/42afcc95be0292dd0dbdf955dbe0e8e3a683782e">42afcc95</a></strong>
<div>
<span> by Armando Neto </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>workshop: Update docs and support default cloud image
Update instructions on how to build images starting with Fedora 34 using
kickstart files used by Fedora to build its cloud images.
Change vagrant provisioning steps to support both prebuilt and default
cloud images, removing the burden of maintaining boxes up-to-date, but
also providing a way to build fresh images without external packer
templates.
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/8d81338cb94a2d850f53629ebba98a1f1ec90d1e">8d81338c</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>doc/designs: add External IdP support design documents
External IdP objects represent OAuth 2.0 clients that can be used to
perform OAuth 2.0 device authorization grant flow.
Related: https://pagure.io/freeipa/issue/8805
Related: https://pagure.io/freeipa/issue/8804
Related: https://pagure.io/freeipa/issue/8803
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1df7b82ac188650775703dc95530017c969d0bff">1df7b82a</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>external-idp: add LDAP schema, indices and other LDAP objects
Fixes: https://pagure.io/freeipa/issue/8803
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/2136bd5d00f7aed5ae722ff8253c2b74ba444972">2136bd5d</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>external-idp: add support to manage external IdP objects
Fixes: https://pagure.io/freeipa/issue/8804
Fixes: https://pagure.io/freeipa/issue/8803
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b77015b7a3b627282560253cf2cd579c89f02923">b77015b7</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>external-idp: add XMLRPC tests for External IdP objects and idp indicator
Fixes: https://pagure.io/freeipa/issue/8804
Fixes: https://pagure.io/freeipa/issue/8803
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/bf8e2bb99f1c09ced820bd4bf6e9d7832db2caea">bf8e2bb9</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-otpd: add support for SSSD OIDC helper
SSSD OIDC helper is used for negotiating with OAUTH2 or OIDC end points
of external identity providers (IdPs).
ipa-otpd daemon now is capable to take either Issuer URL or individual
endpoints and call SSSD OIDC helper accordingly.
Communication with SSSD OIDC helper can be debugged with the use of a
debug variable set in /etc/ipa/default.conf. Man page for
default.conf(5) has been updated to provide this information.
Fixes: https://pagure.io/freeipa/issue/8805
Signed-off-by: Sumit Bose <sbose@redhat.com>
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/673478b1cf9950aed755a6a9ae8f81cb323932b3">673478b1</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>KDB: support external IdP configuration
When IdP configuration is provided, take it into account:
- idp-specific Kerberos ticket policy would be applied
- Presence of IdP link in a Kerberos principal entry would cause KDB to
enable `idp` pre-authentication method on KDC side.
The latter requires additional pre-authentication method supplied with
SSSD 2.7.0.
Fixes: https://pagure.io/freeipa/issue/8804
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Signed-off-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/51a4e42dd777661addd4f2fed1654ee978e8a4d7">51a4e42d</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>External IdP: add Web UI to manage IdP references
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/660c3dc2491fc2ee01031c1c59db6e0bb025bf93">660c3dc2</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>External IdP: initial SELinux policy
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d0eab8fe7609fea0b46ea863db1822eca1daac63">d0eab8fe</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>doc/workshop: document use of pam_sss_gss PAM module
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d49aa7103bacba60bae28f32bd76d9d35853626b">d49aa710</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>freeipa.spec.in: use SSSD 2.7.0 to add IdP pre-auth mechanism
SSSD 2.7.0 provides oidc_child and 'idp' Kerberos pre-auth mechanism as
a part of sssd-idp package which is required by sssd-ipa.
Fixes: https://pagure.io/freeipa/issue/8805
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5f9e0d3ff3bd80b75bc9f5de97e7e086ba0a31e3">5f9e0d3f</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:09:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>workshop: add chapter 12: External IdP support
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/40a257f1e682616c66c77c86be14437dbcad8a8c">40a257f1</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-10T23:43:13+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>docs: tune RTD to display lists with disc and left margin
RTD default theme removes discs from the section list items which makes
design pages look strange. Add them back via small CSS override.
Also, add 1em on the left side of the disc to provide visual cue that
this is a list item.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 79a4073730a8fe5ba2424f3896a2fd440c17ac9e)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/979163bff2e689c46ff67d6976f7927f0d81f9cd">979163bf</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-11T16:46:07+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>freeipa.spec.in: Depend on sssd-idp directly to help RHEL BaseOS/AppStream repository split
In RHEL there is a split of packages between Base OS and AppStream
repositories. While both repositories are accessible and enabled by
default, there are different requirements towards binary packages in
both. Namely, Base OS packages cannot have runtime dependencies to
AppStream packages and they should have a stricter lifecycle promises in
terms of API and ABI stability.
SSSD 2.7.0 adds sssd-idp package which provides actual implementation of
OAuth 2.0 integration. Since SSSD is provided as part of Base OS, if
sssd-idp is placed there, then all its dependencies would have to be in
Base OS. Unfortunately, libjose is already part of AppStream.
SSSD team currently pulls sssd-idp as a dependency of sssd-ipa so
FreeIPA didn't need to change anything. However, Base OS requirements
will force SSSD team to drop sssd-idp dependency from sssd-ipa. This
means FreeIPA will have to explicitly depend on sssd-idp.
Fixes:https://pagure.io/freeipa/issue/9155
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d39e232e9ee28da5d4488135d264d2d1b9e671ba">d39e232e</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-05-14T12:44:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>client uninstall: handle uninstall with authconfig
If the client was installed with authconfig, with
automount configured to use ldap (--no-sssd), and later
updated to a version using authselect, the uninstaller
tries to disable the authselect feature with-custom-automount
but fails because there is no authselect profile in use.
(Upgrade of a client does not transform authconfig settings
into authselect settings because we don't have any client
upgrader, as opposed to the ipa-server-upgrade for the
servers).
To avoid uninstallation failure, ignore the error and log a
warning.
The second part of the commit leverages the "complete" state
stored in the statestore, in order to fix issues when
a client installation fails and the installation is reverted
by the ipa-client-install tool itself.
The fix checks if the statestore shows an incomplete
installation. If the install was incomplete and failed before
any attempt to configure authselect, then unconfigure doesn't
need to do anything. In the other cases, unconfigure needs
to revert to the pre-ipa state.
Fixes: https://pagure.io/freeipa/issue/9147
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9ae6ef549fe51457a6f505f3c0ea6a7804e9bcd2">9ae6ef54</a></strong>
<div>
<span> by Francisco Trivino </span> <i> at 2022-05-19T14:52:41-03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Bump PR-CI latest templates to Fedora 36
Moving 'latest' to Fedora 36 and 'previous' to Fedora 35.
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b979dd91f149fd1f4fc1f48466a26f575eae0ae4">b979dd91</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-05-23T14:45:44+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Add integration tests for External IdP support
Tests for [RFE]: Added integration tests for external IdP
authentication with keycloak-17 as identity provider.
Related : https://pagure.io/freeipa/issue/8805
Related: https://pagure.io/freeipa/issue/8803
Related: https://pagure.io/freeipa/issue/8804
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b39f9336fa12e7f28ce0a5c51677983bc9b72621">b39f9336</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-05-23T14:45:44+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pr-ci definitions: add external idp related jobs.
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c03a8c3c06562c128aac6be506274995cea74948">c03a8c3c</a></strong>
<div>
<span> by Francisco Trivino </span> <i> at 2022-05-25T07:20:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Update ipa-replica-install replication agreement error message
So that it prints out a valid command:
- replace "ipa-replica-manage del" by "ipa server-del" (only domain-level1 is now supported)
- the commands needs to be run on a working server, not on the host where ipa-replica-install failed
Fixes: https://pagure.io/freeipa/issue/9162
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/74b2fd06d978d56137ccfde310f9c64187e0a5a3">74b2fd06</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-05-25T15:08:03-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Installer: add --subid option to select the sssd profile with-subid
Add the --subid option to client, server and replica installers.
This option allows to configure authselect with the sssd
profile + with-subid feature, in order to have SSSD setup as
a datasource for subid in /etc/nsswitch.conf.
The default behavior remains unchanged: without the option,
/etc/nsswitch.conf keeps the line subid: files
Fixes: https://pagure.io/freeipa/issue/9159
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e10f3385d0bbb4100a8220ce372dc2748f8b329e">e10f3385</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-05-25T15:08:03-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>man pages: document the --subid installer option
Document --subid in the man pages for
- ipa-client-install
- ipa-replica-install
- ipa-server-install
Related: https://pagure.io/freeipa/issue/9159
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0193498f682eb3efa9cbdf82af215eaa854f466a">0193498f</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-05-25T15:08:03-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: add new test with --subid installer option
Add a new test for ipa-client-install --subid
Add a new test for ipa-server-install --subid
Related: https://pagure.io/freeipa/issue/9159
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7e596fd16c5056815bce9e7ae15b58dd3fd25e7e">7e596fd1</a></strong>
<div>
<span> by Thorsten Scherf </span> <i> at 2022-05-25T15:13:51-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>workshop: add freeipa version requirements
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/84c88b69fe250bbff32e2c9abcf1d118e883eb22">84c88b69</a></strong>
<div>
<span> by Thorsten Scherf </span> <i> at 2022-05-25T15:13:51-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>workshop: add freeipa version requirements
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a2baae42f8cff025521df19eed793f8184ce5974">a2baae42</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-25T15:14:39-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: apply per-indicator settings from inherited ticket policy
Fixes: https://pagure.io/freeipa/issue/9121
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ed1447ab612e5445a76e979fb059825bab84d1df">ed1447ab</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-05-25T15:14:39-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>kdb: The jitter offset should always be positive
Otherwise the resulting value could be outside the valid
bounds of the time value.
Related: https://pagure.io/freeipa/issue/9121
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/300f1301bbbe8a62183819f4350f47e3f182b7f1">300f1301</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-05-25T15:14:39-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>If the password auth type is enabled also enable the hardened policy
This will allow custom hardened password policy to be applied.
Without this then the policy will be skipped because the UA
is not enabled.
The KDC and client will prefer SPAKE any time it is available.
For IPA this should mean we should choose hardened setting over a
default one any time SPAKE is used.
Related: https://pagure.io/freeipa/issue/9121
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1c6bdf97598984e74318061449f7906e487cd034">1c6bdf97</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-26T17:59:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Support dnssec utils from bind 9.17.2+
In bind 9.17.2+ all dnssec utilities were moved to /usr/bin with
commit 4419606c9d2a52536a6dd0882ac0c7068ac27f30.
Since we only use those utilities in the specialized tool, do a fixup of
the paths in the tool.
Fixes: https://pagure.io/freeipa/issue/9157
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/35c720cab0d91e730e94d95abfdd54d7882987d0">35c720ca</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-26T17:59:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Ignore dnssec-enable-related named-checkonf errors in test
Check and skip dnssec-enable-related issues in 9.18+ where dnssec-enable
option was removed completely.
Fixes: https://pagure.io/freeipa/issue/9157
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6c6fc7db61d83e01a4913d22dfb178af43d30d8b">6c6fc7db</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-05-30T17:10:44+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: avoid additional checks for a well-known anonymous principal
For a well-known anonymous principal an Anonymous PKINIT method is used
which ignores the password set in the principal entry. For these
principals any defined user auth type is irrelevant, their use is
defined in RFC 6112. This gets confusing when a default user auth type
requires a particular authentication method.
When AS request for Anonymous PKINIT is used, a TGT would contain no
authentication indicator. It means we cannot apply any specific
indicator policy and must skip the checks.
Fixes: https://pagure.io/freeipa/issue/9165
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4fcbf2ded2563ff5151edee9384d793ad38f6dae">4fcbf2de</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-05-30T18:24:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Implement LDAP bind grace period 389-ds plugin
Add support for bind grace limiting per
https://datatracker.ietf.org/doc/html/draft-behera-ldap-password-policy-06
389-ds provides for alternative naming than the draft, using those
instead: passwordGraceUserTime for pwdGraceUserTime and
passwordGraceLimit for pwdGraceLoginLimit.
passwordGraceLimit is a policy variable that an administrator
sets to determine the maximum number of LDAP binds allowed when
a password is marked as expired. This is suported for both the
global and per-group password policies.
passwordGraceUserTime is a count per-user of the number of binds.
When the passwordGraceUserTime exceeds the passwordGraceLimit then
all subsequent binds will be denied and an administrator will need
to reset the user password.
If passwordGraceLimit is less than 0 then grace limiting is disabled
and unlimited binds are allowed.
Grace login limitations only apply to entries with the objectclass
posixAccount or simplesecurityobject in order to limit this to
IPA users and system accounts.
Some basic support for the LDAP ppolicy control is enabled such that
if the ppolicy control is in the bind request then the number of
remaining grace binds will be returned with the request.
The passwordGraceUserTime attribute is reset to 0 upon a password
reset.
user-status has been extended to display the number of grace binds
which is stored centrally and not per-server.
Note that passwordGraceUserTime is an operational attribute.
https://pagure.io/freeipa/issue/1539
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6b3ab98b90686bb41a901af6b1cf5da99b99a148">6b3ab98b</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-05-30T18:24:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Remove the replicated attribute constants
These pre-existed in ipaserver/install/replication.py.
The constants were only originally used in ldapupdate.py
but have subsequently been switched to the replication.py
versions so they are not used anywhere in the code.
https://pagure.io/freeipa/issue/1539
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/87fe3fbba6d2b5bf2a7e9a0fca91c4e588641c9c">87fe3fbb</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-05-30T18:24:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Exclude passwordgraceusertime from replication
Treat this like other failed login attributes and don't
replicate them.
https://pagure.io/freeipa/issue/1539
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ab0e67d1f51c2db620de002d5f61425e0a65c9aa">ab0e67d1</a></strong>
<div>
<span> by Michal Polovka </span> <i> at 2022-06-01T16:04:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: test_subids: test subid-match shows UID of the owner
ipa subid-match should show UID of the owner instead of DN.
Related: https://pagure.io/freeipa/issue/8977
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0e8350e0dd8219fd8245f57e0ebc9a096e9be84f">0e8350e0</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-02T13:59:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>healthcheck: add tests for setting cli options in config file
Fixes: https://pagure.io/freeipa/issue/9136
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/352b9dfb49bdf1c70a8de9ed7287387417580c86">352b9dfb</a></strong>
<div>
<span> by Michal Polovka </span> <i> at 2022-06-02T14:03:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: RFE: Improve ipa-replica-install error message
Test for RFE: Improve error message with more detail for
ipa-replica-install command. If the replication agreement already
exists, check if the error message contains
a particular command needed to delete it.
Related: https://pagure.io/freeipa/issue/9162
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/58ddcffc412f7dd5cc762bd6f80faa07fcedf7ec">58ddcffc</a></strong>
<div>
<span> by Michal Polovka </span> <i> at 2022-06-02T14:03:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: tasks: add ipactl start, stop and restart
Include functions to manage IdM service using ipactl, in particular
starting, stopping and restarting the service.
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c00286462196026337600113119eb5522b96141a">c0028646</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-02T14:15:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>dnssec daemons: read the dns context config file for debug state
This had been hardcoded to debug=True but it spams the logs
with a lot of unnecessary information.
Allow it to be enabled for troubleshooting purposes but keep it
disabled by default.
Enabling debug would involve created /etc/ipa/dns.conf:
[global]
debug = True
I didn't add a more generic mechanism because for now we only need
the value of debug and it introduces a lot of type conversion
headaches. ipalib handles this automatically but to duplicate this
would be corner-case city.
Fixes: https://pagure.io/freeipa/issue/9128
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/62bafcc53d4f45b28eb9a541e5385c2f1e7a3f97">62bafcc5</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-03T09:53:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Configure and enable the graceperiod plugin on upgrades
The graceperiod plugin was only being enabled on new
installations. Enable also on upgrade.
Loading a new plugin requires a restart. Do so if a
new one is configured.
Fixes: https://pagure.io/freeipa/issue/1539
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/8b2edd5b4e13cb7a8b9b9eec4a0e194b4e6ca71b">8b2edd5b</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-03T17:01:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Don't duplicate the LDAP gracelimit set in the previous test
Remove a duplicated policy change which sets the gracelimit
to 3.
We don't typically run tests individually but as a whole. If
we ever need to call this one test directly we can ignore
failures.
Fixes: https://pagure.io/freeipa/issue/9167
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d2b296454c57ab639b8e023050dabc193693c42f">d2b29645</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-07T08:15:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>doc: Design document for LDAP graceperiod
Implement part of RFC https://tools.ietf.org/id/draft-behera-ldap-password-policy-10.html
Related: https://pagure.io/freeipa/issue/1539
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9b0fbdc37b92981d541a4152fdfeb0964692878f">9b0fbdc3</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-07T08:15:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Set default LDAP password grace period to -1
This will retain existing behavior where LDAP passwords are
allowed to bind past expiration.
Fixes: https://pagure.io/freeipa/issue/1539
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e6cc41094b2bc526e9f8e87229e8f83a74cfc263">e6cc4109</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-07T08:15:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>graceperiod: ignore case when checking for missing objectclass
Don't assume that all objectclasses are lower-case. Some are
camel-cased.
Fixes: https://pagure.io/freeipa/issue/1539
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/faeb656c77adf27a49ccaceb57fc1ba44e11cc1d">faeb656c</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-06-10T11:10:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipaldap: fix conversion from boolean OID to Python
In IPA framework we don't properly convert to Python bool type and just
return a string (TRUE or FALSE). This can be seen with many boolean
attributes, like
Bool('idnsallowdynupdate?',
cli_name='dynamic_update',
label=_('Dynamic update'),
doc=_('Allow dynamic updates.'),
attribute=True,
default=False,
autofill=True
),
in 'ipa dnszone-show':
> > > api.Command.dnszone_show('ipa.test')['result']['idnsallowdynupdate']
['TRUE']
This is because we don't have the reverse (from LDAP to Python) mapping
for the LDAP boolean OID 1.3.6.1.4.1.1466.115.121.1.7.
When Web UI asks for the entry, it gets back JSON output that contains
this 'TRUE' value:
"idnsallowdynupdate": [
"TRUE"
],
Add proper mapping from LDAP to Python bool type. With this, a simple
'checkbox' type can be used in Web UI instead of a complex radio-box
setup.
Note that when IPA API is asked to return raw values, 'TRUE' and 'FALSE'
still returned. These are the actual LDAP boolean attribute values. Care
needs to be done in tests:
- if output is from a command with --raw option, 'TRUE' or 'FALSE'
should be expected
- if output if from a normal (non-raw) command, True or False would be
returned
Fixes: https://pagure.io/freeipa/issue/9171
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6147f877a57dab33cccea08cc57fcb7b82d4a602">6147f877</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-06-10T12:19:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatest: update expected out for ipa-healthcheck's DogtagCertsConnectivityCheck
Pre ipa-healthcheck 0.11, failures detected by DogtagCertsConnectivityCheck
were reported as:
"msg": "Request for certificate failed, <error>"
but the output is now the following:
"msg": "Request for certificate failed: {error}"
"error": <error>
Update the expected output to be compatible with both versions.
Fixes: https://pagure.io/freeipa/issue/9175
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3488276649861563471398b3747224ca54875861">34882766</a></strong>
<div>
<span> by Sudhir Menon </span> <i> at 2022-06-10T14:00:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: ipahealthcheck tests to check change in permission of ipaserver log files
This testscase checks that when permission of
ipaserver-upgrade.log
file is changed healtcheck tool reports the correct warning message.
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/8abc0a22a8866e82776afbd7c3bc5e3195c43115">8abc0a22</a></strong>
<div>
<span> by Francisco Trivino </span> <i> at 2022-06-10T17:13:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Update subordinate design doc
This commit updates the subordinate design document to reflect the current state
and remove "outdated" message.
Signed-off-by: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/23d56bb95229756054df72de4d50fead8fc6116e">23d56bb9</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-06-13T12:51:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-replica-install: nsds5replicaUpdateInProgress is a Boolean
nsds5replicaUpdateInProgress is defined in LDAP schema as a boolean.
Now that IPA API is able to properly map booleans to the python
bool type, this attribute is not a string any more and
comparisons can be done directly based on its real type.
The code in ipa-replica-install was reading nsds5replicaUpdateInProgress
and calling value.tolower() == 'true' but should now use
value == True instead.
Related: https://pagure.io/freeipa/issue/9171
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c6bc8fd4c80d7ab9cd369ffce521d52c0eabe4cb">c6bc8fd4</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-06-13T12:51:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: update expected output for boolean attribute
Now that IPA API properly maps LDAP boolean attributes to the
python bool type, they are displayed as True/False instead
of TRUE/FALSE in the ipa *-show outputs.
Update the expected output for DNS Active Zone.
Related: https://pagure.io/freeipa/issue/9171
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/f3255393188dbfb32f74150243b0e7f2c6ba4dc9">f3255393</a></strong>
<div>
<span> by Armando Neto </span> <i> at 2022-06-13T16:05:18-03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: bump pr-ci templates
Packages updated to include `freeipa-healthcheck-0.11-2`.
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4b8b032ed5dd33662032e82ba4e296e7b0700c17">4b8b032e</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-06-14T08:12:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ACI: define "Read DNS entries from a zone" aci during install
The ACI "Read DNS entries from a zone" is defined when
ipa-server-upgrade is run but not for new installations.
In order to have consistent ACI (same set for new install
and for install + upgrade), define this ACI in
install/share/dns.ldif instead of "Allow read access".
Fixes: https://pagure.io/freeipa/issue/9173
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/deaaaaf1492410269c1f66f8d4bb57e41b99d87c">deaaaaf1</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-14T16:51:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Remove extraneous AJP secret from server.xml on upgrades
PKI 10.10 unconditionally added an upgrade script for the AJP
connector which replaced the AJP secret regardless of tomcat
version. It replaced requiredSecret with secret. IPA expects
the attribute by version so this could make the secrets out of
date and/or have connectors with both secrets and different
values.
PKI commit e70373ab131aba810f318c1d917896392b49ff4b has since
been reverted but there may be servers with both secrets still.
On next IPA upgrade clean them up.
Also allow re-writing ipa-pki-proxy.conf in case the secret
changes to ensure they remain in sync.
Fixes: https://pagure.io/freeipa/issue/9176
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d062dc9da891cbb3b0ab04291d89afddf140c560">d062dc9d</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-14T13:20:36-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Add switch for LDAP cache debug output
The LDAP cache log is rather chatty and a bit overwhelming when
looking for error messages. Disable it by default but allow it
to be enabled when a new config option, ldap_cache_debug, is
enabled.
Fixes: https://pagure.io/freeipa/issue/9180
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cfca49c469e822199cbdccd05d4c4a4cbf281448">cfca49c4</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-06-14T14:14:16-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>idviews: use cached ipaOriginalUid value when resolving ID override anchor
For ID overrides 'ipaOriginalUid' value should be the human-readable
version of the ID override anchor. Since we would have it already set in
the ID override entry, prefer using it instead of looking up the
override anchor.
This should speed up significantly operations which list all ID
overrides in the view, like Web UI views.
Fixes: https://pagure.io/freeipa/issue/9178
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/fe048d83cb88593e490af8b95c12917071683b4c">fe048d83</a></strong>
<div>
<span> by Matthew Davis </span> <i> at 2022-06-15T08:34:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Suse compatibility fix
Removes authselect requirement for Suse
Use Suse 'pam-config' to configure PAM
Configures nsswitch.conf
Removes domainname service since it does not exist on Suse
Fixes: https://pagure.io/freeipa/issue/9174
Signed-off-by: Matthew Davis github@virtual.drop.net
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/60739ce483e897cbd85575304dfb7562066189e4">60739ce4</a></strong>
<div>
<span> by Michal Polovka </span> <i> at 2022-06-15T12:13:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: xfail for test_ipahealthcheck_hidden_replica to respect pki version
Change xfail for test_replica_promotion.py/TestHiddenReplicaPromotion/test_ipahealthcheck_hidden_replica
to respect platform and pki version as the related issue is fixed.
Implement tasks/get_platform_version which returns a platform version
number(s) of a provided host in a form of a tuple.
Related: https://pagure.io/freeipa/issue/8582
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/70d23b225d11a6c8c16bd94faa8891100b83c1ac">70d23b22</a></strong>
<div>
<span> by Matthew Davis </span> <i> at 2022-06-15T14:12:47+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Create missing SSSD_PUBCONF_KRB5_INCLUDE_D_DIR
One some distributions, namely Suse, the SSSD_PUBCONF_KRB5_INCLUDE_D_DIR
does not exist by default. Ipa-client-install will fail to initialize
the kerberos ticket and error when this directory does not exist.
This patch simply creates the directory if it does not exist before
adding the include statement into /etc/krb5.conf
Fixes: https://pagure.io/freeipa/issue/9174
Signed-off-by: Matthew Davis github@virtual.drop.net
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/553b84c60a01460a19a12e67579a37e012cfef98">553b84c6</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-06-15T16:22:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Update translations to FreeIPA ipa-4-9 state
Signed-off-by: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/dabea80f3a908127d77c04228cc6efa956871216">dabea80f</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-06-15T16:28:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Update list of contributors
Signed-off-by: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/61a64aef6dd0b884d968e72546b4adbd265f8404">61a64aef</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-06-15T16:33:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Become IPA 4.9.10
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3e90842b3d94268f2ccd42c8decd0eecbcf88f1f">3e90842b</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-06-15T16:42:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Back to git snapshots
Signed-off-by: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a6a6781284658e77f36c07cb7fd35b43240946a2">a6a67812</a></strong>
<div>
<span> by Michal Polovka </span> <i> at 2022-06-17T16:39:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Increase expect timeout for interactive mode
Increase the default timeout for expect function when testing
interactive mode to mitigate an issue when the tests are failing
on the slow systems.
Fixes: https://pagure.io/freeipa/issue/9183
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/206e08d811c43ba8295816e609d4cb7148a774a3">206e08d8</a></strong>
<div>
<span> by Michal Polovka </span> <i> at 2022-06-17T16:41:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Healthcheck should ignore pki errors when CA is not configured
Test if ipa-healthcheck complains about pki.server.healthcheck errors
when CA is not configured on the replica.
Related: https://github.com/freeipa/freeipa-healthcheck/issues/201
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a8d71b3f8d0ab9f77b4bb38ed03f63901e611a81">a8d71b3f</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2022-06-22T15:03:17+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Merge branch 'upstream'
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/48badb05e83f97a5a177244212dd9317ead98d8a">48badb05</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2022-06-22T15:03:49+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>version bump
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/05e7e56f163135a18ad75db77dcee66e4ce6e707">05e7e56f</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2022-06-22T15:07:26+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>patches: Drop upstreamed patches.
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/21bfb2cd1837ecf5db94cbae900997138f1f282d">21bfb2cd</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2022-06-22T15:14:25+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>source: Extend diff-ignore.
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/93710dbdc6c601a166b3fe646a5f8b5fbd264427">93710dbd</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2022-06-22T17:52:36+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ldap-so-path.diff: Don't hardcode path to bind/ldap.so.
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b568ec01fedd2b8b42ed9768c808b07c875bd5a3">b568ec01</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2022-06-22T17:59:28+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>libsofthsm-path.diff: Use multiarch path for libsofthsm2.so.
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ff4152539b96d309dcceaf854a3e0a49f435acff">ff415253</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-06-23T08:39:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Preserve user: fix the confusing summary
When ipa user-del --preserve is called, the command output
prints a summary with:
Deleted user: user1
although the user was preserved.
Replace the summary with
Preserved user: user1
to reflect what was actually done.
Fixes: https://pagure.io/freeipa/issue/9187
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4984ff210a169129e4e56b10e54e9c795520855c">4984ff21</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-06-23T08:39:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>xmlrpc tests: updated expected output for preserved user
Update the expected summary for the command
ipa user-del --preserve
The command now displays: Preserved user: user1
instead of Deleted user: user1
Related: https://pagure.io/freeipa/issue/9187
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/857713c5a9c8e0b62c06dd92e69c09eeb34b2e99">857713c5</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-06-23T13:44:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Add end to end integration tests for external IdP
Added tests for HBAC and SUDO rule and other
test scenarios.
Related : https://pagure.io/freeipa/issue/8805
Related: https://pagure.io/freeipa/issue/8803
Related: https://pagure.io/freeipa/issue/8804
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/50b4d9ab3fcb2e63edc8d20346e4a8a79f15692d">50b4d9ab</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-06-23T13:44:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: update prci definitions for test_idp.py
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/afa94c7995f236c5eff516652f31c1a956466cf7">afa94c79</a></strong>
<div>
<span> by Michal Polovka </span> <i> at 2022-06-23T17:43:08-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Healthcheck use subject base from IPA not REALM
Test if healthcheck uses cert subject base from IPA and not from
REALM. This prevents false-positive errors when the subject base is
customized.
Related: https://github.com/freeipa/freeipa-healthcheck/issues/253
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c39c2ee80db056296f6826746b5b7a5bf7ba7cc4">c39c2ee8</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2022-06-23T17:44:11-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipaplatform/debian: Use multiarch path for libsofthsm2.so
The library moved there some years ago, and the compat symlink might go
away at some point. Better prepare for it.
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/56c827099708d8613e194052857e121612fbd768">56c82709</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2022-06-23T17:44:11-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipaplatform/debian: Drop the path for ldap.so
Named is able to find plugins if they are installed in the plugindir,
so drop the hardcoded path from named.conf.
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/15f454f6f8d25275c9570e2cc3a97c4e030fc581">15f454f6</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-06-23T17:45:16-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Fix install_master for test_idp.py
For install_master added --no-dnssec-validation.
Fixes: https://pagure.io/freeipa/issue/9189
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4f15804270590fdf0f339fc53ed63bf440361b7b">4f158042</a></strong>
<div>
<span> by Matthew Davis </span> <i> at 2022-06-23T17:46:03-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Add missing parameter to Suse modify_nsswitch_pam_stack
Add missing subid parameter for Suse.
Fixes: https://pagure.io/freeipa/issue/9185
Signed-off-by: Matthew Davis <github@virtual.drop.net>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/de64d6724e028a1882c3a8be31c2752bebdd41fd">de64d672</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-24T11:36:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Fix test_secure_ajp_connector.py failing with Python 3.6.8
Some of the test data are not expected to cause a rewrite in
the upgrade code. Those that do will set the rewrite flag.
In that case there is a new server.xml to be read. This is
handled with mock_open(). The contents can be retrieved via
mocked_file().write.call_args but the repr() of it is:
call(b'<Server port="1234" shutdown="SHUTDOWN">\n ...')
In at least Python 3.10 one can use write.call_args.args to get
just the raw data. This does not work with Python 3.6.8 and
returns the string 'args' instead results in a TypeError.
TypeError: a bytes-like object is required, not 'str'
Instead drop the args and use the data directly.
For the case of x = mocked_file().write.call_args:
x[0] is a tuple with the first element being the data
x[0][0] is the raw data
So use x[0][0] to get at the data instead of x.args[0]
Fixes: https://pagure.io/freeipa/issue/9190
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3675bd1d7aca443832bb9bb2f521cc4d3a088aec">3675bd1d</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-30T14:56:06-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Only calculate LDAP password grace when the password is expired
The user's pwd expiration was retrieved but inadvertently was never
compared to current time. So any LDAP bind, including from the
IPA API, counted against the grace period. There is no need to go
through the graceperiod code for non-expired passwords.
https://pagure.io/freeipa/issue/1539
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/585cebb1a9673e2fc083dd3c9545a6c080e171e3">585cebb1</a></strong>
<div>
<span> by Fraser Tweedale </span> <i> at 2022-07-06T09:48:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>man: add --skip-mem-check to man pages
Document the --skip-mem-check flag in the ipa-server-install(1) and
ipa-replica-install(1) man pages.
Related: https://pagure.io/freeipa/issue/8404
Signed-off-by: Fraser Tweedale <frase@frase.id.au>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cbf2614d8acc11a1b41558a45dac8ec98b032732">cbf2614d</a></strong>
<div>
<span> by Fraser Tweedale </span> <i> at 2022-07-06T09:48:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>install: suggest --skip-mem-check when mem check fails
In the memory check failure message, add a hint to the administrator
that they can use the --skip-mem-check flag to skip the check.
Related: https://pagure.io/freeipa/issue/8404
Signed-off-by: Fraser Tweedale <frase@frase.id.au>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/991849cf58fa990ad4540a61214b5ab4fcd4baa1">991849cf</a></strong>
<div>
<span> by Armando Neto </span> <i> at 2022-07-12T13:53:54-03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>webui: Do not allow empty pagination size
Pagination size must be required, the current validators are triggered after
form is submitted, thus the only way for check if data is not empty is by making
the field required.
Fixes: https://pagure.io/freeipa/issue/9192
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/f33266c2ba9d794a5a1e9994e5fa029d2fa5de70">f33266c2</a></strong>
<div>
<span> by David Pascual </span> <i> at 2022-07-16T07:53:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Checker script for prci definitions
This script allows developers to check if prci definition jobs have the correct format,
which is defined in prci_jobs_spec.yaml
Useful when adding new jobs to the definitions.
Signed-off-by: David Pascual <davherna@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b31631ad69f72fb42b5091375df8021580f8139a">b31631ad</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-07-16T07:57:49+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Warn for permissions with read/write/search/compare and no attrs
An ACI with rights of read, write, search and/or compare without
attributes to apply the rights to is effectively a no-op. Allow
the ACI to be created but include a warning. Ignore the add
and delete rights. While they make no sense in the context of
the other rights we should still warn that they are a no-op
with no attributes.
Use the existing make_aci() object method to create the
message and update the add/mod callers to capture and add the
message to the result if one is provided.
When updating an existing ACI the effective attributes will
not be included so fall back to the attributes in the resulting
permission.
Prior to checking for rights and attributes convert any deprecated
names for older clients into the newer values needed by make_aci
This is exercised by existing xmlrpc permission tests that
create such permissions without attributes.
https://pagure.io/freeipa/issue/9188
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e77b0b08d78d4d5ae7632ef23aebc577848ea507">e77b0b08</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-07-26T16:57:54-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ap: Raise dbus timeout
With some recent changes on Azure Agent the default DBus call
timeout is not good enough. For example, in case of
`InstallDNSSECFirst_1_to_5` job hostnamectl received reply in ~20sec,
but later it increased to ~30sec (more subjobs - more time to reply).
It's good to raise this timeout to be more protected against minimum
performance times.
https://www.freedesktop.org/software/systemd/man/sd_bus_set_method_call_timeout.html#Description
Fixes: https://pagure.io/freeipa/issue/9207
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/98c6e96e8db3d5bdc0315094b8a7bf81d196479b">98c6e96e</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-07-26T16:57:54-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ap: Disable azure's security daemon
This daemon run clamav which is resource aggressive.
No point to run Windows virus scanner on Ubuntu in Linux-only
environment.
Fixes: https://pagure.io/freeipa/issue/9207
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b59baf31bc097821ff7787ecd75affb27ea2a7c3">b59baf31</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-07-26T16:57:54-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ap: Rearrange overloaded jobs
With some recent changes the Azure Agent has decreased performance.
For example, `InstallDNSSECFirst_1_to_5` (5 subjobs) job took ~33min
and now it takes ~40min. In the same time there are jobs having only
1 or 2 subjobs and they should be used more.
Fixes: https://pagure.io/freeipa/issue/9207
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1ada42e3bce58a729e689377b1a41b6cfa90b508">1ada42e3</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-07-26T16:57:54-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ap: Constrain supported docutils
New Sphinx 5.1.0 (Released: Jul 24, 2022) bumped supported docutils
to 0.19:
https://github.com/sphinx-doc/sphinx/pull/10656
But m2r2 doesn't support it yet:
https://github.com/CrossNox/m2r2/issues/52
Thereby, docutils must be constrained to < 0.19.
This should be fixed by m2r2 and after they do it the restriction
can be removed.
Fixes: https://pagure.io/freeipa/issue/9208
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/f962a0c2832619100046c923d15f21e8c10fce96">f962a0c2</a></strong>
<div>
<span> by Erik </span> <i> at 2022-08-01T09:22:37-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: healthcheck: test if system is FIPS enabled
Test if FIPS is enabled and the check exists.
Related: https://pagure.io/freeipa/issue/8951
Signed-off-by: Erik Belko <ebelko@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1316cd8b2252c2543cf2ef2186956a8833037b1e">1316cd8b</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-08-01T13:03:51-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Disabling gracelimit does not prevent LDAP binds
Originally the code treated 0 as disabled. This was
changed during the review process to -1 but one remnant
was missed effetively allowing gracelimit 0 to also mean
disabled.
Add explicit tests for testing with gracelimit = 0 and
gracelimit = -1.
Also remove some extranous "str(self.master.domain.basedn)"
lines from some of the tests.
Fixes: https://pagure.io/freeipa/issue/9206
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6483f33389c7bb1d185f2b39d68f407e131a282c">6483f333</a></strong>
<div>
<span> by David Pascual </span> <i> at 2022-08-04T13:23:26-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatest: fix prci checker target masked return code & add pylint
In the yamllint target of makefile, prci_checker result was being masked by echo statement.
Aditionally, prci_checker script has been added to the list of Python sources to be Pylinted.
Addressing comments of recently merged PR:
https://github.com/freeipa/freeipa/pull/6301#discussion_r923163970
https://github.com/freeipa/freeipa/pull/6301#issuecomment-1187037261
Signed-off-by: David Pascual <davherna@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d40fd287836dc8440f69314d77ccb461c7e6ccea">d40fd287</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-08-08T14:35:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>azure tests: disable TestInstallDNSSECFirst
The test TestInstallDNSSECFirst is failing because of one of its
dependencies (the most likely suspect is the update of openssl-pkcs11).
Disable the test from azure gating until the issue is solved.
Related: https://pagure.io/freeipa/issue/9216
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Carla Martinez <carlmart@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a5762621ef3ed1e699306a8d2eef634bc927a6fc">a5762621</a></strong>
<div>
<span> by Sudhir Menon </span> <i> at 2022-08-09T08:35:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: ipa-client-install --subid adds entry in nsswitch.conf
This testcase checks that when ipa-client-install command
is run with --subid option, /etc/nsswitch.conf file is updated
with the below entry
subid: nss
Related: https://pagure.io/freeipa/issue/9159
Since the newly added testsuite required client
system, hence modified the below yaml files to change the topology
from *master_1repl to *master_1repl_1client in the below files
gating.yaml
nightly_latest.yaml
nightly_previous.yaml
nightly_rawhide.yaml
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ade5093b08f92b279c200f341e96972a74f644d8">ade5093b</a></strong>
<div>
<span> by Carla Martinez </span> <i> at 2022-08-09T12:00:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>webui: Allow grace login limit
There was no support for setting the grace login limit on the WebUI. The
only way to so was only via CLI:
`ipa pwpolicy-mod --gracelimit=2 global_policy`
Thus, the grace login limit must be updated from the policy section and
this will reflect also on the user settings (under the 'Password Policy'
section)
Fixes: https://pagure.io/freeipa/issue/9211
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/05a298f56485222583cb7dd4f6a3a4c5c77fc8cf">05a298f5</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-08-16T13:10:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>check_repl_update: in progress is a boolean
With the fix for https://pagure.io/freeipa/issue/9171,
nsds5replicaUpdateInProgress is now handled as a boolean.
One remaining occurrence was still handling it as a string
and calling lower() on its value.
Replace with direct boolean comparison.
Fixes: https://pagure.io/freeipa/issue/9218
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/aaf57185a2701b34948105e8b54075afe048ff18">aaf57185</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-08-16T13:15:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>upgrades: Don't restart the CA on ACME and profile schema change
There are currently three sets of CA schema changes applied
in ipa-server-upgrade:
* addition of ACME schema
* addition of certificate profile schema
* addition of lightweight CA schema
None of these require a restart of the CA to be supported.
There is an issue in schema parsing such that it doesn't handle
X-ORIGIN properly. A difference is detected and a change applied
but no change is recorded in LDAP so every time upgrade is
run it thinks a CA restart is needed. The CA is not quick to
restart so avoiding one is best, particularly when the update is
run as part of an rpm transaction where a user with an itchy finger
may think things have hung and break out of it.
https://github.com/389ds/389-ds-base/issues/5366 was
filed to track this.
Related: https://pagure.io/freeipa/issue/9204
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5e2e4664aec641886923c2bec61ce25b96edb62a">5e2e4664</a></strong>
<div>
<span> by Thomas Woerner </span> <i> at 2022-08-16T19:31:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>DNSResolver: Fix use of nameservers with ports
IPA DNS zone and forwardzone commands allow to use nameservers with ports
as "SERVER_IP port PORT_NUMBER". bind is supporting this syntax, but the
Resolver in dnspython that is used to verify the list of forwarders
(nameservers) is only allowing to have IP addresses in this list. With
dnspython version 2.20 there is a new validator in dns.resolver.BaseResolver
that ensures this.
Refs:
- https://bind9.readthedocs.io/en/v9_18_4/reference.html#zone-statement-grammar
- https://github.com/rthalley/dnspython/blob/master/dns/resolver.py#L1094
ipapython/dnsutil.DNSResolver derives from dns.resolver.Resolver. The setter
for nameservers has been overloaded in the DNSResolver class to split out
the port numbers into the nameserver_ports dict { SERVER_IP: PORT_NUMBER }.
After the setter for nameservers succeeded, nameserver_ports is set.
nameserver_ports is used in the resolve() method of dns.resolver.Resolver..
Additional tests have been added to verify that nameservers and also
nameserver_ports are properly set and also valid.
Fixes: https://pagure.io/freeipa/issue/9158
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/2385d1d90aa91d34c4b36842a17e72aa2399a733">2385d1d9</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-08-16T19:35:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Fix expected object classes
Because the sidgen plugin is a postop plugin, it is not
always triggered before the result of an ADD is returned
and the objectclasses of the user may / may not contain
ipantuserattrs.
Fix the expected object classes.
Related: https://pagure.io/freeipa/issue/9062
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a7369944d8b68032eddcc4577b0cc5f9f603cda9">a7369944</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-08-16T19:35:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>gitignore: add install/oddjob/org.freeipa.server.config-enable-sid
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/434620ee342ac4767beccec647a318bfa7743dfa">434620ee</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-08-19T08:17:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>doc: Update LDAP grace period design with default values
New group password policies will get -1 (unlimited) on creation
by default.
Existing group password policies will remain untouched and
those created prior will be treated as no BIND allowed.
Fixes: https://pagure.io/freeipa/issue/9212
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/497a57e7a6872fa30d1855a1d91a455bfdbf9300">497a57e7</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-08-19T08:17:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Set default gracelimit on group password policies to -1
This will retain previous behavior of unlimited LDAP BIND
post-expiration.
Fixes: https://pagure.io/freeipa/issue/9212
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a4ddaaf3048c4e8d78a1807af7266ee40ab3a30b">a4ddaaf3</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-08-19T08:17:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Set default on group pwpolicy with no grace limit in upgrade
If an existing group policy lacks a password grace limit
update it to -1 on upgrade.
Fixes: https://pagure.io/freeipa/issue/9212
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/88ea19b9a53d9c209105af049a1df100d07e081a">88ea19b9</a></strong>
<div>
<span> by Scott Poore </span> <i> at 2022-08-19T12:10:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Rename create_quarkus to create_keycloak
The module installs and configures a Keycloak server and
not just the Quarkus Java framework. So, renaming to better
reflect what the module is used for.
Fixes: https://pagure.io/freeipa/issue/9225
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9290aa5500f752d0eedabdfc92c9fe6c0ee743b8">9290aa55</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-08-30T08:23:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-otpd: initialize local pointers and handle gcc 10
oauth2_on_child_readable() does not use the main verto context and used
to drop the argument name to signify that. This is a feature of C2X
standard by default and is not enabled in gcc before 11 by default (it
is enabled in RHEL 8's gcc 8.5).
Add a simple 'if the context is missing, get out' code to use 'ctx'.
This allows to avoid enabling C2X features.
Initialize local pointers to prevent use before initialization on exit
paths in abnormal situations as well.
Fixes: https://pagure.io/freeipa/issue/9230
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/358924455d87b67db6cd743f3cfe15522b4c0d91">35892445</a></strong>
<div>
<span> by Jesse Sandberg </span> <i> at 2022-08-30T08:30:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Fix ipa-ccache-sweeper activation timer and clean up service file
Added OnActiveSec=12h to start the timer cycle because OnUnitActiveSec setting alone never triggers the timer after boot as there has not been transition between active and inactive state.
Removed [Install] section from sweeper.service as it is not needed
Fixes: https://pagure.io/freeipa/issue/9231
Signed-off-by: Jesse Sandberg <jesse.sandberg@netcode.fi>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/109cd579e3b089b7fad4c92bf25594eba1af8a21">109cd579</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-08-30T10:43:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>fix canonicalization issue in Web UI
When Kerberos principal alias is used to login to a Web UI, we end up
with a request that is authenticated by a ticket issued in the alias
name but metadata processed for the canonical user name. This confuses
RPC layer of Web UI code and causes infinite loop to reload the page.
Fix it by doing two things:
- force use of canonicalization of an enterprise principal on server
side, not just specifying that the principal is an enterprise one;
- recognize that a principal in the whoami()-returned object can have
aliases and the principal returned by the server in the JSON response
may be one of those aliases.
Fixes: https://pagure.io/freeipa/issue/9226
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cefa8f1e5f5b01e6863d07e9f3849dfd4c485f22">cefa8f1e</a></strong>
<div>
<span> by Carla Martinez </span> <i> at 2022-08-30T20:05:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Set pkeys in test_selinuxusermap.py::test_misc::delete_record
The test_selinuxusermap.py::test_selinuxusermap::test_misc is failing
because the 'delete_record' function (located in the same file) is passing
incorrect parameters: it should take the 'pkeys' instead of the full
data.
The changes will take the right 'pkeys' parameters in the 'test_misc()'
function.
Fixes: https://pagure.io/freeipa/issue/9161
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/89fe83b03ac3b046685389ee1059ca75c73e53b0">89fe83b0</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-09-21T10:53:11-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>x509: Replace removed register_interface with subclassing
python-cryptography 38.0 removed `register_interface` decorator:
pyca/cryptography@f70e334a52fdf5bd1ad42460efb78d989f8535d9
Backward compatibility:
Cryptography haven't changed the interface of `Certificate` since it was
first used by IPA (4.6.0) till cryptography 38.0.
cryptography 38.0 (pyca/cryptography@c1b7307a3e4ef9cd246feae88178afba7389405c)
added `tbs_precertificate_bytes` attribute.
Fixes: https://pagure.io/freeipa/issue/9160
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/91a02174a0a9694fd5611c071913ad4720be5ac9">91a02174</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-09-22T08:15:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Fix upper bound of password policy grace limit
It was defined as an unsigned value (2**32) because it
originally was. During the review an additional setting of
disabled (-1) was added so the value needed to be signed.
The upper bound needs to be 2**31 which is provided by
the xmlrpc client MAXINT import.
Fixes: https://pagure.io/freeipa/issue/9243
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0513a83a4fcd5626168cb45132af8cd1b4a9ee03">0513a83a</a></strong>
<div>
<span> by Carla Martinez </span> <i> at 2022-09-22T14:16:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>webui: Show 'Sudo order' column
In the 'Sudo rules' page, the 'Sudo order' column should be visible in the
list so the users can easily see which rules override other rules based on
their order.
Fixes: https://pagure.io/freeipa/issue/9237
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/69413325158a3ea06d1491acd77ee6e0955ee89a">69413325</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-09-26T13:48:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Defer creating the final krb5.conf on clients
A temporary krb5.conf is created early during client enrollment
and was previously used only during the initial ipa-join call.
The final krb5.conf was written soon afterward.
If there are multiple servers it is possible that the client
may then choose a different KDC to connect. If the client
is faster than replication then the client may not exist
on all servers and therefore enrollment will fail.
This was seen in performance testing of how many simultaneous
client enrollments are possible.
Use a decorator to wrap the _install() method to ensure the
temporary files created during installation are cleaned up.
https://pagure.io/freeipa/issue/9228
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4cc94cd3b929ee1878767d23f98ad5e755583c6b">4cc94cd3</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-09-29T16:34:42-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa otptoken-sync: return error when sync fails
The command ipa otptoken-sync does not properly handle
errors happening during the synchronization step.
- Even if an error is detected (such as invalid password
provided), the command exits with return code = 0. An
error message is displayed but the exit code should be 1.
- When an invalid token is provided, the token is not
synchronized but the error is not reported back to the
ipa otptoken-sync command.
The first issue can be fixed by raising an exception when
the HTTP response contains an header with an error.
The second issue is fixed by returning LDAP_INVALID_CREDENTIALS
to ldap bind with the sync control if synchronization fails.
Fixes: https://pagure.io/freeipa/issue/9248
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/895a800e90a34f55f5d2789ece6e7bc8e6f5c0a6">895a800e</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-09-29T16:34:42-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: add negative test for otptoken-sync
Scenario: call ipa otptoken-sync with
- an invalid password
- an invalid first token (containing non-digits)
- an invalid sequence of tokens
The test expects a return code = 1.
Related: https://pagure.io/freeipa/issue/9248
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/762d786bf7a3043fd56877949f02bccd077e2711">762d786b</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-09-30T13:14:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Move client certificate request after krb5.conf is created
The creation of krb5.conf was moved to the end of the script
as part of maintaining server affinity during ipa-client-install.
If the installation is faster than replication then requests
against some IPA servers may fail because the client entry is
not yet present.
This is more difficult with certmonger as it will only use
/etc/krb5.conf. There is no way of knowing, even at the end
of the client installation, that replication has finished.
Certificate issuance may fail during ipa-client-install but
certmonger will re-try the request.
Fixes: https://pagure.io/freeipa/issue/9246
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e9048daac53e24759a33e2031c8b4224a80a0e54">e9048daa</a></strong>
<div>
<span> by Carla Martinez </span> <i> at 2022-09-30T13:17:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Set 'idnssoaserial' to deprecated
A warning message (regarding the SOA serial deprecation) is shown
on the webui and CLI every time a new DNS zone is added (even if the
'--serial' option is not being explicitly set) or the SOA serial is modified.
This should be managed by setting the 'idnssoaserial' as deprecated and
not required parameter.
Fixes: https://pagure.io/freeipa/issue/9249
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/76604df09d8b62795f4e2d1fbc99af9ed55ec5cd">76604df0</a></strong>
<div>
<span> by Carla Martinez </span> <i> at 2022-09-30T13:17:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatest: Remove warning message for 'idnssoaserial'
The tests must be updated to not expect the
deprecation warning messages for the 'idnssoaserial'
parameter. Those should (successfully) fail when
'dnszone_add' and 'dnszone_mod' commands are
executed with the SOA serial parameter provided.
Also, due to this SOA serial deprecation, an
expected-to-fail test should be defined when a
DNS zone is added (dnszone_add) and the SOA serial
is passed as a parameter.
Fixes: https://pagure.io/freeipa/issue/9249
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9f8c9a4d96877bab1cb474615d77aca2fa586ece">9f8c9a4d</a></strong>
<div>
<span> by Carla Martinez </span> <i> at 2022-09-30T13:17:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>webui: Set 'SOA serial' field as read-only
On the WebUI, the SOA serial textbox must be disabled (non-editable)
to prevent the 'ValidationError' message to be shown when this
specific field is manually set.
Fixes: https://pagure.io/freeipa/issue/9249
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/856edcc8d3c9fe64eff532db669536a0a78ba70d">856edcc8</a></strong>
<div>
<span> by Carla Martinez </span> <i> at 2022-09-30T13:17:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Update API and VERSION
The API and VERSION files need to be updated
to hold the changes made in the 'idnssoaserial'
parameter.
Fixes: https://pagure.io/freeipa/issue/9249
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6353e45b5dd446b7acc46244d8bb10c38c39f9ce">6353e45b</a></strong>
<div>
<span> by Yuri Chornoivan </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Ukrainian)
Currently translated at 100.0% (4687 of 4687 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/uk/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/f9590de2e0bc1d2dde4f6a78c72b6a69f773bd99">f9590de2</a></strong>
<div>
<span> by Hela Basa </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Added translation using Weblate (Sinhala)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d198a35cb885b6cc1622bf99b8546675b98c8aed">d198a35c</a></strong>
<div>
<span> by Marcin Stanclik </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Polish)
Currently translated at 100.0% (451 of 451 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/pl/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3b0c1cafc16dc927449231a7a70b2876770ba962">3b0c1caf</a></strong>
<div>
<span> by Piotr Drąg </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Polish)
Currently translated at 100.0% (451 of 451 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/pl/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/842a6457fda382d78a11bce626b2ef0ef3749aa0">842a6457</a></strong>
<div>
<span> by Yuri Chornoivan </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Ukrainian)
Currently translated at 100.0% (4687 of 4687 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/uk/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6169eb47e1ea42c81ad6022ab02ef3222566f70f">6169eb47</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Added translation using Weblate (Finnish)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/6bdd02db7ace58cbb16d45d5c6dbfb1945e2bb43">6bdd02db</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 0.7% (35 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9d6d2e2dc9cfb7c1ef1e400ba90b27474866380f">9d6d2e2d</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 6.2% (290 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c2061cf9c505c4821c7812a71c464afa367300b5">c2061cf9</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 6.8% (318 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5dcb614691ed31a660edc936612b525b1be0ccae">5dcb6146</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 7.2% (340 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/15457a6d9fdb19466405f6882fbbc9e29510d40e">15457a6d</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 7.7% (362 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/696a72f7aef3df7c0f619f0d67e5fe259cc80c37">696a72f7</a></strong>
<div>
<span> by Hela Basa </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Sinhala)
Currently translated at 0.2% (10 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/si/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0a6246ea971282a2f1fc0b5fe3f09f7d656bbf2f">0a6246ea</a></strong>
<div>
<span> by Hela Basa </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Added translation using Weblate (Korean)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/fd81a77d78423293dee4e117b58f2f9077cb0cbf">fd81a77d</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 6.5% (306 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/23fb8a4709af35db3e760159de405adad343c042">23fb8a47</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 7.3% (345 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/2203f3627f28ff4c81ab9fd24eed31669ae34ff5">2203f362</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 7.7% (363 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/101460521cb228f68a52a934acf97eddcbbb9928">10146052</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 7.7% (361 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/00eba1f70445a5faf27db461fb762a030b0b5789">00eba1f7</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 8.3% (389 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/77feee852ed01502c0a0e48d4d4e546332827885">77feee85</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 8.7% (407 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/eac046fd82d02105d3388af1f04527813546e6f7">eac046fd</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 8.8% (412 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d5726f04b6b73d6c1de183ee5b6b7bd96d590db5">d5726f04</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 8.8% (412 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/27dba4a7c3605a1ab03c55458ad4bb47b7c4dbc7">27dba4a7</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 8.8% (414 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9658dbd3c31ad22e175e613f3c51073eb196c72c">9658dbd3</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 8.8% (415 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/18346d99b214f6060ab7f6c83e02f2c4d56ec799">18346d99</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 9.0% (422 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/715043df4ea1d416e64ce50b0e141faf36f6c45d">715043df</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 10.5% (494 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/548afe9eed0696ceb4e8abdc3331b3f1f0fad6f2">548afe9e</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 10.8% (507 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1e65336b3513cf7c6579ac5714c50cb4a965fd96">1e65336b</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 10.9% (511 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d6ff8af62ee12517d438d9f3ff02f25219166da4">d6ff8af6</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 11.0% (514 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/cf9f35e3eb2c90cb3b07a2c5ed33fdd2f3bfa0b3">cf9f35e3</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 11.0% (517 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9e2f7d041c1c72b329fdacac232451e57a4d0516">9e2f7d04</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 11.1% (522 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/20006cc713c7666c373804cd7d6415f9af6a6d27">20006cc7</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 21.1% (989 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7d12b30e2c6762eda93eb66a1dab2e52770d94aa">7d12b30e</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 22.0% (1030 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/8b3ceace34a55fadb560a758c02632efa87ec96f">8b3ceace</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 24.1% (1128 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b2cf29ae168661a12a426bf72e98f43d769fb132">b2cf29ae</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 24.4% (1144 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a8a2b2cf97bbf8b2b80acce08d0903b6c91c5f98">a8a2b2cf</a></strong>
<div>
<span> by Ricky Tigg </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 11.3% (529 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7ca1befe7e8ca463052f8b24f6c9b37093dabbaa">7ca1befe</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 28.9% (1351 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b5d6616aed77a46de2db53b3395aeaf531537df3">b5d6616a</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 30.0% (1406 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4d306ee7ebe90275a47b4f182f66bc87bc397170">4d306ee7</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 13.8% (648 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e98691b491ae2a8d41c3eb6e7028f6e731dbdbae">e98691b4</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 15.8% (739 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/aa00e7c3cff81e79a1dfce2c1e5348af9f3a3438">aa00e7c3</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 31.2% (1461 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/216cced00a1973f2103cf678ed94ef3b6c204190">216cced0</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 15.8% (742 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/067cae55eced1c1c7bcdbbb0dd56a16d7127488c">067cae55</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 31.5% (1472 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/2c0924f38694603777bcbdab804d9b3331efa239">2c0924f3</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 32.5% (1519 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3392f31afe04e5b6b0d49d4e2f2906bc90b3643c">3392f31a</a></strong>
<div>
<span> by Ricky Tigg </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 15.9% (743 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5bd77e606cb6be3b3a133294027e284f5604b447">5bd77e60</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 32.9% (1540 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/eb1a1f35849c1f2e43c282c555b62f7d12962e37">eb1a1f35</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 16.1% (754 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e6451fe15acf406aa741d4eed296ab6eff7e9313">e6451fe1</a></strong>
<div>
<span> by Ricky Tigg </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 16.3% (762 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/fe60d1f6f386734b7cb052f34fb798341130052a">fe60d1f6</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 33.8% (1580 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e98e21709e2205c8c019cc7006d3f9ded94432ae">e98e2170</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 34.0% (1590 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/07a1cc5424760a4ef43ffc6734c901f1cc446909">07a1cc54</a></strong>
<div>
<span> by simmon </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 35.8% (1675 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9df1672f479bee01efcd53c46e800e789762bc97">9df1672f</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 16.3% (764 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7037e5389006f1eeea0299918cbbae57893ef125">7037e538</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 17.0% (794 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/1853d934d1e93dbf07d50799406ac12995a1d977">1853d934</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 17.0% (798 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/20269ac630c451734dffef50298cba823ffe2624">20269ac6</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 17.3% (810 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/246604ec696255674e8716610c387f0f2ef93d73">246604ec</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 36.6% (1712 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/49a41249e1d8cf6b349f895ba88c7490081ab462">49a41249</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 17.6% (826 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/91b63fcae0a588fc174cf865b4e0135c8c0e48ec">91b63fca</a></strong>
<div>
<span> by Ricky Tigg </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 17.7% (827 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/20bcd69f38fb734dc80e5052cb2ed91c19b12994">20bcd69f</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 17.8% (834 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b70041d904926e9d33423fe1f7b48ca0c3791718">b70041d9</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 36.7% (1718 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a24adeab5ca162b3c79358128fcdee22d0bd18f2">a24adeab</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 44.0% (2060 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/64b2c0ebfeb7035b8c9d9e38c2a75e046e855f62">64b2c0eb</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 45.3% (2117 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/aef749b632fd636e6d6b920757e13d64303da9d4">aef749b6</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 46.2% (2163 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/fd538803cf6c098b2a3386ecc1f4b1e3a27b9a88">fd538803</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 47.0% (2197 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/994c43513950b4c82dd9e1ed38b56232f3efffaa">994c4351</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 47.3% (2213 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e6accc7b3f39e0140e0d1dc3ee6bfcf6636d214d">e6accc7b</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 17.9% (836 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4d92e67a45b0caf72ce5028f8bbba06f4d63fb7f">4d92e67a</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 17.9% (839 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e6e638aea7fda83beb47fa6c2f75772673d351c2">e6e638ae</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 48.5% (2268 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c07e0ec7a5acedef693b0f79fdc68529e64aa023">c07e0ec7</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 48.6% (2275 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/61dea74b405d251ea2778e209b03a167064b1bf6">61dea74b</a></strong>
<div>
<span> by Yuri Chornoivan </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Ukrainian)
Currently translated at 100.0% (4666 of 4666 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/uk/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7f9588f36a2b82df3fd9ef7dd286886021e0ffa6">7f9588f3</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 49.0% (2290 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/841e0c673b222e686083cb96c210a55da6e09ff8">841e0c67</a></strong>
<div>
<span> by Jan Kuparinen </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Finnish)
Currently translated at 17.9% (840 of 4668 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/425894153a17de0cdb827a83fad599343e2d3656">42589415</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 49.6% (2318 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/29dba19aa8862ea7b3185dcc0dba789b8e4af5b8">29dba19a</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 50.5% (2360 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/53e4e7212b5b6fe0dceb809aaddc83158f8dfef4">53e4e721</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 50.5% (2360 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/2c555646dd71911d1bcf860e6c3acbcfd3050ad2">2c555646</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 50.5% (2360 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/b8c39cca34b75a4ed3ed77a468836778f670027b">b8c39cca</a></strong>
<div>
<span> by 김인수 </span> <i> at 2022-10-02T12:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Translated using Weblate (Korean)
Currently translated at 50.5% (2360 of 4672 strings)
Translation: freeipa/ipa-4-9
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/ipa-4-9/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/64ef2b9c07ec0b1b316555739ff9f98229258838">64ef2b9c</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-10-03T07:47:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa man page: format the EXAMPLES section
The EXAMPLES section is missing .TP macros before some of
the provided examples, and they are displayed in the same paragraph.
Add .TP (tagged, indented paragraph) before each example.
Fixes: https://pagure.io/freeipa/issue/9252
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/666357649f4dfb8254cb3707e97e12c69e6714f7">66635764</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2022-10-06T10:15:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>extdom: internal functions should be static
Fixes following compilation warnings:
```
ipa_extdom_common.c:109:5: warning: no previous prototype for ‘__nss_to_err’ [-Wmissing-prototypes]
109 | int __nss_to_err(enum nss_status errcode)
| ^~~~~~~~~~~~
ipa_extdom_common.c:738:5: warning: no previous prototype for ‘pack_ber_name_list’ [-Wmissing-prototypes]
738 | int pack_ber_name_list(struct extdom_req *req, char **fq_name_list,
| ^~~~~~~~~~~~~~~~~~
```
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/3de618f75416afd6c087c243fe35755739d229a4">3de618f7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2022-10-06T10:15:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>extdom: make sure result doesn't miss domain part
This is required to ensure that only objects from requested domain
are returned.
Resolves: https://pagure.io/freeipa/issue/9245
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a07cece0c006b3a89fc467284244f979d39f0209">a07cece0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2022-10-06T10:15:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns object from a wrong domain (performance optimization)
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7e93f46c589ba0a68c039d65ea3c0872644a0eb0">7e93f46c</a></strong>
<div>
<span> by Stanislav Levin </span> <i> at 2022-10-07T16:56:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipapython: Support openldap 2.6
While python-ldap is strict dependency of IPA in downstreams, it
is optional for IPA packages published on PyPI.
Openldap 2.6 no longer ships ldap_r-2, that makes
ipapython.dn_ctypes not working against such environments.
Thanks @abbra!
Fixes: https://pagure.io/freeipa/issue/9255
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e51a0c927db4a4c9b3e1ab0c6dffca545532a2b4">e51a0c92</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2022-10-10T10:00:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: do not fail if certmap rule cannot be added
Currently if a certificate mapping and matching rule has a typo or is of
an unsupported type the whole rule processing is aborted and the IPA
certmap plugin works without any rules effectively disabling PKINIT for
users. Since each rule would only allow more certificates for PKINIT it
would be more user/admin friendly to just ignore the failed rules with a
log message and continue with what is left or use the default rule if
nothing is left.
This change is done to add more flexibility to define new mapping and
matching templates which are e.g. needed to cover changes planned by
Microsoft as explained in
https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/d9a56b51bbb350219d0f5cb0ea6b3cc00230d437">d9a56b51</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-10-11T09:06:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipaclient: do not set TLS CA options in ldap.conf anymore
OpenLDAP has made it explicit to use default CA store as provided by
OpenSSL in 2016:
branches 2.5 and later:
commit 4962dd6083ae0fe722eb23a618ad39e47611429b
Author: Howard Guo <hguo@suse.com>
Date: Thu Nov 10 15:39:03 2016 +0100
branch 2.4:
commit e3affc71e05b33bfac43833c7b95fd7b7c3188f8
Author: Howard Guo <hguo@suse.com>
Date: Thu Nov 10 15:39:03 2016 +0100
This means starting with OpenLDAP 2.4.45 we can drop the explicit CA
configuration in ldap.conf.
There are several use cases where an explicit IPA CA should be specified
in the configuration. These mostly concern situations where a higher
security level must be maintained. For these configurations an
administrator would need to add an explicit CA configuration to
ldap.conf if we wouldn't add it during the ipa-client-install setup.
RN: FreeIPA client installer does not add explicit TLS CA configuration
RN: to OpenLDAP's ldap.conf anymore. Since OpenLDAP 2.4.45, explicit CA
RN: configuration is not required as OpenLDAP uses the default CA store
RN: provided by OpenSSL and IPA CA is installed in the default store
RN: by the installer already.
Fixes: https://pagure.io/freeipa/issue/9258
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c977cefa101e145b13b5c19ae5369e5ca7ef1ef8">c977cefa</a></strong>
<div>
<span> by Nikola Knazekova </span> <i> at 2022-10-18T07:07:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Exclude installed policy module file from RPM verification
selinux: Update based on latest packaging guide
https://fedoraproject.org/wiki/SELinux/IndependentPolicy
Fixes: https://pagure.io/freeipa/issue/9254
Signed-off-by: Nikola Knazekova <nknazeko@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/21cb86a8e571ac7aa0304c57961881ca9c4aeacb">21cb86a8</a></strong>
<div>
<span> by Anuja More </span> <i> at 2022-10-18T09:27:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests : Test query to AD specific attributes is successful.
Test scenario:
configure sssd with ldap_group_name = info for the trusted domain,
so that the group name is read from the "info" attribute
of the AD group entry.
With this setting, it is possible to have a group and a user
that appear on IdM side with the same name.
Ensure that the conflict does not break IdM and that the id,
getent group and getent passwd commands work on an IdM client.
Related : https://pagure.io/freeipa/issue/9127
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/58b026716c973f422b1b98e27eb9536e59919d82">58b02671</a></strong>
<div>
<span> by Sudhir Menon </span> <i> at 2022-10-20T08:17:59+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: WebUI: do not allow subid range deletion
This testcase checks that subid added by user admin
cannot be deleted.
Related: https://pagure.io/freeipa/issue/9150
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/58e12bd93a9b7b1c9a39981ee0c6a724040e164f">58e12bd9</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-10-20T08:17:59+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>webui tests: fix test_subid suite
The webui test test_subid_range_deletion_not_allowed is
adding a new subid for the admin user but a previous
test already took care of that step.
Remove the call adding the subid.
2nd issue: a given record has to be selected in
order to check that there is no "delete" button.
Fixes: https://pagure.io/freeipa/issue/9214
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/58ad9f2eec0afe494c57015c4449ae39748117e4">58ad9f2e</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-10-21T20:12:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Spec file: bump the selinux-policy version
selinux-policy introduced a regression in fedora 36, rhel 8
and rhel 9. After a call to ipa trust-add, the credential cache
contains cifs/master.ipa.test@IPA.TEST instead of admin principal.
The fix is available in
- fedora 36: selinux-policy-36.16-1
- rhel 8: 3.14.3-107
Bump the selinux-policy version to install the fix.
Fixes: https://pagure.io/freeipa/issue/9198
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/80b18b08e8cf3aaa9f75769e703c2aab569b599e">80b18b08</a></strong>
<div>
<span> by Erik Belko </span> <i> at 2022-11-10T10:20:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: test for root using admin password in webUI
Check if there is no infinite loop caused by this
combination of user and password
Related: https://pagure.io/freeipa/issue/9226
Signed-off-by: Erik Belko <ebelko@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/fd92757fc4a20eb73ebe08573c3e7ac5fb5c6ae2">fd92757f</a></strong>
<div>
<span> by Erik Belko </span> <i> at 2022-11-14T08:27:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Add test for grace login limit
Test user and pwpolicy entity for grace login limit setting.
Related: https://pagure.io/freeipa/issue/9211
Signed-off-by: Erik Belko <ebelko@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/98eda97648fb0d9a7ae9aac32938d4f889f8a213">98eda976</a></strong>
<div>
<span> by Carla Martinez </span> <i> at 2022-11-15T15:33:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>webui: Add label name to 'Certificates' section
For testing purposes and uniformity, the
'Certificates' label (located under
'Active users' settings ) should also have
'name' attribute, like seen in other parts of the WebUI.
Fixes: https://pagure.io/freeipa/issue/8946
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c0b438bc745666694f2c590859d4926178a0ca04">c0b438bc</a></strong>
<div>
<span> by Mohammad Rizwan </span> <i> at 2022-11-15T15:33:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: Test newly added certificate lable
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/76c8b47e4fb249db0b7c6185afcc0d11b78c5824">76c8b47e</a></strong>
<div>
<span> by Carla Martinez </span> <i> at 2022-11-15T15:33:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>webui: Add name to 'Certificates' table
For testing purposes and uniformity, the 'Certificates'
table generated after a new certificate is added should
also have the 'name' attribute to be able to access its
value.
Fixes: https://pagure.io/freeipa/issue/8946
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9d184a295b1b581f1d5e189ee810c6b08bc0550b">9d184a29</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-11-17T09:44:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Pass the curl write callback by name instead of address
This was reported by Coverity as a potential issue. Passing
by name is the example that curl uses so switch to that to
quiet the warning.
Also change to a static function and pre-declare it to quiet a
compile-time warning.
https://pagure.io/freeipa/issue/9274
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/beaab476903b2f182a722f45bf8af8fee611f0b7">beaab476</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-11-17T09:50:51+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>doc: generate API Reference
Extend the 'make api' target so that we also build an API Reference in
Markdown format. One template for each command gets generated. These
templates include all of the command details (arguments, options and
outputs), and then a section for manually-added notes such as semantics
or version differences. Every time the docs are regenerated, these notes
will be added if they exist.
Signed-off-by: Antonio Torres <antorres@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/76aa6d2a4293e5d492a7cc087b17603b6d28e34e">76aa6d2a</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-11-17T09:50:51+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Add basic API usage guide
Add a guide explaining how to use the IPA API through Python. This
includes initializing the API, launching commands and retrieving
results, including batch operations.
Signed-off-by: Antonio Torres <antorres@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/80da53eaada1b5ad61b8cff2f9ed1217fea600c9">80da53ea</a></strong>
<div>
<span> by Christian Heimes </span> <i> at 2022-11-17T09:52:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Add PKINIT support to ipa-client-install
The ``ipa-client-install`` command now supports PKINIT for client
enrollment. Existing X.509 client certificates can be used to
authenticate a host.
Also restart KRB5 KDC during ``ipa-certupdate`` so KDC picks up new CA
certificates for PKINIT.
*Requirements*
- The KDC must trust the CA chain of the client certificate.
- The client must be able to verify the KDC's PKINIT cert.
- The host entry must exist. This limitation may be removed in the
future.
- A certmap rule must match the host certificate and map it to a single
host entry.
*Example*
```
ipa-client-install \
--pkinit-identity=FILE:/path/to/cert.pem,/path/to/key.pem \
--pkinit-anchor=/path/to/kdc-ca-bundle.pem
```
Fixes: https://pagure.io/freeipa/issue/9271
Fixes: https://pagure.io/freeipa/issue/9269
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/170155b648084846111bf0c65459aba94a8e980d">170155b6</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2022-11-17T10:21:07+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>docs: add security section to idp
Related: https://pagure.io/freeipa/issue/8805
Related: https://pagure.io/freeipa/issue/8804
Related: https://pagure.io/freeipa/issue/8803
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/ca486d1507a2eb0a05576f835354d8d42c178810">ca486d15</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-11-18T15:34:35+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipatests: update vagrant boxes
Use new version of vagrant boxes:
ci-ipa-4-9-f36 0.0.3
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/c643e56e4c45b7cb61aa53989657143627c23e04">c643e56e</a></strong>
<div>
<span> by Francisco Trivino </span> <i> at 2022-11-22T07:56:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Vault: fix interoperability issues with older RHEL systems
AES-128-CBC was recently enabled as default wrapping algorithm for transport of secrets.
This change was done in favor of FIPS as crypto-policies disabled 3DES in RHEL9, but
setting AES as default ended-up breaking backwards compatibility with older RHEL systems.
This commit is tuning some defaults so that interoperability with older RHEL systems
works again. The new logic reflects:
- when an old client is calling a new server, it doesn't send any value for wrapping_algo
and the old value is used (3DES), so that the client can decrypt using 3DES.
- when a new client is calling a new server, it sends wrapping_algo = AES128_CBC
- when a new client is calling an old server, it doesn't send any value and the default is
to use 3DES.
Finally, as this logic is able to handle overlapping wrapping algorithm between server and
client, the Option "--wrapping-algo" is hidden from "ipa vault-archive --help" and "ipa
vault-retrieve --help" commands.
Fixes: https://pagure.io/freeipa/issue/9259
Signed-off-by: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a0652f5dc8efc4580d8039e70c0e762638d3871d">a0652f5d</a></strong>
<div>
<span> by Julien Rische </span> <i> at 2022-11-24T07:42:49+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Generate CNAMEs for TXT+URI location krb records
The IPA location system relies on DNS record priorities in order to give
higher precedence to servers from the same location. For Kerberos, this
is done by redirecting generic SRV records (e.g.
_kerberos._udp.[domain].) to location-aware records (e.g.
_kerberos._udp.[location]._locations.[domain].) using CNAMEs.
This commit applies the same logic for URI records. URI location-aware
record were created, but there were no redirection from generic URI
records. It was causing them to be ignored in practice.
Kerberos URI and TXT records have the same name: "_kerberos". However,
CNAME records cannot coexist with any other record type. To avoid this
conflict, the generic TXT realm record was replaced by location-aware
records, even if the content of these records is the same for all
locations.
Fixes: https://pagure.io/freeipa/issue/9257
Signed-off-by: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/9efa8fe49c08fc584189b9d9ab24dfa8560db824">9efa8fe4</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-11-25T11:16:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: refactor MS-PAC processing to prepare for krb5 1.20
Make sure both krb5 pre 1.20 and 1.20 or later would call into the same
PAC generation code while driven by different API callbacks from the
krb5 KDB interface.
Fixes: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a0d840347b453bda141691ac587bc2ec851f15a5">a0d84034</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-11-25T11:16:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: add krb5 1.20 support
Add basic krb5 1.20 integration without RBCD support. RBCD will come in
a separate series.
Fixes: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0dd3315afb1056e3ca5bfd6af161793b5a5b8d86">0dd3315a</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-11-25T11:16:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: handle cross-realm TGT entries when generating PAC
For generating PAC we need to know SID of the object and a number of
required attributes. However, trusted domain objects do not have these
attributes. Luckily, IPA LDAP schema puts them under actual trust
objects which have all the additional (POSIX) attributes.
Refactor PAC generator to accept secondary LDAP entry and use that one
to pull up required attributes. We only use this for trusted domain
objects.
Fixes: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4755bd42c0f4c8fcda6131ee89b6fa8308d8a75c">4755bd42</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-11-25T11:16:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: handle empty S4U proxy in allowed_to_delegate
With krb5 1.20, S4U processing code uses a special case of passing an
empty S4U proxy to allowed_to_delegate() callback to identify if the
server cannot get forwardable S4U2Self tickets according to [MS-PAC]
3.2.5.1.2.
This means we need to ensure NULL proxy is a valid one and return an
appropriate response to that.
Fixes: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/7e504647dd00202c02cd203ca3474a332d1e413e">7e504647</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-11-25T11:16:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: fix PAC requester check
PAC requester check was incorrect for in-realm S4U operations. It casted
too wide check which denied some legitimate requests. Fix that by only
applying rejection to non-S4U unknown SIDs, otherwise S4U2Self request
issued by the in-realm service against a trusted domain's user would not
work.
Related: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a35cac3d6fa80d259240b0eb1d4952c321be9e92">a35cac3d</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-11-25T11:16:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: fix comment to make sure we talk about krb5 1.20 or later
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e12aa8bb782e1f3722ae93d63632cd93df06faab">e12aa8bb</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2022-11-25T11:16:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>ipa-kdb: for delegation check, use different error codes before and after krb5 1.20
With MIT krb5 1.20, a call to krb5_db_check_allowed_to_delegate()
and krb5_db_check_allowed_to_delegate_from() expects to return either
KRB5KDC_ERR_BADOPTION for a policy denial or KRB5_PLUGIN_OP_NOTSUPP in
case plugin does not handle the policy case. This is part of the MIT
krb5 commit a441fbe329ebbd7775eb5d4ccc4a05eef370f08b which added a
minimal MS-PAC generator.
Prior to MIT krb5 1.20, the same call was expected to return either
KRB5KDC_ERR_POLICY or KRB5_PLUGIN_OP_NOTSUPP errors.
Related: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4d6eabd3caf629a14c801ced4ad50dd9faa8147e">4d6eabd3</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-11-25T13:52:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>API reference: update vault doc
Update doc/api/vault_archive_internal.md and
doc/api/vault_retrieve_internal.md
after the change from commit 93548f2
(default wrapping algo is now des-ede3-cbc instead of aes-128-cbc).
Related: https://pagure.io/freeipa/issue/9259
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/0caa26daf2cf8f770b0111a22d89e31c763a1e89">0caa26da</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-11-25T13:52:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>API reference: update dnszone_add generated doc
Update doc/api/dnszone_add.md after commit c74c701
(Set 'idnssoaserial' to deprecated)
Related: https://pagure.io/freeipa/issue/9249
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/e725e9954737367fd6b2e5e3566d4f19ddd36295">e725e995</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2022-11-25T13:52:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>API doc: adapt the generated doc for 4.9 branch
The API doc files were generated on the master branch
and simply backported to ipa-4-9 but the code differs on
those branches and the doc files need to be adapted.
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/59bfe9d87c01f6a73fa359be700847b9f1bb616d">59bfe9d8</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-11-25T17:18:33+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Update translations to FreeIPA ipa-4-9 state
Signed-off-by: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/4f3dd0538af82bc81b146b03f03743e5ccfc516d">4f3dd053</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-11-25T17:26:03+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Update list of contributors
Signed-off-by: Antonio Torres <antorres@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/2a9919afbd782326580ab52494c917b51023a1c9">2a9919af</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-11-25T17:47:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Become IPA 4.9.11
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5f1002f8220641323ac61f6369c2b9590c05fd28">5f1002f8</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2023-01-18T17:51:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Merge branch 'upstream'
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/defbdcdcdf039de899e7551adc231cf855da18e5">defbdcdc</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2023-01-18T17:51:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>version bump
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/5ef339b963349cb0913534bc62c1d8c1afe50d12">5ef339b9</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2023-01-18T17:59:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>drop upstreamed patches
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/56aac44c86bede8146414083c7b7b42f3077bb9a">56aac44c</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2023-01-18T18:22:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>server.install: Updated.
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa/-/commit/a72d0004f176ecdae7dbd905459b544342237270">a72d0004</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2023-01-18T18:25:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>releasing package freeipa version 4.9.11-1
</pre>
</li>
</ul>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
30 changed files:
</h4>
<ul>
<li class="file-stats">
<a href="#fb74e0ab745627ca1d3a24827b12823666934e79">
.git-commit-template
</a>
</li>
<li class="file-stats">
<a href="#a5cc2925ca8258af241be7e5b0381edf30266302">
.gitignore
</a>
</li>
<li class="file-stats">
<a href="#8b28ba38a2c1b980c9846458130ebd674aea62fa">
<span class="new-file">
+
.readthedocs.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#8a8f67e18c8ed61c36e2901c12e37c094f6cd519">
.wheelconstraints.in
</a>
</li>
<li class="file-stats">
<a href="#4831b637d596df850dfe2919331d9904c0403eaa">
ACI.txt
</a>
</li>
<li class="file-stats">
<a href="#9dcdfc1feccc97e073d5d4710f3da3b5f37ad1f5">
API.txt
</a>
</li>
<li class="file-stats">
<a href="#d7ed7e35d7791778850754d99281016a9bacb652">
Contributors.txt
</a>
</li>
<li class="file-stats">
<a href="#d5b4de16d947214ec306bd57bed1bd23a939b5f9">
Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#438c41c93b7f0c8b476c65c3eb42284f234bd810">
VERSION.m4
</a>
</li>
<li class="file-stats">
<a href="#e4eba71132ec40f9516ea0fa207f3b4601f7e665">
client/ipa-join.c
</a>
</li>
<li class="file-stats">
<a href="#26616f952ef398b6ae9eb7d8687721b05028074d">
client/man/default.conf.5
</a>
</li>
<li class="file-stats">
<a href="#afe90542f4b6de49a3da1dff8d7667da4892974e">
client/man/epn.conf.5
</a>
</li>
<li class="file-stats">
<a href="#8a35d0bcf77b8ab072d502e1bdbfe353a823c769">
client/man/ipa-client-automount.1
</a>
</li>
<li class="file-stats">
<a href="#24d08149069d49a01ad6ec82eec3333757be12bf">
client/man/ipa-client-install.1
</a>
</li>
<li class="file-stats">
<a href="#2c2a403acbc45950144a2c61e3eaaa2b9e3fe8ed">
client/man/ipa.1
</a>
</li>
<li class="file-stats">
<a href="#79e414f3a775c24eef8c1a8120529706f624cee6">
client/share/epn.conf
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#cf151258c759949f06cfbe7e1c4b13b37e4967a0">
daemons/dnssec/ipa-dnskeysync-replica.in
</a>
</li>
<li class="file-stats">
<a href="#2cdd2739f856d7dc0c06f9f717555b6ac7fc08c8">
daemons/dnssec/ipa-dnskeysyncd.in
</a>
</li>
<li class="file-stats">
<a href="#d805817179e0c32b5f17229eae03defa6e20e212">
daemons/dnssec/ipa-ods-exporter.in
</a>
</li>
<li class="file-stats">
<a href="#96f5d965b3079864645cf1040eb80568a0ce9454">
daemons/ipa-kdb/Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#c353f68be99056278f9117d02e4294a759188b14">
daemons/ipa-kdb/ipa_kdb.c
</a>
</li>
<li class="file-stats">
<a href="#4776aa1d1d01bef820f34e6c2aa41644aa3f18df">
daemons/ipa-kdb/ipa_kdb.h
</a>
</li>
<li class="file-stats">
<a href="#d530f0d03a978b8c8549b635cb950845e8dd1f7d">
daemons/ipa-kdb/ipa_kdb_certauth.c
</a>
</li>
<li class="file-stats">
<a href="#0c848c43b4c9e603873356f62e631332101ecf3d">
daemons/ipa-kdb/ipa_kdb_delegation.c
</a>
</li>
<li class="file-stats">
<a href="#1d425595ea8a5a85f3b1f5486032a0dc5592315b">
daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
</a>
</li>
<li class="file-stats">
<a href="#802b9419e8b735ec9553dc46fca0f6d2cc715aec">
daemons/ipa-kdb/ipa_kdb_mspac.c
</a>
</li>
<li class="file-stats">
<a href="#11946c8f50029f8ef82d6057b1d66f8240b5e3bf">
daemons/ipa-kdb/ipa_kdb_mspac_private.h
</a>
</li>
<li class="file-stats">
<a href="#54e1f32627b3e8736ca5623c351bf93b56b7be48">
<span class="new-file">
+
daemons/ipa-kdb/ipa_kdb_mspac_v6.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#818413fd7a6a1dd5672f7c7bb28901894672e3d1">
<span class="new-file">
+
daemons/ipa-kdb/ipa_kdb_mspac_v9.c
</span>
</a>
</li>
</ul>
<h5 style="margin-top: 10px; margin-bottom: 10px; font-size: 0.875rem;">
The diff was not included because it is too large.
</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/freeipa/-/compare/99aa1043d0f76fa92e94ffb6f6fff034542a6d57...a72d0004f176ecdae7dbd905459b544342237270">View it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>
</p>
</div>
</body>
</html>