[Freeipa-devel] [freeipa PR#4421][closed] [testing_master_latest] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/4421 Author: freeipa-pr-ci Title: #4421: [testing_master_latest] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4421/head:pr4421 git checkout pr4421 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4456][opened] [testing_master_latest] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/4456 Author: freeipa-pr-ci Title: #4456: [testing_master_latest] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4456/head:pr4456 git checkout pr4456 From b9f0c8eedc1c1d22bd4d63c01a4d8b9604ff34d6 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 25 Mar 2020 23:00:07 + Subject: [PATCH] automated commit --- .freeipa-pr-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b63..a58e059169 12 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/nightly_latest.yaml \ No newline at end of file ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4455][opened] Set lookup_family_order = ipv6_first on IPv6-only clients
URL: https://github.com/freeipa/freeipa/pull/4455
Author: rcritten
Title: #4455: Set lookup_family_order = ipv6_first on IPv6-only clients
Action: opened
PR body:
"""
Look at the IPs configured on the interface that the client connects
to IPA with. If this interface has only IPv6 addresses configured
the set the option lookup_family_order to ipv6_first. This will
prefer IPv6 DNS names and will allow an IPv6-only client to be able
to connect to a mixed IPv4/IPv6 IPA installation.
https://pagure.io/freeipa/issue/8243
Signed-off-by: Rob Crittenden
**NOTE:** I'm being conservative here and not using ipv6_only. This is an
attempt to ensure that things will continue to work if the underlying network
changes int he future.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4455/head:pr4455
git checkout pr4455
From e2bf2e55d55c3192778b1a1509783fde29d0c01d Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Wed, 25 Mar 2020 17:45:26 -0400
Subject: [PATCH] Set lookup_family_order = ipv6_first on IPv6-only clients
Look at the IPs configured on the interface that the client connects
to IPA with. If this interface has only IPv6 addresses configured
the set the option lookup_family_order to ipv6_first. This will
prefer IPv6 DNS names and will allow an IPv6-only client to be able
to connect to a mixed IPv4/IPv6 IPA installation.
https://pagure.io/freeipa/issue/8243
Signed-off-by: Rob Crittenden
---
ipaclient/install/client.py | 18 ++
1 file changed, 18 insertions(+)
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index 34b2d1a6e7..006cde0adf 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -956,6 +956,24 @@ def configure_sssd_conf(
nss_service.set_option('memcache_timeout', 600)
sssdconfig.save_service(nss_service)
+family_order = None
+try:
+iface = get_server_connection_interface(cli_server[0])
+except RuntimeError as e:
+logger.error("Cannot determine interface used to connect to "
+ "IPA. %s", e)
+else:
+try:
+connect_ips = get_local_ipaddresses(iface)
+except CalledProcessError as e:
+logger.error("Cannot determine IP(s) used to connect to "
+ "IPA. %s", e)
+else:
+if all([ip.version == 6 for ip in connect_ips]):
+family_order = 'ipv6_first'
+if family_order:
+domain.set_option('lookup_family_order', family_order)
+
domain.set_option('ipa_domain', cli_domain)
domain.set_option('ipa_hostname', client_hostname)
if cli_domain.lower() != cli_realm.lower():
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4411][closed] [ipa-4-6] ipatests: fix KeyError in test_sssd
URL: https://github.com/freeipa/freeipa/pull/4411 Author: flo-renaud Title: #4411: [ipa-4-6] ipatests: fix KeyError in test_sssd Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4411/head:pr4411 git checkout pr4411 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4449][closed] [Backport][ipa-4-7] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4449 Author: abbra Title: #4449: [Backport][ipa-4-7] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4449/head:pr4449 git checkout pr4449 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4452][closed] [Backport][ipa-4-6] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4452 Author: tiran Title: #4452: [Backport][ipa-4-6] ipatests: Skip test using paramiko when FIPS is enabled Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4452/head:pr4452 git checkout pr4452 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4451][closed] [Backport][ipa-4-8] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4451 Author: tiran Title: #4451: [Backport][ipa-4-8] ipatests: Skip test using paramiko when FIPS is enabled Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4451/head:pr4451 git checkout pr4451 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4450][closed] [Backport][ipa-4-8] po: fix LINGUAS to use whitespace separation
URL: https://github.com/freeipa/freeipa/pull/4450 Author: tiran Title: #4450: [Backport][ipa-4-8] po: fix LINGUAS to use whitespace separation Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4450/head:pr4450 git checkout pr4450 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4454][opened] Don't configure ntpd with -x
URL: https://github.com/freeipa/freeipa/pull/4454
Author: rcritten
Title: #4454: Don't configure ntpd with -x
Action: opened
PR body:
"""
slew mode (-x) may break ntpd from starting if time slew is too
great between the system and hardware clock. Slew mode is an
unstable configuration choice and has many known drawbacks.
https://pagure.io/freeipa/issue/8242
Signed-off-by: Rob Crittenden
This applies **only** to the ipa-4-6 branch.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4454/head:pr4454
git checkout pr4454
From a1e8b53526379428668f1924fae751872bd1b003 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Fri, 20 Mar 2020 09:01:39 -0400
Subject: [PATCH] Don't configure ntpd with -x
slew mode (-x) may break ntpd from starting if time slew is too
great between the system and hardware clock. Slew mode is an
unstable configuration choice and has many known drawbacks.
https://pagure.io/freeipa/issue/8242
Signed-off-by: Rob Crittenden
---
ipaclient/install/ntpconf.py | 2 +-
ipaserver/install/ntpinstance.py | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/ipaclient/install/ntpconf.py b/ipaclient/install/ntpconf.py
index e90ec068aa..21cfdc4c6f 100644
--- a/ipaclient/install/ntpconf.py
+++ b/ipaclient/install/ntpconf.py
@@ -80,7 +80,7 @@
#controlkey 8
"""
-ntp_sysconfig = """OPTIONS="-x -p /var/run/ntpd.pid"
+ntp_sysconfig = """OPTIONS="-p /var/run/ntpd.pid"
# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes
diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py
index 10997343c4..d38fd2e129 100644
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -91,8 +91,7 @@ def __write_config(self):
fd.write("{}\n".format(' '.join(fudge)))
#read in memory, find OPTIONS, check/change it, then overwrite file
-needopts = [ {'val':'-x', 'need':True},
- {'val':'-g', 'need':True} ]
+needopts = [ {'val':'-g', 'need':True} ]
fd = open(paths.SYSCONFIG_NTPD, "r")
lines = fd.readlines()
fd.close()
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4453][opened] [Backport][ipa-4-7] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4453
Author: tiran
Title: #4453: [Backport][ipa-4-7] ipatests: Skip test using paramiko when FIPS
is enabled
Action: opened
PR body:
"""
This PR was opened automatically because PR #4442 was pushed to master and
backport to ipa-4-7 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4453/head:pr4453
git checkout pr4453
From 94d850731f5855c44b16c4f6abf911c927e1fd0a Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf
Date: Wed, 25 Mar 2020 13:13:26 +0530
Subject: [PATCH] ipatests: Skip test using paramiko when FIPS is enabled
Test used paramiko to connect to the master from controller.
Hence skip if FIPS is enabled
Signed-off-by: Mohammad Rizwan Yusuf
---
ipatests/test_integration/test_commands.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index 0606aa1b69..a371dc6a3a 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -691,6 +691,9 @@ def test_ssh_from_controller(self):
3. add an ipa user
4. ssh from controller to master using the user created in step 3
"""
+if self.master.is_fips_mode: # pylint: disable=no-member
+pytest.skip("paramiko is not compatible with FIPS mode")
+
sssd_version = ''
cmd_output = self.master.run_command(['sssd', '--version'])
sssd_version = platform_tasks.\
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4452][opened] [Backport][ipa-4-6] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4452
Author: tiran
Title: #4452: [Backport][ipa-4-6] ipatests: Skip test using paramiko when FIPS
is enabled
Action: opened
PR body:
"""
This PR was opened automatically because PR #4442 was pushed to master and
backport to ipa-4-6 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4452/head:pr4452
git checkout pr4452
From f9d1c0dc814e5f8ad8f438e6cb88f82fba11588b Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf
Date: Wed, 25 Mar 2020 13:13:26 +0530
Subject: [PATCH] ipatests: Skip test using paramiko when FIPS is enabled
Test used paramiko to connect to the master from controller.
Hence skip if FIPS is enabled
Signed-off-by: Mohammad Rizwan Yusuf
---
ipatests/test_integration/test_commands.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index a14a324ec2..af8f22cdb5 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -734,6 +734,9 @@ def test_ssh_from_controller(self):
3. add an ipa user
4. ssh from controller to master using the user created in step 3
"""
+if self.master.is_fips_mode: # pylint: disable=no-member
+pytest.skip("paramiko is not compatible with FIPS mode")
+
sssd_version = ''
cmd_output = self.master.run_command(['sssd', '--version'])
sssd_version = platform_tasks.\
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4451][opened] [Backport][ipa-4-8] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4451
Author: tiran
Title: #4451: [Backport][ipa-4-8] ipatests: Skip test using paramiko when FIPS
is enabled
Action: opened
PR body:
"""
This PR was opened automatically because PR #4442 was pushed to master and
backport to ipa-4-8 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4451/head:pr4451
git checkout pr4451
From 1d2cc7610722bfc6451f20bdd3a736d0b41951ff Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf
Date: Wed, 25 Mar 2020 13:13:26 +0530
Subject: [PATCH] ipatests: Skip test using paramiko when FIPS is enabled
Test used paramiko to connect to the master from controller.
Hence skip if FIPS is enabled
Signed-off-by: Mohammad Rizwan Yusuf
---
ipatests/test_integration/test_commands.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index 32a21a7322..c92cad9471 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -803,6 +803,9 @@ def test_ssh_from_controller(self):
3. add an ipa user
4. ssh from controller to master using the user created in step 3
"""
+if self.master.is_fips_mode: # pylint: disable=no-member
+pytest.skip("paramiko is not compatible with FIPS mode")
+
sssd_version = ''
cmd_output = self.master.run_command(['sssd', '--version'])
sssd_version = platform_tasks.\
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4442][closed] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4442 Author: mrizwan93 Title: #4442: ipatests: Skip test using paramiko when FIPS is enabled Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4442/head:pr4442 git checkout pr4442 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4445][closed] [backport][ipa-4-6] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4445 Author: abbra Title: #4445: [backport][ipa-4-6] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4445/head:pr4445 git checkout pr4445 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4444][closed] [Backport][ipa-4-8] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/ Author: tiran Title: #: [Backport][ipa-4-8] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull//head:pr git checkout pr ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4450][opened] [Backport][ipa-4-8] po: fix LINGUAS to use whitespace separation
URL: https://github.com/freeipa/freeipa/pull/4450 Author: tiran Title: #4450: [Backport][ipa-4-8] po: fix LINGUAS to use whitespace separation Action: opened PR body: """ This PR was opened automatically because PR #4448 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4450/head:pr4450 git checkout pr4450 From 8973b547403558218701da84a8d2649554f24bcf Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 25 Mar 2020 11:04:59 +0100 Subject: [PATCH] po: fix LINGUAS to use whitespace separation The po/LINGUAS file contains a list of all avilable translations. According to the GNU gettext documentation it's is a whitespace separated list. Our LINGUAS file used newline separated list with inline comments. This conflicts with weblate automation. Fixes: https://pagure.io/freeipa/issue/8159 See: https://www.gnu.org/software/gettext/manual/html_node/po_002fLINGUAS.html Signed-off-by: Christian Heimes --- po/LINGUAS | 25 + 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/po/LINGUAS b/po/LINGUAS index 5811c744b4..bf8dcdf75c 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -1,24 +1 @@ -bn_IN # Bengali (India) -ca # Catalan -cs # Czech -de # German -en_GB # English (United Kingdom) -es # Spanish -eu # Basque -fr # French -hi # Hindi -hu # Hungarian -id # Indonesian -ja # Japanese -kn # Kannada -mr # Marathi -nl # Dutch -pa # Punjabi -pl # Polish -pt # Portuguese -pt_BR # Portuguese (Brazil) -ru # Russian -sk # Slovak -tg # Tajik -uk # Ukrainian -zh_CN # Chinese (China) +bn_IN ca cs de en_GB es eu fr hi hu id ja kn mr nl pa pl pt pt_BR ru sk tg uk zh_CN ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4448][closed] po: fix LINGUAS to use whitespace separation
URL: https://github.com/freeipa/freeipa/pull/4448 Author: tiran Title: #4448: po: fix LINGUAS to use whitespace separation Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4448/head:pr4448 git checkout pr4448 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4449][opened] [Backport][ipa-4-7] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4449
Author: abbra
Title: #4449: [Backport][ipa-4-7] ipa-pwd-extop: don't check password policy
for non-Kerberos account set by DM or a passsync manager
Action: opened
PR body:
"""
This PR was opened manually because PR #4417 was pushed to master and backport
to ipa-4-7 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4449/head:pr4449
git checkout pr4449
From 7b8136353e5b378ee92deb1b484d7f8db88f3b0a Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 10 Jul 2018 18:05:19 +0300
Subject: [PATCH 1/8] Fix indentation levels
Reviewed-By: Alexander Bokovoy
Reviewed-By: Christian Heimes
---
.../ipa-slapi-plugins/ipa-pwd-extop/common.c | 19 +--
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
index 61b46904ab..d3cd3a72b6 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
@@ -286,8 +286,8 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
* slapi_pblock_destroy(pb)
*/
static int pwd_get_values(const Slapi_Entry *ent, const char *attrname,
- Slapi_ValueSet** results, char** actual_type_name,
- int *buffer_flags)
+ Slapi_ValueSet** results, char** actual_type_name,
+ int *buffer_flags)
{
int flags=0;
int type_name_disposition = 0;
@@ -560,7 +560,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
LOG_TRACE("No password policy, use defaults");
}
break;
- case IPA_CHANGETYPE_ADMIN:
+case IPA_CHANGETYPE_ADMIN:
/* The expiration date needs to be older than the current time
* otherwise the KDC may not immediately register the password
* as expired. The last password change needs to match the
@@ -636,7 +636,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
}
/* Searches the dn in directory,
- * If found : fills in slapi_entry structure and returns 0
+ * If found : fills in slapi_entry structure and returns 0
* If NOT found : returns the search result as LDAP_NO_SUCH_OBJECT
*/
int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist)
@@ -795,22 +795,21 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE,
"krbPrincipalKey", svals);
- /* krbLastPwdChange is used to tell whether a host entry has a
- * keytab so don't set it on hosts.
- */
+/* krbLastPwdChange is used to tell whether a host entry has a
+ * keytab so don't set it on hosts. */
if (!is_host) {
- /* change Last Password Change field with the current date */
+/* change Last Password Change field with the current date */
ret = ipapwd_setdate(data->target, smods, "krbLastPwdChange",
data->timeNow, false);
if (ret != LDAP_SUCCESS)
goto free_and_return;
- /* set Password Expiration date */
+/* set Password Expiration date */
ret = ipapwd_setdate(data->target, smods, "krbPasswordExpiration",
data->expireTime, (data->expireTime == 0));
if (ret != LDAP_SUCCESS)
goto free_and_return;
- }
+}
}
if (nt && is_smb) {
From 43cf34907159fae7cbab53aabe9ed037b91e5fab Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Fri, 6 Jul 2018 11:07:48 +0300
Subject: [PATCH 2/8] ipatests: allow changing sysaccount passwords as
cn=Directory Manager
Extend ldappasswd_sysaccount_change() helper to allow changing
passwords as a cn=Directory Manager.
Related to: https://pagure.io/freeipa/issue/7181
Signed-off-by: Alexander Bokovoy
Reviewed-By: Alexander Bokovoy
Reviewed-By: Christian Heimes
---
ipatests/pytest_ipa/integration/tasks.py | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py
index 831b48fcf7..caf576b80c 100755
--- a/ipatests/pytest_ipa/integration/tasks.py
+++ b/ipatests/pytest_ipa/integration/tasks.py
@@ -1689,15 +1689,23 @@ def ldappasswd_user_change(user, oldpw, newpw, master):
master.run_command(args)
-def ldappasswd_sysaccount_change(user, oldpw, newpw, master):
+def ldappasswd_sysaccount_change(user, oldpw, newpw, master, use_dirman=False):
container_sysaccounts = dict(DEFAULT_CONFIG)['container_sysaccounts']
basedn = master.domain.basedn
userdn = "uid={},{},{}".format(user, container_sysaccounts, basedn)
master_ldap_uri = "ldap://{}".format(master.hostname)
-args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
-'-s',
[Freeipa-devel] [freeipa PR#4432][closed] [Backport][ipa-4-6] WebUI: Fix notification area layout
URL: https://github.com/freeipa/freeipa/pull/4432 Author: flo-renaud Title: #4432: [Backport][ipa-4-6] WebUI: Fix notification area layout Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4432/head:pr4432 git checkout pr4432 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4440][closed] [Backport][ipa-4-8] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4440 Author: abbra Title: #4440: [Backport][ipa-4-8] ipatests: always skip additional input for group-add-member --external Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4440/head:pr4440 git checkout pr4440 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4446][opened] Translations update from Weblate
URL: https://github.com/freeipa/freeipa/pull/4446 Author: weblate Title: #4446: Translations update from Weblate Action: opened PR body: """ Translations update from [Weblate](https://translate.fedoraproject.org/projects/freeipa/master/) for freeipa/master. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4446/head:pr4446 git checkout pr4446 From 9bdda77af1c1dff527935089c89fff5d43df8127 Mon Sep 17 00:00:00 2001 From: Weblate Date: Wed, 25 Mar 2020 10:44:27 +0100 Subject: [PATCH] Update translation files Updated by "Update LINGUAS file" hook in Weblate. Translation: freeipa/master Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/ --- po/LINGUAS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/po/LINGUAS b/po/LINGUAS index 5811c744b4..4c91443ac6 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -1,5 +1,4 @@ -bn_IN # Bengali (India) -ca # Catalan +bn_IN ca cs de en_GB es eu fr hi hu id ja kn mr nl pa pl pt pt_BR ru sk tg uk zh_CNca # Catalan cs # Czech de # German en_GB # English (United Kingdom) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4441][closed] [backport][ipa-4-7] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4441 Author: abbra Title: #4441: [backport][ipa-4-7] ipatests: always skip additional input for group-add-member --external Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4441/head:pr4441 git checkout pr4441 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4445][opened] [backport][ipa-4-6] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4445
Author: abbra
Title: #4445: [backport][ipa-4-6] ipa-pwd-extop: don't check password policy
for non-Kerberos account set by DM or a passsync manager
Action: opened
PR body:
"""
This PR was opened manually because PR #4417 was pushed to master and backport
to ipa-4-6 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4445/head:pr4445
git checkout pr4445
From 607cb5d1010d50b959954886880e92356b8ffb7d Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 10 Jul 2018 18:05:19 +0300
Subject: [PATCH 1/8] Fix indentation levels
Reviewed-By: Alexander Bokovoy
Reviewed-By: Christian Heimes
---
.../ipa-slapi-plugins/ipa-pwd-extop/common.c | 19 +--
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
index 61b46904ab..d3cd3a72b6 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
@@ -286,8 +286,8 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
* slapi_pblock_destroy(pb)
*/
static int pwd_get_values(const Slapi_Entry *ent, const char *attrname,
- Slapi_ValueSet** results, char** actual_type_name,
- int *buffer_flags)
+ Slapi_ValueSet** results, char** actual_type_name,
+ int *buffer_flags)
{
int flags=0;
int type_name_disposition = 0;
@@ -560,7 +560,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
LOG_TRACE("No password policy, use defaults");
}
break;
- case IPA_CHANGETYPE_ADMIN:
+case IPA_CHANGETYPE_ADMIN:
/* The expiration date needs to be older than the current time
* otherwise the KDC may not immediately register the password
* as expired. The last password change needs to match the
@@ -636,7 +636,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
}
/* Searches the dn in directory,
- * If found : fills in slapi_entry structure and returns 0
+ * If found : fills in slapi_entry structure and returns 0
* If NOT found : returns the search result as LDAP_NO_SUCH_OBJECT
*/
int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist)
@@ -795,22 +795,21 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE,
"krbPrincipalKey", svals);
- /* krbLastPwdChange is used to tell whether a host entry has a
- * keytab so don't set it on hosts.
- */
+/* krbLastPwdChange is used to tell whether a host entry has a
+ * keytab so don't set it on hosts. */
if (!is_host) {
- /* change Last Password Change field with the current date */
+/* change Last Password Change field with the current date */
ret = ipapwd_setdate(data->target, smods, "krbLastPwdChange",
data->timeNow, false);
if (ret != LDAP_SUCCESS)
goto free_and_return;
- /* set Password Expiration date */
+/* set Password Expiration date */
ret = ipapwd_setdate(data->target, smods, "krbPasswordExpiration",
data->expireTime, (data->expireTime == 0));
if (ret != LDAP_SUCCESS)
goto free_and_return;
- }
+}
}
if (nt && is_smb) {
From af151ed1310739d5e3df8efdf2089deccc46d5ee Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Fri, 6 Jul 2018 11:07:48 +0300
Subject: [PATCH 2/8] ipatests: allow changing sysaccount passwords as
cn=Directory Manager
Extend ldappasswd_sysaccount_change() helper to allow changing
passwords as a cn=Directory Manager.
Related to: https://pagure.io/freeipa/issue/7181
Signed-off-by: Alexander Bokovoy
Reviewed-By: Alexander Bokovoy
Reviewed-By: Christian Heimes
---
ipatests/pytest_ipa/integration/tasks.py | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py
index 1db4fdd6d0..14c06a4c6f 100755
--- a/ipatests/pytest_ipa/integration/tasks.py
+++ b/ipatests/pytest_ipa/integration/tasks.py
@@ -1629,15 +1629,23 @@ def ldappasswd_user_change(user, oldpw, newpw, master):
master.run_command(args)
-def ldappasswd_sysaccount_change(user, oldpw, newpw, master):
+def ldappasswd_sysaccount_change(user, oldpw, newpw, master, use_dirman=False):
container_sysaccounts = dict(DEFAULT_CONFIG)['container_sysaccounts']
basedn = master.domain.basedn
userdn = "uid={},{},{}".format(user, container_sysaccounts, basedn)
master_ldap_uri = "ldap://{}".format(master.hostname)
-args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
-'-s',
[Freeipa-devel] [freeipa PR#4417][closed] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4417 Author: rcritten Title: #4417: ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4417/head:pr4417 git checkout pr4417 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4444][opened] [Backport][ipa-4-8] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/
Author: tiran
Title: #: [Backport][ipa-4-8] ipa-pwd-extop: don't check password policy
for non-Kerberos account set by DM or a passsync manager
Action: opened
PR body:
"""
This PR was opened automatically because PR #4417 was pushed to master and
backport to ipa-4-8 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull//head:pr
git checkout pr
From f1131c41d81b1cd368e2031a806c6ad3e97c4a78 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Tue, 10 Jul 2018 18:05:19 +0300
Subject: [PATCH 1/8] Fix indentation levels
---
.../ipa-slapi-plugins/ipa-pwd-extop/common.c | 19 +--
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
index 61b46904ab..d3cd3a72b6 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
@@ -286,8 +286,8 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
* slapi_pblock_destroy(pb)
*/
static int pwd_get_values(const Slapi_Entry *ent, const char *attrname,
- Slapi_ValueSet** results, char** actual_type_name,
- int *buffer_flags)
+ Slapi_ValueSet** results, char** actual_type_name,
+ int *buffer_flags)
{
int flags=0;
int type_name_disposition = 0;
@@ -560,7 +560,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
LOG_TRACE("No password policy, use defaults");
}
break;
- case IPA_CHANGETYPE_ADMIN:
+case IPA_CHANGETYPE_ADMIN:
/* The expiration date needs to be older than the current time
* otherwise the KDC may not immediately register the password
* as expired. The last password change needs to match the
@@ -636,7 +636,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
}
/* Searches the dn in directory,
- * If found : fills in slapi_entry structure and returns 0
+ * If found : fills in slapi_entry structure and returns 0
* If NOT found : returns the search result as LDAP_NO_SUCH_OBJECT
*/
int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist)
@@ -795,22 +795,21 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE,
"krbPrincipalKey", svals);
- /* krbLastPwdChange is used to tell whether a host entry has a
- * keytab so don't set it on hosts.
- */
+/* krbLastPwdChange is used to tell whether a host entry has a
+ * keytab so don't set it on hosts. */
if (!is_host) {
- /* change Last Password Change field with the current date */
+/* change Last Password Change field with the current date */
ret = ipapwd_setdate(data->target, smods, "krbLastPwdChange",
data->timeNow, false);
if (ret != LDAP_SUCCESS)
goto free_and_return;
- /* set Password Expiration date */
+/* set Password Expiration date */
ret = ipapwd_setdate(data->target, smods, "krbPasswordExpiration",
data->expireTime, (data->expireTime == 0));
if (ret != LDAP_SUCCESS)
goto free_and_return;
- }
+}
}
if (nt && is_smb) {
From d4e7dbc37621ddc0194c53b20374112b4107f013 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy
Date: Fri, 6 Jul 2018 11:07:48 +0300
Subject: [PATCH 2/8] ipatests: allow changing sysaccount passwords as
cn=Directory Manager
Extend ldappasswd_sysaccount_change() helper to allow changing
passwords as a cn=Directory Manager.
Related to: https://pagure.io/freeipa/issue/7181
Signed-off-by: Alexander Bokovoy
---
ipatests/pytest_ipa/integration/tasks.py | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py
index 0b8eca1f31..ffb52783e7 100755
--- a/ipatests/pytest_ipa/integration/tasks.py
+++ b/ipatests/pytest_ipa/integration/tasks.py
@@ -1758,15 +1758,23 @@ def ldappasswd_user_change(user, oldpw, newpw, master):
master.run_command(args)
-def ldappasswd_sysaccount_change(user, oldpw, newpw, master):
+def ldappasswd_sysaccount_change(user, oldpw, newpw, master, use_dirman=False):
container_sysaccounts = dict(DEFAULT_CONFIG)['container_sysaccounts']
basedn = master.domain.basedn
userdn = "uid={},{},{}".format(user, container_sysaccounts, basedn)
master_ldap_uri = "ldap://{}".format(master.hostname)
-args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
-'-s', newpw, '-x', '-ZZ', '-H', master_ldap_uri]
+if use_dirman:
+args = [paths.LDAPPASSWD, '-D',
+
[Freeipa-devel] [freeipa PR#4435][closed] SELinux: apache_manage_pid_files for F30
URL: https://github.com/freeipa/freeipa/pull/4435 Author: tiran Title: #4435: SELinux: apache_manage_pid_files for F30 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4435/head:pr4435 git checkout pr4435 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4443][opened] [Backport][ipa-4-8] SELinux: apache_manage_pid_files for F30
URL: https://github.com/freeipa/freeipa/pull/4443
Author: abbra
Title: #4443: [Backport][ipa-4-8] SELinux: apache_manage_pid_files for F30
Action: opened
PR body:
"""
This PR was opened automatically because PR #4435 was pushed to master and
backport to ipa-4-8 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4443/head:pr4443
git checkout pr4443
From d602e7711735fccac6e5bc568fb8253d7aef439b Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Tue, 24 Mar 2020 16:07:54 +0100
Subject: [PATCH] SELinux: apache_manage_pid_files for F30
SELinux policy on F30 doesn't have the interface
apache_manage_pid_files(). Define the interface conditionally.
Fixes: https://pagure.io/freeipa/issue/8241
Signed-off-by: Christian Heimes
---
selinux/ipa.if | 27 +++
1 file changed, 27 insertions(+)
diff --git a/selinux/ipa.if b/selinux/ipa.if
index 44c0a93662..cefae5d902 100644
--- a/selinux/ipa.if
+++ b/selinux/ipa.if
@@ -365,3 +365,30 @@ interface(`ipa_custodia_stream_connect',`
allow $1 ipa_custodia_t:unix_stream_socket { connectto };
')
+
+
+##
+## Manage apache pid objects.
+## The interface is defined by selinux-policy since Fedora 31 and is
+## conditionally defined here for Fedora 30.
+## See https://pagure.io/freeipa/issue/8241.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+
+ifndef(`apache_manage_pid_files',`
+ interface(`apache_manage_pid_files',`
+ gen_require(`
+ type httpd_var_run_t;
+ ')
+
+ files_search_pids($1)
+ manage_dirs_pattern($1, httpd_var_run_t, httpd_var_run_t)
+ manage_files_pattern($1, httpd_var_run_t, httpd_var_run_t)
+ manage_sock_files_pattern($1, httpd_var_run_t, httpd_var_run_t)
+ ')
+')
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4434][closed] [backport][ipa-4-8] prepare translations to use Weblate
URL: https://github.com/freeipa/freeipa/pull/4434 Author: abbra Title: #4434: [backport][ipa-4-8] prepare translations to use Weblate Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4434/head:pr4434 git checkout pr4434 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4442][opened] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4442
Author: mrizwan93
Title: #4442: ipatests: Skip test using paramiko when FIPS is enabled
Action: opened
PR body:
"""
Test used paramiko to connect to the master from controller.
IF FIPS mode is enable, it fails because of get_fingerprint()
method returns MD5 fingerprint. Hence skip if FIPS is enabled
Signed-off-by: Mohammad Rizwan Yusuf
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4442/head:pr4442
git checkout pr4442
From a2be87aa0d24af4180b851bee5a323998a1cc4a7 Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf
Date: Wed, 25 Mar 2020 13:13:26 +0530
Subject: [PATCH] ipatests: Skip test using paramiko when FIPS is enabled
Test used paramiko to connect to the master from controller.
IF FIPS mode is enable, it fails because of get_fingerprint()
method returns MD5 fingerprint. Hence skip if FIPS is enabled
Signed-off-by: Mohammad Rizwan Yusuf
---
ipatests/test_integration/test_commands.py | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index 8a5d4c0710..c054956dd5 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -689,6 +689,12 @@ def test_ssh_from_controller(self):
3. add an ipa user
4. ssh from controller to master using the user created in step 3
"""
+# Test used paramiko to connect to the master from controller.
+# IF FIPS mode is enable, it fails because of get_fingerprint()
+# method returns MD5 fingerprint. Hence skip if FIPS is enabled
+if self.master.is_fips_mode: # pylint: disable=no-member
+pytest.skip("paramiko is not compatible with FIPS mode")
+
sssd_version = ''
cmd_output = self.master.run_command(['sssd', '--version'])
sssd_version = platform_tasks.\
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4437][closed] [Backport][ipa-4-7] ipatests: provide AD admin password when trying to establish trust
URL: https://github.com/freeipa/freeipa/pull/4437 Author: wladich Title: #4437: [Backport][ipa-4-7] ipatests: provide AD admin password when trying to establish trust Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4437/head:pr4437 git checkout pr4437 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4436][closed] [Backport][ipa-4-8] ipatests: provide AD admin password when trying to establish trust
URL: https://github.com/freeipa/freeipa/pull/4436 Author: wladich Title: #4436: [Backport][ipa-4-8] ipatests: provide AD admin password when trying to establish trust Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4436/head:pr4436 git checkout pr4436 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4441][opened] [backport][ipa-4-7] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4441 Author: abbra Title: #4441: [backport][ipa-4-7] ipatests: always skip additional input for group-add-member --external Action: opened PR body: """ 'ipa group-add-member groupname --external some-object' will attempt to ask interactive questions about other optional parameters (users and groups) if only external group member was specified. This leads to a timeout in the tests as there is no input provided. Do not wait for the entry that would never come by using 'ipa -n'. Related: https://pagure.io/freeipa/issue/8236 Signed-off-by: Alexander Bokovoy Reviewed-By: Florence Blanc-Renaud Reviewed-By: Sergey Orlov """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4441/head:pr4441 git checkout pr4441 From 5f49888243b89b1f1302280e78bb1ec0a65c3280 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 23 Mar 2020 23:04:04 +0200 Subject: [PATCH] ipatests: always skip additional input for group-add-member --external 'ipa group-add-member groupname --external some-object' will attempt to ask interactive questions about other optional parameters (users and groups) if only external group member was specified. This leads to a timeout in the tests as there is no input provided. Do not wait for the entry that would never come by using 'ipa -n'. Related: https://pagure.io/freeipa/issue/8236 Signed-off-by: Alexander Bokovoy Reviewed-By: Florence Blanc-Renaud Reviewed-By: Sergey Orlov --- ipatests/test_integration/test_sssd.py | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index d60bab82e8..1e5f0da2c1 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -10,6 +10,7 @@ from contextlib import contextmanager import pytest +import subprocess import textwrap from ipatests.test_integration.base import IntegrationTest @@ -18,7 +19,6 @@ from ipaplatform.osinfo import osinfo from ipaplatform.paths import paths from ipapython.dn import DN -from ipalib import errors class TestSSSDWithAdTrust(IntegrationTest): @@ -265,9 +265,8 @@ def test_ext_grp_with_ldap(self): self.master.run_command( ['ipa', 'group-add-member', '--group', ext_group, user]) self.master.run_command([ -'ipa', 'group-add-member', '--external', -self.users['ad']['name'], ext_group, -'--users=', '--groups=']) +'ipa', '-n', 'group-add-member', '--external', +self.users['ad']['name'], ext_group]) tasks.clear_sssd_cache(self.master) tasks.clear_sssd_cache(client) try: @@ -291,11 +290,11 @@ def test_external_group_member_mismatch(self, user_origin): master.run_command(['ipa', 'group-add', '--external', 'ext-ipatest']) try: -master.run_command(['ipa', 'group-add-member', +master.run_command(['ipa', '-n', 'group-add-member', 'ext-ipatest', '--external', self.users[user_origin]['name']]) -except errors.ValidationError: +except subprocess.CalledProcessError: # Only 'ipa' origin should throw a validation error assert user_origin == 'ipa' finally: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4440][opened] [Backport][ipa-4-8] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4440 Author: abbra Title: #4440: [Backport][ipa-4-8] ipatests: always skip additional input for group-add-member --external Action: opened PR body: """ This PR was opened automatically because PR #4420 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4440/head:pr4440 git checkout pr4440 From bf2ca1c0c4e747501b8c6b1fa20f2a4c4a4f487f Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 23 Mar 2020 23:04:04 +0200 Subject: [PATCH] ipatests: always skip additional input for group-add-member --external 'ipa group-add-member groupname --external some-object' will attempt to ask interactive questions about other optional parameters (users and groups) if only external group member was specified. This leads to a timeout in the tests as there is no input provided. Do not wait for the entry that would never come by using 'ipa -n'. Related: https://pagure.io/freeipa/issue/8236 Signed-off-by: Alexander Bokovoy --- ipatests/test_integration/test_sssd.py | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index 872863a737..8e2f62c083 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -11,6 +11,7 @@ import re import pytest +import subprocess import textwrap from ipatests.test_integration.base import IntegrationTest @@ -19,7 +20,6 @@ from ipaplatform.osinfo import osinfo from ipaplatform.paths import paths from ipapython.dn import DN -from ipalib import errors class TestSSSDWithAdTrust(IntegrationTest): @@ -318,9 +318,8 @@ def test_ext_grp_with_ldap(self): self.master.run_command( ['ipa', 'group-add-member', '--group', ext_group, user]) self.master.run_command([ -'ipa', 'group-add-member', '--external', -self.users['ad']['name'], ext_group, -'--users=', '--groups=']) +'ipa', '-n', 'group-add-member', '--external', +self.users['ad']['name'], ext_group]) tasks.clear_sssd_cache(self.master) tasks.clear_sssd_cache(client) try: @@ -344,11 +343,11 @@ def test_external_group_member_mismatch(self, user_origin): master.run_command(['ipa', 'group-add', '--external', 'ext-ipatest']) try: -master.run_command(['ipa', 'group-add-member', +master.run_command(['ipa', '-n', 'group-add-member', 'ext-ipatest', '--external', self.users[user_origin]['name']]) -except errors.ValidationError: +except subprocess.CalledProcessError: # Only 'ipa' origin should throw a validation error assert user_origin == 'ipa' finally: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4420][closed] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4420 Author: abbra Title: #4420: ipatests: always skip additional input for group-add-member --external Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4420/head:pr4420 git checkout pr4420 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
