[Freeipa-devel] Github notifications reduced

2017-06-20 Thread Martin Bašti via FreeIPA-devel 

Hello all,

github notifications sent on the list have been reduced to only "PR 
opened", "PR closed", "PR reopened".


In case you want to receive more notifications, please set it up on 
Github with your email.


thanks

--
Martin Bašti
Software Engineer
Red Hat Czech
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] Re: add Dogtag 10.4 builds to FreeIPA COPRs

2017-06-08 Thread Martin Bašti via FreeIPA-devel 



On 08.06.2017 09:08, Martin Bašti via FreeIPA-devel wrote:



On 08.06.2017 02:43, Fraser Tweedale via FreeIPA-devel wrote:

My PR https://github.com/freeipa/freeipa/pull/859 bumps the pki-core
dependency to >= 10.4.  This patch is intended for master and 4.5
branches.  Could someone with the needed permissions please add
pki-core 10.4 builds for f25 and f26 to the @freeipa/freeipa-master
and @freeipa/freeipa-4.5 COPRs?

The latest Dogtag 10.4 builds are available at
https://copr.fedorainfracloud.org/coprs/g/pki/10.4/.

Thanks,
Fraser
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to 
freeipa-devel-le...@lists.fedorahosted.org


Working on it



everything should be now in @freeipa/freeipa-master

freeipa-4-5 is only for released 4.5.x versions of freeipa, your PR is 
only for master.


--
Martin Bašti
Software Engineer
Red Hat Czech
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] Announcing FreeIPA 4.5.1

2017-05-24 Thread Martin Bašti via FreeIPA-devel 

Release date: 2017-05-23

The FreeIPA team would like to announce FreeIPA 4.5.1 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora 25 and Fedora 26 will be available in the official
COPR repository 
.


This announcement is also available at 
.


== Highlights in 4.5.1 ==

=== Enhancements ===
* HBAC rule names can be renamed (#6784)
HBAC rules can now be renamed.

* SUDO rules can be renamed (#2466)
The attribute "rdn_is_primary_key" of the LDAPObject class was renamed 
to "allow_rename" because the name of the former did not reflect the 
purpose of the attribute. Thanks to this objects whose primary key is 
not in RDN can be now renamed. As a result of this, sudo rules can now 
be renamed.


=== Known Issues ===

=== Bug fixes ===
FreeIPA 4.5.1 is a stabilization release for the features delivered as a
part of 4.5.0. There are more than 90 bug-fixes details of which can be 
seen in

the list of resolved tickets below.

== Upgrading ==
Upgrade instructions are available on page: 



== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users 
mailing
list 
(https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/) 
or #freeipa

channel on Freenode.

== Resolved tickets ==
* 6950 ipa-server-install --uninstall fails with ERROR 'tuple' object 
has no attribute 'append'

* 6934 ipa-kra-install timeouts on replica
* 6925 KRA installation fails on server that was originally installed as 
CA-less

* 6924 Fix SELinux contex of http.keytab during upgrade
* 6923 Update warning message when KRA installation fails
* 6922 Update man page of ipa-kra-install
* 6921 ipa-server-install with external CA fails in 
issue_selfsigned_pkinit_certs

* 6920 Upgrade from ipa-4.1 fails when enabling KDC proxy
* 6916 ipa-client-install: extra space in pkinit_anchors definition
* 6911 error adding authenticator indicators to host
* 6907 ipa vault-add raises TypeError
* 6904 pki_client_database_password is shown in ipaserver-install.log
* 6902 ipa restore fails to restore IPA user
* 6900 otptoken-add-yubikey  KeyError: 'ipatokenotpdigits'
* 6899 ipa vault: archival and retrival is broken in IPA 4.5.0
* 6897 ipa-server-install with external-ca fails in FIPS mode
* 6896 Update get_attr_filter in LDAPSearch to handle nsaccountlock user 
searches

* 6895 ipa-kra-install fails when primary KRA server has been decommissioned
* 6894 DNS forwarder address added during IPA installation shouldn't add 
IP-Address '0.0.0.0'

* 6892 ipa-[ca|kra]-install with invalid DM password break replica
* 6883 ipa cert-show raises stack traces when --certificate-out=/tmp
* 6881 ipa.ipaserver.install.plugins.adtrust.update_tdo_gidnumber: ERROR 
Default SMB Group not found

* 6878 Replica install fails during migration from older IPA master
* 6876 GET in KerberosSession.finalize_kerberos_acquisition() must use 
FreeIPA CA

* 6875 Correct wheel package dependencies
* 6872 ipa server install fails with --external-ca option
* 6869 CA-less pkinit not installable with --pkinit-cert-file option
* 6866 ipa trust-fetch-domains: ValidationError: invalid 'Credentials': 
Missing credentials for cross-forest communication

* 6864 minor spelling mistake #2
* 6862 WebUI cert auth fails after ipa-adtrust-install
* 6861 uninstall ipa client automount failed with RuntimeWarning
* 6860 Add the name of URL parameter which will be check for username 
during cert login
* 6859 Console output message while adding trust should be mapped with 
texts changed in Samba.

* 6854 CA less setup is broken
* 6853 Conversion of CA-less server to CA fails on CA instance spawn
* 6850 Use /usr/bin/env python for ipaclient via pypi / macOS fixes for 
ipaclient
* 6846 Do not link libkrad, liblber, libldap_r and libsss_nss_idmap to 
every binary in IPA
* 6839 [ipa-replica-install] - IncorrectPasswordException: Incorrect 
client security database password
* 6838 [ipa-replica-install] - 406 Client Error: Failed to validate 
message: Incorrect number of results (0) searching forpublic key for host

* 6833 Avoid arch-specific path in /etc/krb5.conf.d/ipa-certmap
* 6831 Extend ipa-server-certinstall and ipa-certupdate to handle PKINIT 
certificates/anchors

* 6830 Configure local PKINIT on DL0 or when '--no-pkinit' option is used
* 6828 error: implicit declaration of function ‘sss_nss_getlistbycert’
* 6827 ipasam: gidNumber attribute is not created in the trusted domain 
entry

* 6826  IdM Server Smart Cards: extdom: improve cert request
* 6825 Allow erasing ipaDomainResolutionOrder attribute
* 6824 Add workaround for pki_pin for FIPS
* 6823 Bump packages versions for certificate login
* 6821 Deadlock between topology and schema-compat plugins
* 6819 Login into WebUI using certificate does not work - mod_wsgi 
returns error
* 6817 4.5 replica install fails against

[Freeipa-devel] [DRAFT] FreeIPA 4.5.1 release notes

2017-05-23 Thread Martin Bašti via FreeIPA-devel 
Please see release notes for 4.5.1, feel free to update wiki or send 
feedback


http://www.freeipa.org/page/Releases/4.5.1

thanks

Martin^2

--
Martin Bašti
Software Engineer
Red Hat Czech
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org