The FreeIPA team would like to announce the FreeIPA 4.9.7 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 35 and 36 will be available from the official repository soon.
The release notes can be read online: https://www.freeipa.org/page/Releases/4.9.7 or below. == Highlights in 4.9.7 == * 3226: [RFE] ipa sudorule-add-user should accept more types of characters * 8402: [RFE] ipa-client-install forces nsupdate to bind with gssapi: Invoke nsupdate without authentication if the GSS-TSIG attempt fails at install time ; configure SSSD to use nsupdate without GSS-TSIG in this case. * 8528: Use separate logs for AD Trust and DNS installer: ipa-adtrust-install and ipa-dns-install commands now log their activity into separate log files. * 8655: Allow to establish trust to Active Directory in FIPS mode: When IPA is deployed in FIPS mode, it is now possible to establish trust to Active Directory forest. * 8892: [RFE] When IPA system is healthy, ipa-healthcheck --failures-only should display proper message instead of empty list === Enhancements === * FreeIPA now provides centrally-managed allocation of ID sub-ranges for users and groups, for use in podman and runc. * ipa-getkeytab now has an option to discover servers using DNS SRV. * ipa-client-install now gracefully switches to using no authentication when updating its own DNS record if GSS-TSIG fails. It also configures SSSD to do the same. === Known Issues === * ipa-server-install --auto-reverse does not create a reverse DNS zone even when needed on systems using systemd-resolved. === Bug fixes === FreeIPA 4.9.7 is a stabilization release for the features delivered as a part of 4.9 version series. There are more than 50 bug-fixes since the 4.9.5 release, details of which can be seen in the list of resolved tickets below. == Upgrading == Upgrade instructions are available on the Upgrade page. == Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode. == Resolved tickets == * [https://pagure.io/freeipa/issue/3226 #3226] [RFE] ipa sudorule-add-user should accept more types of characters * [https://pagure.io/freeipa/issue/6587 #6587] ipa-otpd: systemctl reports "degraded" for "is-system-running" after todays CentOS updates * [https://pagure.io/freeipa/issue/7814 #7814] fix automountlocation-tofiles output * [https://pagure.io/freeipa/issue/8206 #8206] Add checks to prevent assigning authentication indicators to internal IPA services * [https://pagure.io/freeipa/issue/8227 #8227] dnszone-add: ignores given SOA serial * [https://pagure.io/freeipa/issue/8245 #8245] ipa-kra-install should exit if ca_host is overriden. * [https://pagure.io/freeipa/issue/8257 #8257] ipa-certupdate sets temporary ccache in the wrong place * [https://pagure.io/freeipa/issue/8361 #8361] Add support for managing subuids and subgids in FreeIPA * [https://pagure.io/freeipa/issue/8397 #8397] Cannot remove First master server with KRA after the server hard disk failed ( destructed) * [https://pagure.io/freeipa/issue/8402 #8402] [RFE] ipa-client-install forces nsupdate to bind with gssapi * [https://pagure.io/freeipa/issue/8415 #8415] Ignore case when evaluating attributes and objectclasses in config plugin * [https://pagure.io/freeipa/issue/8452 #8452] update samba configuration on IPA master to explicitly use 'server role' setting * [https://pagure.io/freeipa/issue/8478 #8478] Do SRV discovery in ipa-getkeytab if -s and -H aren't provided * [https://pagure.io/freeipa/issue/8501 #8501] Unify how FreeIPA gets FQDN of current host * [https://pagure.io/freeipa/issue/8519 #8519] Fedora container platform is incomplete * [https://pagure.io/freeipa/issue/8524 #8524] Deploy & manage the ACME service topology wide from a single system * [https://pagure.io/freeipa/issue/8528 #8528] Use separate logs for AD Trust and DNS installer * [https://pagure.io/freeipa/issue/8584 #8584] ACME communication with dogtag REST endpoints should be using the cookie it creates * [https://pagure.io/freeipa/issue/8647 #8647] Incorrect DNSKEY created when DNSSEC enabled for zone * [https://pagure.io/freeipa/issue/8655 #8655] Allow to establish trust to Active Directory in FIPS mode * [https://pagure.io/freeipa/issue/8676 #8676] [Tracker] Multiple nightly test failure in test_integration/test_ntp_options/TestNTPoptions * [https://pagure.io/freeipa/issue/8795 #8795] Remove dependency from tests on ipaserver package/modules * [https://pagure.io/freeipa/issue/8810 #8810] Nightly test failure (rawhide/f34) in test_ipahealthcheck.py::TestIpaHealthCheck: missing AAAA record for ipa-ca * [https://pagure.io/freeipa/issue/8832 #8832] ipa-server-upgrade is failing while upgrading rhel8.3 to rhel8.4 * [https://pagure.io/freeipa/issue/8864 #8864] azure: dnf sometimes fails * [https://pagure.io/freeipa/issue/8889 #8889] [tests] healthcheck 0.9 * [https://pagure.io/freeipa/issue/8890 #8890] Nightly test failure (rawhide) in test_ipa_cert_fix.py::TestIpaCertFix::test_missing_startup * [https://pagure.io/freeipa/issue/8891 #8891] FreeIPA server in debug mode fails to run because time.perf_counter_ns is Python 3.7+ * [https://pagure.io/freeipa/issue/8892 #8892] [RFE] When IPA system is healthy, ipa-healthcheck --failures-only should display proper message instead of empty list * [https://pagure.io/freeipa/issue/8905 #8905] Package python3-ipatests (from CRB repo) Requires python3-coverage * [https://pagure.io/freeipa/issue/8906 #8906] support for SHA384withRSA signing algo missing * [https://pagure.io/freeipa/issue/8909 #8909] Unable to set ipaUserAuthType with stageuser-add * [https://pagure.io/freeipa/issue/8911 #8911] Nightly test failure in pki-fedora/test_webui_cert. * [https://pagure.io/freeipa/issue/8913 #8913] [man page] contradiction in ipa-server-upgrade command's man page and usage * [https://pagure.io/freeipa/issue/8918 #8918] Nightly failure in test_external_ca.py::TestSelfExternalSelf::test_switch_back_to_self_signed * [https://pagure.io/freeipa/issue/8919 #8919] Nightly test failure in test_webui/test_range.py::test_range::test_crud * [https://pagure.io/freeipa/issue/8920 #8920] ipa-healthcheck reports RIPluginCheck CRITICAL error for DSRILE0002 * [https://pagure.io/freeipa/issue/8923 #8923] Trust controller role should pull sssd-winbind-idmap package * [https://pagure.io/freeipa/issue/8925 #8925] ipatests: NAMED_CRYPTO_POLICY_FILE not defined for RHEL * [https://pagure.io/freeipa/issue/8926 #8926] Nightly test failure (rawhide) in test_smb * [https://pagure.io/freeipa/issue/8929 #8929] Nightly test failure in test_integration//test_acme.py/TestACMERenew/test_renew - kinit admin: Password change failed while getting initial credentials * [https://pagure.io/freeipa/issue/8930 #8930] IdM should call into Dogtag to dynamically update the security domain info * [https://pagure.io/freeipa/issue/8931 #8931] flake8 report for tasks.py * [https://pagure.io/freeipa/issue/8934 #8934] ipa-advise unconditionally uses modutil to load opensc module * [https://pagure.io/freeipa/issue/8935 #8935] [tracker] Update boxes for PR-CI nightly runs * [https://pagure.io/freeipa/issue/8936 #8936] ipa-server install failure without DNS * [https://pagure.io/freeipa/issue/8937 #8937] Multiple issues in tasks's install/uninstall helpers * [https://pagure.io/freeipa/issue/8938 #8938] Remove python3-pexpect as dependency for ipatests pkg * [https://pagure.io/freeipa/issue/8939 #8939] Add index for sudoorder * [https://pagure.io/freeipa/issue/8942 #8942] TestAJPSecretUpgrade tests fail on system without pkiuser * [https://pagure.io/freeipa/issue/8944 #8944] TestIpaAdTrustInstall::test_ipa_user_s4u2self_pac failed at create_active_user * [https://pagure.io/freeipa/issue/8949 #8949] Test for RFE ipa-healthcheck should verify owner/perms for important logs in "/var/log" in the ipahealthcheck.ipa.files source * [https://pagure.io/freeipa/issue/8956 #8956] Nightly failure in test_caless.py::TestIPACommands::test_invoke_upgrader == Detailed changelog since 4.9.6 == === Armando Neto (1) === * ipatests: bump prci boxes + move gating to f34 [https://pagure.io/freeipa/c/02447762a3f62383313f0b8cd7c5d129dc2c6213 commit] [https://pagure.io/freeipa/issue/8935 #8935] === Alexander Bokovoy (2) === * rhel platform: add a named crypto-policy support [https://pagure.io/freeipa/c/1a5159b216455070eb51b6a11ceaf0033fc8ce4c commit] [https://pagure.io/freeipa/issue/8925 #8925] * Back to git snapshots [https://pagure.io/freeipa/c/2b7e8841824b44fc41581717c51ccd4b0fc553ff commit] === Anuja More (5) === * ipatests: Test unsecure nsupdate. [https://pagure.io/freeipa/c/4fdab0c94c4e17e42e5f38a0e671bea39bcc9b74 commit] [https://pagure.io/freeipa/issue/8402 #8402] * ipatests: Refactor test_check_otpd_after_idle_timeout [https://pagure.io/freeipa/c/eac03d6828d0bac1925c897090fc77e250eaee04 commit] [https://pagure.io/freeipa/issue/6587 #6587] * ipatests: skip test_basesearch_compat_tree on fedora. [https://pagure.io/freeipa/c/d4062e407d242a72b9d4e32f4fdd6aed086ce005 commit] * ipatests: Test ldapsearch with base scope works with compat tree. [https://pagure.io/freeipa/c/a3d71eb72a6125a80a9d7b698f34dcb95dc25184 commit] * ipatests: Test for OTP when the LDAP connection timed out. [https://pagure.io/freeipa/c/25a4acf3ad5964eacddbcb83ddf9f84432968918 commit] [https://pagure.io/freeipa/issue/6587 #6587] === Antonio Torres (6) === * ipatests: expect SOA serial option deprecation warning [https://pagure.io/freeipa/c/1d7512495d3e7f933d95707f74a6b6f0aeecd00f commit] [https://pagure.io/freeipa/issue/8227 #8227] * dnszone: deprecate option for setting SOA serial [https://pagure.io/freeipa/c/4c0dcabd6e2163dfa80a4d2a18064824934274fa commit] [https://pagure.io/freeipa/issue/8227 #8227] * ipatests: test if KRA install fails when ca_host is overriden [https://pagure.io/freeipa/c/a4e13a33247fb14145c632fb53b4480fc5fb10ea commit] [https://pagure.io/freeipa/issue/8245 #8245] * ipa-kra-install: exit if ca_host is overriden [https://pagure.io/freeipa/c/ab4720d9c2bae059e8f622cd4a331510fefe27ae commit] [https://pagure.io/freeipa/issue/8245 #8245] * ipatests: ensure auth indicators can't be added to internal IPA services [https://pagure.io/freeipa/c/28484c3dee225662e41acc691bfe6b1c1cee99c8 commit] [https://pagure.io/freeipa/issue/8206 #8206] * Add checks to prevent adding auth indicators to internal IPA services [https://pagure.io/freeipa/c/a5d2857297cfcf87ed8973df96e89ebcef22850d commit] [https://pagure.io/freeipa/issue/8206 #8206] === Christian Heimes (8) === * Fix string check in uninstall helper [https://pagure.io/freeipa/c/c5b5bc9099fc26b863d7c964e47dbdcd0ff008c8 commit] [https://pagure.io/freeipa/issue/8937 #8937] * Fix ldapupdate.get_sub_dict() for missing named user [https://pagure.io/freeipa/c/a1eb13cdbc109da8c028bb886a1207ea2cc23cee commit] [https://pagure.io/freeipa/issue/8936 #8936] * Test DNA plugin configuration [https://pagure.io/freeipa/c/b53a52a1fafa94e0129e6e3e55fddd59909f0f0a commit] * Fix oid of ipaUserDefaultSubordinateId [https://pagure.io/freeipa/c/44ccc0f64bac9fc2e7e3264984af26635bb34742 commit] * Fix ipa-server-upgrade [https://pagure.io/freeipa/c/e6e3fb606d08b0dc57bfa360a0f0082052441db6 commit] * Use 389-DS' dnaInterval setting to assign intervals [https://pagure.io/freeipa/c/ef115b04182d572bf61e32e2405bbb68ff65e928 commit] * Redesign subid feature [https://pagure.io/freeipa/c/5d4fe06663c3e66b1da73c01ce022790634a3e3b commit] * Add basic support for subordinate user/group ids [https://pagure.io/freeipa/c/3540986a11d4f3401ba4918f25229a79283d9dbd commit] [https://pagure.io/freeipa/issue/8361 #8361] === Chris Kelley (2) === * Parse cert chain as JSON not XML [https://pagure.io/freeipa/c/40f76a53f78267b4d2b890defa3e4f7d27fdfb7a commit] * Parse getStatus as JSON not XML [https://pagure.io/freeipa/c/7fb95cc638b1c9b7f2e9a67dba859ef8126f2c5f commit] === François Cami (13) === * Update list of contributors [https://pagure.io/freeipa/c/3cb6b5c801b04922c3a23070e79aab20399d033b commit] * ipatests: use krb5_trace in TestIpaAdTrustInstall [https://pagure.io/freeipa/c/9ae23e1257478bfee04b08b54f36dda7f5850348 commit] [https://pagure.io/freeipa/issue/8944 #8944] * freeipa.spec.in: remove python3-pexpect from Requires [https://pagure.io/freeipa/c/e0e1d6f94dd16c8066be8ce3c75ef306890a3e2b commit] [https://pagure.io/freeipa/issue/8938 #8938] * gating.yaml: Fix TestInstallMaster timeout [https://pagure.io/freeipa/c/33c561dcd30dc346ccbaa00933bcd1cac5e994b6 commit] * Azure: temporarily disable problematic tests, #2 [https://pagure.io/freeipa/c/18ccaea7cb36b3d1069f0d12a15b06357b3f94f0 commit] [https://pagure.io/freeipa/issue/8864 #8864] * Azure: temporarily disable problematic tests, #1 [https://pagure.io/freeipa/c/eb1d509fd5271d39cc899838b57e5398683401f7 commit] [https://pagure.io/freeipa/issue/8864 #8864] * tasks.py: fix flake8-reported issues [https://pagure.io/freeipa/c/5b826ab3582566b15a618f57cb2e002a9c16ef64 commit] [https://pagure.io/freeipa/issue/8931 #8931] * test_acme: make password renewal more robust [https://pagure.io/freeipa/c/701adb9185c77194ba1ad0c5fd2f13484417ef6f commit] [https://pagure.io/freeipa/issue/8929 #8929] * test_acme: refactor with tasks [https://pagure.io/freeipa/c/86869364a30f071ee79974b301ff68e80c0950ba commit] * ipatests: smbclient "-k" => "--use-kerberos=desired" [https://pagure.io/freeipa/c/161d5844eb1214e60c636bdb73713c6a43f1e75c commit] [https://pagure.io/freeipa/issue/8926 #8926] * rpcserver.py: perf_counter_ns is Python 3.7+ [https://pagure.io/freeipa/c/1539c7383116647ad9c5b125b343f972e9c9653b commit] [https://pagure.io/freeipa/issue/8891 #8891] * ipatests: smoke test for server debug mode. [https://pagure.io/freeipa/c/ee4be290e1583834a573c3896ee1d97b3fbb6c24 commit] [https://pagure.io/freeipa/issue/8891 #8891] * paths: add IPA_SERVER_CONF [https://pagure.io/freeipa/c/e713c227bb420a841ce3ae146bca55a84a1b0dbf commit] [https://pagure.io/freeipa/issue/8891 #8891] === Florence Blanc-Renaud (12) === * webui tests: fix algo for finding available idrange [https://pagure.io/freeipa/c/f7997ed0b7d5b915c0184bf8e8864ff935cd6232 commit] [https://pagure.io/freeipa/issue/8919 #8919] * Index: Fix definition for memberOf [https://pagure.io/freeipa/c/b132956e42a88ab39bb8d6a854e7c5d28d544a11 commit] [https://pagure.io/freeipa/issue/8920 #8920] * spec file: Trust controller role should pull sssd-winbind-idmap package [https://pagure.io/freeipa/c/1a4f459b81bc77cdf233b65f41d0f76dbb5f2fce commit] [https://pagure.io/freeipa/issue/8923 #8923] * webui tests: close notification when revoking cert [https://pagure.io/freeipa/c/40e4ccf1ea943aba4d10e8126ffa49feddd2e683 commit] [https://pagure.io/freeipa/issue/8911 #8911] * pr-ci definitions: add subid-related jobs [https://pagure.io/freeipa/c/d456649feb40d462f73321a4a220b4aff7adb443 commit] [https://pagure.io/freeipa/issue/8361 #8361] * ipatests: use whole date when calling journalctl --since [https://pagure.io/freeipa/c/b2e6292337c6f7f68ac383db8aa54a1abfa3f6b4 commit] [https://pagure.io/freeipa/issue/8918 #8918] * Server install: do not use unchecked ip addr for ipa-ca record [https://pagure.io/freeipa/c/2c0a123e99d943f115cc726e391f5d79b5bfb70e commit] [https://pagure.io/freeipa/issue/8810 #8810] * man page: update ipa-server-upgrade.1 [https://pagure.io/freeipa/c/195035cef51a132b2b80df57ed50f2fe620244e6 commit] [https://pagure.io/freeipa/issue/8913 #8913] * augeas: bump version for rhel9 [https://pagure.io/freeipa/c/076e499f6f1223458cb896f1e90296e511c922d7 commit] [https://pagure.io/freeipa/issue/8676 #8676] * XMLRPC test: add a test for stageuser-add --user-auth-type [https://pagure.io/freeipa/c/4a5a0fe7d25209a41a2eadd159f7f4c771e5d7fc commit] [https://pagure.io/freeipa/issue/8909 #8909] * stageuser: add ipauserauthtypeclass when required [https://pagure.io/freeipa/c/06468b2f604c56b02231904072cb57412966a701 commit] [https://pagure.io/freeipa/issue/8909 #8909] * Remove unneeded dependency on python-coverage [https://pagure.io/freeipa/c/9cfae2623420356fd99e09bf8559b11da66e2ccd commit] [https://pagure.io/freeipa/issue/8905 #8905] === Michal Polovka (3) === * ipatests: test_ipahealthcheck: Verify permissions for /var/log/ files [https://pagure.io/freeipa/c/488ac7e3ba9f36d6b187687d120920d2d80d8b7f commit] [https://pagure.io/freeipa/issue/8949 #8949] * ipatests: test_installation: move tracking_reqs dependency to ipalib constants ipaserver: krainstance: utilize moved tracking_reqs dependency [https://pagure.io/freeipa/c/e5df4dc4884f1a66ccbca79b9a0d83874c996d1d commit] [https://pagure.io/freeipa/issue/8795 #8795] * ipatests: test_ipahealthcheck: print a message if a system is healthy [https://pagure.io/freeipa/c/7f910eb2dda8595da435b4aed6e759a2916df813 commit] [https://pagure.io/freeipa/issue/8892 #8892] === Mohammad Rizwan (2) === * ipatests: Look for warning into stderr instead of stdout [https://pagure.io/freeipa/c/96dd8ac1cd2e7fb8177d83e7ba5c6d79f4216ea3 commit] [https://pagure.io/freeipa/issue/8890 #8890] * ipatests: Test ipa-cert-fix warns when startup directive is missing from CS.cfg [https://pagure.io/freeipa/c/02c0da3ef74948579106aab4b669f6e64dd60b24 commit] [https://pagure.io/freeipa/issue/8890 #8890] === Rob Crittenden (21) === * Only call add_agent_to_security_domain_admins() when CA is installed [https://pagure.io/freeipa/c/da1d543c2bfa9e4acb6fde170e66c88e521ac232 commit] [https://pagure.io/freeipa/issue/8956 #8956] * ipatests: Verify that securitydomain is updated on server-del [https://pagure.io/freeipa/c/a417810df5500b5780396ab88d53eaea74f74ccc commit] [https://pagure.io/freeipa/issue/8930 #8930] * Clean up the PKI securitydomain when removing a server [https://pagure.io/freeipa/c/be3a0f3201bbb060a9d53fb65cbbccf6c7bf9bb4 commit] [https://pagure.io/freeipa/issue/8930 #8930] * pr-ci definitions: add custom plugin-related jobs [https://pagure.io/freeipa/c/78c48199782743e619463cefa7411817f4fe4a14 commit] [https://pagure.io/freeipa/issue/8415 #8415] * ipatests: add suite for testing custom plugins [https://pagure.io/freeipa/c/e28e45402c7edb007e356a59cf09ed8e10cd14d9 commit] [https://pagure.io/freeipa/issue/8415 #8415] * Don't assume that plugin attributes and objectclasses are lowercase [https://pagure.io/freeipa/c/97a2a925348d3bd732e582108feb02d644ba011a commit] [https://pagure.io/freeipa/issue/8415 #8415] * Add index for sudoorder [https://pagure.io/freeipa/c/0526174971017aebfb9d9fcb29c6dde6e67438fe commit] [https://pagure.io/freeipa/issue/8939 #8939] * ipatests: verify that getcert output includes the issued date [https://pagure.io/freeipa/c/826b5825bd644fc69a9bee17626d71fe03cc0190 commit] * ipa-advise: Define the domain used when looking up ipa-ca [https://pagure.io/freeipa/c/9a4a6cdd27781573351595e38d38eeadc8ab090d commit] [https://pagure.io/freeipa/issue/8934 #8934] * ipa-advise: if p11-kit provides opensc, don't add to NSS db [https://pagure.io/freeipa/c/018ee09ccbe7fc0a5b0909592eadd168224b2409 commit] [https://pagure.io/freeipa/issue/8934 #8934] * ipatests: test ipa-getkeytab server option [https://pagure.io/freeipa/c/7a13200fd8b92dd90ebc4b6416ef25659df8aa71 commit] [https://pagure.io/freeipa/issue/8478 #8478] * ipa-getkeytab: fix compiler warnings [https://pagure.io/freeipa/c/0114d24ea160676b784ef7010c19bbacc67ceea0 commit] [https://pagure.io/freeipa/issue/8478 #8478] * ipa-getkeytab: add option to discover servers using DNS SRV [https://pagure.io/freeipa/c/42206df69adc9c1eefa3ee576891b2ae3ac269e0 commit] [https://pagure.io/freeipa/issue/8478 #8478] * Provide more information in ipa-certupdate on ccache failure [https://pagure.io/freeipa/c/fbbff3edc0fcc8bf2624283ccd88848eedaac8d7 commit] [https://pagure.io/freeipa/issue/8257 #8257] * Fix automountlocation-tofiles expected output in xmlrpc test [https://pagure.io/freeipa/c/ded3cd3fc8490561e44310e8f89efc3e13e82884 commit] [https://pagure.io/freeipa/issue/7814 #7814] * ipatests: Add test for ipa automountlocation-tofiles [https://pagure.io/freeipa/c/dbe4159e27d44550085cb3ce0629d1e525c9b30e commit] [https://pagure.io/freeipa/issue/7814 #7814] * Display all orphaned keys in automountlocation-tofiles [https://pagure.io/freeipa/c/89ca5c8836333aece9caf2ac433ccab1140f909a commit] [https://pagure.io/freeipa/issue/7814 #7814] * ipatests: test removing last KRA when it is not running [https://pagure.io/freeipa/c/8ea8f8b68b5a7217518f68065a5fc1df16126314 commit] [https://pagure.io/freeipa/issue/8397 #8397] * Use new method in check to prevent removal of last KRA [https://pagure.io/freeipa/c/0b9adf1d8d5efb48e734650e4101e8816b01e1d3 commit] [https://pagure.io/freeipa/issue/8397 #8397] * Fall back to krbprincipalname when validating host auth indicators [https://pagure.io/freeipa/c/8ad535b618d60fa016061212ff85d0ad28ccae59 commit] [https://pagure.io/freeipa/issue/8206 #8206] * Add SHA384withRSA as a certificate signing algorithm [https://pagure.io/freeipa/c/ca8c7010e8aa0f87bde11c36947fefd549bae8fd commit] [https://pagure.io/freeipa/issue/8906 #8906] === Stanislav Levin (1) === * ipatests: Fix TestAJPSecretUpgrade tests on systems without pkiuser [https://pagure.io/freeipa/c/c9bc471e063f2865d6423e4f1c9b81e73a45e43f commit] [https://pagure.io/freeipa/issue/8942 #8942] === Serhii Tsymbaliuk (1) === * WebUI: Improve subordinate ids user workflow [https://pagure.io/freeipa/c/9f4b8982cd06011df8daac480a726637fc52649e commit] [https://pagure.io/freeipa/issue/8361 #8361] === Sudhir Menon (1) === * ipatests: Fix for test_source_ipahealthcheck_iptest_source_ipahealthcheck_ipa_host_check_ipahostkeytab [https://pagure.io/freeipa/c/26be7ffdba87e0e6294ea035ab3dc9bd933fba43 commit] [https://pagure.io/freeipa/issue/8889 #8889] _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure