Commit Graph

14225 Commits

Author SHA1 Message Date
Armando Neto
b279b3a7c9
ipatests: Bump PR-CI templates
New template images for ci-master-f32 to include latest packages.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2020-08-24 09:03:41 -03:00
Alexander Bokovoy
0a01f576e0
test_smb: make sure both smbserver and smbclient use IPA master for DNS
test_smb test suite sets up IPA master, AD forest, and two clients.
The clients are used as an SMB server and an SMB client and they need to
resolve and authenticate AD users with Kerberos.

Previously, the test only configured SMB client to use IPA master as its
DNS server. SMB server wasn't using IPA master and thus any attempt to
resolve SRV records from AD DNS zone was failing.

Make sure that both SMB client's and SMB server's DNS resolution is set
up in the same way.

Fixes: https://pagure.io/freeipa/issue/8344

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2020-08-24 11:55:46 +02:00
Sumedh Sidhaye
3f5f68e770 test_cert.py is timing out due to newly added test test_cert.py::TestCertmongerRekey which needs more time to execute. Adding additional 30 mins to the timeout in order to complete the test run
Failing test run:
http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/249e30e4-e349-11ea-ac03-fa163e1ffcbd

Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-08-24 10:22:02 +02:00
Mohammad Rizwan
1abeb85fba PEP8 fixes
PEP8 fixes for visual indent, line > 79, blank line required etc

Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
2020-08-24 10:00:05 +03:00
Mohammad Rizwan
bddbfb79e4 ipatests: add --skip-overlap-check option to prepare_reverse_zone()
add --skip-overlap-check in case it overlap with an existing zone
or with dnszone outside of IPA.

Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
2020-08-24 10:00:05 +03:00
Mohammad Rizwan
b3d7a70ee0 ipatests: Add PTR record for IP SAN
If PTR record is missing for an IP address then cert request
with SAN option throws an error. This fix is to add the PTR
record so that cert request doesn't throw an error.

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
2020-08-24 10:00:05 +03:00
Stanislav Levin
8831b9b649 pylint: Ignore raise-missing-from
Pylint 2.6.0 introduces new check:
> Add raise-missing-from check for exceptions that should have a
cause.

According to PEP 3134 the implicit exception chaining is valid and
can be used.

http://pylint.pycqa.org/en/latest/whatsnew/changelog.html#what-s-new-in-pylint-2-6-0
https://www.python.org/dev/peps/pep-3134/

Fixes: https://pagure.io/freeipa/issue/8468
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-23 09:16:18 +03:00
Stanislav Levin
ec6369ca00 pylint: Ignore super-with-arguments
Pylint 2.6.0 added new check:
> Add super-with-arguments check for flagging instances of Python 2
style super calls.

According to PEP 3135 this form of `super` is syntactic sugar and
is not mandatory. Right now there are 566 affected `super`s.

http://pylint.pycqa.org/en/latest/whatsnew/changelog.html#what-s-new-in-pylint-2-6-0
https://www.python.org/dev/peps/pep-3135/

Fixes: https://pagure.io/freeipa/issue/8468
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-23 09:16:18 +03:00
Stanislav Levin
6e85872528 pylint: Fix warning W0612(unused-variable)
New warnings were found by new pylint (2.5.3).

Fixes: https://pagure.io/freeipa/issue/8468
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-23 09:16:18 +03:00
Stanislav Levin
de105aa8fc pylint: Teach pylint about more RRs types
There are many types of RRs which are provided by dnspython.
This is not all, but enough for now to fix linting errors
caused by new dnspython 2.0.

Fixes: https://pagure.io/freeipa/issue/8468
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-23 09:16:18 +03:00
Alexander Bokovoy
11a64478b3 Add new contributors
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-20 13:09:14 +03:00
Alexander Bokovoy
4fdf69adf2 Add alternative email to the mailmap for myself
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-20 13:05:57 +03:00
Alexander Bokovoy
20ece52b9a master: update po/ipa.pot
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-20 13:01:49 +03:00
Mohammad Rizwan
abd0cbfcfd ipatests: Test certmonger rekey command works fine
Certmonger's rekey command was throwing an error as
unrecognized command. Test is to check if it is working fine.

related: https://bugzilla.redhat.com/show_bug.cgi?id=1249165

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-19 14:04:43 -04:00
Mark Reynolds
c08c7e1156 Increase replication changelog trimming to 30 days
A long time ago the DS team recommended that the changelog trimming interval be set to 7 days.  However, more recently we tend to see more time skews on certain platforms, and issues where it appears changes were trimmed too early (which can break replication).

It would be better to set the trimming interval to 30 days.  This still prevents the changelog from getting too large, and it should help with some of the other issues we are now seeing.

Fixes: https://pagure.io/freeipa/issue/8464

Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-08-19 14:02:27 -04:00
Rob Crittenden
454e023ad8 ipatests: stop the CA during healthcheck expiration test
Time is moved during the test to ensure that ipa-healthcheck
finds expired certificates. It's possible that certmonger will also
wake up and renew the certificates before ipa-healthcheck can
execute so shut down the CA during the test.

https://pagure.io/freeipa/issue/8463

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
2020-08-19 14:01:01 -04:00
Rob Crittenden
18a8a41580 Improve performance of ipa-server-guard
* Drop support for python 2
* Only import traceback and syslog when needed
* Only import ipaserver.install.certs when the lock is needed
* Only import ipautil when run is needed

For the unsupported operations case this improves performance by
95%

For the supported operations that don't require a lock the
improvement is about 50%.

For the supported operations that require a lock the improvement
is about 20%

When configuring a CA certmonger calls its helper with the
following operations:

IDENTIFY
FETCH-ROOTS
GET-SUPPORTED-TEMPLATES
GET-DEFAULT-TEMPLATE
GET-NEW-REQUEST-REQUIREMENTS
GET-RENEW-REQUEST-REQUIREMENTS
FETCH-SCEP-CA-CAPS
FETCH-SCEP-CA-CERTS

Only IDENTIFY, FETCH-ROOTS and GET-NEW-REQUEST-REQUIREMENTS are
supported by ipa-submit, along with the request options SUBMIT and
POLL.

Which means every time the IPA CA in certmonger is updated
eight calls to ipa-server-guard are made so the savings are
cumulative.

The savings when executing these eight operations is a 73% decrease
(.7 sec vs 2.5 sec).

https://pagure.io/freeipa/issue/8425

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-08-19 13:59:11 -04:00
Rob Crittenden
25e042d3d1 ipatests: Add test for is_ipa_configured
Validate that is_ipa_configured() returns True when using either
the original and the new configuration methods. This will allow
older installs to successfully upgrade.

https://pagure.io/freeipa/issue/8458

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2020-08-18 11:11:26 +02:00
Rob Crittenden
2bdb18d56f Use is_ipa_configured from ipalib.facts
A couple of places still used the deprecated installutils version.

https://pagure.io/freeipa/issue/8458

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2020-08-18 11:11:26 +02:00
Rob Crittenden
a8d5e6bbfe Fall back to old server installation detection when needed
If there is no installation section the the install pre-dated
this new method of detecting a successful installation, fall back
to that.

https://pagure.io/freeipa/issue/8458

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2020-08-18 11:11:26 +02:00
Rob Crittenden
af5138c2aa IPA-EPN: Test that EPN can be install, uninstalled and re-installed
Verify that no cruft is left over that will prevent reinstallation
if it is uninstalled.

Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2020-08-18 11:06:04 +02:00
Florence Blanc-Renaud
f7a6c468ca ipatests: remove xfail from test_dnssec
The nightly test test_dnssec.py::TestInstallDNSSECFirst::test_chain_of_trust
used to fail because of https://github.com/rthalley/dnspython/issues/343,
but the issue has been fixed upstream and does not happen any more since
PRCI is using python3-dns-1.16.0-7.

Remove the xfail.

Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
2020-08-17 14:36:16 -04:00
Stanislav Levin
03a5e5f35f spec: Move ipa-cldap plugin out to freeipa-server-trust-ad package
This ns-slapd plugin is used as a CLDAP server which responses to
AD DCs with an information about IPA domain. So, logically it
belongs to freeipa-server-trust-ad package.

Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-17 10:46:23 +02:00
Stanislav Levin
5c1e448300 uninstall: Clean up no longer used flag
The `_server_trust_ad_installed` was added as a flag which
indicates that `freeipa-server-trust-ad` package is installed.
Later, `ipaserver/install/adtrustinstance.py` module was moved out
into `freeipa-server` package and the import became unconditionally
successful.

Fixes: https://pagure.io/freeipa/issue/8461
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-17 10:46:23 +02:00
Stanislav Levin
89d86dac0a uninstall: Don't fail on missing /var/lib/samba
On some distros freeipa-server package may not depend on
`/var/lib/samba` directory. In this case an uninstallation of
ipaserver fails.

Fixes: https://pagure.io/freeipa/issue/8461
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-17 10:46:23 +02:00
Mark Reynolds
b9ae7c45b8 Issue 8456 - Add new aci's for the new replication changelog entries
Description:  We need a read and a write aci for the new changelog location,
              which was moved from cn=changelog5,cn=config to
              cn=changelog,cn=BACKEND,cn=ldbm database,cn=plguins,cn=config

              The read aci allows the replica hostgroup entry to find and
              read the changelog confguration, and the write allows the replica
              to update the changelog with a proper trimming settings.

Fixes: https://pagure.io/freeipa/issue/8456

Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-17 10:44:03 +02:00
Stanislav Levin
777147e051 rpm-spec: Don't fail on missing /etc/ssh/ssh_config
openssh-clients is not a strict requirement of freeipa-client
package and if it's missing then this case should be handled in
post scriptlet of freeipa-client package. Otherwise, the remaining
part of that scriptlet will not be run at all.

Fixes: https://pagure.io/freeipa/issue/8459
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-17 10:40:44 +02:00
sumenon
7642ce3582 Modified nightly YAML files to include ipa-healthcheck ExternalCA Tests
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
2020-08-17 09:07:12 +02:00
sumenon
400ef3aa2c ipatests: Tests for ipahealthcheck tool with IPA external
This testsuite checks whether the healthcheck tool reports
correct status in a scenario when IPA server is setup with
external self-signed CA. Below are the checks covered

IPACRLManagerCheck
IPACertmongerCA
IPAOpenSSLChainValidation
IPANSSChainValidation
IPARAAgent

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
2020-08-17 09:07:12 +02:00
François Cami
5452f020f9 ipatests: test_epn: update error messages
Update error messages in the test.

Fixes: https://pagure.io/freeipa/issue/8449
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-08-12 09:02:08 -04:00
François Cami
97006786df IPA-EPN: enhance input validation
Enhance input validation:
* make sure --from-nbdays and --to-nbdays are integer
* make sure --from-nbdays < --to-nbdays

Fixes: https://pagure.io/freeipa/issue/8444
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-08-12 09:02:08 -04:00
Rob Crittenden
143dea18fe Added negative test case for --list-sources option
Negative test test_append_arguments_to_list_sources added
to --list-sources

Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
2020-08-10 11:49:57 -04:00
Rob Crittenden
c5853768a7 ipatests: CLI validation of ipa-healthcheck command
Test for illegal input values.

Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
2020-08-10 11:49:57 -04:00
François Cami
22cf65b09a IPA-EPN: Fix SMTP connection error handling
Enhance error message when SMTP is down.

Fixes: https://pagure.io/freeipa/issue/8445
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-10 09:02:59 -04:00
François Cami
6edf648d7b ipatests: test_epn: add test_EPN_connection_refused
Add a test for EPN behavior when the configured SMTP does not
accept connections.

Fixes: https://pagure.io/freeipa/issue/8445
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-10 09:02:59 -04:00
Florence Blanc-Renaud
f271132167 ipatests: fix TestIpaHealthCheckWithoutDNS failure
TestIpaHealthCheckWithoutDNS is launched after
TestIpaHealthCheck::test_ipa_healthcheck_expiring that is playing with
the date. At the end of test_ipa_healthcheck_expiring, the date is
reset using systemctl start chronyd but the date may need time to adjust
and the subsequent tests may be launched with a system date set in the
future.

When this happens, dnf install fails because the certificate for
the package repo is seen as expired, and TestIpaHealthCheckWithoutDNS
fails.

In order to avoid this issue, reset the date to the value saved at the
beginning of the test.

Fixes: https://pagure.io/freeipa/issue/8447
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-10 12:04:41 +02:00
Rob Crittenden
a2bf5958ef IPA-EPN: Test that users without givenname and/or mail are handled
The admin user does not have a givenname by default, allow for that.

Report errors for users without a default e-mail address.

Update the SHA256 hash with the typo fix.

Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-07 17:14:24 -04:00
François Cami
3bd03ea9d1 IPA-EPN: fix configuration file typo
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-07 17:14:24 -04:00
François Cami
5fc526b1af IPA-EPN: Use a helper to retrieve LDAP attributes from an entry
Allow for empty attributes.

Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-07 17:14:24 -04:00
Rob Crittenden
0dc084a34f Address legacy pylint issues in sysrestore.py
These were triggered because of the movement of sysrestore.py in
the tree

https://pagure.io/freeipa/issue/8384

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-07 16:44:28 -04:00
Christian Heimes
e89b400713 Treat container subplatforms like main platform
ipa-server-upgrade does not like platform mismatches. Upgrade from an
old container to recent container fails with error message:

```
  IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
  ("Unable to execute IPA upgrade: platform mismatch (expected 'fedora', current 'fedora_container')", 1)
```

Upgrade state now treats a container subplatform like its main platform.
``fedora_container`` is really a ``fedora`` platform with some paths
redirected to ``/data`` partition.

The patch also enhances debug logging for installer and upgrader.

Related: https://pagure.io/freeipa/issue/8401
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-07 17:54:06 +03:00
Stanislav Levin
e5c09675f3 ipatests: Skip keyring tests on containerized platforms
The kernel keyrings are not namespaced yet.

Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-07 17:49:31 +03:00
Stanislav Levin
2b85bfb030 Azure: Switch to dockerhub provider
`registry.fedoraproject.org/f32/fedora-toolbox` image is used to build
packages on Azure Pipelines.

registry.fedoraproject.org experiences an availability problem and makes
unstable FreeIPA CI.

Fedora also distributes its official images on https://hub.docker.com/_/fedora.
`fedora:32` is already used by FreeIPA CI to build the image for tests.

Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-08-07 17:49:31 +03:00
François Cami
41333b631d ipatests: test_epn: test_EPN_nbdays enhancements
Enhance test_EPN_nbdays so that it checks:
* that no emails get sent when using --dry-run
* that --from-nbdays implies --dry-run
* that --to-nbdays requires --from-nbdays
* illegal inputs for nbdays:
** from-nbdays > to-nbdays
** non-numerical input
** decimal input

Fixes: https://pagure.io/freeipa/issue/8449
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-08-07 12:50:25 +02:00
François Cami
e1750e2a18 ipatests: tasks.py: fix ipa-epn invocation
tasks.py::ipa_epn would previously fail to invoke ipa-epn with
from_nbdays=0.

Related: https://pagure.io/freeipa/issue/8449
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-08-07 12:50:25 +02:00
Peter Keresztes Schmidt
2d87cd4ae1 WebUI: Unify adapter property definition for state evaluators
Move adapter property definition to IPA.state_evaluator since it
is used by all evaluators

Related: https://pagure.io/freeipa/issue/8336
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2020-08-07 12:42:50 +02:00
Peter Keresztes Schmidt
df5526fbc7 WebUI: Make object_class_evaluator evaluator compatible with batch responses
Use data adapter in evaluator to be able to deal with batch
RPC responses.

Related: https://pagure.io/freeipa/issue/8336
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2020-08-07 12:42:50 +02:00
Kaleemullah Siddiqui
592f3fe659 Tests for fake_mname parameter setup
fake_mname can be set through dnsserver-mod's --soa-mname-override
option which was not doable through same parameter setup in
/etc/named.conf

https://bugzilla.redhat.com/show_bug.cgi?id=1488732

Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-08-06 18:43:53 +02:00
Stanislav Levin
06a344a5d9 ipatests: Add compatibility against python-cryptography 3.0
The recently released python-cryptography 3.0 has backward incompatible
changes. One of them [0] breaks FreeIPA self-tests.

Note: this requires python-cryptography 2.7+.

[0] 3b2102af54

Fixes: https://pagure.io/freeipa/issue/8428
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-06 10:13:52 -04:00
Christian Heimes
999485909a Don't configure authselect in containers
freeipa-container images come with authselect pre-configured. There is
no need to configure, migrate, or restore authselect. The --mkhomedir
option is not supported, too.

Related: https://pagure.io/freeipa/issue/8401
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-08-06 14:20:54 +02:00