Commit Graph

15502 Commits

Author SHA1 Message Date
Carla Martinez
b76bb195a5 webui: Add label name to 'Certificates' section
For testing purposes and uniformity, the
'Certificates' label (located under
'Active users' settings ) should also have
'name' attribute, like seen in other parts of the WebUI.

Fixes: https://pagure.io/freeipa/issue/8946
Signed-off-by: Carla Martinez <carlmart@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2022-11-15 13:04:22 +01:00
Alexander Bokovoy
21d99b457d ipa-kdb: for delegation check, use different error codes before and after krb5 1.20
With MIT krb5 1.20, a call to krb5_db_check_allowed_to_delegate()
and krb5_db_check_allowed_to_delegate_from() expects to return either
KRB5KDC_ERR_BADOPTION for a policy denial or KRB5_PLUGIN_OP_NOTSUPP in
case plugin does not handle the policy case. This is part of the MIT
krb5 commit a441fbe329ebbd7775eb5d4ccc4a05eef370f08b which added a
minimal MS-PAC generator.

Prior to MIT krb5 1.20, the same call was expected to return either
KRB5KDC_ERR_POLICY or KRB5_PLUGIN_OP_NOTSUPP errors.

Related: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-14 10:12:42 -05:00
Erik Belko
d6a643b798
ipatests: Add test for grace login limit
Test user and pwpolicy entity for grace login limit setting.

Related: https://pagure.io/freeipa/issue/9211

Signed-off-by: Erik Belko <ebelko@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2022-11-10 09:30:15 +01:00
Erik Belko
815f18396c
ipatests: test for root using admin password in webUI
Check if there is no infinite loop caused by this
combination of user and password

Related: https://pagure.io/freeipa/issue/9226

Signed-off-by: Erik Belko <ebelko@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2022-11-09 14:53:16 +01:00
Endi S. Dewata
38728dd518 Explicitly use legacy ID generators by default
The default ID generators used by PKI might change in the
future, so to preserve the current behavior the installation
code has been updated to explicitly use the legacy ID
generators by default.

Signed-off-by: Endi S. Dewata <edewata@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-03 15:18:30 -04:00
Scott Poore
c62e5d7a18 ipatests: xfail test_ipa_login_with_sso_user
There is a crash occurring that causes Keycloak to be unable to
communicate with ipa-tuura on the bridge server (replica0).  This is
much more prevalent in Fedora 37 so we need to xfail that test case
until the crash is resolved.

Related: https://pagure.io/freeipa/issue/9264

Signed-off-by: Scott Poore <spoore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-11-03 10:55:32 +01:00
Alexander Bokovoy
ce05e5fd40 ipa-kdb: fix comment to make sure we talk about krb5 1.20 or later
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-02 11:03:04 +02:00
Alexander Bokovoy
0c67f0e607 ipa-kdb: fix PAC requester check
PAC requester check was incorrect for in-realm S4U operations. It casted
too wide check which denied some legitimate requests. Fix that by only
applying rejection to non-S4U unknown SIDs, otherwise S4U2Self request
issued by the in-realm service against a trusted domain's user would not
work.

Related: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-02 11:03:04 +02:00
Alexander Bokovoy
e86807b58c ipa-kdb: handle empty S4U proxy in allowed_to_delegate
With krb5 1.20, S4U processing code uses a special case of passing an
empty S4U proxy to allowed_to_delegate() callback to identify if the
server cannot get forwardable S4U2Self tickets according to [MS-PAC]
3.2.5.1.2.

This means we need to ensure NULL proxy is a valid one and return an
appropriate response to that.

Fixes: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-02 11:03:04 +02:00
Alexander Bokovoy
a9018da90d ipa-kdb: handle cross-realm TGT entries when generating PAC
For generating PAC we need to know SID of the object and a number of
required attributes. However, trusted domain objects do not have these
attributes. Luckily, IPA LDAP schema puts them under actual trust
objects which have all the additional (POSIX) attributes.

Refactor PAC generator to accept secondary LDAP entry and use that one
to pull up required attributes. We only use this for trusted domain
objects.

Fixes: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-02 11:03:04 +02:00
Alexander Bokovoy
c1582bd322 ipa-kdb: add krb5 1.20 support
Add basic krb5 1.20 integration without RBCD support. RBCD will come in
a separate series.

Fixes: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-02 11:03:04 +02:00
Alexander Bokovoy
5e7590981b ipa-kdb: refactor MS-PAC processing to prepare for krb5 1.20
Make sure both krb5 pre 1.20 and 1.20 or later would call into the same
PAC generation code while driven by different API callbacks from the
krb5 KDB interface.

Fixes: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-11-02 11:03:04 +02:00
Florence Blanc-Renaud
fbda6ea4d3 Spec file: bump the selinux-policy version
selinux-policy introduced a regression in fedora 36, rhel 8
and rhel 9. After a call to ipa trust-add, the credential cache
contains cifs/master.ipa.test@IPA.TEST instead of admin principal.

The fix is available in
- fedora 36: selinux-policy-36.16-1
- rhel 8: 3.14.3-107

Bump the selinux-policy version to install the fix.

Fixes: https://pagure.io/freeipa/issue/9198
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-10-20 15:42:05 -04:00
Scott Poore
899530bd40 ipatests: add keycloak user login to ipa test
Adding test case to test_sso.py to cover login to IPA client as Keycloak
user without relying on external IdP.

create_bridge.py:
- getkeytab in setup_scim_server to allow bridge to use IPA API.
- fix unintstall to remove plugin by version instead of main

test_sso.py:
- add keycloak_add_user function
- add test_ipa_login_with_sso_user

tasks.py:
- add set_user_password to only set password for ipa users

Fixes: https://pagure.io/freeipa/issue/9250
Signed-off-by: Scott Poore <spoore@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-10-20 08:48:53 -04:00
Florence Blanc-Renaud
06780f4d90 webui tests: fix test_subid suite
The webui test test_subid_range_deletion_not_allowed is
adding a new subid for the admin user but a previous
test already took care of that step.
Remove the call adding the subid.

2nd issue: a given record has to be selected in
order to check that there is no "delete" button.

Fixes: https://pagure.io/freeipa/issue/9214

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-10-19 09:49:04 -04:00
Anuja More
715ee82e3c ipatests : Test query to AD specific attributes is successful.
Test scenario:
configure sssd with ldap_group_name = info for the trusted domain,
so that the group name is read from the "info" attribute
of the AD group entry.
With this setting, it is possible to have a group and a user
that appear on IdM side with the same name.
Ensure that the conflict does not break IdM and that the id,
getent group and getent passwd commands work on an IdM client.

Related : https://pagure.io/freeipa/issue/9127

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-10-18 07:03:29 +02:00
Nikola Knazekova
7b855c602e Exclude installed policy module file from RPM verification
selinux: Update based on latest packaging guide
https://fedoraproject.org/wiki/SELinux/IndependentPolicy

Fixes: https://pagure.io/freeipa/issue/9254

Signed-off-by: Nikola Knazekova <nknazeko@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-10-17 15:57:10 +02:00
Sumedh Sidhaye
42f73ea655 With the commit #99a74d7, 389-ds changed the message returned in ipa-healthcheck.
Previously the message was:

"\n\nIn Directory Server, we offer one hash suitable for this "
"(PBKDF2_SHA256) and one hash\nfor \"legacy\" support (SSHA512)."
"\n\nYour configuration does not use these for password storage "
"or the root password storage\nscheme.\n"

but now the message is:

\n\nIn Directory Server, we offer one hash suitable for this "
"(PBKDF2-SHA512) and one hash\nfor \"legacy\" support (SSHA512)."
"\n\nYour configuration does not use these for password storage "
"or the root password storage\nscheme.\n"

PBKDF2_SHA256 has been replaced with PBKDF2-SHA512

Pagure: https://pagure.io/freeipa/issue/9238

Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2022-10-12 12:01:27 +02:00
Alexander Bokovoy
22022ae2ff ipaclient: do not set TLS CA options in ldap.conf anymore
OpenLDAP has made it explicit to use default CA store as provided by
OpenSSL in 2016:

	branches 2.5 and later:
	commit 4962dd6083ae0fe722eb23a618ad39e47611429b
	Author: Howard Guo <hguo@suse.com>
	Date:   Thu Nov 10 15:39:03 2016 +0100

	branch 2.4:
	commit e3affc71e05b33bfac43833c7b95fd7b7c3188f8
	Author: Howard Guo <hguo@suse.com>
	Date:   Thu Nov 10 15:39:03 2016 +0100

This means starting with OpenLDAP 2.4.45 we can drop the explicit CA
configuration in ldap.conf.

There are several use cases where an explicit IPA CA should be specified
in the configuration. These mostly concern situations where a higher
security level must be maintained. For these configurations an
administrator would need to add an explicit CA configuration to
ldap.conf if we wouldn't add it during the ipa-client-install setup.

RN: FreeIPA client installer does not add explicit TLS CA configuration
RN: to OpenLDAP's ldap.conf anymore. Since OpenLDAP 2.4.45, explicit CA
RN: configuration is not required as OpenLDAP uses the default CA store
RN: provided by OpenSSL and IPA CA is installed in the default store
RN: by the installer already.

Fixes: https://pagure.io/freeipa/issue/9258

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-10-10 09:50:39 +02:00
Viacheslav Sychov
d33a2523ee fix: Handle /proc/1/sched missing error
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-10 09:48:55 +02:00
Sumit Bose
0ce3ab36b4 ipa-kdb: do not fail if certmap rule cannot be added
Currently if a certificate mapping and matching rule has a typo or is of
an unsupported type the whole rule processing is aborted and the IPA
certmap plugin works without any rules effectively disabling PKINIT for
users. Since each rule would only allow more certificates for PKINIT it
would be more user/admin friendly to just ignore the failed rules with a
log message and continue with what is left or use the default rule if
nothing is left.

This change is done to add more flexibility to define new mapping and
matching templates which are e.g. needed to cover changes planned by
Microsoft as explained in
https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-07 17:02:43 +02:00
Stanislav Levin
d4fa80b224 ipapython: Support openldap 2.6
While python-ldap is strict dependency of IPA in downstreams, it
is optional for IPA packages published on PyPI.

Openldap 2.6 no longer ships ldap_r-2, that makes
ipapython.dn_ctypes not working against such environments.

Thanks @abbra!

Fixes: https://pagure.io/freeipa/issue/9255
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2022-10-06 10:22:26 +02:00
Alexey Tikhonov
147123e6b9 extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns object from a wrong domain (performance optimization)
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2022-10-04 14:01:56 +02:00
Alexey Tikhonov
b381acb3d0 extdom: make sure result doesn't miss domain part
This is required to ensure that only objects from requested domain
are returned.

Resolves: https://pagure.io/freeipa/issue/9245
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2022-10-04 14:01:56 +02:00
Alexey Tikhonov
f0c26fe094 extdom: internal functions should be static
Fixes following compilation warnings:
```
ipa_extdom_common.c:109:5: warning: no previous prototype for ‘__nss_to_err’ [-Wmissing-prototypes]
  109 | int __nss_to_err(enum nss_status errcode)
      |     ^~~~~~~~~~~~
ipa_extdom_common.c:738:5: warning: no previous prototype for ‘pack_ber_name_list’ [-Wmissing-prototypes]
  738 | int pack_ber_name_list(struct extdom_req *req, char **fq_name_list,
      |     ^~~~~~~~~~~~~~~~~~
```

Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2022-10-04 14:01:56 +02:00
Florence Blanc-Renaud
96cf293f1f ipatests: mark xfail tests using dnssec
In fedora 37+, the signing of DNS zones is failing.
Mark xfail the gating tests impacted by this issue, to avoid
breaking the CI gating when we move to f37.

Related: https://pagure.io/freeipa/issue/9216
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2022-10-04 13:47:48 +02:00
Florence Blanc-Renaud
4a4f7e76da ipatests: mark xfail tests using sssctl domain-status
In fedora 37+, sssctl domain-status is failing.
Mark xfail the gating tests impacted by this issue, to avoid
breaking the CI gating when we move to f37.

Related: https://pagure.io/freeipa/issue/9234
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2022-10-04 13:47:48 +02:00
Florence Blanc-Renaud
43fcfe45f1 Tests: test on f37 and f36
Fedora 37 beta is now available, move the testing pipelines to
- fedora 37 for the _latest definitions
- fedora 36 for the _previous definition

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2022-10-04 13:47:48 +02:00
Alexander Bokovoy
76152e0335 Remove empty translation for 'si' which breaks linter
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
김인수
6e6a07188b Translated using Weblate (Korean)
Currently translated at 2.9% (140 of 4818 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
김인수
a2a70ab7ac Translated using Weblate (Korean)
Currently translated at 2.2% (108 of 4818 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
김인수
526b5165fe Translated using Weblate (Korean)
Currently translated at 2.0% (99 of 4818 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/ko/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
김인수
e9d5908851 Added translation using Weblate (Korean)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Temuri Doghonadze
2ee7fcdfba Translated using Weblate (Georgian)
Currently translated at 8.3% (401 of 4818 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/ka/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Temuri Doghonadze
d12908ffce Translated using Weblate (Georgian)
Currently translated at 7.6% (368 of 4818 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/ka/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Temuri Doghonadze
097615c34c Translated using Weblate (Georgian)
Currently translated at 6.9% (333 of 4818 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/ka/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Jan Kuparinen
e20e1a446c Translated using Weblate (Finnish)
Currently translated at 17.6% (848 of 4818 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Yuri Chornoivan
7a82bc090e Translated using Weblate (Ukrainian)
Currently translated at 100.0% (4818 of 4818 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/uk/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Weblate
1d1b31a2f4 Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Temuri Doghonadze
b2cdddeaea Added translation using Weblate (Georgian)
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Jan Kuparinen
ea95f0dda0 Translated using Weblate (Finnish)
Currently translated at 17.8% (845 of 4741 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Yuri Chornoivan
0f2d2d36ee Translated using Weblate (Ukrainian)
Currently translated at 100.0% (4741 of 4741 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/uk/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Weblate
6f3c9a2533 Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Jan Kuparinen
e92b847850 Translated using Weblate (Finnish)
Currently translated at 17.7% (842 of 4739 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Jan Kuparinen
cd702b5421 Translated using Weblate (Finnish)
Currently translated at 17.7% (840 of 4739 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Ricky Tigg
ab652aa11a Translated using Weblate (Finnish)
Currently translated at 17.5% (833 of 4739 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Piotr Drąg
35f58c9af4 Translated using Weblate (Polish)
Currently translated at 9.5% (453 of 4739 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/pl/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Jan Kuparinen
f680614b5c Translated using Weblate (Finnish)
Currently translated at 17.5% (832 of 4739 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Jan Kuparinen
581dfddcf7 Translated using Weblate (Finnish)
Currently translated at 17.2% (816 of 4739 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/fi/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00
Andika Triwidada
c7ba8f5f28 Translated using Weblate (Indonesian)
Currently translated at 6.8% (323 of 4739 strings)

Translation: freeipa/master
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/id/
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-02 12:07:20 +03:00