Commit Graph

15126 Commits

Author SHA1 Message Date
Rob Crittenden
51fb9d61bb Catch ValueError when trying to retrieve existing credentials
get_credentials() was changed to raise ValueError instead of
gssapi.exceptions.GSSError as part of the sweeper to clean up
expired credentials caches.

For WebUI users, this will prevent a 500 error if their
associated credentials cache is expired or missing.

https://pagure.io/freeipa/issue/8873

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 08:49:53 +03:00
Serhii Tsymbaliuk
d8b8f54bce WebUI tests: Add test for 'ipaautoprivategroups' field on 'ID Ranges' page
Add test_range_auto_private_groups test case to test_trust WebUI test suite to cover the field.

Ticket: https://pagure.io/freeipa/issue/8837

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2021-06-03 14:55:56 +02:00
Serhii Tsymbaliuk
6395d23947 WebUI: Add support of 'ipaautoprivategroups' LDAP attribute on 'ID Ranges' page
Add 'Auto private groups' field on 'Add ID range' form with the following options: true, false, hybrid.
The field is optional and can be omitted.
Its value can be also modified on 'Range Settings' page after the range is added.

Ticket: https://pagure.io/freeipa/issue/8837

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2021-06-03 14:55:56 +02:00
Alexander Bokovoy
208b9b4c7c service: enforce keytab user when retrieving the keytab
HTTP service uses different user for keytab ownership than the service
user. On Fedora this leads to http.keytab being owned by 'apache' user
after IPA deployment while it should be owned by 'root' to allow
GSSPROXY configuration to work correctly.

The situation is fixed during upgrade (ipa-server-upgrade) but it means
for new deployments there might be a period of unexplained Web UI
authentication failures.

Fixes: https://pagure.io/freeipa/issue/8872

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2021-06-03 13:34:13 +03:00
Stanislav Levin
c82ed2eb33 ipatests: Fetch sudo rules without time offset
As of 2.5.0 SSSD introduces a random timeout for the refresh
of the SUDO rules [0]. With that change it's no longer possible
to immediate fetch of SUDO rules unless the feature is disabled
[1].

[0]: https://github.com/SSSD/sssd/issues/5609
[1]: https://github.com/SSSD/sssd/issues/5635

Related: https://pagure.io/freeipa/issue/8844
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-03 09:21:45 +03:00
Alexander Bokovoy
6b21c91896 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
3064933295 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
5453399888 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
4d2bca847e Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
54b9d2d376 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
aa5d520841 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
3f760c2fea Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
b77859f5ac Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
e8128e2db7 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
addd5e80ba Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
dce1b51de7 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
0c99649713 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
8da69a8e52 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
c8139c5172 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
5250d9ebc0 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
bfada8d75d Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
09aff3ad69 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
2c7bb5f00d Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
e59d3854c7 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
f86ad3e174 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
b5a7dea811 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
e7f439d9e2 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
d0d08f48a6 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
0ae15b3f31 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
4d87ea0b92 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
941a99e13c Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
d249847272 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
f082345989 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Yuri Chornoivan
3e3fa86e0b Translated using Weblate (Ukrainian)
Currently translated at 100.0% (4672 of 4672 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/uk/
Translation: freeipa/master
2021-06-02 11:30:28 +03:00
Emilio Herrera
6f89607f77 Translated using Weblate (Spanish)
Currently translated at 60.6% (2835 of 4672 strings)

Co-authored-by: Emilio Herrera <ehespinosa57@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/es/
Translation: freeipa/master
2021-06-02 11:30:28 +03:00
Jan Kuparinen
d9f00e0b8c Translated using Weblate (Finnish)
Currently translated at 7.2% (340 of 4672 strings)

Translated using Weblate (Finnish)

Currently translated at 6.8% (318 of 4672 strings)

Translated using Weblate (Finnish)

Currently translated at 6.2% (290 of 4672 strings)

Translated using Weblate (Finnish)

Currently translated at 6.2% (290 of 4672 strings)

Added translation using Weblate (Finnish)

Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/fi/
Translation: freeipa/master
2021-06-02 11:30:28 +03:00
Piotr Drąg
164617ab6d Translated using Weblate (Polish)
Currently translated at 9.6% (451 of 4669 strings)

Translated using Weblate (Polish)

Currently translated at 9.6% (451 of 4669 strings)

Co-authored-by: Piotr Drąg <piotrdrag@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/pl/
Translation: freeipa/master
2021-06-02 11:30:28 +03:00
Weblate
f1ac79728d Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/
Translation: freeipa/master
2021-06-02 11:30:28 +03:00
Marcin Stanclik
6d33d29fdd Translated using Weblate (Polish)
Currently translated at 9.6% (451 of 4669 strings)

Co-authored-by: Marcin Stanclik <mstanclik@yahoo.com>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/pl/
Translation: freeipa/master
2021-06-02 11:30:27 +03:00
Rafael Fontenelle
55e4b5e19a Translated using Weblate (Portuguese (Brazil))
Currently translated at 4.7% (223 of 4669 strings)

Co-authored-by: Rafael Fontenelle <rafaelff@gnome.org>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/pt_BR/
Translation: freeipa/master
2021-06-02 11:30:27 +03:00
Hela Basa
61bc4e05c2 Added translation using Weblate (Sinhala)
Co-authored-by: Hela Basa <r45xveza@pm.me>
2021-06-02 11:30:27 +03:00
Daniel Lara Souza
ee12f2b42e Translated using Weblate (Portuguese (Brazil))
Currently translated at 3.8% (178 of 4669 strings)

Co-authored-by: Daniel Lara Souza <daniellarasouza@yahoo.com.br>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/pt_BR/
Translation: freeipa/master
2021-06-02 11:30:27 +03:00
Yuri Chornoivan
09c83ca43a Translated using Weblate (Ukrainian)
Currently translated at 100.0% (4669 of 4669 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/uk/
Translation: freeipa/master
2021-06-02 11:30:27 +03:00
Weblate
76dac09fda Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/
Translation: freeipa/master
2021-06-02 11:30:27 +03:00
Yuri Chornoivan
f2543df120 Translated using Weblate (Ukrainian)
Currently translated at 100.0% (4668 of 4668 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/uk/
Translation: freeipa/master
2021-06-02 11:30:27 +03:00
Weblate
dfee18f029 Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/
Translation: freeipa/master
2021-06-02 11:30:27 +03:00
Alexander Bokovoy
b4b2c10e23 ds: Support renaming of a replication plugin in 389-ds
IPA topology plugin depends on the replication plugin but
389-ds cannot handle older alias querying in the plugin
configuration with 'nsslapd-plugin-depends-on-named: ..' attribute

See https://github.com/389ds/389-ds-base/issues/4786 for details

Fixes: https://pagure.io/freeipa/issue/8799

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2021-06-01 17:09:28 +03:00
MIZUTA Takeshi
5250ef826e Add --keyfile option to ipa-otptoken-import.1
ipa-otptoken-import.1 describes the -k option.
However, the long option --keyfile option is also available.
Therefore, add the --keyfile option to ipa-otptoken-import.1.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-27 18:28:19 +03:00
Alexander Bokovoy
338f0bcecf Update IRC links to point to Libera.chat
Update documentation now that we moved IRC channels #freeipa and #sssd
to Libera.chat network.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2021-05-27 18:26:28 +03:00
Florence Blanc-Renaud
379d5da0ae pkispawn: override AJP connector address
Since commit 1906afbeb3c8b7140601be7f9bee2f7fef5b0a5e, in order to fix
rhbz#1780082, pki defines AJP connectors using localhost4 and localhost6:
  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="localhost4" name="Connector1" secret="..."/>
  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="localhost6" name="Connector2" secret="..."/>

When /etc/hosts only defines the following:
    127.0.0.1 localhost
    ::1 localhost
the connector initialization may fail with
    java.net.BindException: Address already in use

The installer can add the following definitions to pkispawn cfg file:
    pki_ajp_host_ipv4=127.0.0.1
    pki_ajp_host_ipv6=::1
in order to force the value to an IP address instead of localhost4/6.

Fixes: https://pagure.io/freeipa/issue/8851
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-05-26 17:04:56 +03:00