This patch fixes:
- too long description for server-trust-ad subpackage
- adds (noreplace) flag %{_sysconfdir}/tmpfiles.d/ipa.conf to avoid
overwriting potential user changes
- changes permissions on default_encoding_utf8.so to prevent it
pollute python subpackage Provides.
- wrong address in GPL v2 license preamble in 2 distributed files
https://fedorahosted.org/freeipa/ticket/3855
Differences in the python byte code fails in a build validation
(rpmdiff) done on difference architecture of the same package.
This patch:
1) Ensures that timestamps of generated *.pyo and *.pyc files match
2) Python integer literals greater or equal 2^32 and lower than 2^64
are converted to long right away to prevent different type of
the integer on architectures with different size of int
https://fedorahosted.org/freeipa/ticket/3858
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.
https://fedorahosted.org/freeipa/ticket/3632
Properly handle --subject option of ipa-server-install, making sure this
value gets passed to certmap.conf. Introduce a new template variable
$SUBJECT_BASE for this purpose.
Also make sure that this value is preserved on upgrades.
https://fedorahosted.org/freeipa/ticket/3783
Old versions of SSSD do not directly support cross-realm trusts between IPA
and AD. This patch introduces plugins for the ipa-advise tool, which should
help with configuring an old version of SSSD (1.5-1.8) to gain access to
resources in trusted domain.
Since the configuration steps differ depending on whether the platform includes
the authconfig tool, two plugins are needed:
* config-redhat-sssd-before-1-9 - provides configuration for Red Hat based
systems, as these system include the autconfig utility
* config-generic-sssd-before-1-9 - provides configuration for other platforms
https://fedorahosted.org/freeipa/ticket/3671https://fedorahosted.org/freeipa/ticket/3672
Now the list of available advices is neatly formatted:
-------------------------
List of available advices
-------------------------
config-fedora-authconfig : Authconfig instructions for configuring Fedora
18/19 client with IPA server without use of SSSD.
The advice header printing has been reformatted to conform with the changes.
Updates old information produced by the ipa help host command.
Also adds a section to ipa-client-install manpage about client
re-enrollment.
https://fedorahosted.org/freeipa/ticket/3820
In DomainValidator, we store a dictionary containing information
for trusted domains. This is a case-sensitive dictionary keyed by
the domain name.
We need to use case-insensitive dictionary since domain names
are generally case-insensitive.
https://fedorahosted.org/freeipa/ticket/3816
If stdin is a TTY, ipaserver.install.installutils uses getpass and all
is well. Without a TTY, though, there were two problems:
* The prompt was not printed
* On end of file, an empty string was returned, which caused read_password
to enter an infinite loop.
Fix both problems.
https://fedorahosted.org/freeipa/ticket/3824
Since krbMaxPwdLife attribute is represented as number of seconds,
setting maxlife to high values such as 999 999 days (~2739 years)
would result to overflow when parsing this attribute in kdb plugin,
and hence default maxlife of 90 days would be applied.
Limit the maximum value of maxlife that can be set through the
framework to 20 000 days (~ 54 years).
https://fedorahosted.org/freeipa/ticket/3817
Regenerate the POT file and pull new translations from Transifex.
Also, update the Transifex URL in the configuration file:
transifex.net has redirected to transifex.com for some time,
and now its certificate has expired.
Make the interactive prompts interpret the following logic:
- AD range (dom-sid/dom-name set):
require RID base if not set
- local range(dom-sid/dom-name not set):
a) server with adtrust support:
require both RID base and secondary RID base
b) server without adtrust support:
if any of RID base, secondary RID base set,
require both of them
https://fedorahosted.org/freeipa/ticket/3786
One find_entry_by_attr call did not set a search base leading to
LDAP search call with zero search base. This leads to false negative
results from LDAP.
When converting the result obtained by python-ldap library,
we need to skip unresolved referral entries, since they cannot
be converted.
https://fedorahosted.org/freeipa/ticket/3814
Tests modified to comply with PEP8 rules with exception of rule E501 (long lines).
Done by autopep8 tool and 2 manual modifications.
https://fedorahosted.org/freeipa/ticket/3744
Heavily inspired by code from xmlrpc tests.
To obtain ranges, this patch also adds method to execute FreeIPA command through Web UI.
It uses Web UI instead of ipalib so it doesn't need to care about authentication on a test-runner machine.
https://fedorahosted.org/freeipa/ticket/3744
In external CA installation, ipa-server-install leaked NSS objects
which caused an installation crash later when a subsequent call of
NSSConnection tried to free them.
Properly freeing the NSS objects avoid this crash.
https://fedorahosted.org/freeipa/ticket/3773
Add ldap_connect() method to Host to allow executing querying LDAP from tests.
Use information in the mapping tree to poll until all replication is finished
(or failing) before checking that entries replicated successfully.
This allows a cluster of replicas and clients to be installed
in a named topology.
Several named topologies are available (star, line, complete, tree,
tree2) and new ones can be defined as a simple function.
