DS is contacted during server uninstallation, in order to obtain information
about replication agreements. If DS is unavailable, warn and continue with
uninstallation.
https://fedorahosted.org/freeipa/ticket/3867
Some of the FileErrors in ipa-client-install were raised incorrectly
(without the 'reason' argument), which resulted in bad error messages
during ipa-client-install.
https://fedorahosted.org/freeipa/ticket/3758
The __all__ list does not cause submodules to be imported, e.g.
one would still have to `import ipaclient.ipachangeconf` rather than
just `import ipaclient` to use `ipaclient.ipachangeconf`.
Even if they did do anything, the lists were incomplete, and (since
`import *` is not used on these modules) unnecessary.
Pylint 1.0 reports undeclared names in __all__ as a warning.
Add the --automount-location option to ipa-client-install. If the option is
used, ipa-client-automount is called at the end of ipa-client-install.
https://fedorahosted.org/freeipa/ticket/3740
There is no risk of crash here as slapi_valueset_first_value() can handle
the case where the valueset is NULL, but there is no point in calling that
if we know there are no values.
https://fedorahosted.org/freeipa/ticket/3880
Differences from the test plan at
http://www.freeipa.org/index.php?title=V3/CA-less_install&oldid=6669 are:
- The following tests are included in all applicable positive
install tests, rather than being standalone test cases:
- Verify CA certificate stored in LDAP
- Verify CA PEM file created by IPA server install
- Verify that IPA server install does not configure certmonger
- Verify CA PEM file created by IPA replica install
- Verify that IPA replica install does not configure certmonger
- Verify CA PEM file created by IPA client install
- PKI setup is done only once for each test class
- Master installation is done once for the IPA command tests, and
once for the certinstall tests
- Certificates are compared after base64 decoding to avoid failures
from formatting mismatches
- Minor changes necessary for automation (e.g. adding --unattended
and --password options, correcting error messages)
- Web UI tests are not included here
https://fedorahosted.org/freeipa/ticket/3830
Some unit tests were failing after ipa-adtrust-install has been run on the
IPA server, due to missing attributes ('ipantsecurityidentifier') and
objectclasses ('ipantuserattrs' and 'ipantgroupattrs'). This patch detects if
ipa-adtrust-install has been run, and adds missing attributes and objectclasses
where appropriate.
https://fedorahosted.org/freeipa/ticket/3852
If we do not store the keys in the entry we need to free the array before
continuing or the data is leaked.
CoverityID: 11910
Fixes:
https://fedorahosted.org/freeipa/ticket/3884
This memset was harmless as the following data is then set again, but an
optimizing compiler might conceivably reorder instructions causing issues.
CoverityID: 11909
Fixes:
https://fedorahosted.org/freeipa/ticket/3883
You cannot re-add the trust and modify the range in the process.
The check in the code was malfunctioning since it assumed that
range_size parameter has default value. However, default value
is assigned only later in the add_range function.
https://fedorahosted.org/freeipa/ticket/3870
This patch makes sure that all edits to CS.cfg configuration file
are performed while pki-tomcatd service is stopped.
Introduces a new contextmanager stopped_service for handling
a general problem of performing a task that needs certain service
being stopped.
https://fedorahosted.org/freeipa/ticket/3804
When configuring the 389 Directory Server instance, we tune it
so that number of file descriptors available to the DS is increased
from the default 1024 to 8192.
There are platform specific steps that need to be conducted
differently on systemd compatible platforms and sysV compatible
platforms.
systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd
sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv
set ulimit - nofile 8192 in /etc/security/limits.conf
https://fedorahosted.org/freeipa/ticket/3823
This action calls cert-request command which is not available on CA-less installs. Thus this action won't be enabled and therefore there is no reason to keep it visible.
https://fedorahosted.org/freeipa/ticket/3363