On Monday, July 23, 2018 12:43:53 PM CDT Rob Crittenden via FreeIPA-users wrote: > The FreeIPA team would like to announce FreeIPA 4.7.0 release! > > It can be downloaded from http://www.freeipa.org/page/Downloads. > > == Highlights in 4.7.0 == > > === Enhancements === > > ==== mod_ssl ===== > > IPA has switched to mod_ssl as the crypto engine for Apache. This change > will be made automatically when upgrading. > > ==== NSS sqlite database ==== > > Fedora 28 changed the default database format type from dbm to sqlite. > Theoretically there should be no end-user difference but you will see > different file names for your NSS databases: cert9.db, key4.db and > pkcs11.txt. > > ==== authselect ==== > > Fedora 28 switched to a new PAM configuration tool, authselect. > https://fedoraproject.org/wiki/Changes/Authselect > > ==== Time server change to chronyd ==== > > The ntpd service was deprecated in F28. It was replaced by chronyd. The > client also uses chrony as its time client. > > https://www.freeipa.org/page/V4/ntpd_deprecation/chronyd_support > > ==== Python 3 ==== > > FreeIPA now fully supports Python 3 and can be installed without any > python 2 dependencies. > > === Known Issues === > > === Bug fixes === > > FreeIPA 4.7.0 includes all of the bug fixes and enhancements from 4.6.1 > - 4.6.4. > > There are more than 170 bug fixes, details of which can be seen in > the list of resolved tickets below. > > == Upgrading == > Upgrade instructions are available on [[Upgrade]] page. > > == Feedback == > Please provide comments, bugs and other feedback via the freeipa-users > mailing list > (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahos > ted.org/) or #freeipa channel on Freenode. > > == Resolved tickets == > * 7615 ipa_tests: ipa-replica-prepare stuck on user input > * 7550 [WebUI] extend host test suite > * 7547 ui_tests: checkbox click fix > * 7546 ui_tests: improve "field_validation" method > * 7544 ui_tests: extend test_selinuxusermap.py suite > * 7542 CLI and Web UI allow to add more then one radius server into > radius proxy > * 7540 Extend WebUI test_krbpolicy suite with the following test cases: > * 7535 ipa-restore fails because tmp/etc/ipa/ca.crt is missing > * 7526 IdM servers:/usr/share/ipa/html/ca.crt does not include the > complete chain > * 7520 ipa certmap-match throwing "ipa: ERROR: an internal error has > occurred" > * 7519 Adding SSH keys for AD users as I created overrides > * 7510 validate_selinuxuser does not allow a period in selinux user > identifier > * 7505 WebUI tests: Extend netgroup tests > * 7503 multiple occurrences of profileId in certprofile causes incorrect > behaviour > * 7485 Extending webui user group test > * 7474 ipa-server-install --uninstall on replica fails with > "NoOptionError: No option 'ldap_uri' in section: 'global'" > * 7473 ERROR: No valid Negotiate header in server response > * 7468 test_host.py::test_host::test_crud is failing in nightly tests > * 7463 test_webui: add user life-cycles tests > * 7447 test_create_host_with_ip is not fully covering possible return > errors * 7436 ipa: Please log something after restarting the KDC > * 7433 CRL url on replicas gets incorrectly redirected > * 7432 make fasttest fails on fresh clone. fedora26 > * 7425 ipa-server-install with different IP fails on /usr/sbin/pkispawn > -s CA > * 7424 Improve Realm Domains doc text > * 7411 Simplify CA, TLS and bytes warning configuration of LDAP connections > * 7400 Add excludearch for i686 because 389-ds is no longer doing 32-bit > builds > * 7397 ipa host-add --ip-address... returns Internal error when > forward-policy=none is defined > * 7394 file conflicts between python2-mod_wsgi and freeipa-server > * 7393 Installing 4.6.3-1 in rawhide/F28 fails with DuplicateEntry > enabling TLS in 389-ds > * 7390 cert-request: issuance of malformed certificate causes IPA > Internal Error > * 7389 F-27 upgrade to 4.6.3-1 fails with KRA update > * 7383 user-add: user creation proceeds when password is wrong > * 7381 Drop PyOpenSSL requirement > * 7380 Possible regression for limited OTP characters in host-add > * 7378 ipa-ods-exporter fails with socket activation did not return socket > * 7374 IPA 'Generate OTP' option in web gui does not show OTP code when > no reverse zone is managed > * 7373 "An internal error has occurred" show up when trying to add a > user to the Member User table in Vault. > * 7371 uninstalling replica leaves orphained data in ldap > * 7359 [RFE] extend topology plugin to clean up a removed replica ldap/ > principal > * 7357 IntegrationTests do not fail even if the uninstall process fails > * 7342 admins group is not including all permissions of Role "User > Administrator" > * 7338 FreeIPA server install/upgrade does not process schema.d/ files > correctly > * 7335 Integration tests are not collecting all logs > * 7330 ipa-server-install --uninstall does not return error code on error > * 7318 Cannot uninstall ipaserver after fresh install - {'desc': "Can't > contact LDAP server", 'errno': 111, 'info': 'Connection refused'} > * 7315 Packaging: use pylint 1.7.5 and remove disable for import stat > * 7313 trust integration tests need to override test_establish_trust > method when using different trust-add options > * 7308 Help for ipa trust-add --range-type > * 7299 RPM post-install scripts fail because they are run with python2 > * 7294 python3 incompatibility in vault_archive > * 7275 Viewing DNS Records with WebUI fails > * 7254 test_caless: fix http.p12 is not valid and provide domain_level > for replica tests > * 7253 Custodia keys are not removed on uninstall > * 7240 ipa-dnskeysyncd broken (and ipactl doesn't tell) > * 7226 Remove remaining references to Firefox configuration extension > * 7220 Third KRA installation in topology fails > * 7210 Firefox reports insecure TLS configuration when visiting FreeIPA > web UI after standard server deployment > * 7208 freeipa: binary RPMs require both Python 2 and Python 3 > * 7190 Wrong info message from tasks.py > * 7189 make check is failed > * 7187 ipa-replica-manage should provide a debug option > * 7186 testing: get back command outputs when running tests > * 7162 [ipatests] disable replication debugging for 389-ds logs in > integration tests > * 7157 [tracker] pyasn1 fails to parse kerberos principal name > * 7155 test_caless: add caless to external CA test > * 7154 test_external_ca: switch to python-cryptography > * 7151 ipa-server-upgrade performs unneeded steps to stop tracking/start > tracking certs > * 7150 Ipa-server-install update dse.ldif with wrong SELinux context > * 7148 py3: ipa cert-request --principal --database fails with > BytesWarning: str() on a bytes instance > * 7143 "unknown command 'undefined'" error when changing user's password > via the web UI > * 7136 ipa-restore command doesn't exit with failure if wrong directory > manager's password is provided > * 7135 Server deployment still sets up Firefox extension, this is no > longer necessary and broken on F27+ > * 7134 ipa param-find: command displays internal error > * 7132 [4.6] PyPI packages are broken > * 7131 Finish Python3 support > * 7129 ipa-server/replica-install fails with: "exception: BytesWarning: > Comparison between bytes and string" when using '--dirsrv-config-file' > parameter > * 7124 [ipatests] - forced_client_reenrollment-domlevel-1 test suite > fails due to missing dns records > * 7119 kdc_proxy: kinit admin fails with "Cannot contact any KDC for > realm 'IPA.TEST' while getting initial credentials" > * 7115 ipa-pki-retrieve-key: failure results in crash report > * 7033 vault: TypeError: ... is not JSON serializable > * 7027 Use TLS for cert-find > * 7012 Users can delete their last active OTP token > * 6994 RFE: Remove 389-ds tuning step > * 6968 Consider moving upgrades from rpm install post > * 6874 pylint 1.7.1 fails > * 6858 RFE - Option to add custom OID or display name in IPA Cert > * 6851 Don't use ctypes.util.find_library in ipaclient > * 6844 ipa-restore fails when umask is set to 0027 > * 6721 While performing ipa-server-upgrade, sssd goes offline and stalls > the upgrade process > * 6703 Enable ephemeral KRA requests > * 6609 A CA administrator fails to add CA for Insufficient 'add' privilege > * 5922 ipa vault-archive overwrites an existing value without warning > * 5887 IDNA domains does not work under py3 > * 5813 ipa-kra-install disrupts bind-dyndb-ldap > * 5776 webui: some data disappear from user details page after the save > action is performed > * 5638 Port client code to Python 3 > * 5442 [tracker] SELinux 'execmem' denials > * 7624 [WebUI] wrong link to browser configuration guide on Login page > * 7609 [py37] Import from collections.abc > * 7604 ipa-client-install --mkhomedir doesn't enable oddjobd > * 7591 [freeipa] Drop requirements for 'initscripts' from specfile > * 7590 lightweight subca: ca-show fails on replica > * 7589 cacert renew fails on replica > * 7585 Update to python3-lesscpy 0.13 > * 7581 Translated text is formed incorrectly (API Browser) > * 7562 Regression: authselect 0.4-3 breaks FreeIPA sudo rules > * 7560 Do not depend on gnupg (1.x), use gnupg2 > * 7559 UI LoginScreen widget cannot be translated > * 7536 [F28] SubCA failing, keys are orphan > * 7533 ipa-advise: remove plugin config-fedora-authconfig > * 7530 external CA replica installation fails with CA_UNREACHABLE > * 7529 AVC denials and errors for IPA server installed on Fedora28 > * 7524 ipa-client-install fails because of missing file > /usr/share/ipa/freeipa.template > * 7523 external CA installation: step two reports self-signed configuration > * 7516 [F28] ipa-ca-install fails on replica > * 7515 ipa-advise config-server-for-smart-card-auth refers to nss.conf > despite the migration to ssl.conf > * 7514 Allow to create Kerberos services without a corresponding host > object * 7513 Allow Kerberos services to be members of IPA groups > * 7500 FreeIPA can remove svrcore-devel requirement > * 7498 [F28] CA replica fails with could not find certificate named > "caSigningCert cert-pki-ca" > * 7491 Unknown user 'ipaapi' when updating packages > * 7490 installutils.set_directive doesn't handle debian ssl.conf properly > * 7489 Test test_caless_TestCertInstall is failing in nightly > * 7478 [F28] ipa-backup fails with "Failed to execute authconfig command" > * 7471 [F28] replica pkispawn fails > * 7469 ipa-replica-prepare fail with "stat: path should be string, > bytes, os.PathLike or integer, not NoneType" > * 7466 [F28] Replica installs fails with CA_REJECTED caused by ACIError > * 7465 [F28] oddjobd not started, replica install fails with dbus error > in conn check > * 7464 CI is failing with pkispawn timeout > * 7461 Hardening of topology plugin to prevent erronous deletion of a > replica agreement > * 7426 DogtagInstance.backup_config creates backup with wrong owner > * 7421 Store HTTPD private keys encrypted > * 7418 [RFE] Improve ipa-client-install behaviour when non-standard > ldap.conf is used > * 7415 CA installer need to check availability of port 8080 > * 7410 ipa-replica-install --add-agents option doesn't install > trust-agent on replica > * 7396 ipa-client-automount --uninstall should return errcode > CLIENT_NOT_CONFIGURED > * 7377 Investigate and define plan of authconfig replacement in FreeIPA > * 7354 Fedora 28: Support NSSDB SQL format > * 7322 cert_find --subject is not finding by cert subject > * 7311 Update ui_driver to allow set path for geckodriver.log > * 7310 Integration tests don't collect logs from other replicas > * 7309 Integration tests: CA-less -> CA-ful promotion; post-promotion > checks * 7304 double ca acl provoke console error. > * 7302 test_external_ca: add selfsigned > external_ca > selfsigned test > case * 7301 Drop dependency on Python nose > * 7300 test_x509: test very long OID > * 7295 Build freeIPA with Python3 in @freeipa/freeipa-master-nightly > * 7278 Run WebUI unit test in TravisCI > * 7274 ipa-replica-install fails with PIN error [ CA-less environment ] > * 7263 Typo in login screen > * 7258 typo in accounts menu > * 7257 DNSSEC isn't supported in Python3 > * 7251 f.flush() or os.fsync() don't sync > * 7246 Report CA Subject DN and subject base before installing. > * 7239 Using --auto-reverse and --allow-zone-overlap does not skip zone > overlap check > * 7225 CLI: view command / plugin help in pager > * 7224 Logging: ipa-replica-conncheck is missing a /n > * 7207 ipa-server-install should prevent installations with single label > domains > * 7201 ipa-replica-manage re-initialize TypeError: 'NoneType' object > does not support item assignment > * 7183 /etc/gssproxy/10-ipa.conf not removed on uninstall > * 7095 [tracker] please rotate & compress > /var/lib/pki/pki-tomcat/logs/ca/debug > * 7049 Prepare for NSS switch default database to sqlite in F-27 > * 7024 freeipa depends on ntp > * 6931 custodia user isn't created when FreeIPA RPMs are installed > * 6890 Quickstart guide: mention how to open firewall ports > * 6884 ipa group-del gives ipa: ERROR: Insufficient access: but still > deletes group > * 6843 ipa-backup does not create log file at /var/log/ > * 6837 make ipa.conf and named.conf portable > * 6760 Improve console message for "ipa-server-install --uninstall" command > * 6604 Make pylint and jsl optional (and other issues) > * 6589 client should require /etc/krb5.conf.d/ > * 6450 pylint: cyclic dep check sometimes makes build fail > * 4853 Utilize system-wide crypto-policies > * 4140 Configure the NSS shared database model in IPA servers > * 3757 [RFE] Allow IPA to use either mod_ssl or mod_nss > * 2536 Create DOAP description for the IPA project > > == Detailed changelog since 4.6.4 == > > === Armando Neto (9) === > * Disable Pylint 2.0 violations > * Fix Pylint 2.0 violations > * Fix pylint 2.0 conditional-related violations > * Fix pylint 2.0 return-related violations > * Replace file.flush() calls with flush_sync() helper > * ipa-server-install: fix zonemgr argument validator > * ipa-client-install: Update how comments are added by ipachangeconf > * ui_tests: fix test_config::test_size_limits > * Prevent the creation on users and groups with numeric characters only > > === Alexander Bokovoy (28) === > * ipaserver/dcerpc.py: handle indirect topology conflicts > * pylint3: workaround false positives reported for W1662 > * group: allow services as members of groups > * service: allow creating services without a host to manage them > * group-del: add a warning to logs when password policy could not be > removed * idoverrideuser-add: allow adding ssh key in web ui > * ACL: Allow hosts to remove services they manage > * install: validate AD trust-related options in installers > * replication: support error messages from 389-ds 1.3.5 or later > * upgrade: treat duplicate entry when updating as not an error > * Allow anonymous access to parentID attribute > * upgrade: Run configuration upgrade under empty ccache collection > * use LDAP Whoami command when creating an OTP token > * Update template directory with new variables when upgrading > ipa.conf.template > * Processing of server roles should ignore errors.EmptyResult > * ipaserver/plugins/trust.py: pep8 compliance > * trust: detect and error out when non-AD trust with IPA domain name exists > * ipaserver/plugins/trust.py; fix some indenting issues > * ipa-extdom-extop: refactor nsswitch operations > * test_dns_plugin: cope with missing IPv6 in Travis > * travis-ci: collect logs from cmocka tests > * ipa-kdb: override krb5.conf when testing KDC code in cmocka > * adtrust: filter out subdomains when defining our topology to AD > * ipa-replica-manage: implicitly ignore initial time skew in force-sync > * ds: ignore time skew during initial replication step > * Make sure upgrade also checks for IPv6 stack > * OTP import: support hash names with HMAC- prefix > * dsinstance: Restore context after changing dse.ldif > > === Abhijeet Kasurde (3) === > * Trivial typo fix. > * ipatests: Fix interactive prompt in ca_less tests > * tests: correct usage of hostname in logger in tasks > > === Alexander Koksharov (4) === > * Fix replica_promotion-domlevel0 test failures > * preventing ldap principal to be deleted > * ensuring 389-ds plugins are enabled after install > * kra-install: better warning message > > === amitkuma (13) === > * Match Common Name attribute in Subject > * ipa vault-archive overwrites an existing value without warning > * ipa-advise: remove plugin config-fedora-authconfig > * RFE: ipa client should setup openldap for GSSAPI > * Correcting detect typo in server.m4 > * Correction of management spelling. > * clear sssd cache when uninstalling client > * clear sssd cache when uninstalling client > * Error message while adding idrange with untrusted domain > * Removing extra spaces present in man ipa-server-install > * ipa-advise for smartcards updated > * Custom ca-subject logging > * Documenting kinit_lifetime in /etc/ipa/default.conf > > === Anuja More (5) === > * Test for ipa-client-install should not use hardcoded admin principal > * Test that host can remove there own services > * Test for ipa-replica-install fails with PIN error for CA-less env. > * Adding test-cases for ipa-cacert-manage > * Adding test-cases for ipa-cacert-manage > > === Aleksei Slaikovskii (17) === > * Revert "Fixing > TestBackupAndRestore::test_full_backup_and_restore_with_removed_users" > * Uninstall fix for named-pkcs11 > * Radius proxy multiservers fix > * test_backup_and_restore.py Fix logging > * Enable and start oddjobd after ipa-restore if it's not running. > * Fixing translation problems > * test_backup_and_restore.py AssertionError fix > * ipalib/frontend.py output_for_cli loops optimization > * View plugin/command help in pager > * ipa-restore: Set umask to 0022 while restoring > * Prevent installation with single label domains > * Add a notice to restart ipa services after certs are installed > * Fix TypeError while ipa-restore is restoring a backup > * ipaclient.plugins.dns: Cast DNS name to unicode > * Less confusing message for PKINIT configuration during install > * Make tox tests to generate results in JUnit XML > * Make WebUI unit tests to generate results as JUnit > > === Brian J. Murrell (1) === > * Move ETag disabling to /ipa virtual server > > === Christian Heimes (191) === > * Remove needless use of %defatt > * Add more RHEL customizations to spec file > * Update builddep command in BUILD.txt > * Use python2_sitelib in spec file > * Fedora 29: No longer build python2-ipaserver > * Add pylint ignore to magic config.Env attributes > * Teach pylint how our api works > * Fix ipa console filename > * Create helper function to upload to temp file > * Add tab completion and history to ipa console > * Handle races in replica config > * pylint 2.0: node.path is a list > * Fix XPASS in test_installation > * Mark all expected failures as strict > * Fix DNSSEC install regression > * Wait for client certificates > * Auto-retry failed certmonger requests > * Tune DS replication settings > * Fix race condition in get_locations_records() > * Fix CA topology warning > * Delay enabling services until end of installer > * Only create DNS SRV records for ready server > * Query for server role IPA master > * Cleanup shebang and executable bit > * Import ABCs from collections.abc > * Require JSS 4.4.5 with replication fixes > * Extend Sub CA replication test > * pylint: Class node has been renamed to ClassDef > * Pythhon3.7: re module has no re._pattern_type > * Catch ACIError instead of invalid credentials > * Fix permission of public files in upgrader > * Make /etc/httpd/alias world readable & executable > * Always make ipa.p11-kit world-readable > * Ensure that public cert and CA bundle are readable > * Use 4 WSGI workers on 64bit systems > * Fix replication races in Dogtag admin code > * Use common replication wait timeout of 5min > * Improve and fix timeout bug in wait_for_entry() > * Remove restarted_named and xfail > * Tests: Set default TTL for DNS zones to 1 sec > * Always set ca_host when installing replica > * Start to deprecate Python 2 and 3.5 > * Sort and shuffle SRV record by priority and weight > * Increase WSGI process count to 5 on 64bit > * Fedora 29 renamed fedora-domainname.service > * Use python3-lesscpy 0.13.0 > * Split external_ca PR-CI into two jobs > * Always build Python 3 packages > * Make Python 2 build dependency optional > * Use one Custodia peer to retrieve all secrets > * Move client templates to separate directory > * Print version string in installer > * Backport gzip.decompress for Python 2 > * Require JSS 4.4.4 with fix for sub CA replication > * Refuse PORT, HOST in /etc/openldap/ldap.conf > * Apply sane LDAP settings to C code > * Use sane default settings for ldap connections > * Add test case for allow-create-keytab > * Use GnuPG 2 for backup/restore > * Use GnuPG 2 for symmentric encryption > * Require python-ldap >= 3.1.0 > * Reproducer for issue 5923 (bytes in error response) > * Run PR-CI with Fedora 28 > * Revert "Validate the Directory Manager password" > * Create missing /etc/httpd/alias for ipasession.key > * Only run subset of external CA tests > * Require Dogtag 10.6.1 > * Require nss with fix for nickname bug > * ipa-client package needs sssd-tool > * Make ipatests' create_external_ca a script > * Load certificate files as binary data > * Remove contrib/nssciphersuite > * Compatibility with pytest 3.4 > * Use shutil to copy file > * Use single Custodia instance in installers > * Add augeas dependency to client package > * Create users in server-common pre hook > * Require 389-ds-base >= 1.4.0.8-1 > * CA replica PKCS12 workaround for SQL NSSDB > * Add nsds5ReplicaReleaseTimeout to replica config > * Fix Python dependencies > * Remove os.chdir() from test_ipap11helper > * certdb: Move chdir into subprocess call > * Provide ldap_uri in Custodia uninstaller > * Defer import of ipaclient.csrgen > * Require more recent glibc on F27 > * Load librpm on demand for IPAVersion > * Fix installer CA port check for port 8080 > * Temporarily disable authconfig backup and restore > * Cleanup and remove more files on uninstall > * Fix compatibility with latest pytest > * More cleanup after uninstall > * Require Dogtag PKI >= 10.6 > * Keep owner when backing up CA.cfg > * Pylint 1.8.3 fixes > * Relax message check in test_create_host_with_ip > * Make fasttest pass without ~/.ipa/default.conf > * Instrument installer to profile steps > * autoconf prefers Python 3 over 2 > * Simplify Python package installation > * Move DNS related files to server-dns package > * Silence GCC warning in ipa_extdom > * Silence GCC warning in ipa-kdb > * Remove unused modutils wrappers from NSS/CertDB > * Update /etc/ipa/nssdb in client scripts > * NSS: Force restore of SELinux context > * NSSDB: Let certutil decide its default db type > * Prepare migration of mod_nss NSSDB to sql format > * certmonger: Use explicit storage format > * Remove deprecated -p option from ipa-dns-install > * Add mocked test for named crypto policy update > * Upgrade named.conf to include crypto policy > * Use system-wide crypto-policies on Fedora > * Add better CalledProcessError and run() logging > * freeipa-server no longer supports i686 arch on F28 > * ipa-custodia-checker now uses python3 shebang > * Unified ldap_initialize() function > * Fix multiple uninstallation of server > * Fix i18n test for Chinese translation > * Run API and ACI under Python 2 and 3 > * Generate same API.txt under Python 2 and 3 > * Replace wsgi package conflict with config file > * Restart named-pkcs11 after KRA installation > * Update existing 389-DS cn=RSA,cn=encryption config > * Replace hard-coded paths with path constants > * Bump python-ldap version to fix syncrepl bug > * Bump SELinux policy for DNSSEC > * ipa-server-upgrade now checks custodia server keys > * DNSSEC code cleanup > * DNSSEC: Reformat lines to address PEP8 violations > * Decode ODS commands > * Run DNSSEC under Python 3 > * More DNSSEC house keeping > * Remove unused PyOpenSSL from spec file > * Give ODS socket a bit of time > * Require dbus-python on F27 > * Fix pylint error in ipapython/dn.py > * Lower python-ldap requirement for F27 > * ipa-run-tests: make --ignore absolute, too > * Sort external schema files > * LGTM: unnecessary else in for loop > * LGTM: Use explicit string concatenation > * LGTM: raise handle_not_found() > * LGTM: Fix multiple use before assignment > * LGTM: Remove redundant assignment > * LGTM: Fix exception in permission_del > * LGTM: Membership test with a non-container > * LGTM: Name unused variable in loop > * LGTM: Use of exit() or quit() > * LGTM: Silence unmatchable dollar > * Make fastlint even faster > * ipa-run-tests: replace chdir with plugin > * Include ipa_krb5.h without util prefix > * Custodia uninstall: Don't fail when LDAP is down > * Require python-ldap 3.0.0b2 > * Use pylint 1.7.5 with fix for bad python3 import > * Vault: Add argument checks to encrypt/decrypt > * Fix pylint warnings inconsistent-return-statements > * Travis: Add workaround for missing IPv6 support > * Replace nose with unittest and pytest > * Add safe DirectiveSetter context manager > * More log in verbs > * Address more 'to login' > * Fix grammar error: Log out > * Fix grammar in login screen > * Add make targets for fast linting and testing > * Add marker needs_ipaapi and option to skip tests > * Add python_requires to Python package metadata > * Remove Custodia keys on uninstall > * NSSDB: use preferred convert command > * Skip test_rpcclient_context in client tests > * Update to python-ldap 3.0.0 > * Update builddep command to install Python 3 and tox deps > * Add workaround for pytest 3.3.0 bug > * Fix dict iteration bug in dnsrecord_show > * Reproducer for bug in structured dnsrecord_show > * Use Python 3 on Travis > * Prevent installation of Py2 and Py3 mod_wsgi > * Require UTF-8 fs encoding > * libotp: add libraries after objects > * Run tox tests for PyPI packages on Travis > * Support sqlite NSSDB > * Py3: Fix vault tests > * Test script for ipa-custodia > * ipa-custodia: use Dogtag's alias/pwdfile.txt > * Use namespace-aware meta importer for ipaplatform > * Remove ignore_import_errors > * Backup ipa-custodia conf and keys > * Py3: fix fetching of tar files > * Use os.path.isfile() and isdir() > * Block PyOpenSSL to prevent SELinux execmem in wsgi > > === David Kupka (2) === > * schema: Fix internal error in param-{find,show} with nonexistent object > * tests: Add LDAP URI to ldappasswd explicitly > > === Felipe Barreto (38) === > * Adding xfail to failing tests > * Fixing tests on TestReplicaManageDel > * Fixing TestCASpecificRUVs::test_replica_uninstall_deletes_ruvs > * Fixing > TestBackupAndRestore::test_full_backup_and_restore_with_removed_users > * Adding GSSPROXY_CONF to be backed up on ipa-backup > * Reverting commit 6b145bf3e696e6d40b74055ccdf8d14da7828a09 > * Fix TestSubCAkeyReplication providing the right path to pki log > * temp commit: adding test to PR CI run > * Adding right parameters to install IPA in > TestInstallMasterReservedIPasForwarder > * Changing Django's CoC to reflect FreeIPA CoC > * Adding Django's Code of Conduct > * prci: Bump ci-master-f27 template to 1.0.3 > * Adding more tests to PR CI > * Fixing cleanup process in test_caless > * WebUI Tests: changing the ActionsChains.move_to_element to a new approach > * WebUI Tests: fixing test_user.py::test_test_noprivate_posix > * WebUI Tests: Changing how the initial load process is done > * WebUI Tests: fixing test_range test case > * WebUI Tests: changing how the login screen is detected > * WebUI Tests: refactoring login method to be more readable > * WebUI Tests: fixing test_navigation > * WebUI Tests: fixing test_group > * WebUI Tests: fixing test_hbac > * Check if replication agreement exist before enable/disable it > * Make IntegrationTest fail if an error happened during uninstall > * IntegrationTests now collects logs from all test methods > * Fixing vault-add-member to be compatible with py3 > * Fixing test_backup_and_restore assert to do not rely on the order > * Fixing test_testconfig with proper asserts > * Warning the user when using a loopback IP as forwarder > * Removing replica-s4u2proxy.ldif since it's not used anymore > * Fix log capture when running pytests_multihosts commands > * Checks if replica-s4u2proxy.ldif should be applied > * Fixing tox and pylint errors > * Fixing param-{find,show} and output-{find,show} commands > * Checks if Dir Server is installed and running before IPA installation > * Changing idoverrideuser-* to treat objectClass case insensitively > * Fixing how sssd.conf is updated when promoting a client to replica > > === François Cami (1) === > * 10-config.update: remove nsslapd-sasl-max-buffer-size override as > https://pagure.io/389-ds-base/issue/47457 was fixed directly in 389 > Directory Server. > > === Florence Blanc-Renaud (38) === > * ipa client uninstall: clean the state store when restoring hostname > * Add test for ticket 7604: ipa-client-install --mkhomedir doesn't > enable oddjobd > * ipa-client-install: enable and start oddjobd if mkhomedir > * fix dependency for *-domainname.service file > * Installer: configure authselect with-sudo > * Test for 7526 > * ipa-server-install: publish complete cert chain in > /usr/share/ipa/html/ca.crt > * authselect migration: use stable interface to query current config > * authselect test: skip test if authselect is not available > * ipa-advise: adapt config-client-for-smart-card-auth to authselect > * Revert commit d705320ec136abc2fcf524f2b63a76d3fc0ba97a > * New tests for authselect migration > * Migration from authconfig to authselect > * ipa-advise config-server-for-smart-card-auth: use mod-ssl > * ipa-replica-install: make sure that certmonger picks the right master > * ipa-restore: remove /etc/httpd/conf.d/nss.conf > * ipa-server-install: handle error when calling kdb5_util create > * ipa host-add: do not raise exception when reverse record not added > * ACI: grant access to admins group instead of admin user > * 389-ds OTP lasttoken plugin: Add unit test > * User must not be able to delete his last active otp token > * ipa host-add --ip-address: properly handle NoNameservers > * test_integration: backup custodia conf and keys > * Idviews: fix objectclass violation on idview-add > * Improve help message for ipa trust-add --range-type > * Fix ca less IPA install on fips mode > * Fix ipa-replica-install when key not protected by PIN > * Fix ipa-restore (python2) > * ipa-getkeytab man page: add more details about the -r option > * Py3: fix ipa-replica-conncheck > * Fix ipa-replica-conncheck when called with --principal > * py3: fix ipa cert-request --database ... > * ipa-cacert-manage renew: switch from ext-signed CA to self-signed > * ipa-server-upgrade: do not add untracked certs to the request list > * ipa-server-upgrade: fix the logic for tracking certs > * Fix ipa-server-upgrade with server cert tracking > * Python3: Fix winsync replication agreement > * Fix ipa config-mod --ca-renewal-master > > === Fraser Tweedale (52) === > * Add missing space in error string > * Handle compressed responses from Dogtag > * install: fix reported external CA configuration > * csrgen: fix when attribute shortname is lower case > * csrgen: drive-by docstring > * csrgen: support initialising OpenSSL adaptor with key object > * py3: fix csrgen error handling > * certprofile: add tests for config profileId scenarios > * certprofile: reject config with multiple profileIds > * Fix upgrade (update_replica_config) in single master mode > * Add commentary about PKI admin password > * Fix upgrade when named.conf does not exist > * replica-install: warn when there is only one CA in topology > * install: configure dogtag status request timeout > * upgrade: remove fix_trust_flags procedure > * ldap2: fix implementation of can_add > * ipaldap: allow GetEffectiveRights on individual operations > * Update IPA CA issuer DN upon renewal > * cert-request: avoid internal error when cert malformed > * Improve warning message for malformed certificates > * Don't use admin cert during KRA installation > * Add uniqueness constraint on CA ACL name > * Add tests for installutils.set_directive > * installutils: refactor set_directive > * pep8: reduce line lengths in CAInstance.__enable_crl_publish > * Prevent set_directive from clobbering other keys > * install: report CA Subject DN and subject base to be used > * ipa_certupdate: avoid classmethod and staticmethod > * Run certupdate after promoting to CA-ful deployment > * ipa-ca-install: run certupdate as initial step > * CertUpdate: make it easy to invoke from other programs > * renew_ra_cert: fix update of IPA RA user entry > * Re-enable some KRA installation tests > * Use correct version of Python in RPM scripts > * Remove caJarSigningCert profile and related code > * CertDB: remove unused method issue_signing_cert > * Remove XPI and JAR MIME types from httpd config > * Remove mention of firefox plugin after CA-less install > * Add missing space in ipa-replica-conncheck error > * ipa-cacert-manage: avoid some duplicate string definitions > * ipa-cacert-manage: handle alternative tracking request CA name > * Add tests for external CA profile specifiers > * ipa-cacert-manage: support MS V2 template extension > * certmonger: add support for MS V2 template > * certmonger: refactor 'resubmit_request' and 'modify' > * ipa-ca-install: add --external-ca-profile option > * install: allow specifying external CA template > * Remove duplicate references to external CA type > * cli: simplify parsing of arbitrary types > * py3: fix pkcs7 file processing > * ipa-pki-retrieve-key: ensure we do not crash > * issue_server_cert: avoid application of str to bytes > > === Ganna Kaihorodova (7) === > * check nsds5ReplicaReleaseTimeout option was set > * Fix trust tests for Posix Support > * Fix for integration tests dns_locations > * Fix in IPA's multihost fixture > * TestBasicADTrust.test_ipauser_authentication > * Fix for test TestInstallMasterReservedIPasForwarder > * Overide trust methods for integration tests > > === John Morris (1) === > * Increase dbus client timeouts during CA install > > === Justin Stephenson (1) === > * Skip zone overlap check with auto-reverse > > === Kaleemullah Siddiqui (1) === > * Test coverage for multiservers for radius proxy > > === Martin Basti (3) === > * py3: bindmgr: fix iteration over bytes > * py3: ipa-dnskeysyncd: fix bytes issues > * py3: set samba dependencies > > === Takeshi MIZUTA (1) === > * Fix some typos in man page > > === Michal Reznik (54) === > * Mark DL0 TestReplicaManageDel tests as xfail > * ipa_tests: ipa-replica-prepare stuck on user input > * ui_tests: stabilization fixes > * ui_tests: extend test_config.py suite > * ui_tests: fixes for issues with sending key and focus on element > * ui_tests: add click_undo_button() func > * ui_tests: extend test_selinuxusermap.py suite > * ui_tests: improve "field_validation" method > * ui_tests: checkbox click fix > * ui_tests: introduce new test_misc cases file > * ui_driver: extension and modifications related to test_user > * ui_tests: extend test_user suite > * test_web_ui: extend ui_driver methods > * test_webui: add user life-cycles tests > * ui_tests: run ipa-get/rmkeytab command on UI host > * ui_tests: select_combobox() fixes > * ui_tests: test cancel and delete without button > * ui_tests: make associations cancelable > * ui_tests: add function to run cmd on UI host > * ui_tests: add funcs to add/remove users public SSH key > * ui_tests: add assert_field_required() > * ui_tests: add assert_notification() > * ui_tests: add more test cases > * ui_tests: add more test cases to test_certification > * ui_tests: add_service() support func in test_service > * ui_tests: add_host() support func in test_service > * ui_tests: change get_http_pkey() function > * test_caless: adjust try/except to capture also IOError > * ipa_tests: test signing request with subca on replica > * tests: ca-less to ca-full - remove certupdate > * ipa_tests: test subca key replication > * test_caless: add SAN extension to other certs > * prci: run full external_ca test suite > * tests: move CA related modules to pytest_plugins > * test_external_ca: selfsigned->ext_ca->selfsigned > * test_tasks: add sign_ca_and_transport() function > * paths: add IPA_CACERT_MANAGE and IPA_CERTUPDATE constants > * test_caless: test PKINIT install and anchor update > * test_renewal_master: add ipa csreplica-manage test > * test_cert_plugin: check if SAN is added with default profile > * test_help: test "help" command without cache > * test_x509: test very long OID > * test_batch_plugin: fix py2/3 failing assertion > * test_vault: increase WAIT_AFTER_ARCHIVE > * test_caless: fix http.p12 is not valid > * test_caless: fix TypeError on domain_level compare > * manpage: ipa-replica-conncheck - fix minor typo > * test_external_dns: add missing test cases > * test_caless: open CA cert in binary mode > * test_forced_client: decode get_file_contents() result > * tests: add host zone with overlap > * tests_py3: decode get_file_contents() result > * test_caless: add caless to external CA test > * test_external_ca: switch to python-cryptography > > === Varun Mylaraiah (5) === > * ui_tests: extend test_pwpolicy.py suite > * Extend WebUI test_krbpolicy suite with the following test cases: > test_verifying_button (verify button's action in various scenarios) > test_negative_value (verify invalid values) test_verifying_measurement_unit > * WebUI tests: Extend netgroup tests with more scenarios > * Fixed improper clean-up in test_host::test_kerberos_flags added > closing the notification in kerberos flags > * WebUI tests: Extend user group tests with more scenarios > > === Mohammad Rizwan Yusuf (9) === > * Check if issuer DN is updated after self-signed > external-ca > * Extended UI test for Certificates > * Extended UI test for selfservice permission. > * Test to check second replica installation after master restore > * Before the fix, when ipa-backup was called for the first time, the > LDAP database exported to > /var/lib/dirsrv/slapd-<instance>/ldif/<instance>-userRoot.ldif. db2ldif > is called for this and it runs under root, hence files were owned by root. > * Updated the TestExternalCA with the functions introduced for the steps > of external CA installation. > * When the dirsrv service, which gets started during the first > ipa-server-install --external-ca phase, is not running when the second > phase is run with --external-cert-file options, the ipa-server-install > command fail. > * IANA reserved IP address can not be used as a forwarder. This test > checks if ipa server installation throws an error when 0.0.0.0 is > specified as forwarder IP address. > * ipatest: replica install with existing entry on master > > === Nikhil Dehadrai (1) === > * Test for improved Custodia key distribution > > === Armando Neto (1) === > * ipaserver config plugin: Increase search records minimum limit > > === Nathaniel McCallum (3) === > * Revert "Don't allow OTP or RADIUS in FIPS mode" > * Increase the default token key size > * Fix OTP validation in FIPS mode > > === Petr Čech (3) === > * webui:tests: Add tests for realmd domains > * tests: Mark failing tests as failing > * ipatests: Fix on logs collection > > === Pavel Picka (2) === > * Adding WebUI Host test cases > * WebUI Hostgroups tests cases added > > === Petr Vobornik (17) === > * Update Dojo and Dojo builder to 1.13.0 > * WebUI build: use NodeJS instead of Rhino > * WebUI build: replace uglifyjs with system package > * Fix test_server_del::TestLastServices > * server-del do not return early if CA renewal master cannot be changed > * webui: refresh complex pages after modification > * Fix order of commands in test for removing topology segments > * webui tests: fix test_host:test_crud failure > * realm domains: improve doc text > * webui: hbactest: add tooltips to 'enabled' and 'disabled' checkboxes > * Revert "temp commit to run the affected tests" > * temp commit to run the affected tests > * webui:tests: close big notifications in realm domains tests > * webui:tests: realm domain add with DNS check > * webui:tests: move DNS test data to separate file > * fastcheck: do not test context in pycodestyle > * browser config: cleanup after removal of Firefox extension > > === Pavel Vomacka (16) === > * WebUI: make keytab tables on service and host pages writable > * Include npm related files into Makefile and .gitignore > * Update jsl.conf in tests subfolder > * Edit TravisCI conf files to run WebUI unit tests > * Update README about WebUI unit tests > * Update tests > * Create symlink to qunit.js > * Update jsl to not warn about module in Gruntfile > * Add Gruntfile and package.json to ui directory > * Update QUnit CSS file to 2.4.1 > * Update qunit.js to version 2.4.1 > * Extend ui_driver to support geckodriver log_path > * WebUI: make Domain Resolution Order writable > * WebUI: Fix calling undefined method during reset passwords > * WebUI: remove unused parameter from get_whoami_command > * Adds whoami DS plugin in case that plugin is missing > > === Rob Crittenden (62) === > * replicainstall: DS SSL replica install pick right certmonger host > * Extend CALessBase::installer_server to accept extra_args > * Handle subyptes in ACIs > * server install: drop some print statements, change log level > * Drop attr defaultServerList if removing the last server > * Improve console logging for ipa-server-install > * Replace some test case adjectives > * Suppress missing cn=schema compat on installation > * Use replace instead of add to set new default ipaSELinuxUserMapOrder > * Disable Schema Compat plugin during server upgrade > * Add tests for ipa-restore with DM password validation check > * Validate the Directory Manager password before starting restore > * Rename test class for testing simple commands, add test > * Don't try to set Kerberos extradata when there is no principal > * Client install should handle automount unconfigured on uninstall > * Return unique error when automount is already or not configured > * VERSION.m4: Set back to git snapshot > * Become IPA 4.6.90.pre2 > * Update 4.7 translations > * Fix certificate retrieval in ipa-replica-prepare for DL0 > * Disable message about log in ipa-backup if IPA is not configured > * Use a regex in installutils.get_directive instead of line splitting > * Handle whitespace, add separator to regex in set_directive_lines > * Validate the Directory Manager password before starting restore > * Log service start/stop/restart message > * Update project metadata in ipasetup.py.in > * Allow dot as a valid character in an selinux identity name > * Remove xfail from CALes test test_http_intermediate_ca > * Some PKCS#12 errors are reported with full path names > * ipa-server-certinstall failing, unknown option realm > * Revert run_pk12util part of 807a5cbe7cc52690336c5095ec6aeeb0a4e8483c > * Break out of teardown in test_replica_promotion.py if no config > * Remove the Continuous installer class, it is unused > * Return a value if exceptions are raised in server uninstall > * VERSION.m4: Set back to git snapshot > * Become IPA 4.6.90.pre1 > * Update Contributors.txt > * Redirect CRL requests to the http port, not the https port > * Don't try to backup CS.cfg during upgrade if CA is not configured > * Don't return None on mismatched interactive passwords > * Update smart_card_auth advise script for mod_ssl > * Add value in set_directive after a commented-out version > * Don't backup nss.conf on upgrade with the switch to mod_ssl > * Enable upgrades from a mod_nss-installed master to mod_ssl > * Convert ipa-pki-proxy.conf to use mod_ssl directives > * Remove main function from the certmonger library > * Use mod_ssl instead of mod_nss for Apache TLS for new installs > * Fix detection of KRA installation so upgrades can succeed > * Move Requires: pythonX-sssdconfig into conditional > * Log contents of files created or modified by IPAChangeConf > * Don't manually generate default.conf in server, use IPAChangeConf > * Enable ephemeral KRA requests > * Make the path to CS.cfg a class variable > * Run server upgrade in ipactl start/restart > * If the cafile is not present or readable then raise an exception > * Add test to ensure that properties are being set in rpcclient > * Use the CA chain file from the RPC context > * Fix cert-find for CA-less installations > * Use 389-ds provided method for file limits tuning > * Collect group membership without a size limit > * Add exec to /var/lib/ipa/sysrestore for install status inquiries > * Use TLS for the cert-find operation > > === Robbie Harwood (5) === > * Fix elements not being removed in otpd_queue_pop_msgid() > * Move krb5 snippet into freeipa-client-common > * Enable SPAKE support using krb5.conf.d snippet > * Log errors from NSS during FIPS OTP key import > * ipa-kdb: support KDB DAL version 7.0 > > === Rishabh Dave (1) === > * ipa-ca-install: mention REPLICA_FILE as optional in help > > === Sumit Bose (1) === > * ipa-kdb: reinit trusted domain data for enterprise principals > > === Sumit Bose (2) === > * ipa-kdb: update trust information in all workers > * ipa-kdb: use magic value to check if ipadb is used > > === John L (1) === > * Remove special characters in host_add random OTP generation > > === Stanislav Laznicka (84) === > * Move config directives handling code > * Travis: ignore 'line break after binary operator' > * Allow user administrator to change user homedir > * mod_ssl: add SSLVerifyDepth for external CA installs > * Add absolute_import to test_authselect > * Fix typo in ipa-getkeytab --help > * Add absolute_import future imports > * replica-install: pass --ip-address to client install > * ipa_backup: Backup the password to HTTPD priv key > * Fix upgrading of FreeIPA HTTPD > * Remove py35 env from tox testing > * Encrypt httpd key stored on disk > * Dogtag configs: rename deprecated options > * Backup HTTPD's mod_ssl config and cert-key pair > * vault: fix vault-retrieve to a file > * Backup ssl.conf when migrating from mod_nss > * Move HTTPD cert/key pair to /var/lib/ipa/certs > * httpinstance fixup: remove commented-out lines > * httpinstance: fix publishing of CA cert > * httpinstance: verify priv key belongs to certificate > * httpinstance: backup mod_nss conf instead of just removing it > * service: rename import_ca_certs_* to export_* > * fixup: add ipa-rewrite.conf to ssl.conf on upgrade > * Make ipa-server-certinstall store HTTPD cert in a file > * certupdate: don't update HTTPD NSS db > * x509: Fix docstring of write_certificate() > * x509: Remove unused argument of load_certificate_from_file() > * httpinstance: handle supplied PKCS#12 files in installation > * mod_ssl migration: fix upload_cacrt.py plugin > * Fix FileStore.backup_file() not to backup same file > * Have all the scripts run in python 3 by default > * replica_prepare: Remove the correct NSS DB files > * Add a helpful comment to ca.py:install_check() > * Don't allow OTP or RADIUS in FIPS mode > * caless tests: decode cert bytes in debug log > * caless tests: make debug log of certificates sensible > * Add indexing to improve host-find performance > * Add the sub operation for fqdn index config > * x509: remove subject_base() function > * x509: remove the strip_header() function > * py3: pass raw entries to LDIFWriter > * ipatests: use python3 if built with python3 > * PRCI: use a new template for py3 testing > * travis: pep8 changes to pycodestyle > * csrgen_ffi: cast the DN value to unsigned char * > * Remove pkcs10 module contents > * Add tests for CertificateSigningRequest > * parameters: introduce CertificateSigningRequest > * parameters: relax type checks > * csrgen: update docstring for py3 > * csrgen: accept public key info as Bytes > * csrgen_ffi: pass bytes where "char *" is required > * p11-kit: add serial number in DER format > * travis: make tests fail if pep8 does not pass > * Remove the `message` attribute from exceptions > * rpc: don't decode cookie_string if it's None > * Don't write p11-kit EKU extension object if no EKU > * pylint: fix missing module > * travis: run the same tests in python2/3 > * certmap testing: fix wrong cert construction > * ldap2: don't use decode() on str instance > * client: fix retrieving certs from HTTP > * uninstall: remove deprecation warning > * ldif: handle attribute names as strings > * pkinit: don't fail when no pkinit servers found > * pkinit: fix sorting dictionaries > * travis: remove "fast" from "makecache fast" > * Change Travis CI container to FreeIPA-owned > * Change the requirements for pylint in wheel > * rpcserver: don't call xmlserver.Command > * secrets: disable relative-imports for custodia > * pylint: disable __hash__ for some classes > * install.util: disable no-value-for-parameter > * pylint: make unsupported-assignment-operation check local > * sudocmd: fix unsupported assignment > * pylint: Iterate through dictionaries > * parameters: convert Decimal.precision to int > * dcerpc: disable unbalanced-tuple-unpacking > * dcerpc: refactor assess_dcerpc_exception > * pylint: fix no-member in schema plugin > * csrgen: fix incorrect codec for pyasn BitString > * pylint: fix not-context-manager false positives > * travis: temporary workaround for Travis CI > * Travis: archive logs of py3 jobs > > === Stanislav Levin (11) === > * Fix link to browser configuration guide on Login page > * Fix some untranslatable commands in Web UI API Browser > * Apply validate_doc() to NO_CLI commands > * Fix formatted translations of error messages in topology plugin > * Fix formatted translations of error messages in serverroles plugin > * Fix formatted translations in trust plugin > * Fix translation of idrange_* commands description > * Fix formatted translations in domainlevel plugin > * Use intended format() method of translation object > * Add support for format method to translation objects > * Fix translation of commands description in API Browser > > === Sudhir Menon (2) === > * Adding modified DOAP file > * DOAP Description for IPA Project > > === Thierry Bordaz (2) === > * Hardening of topology plugin to prevent erronous deletion of a replica > agreement > * 389-ds-base crashed as part of ipa-server-intall in ipa-uuid > > === Tibor Dudlák (15) === > * Use temporary pid file for chronyd -q task > * Fix format string passed to pytest-multihost > * Configure chrony with pool when server not set > * Add enabling chrony daemon when not configured > * Remove unnecessary option --force-chrony > * Remove NTP server role while upgrading > * Removes NTP server role from servroles and description > * Update man pages for FreeIPA client, replica and server install > * Adding method to ipa-server-upgrade to cleanup ntpd > * Add --ntp-pool option to installers > * FreeIPA server is time synchronization client only > * Replace ntpd with chronyd in installation > * Add dependency and paths for chrony > * Removes ntp from dependencies and behave as there is always -N option > * Do not check deleted files with `make fastlint` > > === Timo Aaltonen (9) === > * Fix HTTPD SSL configuration for Debian. > * ldapupdate: Add support for Debian multiarch > * named.conf: Disable duplicate zone on debian, and modify data dir > * Add mkhomedir support for Debian > * paths: Fix some path definitions for Debian. > * constants: Fix HTTPD_GROUP for Debian > * Create kadm5.acl if it doesn't exist > * ipaplatform, ipa.conf: Use paths variables in ipa.conf.template > * Move config templates from install/conf to install/share > > === Tomas Krizek (20) === > * test_dnssec: re-add named-pkcs11 workarounds > * py3 dnssec: convert hexlify to str > * py3: bindmgr: fix bytes issues > * prci: bump ci-master-f27 template to 1.0.2 > * prci: define testing topologies > * prci: start testing PRs on fedora 27 > * py3 spec: remove python2 dependencies from server-trust-ad > * py3 spec: remove python2 dependencies from freeipa-server > * py3 spec: use proper python2 package names > * ipatests: fix circular import for collect_logs > * ipatests: collect logs for external_ca test suite > * prci: add external_ca test > * ldap: limit the retro changelog to dns subtree > * spec: bump 389-ds-base to 1.3.7.6-1 > * ipatests: set default 389-ds log level to 0 > * prci: update F26 template > * spec: bump python-pyasn1 to 0.3.2-2 > * prci: use f26 template for master > * VERSION: set 4.6 git snapshot > * Contributors.txt: update > > === Thorsten Scherf (1) === > * Add debug option to ipa-replica-manage and remove references to > api_env var.
I have two full (DNS, CA, KRA) FreeIPA instances still running F27 for stability based on the recommendations at the time of the F28 release. Is *this[1]* FreeIPA release recommended for a full OS dnf upgrade from F27 to F28? [1]: https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6a8f8036d -- Anthony - https://messinet.com F9B6 560E 68EA 037D 8C3D D1C9 FF31 3BDB D9D8 99B6
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/BO3GKS73BGVQ4R647XDE3MJNHR7B4KKX/