The FreeIPA team would like to announce FreeIPA 4.5.0 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 25 and Fedora 26 will be available soon in the official COPR repository.

Highlights in 4.5.0#

Enhancements#

AD User Short Names#

Support for AD users short names has been added. Short names can be enabled from CLI by setting ipa config-mod --domain-resolution-order="domain.test:ad.domain1.test:ad.domain2.test" or from WebUI under Configuration tab. No manual configuration on SSSD side is required.

Please note that this feature is not supported by SSSD yet and the work is tracked with <https://pagure.io/SSSD/sssd/issue/3210>

<https://www.freeipa.org/page/V4/AD_User_Short_Names>

FIPS 140-2 Support#

FreeIPA server and client can be installed on FIPS enabled systems. MD5 fingerprints have been replaced with SHA256. Variable fips_mode has been added to env that indicates whether FIPS is turned on the server.

Please note that FIPS 140-2 support may not work on some platforms because all dependencies of FreeIPA must support FIPS 140-2 what we cannot guarantee. (Should work with RHEL 7.4+.) The FreeIPA code itself is FIPS 140-2 compatible.

<https://www.freeipa.org/page/V4/FreeIPA-on-FIPS>

Certificate Identity Mapping#

Support for multiple certificates on Smart cards has been added. User can choose which certificate is used to authenticate. This allows to define multiple certificates per user. The same certificate can be used by different accounts, and the mapping between a certificate and an account can be done through binary match of the whole certificate or a match on custom certificate attributes (such as Subject + Issuer).

<https://www.freeipa.org/page/V4/Certificate_Identity_Mapping>

Improvements for Containerization#

AD trust and KRA can be installed in one step in containers without need to call subsequent ipa-adtrust-install and ipa-kra-install in containers. Option –setup-adtrust has been added to ipa-server-install and ipa-replica-install, and option –setup-kra has been added to ipa-server-install.

Semi-automatic Integration with External DNS#

Option “–out” has been added to command “ipa dns-update-system-records”. This option allows to store IPA system DNS records in nsupdate format in specified file and can be used with nsupdate command to update records on an external DNS server. For more details see this howto <https://www.freeipa.org/page/Howto/Updating_FreeIPA_system_DNS_records_on_a_remote_DNS_server>

<https://pagure.io/freeipa/issue/6585>

Known Issues#

CLI doesn’t work after ipa-restore <https://pagure.io/freeipa/issue/6748>
AD Trust doesn’t work with enabled FIPS mode <https://pagure.io/freeipa/issue/6697>
cert-find does not find all certificates without sizelimit=0 <https://pagure.io/freeipa/issue/6716>

Bug fixes#

Contains all bugfixes and enhacements of 4.4.1, 4.4.2, 4.4.3 releases

Installers Refactoring#

Installers code base has been migrated into modules and many code duplication has been removed.

<https://www.freeipa.org/page/V4/Installers_refactoring>

“Normal” group has been renamed to “Non-POSIX” in WebUI#

In the web UI, the group type label “Normal” has been changed to “Non-POSIX” to be compatible with CLI options. The semantics of group types is unchanged.

<https://pagure.io/freeipa/issue/6334>

Build System Refactoring#

Several improvements of FreeIPA build system have been done. In case you are package maintainer please read the following design document.

<https://www.freeipa.org/page/V4/Build_system_refactoring>

LDAP Connection Management Refactoring#

LDAP connection management has been standardized across FreeIPA and should prevent LDAP connection issues during installation and upgrades in future.

<https://www.freeipa.org/page/V4/LDAP_Connection_Management_Refactoring>

Do not fail when IPA server has shortname first in /etc/hosts#

Kerberos client library is now instructed to not attempt to canonicalize hostnames when issuing TGS requests. This improves security by avoiding DNS lookups during canonicalization and also improves robustness of service principal lookups in more complex DNS environments (clouds, containerized applications). Due to this change in behavior, care must be taken to specify correct FQDN in host/service principals as no attempt to resolve e.g. short names will be made.

<https://pagure.io/freeipa/issue/6584>

Replica Connection Check Improvements#

Improved connection check reduces possibility of failure in further installation steps. Now ports on both IPv4 and IPv6 addresses are checked (if available).

<https://www.freeipa.org/page/V4/Replica_Conncheck>

Replace NSS with OpenSSL#

Should reduce number of issues related to HTTPS connections. This change was also needed to support FIPS.

<https://www.freeipa.org/page/V4/Replace_NSS_with_OpenSSL>

Fully customisable CA name#

The CA subject name is now fully customisable, and is no longer required to be related to the certificate subject base. The ipa-server-instal and ipa-ca-install commands learned the –ca-subject and –subject-base options for configuring these values.

<https://pagure.io/freeipa/issue/2614>

Upgrading#

Upgrade instructions are available on Upgrade page.

Feedback#

Please provide comments, bugs and other feedback via the freeipa-users mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or #freeipa channel on Freenode.

The FreeIPA team would like to announce FreeIPA 4.5.0 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 25 and Fedora 26 will be available in the official COPR repository.

Resolved tickets#

#6764 debian: python modules should be installed under dist-packages
#6759 replica prepare broken on KDC cert export
#6755 [certs.py] - “ipa-replica-prepare” command fails when trying to unlink non-existing “tmpcert.der” file in /var/lib/ipa/
#6750 Web page ipa/config/ssbrowser.html refers to missing ipa/config/ca.crt file
#6739 Cannot login to replica’s WebUI
#6735 The ipa-managed-entries command failed, exception: AttributeError: ldap2
#6734 vaultconfig-show throws internal error
#6731 ipa-server-install: allow to in install KRA in one step
#6730 Harden client HTTPS connections
#6724 [test_csrgen.py] - comparison test scripts not reflected changes in “openssl_base.tmpl”
#6723 ipa systemd unit should define Wants=network instead of Requires=network
#6718 SessionMaxAge in /etc/httpd/conf.d/ipa.conf introduces regression
#6717 WebUI: change structure of Identity submenu
#6714 ipaclient.csrgen depends on ipaplatform
#6713 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands (CVE-2017-2590)
#6712 WebUI: Arbitrary certificates on {user|host|service} details pages are not displayed in WebUI
#6707 Removal of IPAConfig broke Ipsilon’s FreeIPA integration
#6701 Add SHA256 fingerprints
#6698 User with ticket gets GSS failure when calling freeipa CLI command
#6694 ipa-client-install command failed, TypeError: list found
#6690 Plugin schema cache is slow
#6686 ipa-replica-install fails promotecustodia.create_replica with cert errors (untrusted) after adding externally signed CA cert
#6685 logout does not work properly
#6682 session logout should not remove ccache
#6680 kra-agent.pem file is not auto-renewed by certmonger
#6676 unable to parse cookie header
#6675 KRA_AGENT_PEM file is missing
#6674 ipactl: noise error from pki-tomcatd start
#6673 httpd unit files deletes root ccache
#6670 PKINIT upgrade process is incomplete
#6661 Move ipa session data from keyring to ccaches
#6659 ipa-backup does not include /root/kracert.p12
#6650 [vault] Replace nss crypto with cryptography
#6648 Make ipa-cacert-manage man page more clear
#6647 batch param compatibility is incorrect
#6646 IdM Server: list all Employees with matching Smart Card
#6643 [RFE] Add ipa-whoami command
#6640 DS certificate request during replica install fails due to bytes/string mismatch
#6639 Rewrite the code handling discovery and adding of AD trust agents in AD trust installer
#6638 AD trust installer should be able to configure samba instance also without admin credentials
#6637 Build fails on Fedora 26
#6636 UnboundLocalError during ipa-client-install
#6634 –ignore-last-of-role is not in man page
#6633 IPA replica install log shows password in plain text
#6631 Use Python warnings for development
#6630 Merge AD trust installer to server/replica install
#6629 Migrate AD trust installer on the new-style installer framework
#6625 WSGI fails with internal server error when mode != production (locked attribute)
#6623 Stageuser is missing -{add,remove}-{cert,principal} commands
#6620 Remove ipa-upgradeconfig command
#6619 krb5 1.15 broke DAL principal free
#6608 IPA server installation should check if IPv6 stack is enabled
#6607 Deprecate SSLv2 from API config
#6606 Full backup and restore prevents KRA from installing
#6601 [RFE] WebUI: Certificate Identity Mapping
#6600 Legacy client tests doesn’t have tree domain role.
#6598 [webui] Show “CA replica warning” only if there one or more replicas but only 1 CA
#6597 ipapython.version.DEFAULT_PLUGINS is not configured
#6596 Update ETAs in installers
#6588 replication race condition prevents IPA to install
#6586 Minor string fixes in dsinstance.py
#6585 [RFE] nsupdate output format in dns-update-system-records command
#6584 ipa-client-install fails to get CA cert via LDAP when non-FQDN name of IPA server is first in /etc/hosts
#6578 IPA CLI will eventually stop working when invoked in parallel
#6575 ipa-replica-install fails on requesting DS cert when master is not configured with IPv6
#6574 description of –domain and –realm is confusing
#6573 CA-less replica installation fails due to attempted cert issuance
#6570 Duplicate PKINIT certificates being tracked after restoring IPA backup on re-installed master
#6565 FreeIPA server install fails (and existing servers probably fail to start) due to changes in ‘dyndb’ feature on merge to upstream BIND
#6564 IPA WebUI certificates are grayed out on overview page but not on details page
#6559 [py3] switch to PY3 causes warnings from IPA schema cache
#6558 [Py3] http session cookie doesn’t work under Py3
#6551 Upgrade Samba configuration to not include keytab prefix
#6550 Refactor PKCS #7 parsing to use pyasn1_modules
#6548 [RFE] Mention ipa-backup in warning message before uninstalling IPA server
#6547 [RFE] Certificates issued by externally signed IdM CA should contain full trust chain
#6546 Delete option shouldn’t be available for hosts applied to view.
#6542 [RFE] Certificate Identity Mapping
#6541 ipa-replica-install fails to import DS cert from replica file
#6540 Migration from ipa-3.0 fails due to crashing copy-schema-to-ca.py
#6539 ipa vault operations are not possible with an older server
#6538 KRA: add checks to prevent removing the last instance of KRA in topology
#6534 topology should not include A<->B segment “both” and B->A “left right” at the same time.
#6532 replica installation incorrectly sets nsds5replicabinddngroup/nsds5replicabinddngroupcheckinterval on IPA 3.x instance
#6526 remove “request certificate with subjectaltname” permission
#6522 ipa-replica-conncheck should check for open ports on all IPs resolved from hostname
#6518 Can not install IPA server when hostname is not DNS resolvable
#6514 replica install: request_service_cert doesn’t raise error when certificate isuance failed
#6513 `ipa plugins` command crashes with internal error
#6512 Improve the robustness FreeIPA’s i18n module and its tests
#6510 Wrong error message during failed domainlevel 0 installations without a replica file
#6508 ipa-ca-install on promoted replica hangs on creating a temporary CA admin
#6505 Make ipapython.kerberos.Principal.__repr__ show the actual principal name
#6504 Create a test for uniqueness of CA renewal master
#6503 IPA upgrade of replica without DNS fails during restart of named-pkcs11
#6500 ipa-server-upgrade fails with AttributeError
#6498 Build system must regenerate file when template changes.
#6497 Misleading error message in replica_conn_check()
#6496 remove references to ds_newinst.pl
#6495 DNSSEC: ipa-ods-expoter.socket creates incorrect socket and breaks DNSSEC signing
#6492 Register entry points of Custodia plugins
#6490 Add local-env subcommand to ipa script
#6489 Provide legacy client test coverage with tree root domain
#6487 ipa-replica-conncheck fails randomly (race condition)
#6486 Add NTP server list to ipaplatform
#6481 Create a test for instantiating rules with service principals
#6480 Update man page for ipa-adtrust-install by removing –no-msdcs option
#6474 Remove ipaplatform dependency from ipa modules
#6472 cert-request no longer accepts CSR with extraneous data surrounding PEM data
#6469 Use xml.etree instead of lxml in odsmgr.py
#6466 [abrt] krb5-server: ipadb_change_pwd(): kdb5_util killed by SIGSEGV
#6461 LDAP Connection Management refactoring
#6460 NSSNickname enclosed in single quotes causes ipa-server-certinstall failure
#6457 ipa dnsrecord-add fails with Keyerror stack trace
#6455 Add example of RDN order for ipa-server-install –subject
#6451 Automate managed replication topology 4.4 features
#6448 Tests: Stageuser tracker creation of user with minimal values, with uid not specified
#6446 Create test for kerberos over http
#6445 Traceback seen in error_log when trustdomain-del is run
#6439 Members of nested netgroups configured in IdM cannot be seen by getent on clients
#6435 Fix zanata.xml config to skip testing ipa.pot file
#6434 Installers: perform host enrollment also in domain level 0 replica install
#6433 Refactor installer code requesting certificates
#6420 Pretty print option of pytest makes tracker fail when used in ipa console
#6419 cert-show default output does not show validity
#6417 Skip topology disconnect/last of role checks when uninstalling single domain level 1 master
#6415 replica-install creates spurious entries in cn=certificates
#6412 Create tests for certs in idoverrides feature
#6410 Tests: Verify that cert commands show CA without –all
#6409 [RFE] extend ipa-getkeytab to support other LDAP bind methods
#6406 Use common mechanism for setting up initial replication in both domain levels
#6405 unify domain level-specific mechanisms for replica’s DS/HTTP keytab generation
#6402 IPA Allows Password Reuse with History value defined when admin resets the password.
#6401 Revert expected returncode in replica_promotion test
#6400 Add file_exists method as a member of transport object
#6399 Object-Signing cert is unused; don’t create it
#6398 Refactor certificate inspection code to use python-cryptography
#6397 WebUI: Services are not displayed correctly after upgrade
#6396 Cleanup AD trust information after tests
#6394 WebUI: Update Patternfly and Bootstrap to newer versions
#6393 Make httpd publish CA certificate on Domain Level 1
#6392 Installers refactoring tracker
#6388 WebUI: Adder dialog cannot be reopened in case that it is closed using ESC and dropdown field was focuseded
#6386 Use api.env.nss_dir instead of paths.IPA_NSSDB_DIR
#6384 Web UI: Lowercase “b” in the “API browser” subtab label
#6381 ipa-cacert-manage man page should mention to run ipa-certupdate
#6375 ipa-replica-install fails when replica file created after ipa-ca-install on domain level 0
#6372 [RFE] allow managing prioritized list of trusted domains for unqualified ID resolution
#6369 [tracker] raise 389 requires when “Total init may fail if the pushed schema is rejected” is part of update
#6365 Custodia compatibility: add iSecStore.span method
#6359 test_0003_find_OCSP will never fail
#6358 ipa migrate-ds fails when it finds a referral
#6357 ipa-server-install script option –no_hbac_allow should match other options
#6354 regression: certmap.conf file is not backedup during ipa-server-upgrade
#6352 replica promotion with OTP: add additional info to “”Insufficient privileges” error message
#6347 Tests: provide trust test coverage for tree root domains
#6344 [RFE] support URI resource records
#6343 [RFE] Allow login to WebUI using Kerberos aliases/enterprise principals
#6340 IPA client ipv6 - invalid –ip-address shows traceback
#6335 Set priority as required filed in password policy
#6334 “Normal” group type in the UI is confusing
#6331 Reason is lost when CheckedIPAddress returns ValueError in ipa-client-install
#6308 [webui] Does not handle uppercase authentication indicators.
#6305 host/service-mod with –certificate= (remove all certs) does not revoke certs
#6295 cert-request is not aware of Kerberos principal aliases
#6269 cert-find –all does not show information about revocation
#6263 ipa-server-certinstall does not update all certificate stores and doesn’t set proper trust permissions
#6226 ipa-replica-install in CA-less environment does not configure DS TLS - ipa-ca-install then fails on replica
#6225 [RFE] Web UI: allow Smart Card authentication - finalization
#6202 ipa-client-install - document that –server option expects FQDN
#6178 Add options to retrieve lightweight CA certificate/chain
#6169 ipa dnsforwardzone-add w/o arguments fails
#6144 RPC code should be agnostic to display layer
#6132 Broken setup if 3rd party CA certificate conflicts with system-wide CA certificate
#6128 Tests: Base tracker contains leftover attributes from host tracker
#6126 Tests: User tracker does not enable creation of user with minimal values
#6125 Tests: unaccessible variable self.attrs for entries that are not created via standard create method in Tracker
#6124 Tests: remove –force option from tracker base class
#6123 Tests: Tracker enables silent deleting and creating entries
#6114 Traceback message seen when ipa is provided with invalid configuration file name
#6088 test_installation.py tests involving KRA installation on replicas fail in domain level 0
#6005 Create an automated test for Certs in idoverrides feature
#5949 ipa-server-install: improve prompt on interactive installation
#5935 [py3] DNSName.ToASCII broken with python3
#5742 [RFE] [webui] Configurable page size / User config page
#5695 [RFE] FreeIPA on FIPS enabled systems
#5640 Framework does not respect sizelimit passed via webUI in some searches
#5348 [tracker] dig + dnssec does not display signature of freshly created root zone
#4821 UI drops “Unknown Error” when the ipa record in /etc/hosts changes
#4189 [RFE] Use GSS-Proxy for the HTTP service
#3461 [RFE] Extend freeipa’s sudo to support selinux transition roles
#157 Python 3.2a1 in rawhide

Detailed changelog since 4.4.4#

Jan Barta (8)#

pylint: fix bad-mcs-method-argument commit
pylint: fix bad-mcs-classmethod-argument commit
pylint: fix bad-classmethod-argument commit
pylint: fix old-style-class commit
pylint: fix redefine-in-handler commit
pylint: fix pointless-statement commit
pylint: fix unneeded-not commit
pylint: fix simplifiable-if-statement warnings commit

Alexander Bokovoy (7)#

ipaserver/dcerpc.py: use arcfour_encrypt from samba commit #6697
add whoami command commit #6643
pkinit: make sure to have proper dictionary for Kerberos instance on upgrade commit #6670
ipa-kdb: support KDB DAL version 6.1 commit #6619
ipa-kdb: search for password policies globally commit #6561
adtrust: remove FILE: prefix from ‘dedicated keytab file’ in smb.conf commit #6551
trustdomain-del: fix the way how subdomain is searched commit #6445

Abhijeet Kasurde (11)#

Minor typo fix in DNS install plugin commit
Update warning message for replica install commit #6352
Add fix for ipa plugins command commit #6513
Update man page of ipa-server-install commit #6634
Remove deprecated ipa-upgradeconfig command commit #6620
Update warning message for ipa server uninstall commit #6548
Fix for handling CalledProcessError in authconfig commit #5244
Enumerate available options in IPA installer commit #5435
Provide user hint about IP address in IPA install commit #5949
Add fix for no-hbac-allow option in server install commit #6357
Added a fix for setting Priority as required field in Password Policy Details facet commit #6335

Ben Lipton (8)#

csrgen: Support encrypted private keys commit #4899
csrgen: Allow overriding the CSR generation profile commit #4899
csrgen: Automate full cert request flow commit #4899
tests: Add tests for CSR autogeneration commit #4899
csrgen: Use data_sources option to define which fields are rendered commit #4899
csrgen: Add a CSR generation profile for user certificates commit #4899
csrgen: Add CSR generation profile for caIPAserviceCert commit #4899
csrgen: Add code to generate scripts that generate CSRs commit #4899

Christian Heimes (88)#

Add PYTHON_INSTALL_EXTRA_OPTIONS and –install-layout=deb commit #6764
Make pylint and jsl optional commit #6604
Ignore ipapython/.DEFAULT_PLUGINS commit #6597
Run test_ipaclient test suite commit
Chain CSR generator file loaders commit
Move csrgen templates into ipaclient package commit #6714
Use https to get security domain from Dogtag commit
Cleanup certdb commit
Default to pkginstall=true without duplicated definitions commit
pylint: ignore pypi placeholders commit
Python build: use –build-base everywhere commit
Add with_wheels global to install wheel and PyPI packaging dependencies commit
Add placeholders for ipaplatform, ipaserver and ipatests commit
Add python-wheel as build requirement commit
Packaging: Add placeholder packages commit
Vault: port key wrapping to python-cryptography commit #6650
Remove NSPRError exception from platform tasks commit #5695
Remove import nss from test_ldap commit
certdb: Don’t restore_context() of new NSSDB commit
Finish port to PyCA cryptography commit
Drop in-memory copy of schema zip file commit
Speed up client schema cache commit #6690
C compilation fixes and hardening commit
lite-server: validate LDAP connection and cache schema commit #6679
Add –without-ipatests option commit
Add missing include of stdint.h for uint8_t commit
Client-only builds with –disable-server commit #6517
New lite-server implementation commit
Explain more performance tricks in doc string commit
Fix test, nested lists are no longer converted to nested tuples commit
Pretty print JSON in debug mode (debug level >= 2) commit
Convert list to tuples commit
Faster JSON encoder/decoder commit #6655
Backup /root/kracert.p12 commit #6659
Ditch version_info and use version number from ipapython.version commit
test_StrEnum: use int as bad type commit
Stable _is_null check commit
cryptography has deprecated serial in favor of serial_number commit
Enable additional warnings (BytesWarning, DeprecationWarning) commit #6631
Print test env information commit
Clean / ignore make check artefact commit
ipapython: Add dependencies on version.py commit
pytest: set rules to find test files and functions commit
Fix used before assignment bug in host_port_open() commit
Use pytest conftest.py and drop pytest.ini commit
Catch ValueError raised by pytest.config.getoption() commit
Silence pylint import errors of ipaserver in ipalib and ipaclient commit #6468
Relax check for .git to support freeipa in submodules commit
Ignore backup~ files like config.h.in~ commit
Fetch correct exception in IPA_CONFDIR test commit
Use env var IPA_CONFDIR to get confdir commit
Set explicit confdir option for global contexts commit #6389
Remove import of ipaplatform.paths from test_ipalib commit #6474
Remove BIN_FALSE and BIN_TRUE commit #6474
Add pylint guard to import of ipaplatform in ipapython.certdb commit #6474
Require python-gssapi >= 1.2.0, take 2 commit #6468
Backwards compatibility with setuptools 0.9.8 commit #6468
Require python-cryptography >= 1.3.1 commit #6468
Wheel bundles fixes commit #6474
Require python-gssapi >= 1.2.0 commit #6468
Adjustments for setup requirements commit #6468
wrap long line commit
Silence import warnings for Samba bindings commit #4985
Fix Python 3 bugs discovered by pylint commit #4985
Python3 pylint fixes commit #4985
Add main guards to a couple of Python scripts commit
Break ipaplatform / ipalib import cycle of hell commit
Replace LooseVersion commit #6468
Don’t ship install subpackages with wheels commit #6468
Minor fixes for IPAVersion class commit #6473
Pylint: whitelist packages with extension modules commit #6468
Add ‘ipa localenv’ subcommand commit #6490
ipapython and ipatest no longer require lxml commit
Register entry points of Custodia plugins commit #6492
Use xml.etree in ipa-client-automount script commit
Port ipapython.dnssec.odsmgr to xml.etree commit #6469
Add install requirements to Python packages commit #6468
Make api.env.nss_dir relative to api.env.confdir commit #6386
Don’t modify redhat_system_units commit
Use correct classifiers to make setup.py files PyPI compatible commit
Use api.env.nss_dir instead of paths.IPA_NSSDB_DIR commit #6386
Add __name__ == __main__ guards to setup.pys commit
Remove ipapython/ipa.conf commit
Port all setup.py to setuptools commit
Replace ipaplatform’s symlinks with a meta importer commit
Move ipa.1 man file commit
Add iSecStore.span commit #6365
Use RSA-OAEP instead of RSA PKCS#1 v1.5 commit #6278

David Kupka (20)#

rpcserver: x509_login: Handle unsuccessful certificate login gracefully commit #6225
Bump required version of gssproxy to 0.7.0 commit #6671, #6698
tests: Add tests for kerberos principal aliases in stageuser commit #6623
tests: kerberos_principal_aliases: Deduplicate tests commit #6623
tests: Stageuser-{add,remove}-cert commit #6623
tests: add-remove-cert: Use harcoded certificates instead of requesting them commit #6623
ipalib.x509: Handle missing SAN gracefully commit
stageuser: Add stageuser-{add,remove}-principal commit #6623
stageuser: Add stageuser-{add,remove}-cert commit #6623
build: Add missing dependency on libxmlrpc{,_util} commit #6637
ipaclient: schema cache: Handle malformed server info data gracefully commit #6578
schema_cache: Make handling of string compatible with python3 commit #6559
installer: Stop adding distro-specific NTP servers into ntp.conf commit #6486
tests: Expect krbpwdpolicyreference in result of {host,service}-{find,show} –all commit #6561
password policy: Add explicit default password policy for hosts and services commit #6561
ipaclient.plugins: Use api_version from internally called commands commit #6539
tests: Mark 389-ds acceptance tests commit
tests: Mark Dogtag acceptance tests commit
UnsafeIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)pickling commit #6385
schema cache: Store and check info for pre-schema servers commit #6095

Florence Blanc-Renaud (20)#

Installation must publish CA cert in /usr/share/ipa/html/ca.crt commit #6750
IdM Server: list all Employees with matching Smart Card commit #6646
ipa systemd unit should define Wants=network instead of Requires=network commit #6723
Support for Certificate Identity Mapping commit #6542
Define template version in certmap.conf commit #6354
Fix ipa.service unit re. gssproxy commit #6705
Do not configure PKI ajp redirection to use “::1” commit #6575
ipa-kra-install must create directory if it does not exist commit #6606
ipa-restore must stop tracking PKINIT cert in the preparation phase commit #6570
Increase the timeout waiting for certificate issuance in installer commit #6433
Check the result of cert request in replica installer commit #6514
Fix ipa-replica-install when upgrade from ca-less to ca-full commit #6375
Fix ipa migrate-ds when it finds a search reference commit #6358
Fix renewal lock issues on installation commit #6433
Refactor installer code requesting certificates commit #6433
Use autobind instead of host keytab authentication in dogtag-ipa-ca-renew-agent commit
Fix ipa-cacert-manage man page commit #6381
Add cert checks in ipa-server-certinstall commit #6263
Fix regression introduced in ipa-certupdate commit #6288
Fix ipa-certupdate for CA-less installation commit #6288

Fraser Tweedale (52)#

rabase.get_certificate: make serial number arg mandatory commit #3473, #5011
Extract method to map principal to princpal type commit #5011
Remove redundant principal_type argument commit #5011
dogtag: remove redundant property definition commit #3473
ca: correctly authorise ca-del, ca-enable and ca-disable commit #6713
replica install: relax domain level check for promotion commit #5011
Fix reference before assignment commit #6636
private_ccache: yield ccache name commit #5011
Add sanity checks for use of –ca-subject and –subject-base commit #2614
Indicate that ca subject / subject base uses LDAP RDN order commit #6455
Allow full customisability of IPA CA subject DN commit #2614
Reuse self.api when executing ca_enabled_check commit #2614
dsinstance: extract function for writing certmap.conf commit #2614
ipa-ca-install: add missing –subject-base option commit #2614
Extract function for computing default subject base commit #2614
installer: rename –subject to –subject-base commit #2614
installutils: remove hardcoded subject DN assumption commit #2614
Refactor and relocate set_subject_base_in_config commit #2614
dsinstance: minor string fixes commit #6586
Set up DS TLS on replica in CA-less topology commit #6226
Remove “Request Certificate with SubjectAltName” permission commit #6526
Fix DL1 replica installation in CA-less topology commit #6573
certprofile-mod: correctly authorise config update commit #6560
Fix regression in test suite commit #6178
Add options to write lightweight CA cert or chain to file commit #6178
certdb: accumulate extracted certs as list of PEMs commit #6178
Add function for extracting PEM certs from PKCS #7 commit #6178
cert-request: match names against principal aliases commit #6295
Remove references to ds_newinst.pl commit #6496
cert-request: accept CSRs with extraneous data commit #6472
Ensure correct IPA CA nickname in DS and HTTP NSSDBs commit #6415
Remove __main__ code from ipalib.x509 and ipalib.pkcs10 commit #6398
x509: use python-cryptography to process certs commit #6398
x509: use pyasn1-modules X.509 specs commit #6398
x509: avoid use of nss.data_to_hex commit #6398
pkcs10: remove pyasn1 PKCS #10 spec commit #6398
pkcs10: use python-cryptography for CSR processing commit #6398
dn: support conversion from python-cryptography Name commit #6398
cert-show: show validity in default output commit #6419
Do not create Object Signing certificate commit #6399
Add commentary about CA deletion to plugin doc commit #6256
spec: require Dogtag >= 10.3.5-6 commit #6256
sudorule: add SELinux transition examples to plugin doc commit #3461
Fix cert revocation when removing all certs via host/service-mod commit #6305
cert-request: raise error when request fails commit #6309
Make host/service cert revocation aware of lightweight CAs commit #6221
cert-request: raise CertificateOperationError if CA disabled commit #6260
Use Dogtag REST API for certificate requests commit #3473, #6260
Add HTTPRequestError class commit #3473, #6260
Allow Dogtag RestClient to perform requests without logging in commit #3473, #6260
Add ca-disable and ca-enable commands commit #6257
Track lightweight CAs on replica installation commit #6019

Ganna Kaihorodova (7)#

Tests: Basic coverage with tree root domain commit #6489
User Tracker: Test to create user with minimal values commit #6126
User Tracker: creation of user with minimal values commit #6126
Stage User: Test to create stage user with minimal values commit #6448
Tests: Stage User Tracker implementation commit #6448
Tests: Add tree root domain role in legacy client tests commit #6600
Unaccessible variable self.attrs in Tracker commit #6125

Jan Cholasta (106)#

spec file: always provide python package aliases commit
spec file: support client-only build commit #6517
spec file: support build without ipatests commit #6517
slapi plugins: fix CFLAGS commit
spec file: add unconditional python-setuptools BuildRequires commit
httpinstance: disable system trust module in /etc/httpd/alias commit #6132
csrgen: hide cert-get-requestdata in CLI commit #4899
cert: include certificate chain in cert command output commit #6547
cert: add output file option to cert-request commit #6547
Travis CI: run tests in development mode commit #6625
backend plugins: fix crashes in development mode commit #6625
vault: cache the transport certificate on client commit #6652
rpc: fix crash in verbose mode commit #6734
install: re-introduce option groups commit #6392
install CLI: remove magic option groups commit #6392
client install: split off SSSD options into a separate class commit #6392
server install: remove duplicate knob definitions commit #6392
install: add missing space in realm_name description commit #6392
server install: remove duplicate -w option commit #6392
certmap: load certificate from file in certmap-match CLI commit #6646
pylint_plugins: add forbidden import checker commit
ipapython: fix DEFAULT_PLUGINS in version.py commit #6597
config: re-add `init_config` and `config` commit #6707
dns: fix `dnsrecord_add` interactive mode commit #6457
server install: do not attempt to issue PKINIT cert in CA-less commit #5678
compat: fix `Any` params in `batch` and `dnsrecord` commit #6647
scripts, tests: explicitly set confdir in the rest of server code commit #6389
server upgrade: uninstall ipa_memcached properly commit #5959
server upgrade: always upgrade KRA agent PEM file commit #6675
server upgrade: fix upgrade from pre-4.0 commit #5959
server upgrade: fix upgrade in CA-less commit #5959
client install: create /etc/ipa/nssdb with correct mode commit #5959
ipaldap: preserve order of values in LDAPEntry._sync() commit #4985
replica install: do not log host OTP commit #6633
tests: add test for PEM certificate files with leading text commit
ipa-ca-install: do not fail without –subject-base and –ca-subject commit #2614
cert: fix search limit handling in cert-find commit #6564
dogtag: search past the first 100 certificates commit #6564
ipaldap: properly escape raw binary values in LDAP filters commit #4985
client install: correctly report all failures commit #6392
cainstance: do not configure renewal guard commit #5959
dogtaginstance: track server certificate with our renew agent commit #5959
renew agent: handle non-replicated certificates commit #5959
ca: fix ca-find with –pkey-only commit #6178
spec file: revert to the previous Release tag commit #6418
x509: use PyASN1 to parse PKCS#7 commit #6550
server install: fix KRA agent PEM file not being created commit #6392
spec file: do not define with_lint inside a comment commit #6418
certdb: fix PKCS#12 import with empty password commit #6541
server install: fix external CA install commit #6392
replica install: track the RA agent certificate again commit #6392
ipaclient: remove hard dependency on ipaplatform commit #6474
ipaclient: move install modules to the install subpackage commit #6474
ipalib: remove hard dependency on ipapython commit #6474
constants: remove CACERT commit #6474
ipalib: move certstore to the install subpackage commit #6474
ipapython: remove hard dependency on ipaplatform commit #6474
ipautil: move file encryption functions to installutils commit #6474
ipautil: move kinit functions to ipalib.install commit #6474
ipautil: move is_fips_enabled() to ipaplatform.tasks commit #6474
ipautil: remove the timeout argument of run() commit #6474
ipautil: remove get_domain_name() commit #6474
ipautil: remove SHARE_DIR and PLUGIN_SHARE_DIR commit #6474
certdb: use a temporary file to pass password to pk12util commit #6474
certdb: move IPA NSS DB install functions to ipaclient.install commit #6474
ipapython: move certmonger and sysrestore to ipalib.install commit #6474
ipapython: move dnssec, p11helper and secrets to ipaserver commit #6474
custodiainstance: automatic restart on config file update commit #6474
paths: remove DEV_NULL commit #6474
install: migrate client install to the new class hierarchy commit #6392
install: allow specifying verbosity and console log format in CLI commit #6392
install: migrate server installers to the new class hierarchy commit #6392
install: introduce installer class hierarchy commit #6392
install: fix subclassing of knob groups commit #6392
install: make knob base declaration explicit commit #6392
install: declare knob CLI names using the argparse convention commit #6392
install: use standard Python classes to declare knob types commit #6392
install: introduce updated knob constructor commit #6392
install: simplify CLI option parsing commit #6392
install: improve CLI positional argument handling commit #6392
install: use ldaps for pkispawn in ipa-ca-install commit #6392
replica install: fix DS restart failure during replica promotion commit #6392
replica install: merge KRA agent cert export into KRA install commit #6392
replica install: merge RA cert import into CA install commit #6392
server install: do not restart httpd during CA install commit #6392
install: merge all KRA install code paths into one commit #6392
install: merge all CA install code paths into one commit #6392
replica install: use one remote KRA host name everywhere commit #6392
replica install: use one remote CA host name everywhere commit #6392
spec file: bump minimal required version of 389-ds-base commit #6369
pwpolicy: do not run klist on import commit #6418
client: remove unused libcurl build dependency commit #6418
makeapi, makeaci: do not fail on missing imports commit #6418
ipaserver: remove ipalib import from setup.py commit #6418
pylint: enable the import-error check commit #6418
spec file: do not include BuildRequires for lint by default commit #6418
spec file: clean up BuildRequires commit #6418
cert: add revocation reason back to cert-find output commit #6269
test_plugable: update the rest of test_init commit #6313
dns: re-introduce –raw in dnsrecord-del commit #5644
client: remove hard dependency on pam_krb5 commit #5557
cert: fix cert-find –certificate when the cert is not in LDAP commit #6304
dns: fix crash in interactive mode against old servers commit #6203
dns: prompt for missing record parts in CLI commit #6203
dns: normalize record type read interactively in dnsrecord_add commit #6203
cli: use full name when executing a command commit #6279

Lenka Doudova (23)#

Document make_delete_command method in UserTracker commit #6485
Tests: Providing trust tests with tree root domain commit #6347
Tests: Verify that validity info is present in cert-show and cert-find command commit #6419
Add file_exists method as a member of transport object commit #6400
Tests: Provide AD cleanup for legacy client tests commit #6396
Tests: Provide AD cleanup for trust tests commit #6396
Tests: Fix integration sudo test commit #6378
Tests: Verify that cert commands show CA without –all commit #6410
Tests: Certificate revocation commit #6349
Tests: Remove invalid certplugin tests commit #6349
Tests: Fix failing test_ipalib/test_parameters commit #6292
Tests: Remove silent deleting and creating entries by tracker commit #6123
Tests: Remove usage of krb5 ccache from test_ipaserver/test_ldap commit #6323
Tests: Fix host attributes in ipa-join host test commit #6326
Tests: Update host test with ipa-join commit #6326
Tests: Add krb5kdc.service restart to integration trust tests commit #6322
Tests: Remove unnecessary attributes from base tracker commit #6128
Tests: Remove –force options from tracker base class commit #6124
Tests: Remove SSSD restart from integration tests commit #6338
Tests: Fix integration sudo tests setup and checks commit #6262
Tests: Fix failing ldap.backend test commit #6312
Tests: Add cleanup to integration trust tests commit #6306
Tests: Fix regex errors in integration trust tests commit #6285

Ludwig Krispenz (1)#

Check for conflict entries before raising domain level commit #6534

Lukas Slebodnik (6)#

CONFIGURE: Improve detection of xmlrpc_c flags commit #6418
CONFIGURE: Properly detect libpopt on el7 commit
ipa_pwd: remove unnecessary dependency on dirsrv plugins commit
SPEC: Fix build in mock commit #6604
CONFIGURE: Update help message for jslint commit #6604
CONFIGURE: Fix detection of pylint commit #6604

Martin Babinsky (113)#

Try out anonymous PKINIT after it is configured commit #6739
check for replica’s KDC entry on master before requesting PKINIT cert commit #6739
check that the master requesting PKINIT cert has KDC enabled commit #6739
Make wait_for_entry raise exceptions commit #6739
Move PKINIT configuration to a later stage of server/replica install commit #6739
Request PKINIT cert directly from Dogtag API on first master commit #6739
Make PKINIT certificate request logic consistent with other installers commit #6739
idviews: correctly handle modification of non-existent view commit #6372
Re-use trust domain retrieval code in certmap validators commit #6372
idview: add domain_resolution_order attribute commit #6372
ipaconfig: add the ability to manipulate domain resolution order commit #6372
Short name resolution: introduce the required schema commit #6372
ipa-managed-entries: only permit running the command on IPA master commit #6735
ipa-managed-entries: use server-mode API commit #6735
Allow login to WebUI using Kerberos aliases/enterprise principals commit #6343
Provide basic integration tests for built-in AD trust installer commit #6630
Update server/replica installer man pages commit #6630
Fix erroneous short name options in ipa-adtrust-install man page commit #6630
Merge AD trust configurator into replica installer commit #6630
Merge AD trust configurator into server installer commit #6630
expose AD trust related knobs in composite installers commit
Add AD trust installer interface for composite installer commit #6630
check for installed dependencies when *not* in standalone mode commit #6630
print the installation info only in standalone mode commit #6630
adtrust.py: Use logging to emit error messages commit #6630
Refactor the code searching and presenting missing trust agents commit #6639
only check for netbios name when LDAP backend is connected commit #6630
Refactor the code checking for missing SIDs commit #6630
use the methods of the parent class to retrieve CIFS kerberos keys commit #6638
httpinstance: re-use parent’s methods to retrieve anonymous keytab commit #6638
Make request_service_keytab into a public method commit #6638
allow for more flexibility when requesting service keytab commit #6638
Move AD trust installation code to a separate module commit #6629
Replace exit() calls with exceptions commit #6629
Remove unused variables in exception handling commit #6629
ipa-adtrust-install: format the code for PEP-8 compliance commit #6629
Travis CI: Upload the logs from failed jobs to transfer.sh commit
Explicitly handle quoting/unquoting of NSSNickname directive commit #6460
Delegate directive value quoting/unquoting to separate functions commit #6460
installutils: improve directive value parsing in `get_directive` commit #6460
Fix the installutils.set_directive docstring commit #6460
disable hostname canonicalization by Kerberos library commit #6584
Travis CI: actually return non-zero exit status when the test job fails commit
Trim the test runner log to show only pytest failures/errors commit
Add license headers to the files used by Travis CI commit
Travis CI: use specific Python version during build commit
introduce install step to .travis.yml and cache pip installs commit
split out lint to a separate Travis job commit
Travis: offload test execution to a separate script commit
Travis CI: a separate script to run test tasks commit
Put the commands informing and displaying build logs on single line commit
travis: mark FreeIPA as python project commit
Bump up ipa-docker-test-runner version commit
Add a basic test suite for `kadmin.local` interface commit #6561
Make `kadmin` family of functions return the result of ipautil.run commit #6561
gracefully handle setting replica bind dn group on old masters commit #6532
add missing attribute to ipaca replica during CA topology update commit #6508
Revert “upgrade: add replica bind DN group check interval to CA topology config” commit #6508
bindinstance: use data in named.conf to determine configuration status commit #6503
Use ipa-docker-test-runner to run tests in Travis CI commit
Configuration file for ipa-docker-test-runner commit
Add ‘env_confdir’ to constants commit #6389
Fix pep-8 transgressions in ipalib/misc.py commit #6490
Make `env` and `plugins` commands local again commit #6490
Revert “Add ‘ipa localenv’ subcommand” commit #6490
Enhance __repr__ method of Principal commit #6505
replication: ensure bind DN group check interval is set on replica config commit #6508
upgrade: add replica bind DN group check interval to CA topology config commit #6508
Improve the robustness FreeIPA’s i18n module and its tests commit #6512
Use common procedure to setup initial replication in both domain levels commit #6406
ensure that the initial sync using GSSAPI works agains old masters commit #6406
replication: refactor the code setting principals as replica bind DNs commit #6406
replication: augment setup_promote_replication method commit #6406
Turn replication manager group into ReplicationManager class member commit #6406
Fix the naming of ipa-dnskeysyncd service principal commit #6405
installutils: remove ‘install_service_keytab’ function commit #6405
domain-level agnostic keytab retrieval in httpinstance commit #6405
installers: restart DS after KDC is configured commit #6405
dsinstance: use keytab retrieval method from parent class commit #6405
use DM credentials to retrieve service keytab only in DLO commit #6405
Service: common method for service keytab requests commit #6405
Turn Kerberos-related properties to Service class members commit #6392
Make service user name a class member of Service commit #6392
service installers: clean up the inheritance commit #6392
fix incorrect invocation of ipa-getkeytab during DL0 host enrollment commit #6434
do partial host enrollment in domain level 0 replica install commit #6434
Separate function to purge IPA host principals from keytab commit #6434
certs: do not re-create NSS database when requesting service cert commit #6429
initialize empty /etc/http/alias during server/replica install commit #6429
CertDB: add API for non-destructive initialization from PKCS#12 bundle commit #6429
test_ipagetkeytab: use system-wide IPA CA cert location in tests commit #6409
Extend keytab retrieval test suite to cover new options commit #6409
Modernize ipa-getkeytab test suite commit #6409
extend ipa-getkeytab to support other LDAP bind methods commit #6409
ipa-getkeytab: expose CA cert path as option commit #6409
server-del: fix incorrect check for one IPA master commit #6417
Revert “Fix install scripts debugging” commit
do not use keys() method when iterating through dictionaries commit #6391
remove trailing newlines form python modules commit #6391
mod_nss: use more robust quoting of NSSNickname directive commit #5809
Move character escaping function to ipautil commit #5809
Make Continuous installer continuous only during execution phase commit #5725
use separate exception handlers for executors and validators commit #5725
ipa passwd: use correct normalizer for user principals commit #6329
trust-fetch-domains: contact forest DCs when fetching trust domain info commit #6328
netgroup: avoid extraneous LDAP search when retrieving primary key from DN commit #5855
advise: Use `name` instead of `__name__` to get plugin names commit
Use Travis-CI for basic sanity checks commit
ldapupdate: Use proper inheritance in BadSyntax exception commit #6294
raise ValidationError when deprecated param is passed to command commit #6190
Always fetch forest info from root DCs when establishing one-way trust commit #6057
factor out `populate_remote_domain` method into module-level function commit #6057
Always fetch forest info from root DCs when establishing two-way trust commit #6057

Martin Basti (134)#

Become IPA 4.5.0 commit
Update 4.5 translations commit
Add copy-schema-to-ca for RHEL6 to contrib/ commit #6540
Remove copy-schema-to-ca.py from master branch commit #6540
pylint: bump dependency to version >= 1.6 commit
backup: backup anonymous keytab commit #5959
tests: use –setup-kra in tests commit #6731
KRA: add –setup-kra to ipa-server-install commit #6731
man: add missing –setup-adtrust option to manpage commit #6630
ipactl restart: log httplib failues as debug commit #6674
Tests: search for disabled users commit
Test: DNS nsupdate from dns-update-system-records commit #6585
DNS: dns-update-system-record can create nsupdate file commit #6585
py3: ipa_generate_password: do not compare None and Int commit #4985
py3: change_admin_password: use textual mode commit #4985
py3: create DNS zonefile: use textual mode commit #4985
py3: upgradeinstance: use bytes literals with LDIF operations commit #4985
py3: upgradeinstance: decode data before storing them as backup… commit #4985
py3: upgradeinstance: open dse.ldif in textual mode commit #4985
custodia: kem.set_keys: replace too-broad exception commit
py3: kem.py: user bytes with ldap values commit #4985
py3: custodia: basedn must be unicode commit #4985
py3: configparser: use raw keyword commit #4985
py3: modify_s: attribute name must be str not bytes commit #4985
py3: ldapupdate: fix logging str(bytes) issue commit #4985
DNSSEC: forwarders validation improvement commit
py3: test_ipaserver: fix BytesWarnings commit #4985
py3: get_memberofindirect: fix ByteWarnings commit #4985
py3: DN: fix BytesWarning commit #4985
Tests: fix wait_for_replication task commit
py3: send Decimal number as string instead of base64 encoded value commit #4985
py3: ipaldap: properly encode DNSName to bytes commit #4985
py3: _convert_to_idna: fix bytes/unicode mistmatch commit #4985
py3: DNS: get_record_entry_attrs: do not modify dict during iteration commit #4985
py3: _ptrrecord_precallaback: use bytes with labels commit #4985
py3: remove_entry_from_group: attribute name must be string commit #4985
py3: base64 encoding/decoding returns always bytes don’t mix it commit #4985
pki-base: use pki-base-python2 as dependency commit #4985
pki: add missing depedency pki-base[-python3] commit #4985
py3: x509.py: return principal as unicode string commit #4985, #6640
py3: tests_xmlrpc: do not call str() on bytes commit #4985
py3: normalize_certificate: support both bytes and unicode commit #4985
py3: strip_header: support both bytes and unicode commit #4985
py3: fingerprint_hex_sha256: fix encoding/decoding commit #4985
py3: fix CSR encoding inside framework commit #4985
Principal: validate type of input parameter commit
Use dict comprehension commit
py3: can_read: attributelevelrights is already string commit #4985
py3: get_effective_rights: values passed to ldap must be bytes commit #4985
py3: ipaldap: update encode/decode methods commit #4985
py3: rpcserver fix undefined variable commit #4985
py3: WSGI executioners must return bytes in list commit #4985
py3: session: fix r/w ccache data commit #4985
Py3: Fix undefined variable commit #4985
py3: rpcserver: decode input because json requires string commit #4985
py3: session.py decode server name to str commit #4985
Use proper logging for error messages commit
wait_for_entry: use only DN as parameter commit #6588
py3: decode bytes for json.loads() commit #4985
dogtag.py: fix exception logging of JSON data commit
py3: convert_attribute_members: don’t use bytes as parameter for DN commit #4985
py3: make_filter_from_attr: use string instead of bytes commit #4985
py3: __add_acl: use standard ipaldap methods commit #4985
py3: add_entry_to_group: attribute name must be string not bytes commit #4985
py3: HTTPResponse has no ‘dict’ attribute in ‘msg’ commit #4985
py3: _httplib_request: don’t convert string to bytes commit #4985
py3: cainstance: replace mkstemp with NamedTemporaryFile commit #4985
py3: write CA/KRA config into file opened in text mode commit #4985
py3: CA/KRA: config parser requires string commit #4985
py3: ipautil: open tempfiles in text mode commit #4985
py3: ldap modlist must have keys as string, not bytes commit #4985
py3: open temporary ldif file in text mode commit #4985
py3: service.py: replace mkstemp by NamedTemporaryFile commit #4985
py3: create_cert_db: write to file in a compatible way commit #4985
_resolve_records: fix assert, nameserver_ip can be none commit
Remove duplicated step from DS install commit
py3: enable py3 pylint commit
Py3: Fix ToASCII method commit #5935
fix: regression in API version comparison commit #6468
ipactl: pass api as argument to services commit
DNS: URI records: bump python-dns requirements commit #6344
remove Knob function commit #6392
KRA: don’t add KRA container when KRA replica commit
Zanata: exlude testing ipa.pot file commit #6435
client: use correct code for failed uninstall commit #6392
client: use exceptions instead of return states commit #6392
client: move install part to else branch commit #6392
client: move install cleanup from ipa-client-install to module commit #6392
client: move clean CCACHE to module commit #6392
client: fix script execution commit #6392
client: Remove useless except in ipa-client-install commit #6392
client: move custom env variable into client module commit #6392
client: extract checks from uninstall to uninstall_check commit #6392
client: extract checks from install to install_check commit #6392
client: move checks to client.install_check commit #6392
client: make statestore and fstore consistent with server commit #6392
IPAChangeConf: use constant for empty line commit #6392
client: import IPAChangeConf directly instead the module commit #6392
client: remove extra return from hardcode_ldap_server commit #6392
client: install function: return constant not hardcoded number commit #6392
client: remove unneded return from configure_ipa_conf commit #6392
client: remove unneded return configure_krb5_conf commit #6392
ipa-client-install: move client install to module commit #6392
CI: Disable KRA install tests on DL0 commit #6088
CI: use –setup-kra with replica installation commit #6088
CI: extend replication layouts tests with KRA commit #6088
CI: workaround: wait for dogtag before replica-prepare commit #6274
Pylint: fix the rest of unused local variables commit
Pylint: remove unused variables in tests commit
Pylint: remove unused variables in ipaserver package commit
Pylint: remove unused variables from installers and scripts commit
Fix: find OSCP certificate test commit #6359
Pylint: enable check for unused-variables commit
Remove unused variables in tests commit
Remove unused variables in the code commit
test_text: add test ipa.pot file for tests commit #6333
Pylint: enable global-variable-not-assigned check commit
Pylint: enable cyclic-import check commit
Test: dont use global variable for iteration in test_cert_plugin commit #5755
Use constant for user and group patterns commit #5822
Fix regexp patterns in parameters to not enforce length commit #5822
Add check for IP addresses into DNS installer commit #5814
Fix missing config.ips in promote_check commit #5814
Abstract procedures for IP address warnings commit #5814
Catch DNS exceptions during emptyzones named.conf upgrade commit #6205
Start named during configuration upgrade. commit #6205
Tests: extend DNS cmdline tests with lowercased record type commit #6203
Show warning when net/broadcast IP address is used in installer commit #5814
Allow multicast addresses in A/AAAA records commit #5814
Allow broadcast ip addresses commit #5814
Allow network ip addresses commit #5814
Fix parse errors with link-local addresses commit #6296
Fix ScriptError to always return string from __str__ commit #6294
Bump master IPA devel version to 4.4.90 commit

Martin Kosek (1)#

Update Contributors.txt commit

Milan Kubík (4)#

ipatests: Fix assert_deepequal outside of pytest process commit #6420
ipatests: Implement tests with CSRs requesting SAN commit #6366
ipatests: Fix name property on a service tracker commit #6366
ipatests: provide context manager for keytab usage in RPC tests commit #6366

Michal Reznik (1)#

test_csrgen: adjusted comparison test scripts for CSRGenerator commit #6724

Michal Židek (1)#

git: Add commit template commit

Nathaniel McCallum (3)#

Migrate OTP import script to python-cryptography commit #5192
Use RemoveOnStop to cleanup systemd sockets commit
Properly handle LDAP socket closures in ipa-otpd commit #6368

Oleg Fayans (45)#

Test: uniqueness of certificate renewal master commit #6504
Test: basic kerberos over http functionality commit #6446
Test: made kinit_admin a returning function commit
tests: Added basic tests for certs in idoverrides commit #6412
Created idview tracker commit #6412
Test for installing rules with service principals commit #6481
Test: integration tests for certs in idoverrides feature commit #6005
Added interface to certutil commit
Automated ipa-replica-manage del tests commit
tests: Automated clean-ruv subcommand tests commit #6451
Reverted the essertion for replica uninstall returncode commit #6401
Test: disabled wrong client domain tests for domlevel 0 commit #6382
tests: Fixed code styling in caless tests to make pep8 happy commit
tests: Reverted erroneous asserts in 4 tests commit
tests: fixed certinstall method commit
tests: fixed super method invocation commit
tests: added verbose assert to test_service_disable_doesnt_revoke commit
tests: Standardized replica_preparation in test_no_certs commit
tests: Implemented check for domainlevel before installation verification commit
tests: Fixed Usage of improper certs in ca-less tests commit
tests: fixed expects of incorrect error messages commit
tests: Replaced unused setUp method with install commit
tests: Replaced hardcoded certutil with imported from paths commit
tests: Enabled negative testing for cleaning replication agreements commit
tests: Made unapply_fixes call optional at master uninstallation commit
tests: Updated master and replica installation methods to enable negative testing commit
tests: Added necessary xfails commit
tests: Added necessary getkeytabs calls to fixtures commit
tests: Removed outdated command options test commit
tests: Applied correct teardown methods commit
tests: Fixed incorrect assert in verify_installation commit
tests: Adapted installation methods to utilize methods from tasks commit
tests: Removed call for install method from parent class commit
tests: Added teardown methods for server and replica installation commit
tests: Create a method that cleans all ipa certs commit
tests: Updated ipa server installation stdin text commit
tests: Added generation of missing certs commit
tests: Added basic constraints extension to the CA certs commit
tests: Fixed method failures during second call for the method commit #5880
Xfailed a test that fails due to 6250 commit #6250
Fixed segment naming in topology tests commit
Xfailed the tests due to a known bug with replica preparation commit #6274
Changed addressing to the client hosts to be replicas commit #6287
Several fixes in replica_promotion tests commit #6301
Removed incorrect check for returncode commit #6300

Petr Čech (1)#

ipatests: nested netgroups (intg) commit #6439

Petr Spacek (126)#

ipa_generate_password algorithm change commit #5695
Remove named-pkcs11 workarounds from DNSSEC tests. commit #5348
Build: forbid builds in working directories containing white spaces commit #6537
Build: always use Pylint from Python version used for rest of the build commit #157
Build: specify BuildRequires for Python 3 pylint commit #157
Build: makerpms.sh generates Python 2 & 3 packages at the same time commit #157
Accept server host names resolvable only using /etc/hosts commit #6518
Build: properly integrate ipa.pot into build system tests commit #6498
Build: properly integrate ipasetup.py into build system commit #6498
Build: properly integrate version.py into build system commit #6498
Build: properly integrate loader.js into build system commit #6498
Build: properly integrate freeipa.spec.in into build system commit #6498
Build: properly integrate ipa-version.h.in into build system commit #6498
Build: workaround bug while calling parallel make from rpmbuild commit #6418
Build: remove ipa.pot from Git as it can be re-generated at any time commit #6418
Build: integrate translation system tests again commit #6418
Build: automatically generate list of files to be translated in configure commit #6418
Build: clean in po/ removes *~ files as well commit #6418
Build: support strip-po target for translations commit #6418
Build: use standard infrastructure for translations commit #6418
Build: fix path in ipa-ods-exporter.socket unit file commit #6495
Build: fix file dependencies for make-css.sh commit #6418
Build: update makerpms.sh to use same paths as rpmbuild commit #6418
Build: remove incorrect use of MAINTAINERCLEANFILES commit #6418
Build: enable silent build in makerpms.sh commit #6418
Build: support –enable-silent-rules for Python packages commit #6418
Build: workaround bug 1005235 related to Python paths in auto-generated Requires commit #6418
Build: document what should be in %install section of SPEC file commit #6418
Build: move web UI file installation from SPEC to Makefile.am commit #6418
Build: move server directory handling from SPEC to Makefile.am commit #6418
Build: move client directory handling from SPEC to Makefile.am commit #6418
Update man page for ipa-adtrust-install by removing –no-msdcs option commit #6480
Build: pass down %{release} from SPEC to configure commit #6418
Build: update IPA_VERSION_IS_GIT_SNAPSHOT to comply with PEP440 commit #6418
Build: add make srpms target commit #6418
Build: IPA_VERSION_IS_GIT_SNAPSHOT re-generates version number on RPM build commit #6418
Build: use POSIX 1003.1-1988 (ustar) file format for tar archives commit #6418
Build: IPA_VERSION_IS_GIT_SNAPSHOT checks if source directory is Git repo commit #6418
Build: remove unused and redundant code from configure.ac and po/Makefile.in commit #6418
Build: fix make clean to remove build artifacts from top-level directory commit #6418
Build: fix make clean for web UI commit #6418
Build: add polint target for i18n tests commit #6418
Build: add makeapi lint target commit #6418
Build: add makeaci lint target commit #6418
Build: add JS lint target commit #6418
Build: add Python lint target commit #6418
Build: remove obsolete instructions about BuildRequires from BUILD.txt commit #6418
Build: add make rpms target and convenience script makerpms.sh commit #6418
Build: fix KDC proxy installation and remove unused kdcproxy.conf commit #6418
Build: remove unused dirs /var/cache/ipa/{sysupgrade,sysrestore} from SPEC commit #6418
Build: do not compress manual pages at install time commit #6418
Build: distribute doc directory commit #6418
Build: create /var/run directories at install time commit #6418
Build: integrate init and init/systemd into build system commit #6418
Build: remove init/SystemV directory commit #6418
Build: integrate contrib directory into build system commit #6418
Build: remove ancient checks/check-ra.py commit #6418
Build: integrate daemons/dnssec into build system commit #6418
Build: fix distribution of daemons/ipa-slapi-plugins/topology files commit #6418
Build: fix distribution of daemons/ipa-slapi-plugins/ipa-winsync files commit #6418
Build: fix distribution of daemons/ipa-slapi-plugins/ipa-sidgen files commit #6418
Build: fix distribution of daemons/ipa-slapi-plugins/ipa-pwd-extop files commit #6418
Build: fix distribution of daemons/ipa-slapi-plugins/ipa-otp-lasttoken files commit #6418
Build: fix distribution of daemons/ipa-slapi-plugins/ipa-otp-counter files commit #6418
Build: fix distribution of daemons/ipa-slapi-plugins/ipa-exdom-extop files commit #6418
Build: fix distribution of daemons/ipa-slapi-plugins/ipa-cldap files commit #6418
Build: fix distribution of ipa-slapi-plugins/common files commit #6418
Build: fix distribution of daemon/ipa-kdb files commit #6418
Build: fix distribution of client header file commit #6418
Build: fix distribution of asn1/asn1c files commit #6418
Build: fix distribution of install/REDME.schema file commit #6418
Build: fix distribution of oddjob files commit #6418
Build: Remove spurious EXTRA_DIST from install/share/Makefile.am commit #6418
Build: cleanup unused LDIFs from install/share commit #6418
Build: fix distribution of libexec scripts commit #6418
Build: fix distribution and installation of update LDIFs commit #6418
Web UI: Remove offline version of Web UI commit #6447
Build: fix distribution of static files for web UI commit #6418
Build: stop build when a step in web UI build fails commit #6418
Build: fix distribution and installation of static files in top-level directory commit #6418
Build: fix man page distribution commit #6418
Build: fix distdir target for translations commit #6418
Build: rename project from ipa-server to freeipa commit #6418
Build: remove non-existing README files from Makefile.am commit #6418
Build: fix Makefile.am files to separate source and build directories commit #6418
Build: respect –prefix for systemdsystemunitdir commit #6418
Build: fix make install in asn1 subdirectory commit #6418
Build: fix ipaplatform detection for out-of-tree builds commit #6418
Build: Makefiles for Python packages commit #6418
Build: fix module name in ipaserver/setup.py commit #6418
Build: replace hand-made Makefile with one generated by Automake commit #6418
Build: move version handling from Makefile to configure commit #6418
Docs: update docs about ipaplatform to match reality commit #6418
Build: replace ipaplatform magic with symlinks generated by configure commit #6418
Build docs: update platform selection instructions commit #6418
Build: split out egg-info Makefile target from version-update target commit #6418
Build: split API/ACI checks into separate Makefile targets commit #6418
Build: use default error handling for PKG_CHECK_MODULES commit #6418
Build: use libutil convenience library for client commit #6418
Build: cleanup INI library detection commit #6418
Build: modernize XMLRPC-client library detection commit #6418
Build: modernize CURL library detection commit #6418
Build: modernize SASL library detection commit #6418
Build: modernize POPT library detection commit #6418
Build: merge client/configure.ac into top-level configure.ac commit #6418
Build: remove Transifex support commit #6418
Build: move translations from install/po/ to top-level po/ commit #6418
Build: merge install/configure.ac into top-level configure.ac commit #6418
Build: merge ipatests/man/configure.ac to top-level configure.ac commit #6418
Build: merge asn1/configure.ac to top-level configure.ac commit #6418
Build: transform util directory to libutil convenience library commit #6418
Build: promote daemons/configure.ac to top-level configure.ac commit #6418
Build: adjust include paths in daemons/ipa-kdb/tests/ipa_kdb_tests.c commit #6418
Build: pass down LIBDIR definition from RPM SPEC to Makefile commit #6418
Build: remove deprecated AC_STDC_HEADERS macro commit
Build: require Python >= 2.7 commit
Build: remove traces of mozldap library commit
Build: modernize crypto library detection commit
Build: modernize UUID library detection commit
Build: modernize Kerberos library detection commit
Build: add missing KRB5_LIBS to daemons/ipa-otpd commit
Tests: print what was expected from callables in xmlrpc_tests commit
DNS: Improve field descriptions for SRV records commit
DNS: Support URI resource record type commit #6344
Fix compatibility with python-dns 1.15.0 commit #6390
Raise errors from service.py:_ldap_mod() by default commit

Petr Vobornik (6)#

permissions: add permissions for read and mod of external group members commit #5504
webui: do not warn about CAs if there is only one master commit #6598
webui: fixes normalization of value in attributes widget commit
Change README to use Markdown commit
Raise errors.EnvironmentError if IPA_CONFDIR var is incorrectly used commit
replicainstall: log ACI and LDAP errors in promotion check commit

Pavel Vomacka (69)#

Remove allow_constrained_delegation from gssproxy.conf commit #6225
WebUI: Add support for management of user short name resolution commit #6372
WebUI: add link to login page which for login using certificate commit #6225
Support certificate login after installation and upgrade commit #6225
TESTS WebUI: Vaults management commit #5426
TESTS: Add support for sidebar with facets commit #5426
TESTS: Add support for KRA in ui_driver commit #5426
WebUI: add vault management commit #5426
WebUI: allow to show rows with same pkey in tables commit #5426
WebUI: search facet’s default actions might be overriden commit #5426
Add possibility to hide only one tab in sidebar commit #5426
Possibility to set list of table attributes which will be added to _del command commit #5426
Extend _show command after _find command in table facets commit #5426
Add possibility to pass url parameter to update command of details page commit #5426
Add property which allows refresh command to use url value commit #5426
Added optional option in refreshing after modifying association table commit #5426
Possibility to skip checking writable according to metadata commit #5426
Allow to set another other_entity name commit #5426
Additional option to add and del operations can be set commit #5426
WebUI: Add cermapmatch module commit #6601
WebUI: Add Adapter for certmap_match result table commit #6601
WebUI: Possibility to choose object when API call returns list of objects commit #6601
WebUI: Add possibility to turn of autoload when details.load is called commit #6601
WebUI: don’t change casing of Auth Indicators values commit #6308
WebUI: Allow disabling lowering text in custom_checkbox_widget commit #6308
Add support for custom table pagination size commit #5742
Make singleton from config module commit #5742
Add javascript integer validator commit #5742
WebUI: Add certmap module commit #6601
WebUI: Add Custom command multivalued adder dialog commit #6601
WebUI: Create non editable row widget for mutlivalued widget commit #6601
WebUI: Add possibility to set field always writable commit #6601
WebUI: Change structure of Identity submenu commit #6717
WebUI: add sizelimit:0 to cert-find commit #6712
WebUI: fix incorrect behavior of ESC button on combobox commit #6388
WebUI: add default on_cancel function in adder_dialog commit #6388
Coverity: removed useless semicolon which ends statement earlier commit
Coverity: Fix possibility of access to attribute of undefined commit
Change activity text while loading metadata commit #6144
Refactoring of rpc module commit #6144
WebUI: update Patternfly and Bootstrap commit #6394
WebUI: Hide incorrectly shown buttons on hosts tab in ID Views commit #6546
Lowered the version of gettext commit #6418
Add python-pyasn1-modules into dependencies commit #6398
Adjustments for setup requirements v2 commit #6468
TESTS: Update group type name commit #6334
Coverity - null pointer dereference commit
Coverity - accessing attribute of variable which can point to null commit
Coverity - opens dialog which might not be created commit
Coverity - iterating over variable which could be null commit
Coverity - null pointer dereference commit
Coverity - true branch can’t be executed commit
Coverity - true branch can’t be executed commit
Coverity - removed dead code commit
Coverity - Accesing attribute of null commit
Coverity - identical code for different branches commit
Coverity - not initialized variable commit
Coverity - null pointer exception commit
Coverity - null pointer exception commit
WebUI: services without canonical name are shown correctly commit #6397
WebUI: fix API Browser menu label commit #6384
Add tooltip to all fields in DNS record adder dialog commit
WebUI: hide buttons in certificate widget according to acl commit #6341
WebUI: Change group name from ‘normal’ to ‘Non-POSIX’ commit #6334
WebUI: Add handling for HTTP error 404 commit #4821
Add ‘Restore’ option to action dropdown menu commit #5818
WebUI add support for sub-CAs while revoking certificates commit #6216
WebUI: Fix showing certificates issued by sub-CA commit #6238
Add support for additional options taken from table facet commit #6238

Gabe (1)#

Allow nsaccountlock to be searched in user-find command commit

Simo Sorce (31)#

Store session cookie in a ccache option commit #6661
Add support for searching policies in cn=accounts commit #6568
Add code to retrieve results from multiple bases commit
Use GSS-SPNEGO if connecting locally commit #6656
Limit sessions to 30 minutes by default commit #5959
Remove non-sensical kdestroy on https stop commit #6673
Fix session logout commit #6685
Deduplicate session cookies in headers commit #6676
Change session logout to kill only the cookie commit #6682
Insure removal of session on identity change commit #6543
Explicitly pass down ccache names for connections commit #6543
Allow rpc callers to pass ccache and service names commit #6543
Fix uninstall stopping ipa.service commit #5959
Rationalize creation of RA and HTTPD NSS databases commit #5959
Add a new user to run the framework code commit #5959
Always use /etc/ipa/ca.crt as CA cert file commit #5959
Simplify NSSDatabase password file handling commit #5959
Separate RA cert store from the HTTP cert store commit #5959
Configure HTTPD to work via Gss-Proxy commit #4189, #5959
Use Anonymous user to obtain FAST armor ccache commit #5959
Drop use of kinit_as_http from trust code commit #5959
Generate tmpfiles config at install time commit #5959
Change session handling commit #5959
Use the tar Posix option for tarballs commit #6418
Add compatibility code to retrieve headers commit #6558
Configure Anonymous PKINIT on server install commit #5678
Properly handle multiple cookies in rpc lib. commit
Properly handle multiple cookies in rpcclient commit
Support DAL version 5 and version 6 commit #6466
Fix install scripts debugging commit
Fix error message encoding commit

Stanislav Laznicka (78)#

Remove pkinit from ipa-replica-prepare commit #6759
Backup KDC certificate pair commit #6748
Don’t fail more if cert req/cert creation failed commit #6755
Fix ipa-replica-prepare server-cert creation commit #6755
Don’t allow standalone KRA uninstalls commit #6538
Add message about last KRA to WebUI Topology view commit #6538
Add check to prevent removal of last KRA commit #6538
Don’t use weak ciphers for client HTTPS connections commit #6730
We don’t offer no quickies commit
Fix cookie with Max-Age processing commit #6718
Fix CA-less upgrade commit #5695
Fix replica with –setup-ca issues commit #5695
Moving ipaCert from HTTPD_ALIAS_DIR commit #5695, #6680
Added a PEMFileHandler for Custodia store commit #5695
Refactor certmonger for OpenSSL certificates commit #5695
Workaround for certmonger’s “Subject” representations commit #5695
Remove ipapython.nsslib as it is not used anymore commit #5695
Remove NSSConnection from otptoken plugin commit #5695
Remove pkcs12 handling functions from CertDB commit #5695
Remove NSSConnection from Dogtag commit #5695
Move publishing of CA cert to cainstance creation on master commit #5695
Don’t run kra.configure_instance if not necessary commit #5695
Move RA agent certificate file export to a different location commit #5695, #6392
Remove NSSConnection from the Python RPC module commit #5695
Remove md5_fingerprints from IPA commit #5695
Remove DM password files after successfull pkispawn run commit #5695
Remove ra_db argument from CAInstance init commit #5695
Fix ipa-server-upgrade commit #5959
Use newer Certificate.serial_number in krainstance.py commit
Fix error in ca_cert_files validator commit #6694
Don’t prepend option names with additional ‘–’ commit #6392
Bump python-cryptography version in ipasetup.py.in commit #6631
custodiainstance: don’t use IPA-specific CertDB commit
Add password to certutil calls in NSSDatabase commit #5695
Explicitly remove support of SSLv2/3 commit #6607
Add FIPS-token password of HTTPD NSS database commit #5695
Bump required python-cryptography version commit #6631
Remove is_fips_enabled checks in installers and ipactl commit #5695
Generate sha256 ssh pubkey fingerprints for hosts commit #5695
Unify password generation across FreeIPA commit #5695
Clarify meaning of –domain and –realm in installers commit #6574
replicainstall: give correct error message on DL mismatch commit #6510
Fix permission-find with sizelimit set commit #5640
Generalize filter generation in LDAPSearch commit #5640
permission-find: fix a sizelimit off-by-one bug commit #5640
fix permission_find fail on low search size limit commit #5640
Make get_entries() not ignore its limit arguments commit #5640
Do not log DM password in ca/kra installation logs commit #6461
Fix CA replica install on DL1 commit #6392
Offer more general way to check domain level in replicainstall commit #6392
Use same means of checking replication agreements on both DLs commit #6392
replicainstall: move common checks to common_check() commit #6392
Take advantage of the ca/kra code cleanup in replica installation commit #6392
Use updated CA certs in replica installation commit #6392
Use os.path.join instead of concatenation commit #6392
Remove redundant CA cert file existance check commit #6392
Use host keytab to connect to remote server on DL0 commit #6392
Split install_http_certs() into two functions commit #6392
First step of merging replica installation of both DLs commit #6392
Properly bootstrap replica promotion api commit #6392
Move the pki-tomcat restart to cainstance creation commit #6392
Move httpd restart to DNS installation commit #6392
Import just IPAChangeConf instead of the whole module commit #6392
Added file permissions option to IPAChangeConf.newConf() commit #6392
Fix to ipachangeconf docstrings commit #6392
replicainstall: Unify default.conf file creation commit #6392
Replaced EMPTY_LINE constant with a function call commit #6392
client: Making the configure functions more readable commit #6392
Moved update of DNA plugin among update plugins commit #6392
Move ds.replica_populate to an update plugin commit #6392
Remove redundant dsinstance restart commit #6392
Fix missing file that fails DL1 replica installation commit #6393
Make httpd publish its CA certificate on DL1 commit #6393
Make installer quit more nicely on external CA installation commit #6230
Fix test_util.test_assert_deepequal test commit #6373
Pretty-print structures in assert_deepequal commit #6212
Remove update_from_dict() method commit #6311
Updated help/man information about hostname commit #5754

Thierry Bordaz (1)#

IPA Allows Password Reuse with History value defined when admin resets the password. commit #6402

Timo Aaltonen (8)#

ipaplatform/debian/paths: Add some missing values. commit
ipaplatform/debian/paths: Rename IPA_KEYTAB to OLD_IPA_KEYTAB. commit
ipaplatform/debian/paths: Add IPA_HTTPD_KDCPROXY. commit
ipaplatform/debian/services: Fix is_running arguments. commit
ipaplatform: Add Debian platform module. commit
client, platform: Use paths.SSH* instead of get_config_dir(). commit
Move ipa-otpd to $libexecdir/ipa commit
Purge obsolete firefox extension commit

Tomas Krizek (68)#

installer: update time estimates commit #6596
server install: require IPv6 stack to be enabled commit #6608
Add SHA256 fingerprints for certs commit #6701
man: update ipa-cacert-manage commit #6648
test_config: fix fips_mode key in Env commit #5695
Env __setitem__: replace assert with exception commit
FIPS: perform replica installation check commit #5695
replicainstall: add context manager for rpc client commit
check_remote_version: update exception and docstring commit
test_config: fix tests for env.fips_mode commit #5695
Add fips_mode variable to env commit #5695
Bump required version of bind-dyndb-ldap to 11.0-2 commit #6565
bindinstance: fix named.conf parsing regexs commit #6565
PEP8: fix line length for regexs in bindinstance commit
bump required version of BIND, bind-dyndb-ldap commit #6565
named.conf template: update API for bind 9.11 commit #6565
Remove obsolete serial_autoincrement from named.conf parsing commit #6565
certdb: remove unused valid_months property commit
certdb: remove unused keysize property commit
Fix coverity issue commit
ipautil: check for open ports on all resolved IPs commit #6522
replica-conncheck: improve message logging commit #6497
replica-conncheck: improve error message during replicainstall commit #6497
ipa-replica-conncheck: fix race condition commit #6487
ipa-replica-conncheck: do not close listening ports until required commit #6487
upgrade: ldap conn management commit #6461
services: replace admin_conn with api.Backend.ldap2 commit #6461
upgrade: do not explicitly set principal for services commit #6500
Build: ignore rpmbuild for lint target commit #6418
cainstance: use correct certificate for replica install check commit #6461
dns: check if container exists using ldapi commit #6461
ipaldap: remove do_bind from LDAPClient commit #6461
gitignore: ignore tar ball commit #6418
libexec scripts: ldap conn management commit #6461
ldap2: modify arguments for create_connection commit #6461
replicainstall: use ldap_uri in ReplicationManager commit #6461
replicainstall: correct hostname in ReplicationManager commit #6461
install tools: ldap conn management commit #6461
ldap2: change default bind_dn commit #6461
ipa-adtrust-install: ldap conn management commit #6461
install: remove adhoc dis/connect from services commit #6461
ldapupdate: use ldapi in LDAPUpdate commit #6461
replicainstall: properly close adhoc connection in promote commit #6461
install: ldap conn management commit #6461
install: remove adhoc api.Backend.ldap2 (dis)connect commit #6461
install: add restart_dirsrv for directory server restarts commit #6461
upgradeinstance: ldap conn management commit #6461
dsinstance: conn management commit #6461
ldap2: change default time/size limit commit #6461
cainstall: add dm_password to CA installation commit #6461
replicainstall: set ldapi uri in replica promotion commit #6461
dsinstance: enable ldapi and autobind in ds commit #6461
install: remove dirman_pw from services commit #6461
ipaldap: merge IPAdmin to LDAPClient commit #6461
ipaldap: merge gssapi_bind to LDAPClient commit #6461
ipaldap: merge external_bind into LDAPClient commit #6461
ipaldap: merge simple_bind into LDAPClient commit #6461
ipaldap: remove wait/timeout during binds commit #6461
ipa: check if provided config file exists commit #6114
ipa: allow relative paths for config file commit #6114
Prompt for forwarder in dnsforwardzone-add commit #6169
Update man/help for –server option commit #6202
Update ipa-server-install man page for hostname commit #6330
Add help info about certificate revocation reasons commit #6327
Add log messages for IP checks during client install commit #6331
Show error message for invalid IPs in client install commit #6340
Keep NSS trust flags of existing certificates commit #5791
Don’t show error messages in bash completion commit #6273

Thorsten Scherf (2)#

added ssl verification using IPA trust anchor commit #6686
added help about default value for –external-ca-type option commit

shanyin (1)#

fix missing translation string commit

Highlights in 4.5.0

Contents