The FreeIPA team would like to announce FreeIPA 4.7.3 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 29 will be available in the official COPR repository.
Highlights in 4.7.3#
6077: [RFE] Support One-Way Trust authenticated by trust secret
With this enhancement, Identity Management (IdM) supports establishing a one-way forest trust to Active Directory (AD) authenticated by a shared secret from the Windows AD domain controller (DC). Previous IdM versions did not contain the features that allowed AD DCs to contact an IdM DC in the mentioned scenario. As a result, IdM now supports establishing a one-way forest trust using a shared secret from both Active Directory and from IdM.
7193: [RFE] Warn or adjust umask if it is too restrictive to break installation
If the umask has been used during the installation of an Identity Management (IdM) it was “too restrictive” This RFE checks for too-restrictive mask at install time and error out when this happens to avoid not working deployments of the FreeIPA server.
7206: [RFE] Provide an option to include FQDN in IDM topology graph
IdM WebUI is now able to display the fully qualified domain name (FQDN) of the nodes in its Topology Graph. As a result, the topology graph is able to distinguish nodes with the same short hostname but within different domains.
7716: [RFE] remove “last init status” from ipa-replica-manage list if it’s None.
In verbose mode, the command ipa-replica-manage list displays additional details such as the status and timestamp of the last initialization or the last update. When no initialization occurred on the server, the command doesn’t display any more the labels ‘last init status: None’ and ‘last init ended: 1970-01-01 00:00:00+00:00’ which were confusing.
7747: [RFE] Support interactive prompt for NTP options for FreeIPA
With patches related to this RFE an Identity Management (IdM) is no longer unable to set time servers/pool when run without NTP related options passed only by command line options. This prompt for NTP server and pool options applies to interactive installations run without –unattended/-U option aiming to improve user experience for users not familiar with command line options.
Enhancements#
Known Issues#
Bug fixes#
FreeIPA 4.7.3 is a stabilization release for the features delivered as a part of 4.7.0.
There are more than 130 bug-fixes details of which can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets#
2018 Change hostname length limit to 64
4270 CA-less installation should not continue if dirsrv/httpd certificate is revoked
4271 CA-less test suite always generate failures
4607 ipa-getkeytab fails if -k points to empty file or a symlink to nonexistent file
4812 Switch nsslapd-unhashed-pw-switch to nolog
5062 [WebUI] Unlock option is enabled for all user.
5803 Add utility to promote CA replica to CRL master
5880 Second call to ldapmodify in ipatests.test_integration.tasks.enable_replication_debugging fails
6077 [RFE] Support One-Way Trust authenticated by trust secret
6468 Make ipaclient pip install-able
6594 ipa idoverrideuser-find view –anchor fails to return output
6627 WebUI: Enable pagination
6951 Update samba config file and use sss idmap module
6979 Suggest user to install libyubikey package instead of traceback
7139 Traceback is seen when modification is done for user from ID Views - Default Trust View Tab.
7193 [RFE] Warn or adjust umask if it is too restrictive to break installation
7200 ipa-pkinit-manage reports a switch from local pkinit to full pkinit configuration was successful although it was not.
7206 [RFE] Provide an option to include FQDN in IDM topology graph
7288 set_directive can overwrite wrong directives
7305 PKINIT status not displayed in the web UI (IPA Server > Configuration)
7329 update_ra_cert_store does not remove private key from NSSDB
7347 ipa-server-install breaks if subject base RDN has an escaped comma
7369 The ipa-replica-install command failed, exception: ValidationError: invalid ‘dnszoneidnsname’: only master zones can contain records
7451 Allow issuing certificates with IP addresses in subjectAltName
7492 client install still creates /etc/ipa/nssdb
7548 Need integration test for –external-ca-type=ms-cs
7578 IPA server upgrade should remove stale kdcinfo_* generated by SSSD
7597 IPA: IDM drops all custom attributes when moving account from preserved to stage
7598 ipa-client-install: autodiscovery must refuse single label domains
7603 In IPA WebUI, a warning appears in the background(warning message behind the dialog box).
7647 Error message should be more useful while ipa-backup fails for insufficient space
7651 ipa-replica-install –setup-kra broken on DL1
7654 ipa-kra-install fails on DL1
7667 When setting up mod_ssl, define range o f the TLS protocols within the system-wide crypto policy
7708 Create a warning that SSSD needs restart after idrange-mod
7716 [RFE] remove “last init status” from ipa-replica-manage list if it’s None.
7719 Automation added for NTP Replacement test scenarios
7723 NTP options fails on ipa replica
7744 ipa-replica-install picks wrong replica for CA initial replication
7745 nss.conf needs to be zero length, not removed.
7746 IPA help command fails in an environment without the `less` binary
7747 [RFE] Support interactive prompt for NTP options for FreeIPA
7750 ipaldap: invalid modlist when attribute encoding can vary
7751 add ipaapi user to the list of allowed uids in [ifp] section in sssd configuration
7756 Split Web UI test suite in nightly PR CI configuration
7761 External CA renewal accepts issuer key < 2048-bit
7762 External CA renewal accepts IPA CA cert with empty Subject Key Identifier
7775 IPA Upgrade failed with “unable to convert the attribute u’cACertificate;binary’”
7778 test_full_backup_and_restore_with_replica fails with “Unknown host replica1.ipa.test”
7780 Make ipa-client-automount –uninstall more robust
7781 Don’t start/enable nfs-idmap nor nfs-secure
7783 use non-symlink (aliases) NFS unit names
7786 Index accessruletype, hostcategory, ipaenabledflag, ipserviceport, and ipserviceprotocol by default
7787 Missing indexes for automountmapname and automountkey
7790 ipa host-del –updatedns FQDN yeilds unindexed searches
7792 Missing index on ipaconfigstring
7793 ipa service-del service fails with internal error
7795 ipa-pkinit-manage enable fails on replica if it doesn’t host the CA
7796 ipa-replica-install fails migrating CentOS 6 to 7
7797 SSSD’s getservby*() causes performance issues
7803 Missing index on idnsName
7805 [NFS] test kerberized NFS
7807 Detect container installation to avoid Kernel keyring
7809 All Web UI tests fail with UnexpectedAlertPresentException
7810 [F28] Require NSS with fix for p11-kit issue.
7811 Fix compile issue with new 389-ds
7828 ipa trust-add fails with ipa: ERROR: an internal error has occurred
7829 ipa-server-upgrade when run displays ‘No such file name in the index’ on the console
7831 add systemd-user HBAC service to default set of HBAC services
7835 Cert revokation for services and hosts is inefficient
7836 print appropriate message when uninstalling non-existent IPA client
7837 Replace os.getenv(‘HOME’) with os.path.expanduser
7838 configure_openldap_conf() does not handle multi-value URI
7841 Remove tests for client installation with –no-sssd and –noac options
7843 [WebUI] Use generated certificates and CSR for testing
7844 testcase test_change_sysaccount_password_issue7561 fails with some test configurations
7855 Automember XML-RPC test failure
7857 Create tests for ipa-winsync-migrate
7858 Define C feature macros
7860 389-ds-base will no longer use /etc/sysconfig
7862 “ccache” may not exist if GSSError occurs in ipa-client-automount causing an exception to be thrown
7864 [WebUI] Review and increase timeouts for UI tests in Nightly PR configuration
7865 test_topology_TestTopologyOptions:test_add_remove_segment nightly failure in fed28 and fed29
7866 FreeIPA server deployment fails due to ‘Permission denied’ error under /tmp during pki-tomcatd deployment
7868 ipa-client-automount exception backing up /etc/sysconfig/nfs
7873 remove all occurrences of osinfo.version_id from ipatests/
7874 testcase test_commands.py::TestIPACommand::test_ssh_key_connection fails with some test configurations
7876 Fail replica install
7877 External CA installation: sanity check pathLenConstraints
7881 [WebUI] Automember UI tests are broken
7883 Cannot install ipa-server on rhel7.7
7884 Coverity: New defect found in ipa-4.6.5
7885 RFE: wrapper for Dogtag cert-fix command
7886 ipa-replica-manage force-sync –from keeps prompting “No status yet”
7889 test_integration/test_trust.py need improvement
7892 Implement hidden / unadvertised IPA replicas
7893 ipasam needs changes for Samba 4.10
7895 ipa trust fetch-domains, server parameter ignored
7896 ipa-server-upgrade fails with ConversionError: invalid ‘cn’: must be Unicode text
7897 ipa-kra-install failing with invalid ‘role_servrole’: must be Unicode text error
7900 dns and search not fixed for dns enabled deployments
7901 IPA Web UI is slow to display user details page.
7902 389-ds-base-1.4.0.22-1 breaks TestAutomemberFindOrphans.test_find_orphan_automember_rules
7903 d-bus interface signature failure for oddjobd helper trust-fetch-domains
7905 ipa-dnskeysync-replica should handle LDAP down gracefully
7906 ipa-kra-install fails due to fs.protected_regular=1
7907 ipa-replica-install due to permission error, leaves ipa server in unstable condition
7916 ipaplatform.debian.services does not implement wait for CA service
7918 ipa-client-automount needs option to specify domain
7921 Missing deps for `make pylint`
7922 Command ipa conole is broken
7926 cert renewal is failing when ipa ca cert is renewed from self-signed > external ca > self-sign
7927 Wrong logic in ipactl restart leads to start instead of restart pki-tomcatd
7928 cn=cacert could show expired certificate
7929 ERROR: invalid ‘PKINIT enabled server’: all masters must have IPA master role enabled
7930 Interactive promt for NTP options after install check.
7932 FreeIPA queries rely on missing attribute altsecurityidentities
7933 FreeIPA must index certmap attributes.
7934 ipa-server-common expected file permissions in package don’t match runtime permissions
7937 `build_requestinfo` crashes in OpenSSL1.1.0+ enviroments
7939 Upgrade failure when ipa-server-upgrade is being run on a system with no trust established but trust configured
7943 [FIPS] Use PKCS#8 instead of weaker traditional OpenSSL private key format
7952 ipa-backup file logging does not work
7956 Ipatests don’t honor TMPDIR, TEMP or TMP environment variables
7959 ipa-client-install fails to add SSH public keys that are missing a whitespace as the last character
7962 Different pycodestyle results: Travis vs Azure
7963 x509.Name -> ipapython.dn.DN does not handle multi-valued RDNs
7964 GSSAPI failure causing LWCA key replication failure on f30
7969 test failure in test_caless.py::TestServerInstall
7970 test failure in test_backup_and_restore.py::TestBackupAndRestore
7972 automember rebuild sometimes appears to return before the rebuild is complete
7981 Pytest4.x warnings
7982 Cannot modify TTL with ipa dnsrecord-mod –ttl alone on command line
7983 Staged user is not being recognized if the user entry doesn’t have an objectClass “posixaccount”
7984 make sure ‘make fastlint’ processes Python .in files
7986 Increase debugging level of certmonger
7988 test_nfs.py: errors when running ipa-client-automount
7992 ipa upgrade fails with trust entry already exists
8012 test_webui/test_loginscreen.py::TestLoginScreen::()::test_reset_password_and_login_view failure
8024 [WebUI] test_webui/test_trust.py failed because of request timeout
Detailed changelog since 4.7.2#
Armando Neto (4)#
travis: Use Fedora 29 to test ipa-4-7 branch
Update Travis config to run on Fedora 28
Bump template version
Add missing nightly test definitions from master
Alexander Bokovoy (29)#
translations: update Ukrainian translation from Zanata
certmaprule: add negative test for altSecurityIdentities
certmap rules: altSecurityIdentities should only be used for trusted domains
Create indexes for altSecurityIdentities and ipaCertmapData attributes
Add altSecurityIdentities attribute from MS-WSPP schema definition
trust-fetch-domains: make sure we use right KDC when –server is specified
adtrust upgrade: fix wrong primary principal name, part 2
adtrust upgrade: fix wrong primary principal name
upgrade: adtrust - catch empty result when retrieving list of trusts
Enforce SMBLoris attack protection in default Samba configuration
Set idmap config for Samba to follow IPA ranges and use SSSD
Update list of contributors and sort it alphabetically
Update translations in ipa-4-7
Update mailmap
Bypass D-BUS interface definition deficiences for trust-fetch-domains
Remove DsInstance.request_service_keytab as it is not needed anymore
oddjob: allow to pass options to trust-fetch-domains
ipasam: use SID formatting calls to libsss_idmap
upgrade: add trust upgrade to actual upgrade code
upgrade: upgrade existing trust agreements to new layout
trusts: add support for one-way shared secret trust
trust: allow trust agents to read POSIX identities of trust
Add design page for one-way trust to AD with shared secret
domainlevel-get: fix various issues when running as non-admin
make sure IPA_CONFDIR is used to check that client is configured
ipaserver/dcerpc: fix exclusion entry with a forest trust domain info returned
ipa-sidgen: make internal fetch_attr helper really internal
Update ipa-4-7 translations from Zanata
Revert to development after a release
Anuja More (1)#
ipatests: POSIX attributes are no longer overwritten or missing
Ian Pilcher (1)#
Allow issuing certificates with IP addresses in subjectAltName
Adam Williamson (1)#
Correct default fontawesome path (broken by da2cf1c5)
Christian Heimes (96)#
Fix CustodiaClient ccache handling
Use only TLS 1.2 by default
Replace PYTHONSHEBANG with valid shebang
Increase default debug level of certmonger
Forbid imports of ipaserver and install packages
Don’t import ipaserver in conf.py
Replace imports from ipaserver
Delay import of SSSDConfig
Consider configured servers as valid
Correct path to systemd-detect-virt
Add helper to look for missing binaries
Guard dbus.start() with dbus.is_running()
chmod SYSTEMD_PKI_TOMCAT_IPA_CONF
Check for SELinux AVCs after installation
Refactor tasks to include is_selinux_enabled()
Globally disable softhsm2 in p11-kit-proxy
Deprecate ipa-client-install –request-cert
Fix pylint error with absolute_import
Debian: Use RedHatCAService for pki-tomcatd
Debian: auto-generate config files for oddjobd
Debian: Fix replicatio of light weight sub CAs
Add ODS manager abstraction to ipaplatform
Debian: Use different paths for KDC cert and key
Debian: Add fixes for OpenDNSSEC 2.0
Debian: Add paths for open-sans and font-awesome
Debian doesn’t have authselect
Debian: use -m lesscpy instead of hard-coded name
Reduce startup_timeout to 120sec as documented
Add ExecStartPost hook to wait for Dogtag PKI
Use Network Manager to configure resolv.conf
Improve error handling in DNSSEC helpers
Gating: remove vault and kdcproxy tests
automount: rmtree temp directory
Adapt cert-find performance workaround for users
Make netifaces optional
Skip orphan automember rule test
Verify external CA’s basic constraint pathlen
Move DS’s Kerberos env vars to unit file
Add tasks.systemd_daemon_reload()
Add option to remove lines from a file
Add test case for configure_openldap_conf
Don’t fail if config-show does not return servers
Add design draft
Test replica installation from hidden replica
Synchronize hidden state from IPA master role
Don’t allow to hide last server for a role
More test fixes
Improve config-show to show hidden servers
Consider hidden servers as role provider
Implement server-state –state=enabled/hidden
Simplify and improve tests
Add hidden replica feature
Consolidate container_masters queries
Use api.env.container_masters
Unify and simplify LDAP service discovery
replica install: acknowledge ca_host override
Fix assign instead of compare
GIT: ignore ipa-crlgen-manage
Disable dependency on dogtag-pki PyPI package
Test –external-ca-type=ms-cs
Remove ZERO_STRUCT() call
Update build requirements on twine
Compile IPA modules with C11 extensions
Require 389-ds 1.4.0.21
Mark two failing automember tests as xfail
ipa-getkeytab: resolve symlink
Optimize cert remove case
Add workaround for slow host/service del
Use expanduser instead of HOME env var
Don’t configure KEYRING ccache in containers
Fix systemd-user HBAC rule
Create systemd-user HBAC service and rule
Require krb5 with fix for CVE-2018-20217
Don’t use Python dependency generator yet
Use debug logger in ntpd_cleanup()
Make conftest compatible with pytest 4.x
Add index on idnsName
Require 3.41.0-3 on Fedora 28
Create reindex task for ipaca DB
Add more LDAP indices
LDAPUpdate: Batch index tasks
Always collect test logs
Handle service_del with bad service name
Add index and container for RFC 2307 IP services
Python 2 compatibility
Add install/remove package helpers to advise
Test smart card advise scripts
Log stderr in run_command
Smart card auth advise: Allow Apache user
Allow HTTPd user to access SSSD IFP
Remove dead code
Disable nss-p11-kit crypto policy for tests
Run idviews integration tests in nightly
Add integration tests for idviews
Resolve user/group names in idoverride*-find
Require Dogtag PKI 10.6.8-3
Diogo Nunes (1)#
Fix f52e0e31f7c76a3cd6b9b51aeba120c4ba3f38c9 typo in tests label definition.
François Cami (24)#
test_nfs.py: change pr-ci configuration to run on master_2repl_1client
ipatests: add proper timeouts to nfs.py
ipa-client-automount: fix ‘–idmap-domain DNS’ logic
nfs.py: fix user creation
Hidden replica documentation: fix typo
ipa-backup: better error message if ENOSPC
ipa_backup.py: replace /var/lib/ipa/backup with paths.IPA_BACKUP_DIR
ipatests: add tests for the new NFSv4 domain option of ipa-client-automount
ipa-client-automount: add knob to configure NFSv4 Domain (idmapd.conf)
ipaplatform: add more services
ipatests: add nfs tests
ipaserver/install/cainstance.py: unlink before creating new file in /tmp
ipaserver/install/krainstance.py: chown after write
ipatests: Exercise hidden replica feature
ipa-{server,replica}-install: add too-restritive mask detection
ipatests: add too-restritive mask tests
ipa-client-automount: fix PEP8 issues
ipatests: remove all occurrences of osinfo.version_id
pylintrc: ignore R1720 no-else-raise errors
ipa-client-automount: handle NFS configuration file changes
ipa-server-install: fix ca setup when fs.protected_regular=1
ipatests: add a test for ipa-client-automount
ipa-client-automount: use nfs-utils unit
Fix NFS unit names
Florence Blanc-Renaud (41)#
xmlrpc test: add test for preserved > stage user
user-stage: transfer all attributes from preserved to stage user
test_xmlrpc: fix TestAutomemberFindOrphans.test_find_orphan_automember_rules
upgrade: remove ipaCert and key from /etc/httpd/alias
ipatests: fix ipatests/test_xmlrpc/test_dns_plugin.py
XMLRPC tests: add new test for ipa dsnrecord-mod $ZONE $RECORD –ttl
dnsrecord-mod: allow to modify ttl without passing the record
ipatests: add a test for stageuser-find with non-posix account
stageuser-find: fix search with non-posix user
ipatests: fix test_backup_and_restore.py::TestBackupAndRestore
ipatests: fix test_caless.py
ipatests: add integration test for ipa-replica-manage list
NSSDatabase: fix get_trust_chain
ipatests: CA renewal must refresh cn=CAcert
CA: set ipaconfigstring:compatCA in cn=DOMAIN IPA CA
ipatests: add integration test checking the files mode
Fix expected file permissions for ghost files
ipactl restart: fix wrong logic when checking service list
ipa-client-install: autodiscovery must refuse single-label domains
ipa-setup-kra: fix python2 parameter
ipa-server-upgrade: fix add_systemd_user_hbac
ipa-replica-manage: fix force-sync
Coverity: fix issue in ipa_extdom_extop.c
XML RPC test: fix test_automember_plugin
ipa server: prevent uninstallation if the server is CRL master
Test: add new tests for ipa-crlgen-manage
CRL generation master: new utility to enable|disable
pkinit setup: fix regression on master install
test: add non-reg test checking pkinit after server install
tests: fix failure in test_topology_TestTopologyOptions:test_add_remove_segment
ipatests: mark known failures as xfail
ipatests: add test for replica in forward zone
replica installation: add master record only if in managed zone
ipatests: fix CA less expectations
ipatests: add integration test for pkinit enable on replica
pkinit enable: use local dogtag only if host has CA
replication: check remote ds version before editing attributes
ipatests: fix test_full_backup_and_restore
PKINIT: fix ipa-pkinit-manage enable|disable
ipatest: add test for ipa-pkinit-manage enable|disable
ipatests: fix TestUpgrade::test_double_encoded_cacert
Fraser Tweedale (25)#
CustodiaClient: fix IPASecStore config on ipa-4-7
CustodiaClient: use ldapi when ldap_uri not specified
Handle missing LWCA certificate or chain
dn: sort AVAs when converting from x509.Name
.gitignore: add ipa-cert-fix program
ipa-cert-fix: fix spurious renewal master change
ipa-cert-fix: handle ‘pki-server cert-fix’ failure
require Dogtag 10.7.0-1
ipa-cert-fix: use customary exit statuses
ipa-cert-fix: add man page
Add ipa-cert-fix tool
constants: add ca_renewal container
cainstance: add function to determine ca_renewal nickname
Extract ca_renewal cert update subroutine
add test for external CA key size sanity check
dn: handle multi-valued RDNs in Name conversion
Fix installation when CA subject DN has escapes
cert-request: handle missing zone
cert-request: more specific errors in IP address validation
Add tests for cert-request IP address SAN support
cert-request: report all unmatched SAN IP addresses
cert-request: generalise _san_dnsname_ips for arbitrary cname depth
cert-request: collect only qualified DNS names for IPAddress validation
cert-request: restrict IPAddress SAN to host/service principals
certupdate: add commentary about certmonger behaviour
German Parente (1)#
ipa-replica-manage: remove “last init status” if it’s None.
Kaleemullah Siddiqui (2)#
Tests for autounmembership feature
Order of master and replica corrected in logger.info
Varun Mylaraiah (3)#
nightly_rawhide.yaml Added test_integration/test_ntp_options.py
nightly_master.yaml Added test_integration/test_ntp_options.py
ipatests: add tests for NTP options usage on server, replica, and client
Mohammad Rizwan Yusuf (4)#
Test if ipactl restart restarts the pki-tomcatd
Check if issuer DN is updated after external-ca > self-signed
Test error when yubikey hardware not present
Test KRA installtion after ca agent cert renewal
Oleg Kozlov (4)#
Remove stale kdc requests info files when upgrading IPA server
Replace nss.conf with zero-length file instead of removing
Fix python2 compatibility
Check pager’s executable before subprocess.Popen
Pavel Picka (1)#
PRCI failures fix
Rob Crittenden (13)#
For Fedora and RHEL use system-wide crypto policy for mod_ssl
Log the raised message when DNS check_zone_overlap fails
admintool: don’t display log file on errors unless logging is setup
tests: Wait for automember rebuild –no-wait tasks to finish
Fix expected return code in tests when server is uninstalled
Return 0 on uninstall when on_master for case of not installed
Drop list of return values to be ignored in AdminTool
When reading SSH pub key don’t assume last character is newline
Add knob to limit hostname length
Send only the path and not the full URI to httplib.request
Remove tests which install KRA on replica w/o KRA on master
tests: Don’t provide explicit hostname to ldapmodify
Update mod_nss cipher list so there is overlap with a 4.x master
Robbie Harwood (1)#
Fix unnecessary usrmerge assumptions
Sumit Bose (2)#
ipa_sam: remove dependency to talloc_strackframe.h
ipa-extdom-exop: add instance counter and limit
Stanislav Levin (8)#
Fix Pytest4.x warning about `message`
Fix Pytest4.1+ warnings about pytest.config
Fix `build_requestinfo` in LibreSSL environments
Fix `build_requestinfo` in OpenSSL1.1.0+ environments
Make `pycodestyle` results identical
Respect TMPDIR, TEMP or TMP environment variables during testing
Fix `inconsistent-return-statements` in ipa-dnskeysync-replica
Add missing deps for `make pylint`
Sergey Orlov (21)#
ipatests: new test for trust with partially unreachable AD topology
ipatests: mark test_domain_resolution_order as expectedly failing
ipatests: add test for sudo with runAsUser and domain resolution order.
ipatests: new tests for establishing one-way AD trust with shared secret
ipatests: make encoding to base64 compatible with python2
ipatests: new tests for ipa-winsync-migrate utility
ipa console: catch proper exception when history file can not be open
ipatests: refactor test_trust.py
ipatests: adapt test_trust.py for changes in multihost fixture
ipatests: allow AD hosts to be placed in separate domain config objects
ipatests: relax requirements for time server quality
ipatests: fix expectations of `ipa trust-find` output for trust with root domain
ipatests: in test_trust.py fix parent class
ipatests: disable bind dns validation when preparing to establish AD trust
ipatests: in test_trust.py fix prameters in invocation of tasks.configure_dns_for_trust
Revert “Tests: Remove DNS configuration from trust tests”
ipatests: fix host name for ssh connection from controller to master
ipatests: add test for correct modlist when value encoding differs
Remove obsolete tests from test_caless.py
ipatests: fix ldap server url
Remove unused tests
Serhii Tsymbaliuk (14)#
WebUI tests: Fix request timeout for test_trust
WebUI: Add PKINIT status field to ‘Configuration’ page
WebUI tests: Fix timeout issues for reset password tests
WebUI: Fix automount maps pagination
WebUI: Disable ‘Unlock’ action for users with no password
WebUI: Fix ‘user not found’ traceback on user ID override details page
Web UI (topology graph): Show FQDN for nodes if they have no common DNS zone
WebUI test: Fix automember tests according to new behavior
Web UI: Increase timeouts for UI tests in Nightly PR configuration
Split Web UI test suite in nightly PR CI configuration (IPA 4.7)
Fix test_arbitrary_certificates for Web UI
Web UI tests: Get rid of *_cert_path and *_csr_path config variables
Fix “Configured size limit exceeded” warning on Web UI
WebUI: Temporary fix for UnexpectedAlertPresentException
Thierry Bordaz (1)#
Switch nsslapd-unhashed-pw-switch to nolog
Tibor Dudlák (4)#
ipatests: Add Unattended option to external ca task
Moving prompt for NTP options to install_check
Support interactive prompt for ntp options
Fix test_ntp_options to use tasks’ methods
Oleg Kozlov (1)#
Show a notification that sssd needs restarting after idrange-mod