URL: https://github.com/freeipa/freeipa/pull/4355
Author: tiran
Title: #4355: Allow hosts to read DNS records for IP SAN
Action: opened
PR body:
"""
For SAN IPAddress extension the cert plugin verifies that the IP address
matches the host entry. Certmonger uses the host principal to
authenticate and retrieve certificates. But the host principal did not
have permission to read DNS entries from LDAP.
Allow all hosts to read some entries from active DNS records.
Fixes: https://pagure.io/freeipa/issue/8098
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4355/head:pr4355
git checkout pr4355
URL: https://github.com/freeipa/freeipa/pull/4365
Author: fcami
Title: #4365: [Backport][ipa-4-8] ipa-restore: restart services at the end
Action: opened
PR body:
"""
When IPA was not installed on the restore target host, and
when httpd was already running, "ipactl stop" does not stop
httpd. "ipactl start" at the end of the restore tool will
therefore not restart httpd either.
Calling "ipactl restart" at the end of the restore fixes the
issue, and as an added bonus, makes sure IPA can restart itself
properly.
Fixes: https://pagure.io/freeipa/issue/8226
Signed-off-by: François Cami <fcami(a)redhat.com>
Reviewed-By: Christian Heimes <cheimes(a)redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4365/head:pr4365
git checkout pr4365
URL: https://github.com/freeipa/freeipa/pull/4366
Author: fcami
Title: #4366: [Backport][ipa-4-7] ipa-restore: restart services at the end
Action: opened
PR body:
"""
MANUAL cherry-pick of https://github.com/freeipa/freeipa/pull/4349
When IPA was not installed on the restore target host, and
when httpd was already running, "ipactl stop" does not stop
httpd. "ipactl start" at the end of the restore tool will
therefore not restart httpd either.
Calling "ipactl restart" at the end of the restore fixes the
issue, and as an added bonus, makes sure IPA can restart itself
properly.
Fixes: https://pagure.io/freeipa/issue/8226
Signed-off-by: François Cami <fcami(a)redhat.com>
Reviewed-By: Christian Heimes <cheimes(a)redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4366/head:pr4366
git checkout pr4366
URL: https://github.com/freeipa/freeipa/pull/4000
Author: mrizwan93
Title: #4000: ipatests: Test if ipa-backup throws error if /var/lib/ipa/ runs out of space
Action: opened
PR body:
"""
ipa-backup throws error when /var/lib/ipa runs out of space. Earlier
the error was not so clear. Fix mentions about insufficient space.
related : https://pagure.io/freeipa/issue/7647
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4000/head:pr4000
git checkout pr4000
URL: https://github.com/freeipa/freeipa/pull/4359
Author: stanislavlevin
Title: #4359: spec: Take the ownership over '/usr/libexec/ipa/custodia'
Action: opened
PR body:
"""
Ideally, an every file on system has to have an owner.
'/usr/libexec/ipa/custodia' directory was added recently, but:
```
[root@dc ~]# LANG=C rpm -qf /usr/libexec/ipa/custodia/ipa-custodia-dmldap
freeipa-server-4.8.4-2.fc31.x86_64
[root@dc ~]# LANG=C rpm -qf /usr/libexec/ipa/custodia
file /usr/libexec/ipa/custodia is not owned by any package
```
ALTLinux build system warns about files or directories which were
'created' during a package installation but haven't an owner. So,
after the resyncing spec file to upstream's one my build fails.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4359/head:pr4359
git checkout pr4359