[ol9_appstream] python3-ipaserver-4.9.8-7.0.1.el9_0.noarch

Name:	python3-ipaserver
Version:	4.9.8
Release:	7.0.1.el9_0
Architecture:	noarch
Group:	Unspecified
Size:	7602085
License:	GPLv3+
RPM:	python3-ipaserver-4.9.8-7.0.1.el9_0.noarch.rpm
Source RPM:	ipa-4.9.8-7.0.1.el9_0.src.rpm
Build Date:	Mon May 09 2022
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	Python libraries used by IPA server
Description:	IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). If you are installing an IPA server, you need to install this package.

Changelog (Show File list) (Show related packages)

Wed May 04 2022 EL Errata <el-errata_ww@oracle.com> - 4.9.8-7.0.1

- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]

Mon Mar 21 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-7

- Resolves: rhbz#2057471 Consequences of FIPS crypto policy tightening in RHEL 9
  - KRB instance: make provision to work with crypto policy without SHA-1 HMAC types
  - tests: ensure AD-SUPPORT subpolicy is active
  - ipatests: extend AES keyset to SHA2-based ones
  - freeipa.spec: bump crypto-policies dependency for CentOS 9 Stream
  - Kerberos instance: default to AES256-SHA2 for master key encryption
  - test_otp: do not use paramiko unless it is really needed
  - test_krbtpolicy: skip SPAKE-related tests in FIPS mode
  - Support AES for KRA archival wrapping
  - Set AES as default for KRA archival wrapping

Thu Feb 24 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-6

- Resolves: rhbz#2057467 Backport latest test fixes in python3-ipatests
  - ipatests: Tests for Autoprivate group.
  - mark xfail for test_idoverride_with_auto_private_group[hybrid]
  - Mark xfail test_gidnumber_not_corresponding_existing_group[true,hybrid]

Mon Feb 14 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.8-5
```
- Resolves: rhbz#2053025
  - add IPA test suite fixes
```

Mon Feb 14 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.8-4

- Resolves: rhbz#2053586 IPA LDAP plugin ipa-cldap memory leak
  - fix memory leak in CLDAP responder

Fri Feb 11 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-3

- Resolves: rhbz#2050540 Unable to join RHEL 8.5 Replica to RHEL 7.9 Master for migration purposes
  - Don't always override the port in import_included_profiles
- Resolves: rhbz#2051582 Enable ipa-ccache-sweep.timer during server installation
  - Test ipa-ccache-sweep.timer enabled by default during installation
  - Enable the ccache sweep timer during installation
- Resolves: rhbz#2051844 ipa-join tests are failing due to changes in expected output
  - Remove ipa-join errors from behind the debug option

Thu Feb 03 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-2

- Resolves: rhbz#2040619 - Changing default pac type to 'nfs:NONE and MS-PAC' doesnot display error 'ipa: ERROR: no modifications to be performed'
  - Config plugin: return EmptyModlist when no change is applied
  - config plugin: add a test ensuring EmptyModlist is returned
- Resolves: rhbz#2048510 - [rhel-9.0] Backport latest test fixes in python3-ipatests
  - ipatests: webui: Tests for subordinate ids.
  - ipatests: webui: Use safe-loader for loading YAML configuration file
  - ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown
  - Test cases for ipa-replica-conncheck command
  - PEP8 Fixes
  - ipatests: Test empty cert request doesn't force certmonger to segfault
  - ipatests: Test default value of nsslapd-sizelimit.
  - Extend test to see if replica is not shown when running `ipa-replica-manage list -v <FQDN>`
  - Added test automation for SHA384withRSA CSR support
- Resolves: rhbz#2049104 - User can't log in after ipa-user-mod --user-auth-type=hardened
  - ipa-kdb: do not remove keys for hardened auth-enabled users
  - ipatests: add case for hardened-only ticket policy
- Resolves: rhbz#2049174 - KRA GetStatus service blocked by IPA proxy
  - ipa-pki-proxy.conf: provide access to /kra/admin/kra/getStatus

Thu Dec 02 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-1

- Resolves: rhbz#2015608 - [Rebase] Rebase ipa to latest 4.9.x release RHEL9
- Resolves: rhbz#1825010 - Concerns regarding 'ipa pwpolicy-mod --minlife 24 --maxlife 1'
- Resolves: rhbz#1966289 - Info about searchrecordslimit set search limit to 10,000 after upgrade
- Resolves: rhbz#1980356 - reinstalling samba client causes winbindd coredump
- Resolves: rhbz#1986054 - fix automountlocation-tofiles output
- Resolves: rhbz#2020205 - Missing bind-pkcs11-utils causing failures in OpenDNSSec
- Resolves: rhbz#2021445 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
  - ipa-kdb: issue PAC_REQUESTER_SID only for TGTs
  - ipa-kdb: fix requester SID check according to MS-KILE and MS-SFU updates

Tue Oct 05 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-9

- Resolves: rhbz#2010701 ipa-server-install fails while 'configuring certificate server instance'
  - Parse getStatus as JSON not XML
  - Parse cert chain as JSON not XML
  - Specify PKI installation log paths
  - Make Dogtag return XML for ipa cert-find

Fri Sep 17 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-8

- Resolves: rhbz#2005864 ipa cert-request replaces user certificate instead of adding
 - Don't store entries with a usercertificate in the LDAP cache
 - ipatests: Test that a user can be issued multiple certificates