Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.5
Affects Version/s: rhel-8.10, rhel-9.4
Component/s: ipa
Labels:
- commit
- fixed_upstream

Fixed in Build:
ipa-4.12.0-1.el9
Regression:
None
Severity:
None
Epic Link:
FREEIPA-10784
sprint_count:
5

Pool Team:

rhel-sst-idm-ipa

Dev Target Milestone:
15
Internal Target Milestone:
22
Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
2024-Q1-Alpha-S4, 2024-Q1-Alpha-S5, 2024-Q1-Alpha-S6, 2024-Q3-Alpha-S1, 2024-Q3-Alpha-S2

Preliminary Testing:
Pass
Test Link:
https://polarion.engineering.redhat.com/polarion/#/project/RHEL_IDM/testrun?id=20240812-1022
Errata Link:
https://errata.engineering.redhat.com/advisory/131668
Test Coverage:

Automated

Release Note Type:
Bug Fix
Release Note Text:

Hide
.AD administrators can now deploy IdM replicas

Previously, during the installation of a RHEL Identity Management (IdM) replica, checking if the provided Kerberos principal had the required privilege did not extend to checking user ID overrides. Consequently, a replica connection check failed while trying to deploy a replica using the credentials of an AD administrator that had an ID override with the needed privilege.

With this update, a check if there is an ID override for the principal that has the needed privileges has been added. As a result, you can now deploy a replica using the credentials of an AD administrator that is configured to act as an IdM administrator.

Note that this fix also applies to `ansible-freeipa`.

Show
.AD administrators can now deploy IdM replicas Previously, during the installation of a RHEL Identity Management (IdM) replica, checking if the provided Kerberos principal had the required privilege did not extend to checking user ID overrides. Consequently, a replica connection check failed while trying to deploy a replica using the credentials of an AD administrator that had an ID override with the needed privilege. With this update, a check if there is an ID override for the principal that has the needed privileges has been added. As a result, you can now deploy a replica using the credentials of an AD administrator that is configured to act as an IdM administrator. Note that this fix also applies to `ansible-freeipa`.
Release Note Status:
Done

Experience:

PX Review Complete:
PX Scheduling Request:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

The replica connection check is failing if for example the AD administrator Administrator@AD.EXAMPLE.COM is used for the deployment or promotion of a replica.

links to

freeipa pagure 9542

RHSA-2024:131668 ipa bug fix and enhancement update

Assignee:: Thomas Woerner

Reporter:: Thomas Woerner

Developer:: Florence Renaud

QA Contact:: Anuja More

Doc Contact:: Filip Hanzelka

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2024/02/19 1:22 PM

Updated:: 2024/11/12 8:58 AM

Resolved:: 2024/11/12 8:58 AM

Dev Target end:: 2024/06/10

Target end:: 2024/07/29

Release Date:: 2024/11/12

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates