freeipa.git/install/share, branch platform FreeIPA project Let Bind track data changes 2011-08-31T14:46:26+00:00 Martin Kosek mkosek@redhat.com 2011-08-31T12:42:57+00:00 5a495b91dea527f9ac051655e2fd26ca3f9deab5 Integrate new bind-dyndb-ldap features to automatically track DNS data changes: 1) Zone refresh Set --zone-refresh in installation to define number of seconds between bind-dyndb-ldap polls for new DNS zones. User now doesn't have to restart name server when a new zone is added. 2) New zone notifications Use LDAP persistent search mechanism to immediately get notification when any new DNS zone is added. Use --zone-notif install option to enable. This option is mutually exclusive with Zone refresh. To enable this functionality in existing IPA installations, update a list of arguments for bind-dyndb-ldap in /etc/named.conf. An example when zone refresh is disabled and DNS data change notifications (argument psearch of bind-dyndb-ldap) are enabled: dynamic-db "ipa" { ... arg "zone_refresh 0"; arg "psearch yes"; }; This patch requires bind-dyndb-ldap-1.0.0-0.1.b1 or later. https://fedorahosted.org/freeipa/ticket/826 
Integrate new bind-dyndb-ldap features to automatically track
DNS data changes:

 1) Zone refresh
    Set --zone-refresh in installation to define number of seconds
    between bind-dyndb-ldap polls for new DNS zones. User now
    doesn't have to restart name server when a new zone is added.

 2) New zone notifications
    Use LDAP persistent search mechanism to immediately get
    notification when any new DNS zone is added. Use --zone-notif
    install option to enable. This option is mutually exclusive
    with Zone refresh.

To enable this functionality in existing IPA installations,
update a list of arguments for bind-dyndb-ldap in /etc/named.conf.
An example when zone refresh is disabled and DNS data change
notifications (argument psearch of bind-dyndb-ldap) are enabled:

dynamic-db "ipa" {
...
        arg "zone_refresh 0";
        arg "psearch yes";
};

This patch requires bind-dyndb-ldap-1.0.0-0.1.b1 or later.

https://fedorahosted.org/freeipa/ticket/826
34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin 2011-08-31T07:53:11+00:00 Jr Aquino jr.aquino@citrix.com 2011-08-31T00:48:15+00:00 8b27f1ad273ee5420657194d82c021022c069447 Added new container in etc to hold the automembership configs. Modified constants to point to the new container Modified dsinstance to create the container Created automember.py to add the new commands Added xmlrpc test to verify functionality Added minor fix to user.py for constant behavior between memberof and automember https://fedorahosted.org/freeipa/ticket/1272 
Added new container in etc to hold the automembership configs.
Modified constants to point to the new container
Modified dsinstance to create the container
Created automember.py to add the new commands
Added xmlrpc test to verify functionality
Added minor fix to user.py for constant behavior between memberof
and automember

https://fedorahosted.org/freeipa/ticket/1272
Change the way has_keytab is determined, also check for password. 2011-08-24T12:12:10+00:00 Rob Crittenden rcritten@redhat.com 2011-08-22T20:24:07+00:00 be7de56e5d403fb97bcb583f6b7b5dd7e3fb914c We need an indicator to see if a keytab has been set on host and service entries. We also need a way to know if a one-time password is set on a host. This adds an ACI that grants search on userPassword and krbPrincipalKey so we can do an existence search on them. This way we can tell if the attribute is set and create a fake attribute accordingly. When a userPassword is set on a host a keytab is generated against that password so we always set has_keytab to False if a password exists. This is fine because when keytab gets generated for the host the password is removed (hence one-time). This adds has_keytab/has_password to the user, host and service plugins. ticket https://fedorahosted.org/freeipa/ticket/1538 
We need an indicator to see if a keytab has been set on host and
service entries. We also need a way to know if a one-time password is
set on a host.

This adds an ACI that grants search on userPassword and
krbPrincipalKey so we can do an existence search on them. This way
we can tell if the attribute is set and create a fake attribute
accordingly.

When a userPassword is set on a host a keytab is generated against
that password so we always set has_keytab to False if a password
exists. This is fine because when keytab gets generated for the
host the password is removed (hence one-time).

This adds has_keytab/has_password to the user, host and service plugins.

ticket https://fedorahosted.org/freeipa/ticket/1538
Fixed browser configuration pages 2011-08-17T18:04:23+00:00 Endi S. Dewata edewata@redhat.com 2011-08-16T18:58:19+00:00 55b364f67cfb26e524a245b6e1c33c3913db3dde The browser configuration pages have been modified to improve the content and appearance. Ticket #1624 
The browser configuration pages have been modified to improve the
content and appearance.

Ticket #1624
Redirection after changing browser configuration 2011-08-08T17:49:26+00:00 Petr Vobornik pvoborni@redhat.com 2011-08-05T12:58:02+00:00 b9365746723421971d61fab86ed2bc3782cf2140 https://fedorahosted.org/freeipa/ticket/1502 Added redirection link. CSS styling of configuration page. Some CSS cleaning. 
https://fedorahosted.org/freeipa/ticket/1502

Added redirection link.
CSS styling of configuration page.
Some CSS cleaning.
Set the ipa-modrdn plugin precedence to 60 so it runs last 2011-07-18T02:24:30+00:00 Rob Crittenden rcritten@redhat.com 2011-07-16T17:35:30+00:00 a48a84a5ead90898630a23fc0de1c978d1e0b810 The default precedence for plugins is 50 and the run in more or less alphabetical order (but not guaranteed). This plugin needs to run after the others have already done their work. https://fedorahosted.org/freeipa/ticket/1370 
The default precedence for plugins is 50 and the run in more or less
alphabetical order (but not guaranteed). This plugin needs to run after
the others have already done their work.

https://fedorahosted.org/freeipa/ticket/1370
Disallow direct modifications to enrolledBy. 2011-07-14T23:11:49+00:00 Rob Crittenden rcritten@redhat.com 2011-07-01T14:41:42+00:00 37e3bf2a6096ea18f46501bf5f2a51c55e829595 This fixes a regression. We don't need to allow enrolledBy to be modified because it gets written in the ipa_enrollment plugin which does internal operations so bypasses acis. https://fedorahosted.org/freeipa/ticket/302 
This fixes a regression.

We don't need to allow enrolledBy to be modified because it gets
written in the ipa_enrollment plugin which does internal operations
so bypasses acis.

https://fedorahosted.org/freeipa/ticket/302
Remove redundant configuration values from krb5.conf. 2011-06-28T05:10:06+00:00 Jan Cholasta jcholast@redhat.com 2011-06-27T12:31:16+00:00 f05141e6468ce972b9c0d9707a4d640fe40da2b7 ticket 1358 
ticket 1358
Allow recursion by default 2011-06-28T03:14:16+00:00 Martin Kosek mkosek@redhat.com 2011-06-22T06:35:50+00:00 5f4c75eb28b3d50a35fbf3a86a6d842bce8e72f9 Update name server configuration file to allow any host to issue recursive queries (allow-recursion statement). https://fedorahosted.org/freeipa/ticket/1335 
Update name server configuration file to allow any host to issue
recursive queries (allow-recursion statement).

https://fedorahosted.org/freeipa/ticket/1335
Remove root autobind search restriction, fix upgrade logging & error handling. 2011-06-13T07:51:05+00:00 Rob Crittenden rcritten@redhat.com 2011-06-09T17:16:07+00:00 7940270b9fbebfa09b25c18198933b6a6b82b1d3 There was no point in limiting autobind root to just search cn=config since it could always just modify its way out of the box, so remove the restriction. The upgrade log wasn't being created. Clearing all other loggers before we calling logging.basicConfig() fixes this. Add a global exception when performing updates so we can gracefully catch and log problems without leaving the server in a bad state. https://fedorahosted.org/freeipa/ticket/1243 https://fedorahosted.org/freeipa/ticket/1254 
There was no point in limiting autobind root to just search cn=config since
it could always just modify its way out of the box, so remove the
restriction.

The upgrade log wasn't being created. Clearing all other loggers before
we calling logging.basicConfig() fixes this.

Add a global exception when performing updates so we can gracefully catch
and log problems without leaving the server in a bad state.

https://fedorahosted.org/freeipa/ticket/1243
https://fedorahosted.org/freeipa/ticket/1254