freeipa.git/install/updates, branch adwork FreeIPA project Add objects for initial ID range 2012-06-26T07:04:08+00:00 Sumit Bose sbose@redhat.com 2012-06-12T09:58:41+00:00 39d8f5e7395e7502aa61f95a2ac7933a5b2e3a41 






Use exop instead of kadmin.local
2012-06-11T07:40:59+00:00

Sumit Bose
sbose@redhat.com

2012-03-13T13:06:02+00:00

b367c9ee7e2c7412473bae469f5ac67c0c8f1205












Add trust-related ACIs
2012-06-07T07:39:10+00:00

Alexander Bokovoy
abokovoy@redhat.com

2012-05-15T17:03:16+00:00

bd0d85804320e840db9b5cf19a5e69b3a0804e20

A high-level description of the design and ACIs for trusts is available at
https://www.redhat.com/archives/freeipa-devel/2011-December/msg00224.html
and
https://www.redhat.com/archives/freeipa-devel/2011-December/msg00248.html

Ticket #1731





A high-level description of the design and ACIs for trusts is available at
https://www.redhat.com/archives/freeipa-devel/2011-December/msg00224.html
and
https://www.redhat.com/archives/freeipa-devel/2011-December/msg00248.html

Ticket #1731







Perform case-insensitive searches for principals on TGS requests
2012-06-07T07:39:10+00:00

Alexander Bokovoy
abokovoy@redhat.com

2012-03-26T11:23:42+00:00

cbb1d626b913a7ce802150aa15bda761c9768695

We want to always resolve TGS requests even if the user mistakenly sends a
request for a service ticket where the fqdn part contain upper case letters.

The actual implementation follows hints set by KDC. When AP_REQ is done, KDC
sets KRB5_FLAG_ALIAS_OK and we obey it when looking for principals on TGS requests.

https://fedorahosted.org/freeipa/ticket/1577





We want to always resolve TGS requests even if the user mistakenly sends a
request for a service ticket where the fqdn part contain upper case letters.

The actual implementation follows hints set by KDC. When AP_REQ is done, KDC
sets KRB5_FLAG_ALIAS_OK and we obey it when looking for principals on TGS requests.

https://fedorahosted.org/freeipa/ticket/1577







Add separate attribute to store trusted domain SID
2012-06-07T07:39:09+00:00

Alexander Bokovoy
abokovoy@redhat.com

2012-02-28T11:22:49+00:00

b32204fccc280714a32d56c15f70f770df82dfbd

We need two attributes in the ipaNTTrustedDomain objectclass to store different
kind of SID. Currently ipaNTSecurityIdentifier is used to store the Domain-SID
of the trusted domain. A second attribute is needed to store the SID for the
trusted domain user. Since it cannot be derived safely from other values and
since it does not make sense to create a separate object for the user a new
attribute is needed.

https://fedorahosted.org/freeipa/ticket/2191





We need two attributes in the ipaNTTrustedDomain objectclass to store different
kind of SID. Currently ipaNTSecurityIdentifier is used to store the Domain-SID
of the trusted domain. A second attribute is needed to store the SID for the
trusted domain user. Since it cannot be derived safely from other values and
since it does not make sense to create a separate object for the user a new
attribute is needed.

https://fedorahosted.org/freeipa/ticket/2191







permission-find missed some results with --pkey-only option
2012-06-01T05:51:59+00:00

Martin Kosek
mkosek@redhat.com

2012-05-31T10:39:24+00:00

6ff5f28142c46bf5f08fef74c261f75e1baa9f66

When permission-find post callback detected a --pkey-only option,
it just terminated. However, this way the results that could have
been added from aci_find matches were not included.

Fix the post callback to go through the entire matching process.
Also make sure that DNS permissions have a correct objectclass
(ipapermission), otherwise such objects are not matched by the
permission LDAP search.

https://fedorahosted.org/freeipa/ticket/2658





When permission-find post callback detected a --pkey-only option,
it just terminated. However, this way the results that could have
been added from aci_find matches were not included.

Fix the post callback to go through the entire matching process.
Also make sure that DNS permissions have a correct objectclass
(ipapermission), otherwise such objects are not matched by the
permission LDAP search.

https://fedorahosted.org/freeipa/ticket/2658







- add a pair of ethers maps for computers with hardware addresses on file
2012-04-26T07:00:22+00:00

Nalin Dahyabhai
nalin@dahyabhai.net

2012-04-16T19:33:42+00:00

856b9627beaca89fde6904cdea398ac817faf321












- create a "cn=computers" compat area populated with ieee802Device entries corresponding to computers with fqdn and macAddress attributes
2012-04-26T07:00:17+00:00

Nalin Dahyabhai
nalin@dahyabhai.net

2012-04-16T19:31:12+00:00

74b42cc89ce58025f8c8e121d2cb6f2a9557d197












- index the fqdn and macAddress attributes for the sake of the compat plugin
2012-04-26T07:00:11+00:00

Nalin Dahyabhai
nalin@dahyabhai.net

2012-04-16T19:26:50+00:00

1c26c06d61a72150478e8e529d36bc7eb3650f0c












Return consistent value when hostcat and usercat is all.
2012-04-08T20:54:32+00:00

Rob Crittenden
rcritten@redhat.com

2012-04-05T14:03:04+00:00

7471ba22370626b26413c0f861c4ebb4a7128948

We were returning '' for the first entry when hostcat and usercat were
set to all. All subsequent entries were padded with - which effectively
denied access.

This requires slapi-nis 0.40+

https://fedorahosted.org/freeipa/ticket/2192





We were returning '' for the first entry when hostcat and usercat were
set to all. All subsequent entries were padded with - which effectively
denied access.

This requires slapi-nis 0.40+

https://fedorahosted.org/freeipa/ticket/2192