freeipa.git/install/updates, branch platform FreeIPA project Add additional pam ftp services to HBAC, and a ftp HBAC service group 2011-08-24T19:22:14+00:00 Rob Crittenden rcritten@redhat.com 2011-08-24T21:28:22+00:00 40c60c89efb9723edbe4394080b1f5c080cabacf This adds proftpd, pure-ftpd, vsftpd and gssftp. https://fedorahosted.org/freeipa/ticket/1703 
This adds proftpd, pure-ftpd, vsftpd and gssftp.

https://fedorahosted.org/freeipa/ticket/1703
Change the way has_keytab is determined, also check for password. 2011-08-24T12:12:10+00:00 Rob Crittenden rcritten@redhat.com 2011-08-22T20:24:07+00:00 be7de56e5d403fb97bcb583f6b7b5dd7e3fb914c We need an indicator to see if a keytab has been set on host and service entries. We also need a way to know if a one-time password is set on a host. This adds an ACI that grants search on userPassword and krbPrincipalKey so we can do an existence search on them. This way we can tell if the attribute is set and create a fake attribute accordingly. When a userPassword is set on a host a keytab is generated against that password so we always set has_keytab to False if a password exists. This is fine because when keytab gets generated for the host the password is removed (hence one-time). This adds has_keytab/has_password to the user, host and service plugins. ticket https://fedorahosted.org/freeipa/ticket/1538 
We need an indicator to see if a keytab has been set on host and
service entries. We also need a way to know if a one-time password is
set on a host.

This adds an ACI that grants search on userPassword and
krbPrincipalKey so we can do an existence search on them. This way
we can tell if the attribute is set and create a fake attribute
accordingly.

When a userPassword is set on a host a keytab is generated against
that password so we always set has_keytab to False if a password
exists. This is fine because when keytab gets generated for the
host the password is removed (hence one-time).

This adds has_keytab/has_password to the user, host and service plugins.

ticket https://fedorahosted.org/freeipa/ticket/1538
Correct sudo runasuser and runasgroup attributes in schema 2011-07-19T12:06:41+00:00 Jr Aquino jr.aquino@citrix.com 2011-07-19T22:21:33+00:00 9821160d893bf35069119339cf9edb15a697afe1 https://fedorahosted.org/freeipa/ticket/1309 
https://fedorahosted.org/freeipa/ticket/1309
Correct behavior for sudorunasgroup vs sudorunasuser 2011-07-19T12:06:21+00:00 Jr Aquino jr.aquino@citrix.com 2011-07-19T22:19:57+00:00 78c3abd6bae2e2b8f2725beeeda41d718ba5dc17 https://fedorahosted.org/freeipa/ticket/1309 
https://fedorahosted.org/freeipa/ticket/1309
Set the ipa-modrdn plugin precedence to 60 so it runs last 2011-07-18T02:24:30+00:00 Rob Crittenden rcritten@redhat.com 2011-07-16T17:35:30+00:00 a48a84a5ead90898630a23fc0de1c978d1e0b810 The default precedence for plugins is 50 and the run in more or less alphabetical order (but not guaranteed). This plugin needs to run after the others have already done their work. https://fedorahosted.org/freeipa/ticket/1370 
The default precedence for plugins is 50 and the run in more or less
alphabetical order (but not guaranteed). This plugin needs to run after
the others have already done their work.

https://fedorahosted.org/freeipa/ticket/1370
Disallow direct modifications to enrolledBy. 2011-07-14T23:11:49+00:00 Rob Crittenden rcritten@redhat.com 2011-07-01T14:41:42+00:00 37e3bf2a6096ea18f46501bf5f2a51c55e829595 This fixes a regression. We don't need to allow enrolledBy to be modified because it gets written in the ipa_enrollment plugin which does internal operations so bypasses acis. https://fedorahosted.org/freeipa/ticket/302 
This fixes a regression.

We don't need to allow enrolledBy to be modified because it gets
written in the ipa_enrollment plugin which does internal operations
so bypasses acis.

https://fedorahosted.org/freeipa/ticket/302
Configure Managed Entries on replicas. 2011-05-25T20:39:27+00:00 Rob Crittenden rcritten@redhat.com 2011-05-18T19:12:22+00:00 201ffc07bdb9e45ebb155a36b3b8ca77e7f9719c The Managed Entries plugin configurations weren't being created on replica installs. The templates were there but the cn=config portions were not. This patch adds them as updates. The template portion will be added in the initial replication. ticket 1222 
The Managed Entries plugin configurations weren't being created on
replica installs. The templates were there but the cn=config
portions were not.

This patch adds them as updates. The template portion will be added
in the initial replication.

ticket 1222
A new flag to disable creation of UPG 2011-05-25T06:39:47+00:00 Martin Kosek mkosek@redhat.com 2011-05-16T10:56:04+00:00 dea578a357b2ebc68f56ef31f841cfe056f73303 Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 
Automatic creation may of User Private Groups (UPG) may not be
wanted at all times. This patch adds a new flag --noprivate to
ipa user-add command to disable it.

https://fedorahosted.org/freeipa/ticket/1131
Enable 389-ds SSL host checking by defauilt 2011-05-20T14:08:11+00:00 Rob Crittenden rcritten@redhat.com 2011-05-20T02:30:53+00:00 00abd47de4d3238295cbe5dc30210b913c0f07a1 Enforce that the remote hostname matches the remote SSL server certificate when 389-ds operates as an SSL client. Also add an update file to turn this off for existing installations. This also changes the way the ldapupdater modlist is generated to be more like the framework. Single-value attributes are done as replacements and there is a list of force-replacement attributes. ticket 1069 
Enforce that the remote hostname matches the remote SSL server certificate
when 389-ds operates as an SSL client.

Also add an update file to turn this off for existing installations.

This also changes the way the ldapupdater modlist is generated to be more
like the framework. Single-value attributes are done as replacements
and there is a list of force-replacement attributes.

ticket 1069
The default groups we create should have ipaUniqueId set 2011-04-15T11:02:17+00:00 Rob Crittenden rcritten@redhat.com 2011-04-14T18:37:45+00:00 fe67680da5c3d7799884bdbd4d900070394dc5d0 This adds a new directive to ipa-ldap-updater: addifnew. This will add a new attribute only if it doesn't exist in the current entry. We can't compare values because the value we are adding is automatically generated. ticket 1177 
This adds a new directive to ipa-ldap-updater: addifnew. This will add
a new attribute only if it doesn't exist in the current entry. We can't
compare values because the value we are adding is automatically generated.

ticket 1177