freeipa.git/install/updates, branch testing FreeIPA project Configure Managed Entries on replicas. 2011-05-25T20:39:27+00:00 Rob Crittenden rcritten@redhat.com 2011-05-18T19:12:22+00:00 201ffc07bdb9e45ebb155a36b3b8ca77e7f9719c The Managed Entries plugin configurations weren't being created on replica installs. The templates were there but the cn=config portions were not. This patch adds them as updates. The template portion will be added in the initial replication. ticket 1222 
The Managed Entries plugin configurations weren't being created on
replica installs. The templates were there but the cn=config
portions were not.

This patch adds them as updates. The template portion will be added
in the initial replication.

ticket 1222
A new flag to disable creation of UPG 2011-05-25T06:39:47+00:00 Martin Kosek mkosek@redhat.com 2011-05-16T10:56:04+00:00 dea578a357b2ebc68f56ef31f841cfe056f73303 Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 
Automatic creation may of User Private Groups (UPG) may not be
wanted at all times. This patch adds a new flag --noprivate to
ipa user-add command to disable it.

https://fedorahosted.org/freeipa/ticket/1131
Enable 389-ds SSL host checking by defauilt 2011-05-20T14:08:11+00:00 Rob Crittenden rcritten@redhat.com 2011-05-20T02:30:53+00:00 00abd47de4d3238295cbe5dc30210b913c0f07a1 Enforce that the remote hostname matches the remote SSL server certificate when 389-ds operates as an SSL client. Also add an update file to turn this off for existing installations. This also changes the way the ldapupdater modlist is generated to be more like the framework. Single-value attributes are done as replacements and there is a list of force-replacement attributes. ticket 1069 
Enforce that the remote hostname matches the remote SSL server certificate
when 389-ds operates as an SSL client.

Also add an update file to turn this off for existing installations.

This also changes the way the ldapupdater modlist is generated to be more
like the framework. Single-value attributes are done as replacements
and there is a list of force-replacement attributes.

ticket 1069
The default groups we create should have ipaUniqueId set 2011-04-15T11:02:17+00:00 Rob Crittenden rcritten@redhat.com 2011-04-14T18:37:45+00:00 fe67680da5c3d7799884bdbd4d900070394dc5d0 This adds a new directive to ipa-ldap-updater: addifnew. This will add a new attribute only if it doesn't exist in the current entry. We can't compare values because the value we are adding is automatically generated. ticket 1177 
This adds a new directive to ipa-ldap-updater: addifnew. This will add
a new attribute only if it doesn't exist in the current entry. We can't
compare values because the value we are adding is automatically generated.

ticket 1177
Add memberHost and memberUser to default indexes 2011-04-08T15:00:24+00:00 Jr Aquino jr.aquino@citrix.com 2011-03-30T20:12:31+00:00 25d301ef71dabc9ef4b3b6c31493f97f16298d36 https://fedorahosted.org/freeipa/ticket/1138 
https://fedorahosted.org/freeipa/ticket/1138
Fix ORDERING in some attributetypes and remove other unnecessary elements. 2011-04-06T01:46:32+00:00 Rob Crittenden rcritten@redhat.com 2011-04-05T20:28:59+00:00 b9a2c11d6f6be6e7e599a48c70e798b720222b35 Looking at the schema in 60basev2.ldif there were many attributes that did not have an ORDERING matching rule specified correctly. There were also a number of attributeTypes that should have been just SUP distinguishedName that had a combination of SUP, SYNTAX, ORDERING, etc. This requires 389-ds-base-1.2.8.0-1+ ticket 1153 
Looking at the schema in 60basev2.ldif there were many attributes that did
not have an ORDERING matching rule specified correctly. There were also a
number of attributeTypes that should have been just SUP
distinguishedName that had a combination of SUP, SYNTAX, ORDERING, etc.

This requires 389-ds-base-1.2.8.0-1+

ticket 1153
Allow a client to enroll using principal when the host has a OTP 2011-03-30T14:03:44+00:00 Rob Crittenden rcritten@redhat.com 2011-03-29T17:15:22+00:00 87193366526e645475792cde2450cc7cc48802ad If the host has a one-time password but krbPrincipalName wasn't set yet then the enrollment would fail because writing the principal is not allowed. This creates an ACI that only lets it be written if it is not already set. ticket 1075 
If the host has a one-time password but krbPrincipalName wasn't set yet
then the enrollment would fail because writing the principal is not
allowed. This creates an ACI that only lets it be written if it is not
already set.

ticket 1075
Store list of non-master replicas in DIT and provide way to list them 2011-03-02T14:46:46+00:00 Simo Sorce ssorce@redhat.com 2011-02-28T22:35:44+00:00 54b26270186422607ef52b9b408326744b2d86d1 Fixes: https://fedorahosted.org/freeipa/ticket/1007 
Fixes: https://fedorahosted.org/freeipa/ticket/1007
Use Sudo rather than SUDO as a label. 2011-03-01T21:48:35+00:00 Rob Crittenden rcritten@redhat.com 2011-02-28T16:44:27+00:00 07ba40f33ea4434f11bd3919ad591d3d6acccf6c ticket 1005 
ticket 1005
Add default roles and permissions for HBAC, SUDO and pw policy 2011-02-22T15:02:24+00:00 Rob Crittenden rcritten@redhat.com 2011-02-22T14:21:14+00:00 ac68ea3c6c633206a01db5a0b74b994ab0c29093 Created some default roles as examples. In doing so I realized that we were completely missing default rules for HBAC, SUDO and password policy so I added those as well. I ran into a problem when the updater has a default record and an add at the same time, it should handle it better now. ticket 585 
Created some default roles as examples. In doing so I realized that
we were completely missing default rules for HBAC, SUDO and password
policy so I added those as well.

I ran into a problem when the updater has a default record and an add
at the same time, it should handle it better now.

ticket 585