freeipa.git/ipaserver/plugins, branch oneway-trust FreeIPA project plugable: Pass API to plugins on initialization rather than using set_api 2015-07-01T13:05:30+00:00 Jan Cholasta jcholast@redhat.com 2015-06-22T10:58:43+00:00 e39fe4ed31042bd28357d093fdbd93b4d6d59aaa https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
vault: Fix ipa-kra-install 2015-06-10T16:17:34+00:00 Jan Cholasta jcholast@redhat.com 2015-06-10T08:50:42+00:00 e7ac57e1390c76c3d7fdb2710808def107d21d6d Use state in LDAP rather than local state to check if KRA is installed. Use correct log file names. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com> 
Use state in LDAP rather than local state to check if KRA is installed.
Use correct log file names.

https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: David Kupka <dkupka@redhat.com>
Import profiles earlier during install 2015-06-05T17:12:46+00:00 Fraser Tweedale ftweedal@redhat.com 2015-06-05T06:57:48+00:00 8b3bc99a737edb9178e115c188d60d963f73e50c Currently, IPA certificate profile import happens at end of install. Certificates issuance during the install process does work but uses an un-customised caIPAserviceCert profile, resulting in incorrect subject DNs and missing extensions. Furthermore, the caIPAserviceCert profile shipped with Dogtag will eventually be removed. Move the import of included certificate profiles to the end of the cainstance deployment phase, prior to the issuance of DS and HTTP certificates. Part of: https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Currently, IPA certificate profile import happens at end of install.
Certificates issuance during the install process does work but uses
an un-customised caIPAserviceCert profile, resulting in incorrect
subject DNs and missing extensions.  Furthermore, the
caIPAserviceCert profile shipped with Dogtag will eventually be
removed.

Move the import of included certificate profiles to the end of the
cainstance deployment phase, prior to the issuance of DS and HTTP
certificates.

Part of: https://fedorahosted.org/freeipa/ticket/4002

Reviewed-By: Martin Basti <mbasti@redhat.com>
Add profile_id parameter to 'request_certificate' 2015-06-04T08:27:33+00:00 Fraser Tweedale ftweedal@redhat.com 2015-05-08T06:23:24+00:00 4cf2bfcaa62e9220fdeee952bf719452884507cd Add the profile_id parameter to the 'request_certificate' function and update call sites. Also remove multiple occurrences of the default profile ID 'caIPAserviceCert'. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Add the profile_id parameter to the 'request_certificate' function
and update call sites.

Also remove multiple occurrences of the default profile ID
'caIPAserviceCert'.

Part of: https://fedorahosted.org/freeipa/ticket/57

Reviewed-By: Martin Basti <mbasti@redhat.com>
Import included profiles during install or upgrade 2015-06-04T08:27:33+00:00 Fraser Tweedale ftweedal@redhat.com 2015-05-12T01:17:48+00:00 b24fe0eb733c68af4042cdd78fca6f609efe843b Add a default service profile template as part of FreeIPA and format and import it as part of installation or upgrade process. Also remove the code that modifies the old (file-based) `caIPAserviceCert' profile. Fixes https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Add a default service profile template as part of FreeIPA and format
and import it as part of installation or upgrade process.

Also remove the code that modifies the old (file-based)
`caIPAserviceCert' profile.

Fixes https://fedorahosted.org/freeipa/ticket/4002

Reviewed-By: Martin Basti <mbasti@redhat.com>
Add certprofile plugin 2015-06-04T08:27:33+00:00 Fraser Tweedale ftweedal@redhat.com 2015-04-30T08:55:29+00:00 300b74fc7fb2a5ce540b2d21189794a5b2db88b1 Add the 'certprofile' plugin which defines the commands for managing certificate profiles and associated permissions. Also update Dogtag network code in 'ipapython.dogtag' to support headers and arbitrary request bodies, to facilitate use of the Dogtag profiles REST API. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Add the 'certprofile' plugin which defines the commands for managing
certificate profiles and associated permissions.

Also update Dogtag network code in 'ipapython.dogtag' to support
headers and arbitrary request bodies, to facilitate use of the
Dogtag profiles REST API.

Part of: https://fedorahosted.org/freeipa/ticket/57

Reviewed-By: Martin Basti <mbasti@redhat.com>
allow to call ldap2.destroy_connection multiple times 2015-05-07T16:13:57+00:00 Petr Vobornik pvoborni@redhat.com 2015-04-23T10:03:49+00:00 7d10547ae3098b96762846ff36e813042a503d59 A regression fix. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com> 
A regression fix.

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
speed up indirect member processing 2015-04-27T05:55:04+00:00 Petr Vobornik pvoborni@redhat.com 2015-03-31T08:59:37+00:00 4364ac08c538e3a4253804f523707092b34c2ed2 the old implementation tried to get all entries which are member of group. That means also user. User can't have any members therefore this costly processing was unnecessary. New implementation reduces the search only to entries which have members. Also page size was removed to avoid paging by small pages(default size: 100) which is very slow for many members. https://fedorahosted.org/freeipa/ticket/4947 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
the old implementation tried to get all entries which are member of group.
That means also user. User can't have any members therefore this costly
processing was unnecessary.

New implementation reduces the search only to entries which have members.

Also page size was removed to avoid paging by small pages(default size: 100)
which is very slow for many members.

https://fedorahosted.org/freeipa/ticket/4947

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
ldap: Move value encoding from IPASimpleLDAPObject to LDAPClient 2015-04-16T06:58:31+00:00 Jan Cholasta jcholast@redhat.com 2015-01-14T15:51:52+00:00 955885d8d909592325f017e09af79d62d912dcd0 Reviewed-By: Petr Viktorin <pviktori@redhat.com> 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
ldap: Use LDAPClient instead of IPASimpleLDAPObject in ldap2.modify_password 2015-04-16T06:58:31+00:00 Jan Cholasta jcholast@redhat.com 2015-04-08T11:31:15+00:00 e1f7bcfbea13f4fa67222d009092c556b017fcd4 Reviewed-By: Petr Viktorin <pviktori@redhat.com> 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>