freeipa.git/ipaserver, branch master FreeIPA project Check /etc/hosts file in ipa-server-install 2011-10-13T04:54:45+00:00 Martin Kosek mkosek@redhat.com 2011-10-13T10:15:41+00:00 363c23a37c3631a0fb16df6b88bd5138677b818a There may already be a record in /etc/hosts for chosen IP address which may not be detected under some circumstances. Make sure that /etc/hosts is checked properly. https://fedorahosted.org/freeipa/ticket/1923 
There may already be a record in /etc/hosts for chosen IP address
which may not be detected under some circumstances. Make sure
that /etc/hosts is checked properly.

https://fedorahosted.org/freeipa/ticket/1923
Hostname used by IPA must be a system hostname 2011-10-13T04:54:41+00:00 Martin Kosek mkosek@redhat.com 2011-10-13T10:16:15+00:00 77cc5e024601ae7be6ce706499d5f403c8b71408 Make sure that the hostname IPA uses is a system hostname. If user passes a non-system hostname, update the network settings and system hostname in the same way that ipa-client-install does. This step should prevent various services failures which may not be ready to talk to IPA with non-system hostname. https://fedorahosted.org/freeipa/ticket/1931 
Make sure that the hostname IPA uses is a system hostname. If user
passes a non-system hostname, update the network settings and
system hostname in the same way that ipa-client-install does.

This step should prevent various services failures which may not
be ready to talk to IPA with non-system hostname.

https://fedorahosted.org/freeipa/ticket/1931
Check hostname resolution sanity 2011-10-13T04:54:37+00:00 Martin Kosek mkosek@redhat.com 2011-10-07T12:23:20+00:00 9bff6cb8a955c3f4b167e05856b40f6e2ee5dca8 Always check (even with --setup-dns or --no-host-dns) that if the host name or ip address resolves, it resolves to sane value. Otherwise report an error. Misconfigured /etc/hosts causing these errors could harm the installation later. https://fedorahosted.org/freeipa/ticket/1923 
Always check (even with --setup-dns or --no-host-dns) that if the
host name or ip address resolves, it resolves to sane value. Otherwise
report an error. Misconfigured /etc/hosts causing these errors could
harm the installation later.

https://fedorahosted.org/freeipa/ticket/1923
Work around limits not being updatable in 389-ds. 2011-10-13T02:42:07+00:00 Rob Crittenden rcritten@redhat.com 2011-10-13T19:46:58+00:00 9a4fd254ff69bc34c6d14b2255d49c3297380231 The bug to fix updates, BZ 741744, isn't working. For the short term add the attributes we want to update to the REPLACE whitelist so rather than using an ADD and DEL operation it will use a REPLACE. https://fedorahosted.org/freeipa/ticket/1888 
The bug to fix updates, BZ 741744, isn't working. For the short
term add the attributes we want to update to the REPLACE
whitelist so rather than using an ADD and DEL operation it will
use a REPLACE.

https://fedorahosted.org/freeipa/ticket/1888
Fix has_upg() to work with relocated managed entries configuration. 2011-10-13T19:38:03+00:00 Rob Crittenden rcritten@redhat.com 2011-10-13T17:07:49+00:00 197b1acfe4ca40fe9570231d4c74db2ce1048ca6 https://fedorahosted.org/freeipa/ticket/1964 
https://fedorahosted.org/freeipa/ticket/1964
Optimize member/memberof searches in LDAP 2011-10-12T10:31:16+00:00 Martin Kosek mkosek@redhat.com 2011-10-12T07:36:24+00:00 e5389ffd5193fcb7edf3b0c5fa887e46cff986fe When investigating if member/memberof attribute is direct/indirect we do a lot of LDAP SCOPE_SUBTREE searches when we actually search just for one item. Make sure we search only with SCOPE_BASE to improve the performance. One not so efficient iteration was also changed to list comprehension to speed things up a tiny bit. https://fedorahosted.org/freeipa/ticket/1885 
When investigating if member/memberof attribute is direct/indirect
we do a lot of LDAP SCOPE_SUBTREE searches when we actually search
just for one item. Make sure we search only with SCOPE_BASE to improve
the performance.

One not so efficient iteration was also changed to list comprehension
to speed things up a tiny bit.

https://fedorahosted.org/freeipa/ticket/1885
Don't leak passwords through kdb5_ldap_util command line arguments. 2011-10-12T01:25:17+00:00 Jan Cholasta jcholast@redhat.com 2011-10-11T16:44:33+00:00 0d823ddc4e5fa7f8bdecb590b4ebd129106b063f ticket 1948 
ticket 1948
Write KRB5REALM to /etc/sysconfig/krb5kdc and make use of common backup_config_and_replace_variables() tool 2011-10-11T22:21:48+00:00 Alexander Bokovoy abokovoy@redhat.com 2011-10-12T11:18:21+00:00 498311d2efdeacca0cbaaff68829b9e21da030eb systemd service unit for krb5kdc in Fedora 16 uses KRB5REALM variable of /etc/sysconfig/krb5kdc to start krb5kdc for the default realm. Thus, we need to make sure it is always existing and pointing to our realm. Partial fix for: https://fedorahosted.org/freeipa/ticket/1192 
systemd service unit for krb5kdc in Fedora 16 uses KRB5REALM variable of
/etc/sysconfig/krb5kdc to start krb5kdc for the default realm. Thus, we
need to make sure it is always existing and pointing to our realm.

Partial fix for:
   https://fedorahosted.org/freeipa/ticket/1192
Fix dnszone-add name_from_ip server validation 2011-10-11T13:15:15+00:00 Martin Kosek mkosek@redhat.com 2011-10-11T08:54:34+00:00 070bc7f725dc33e61bf421b9973292721ae6fbfa Ticket 1627 contained a (temporary hack-ish) fix for dnszone-add name_from_ip validation which works fine for CLI. However, when the command is not proceeded via CLI and sent directly to the RPC server, the server throws Internal Server Error. Make sure that the server returns a reasonable error. Also implement 2 unit cases testing this option https://fedorahosted.org/freeipa/ticket/1941 
Ticket 1627 contained a (temporary hack-ish) fix for dnszone-add
name_from_ip validation which works fine for CLI. However, when
the command is not proceeded via CLI and sent directly to the
RPC server, the server throws Internal Server Error.

Make sure that the server returns a reasonable error. Also implement
2 unit cases testing this option

https://fedorahosted.org/freeipa/ticket/1941
Improve default user/group object class validation 2011-10-11T12:49:36+00:00 Martin Kosek mkosek@redhat.com 2011-10-11T08:26:21+00:00 88e693a1a5b95e9da94b927a0b827b3a0e39b7b7 When user/group default object class is being modified via ipa config-mod, no validation check is run. Check at least the following: - all object classes are known to LDAP - all default user/group attributes are allowed under the new set of default object classes https://fedorahosted.org/freeipa/ticket/1893 
When user/group default object class is being modified via
ipa config-mod, no validation check is run. Check at least
the following:

- all object classes are known to LDAP
- all default user/group attributes are allowed under the new
  set of default object classes

https://fedorahosted.org/freeipa/ticket/1893