freeipa.git/ipaserver, branch trusts-master FreeIPA project Enhance ipa-adtrust-install for domains with multiple IPA server 2013-03-25T13:10:17+00:00 Alexander Bokovoy abokovoy@redhat.com 2013-03-06T08:12:40+00:00 e6e37187fe2fb0f16abba94671931791c73ef177 As described on http://www.freeipa.org/page/V3/MultipleTrustServers, notice if FreeIPA server is a replica and adtrust agents contains members corresponding to the cifs/ services from replication partners. If so, increase priority field and add normal SRV records with increased priority. https://fedorahosted.org/freeipa/ticket/2189 
As described on http://www.freeipa.org/page/V3/MultipleTrustServers,
notice if FreeIPA server is a replica and adtrust agents contains members
corresponding to the cifs/ services from replication partners. If so, increase
priority field and add normal SRV records with increased priority.

https://fedorahosted.org/freeipa/ticket/2189
Add logging to join command 2013-03-25T09:58:23+00:00 Tomas Babej tbabej@redhat.com 2013-03-13T13:47:03+00:00 2f0c7d6e233f3f9ed5559bf760f274c33c42be3d The following is mentioned in the log now: - existence of host entry (if it already does exist) - missing krbprincipalname and its new value (if there was no principal name set) https://fedorahosted.org/freeipa/ticket/3481 
The following is mentioned in the log now:
  - existence of host entry (if it already does exist)
  - missing krbprincipalname and its new value (if there was no
    principal name set)

https://fedorahosted.org/freeipa/ticket/3481
Configure ipa_dns DS plugin on install and upgrade 2013-03-22T13:31:22+00:00 Martin Kosek mkosek@redhat.com 2013-03-13T14:15:41+00:00 b5b040e68f571a858dfe85b65b58687ffc816649 The plugin is configured unconditionally (i.e. does not check if IPA was configured with DNS) as the plugin is needed on all replicas to prevent objectclass violations due to missing SOA serial in idnsZone objectclass. The violation could happen if just one replica configured DNS and added a new zone. https://fedorahosted.org/freeipa/ticket/3347 
The plugin is configured unconditionally (i.e. does not check if
IPA was configured with DNS) as the plugin is needed on all
replicas to prevent objectclass violations due to missing SOA
serial in idnsZone objectclass. The violation could happen if just
one replica configured DNS and added a new zone.

https://fedorahosted.org/freeipa/ticket/3347
Update named.conf parser 2013-03-14T14:50:24+00:00 Martin Kosek mkosek@redhat.com 2013-03-05T11:02:58+00:00 ca6f7f24509de8aa6346f847a3647c582cb913b4 Refactor the named.conf parsing and editing functions in bindinstance so that both "dynamic-db" and "options" sections of named.conf can be read and updated https://fedorahosted.org/freeipa/ticket/3429 
Refactor the named.conf parsing and editing functions in bindinstance
so that both "dynamic-db" and "options" sections of named.conf can
be read and updated

https://fedorahosted.org/freeipa/ticket/3429
Enforce exact SID match when adding or modifying a ID range 2013-03-14T14:20:30+00:00 Tomas Babej tbabej@redhat.com 2013-03-06T11:17:28+00:00 04a17f00b7a991297cc4f7441512a4f5ca436271 SID validation in idrange.py now enforces exact match on SIDs, thus one can no longer use SID of an object in a trusted domain as a trusted domain SID. https://fedorahosted.org/freeipa/ticket/3432 
SID validation in idrange.py now enforces exact match on SIDs, thus
one can no longer use SID of an object in a trusted domain as a
trusted domain SID.

https://fedorahosted.org/freeipa/ticket/3432
Extend ipa-replica-manage to be able to manage DNA ranges. 2013-03-13T14:32:36+00:00 Rob Crittenden rcritten@redhat.com 2013-03-01T20:02:14+00:00 9005b9bc8aac7c1381aadb7d17107ebbebae005d Attempt to automatically save DNA ranges when a master is removed. This is done by trying to find a master that does not yet define a DNA on-deck range. If one can be found then the range on the deleted master is added. If one cannot be found then it is reported as an error. Some validation of the ranges are done to ensure that they do overlap an IPA local range and do not overlap existing DNA ranges configured on other masters. http://freeipa.org/page/V3/Recover_DNA_Ranges https://fedorahosted.org/freeipa/ticket/3321 
Attempt to automatically save DNA ranges when a master is removed.
This is done by trying to find a master that does not yet define
a DNA on-deck range. If one can be found then the range on the deleted
master is added.

If one cannot be found then it is reported as an error.

Some validation of the ranges are done to ensure that they do overlap
an IPA local range and do not overlap existing DNA ranges configured
on other masters.

http://freeipa.org/page/V3/Recover_DNA_Ranges

https://fedorahosted.org/freeipa/ticket/3321
Remove ipaserver/ipaldap.py 2013-03-13T11:36:33+00:00 Petr Viktorin pviktori@redhat.com 2013-01-31T11:59:35+00:00 91a63cce6203cb8d0cf956d9e30842db365500da In addition to removing the module, fix all places where it was imported. Preparation for: https://fedorahosted.org/freeipa/ticket/3446 
In addition to removing the module, fix all places where it was imported.

Preparation for: https://fedorahosted.org/freeipa/ticket/3446
Move ipaldap to ipapython 2013-03-13T11:36:33+00:00 Petr Viktorin pviktori@redhat.com 2013-01-31T11:19:02+00:00 4e6a2a916d99c4eb9f5e6f5d622517e1b3fe323e Part of the work for: https://fedorahosted.org/freeipa/ticket/3446 
Part of the work for: https://fedorahosted.org/freeipa/ticket/3446
Fix installing server with external CA 2013-03-08T14:42:20+00:00 Petr Viktorin pviktori@redhat.com 2013-02-25T16:15:23+00:00 6ff20ca2d979f481ce91f013469e53d74a95dd48 Reorganize ipa-server-instal so that DS (and NTP server) installation only happens in step one. Change CAInstance to behave correctly in two-step install. Add an `init_info` method to DSInstance that includes common attribute/sub_dict initialization from create_instance and create_replica. Use it in ipa-server-install to get a properly configured DSInstance for later tasks. https://fedorahosted.org/freeipa/ticket/3459 
Reorganize ipa-server-instal so that DS (and NTP server) installation
only happens in step one.

Change CAInstance to behave correctly in two-step install.

Add an `init_info` method to DSInstance that includes common
attribute/sub_dict initialization from create_instance and create_replica.
Use it in ipa-server-install to get a properly configured DSInstance
for later tasks.

https://fedorahosted.org/freeipa/ticket/3459
Disable schema retrieval and attribute decoding when talking to AD GC. 2013-03-08T13:47:52+00:00 Jan Cholasta jcholast@redhat.com 2013-03-07T09:56:49+00:00 9955ba0714996db7b2b97261d3eb72f281eaa2f6