summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Use pkg-config to detect cmockaLukas Slebodnik2013-07-151-25/+12
| | | | https://fedorahosted.org/freeipa/ticket/3434
* Integration test config: Make it possible to specify host IPPetr Viktorin2013-07-152-20/+28
|
* BeakerLib plugin: Log http links in test docstringsPetr Viktorin2013-07-151-0/+13
| | | | The main case for this is having ticket numbers in the Beaker ouput.
* Make BeakerLib logging less verbosePetr Viktorin2013-07-154-18/+15
| | | | | | | | | | | | | Logs from Beaker jobs are normally very brief, with the standard output/error containing detailed information. Make ipa-run-tests with BeakerLib plugin follow this convention. Only include INFO and higher level messages in the Beaker logs. Downgrade several message levels to DEBUG. Log to console using Python logging instead of showing the Beaker logs. Since ipa-run-tests sets up its own logging, Nose's own log handling just causes duplicate messages. Disable it with --nologcapture.
* Use dosctrings in BeakerLib phase descriptionsPetr Viktorin2013-07-152-4/+21
| | | | | | | Phase names are now in the format: test-module-TestClass-test_method: First line of docstring https://fedorahosted.org/freeipa/ticket/3723
* Host class improvementsPetr Viktorin2013-07-153-15/+34
| | | | | | | | | | - Use the external hostname when connecting to remote hosts - Make it possible to specify working directory for remote commands - Move kinit calls to installation code This allows tests where installation is done later - Log at error level when a remote command fails unexpectedly - Clean up test directory before testing - Break infinite recursion in mkdir_recursive if dir can't be created
* tests: Configure/unconfigure remote hostsPetr Viktorin2013-07-154-9/+135
| | | | | | | | Set up the hostname, /etc/resolv.conf, and /etc/hosts on remote hosts in the test setup. Undo the changes in test teardown. Part of the work for https://fedorahosted.org/freeipa/ticket/3621
* tests: Allow public keys for authentication to the remote machinesPetr Viktorin2013-07-152-2/+23
| | | | Part of the work for https://fedorahosted.org/freeipa/ticket/3621
* Show logs in failed testsPetr Viktorin2013-07-152-0/+31
| | | | | | | | | | | Output from IPA's log manager is not captured by Nose's logcapture plugin. Forward IPA logs to a regular Python logger so that they are shown on failures. IPA log messages are also shown on standard error. Filter out Paramiko logs by default; these are too verbose. Part of the work for: https://fedorahosted.org/freeipa/ticket/3621
* Collect logs from testsPetr Viktorin2013-07-152-12/+69
| | | | | | | | After each test, and after class setups and teardowns, the BeakerLib integration plugin now downloads log files from the remote masters and submits them using rlFileSubmit. Part of the work for: https://fedorahosted.org/freeipa/ticket/3621
* Introduce a class for remote commandsPetr Viktorin2013-07-152-46/+132
| | | | | | | | | | | | Introduce a class inspired by subprocess.Popen that handles running a command on a remote machine and handling its output. To separate stdout & stderr streams of a remote command, they need to be read in parallel, so that one of them doesn't stall the runner when its buffer fills up. Accomplish this by using a thread for each stream. Part of the work for: https://fedorahosted.org/freeipa/ticket/3621
* Add a framework for integration testingPetr Viktorin2013-07-156-55/+450
| | | | | | | | | | | | Add methods to run commands and copy files to Host objects. Adds a base class for integration tests which can currently install and uninstall IPA in a "star" topology with per-test specified number of hosts. A simple test for user replication between two masters is provided. Log files from the remote hosts can be marked for collection, but the actual collection is left to a Nose plugin. Part of the work for: https://fedorahosted.org/freeipa/ticket/3621
* Add a framework for integration test configurationPetr Viktorin2013-07-156-10/+484
| | | | | | | | | | | Integration tests are configured via environment variables. Add a framework for parsing these variables and storing them in easy-to-use objects. Add an `ipa-test-config` executable that loads the configuration and prints out variables needed in shell scripts. Part of the work for https://fedorahosted.org/freeipa/ticket/3621
* Add a plugin for test orderingPetr Viktorin2013-07-152-1/+73
| | | | | | | | | | Tests in test classes decorated by @ipatests.order_plugin.ordered are sorted by the source line number instead of alphabetically, if the plugin is enabled. The ipa-run-tests helper now loads and enables the plugin. This should make writing integration tests easier.
* Remove unused variableJakub Hrozek2013-07-152-5/+0
|
* Return the correct Content-type on negotiated XML-RPC requests.Rob Crittenden2013-07-151-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3745
* Run server upgrade and restart in posttransMartin Kosek2013-07-111-9/+16
| | | | | | | Running server upgrade or restart in %post or %postun may cause issues when there are still parts of old FreeIPA software (like entitlements plugin). https://fedorahosted.org/freeipa/ticket/3739
* Use --ignore-dependencies only when necessaryAna Krivokapic2013-07-111-4/+5
| | | | | | | | | | Using the --ignore-dependencies switch was causing the ipactl stop command not to stop all instances of dirsrv and dogtag. Make sure the switch is used only when necessary, i.e. to prevent ipa-otpd.socket from getting stuck during the shutdown transaction. https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729
* Add libsss_nss_idmap-devel to BuildRequiresTomas Babej2013-07-111-0/+1
|
* Fix for small syntax error in OTP schemaNathaniel McCallum2013-07-112-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3765
* Make sure replication works after DM password is changedAna Krivokapic2013-07-112-3/+42
| | | | | | | | | | | | | | | | Replica information file contains the file `cacert.p12` which is protected by the Directory Manager password of the initial IPA server installation. The DM password of the initial installation is also used for the PKI admin user password. If the DM password is changed after the IPA server installation, the replication fails. To prevent this failure, add the following steps to ipa-replica-prepare: 1. Regenerate the `cacert.p12` file and protect it with the current DM password 2. Update the password of the PKI admin user with the current DM password https://fedorahosted.org/freeipa/ticket/3594
* Add --range-type option that forces range type of the trusted domainTomas Babej2013-07-114-6/+43
| | | | | | | | | | Adds --range-type option to ipa trust-add command. It takes two allowed values: 'ipa-ad-trust-posix' and 'ipa-ad-trust'. When --range-type option is not specified, the range type should be determined by ID range discovery. https://fedorahosted.org/freeipa/ticket/3650
* Avoid systemd service deadlock during shutdownAna Krivokapic2013-07-111-1/+11
| | | | https://fedorahosted.org/freeipa/ticket/3729
* Use correct DS instance in ipactl statusAna Krivokapic2013-07-112-13/+31
| | | | | | | Make sure ipactl status check for correct DS instance. It should check for 'dirsrv@IPA-REALM' and not 'dirsrv.target'. https://fedorahosted.org/freeipa/ticket/3730
* Generate syntethic MS-PAC for all services running on IPA masterAlexander Bokovoy2013-07-111-6/+73
| | | | | | | | | | | MS-PAC is required to be present in TGT if one wants to connect to AD services using this TGT. Users get MS-PAC by default, SSSD in ipa_server_mode uses host/fqdn@REALM principal to talk to AD LDAP. This patch enables other services running on IPA master to connect to AD services. This is required for IPA python code doing discovery of remote AD domain settings shortly after IPA-AD trust has been established.
* Fix extdom plugin to provide unqualified name in response as sssd expectsAlexander Bokovoy2013-07-111-3/+30
| | | | | | | | | | | | | | | extdom plugin handles external operation over which SSSD asks IPA server about trusted domain users not found through normal paths but detected to belong to the trusted domains associated with IPA realm. SSSD expects that user or group name in the response will be unqualified because domain name for the user or group is also included in the response. Strip domain name from the name if getgrnam_r/getpwnam_r calls returned fully qualified name which includes the domain name we are asked to handle. The code already expects that fully-qualified names are following user@domain convention so we are simply tracking whether '@' symbol is present and is followed by the domain name.
* Make sure domain_name is also set when processing INP_NAME requestsAlexander Bokovoy2013-07-111-0/+1
|
* Remove winbind client configure checkSumit Bose2013-07-111-11/+0
| | | | | With the replacement of the winbind calls in the extdom plugin none of the plugins is using the winbind client libraries anymore.
* extdom: replace winbind calls with POSIX/SSSD callsSumit Bose2013-07-116-293/+253
| | | | | | | | | | | | | | | With the new ipa_server_mode SSSD is able to read user and group data from trusted AD domains directly and makes this data available via the NSS responder. With this mode enabled winbind is not needed anymore to lookup users and groups of trusted domains. This patch removed the calls to winbind from the extdom plugin and replaces them with standard POSIX calls like getpwnam() and calls from libsss_nss_idmap to lookup SIDs. Fixes https://fedorahosted.org/freeipa/ticket/3637 because now the extdom plugin does not need to handle idranges anymore, but everything is done inside SSSD.
* Add PAC to master host TGTsSumit Bose2013-07-111-39/+115
| | | | | | | | | | | | | | | | | | | | For a proper SASL bind with GSSAPI against an AD LDAP server a PAC is needed. To allow SSSD in ipa_server_mode to access the LDAP or GC server of a trusted domain with the credentials of a FreeIPA server host a PAC must be added to the TGT for the host. We use the well know RID of the Domain Computers group (515) for the primary gid element of the PAC, this is the same as AD uses for host tickets. The rid element of the PAC is set to the well know RID of the Domain Controllers group (516). This is working for the SSSD use case but might be improved later for more general use cases. To determine if a host is a FreeIPA server or not it is checked if there is an entry for the host in cn=master,cn=ipa,cn=etc,$base. Unfortunately this requires an additional LDAP lookup. But since TGS-REQs for hosts should be rare I think it is acceptable for the time being. Fixes https://fedorahosted.org/freeipa/ticket/3651
* Permit reads to ipatokenRadiusProxyUser objectsNathaniel McCallum2013-07-112-2/+2
| | | | | | This fixes an outstanding permissions issue from the OTP work. https://fedorahosted.org/freeipa/ticket/3693
* Add missing equality index for ipaUniqueId.Jan Cholasta2013-07-112-0/+15
| | | | https://fedorahosted.org/freeipa/ticket/3743
* Add missing substring indices for attributes managed by the referint plugin.Jan Cholasta2013-07-112-33/+43
| | | | | | | | The referint plugin does a substring search on these attributes each time an entry is deleted, which causes a noticable slowdown for large directories if the attributes are not indexed. https://fedorahosted.org/freeipa/ticket/3706
* Use LDAP modify operation directly to add/remove group members.Jan Cholasta2013-07-111-23/+13
| | | | | | This prevents getting full member list from LDAP and putting it back later. https://fedorahosted.org/freeipa/ticket/3706
* Use LDAP search instead of *group_show to check for a group objectclass.Jan Cholasta2013-07-113-37/+41
| | | | https://fedorahosted.org/freeipa/ticket/3706
* Use LDAP search instead of *group_show to check if a group exists.Jan Cholasta2013-07-116-9/+15
| | | | https://fedorahosted.org/freeipa/ticket/3706
* Check trust chain length in CA-less install.Jan Cholasta2013-07-111-2/+9
| | | | https://fedorahosted.org/freeipa/ticket/3707
* Skip cert issuer validation in service and host commands in CA-less install.Jan Cholasta2013-07-091-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3736
* Fix client install exception if /etc/ssh is missingNathaniel McCallum2013-07-091-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3766
* Disable checkboxes and radios for readonly attributesPetr Vobornik2013-07-091-8/+15
| | | | https://fedorahosted.org/freeipa/ticket/3764
* Fix bug in adtrustinstanceAna Krivokapic2013-07-091-2/+2
| | | | | | | Incorrect tuple unpacking in adtrustinstance was causing ipa-adtrust-install to fail when IPA was installed with no DNS. https://fedorahosted.org/freeipa/ticket/3746
* Enable SASL mapping fallback.Jan Cholasta2013-06-276-4/+28
| | | | | | Assign a default priority of 10 to our SASL mappings. https://fedorahosted.org/freeipa/ticket/3330
* Create Firefox configuration extension on CA-less installPetr Vobornik2013-06-274-26/+33
| | | | | | | | | | Create: * kerberosauth.xpi * krb.js even when --http_pkcs12 option is used. https://fedorahosted.org/freeipa/ticket/3747
* Do not skip SSSD known hosts in ipa-client-install --ssh-trust-dns.Jan Cholasta2013-06-271-3/+3
| | | | https://fedorahosted.org/freeipa/ticket/3705
* Do not redirect to https in /ipa/ui on non-HTML filesPetr Vobornik2013-06-261-1/+2
| | | | | | Those resources are needed by page which has to use http(browser config) prior to acceptance of CA cert. https://fedorahosted.org/freeipa/ticket/3748
* Remove entitlement supportMartin Kosek2013-06-2636-2972/+4
| | | | | | | Entitlements code was not tested nor supported upstream since version 3.0. Remove the associated code. https://fedorahosted.org/freeipa/ticket/3739
* Fix CA-less check in ipa-replica-install and ipa-ca-install.Jan Cholasta2013-06-262-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3750
* Fix default value selection in radio widgetPetr Vobornik2013-06-241-1/+11
| | | | https://fedorahosted.org/freeipa/ticket/3718
* Require rid-base and secondary-rid-base in idrange-add after ipa-adtrust-installAna Krivokapic2013-06-247-77/+196
| | | | | | | | | | | | | Add a new API command 'adtrust_is_enabled', which can be used to determine whether ipa-adtrust-install has been run on the system. This new command is not visible in IPA CLI. Use this command in idrange_add to conditionally require rid-base and secondary-rid-base options. Add tests to cover the new functionality https://fedorahosted.org/freeipa/ticket/3634
* Do not display traceback to userAna Krivokapic2013-06-241-5/+4
| | | | | | | | Logging tracebacks at the INFO level caused them to be displayed to user on the command line. Change the log level to DEBUG, so that tracebacks are not visible to user. https://fedorahosted.org/freeipa/ticket/3704
generated by cgit (git 2.34.1) at 2024-06-10 11:39:48 +0000