summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix NSS initialization errors during ipa-replica-prepareRob Crittenden2011-02-182-6/+2
| | | | | | | | | | | When enabling replication we make an SSL connection. I think the way this goes is python-ldap -> openldap -> NSS. It may be a problem in the openldap SSL client, maybe it isn't calling NSS_Shutdown(). In any case if we use ldapi instead the problem goes away. Back out the temporary code to ignore nss_shutdown errors. ticket 965
* Remove WebUI identifiers from global namespaceMartin Kosek2011-02-1814-639/+569
| | | | | | | | | | | Many WebUI identifiers were defined in a global namespace. This is not a good programming practice and may result in name clashes, for example with other libraries. This patch moves these variables to IPA namespace or its sub-namespaces, when meaningful. https://fedorahosted.org/freeipa/ticket/212
* Reset target DN when generated UUID is used as RDNNathan Kinder2011-02-171-0/+4
| | | | | | | | | | | | | | | When the UUID plug-in generates a value that is used in the RDN of the entry being added, the old DN is free'd and replaced with the new DN. The problem is that the operation in the pblock holds a pointer to the old DN address. This can cause other plug-ins to reference garbage, leading to incorrect results or crashes. This was causing the attribute uniqueness plug-in to not work correctly, resulting in duplicate netgroup entries. The fix is to have the UUID plug-in reset the target DN after changing the DN of the entry to be added. ticket 963
* Try to register DNS name through a DNS Update on install.Simo Sorce2011-02-173-1/+113
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/935
* Raise NotImplementedError for selfsigned cert-remove-holdJakub Hrozek2011-02-171-1/+1
|
* Configure SSSD to use DNS to find the IPA server by default.Rob Crittenden2011-02-171-1/+1
| | | | | | Add the server we registered with as a fallback. ticket 980
* Special handling for nsaccountlock attribute in user.Rob Crittenden2011-02-171-0/+8
| | | | | | | | nsaccountlock doesn't have a visible Param but we want do so some basic validation to be sure garbage doesn't get in there so do it in the pre_callback of add and mod. ticket 968
* Validate that the reverse DNS record is correctJan Zeleny2011-02-171-0/+16
| | | | | | | This patch ensures that PTR records added by FreeIPA are compliant with RFC. https://fedorahosted.org/freeipa/ticket/839
* Document the --rights output formatJan Zeleny2011-02-172-3/+16
| | | | | https://fedorahosted.org/freeipa/ticket/563 https://fedorahosted.org/freeipa/ticket/588
* Fixed user-add helpJan Zeleny2011-02-171-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/735
* removed image from MakefileAdam Young2011-02-171-1/+0
|
* Added expand/collapse all.Endi S. Dewata2011-02-174-34/+78
| | | | | | | | A link has been added into the details page to expand/collapse all sections. Previously each section's <div> container is identified using a long ID. It is now identified using the section name.
* tabs2 color from whiteAdam Young2011-02-171-1/+1
|
* Remove images and replace with css color in dialogsKyle Baker2011-02-171-3/+7
|
* Remove bright green from the tabs and subnav.Kyle Baker2011-02-179-29/+34
|
* Under shadow on h1 and removed imagesKyle Baker2011-02-172-0/+1
|
* Browser configuration support for Firefox 4Martin Kosek2011-02-171-12/+32
| | | | | | | | | | | | | Support of navigator.preferences that is used to access browser configuration was dropped in Firefox 4. This disables automatic configuration of user preferences in this browser that is needed to use Kerberos single sign-on. This patch detectes a lack of this interface and tries to configure the browser using new Services module introduced in Gecko 2 (used in Firefox 4, SeaMonkey 2.1). https://fedorahosted.org/freeipa/ticket/975
* Fix duplicate OIDsSimo Sorce2011-02-174-6/+6
| | | | | | | | | | | | | | | Apparently we forgot to check OID consistency between the schema and the extensions, and we got duplicates. Technically the schema was done later but it is easier to change the extensions OIDs than to change the schema of current beta2/rc1 installations. The only side effect is that older ipa-getkeytab and ipa-join binaries will fail. So all the admin/client tools must be upgraded at the same time as well as all the masters (otherwise some will show/accept the new OID while others won't). Fixes: https://fedorahosted.org/freeipa/ticket/976
* Updated default Kerberos password policyJan Zeleny2011-02-163-2/+7
| | | | https://fedorahosted.org/freeipa/ticket/930
* Don't allow host cn to be changed (it isn't used anyway).Rob Crittenden2011-02-161-0/+2
| | | | | | | We are required by LDAP schema to have a cn value. Don't let users change it thinking they are actually doing something. tickets 706 and 707
* Service/Host disable command output clarificationMartin Kosek2011-02-162-6/+6
| | | | | | | | | | | | | | When a service/host is disabled, the resulting summary message states that a Kerberos key was disabled. However, Kerberos key may not have been enabled before this command at all, which makes this information confusing for some users. Also, the summary message didn't state that an SSL certificate was disabled too. This patch rather changes the summary message to a standard phrase known from other plugins disable command and states all disable command steps in a respective command help. https://fedorahosted.org/freeipa/ticket/872
* Validate and convert certificate SNJakub Hrozek2011-02-162-3/+31
| | | | | | | | | | | | | The cert plugin only worked OK with decimal certificate serial numbers. This patch allows specifying the serial number in hexadecimal, too. The conversion now works such that: * with no explicit radix, a best-effort conversion is done using int(str, 0) in python. If the format is ambiguous, decimal takes precedence. * a hexadecimal radix can be specified explicitly with the traditional 0x prefix https://fedorahosted.org/freeipa/ticket/958 https://fedorahosted.org/freeipa/ticket/953
* Fixed cn attribute in ipaUniqueID uniqueness config.Endi S. Dewata2011-02-161-1/+1
|
* 17-2 Managed netgroups should be invisible ↵Jr Aquino2011-02-162-1/+20
| | | | https://fedorahosted.org/freeipa/ticket/963
* HBAC plugin inconsistent outputMartin Kosek2011-02-165-29/+56
| | | | | | | | This patch adds a proper summary text to HBAC command which is then printed out in CLI. Now, HBAC plugin output is consistent with other plugins. https://fedorahosted.org/freeipa/ticket/596
* Validate MX recordsJakub Hrozek2011-02-162-4/+24
| | | | https://fedorahosted.org/freeipa/ticket/967
* Fix typo in rewording of help for the user module.Rob Crittenden2011-02-161-4/+4
| | | | I was too quick on the patch push and didn't see a nack on the wording.
* Reword help for the user moduleJan Zeleny2011-02-161-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/351
* Temporary workaround for systemd brokeness on fedora 15Simo Sorce2011-02-151-0/+2
|
* Fixed association facets.Endi S. Dewata2011-02-1519-261/+188
| | | | | | | | The association config has been removed because it incorrectly assumes there is only one association between two entities. Now each association is defined separately using association facets. The service.py has been modified to specify the correct relationships. The API.txt has been updated. https://fedorahosted.org/freeipa/ticket/960
* Code cleanupJan Zeleny2011-02-152-893/+0
| | | | | This patch removes two files which seem to be long obsoleted and not used any more.
* Fix service validator, ensure the service isn't blank.Rob Crittenden2011-02-151-0/+4
| | | | ticket 961
* Note --ip-address parameter of ipa-replica-prepare in man pageJakub Hrozek2011-02-151-0/+2
| | | | https://fedorahosted.org/freeipa/ticket/615
* Fix a typo in ipa-client-install man pageJan Zeleny2011-02-151-1/+0
| | | | https://fedorahosted.org/freeipa/ticket/782
* Fix handling of /etc/hostsJan Cholasta2011-02-151-5/+14
| | | | ticket 971
* Add group members to default output of sudorule-showJan Zeleny2011-02-151-0/+4
| | | | https://fedorahosted.org/freeipa/ticket/915
* Fix setattr mail bug in user plugin.Pavel Zuna2011-02-151-0/+2
| | | | | The email normalizer expects a list or tuple, but when using setattr it gets a string and interates on it as if it was a list/tuple.
* Require ipactl be run as root to avoid a lot of misleading error msgs.Rob Crittenden2011-02-151-0/+3
| | | | | | | | Trying to run ipactl as non-root results in a slew of bogus error messages, some of which come because dirsrv can't read certain files as the wrong user, some based on our handling of that fact. ticket 936
* A privilege cannot be a member of a permission, remove it from metadataRob Crittenden2011-02-152-7/+3
| | | | ticket 970
* Become IPA v2 RC 1 (2.0.0.rc1)rc_1-2-0-0Rob Crittenden2011-02-141-2/+2
|
* Fix two problems with ipa-replica-prepareRob Crittenden2011-02-142-2/+6
| | | | | | | | | | | 1. Fix a unicode() problem creating the DNS entries 2. Fix a strange NSS error when generating the certificates against a dogtag server. The NSS errors are quite strange. When generating the first certificate nss_shutdown() fails because the database isn't initialized yet but nss_is_initialized() returned True. The second pass fails because something is in use.
* The --out option wasn't working at all with cert-show.Rob Crittenden2011-02-143-5/+14
| | | | | | | | Also fix some related problems in write_certificate(), handle either a DER or base64-formatted incoming certificate and don't explode if the filename is None. ticket 954
* Add missing import for netaddrRob Crittenden2011-02-141-0/+1
| | | | ticket 964
* Bugfix for ipa-client-install echo's password in cleartext to stdout ↵Jr Aquino2011-02-141-2/+4
| | | | https://fedorahosted.org/freeipa/ticket/959
* Detection of v1 server during ipa-client-installMartin Kosek2011-02-141-1/+5
| | | | | | | | | | When v2 IPA client is trying to join an IPA v1 server a strange exception is printed out to the user. This patch detects this by catching an XML-RPC error reported by ipa-join binary called in the process which fails on unexisting IPA server 'join' method. https://fedorahosted.org/freeipa/ticket/553
* Remove obsolete record types from DNSJakub Hrozek2011-02-142-24/+8
| | | | https://fedorahosted.org/freeipa/ticket/923
* A mod command should not be able to remove a required attribute.Rob Crittenden2011-02-142-1/+72
| | | | | | | | | | | | Some attribute enforcement is done by schema, others should be done by the required option in a Parameter. description, for example, is required by many plugins but not the schema. We need to enforce in the framework that required options are provided. After all the setattr/addattr work is done run through the modifications and ensure that no required values will be removed. ticket 852
* Fine tuning DNS optionsJakub Hrozek2011-02-144-6/+27
| | | | | | | | | | | | Add pointer to self to /etc/hosts to avoid chicken/egg problems when restarting DNS. On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't attempt to do any resolving. Leave it to true on clients. Set rdns to false on both server and client. https://fedorahosted.org/freeipa/ticket/931
* Let 389-ds start up even if Kerboros is not configured yet.Rob Crittenden2011-02-144-13/+38
| | | | | | | | | | | | The situation is if during installation /etc/krb5.conf either doesn't exist or configures no realms then 389-ds won't start up at all, causing the installation to fail. This will let the server start up in a degraded mode. Also need to make the sub_dict in ldapupdate.py handle no realm otherwise the installation will abort enabling the compat plugin. ticket 606
* Correctly report if this is a krb related password operationSimo Sorce2011-02-141-0/+1
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/949
generated by cgit (git 2.34.1) at 2024-06-08 03:15:11 +0000