summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Bump up to 1.1.1release-1-1-1Simo Sorce2008-09-101-1/+1
|
* Add script to simplify operations to fix CVE 2008 3274 Import all of change ↵Simo Sorce2008-09-103-0/+520
| | | | master key directly into the help fix, allows for better control
* CVE 2008 3274 related fixesSimo Sorce2008-09-102-3/+9
|
* Add a tool to change the kerberos Master Key in case an admin wants to. This ↵Simo Sorce2008-09-102-0/+384
| | | | tool will dump and re-encrypt all keys, then reload and change the master key in LDAP and in the stash file. It will also restart the Directory Server and the the KDC
* Add encrypt_file and decrypt_file utility functions. We will use them to ↵Simo Sorce2008-09-102-2/+65
| | | | | | | | | encrypt the replica file so that we can transport it over more safely. It contains sensitive data, by encrypting it we assure that even if a distracted admin leaves it around it cannot be accessed without knowing the access passphrase (usually the Directory Manager password) Along the way fix also ipautil.run which was buggy and not passing in correctly stdin. Add dependency for gnupg in spec file
* Wrap up the raw_input() to user_input() for convenience and uniformity.Martin Nagy2008-09-109-189/+118
|
* Comment out code that generates keys with a random salt, apparently this ↵Simo Sorce2008-09-101-0/+4
| | | | does not work as expected and generates faulty keys
* Treat Jan 1 1970 in krbPrincipalExpiration as a special date that means the ↵Simo Sorce2008-09-101-3/+5
| | | | account Never Expires
* Retrieve the kerberos configuration every time a new, it will be a bit ↵Simo Sorce2008-09-101-246/+235
| | | | slower but will allow for changing configurations without having to restart DS. Password operations are slow and rare enough this is an acceptable compromise.
* In openvz we found out some interfaces may return a null pointer here. Skip ↵Simo Sorce2008-09-101-0/+4
| | | | them if no address is provided or we later get a segfault because we dereference a null pointer.
* Fix typo in inet typeSimo Sorce2008-09-101-1/+1
|
* slapi_pw_find_sv() expects an array, make sure we have a NULL terminated one ↵Simo Sorce2008-09-101-5/+9
| | | | to avoid potential segfaults Avoid leaking memory too.
* Must index uidnumber and gidnumber and any attribute that dna plugin is ↵Simo Sorce2008-09-101-0/+19
| | | | going to generate or that we need to search on.
* Index the memberof attributeRob Crittenden2008-09-101-0/+8
| | | | 450951
* Fix uninizialized counter, was causing allocation to fail and command to ↵Simo Sorce2008-09-101-0/+1
| | | | return in case any encryption type was explicitly requested
* Move version to 1.1.0 in preparation for new patch releaserelease-1-1-0Simo Sorce2008-06-111-1/+1
|
* Let DS encode the password, this will allow IPA -> AD passwordSimo Sorce2008-06-111-10/+4
| | | | synchronization to work again.
* Ensure that the realm name is upper-case.Rob Crittenden2008-06-091-3/+4
| | | | 449182
* Ignore empty values when converting a multi-valued form field back to a ↵Rob Crittenden2008-06-091-1/+2
| | | | | | list. This will prevent validation errors when validate.UniqueList() is executed. 449785
* When an LDAP connection fails, display the host one is trying to connect to.Rob Crittenden2008-06-091-2/+4
| | | | 450111
* Add our own SIGTERM handler so we can do clean shutdowns.Rob Crittenden2008-06-091-2/+13
| | | | | | Also fix foreground mode. 450211
* Make it clear which packages are being configured and which aren't.Rob Crittenden2008-06-091-3/+15
| | | | 450175
* Add sbin_t directory read permissionsRob Crittenden2008-06-051-0/+1
| | | | 449760
* Fix typoRob Crittenden2008-06-051-1/+1
| | | | 450077
* Under some conditions rl may not have been initialized so the config may ↵Rob Crittenden2008-06-041-0/+3
| | | | | | | | | | | | | | error out with: UnboundLocalError: "local variable 'rl' referenced before assignment" This is caught and ignored but the result is that the records in DNS may not be used at all. Initializing rl to zero fixes this. I also convert the server list into a set to make each entry unique (and back to a list because that is what we are supposed to return) 433506
* Fix import for versionRob Crittenden2008-06-042-2/+2
|
* Add -p/--password option so the DM password can be passed on the command-line.Rob Crittenden2008-06-042-5/+13
| | | | | | The import for version moved from ipaserver to ipa, fix that as well. 449858
* Don't make the search criteria lower-case so one can do case-sensitive ↵Rob Crittenden2008-06-041-1/+0
| | | | | | searches (such as looking for HTTP principals) 449975
* Fix some minor man page issues.Rob Crittenden2008-06-043-11/+18
| | | | 438771
* Fix some formatting issues and correct the example.Rob Crittenden2008-06-041-28/+32
| | | | 443009
* Fix typo and reorder -q|--quiet so it displays nicer. popt isn't putting it ↵Rob Crittenden2008-06-041-2/+2
| | | | | | on a separate line so moving it up front makes it easier to find. 443014
* Fix issue of double logging in ipa_error.log.Rob Crittenden2008-06-036-4/+60
| | | | | | | | | | | We open the log in ipa_webgui and this was being inherited by TurboGears which uses the same log so everything was getting logged twice. Shut down the log in ipa_webgui at the last possible moment. This will not catch configuration errors. Add a Not Found template. Only print a traceback on 500 errors.
* Move version.py to the common ipa directory instead of being server-based so ↵Rob Crittenden2008-06-037-26/+37
| | | | | | it can be used by the client tool. Fix the client tool imports to fail more gracefully.
* Fix some minor man page issues.Rob Crittenden2008-06-033-2/+4
| | | | 438771
* Don't prompt regarding previous DS installations in unattended mode.Rob Crittenden2008-05-301-2/+4
| | | | 449150
* Try to clear up messages prompting for domain and IPA server when DNS ↵Rob Crittenden2008-05-301-4/+4
| | | | discovery fails to find them.
* Fedora DS 1.1.1 exposes a public task api. In order for ipa-1-0 to build ↵Rich Megginson2008-05-301-47/+90
| | | | against this, ipa-memberof.c needs to be able to use the public api or the private one.
* Add two now options, --addattr and --setattr, to allow arbitrary attributes ↵Rob Crittenden2008-05-304-4/+87
| | | | | | | | | to be added and set when a new user or group is created. Make the user password not mandatory and add new option, -P, to prompt for a password interactively. 449006
* Make check_inst() a standalone function in bindinstance.Rob Crittenden2008-05-302-10/+10
| | | | | | | | | | | | | When an install instance is created that contains a pointer to a sysrestore point it loads in the current configuration when instantiated. If an instance is instantiated but not used then changes may occur to the system state that it is unaware of. So one needs to take care in the order that things are done to avoid losing information. When bind was setup it was overwriting all data in sysrestore.state and leaving just a [named] section. This caused problems at uninstall. 448173
* Actually pass along the verbose option to IPAClient.Rob Crittenden2008-05-2917-17/+17
| | | | 443987
* Fix typo in log statementRob Crittenden2008-05-291-1/+1
| | | | 448948
* Make ipa_kpasswd listen on each single interface explicitlySimo Sorce2008-05-291-66/+173
| | | | | instead of 0.0.0.0, this allows us to reply to a UDP request by using the right source address to build the kerberos reply.
* Use openldap libraries by default as mozldap libs seem to breakSimo Sorce2008-05-292-3/+3
| | | | ldap_extended_operation() somehow and ipa_kpasswd stops working
* Fix crash bug in ipa_kpasswdSimo Sorce2008-05-291-2/+3
|
* Now that admin is in the common users tree make the nss_ldapSimo Sorce2008-05-292-4/+4
| | | | | configuration look at the specific tree where users are and not search the full server.
* Fix the case where domain != lower(REALM)Simo Sorce2008-05-295-38/+69
| | | | | add the domain to the ipa.conf file for apps that need to know This should fix a bug in the replica setup
* Set default logging level to INFO (still logs to Apache)Rob Crittenden2008-05-282-24/+63
| | | | Add function entry log for the core IPA XML-RPC functions.
* Add python-configobj as a Requires and do some other specfile cleanups.Rob Crittenden2008-05-281-5/+13
| | | | 432814
* Use a value that is explicitly 64bit on all architecturesSimo Sorce2008-05-231-13/+13
|
* Move admin into cn=users,cn=accountsSimo Sorce2008-05-233-5/+5
| | | | | | | After some deep thinking I think the advantages of keeping all posix enabled user accounts under cn=users,cn=accounts overweight a perceived better protection of the admin account by keeping it in a separate tree.
generated by cgit (git 2.34.1) at 2024-05-03 11:53:48 +0000