summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Don't try to discover servers if we specified them on command line.Martin Nagy2008-09-171-16/+22
|
* Add standard override options to ipa-replica-prepareMartin Nagy2008-09-171-5/+3
| | | | Fixes: 462489
* Move the bulk of ipa-ldap-updater into a python library.Rob Crittenden2008-09-174-529/+570
| | | | | This significantly simplifies the tool and makes it possible to apply updates from the installer without forking off another process.
* Run the LDAP updater at the end of the installation process.Rob Crittenden2008-09-174-1/+36
| | | | | | | | Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line.
* Allow passwords to work without a tty ala: echo password | some_programRob Crittenden2008-09-171-2/+8
|
* Add more development packages to test forRob Crittenden2008-09-121-2/+41
|
* Sort updates by DN length and by default process all files in the updates dir.Rob Crittenden2008-09-124-23/+157
| | | | | | | | | The updates directory is currently hardcoded to /usr/share/ipa/updates. All of the files are read into memory and then sorted by the length of the DN. This is so we can be sure that parent entries are added before children. Also add a man page.
* Update files for the schema compatibility plugin and RFC4876 profilesRob Crittenden2008-09-129-29/+366
| | | | | | | | | | | | | | | Also handle syntax errors a bit more gracefully and allow the updater to work on more than one file at a time. Adjust to new config.py and use a custom exception class for syntax errors. Also fix a error in parsing the separate files Include slapi-nis in Requires Includes work provided by Martin Nagy 460055
* Tool for doing configuration updates over LDAPRob Crittenden2008-09-125-1/+559
| | | | | | | | | | | | | This tool takes as input a file which contains basically an LDIF, prefixed with a command: default, add, remove or only. These define the operations to perform such as adding new entries, adding new sub-entries to an existing entry, adding or modifying attributes in a record. If an index entry is modified a task is created to re-create the index. Schema may be added using this tool. 454031
* The True/False logic was reversed, so "no" meant remove the existing instanceRob Crittenden2008-09-121-1/+1
|
* Fix error where usage wasn't being updated properlyRob Crittenden2008-09-121-1/+1
|
* Fix spelling.Martin Nagy2008-09-121-1/+1
|
* Fix the -G option of ipa-adduser. Don't add the user if one of the groups ↵Martin Nagy2008-09-111-11/+28
| | | | doesn't exist. Fixes: 459801
* Ignore GSS exception when iterating through server list. Fixes: 459864Martin Nagy2008-09-111-0/+2
|
* Try servers from ipa.conf even if we specified them on the command line.Martin Nagy2008-09-111-3/+2
|
* More strict input checks in ipa-pwpolicy and return non-zero when ↵Martin Nagy2008-09-111-7/+7
| | | | unsuccessful. Fixes: 461213, 461325, 461332, 461543
* Rework config.py and change cli tools. Maintain order of IPA servers from ↵Martin Nagy2008-09-1132-442/+376
| | | | command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234
* Add script to simplify operations to fix CVE 2008 3274Simo Sorce2008-09-103-0/+521
| | | | | Import all of change master key directly into the help fix, allows for better control
* CVE 2008 3274 related fixesSimo Sorce2008-09-102-3/+9
|
* Add a tool to change the kerberos Master Key in case an admin wants to.Simo Sorce2008-09-102-0/+382
| | | | | | This tool will dump and re-encrypt all keys, then reload and change the master key in LDAP and in the stash file. It will also restart the Directory Server and the the KDC
* Retrieve the kerberos configuration every time a new, it will be a bit slowerSimo Sorce2008-09-101-252/+234
| | | | | but will allow for changing configurations without having to restart DS. Password operations are slow and rare enough this is an acceptable compromise.
* Display name as separate attributes instead of showing common name.Rob Crittenden2008-08-222-2/+17
| | | | | | | We allow one to individually set first and last name but we do not automatically update the common name so changes don't seem to happen. 451318
* Add options to display a subset of delegations and return 2 if none are found.Rob Crittenden2008-08-221-16/+31
| | | | 452027
* Add 2 features to ipa-getkeytab:Simo Sorce2008-08-211-195/+443
| | | | | 1. Allow to specify the salt type along with the enctype 2. Allow to specify a password instead of forcing a random secret
* Minor bugs found while testing stuff.Simo Sorce2008-08-212-1/+2
| | | | | | - wrong import in certs.py makes ipa-replica-manage fail - close the fs after the stash file is written so that the file is updated immediately and not when the fd is garbage collected
* Limit the mod_rewrite rules to just /ipaRob Crittenden2008-08-211-4/+4
| | | | 459209
* Add tool to manage IPA Search and User policyRob Crittenden2008-08-205-2/+255
| | | | 448624, 448625
* Fix segfault cause by empty target entrySimo Sorce2008-08-191-3/+22
|
* Create temporary files used in self-signed cert requests in a temporary ↵Rob Crittenden2008-08-151-2/+8
| | | | | | directory and ensure that it gets cleaned up when we're done with it. 458159
* Comment out code that generates keys with a random salt, apparently this ↵Simo Sorce2008-08-151-0/+4
| | | | does not work as expected and generates faulty keys
* Delete old mercurial files.Martin Nagy2008-08-153-71/+0
|
* When installing with an IPA-created CA generate the Firefox ↵Rob Crittenden2008-08-141-2/+2
| | | | | | autoconfiguration files. 458871
* Make Proxy directive wildcard match more specific so we can play nicer with ↵Rob Crittenden2008-08-141-3/+3
| | | | | | other apps. 459061
* Fix some copy/paste and other syntax errors from the validators commit.Rob Crittenden2008-08-142-5/+4
| | | | 450613, 457124
* Fix usage of mozldap libraries,Simo Sorce2008-08-132-2/+2
| | | | thanks to W. Michael Petullo <mike@flyn.org> for finding the problem.
* Remove unused stuff.Simo Sorce2008-08-131-2/+1
|
* apparently the "configure" target is never usedSimo Sorce2008-08-131-4/+0
|
* Install the ca.crt file early on so that we can always enforce SSLSimo Sorce2008-08-133-22/+27
| | | | | protected connections to other LDAP servers Fix error reporting on replica creation.
* Implement password operation checks and key material generation for theSimo Sorce2008-08-121-93/+1018
| | | | | | | | | | | ldap add and modify operation performed on the userPassword attribute. Add helper functions to reduce code duplication. Do not enforce encrypted connections on ldap add/ldap mod for compatibility reasons. (We cannot enforce people not to send the password in the clear anyway, we can only refuse to accept it at the most which does not gain you much if someone then re-send you the same password previously exposed)
* Fix versioning for configure.ac and ipa-python/setup.pySimo Sorce2008-08-1121-45/+78
| | | | | | | | | | Fix make maintainer-clean Also make RPM naming consistent by using a temp RELEASE file. This one helps when testing builds using rpms. Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...) Version 1.1.0 was released some times ago, bump up to 1.1.1
* Used the encrypt_file and decrypt_file utility functions to encrypt replicaSimo Sorce2008-08-112-22/+60
| | | | | | information. This way we do not risk to leave around sensitive data. Set the destination host in the replica file too and do checks against in ipa-replica-install
* Add encrypt_file and decrypt_file utility functions.Simo Sorce2008-08-112-2/+65
| | | | | | | | | | | | | | We will use them to encrypt the replica file so that we can transport it over more safely. It contains sensitive data, by encrypting it we assure that even if a distracted admin leaves it around it cannot be accessed without knowing the access passphrase (usually the Directory Manager password) Along the way fix also ipautil.run which was buggy and not passing in correctly stdin. Add dependency for gnupg in spec file
* Use larger set from which to choose chars for random passwords.Simo Sorce2008-08-112-5/+3
| | | | | Use SystemRandom() instead of Random() so that the randomicity is non-deterministic.
* Treat Jan 1 1970 in krbPrincipalExpiration as a special date that meansSimo Sorce2008-08-071-4/+5
| | | | the account Never Expires
* Change user and group validators to match shadow-utilsRob Crittenden2008-08-0712-79/+171
| | | | | | | | This sets the regex to [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? Also change the validators to return True/False 450613, 457124
* Fix few syntax errors.Martin Nagy2008-08-062-3/+3
|
* Fix python syntax error: missing colon.Rob Crittenden2008-08-061-1/+1
|
* Use % format string to fix nbsp problem in userlist.kid (fixes #453779)Jason Gerard DeRose2008-07-301-7/+9
|
* Shift search base for users and groups to "cn=accounts, baseDN"Rob Crittenden2008-07-291-16/+18
| | | | 450552
* Fix encoding issue when manually loading templates for formsRob Crittenden2008-07-296-7/+40
| | | | | | | | | | | | | | | We used to manually load the template files for the edit pages using turbogears.meta.load_kid_template(). Unfortunately this went through the one code path where encoding was completely ignored. It ended up defaulting to sys.getdefaultencoding() which is 'ascii'. So even though most of the templates are loaded as 'utf-8' the few that really mattered weren't. The fix is to call kid.load_template() ourselves and set the encoding of the class we just loaded to either the setting in the app.cfg file or to the normal default value of 'utf-8'. 454076
generated by cgit (git 2.34.1) at 2024-06-26 14:10:53 +0000