Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Change ipa-compat-manage to work on older python versions too. Break ↵ | Simo Sorce | 2008-12-03 | 1 | -36/+50 |
| | | | | try,except,finally into a try,try,finally,except Add also checks for LDAPError, errors. | ||||
* | One line fix for ipa-server spec file | Simo Sorce | 2008-12-03 | 1 | -0/+1 |
| | |||||
* | Adding an index for memberuid. Alsthough we do not use this attribute, many ↵ | Simo Sorce | 2008-12-02 | 2 | -0/+12 |
| | | | | clients still ask for it so let's index it and make stuff faster. | ||||
* | Forgot to add ipa-compat-manage to the sbin programs | Simo Sorce | 2008-12-02 | 1 | -0/+1 |
| | |||||
* | Add man page for ipa-compat-manage | Simo Sorce | 2008-12-02 | 2 | -0/+47 |
| | |||||
* | Fix makefiles after schema compat changes | Simo Sorce | 2008-12-02 | 3 | -2/+3 |
| | |||||
* | Corrected usage messages and manpage to match the logic for the ↵ | Nathan Kinder | 2008-12-01 | 2 | -2/+2 |
| | | | | ipa-replica-manage init command. | ||||
* | Fix typo, thanks to Michele for pointing it out | Simo Sorce | 2008-12-01 | 1 | -1/+1 |
| | |||||
* | Run updates on the replica too, otherwise changes to cn=config will be missing. | Simo Sorce | 2008-12-01 | 1 | -0/+4 |
| | |||||
* | Make sure the CA cert is copied to the replica, fail if no ca.crt is ↵ | Simo Sorce | 2008-12-01 | 2 | -1/+16 |
| | | | | available. Cope with some versions of ipa that forgot to copy the ca.crt cert in the right place. | ||||
* | Add tool to enable or disable the schema compatibility plugin | Simo Sorce | 2008-12-01 | 2 | -0/+157 |
| | |||||
* | add passsync to ipa-replica-manage man page | Rich Megginson | 2008-11-25 | 1 | -0/+3 |
| | |||||
* | do not use ipaerror directly in ipa-replica-manage - use ldap exception instead | Rich Megginson | 2008-11-25 | 1 | -1/+1 |
| | |||||
* | Fix memleaks found by valgrind | Simo Sorce | 2008-11-20 | 1 | -5/+17 |
| | |||||
* | We must always zero out the target ientry unconditionally where it is used | Simo Sorce | 2008-11-20 | 1 | -14/+6 |
| | | | | and never free it in the destructor. | ||||
* | Avoid potential crashbug on invalid DNs (not in the tree). | Simo Sorce | 2008-11-19 | 1 | -25/+81 |
| | |||||
* | Fix error in validation when editing new groups via the UI | Rob Crittenden | 2008-11-19 | 1 | -0/+2 |
| | | | | 471808 | ||||
* | Fix a free before use bug, it may lead to crashes but usually just corruptsrelease-1-2-0 | Simo Sorce | 2008-11-14 | 1 | -3/+2 |
| | | | | | | the changepw dn we store so that it won't match. This causes normal password changes to be interpreted as password resets instead, and the new legit password is immediately expired. | ||||
* | This is not a git snapshot | Simo Sorce | 2008-11-13 | 1 | -1/+1 |
| | |||||
* | set winsync account disable sync default value to both instead of none | Rich Megginson | 2008-11-13 | 1 | -1/+1 |
| | |||||
* | Bump up version number to 1.2.0 | Simo Sorce | 2008-11-13 | 1 | -2/+2 |
| | |||||
* | wait for sync agreement to be ready before starting | Rich Megginson | 2008-11-13 | 1 | -0/+45 |
| | | | | Added checking for error status - Added maxtries so that the script won't wait forever if there is something wrong | ||||
* | Fix appending to a multi-valued field. | Rob Crittenden | 2008-11-12 | 1 | -1/+1 |
| | | | | | There was a bug where only the first value of a multi-valued field would be returned. | ||||
* | Remove the column width from #details table.details td | Rob Crittenden | 2008-11-12 | 1 | -1/+0 |
| | | | | | | This should make the User Find results page look nicer. 470428 | ||||
* | Present a less-cryptic error if the replication agreement doesn't exist | Rob Crittenden | 2008-11-12 | 1 | -1/+4 |
| | |||||
* | Create a user for Windows PassSync and grant password changing permissions | Rob Crittenden | 2008-11-12 | 2 | -2/+44 |
| | | | | | | | | | This does 3 things: 1. Create a user for the Windows PassSync service 2. Add this use to the list of users that can skip password policies 3. Add an aci that grants permission to write the password attributes 471130 | ||||
* | Fix deleting a winsync replication agreement. | Rob Crittenden | 2008-11-12 | 2 | -11/+32 |
| | |||||
* | Make the list of users that can skip passwrod policies configurable. | Simo Sorce | 2008-11-12 | 1 | -48/+105 |
| | | | | | | | | | | | Addresses bz#471130 Also fix bugs in ipapwd_start. Also remove mutex, it is not necessary with the current code, we needed it when we used to change reload the configuration and keep it referenced in a static pointer. ipapwd_start runs only once and the global variables it sets are fixed in stone until DS is restarted. | ||||
* | Make DNA work with internal operations | Rich Megginson | 2008-11-10 | 1 | -3/+49 |
| | |||||
* | Use the local connection when getting a replication ID for winsync. | Rob Crittenden | 2008-11-05 | 1 | -1/+5 |
| | | | | | | | | We can't connect to the windows AD server to get a unique repliation ID. So first see if this master already has one and if not, get an id from the local DS. 469977 | ||||
* | use ipautil.CalledProcessError instead of CalledProcessError | Rich Megginson | 2008-11-04 | 1 | -3/+3 |
| | |||||
* | Fix error in validation when adding new groups via the UI | Rob Crittenden | 2008-10-31 | 1 | -0/+2 |
| | | | | 469256 | ||||
* | Install replication update file | Rob Crittenden | 2008-10-31 | 1 | -1/+2 |
| | |||||
* | Gracefully handle running on an unconfigured IPA server | Rob Crittenden | 2008-10-30 | 1 | -0/+4 |
| | |||||
* | Don't report spurious upgrade message if IPA has not been configured yet. | Rob Crittenden | 2008-10-29 | 1 | -9/+12 |
| | | | | | | | | This was throwing the error "Unable to determine hostname from ipa-rewrite.conf" during RPM %post on unconfigured servers where there is nothing to do. 468947 | ||||
* | Ensure that every replica gets a unique replication ID. Otherwise changes ↵ | Rob Crittenden | 2008-10-29 | 3 | -3/+57 |
| | | | | | | won't propogate between all replicas. 468732 | ||||
* | Fix error if more than one values is being set in an only. The first entry ↵ | Rob Crittenden | 2008-10-15 | 1 | -1/+1 |
| | | | | | | wasn't being properly converted into a list so subsequent values caused it to crap out. 467102 | ||||
* | add update to fix the index for the winsync attributes | Rich Megginson | 2008-10-13 | 2 | -0/+11 |
| | |||||
* | do not store the OUs from the AD DN in the IPA user entry when flattening | Rich Megginson | 2008-10-13 | 1 | -35/+0 |
| | |||||
* | add --win-subtree argument to ipa-replica-manage | Rich Megginson | 2008-10-13 | 2 | -0/+7 |
| | |||||
* | Do not depend on MMR plugin - start before MMR plugin | Rich Megginson | 2008-10-13 | 1 | -2/+1 |
| | | | | | | | | The ipa-winsync plugin needs to start before the MMR plugin, so that it can register the API functions. Also, the slapi-nis schema compat plugin creates an entry that looks exactly like the default IPA group gidNumber entry, so I added an extra (objectclass=groupOfNames) to the filter since the slapi-nis entry doesn't have that. | ||||
* | Just add eq,pres to the existing indices | Rich Megginson | 2008-10-13 | 1 | -8/+4 |
| | | | | | There are already indexes created for ntUniqueID and ntUserDomainID by default We just need to make sure they are indexed for equality and presence | ||||
* | Don't try to conditionally stop the server - it doesn't seem to work | Rich Megginson | 2008-10-13 | 1 | -4/+1 |
| | | | | Just call stop() - if it's not already running, no big deal | ||||
* | Add more winsync support to cli | Rich Megginson | 2008-10-13 | 2 | -3/+22 |
| | | | | | | | | | The ipa-replica-manage list, init, and synch commands do not work for winsync agreements. This patch adds that support and some additional verbose logging. The synch_master did not work correctly. The way it should work is to set the replication schedule to some bogus value, then reset it back to its original setting. This will force replication to take place immediately. | ||||
* | Do not add enabled user to activated group - clean up parse_acct_disable | Rich Megginson | 2008-10-13 | 2 | -19/+28 |
| | | | | | | | | | If a user needs to be enabled, just delete the user from the inactivated group, but do not add to the activated group. If a user is in no group, the user is active by default. IPA uses the activated group for override purposes. parse_acct_disable is only used when the config changes, but I cleaned it up anyway to make the code clearer. | ||||
* | add winsync options to ipa-replica-manage man page | Rich Megginson | 2008-10-13 | 1 | -0/+15 |
| | |||||
* | Adds winsync account disable and force sync | Rich Megginson | 2008-10-13 | 4 | -7/+772 |
| | |||||
* | fix issues brought up by initial review of ipa winsync enhancements | Rich Megginson | 2008-10-13 | 3 | -8/+29 |
| | |||||
* | add --no-host-dns option to ipa-server-install - allows specifying a ↵ | Rich Megginson | 2008-10-13 | 3 | -13/+12 |
| | | | | hostname that might actually exist but you do not want to even attempt to resolve it via DNS | ||||
* | Added support to IPA server install to install the winsync plugin ↵ | Rich Megginson | 2008-10-13 | 5 | -24/+164 |
| | | | | configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert. |