summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* add --no-host-dns option to ipa-server-install - allows specifying a ↵Rich Megginson2008-10-133-13/+12
| | | | hostname that might actually exist but you do not want to even attempt to resolve it via DNS
* Added support to IPA server install to install the winsync plugin ↵Rich Megginson2008-10-135-24/+164
| | | | configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert.
* The library name is libipa_winsync not libipa-winsyncRich Megginson2008-10-131-3/+3
|
* Use dirsrv/file.h with includes by default - only use the other style if we ↵Rich Megginson2008-10-133-6/+135
| | | | are debugging within the directory server
* fix some memory leaksRich Megginson2008-10-131-1/+4
|
* Added ipa-winsync-config.c - this handles dynamic configuration via the DSE ↵Rich Megginson2008-10-132-0/+782
| | | | callbacks, and gets default values from various configuration entries in the IPA tree
* Added support for posixAccount -lookup attribute containing the ↵Rich Megginson2008-10-132-3/+184
| | | | homeDirectory prefix and use that to construct the homeDirectory attribute -lookup attribute containing the default gidNumber and use that to add the gidNumber to new users -construct the gecos field from the cn attribute
* Added the new IPA WinSync Plug-in Work done so far * added the new plugin to ↵Rich Megginson2008-10-135-18/+109
| | | | makefiles, spec file * added stubs for the api, including begin update, end update, and destroy callbacks * added config code to allow dynamic dse config changes and auto-discovery of realm and new user objectclass list
* Initial addition of ipa-winsync pluginRich Megginson2008-10-134-0/+456
|
* ipa-pwpolicy: correctly compare minlife and maxlife Fixes: 463849Martin Nagy2008-10-081-1/+1
|
* Fix a typo in ipa-modgroup causing it to fail Fixes: 463567Martin Nagy2008-10-081-1/+1
|
* ipa-change-master-key: Really exit when not run as root Also fix this for ↵Martin Nagy2008-10-082-0/+2
| | | | ipa-fix-CVE-2008-3274
* Merge branch 'master' of ssh://simo@git.fedorahosted.org/git/freeipa into ↵Simo Sorce2008-09-241-1/+1
|\ | | | | | | ipa-1-2
| * Fix segfault in ipa-getkeytabRob Crittenden2008-09-241-1/+1
| | | | | | | | 463548
| * Fix class declaration to work with Python 2.4Rob Crittenden2008-09-191-1/+1
| |
| * Fix architecture detection in ldapupdateMartin Nagy2008-09-191-5/+4
| |
| * Add detection to the update tool to detect when it would apply changes.Rob Crittenden2008-09-194-7/+52
| | | | | | | | Remove SUP name from RFC2307bis.update to match FDS
| * Fix syntax errorSimo Sorce2008-09-181-4/+4
| |
| * We were assuming that, if the realm was correct then also theSimo Sorce2008-09-181-9/+6
| | | | | | | | | | | | | | | | | | | | | | rest of the krb5.conf configuration were. This clearly breaks with the default EXAMPLE.COM realm configuratrion. Furthermore it makes it not possible to try to 'fix' an installation by rerruninng ipa-client-install This patch removes the special case and avoids krb5.conf only if the on_master flag is passed. Fix also one inner 'if' statement to be simpler to understand.
| * Remove reference to very unlikely service examples that are notSimo Sorce2008-09-182-7/+1
| | | | | | | | currently kerberized (and may never be due to their nature).
* | Fix class declaration to work with Python 2.4Rob Crittenden2008-09-191-1/+1
| |
* | Fix architecture detection in ldapupdateMartin Nagy2008-09-191-5/+4
| |
* | Add detection to the update tool to detect when it would apply changes.Rob Crittenden2008-09-194-7/+52
| | | | | | | | Remove SUP name from RFC2307bis.update to match FDS
* | Fix syntax errorSimo Sorce2008-09-181-4/+4
| |
* | We were assuming that, if the realm was correct then also theSimo Sorce2008-09-181-9/+6
| | | | | | | | | | | | | | | | | | | | | | rest of the krb5.conf configuration were. This clearly breaks with the default EXAMPLE.COM realm configuratrion. Furthermore it makes it not possible to try to 'fix' an installation by rerruninng ipa-client-install This patch removes the special case and avoids krb5.conf only if the on_master flag is passed. Fix also one inner 'if' statement to be simpler to understand.
* | Remove reference to very unlikely service examples that are notSimo Sorce2008-09-182-7/+1
|/ | | | currently kerberized (and may never be due to their nature).
* Restart httpd and dirsrv services after yum upgrade.Martin Nagy2008-09-171-10/+7
| | | | Fixes: 441566
* Don't try to discover servers if we specified them on command line.Martin Nagy2008-09-171-16/+22
|
* Add standard override options to ipa-replica-prepareMartin Nagy2008-09-171-5/+3
| | | | Fixes: 462489
* Move the bulk of ipa-ldap-updater into a python library.Rob Crittenden2008-09-174-529/+570
| | | | | This significantly simplifies the tool and makes it possible to apply updates from the installer without forking off another process.
* Run the LDAP updater at the end of the installation process.Rob Crittenden2008-09-174-1/+36
| | | | | | | | Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line.
* Allow passwords to work without a tty ala: echo password | some_programRob Crittenden2008-09-171-2/+8
|
* Add more development packages to test forRob Crittenden2008-09-121-2/+41
|
* Sort updates by DN length and by default process all files in the updates dir.Rob Crittenden2008-09-124-23/+157
| | | | | | | | | The updates directory is currently hardcoded to /usr/share/ipa/updates. All of the files are read into memory and then sorted by the length of the DN. This is so we can be sure that parent entries are added before children. Also add a man page.
* Update files for the schema compatibility plugin and RFC4876 profilesRob Crittenden2008-09-129-29/+366
| | | | | | | | | | | | | | | Also handle syntax errors a bit more gracefully and allow the updater to work on more than one file at a time. Adjust to new config.py and use a custom exception class for syntax errors. Also fix a error in parsing the separate files Include slapi-nis in Requires Includes work provided by Martin Nagy 460055
* Tool for doing configuration updates over LDAPRob Crittenden2008-09-125-1/+559
| | | | | | | | | | | | | This tool takes as input a file which contains basically an LDIF, prefixed with a command: default, add, remove or only. These define the operations to perform such as adding new entries, adding new sub-entries to an existing entry, adding or modifying attributes in a record. If an index entry is modified a task is created to re-create the index. Schema may be added using this tool. 454031
* The True/False logic was reversed, so "no" meant remove the existing instanceRob Crittenden2008-09-121-1/+1
|
* Fix error where usage wasn't being updated properlyRob Crittenden2008-09-121-1/+1
|
* Fix spelling.Martin Nagy2008-09-121-1/+1
|
* Fix the -G option of ipa-adduser. Don't add the user if one of the groups ↵Martin Nagy2008-09-111-11/+28
| | | | doesn't exist. Fixes: 459801
* Ignore GSS exception when iterating through server list. Fixes: 459864Martin Nagy2008-09-111-0/+2
|
* Try servers from ipa.conf even if we specified them on the command line.Martin Nagy2008-09-111-3/+2
|
* More strict input checks in ipa-pwpolicy and return non-zero when ↵Martin Nagy2008-09-111-7/+7
| | | | unsuccessful. Fixes: 461213, 461325, 461332, 461543
* Rework config.py and change cli tools. Maintain order of IPA servers from ↵Martin Nagy2008-09-1132-442/+376
| | | | command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234
* Add script to simplify operations to fix CVE 2008 3274Simo Sorce2008-09-103-0/+521
| | | | | Import all of change master key directly into the help fix, allows for better control
* CVE 2008 3274 related fixesSimo Sorce2008-09-102-3/+9
|
* Add a tool to change the kerberos Master Key in case an admin wants to.Simo Sorce2008-09-102-0/+382
| | | | | | This tool will dump and re-encrypt all keys, then reload and change the master key in LDAP and in the stash file. It will also restart the Directory Server and the the KDC
* Retrieve the kerberos configuration every time a new, it will be a bit slowerSimo Sorce2008-09-101-252/+234
| | | | | but will allow for changing configurations without having to restart DS. Password operations are slow and rare enough this is an acceptable compromise.
* Display name as separate attributes instead of showing common name.Rob Crittenden2008-08-222-2/+17
| | | | | | | We allow one to individually set first and last name but we do not automatically update the common name so changes don't seem to happen. 451318
* Add options to display a subset of delegations and return 2 if none are found.Rob Crittenden2008-08-221-16/+31
| | | | 452027
generated by cgit (git 2.34.1) at 2024-04-19 18:20:24 +0000