Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | add --no-host-dns option to ipa-server-install - allows specifying a ↵ | Rich Megginson | 2008-10-13 | 3 | -13/+12 | |
| | | | | hostname that might actually exist but you do not want to even attempt to resolve it via DNS | |||||
* | Added support to IPA server install to install the winsync plugin ↵ | Rich Megginson | 2008-10-13 | 5 | -24/+164 | |
| | | | | configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert. | |||||
* | The library name is libipa_winsync not libipa-winsync | Rich Megginson | 2008-10-13 | 1 | -3/+3 | |
| | ||||||
* | Use dirsrv/file.h with includes by default - only use the other style if we ↵ | Rich Megginson | 2008-10-13 | 3 | -6/+135 | |
| | | | | are debugging within the directory server | |||||
* | fix some memory leaks | Rich Megginson | 2008-10-13 | 1 | -1/+4 | |
| | ||||||
* | Added ipa-winsync-config.c - this handles dynamic configuration via the DSE ↵ | Rich Megginson | 2008-10-13 | 2 | -0/+782 | |
| | | | | callbacks, and gets default values from various configuration entries in the IPA tree | |||||
* | Added support for posixAccount -lookup attribute containing the ↵ | Rich Megginson | 2008-10-13 | 2 | -3/+184 | |
| | | | | homeDirectory prefix and use that to construct the homeDirectory attribute -lookup attribute containing the default gidNumber and use that to add the gidNumber to new users -construct the gecos field from the cn attribute | |||||
* | Added the new IPA WinSync Plug-in Work done so far * added the new plugin to ↵ | Rich Megginson | 2008-10-13 | 5 | -18/+109 | |
| | | | | makefiles, spec file * added stubs for the api, including begin update, end update, and destroy callbacks * added config code to allow dynamic dse config changes and auto-discovery of realm and new user objectclass list | |||||
* | Initial addition of ipa-winsync plugin | Rich Megginson | 2008-10-13 | 4 | -0/+456 | |
| | ||||||
* | ipa-pwpolicy: correctly compare minlife and maxlife Fixes: 463849 | Martin Nagy | 2008-10-08 | 1 | -1/+1 | |
| | ||||||
* | Fix a typo in ipa-modgroup causing it to fail Fixes: 463567 | Martin Nagy | 2008-10-08 | 1 | -1/+1 | |
| | ||||||
* | ipa-change-master-key: Really exit when not run as root Also fix this for ↵ | Martin Nagy | 2008-10-08 | 2 | -0/+2 | |
| | | | | ipa-fix-CVE-2008-3274 | |||||
* | Merge branch 'master' of ssh://simo@git.fedorahosted.org/git/freeipa into ↵ | Simo Sorce | 2008-09-24 | 1 | -1/+1 | |
|\ | | | | | | | ipa-1-2 | |||||
| * | Fix segfault in ipa-getkeytab | Rob Crittenden | 2008-09-24 | 1 | -1/+1 | |
| | | | | | | | | 463548 | |||||
| * | Fix class declaration to work with Python 2.4 | Rob Crittenden | 2008-09-19 | 1 | -1/+1 | |
| | | ||||||
| * | Fix architecture detection in ldapupdate | Martin Nagy | 2008-09-19 | 1 | -5/+4 | |
| | | ||||||
| * | Add detection to the update tool to detect when it would apply changes. | Rob Crittenden | 2008-09-19 | 4 | -7/+52 | |
| | | | | | | | | Remove SUP name from RFC2307bis.update to match FDS | |||||
| * | Fix syntax error | Simo Sorce | 2008-09-18 | 1 | -4/+4 | |
| | | ||||||
| * | We were assuming that, if the realm was correct then also the | Simo Sorce | 2008-09-18 | 1 | -9/+6 | |
| | | | | | | | | | | | | | | | | | | | | | | rest of the krb5.conf configuration were. This clearly breaks with the default EXAMPLE.COM realm configuratrion. Furthermore it makes it not possible to try to 'fix' an installation by rerruninng ipa-client-install This patch removes the special case and avoids krb5.conf only if the on_master flag is passed. Fix also one inner 'if' statement to be simpler to understand. | |||||
| * | Remove reference to very unlikely service examples that are not | Simo Sorce | 2008-09-18 | 2 | -7/+1 | |
| | | | | | | | | currently kerberized (and may never be due to their nature). | |||||
* | | Fix class declaration to work with Python 2.4 | Rob Crittenden | 2008-09-19 | 1 | -1/+1 | |
| | | ||||||
* | | Fix architecture detection in ldapupdate | Martin Nagy | 2008-09-19 | 1 | -5/+4 | |
| | | ||||||
* | | Add detection to the update tool to detect when it would apply changes. | Rob Crittenden | 2008-09-19 | 4 | -7/+52 | |
| | | | | | | | | Remove SUP name from RFC2307bis.update to match FDS | |||||
* | | Fix syntax error | Simo Sorce | 2008-09-18 | 1 | -4/+4 | |
| | | ||||||
* | | We were assuming that, if the realm was correct then also the | Simo Sorce | 2008-09-18 | 1 | -9/+6 | |
| | | | | | | | | | | | | | | | | | | | | | | rest of the krb5.conf configuration were. This clearly breaks with the default EXAMPLE.COM realm configuratrion. Furthermore it makes it not possible to try to 'fix' an installation by rerruninng ipa-client-install This patch removes the special case and avoids krb5.conf only if the on_master flag is passed. Fix also one inner 'if' statement to be simpler to understand. | |||||
* | | Remove reference to very unlikely service examples that are not | Simo Sorce | 2008-09-18 | 2 | -7/+1 | |
|/ | | | | currently kerberized (and may never be due to their nature). | |||||
* | Restart httpd and dirsrv services after yum upgrade. | Martin Nagy | 2008-09-17 | 1 | -10/+7 | |
| | | | | Fixes: 441566 | |||||
* | Don't try to discover servers if we specified them on command line. | Martin Nagy | 2008-09-17 | 1 | -16/+22 | |
| | ||||||
* | Add standard override options to ipa-replica-prepare | Martin Nagy | 2008-09-17 | 1 | -5/+3 | |
| | | | | Fixes: 462489 | |||||
* | Move the bulk of ipa-ldap-updater into a python library. | Rob Crittenden | 2008-09-17 | 4 | -529/+570 | |
| | | | | | This significantly simplifies the tool and makes it possible to apply updates from the installer without forking off another process. | |||||
* | Run the LDAP updater at the end of the installation process. | Rob Crittenden | 2008-09-17 | 4 | -1/+36 | |
| | | | | | | | | Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line. | |||||
* | Allow passwords to work without a tty ala: echo password | some_program | Rob Crittenden | 2008-09-17 | 1 | -2/+8 | |
| | ||||||
* | Add more development packages to test for | Rob Crittenden | 2008-09-12 | 1 | -2/+41 | |
| | ||||||
* | Sort updates by DN length and by default process all files in the updates dir. | Rob Crittenden | 2008-09-12 | 4 | -23/+157 | |
| | | | | | | | | | The updates directory is currently hardcoded to /usr/share/ipa/updates. All of the files are read into memory and then sorted by the length of the DN. This is so we can be sure that parent entries are added before children. Also add a man page. | |||||
* | Update files for the schema compatibility plugin and RFC4876 profiles | Rob Crittenden | 2008-09-12 | 9 | -29/+366 | |
| | | | | | | | | | | | | | | | Also handle syntax errors a bit more gracefully and allow the updater to work on more than one file at a time. Adjust to new config.py and use a custom exception class for syntax errors. Also fix a error in parsing the separate files Include slapi-nis in Requires Includes work provided by Martin Nagy 460055 | |||||
* | Tool for doing configuration updates over LDAP | Rob Crittenden | 2008-09-12 | 5 | -1/+559 | |
| | | | | | | | | | | | | | This tool takes as input a file which contains basically an LDIF, prefixed with a command: default, add, remove or only. These define the operations to perform such as adding new entries, adding new sub-entries to an existing entry, adding or modifying attributes in a record. If an index entry is modified a task is created to re-create the index. Schema may be added using this tool. 454031 | |||||
* | The True/False logic was reversed, so "no" meant remove the existing instance | Rob Crittenden | 2008-09-12 | 1 | -1/+1 | |
| | ||||||
* | Fix error where usage wasn't being updated properly | Rob Crittenden | 2008-09-12 | 1 | -1/+1 | |
| | ||||||
* | Fix spelling. | Martin Nagy | 2008-09-12 | 1 | -1/+1 | |
| | ||||||
* | Fix the -G option of ipa-adduser. Don't add the user if one of the groups ↵ | Martin Nagy | 2008-09-11 | 1 | -11/+28 | |
| | | | | doesn't exist. Fixes: 459801 | |||||
* | Ignore GSS exception when iterating through server list. Fixes: 459864 | Martin Nagy | 2008-09-11 | 1 | -0/+2 | |
| | ||||||
* | Try servers from ipa.conf even if we specified them on the command line. | Martin Nagy | 2008-09-11 | 1 | -3/+2 | |
| | ||||||
* | More strict input checks in ipa-pwpolicy and return non-zero when ↵ | Martin Nagy | 2008-09-11 | 1 | -7/+7 | |
| | | | | unsuccessful. Fixes: 461213, 461325, 461332, 461543 | |||||
* | Rework config.py and change cli tools. Maintain order of IPA servers from ↵ | Martin Nagy | 2008-09-11 | 32 | -442/+376 | |
| | | | | command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234 | |||||
* | Add script to simplify operations to fix CVE 2008 3274 | Simo Sorce | 2008-09-10 | 3 | -0/+521 | |
| | | | | | Import all of change master key directly into the help fix, allows for better control | |||||
* | CVE 2008 3274 related fixes | Simo Sorce | 2008-09-10 | 2 | -3/+9 | |
| | ||||||
* | Add a tool to change the kerberos Master Key in case an admin wants to. | Simo Sorce | 2008-09-10 | 2 | -0/+382 | |
| | | | | | | This tool will dump and re-encrypt all keys, then reload and change the master key in LDAP and in the stash file. It will also restart the Directory Server and the the KDC | |||||
* | Retrieve the kerberos configuration every time a new, it will be a bit slower | Simo Sorce | 2008-09-10 | 1 | -252/+234 | |
| | | | | | but will allow for changing configurations without having to restart DS. Password operations are slow and rare enough this is an acceptable compromise. | |||||
* | Display name as separate attributes instead of showing common name. | Rob Crittenden | 2008-08-22 | 2 | -2/+17 | |
| | | | | | | | We allow one to individually set first and last name but we do not automatically update the common name so changes don't seem to happen. 451318 | |||||
* | Add options to display a subset of delegations and return 2 if none are found. | Rob Crittenden | 2008-08-22 | 1 | -16/+31 | |
| | | | | 452027 |