Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add tool to manage IPA Search and User policy | Rob Crittenden | 2008-08-20 | 5 | -2/+255 |
| | | | | 448624, 448625 | ||||
* | Fix segfault cause by empty target entry | Simo Sorce | 2008-08-19 | 1 | -3/+22 |
| | |||||
* | Create temporary files used in self-signed cert requests in a temporary ↵ | Rob Crittenden | 2008-08-15 | 1 | -2/+8 |
| | | | | | | directory and ensure that it gets cleaned up when we're done with it. 458159 | ||||
* | Comment out code that generates keys with a random salt, apparently this ↵ | Simo Sorce | 2008-08-15 | 1 | -0/+4 |
| | | | | does not work as expected and generates faulty keys | ||||
* | Delete old mercurial files. | Martin Nagy | 2008-08-15 | 3 | -71/+0 |
| | |||||
* | When installing with an IPA-created CA generate the Firefox ↵ | Rob Crittenden | 2008-08-14 | 1 | -2/+2 |
| | | | | | | autoconfiguration files. 458871 | ||||
* | Make Proxy directive wildcard match more specific so we can play nicer with ↵ | Rob Crittenden | 2008-08-14 | 1 | -3/+3 |
| | | | | | | other apps. 459061 | ||||
* | Fix some copy/paste and other syntax errors from the validators commit. | Rob Crittenden | 2008-08-14 | 2 | -5/+4 |
| | | | | 450613, 457124 | ||||
* | Fix usage of mozldap libraries, | Simo Sorce | 2008-08-13 | 2 | -2/+2 |
| | | | | thanks to W. Michael Petullo <mike@flyn.org> for finding the problem. | ||||
* | Remove unused stuff. | Simo Sorce | 2008-08-13 | 1 | -2/+1 |
| | |||||
* | apparently the "configure" target is never used | Simo Sorce | 2008-08-13 | 1 | -4/+0 |
| | |||||
* | Install the ca.crt file early on so that we can always enforce SSL | Simo Sorce | 2008-08-13 | 3 | -22/+27 |
| | | | | | protected connections to other LDAP servers Fix error reporting on replica creation. | ||||
* | Implement password operation checks and key material generation for the | Simo Sorce | 2008-08-12 | 1 | -93/+1018 |
| | | | | | | | | | | | ldap add and modify operation performed on the userPassword attribute. Add helper functions to reduce code duplication. Do not enforce encrypted connections on ldap add/ldap mod for compatibility reasons. (We cannot enforce people not to send the password in the clear anyway, we can only refuse to accept it at the most which does not gain you much if someone then re-send you the same password previously exposed) | ||||
* | Fix versioning for configure.ac and ipa-python/setup.py | Simo Sorce | 2008-08-11 | 21 | -45/+78 |
| | | | | | | | | | | Fix make maintainer-clean Also make RPM naming consistent by using a temp RELEASE file. This one helps when testing builds using rpms. Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...) Version 1.1.0 was released some times ago, bump up to 1.1.1 | ||||
* | Used the encrypt_file and decrypt_file utility functions to encrypt replica | Simo Sorce | 2008-08-11 | 2 | -22/+60 |
| | | | | | | information. This way we do not risk to leave around sensitive data. Set the destination host in the replica file too and do checks against in ipa-replica-install | ||||
* | Add encrypt_file and decrypt_file utility functions. | Simo Sorce | 2008-08-11 | 2 | -2/+65 |
| | | | | | | | | | | | | | | We will use them to encrypt the replica file so that we can transport it over more safely. It contains sensitive data, by encrypting it we assure that even if a distracted admin leaves it around it cannot be accessed without knowing the access passphrase (usually the Directory Manager password) Along the way fix also ipautil.run which was buggy and not passing in correctly stdin. Add dependency for gnupg in spec file | ||||
* | Use larger set from which to choose chars for random passwords. | Simo Sorce | 2008-08-11 | 2 | -5/+3 |
| | | | | | Use SystemRandom() instead of Random() so that the randomicity is non-deterministic. | ||||
* | Treat Jan 1 1970 in krbPrincipalExpiration as a special date that means | Simo Sorce | 2008-08-07 | 1 | -4/+5 |
| | | | | the account Never Expires | ||||
* | Change user and group validators to match shadow-utils | Rob Crittenden | 2008-08-07 | 12 | -79/+171 |
| | | | | | | | | This sets the regex to [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? Also change the validators to return True/False 450613, 457124 | ||||
* | Fix few syntax errors. | Martin Nagy | 2008-08-06 | 2 | -3/+3 |
| | |||||
* | Fix python syntax error: missing colon. | Rob Crittenden | 2008-08-06 | 1 | -1/+1 |
| | |||||
* | Use % format string to fix nbsp problem in userlist.kid (fixes #453779) | Jason Gerard DeRose | 2008-07-30 | 1 | -7/+9 |
| | |||||
* | Shift search base for users and groups to "cn=accounts, baseDN" | Rob Crittenden | 2008-07-29 | 1 | -16/+18 |
| | | | | 450552 | ||||
* | Fix encoding issue when manually loading templates for forms | Rob Crittenden | 2008-07-29 | 6 | -7/+40 |
| | | | | | | | | | | | | | | | We used to manually load the template files for the edit pages using turbogears.meta.load_kid_template(). Unfortunately this went through the one code path where encoding was completely ignored. It ended up defaulting to sys.getdefaultencoding() which is 'ascii'. So even though most of the templates are loaded as 'utf-8' the few that really mattered weren't. The fix is to call kid.load_template() ourselves and set the encoding of the class we just loaded to either the setting in the app.cfg file or to the normal default value of 'utf-8'. 454076 | ||||
* | Change Title label to Job Title for clarity | Rob Crittenden | 2008-07-29 | 5 | -30/+38 |
| | | | | 453780 | ||||
* | NSS 3.12 added a header to the certutil output we need to skip | Rob Crittenden | 2008-07-28 | 1 | -0/+3 |
| | | | | 456694 | ||||
* | Don't assume that the Firefox autoconfig files exist. | Rob Crittenden | 2008-07-28 | 2 | -11/+14 |
| | | | | | | | These are created by an object-signing cert and needs to be done after the fact if a server is created with user-supplied PKCS#12 files. 452402 | ||||
* | Specify --mandir to configure to fix building on CentOS 5.2 | Rob Crittenden | 2008-07-28 | 1 | -1/+1 |
| | | | | 456672 | ||||
* | Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHS | Rob Crittenden | 2008-07-25 | 3 | -8/+16 |
| | | | | 455064 | ||||
* | Fix a stupidty introduced recently in a fix to a segfault. | Simo Sorce | 2008-07-24 | 1 | -3/+5 |
| | |||||
* | Catch correct exception when trying to find the default IPA users group and ↵ | Rob Crittenden | 2008-07-23 | 1 | -2/+2 |
| | | | | | | return a more detailed error message. 455092 | ||||
* | Wrap up the raw_input() to user_input() for convenience and uniformity. | Martin Nagy | 2008-07-23 | 9 | -189/+118 |
| | |||||
* | Cleaned up comments that were mangled by vim | Nathan Kinder | 2008-07-18 | 1 | -7/+7 |
| | |||||
* | Re-base memberOf plug-in off of current FDS memberOf plug-in. Resolves: ↵ | Nathan Kinder | 2008-07-18 | 4 | -643/+1189 |
| | | | | 452537, 453011, 443241, 439628 | ||||
* | In openvz we found out some interfaces may return a null pointer here. | Simo Sorce | 2008-07-15 | 1 | -0/+4 |
| | | | | | Skip them if no address is provided or we later get a segfault because we dereference a null pointer. | ||||
* | fix typo | Simo Sorce | 2008-07-15 | 1 | -1/+1 |
| | |||||
* | Rework the way SSL certificates are imported from PKCS#12 files. | Rob Crittenden | 2008-07-14 | 11 | -77/+276 |
| | | | | | | | | Add the ability to provide PKCS#12 files during initial installation Add the ability to provide PKCS#12 files when preparing a replica Correct some issues with ipa-server-certinstall 452402 | ||||
* | Fix attribute parsing so that you can add a DN or an attribute with a '=' ↵ | Martin Nagy | 2008-07-09 | 4 | -8/+8 |
| | | | | character in it. Fixes #454630 | ||||
* | Make sure we have the right prototypes when using openldap libs | Simo Sorce | 2008-07-09 | 1 | -0/+1 |
| | |||||
* | Admin must be able to add/delete too | Simo Sorce | 2008-07-09 | 1 | -1/+1 |
| | |||||
* | Be more exacting when deleting a group. | Rob Crittenden | 2008-07-07 | 1 | -5/+9 |
| | | | | 453222 | ||||
* | If krbPasswordExpiration or krbLastPwdChange are not present on the entry | Simo Sorce | 2008-07-07 | 1 | -11/+21 |
| | | | | | we might segfault trying a direct strcmp(), check they are not NULL. Also fix a couple of memleaks. | ||||
* | After the rework of the code that binds to specific interfaces to | Simo Sorce | 2008-07-07 | 1 | -0/+3 |
| | | | | | correctly support multihomed server, we need to add a couple of SELinux lines to the policy file. (lines suggested by Dan Walsh) | ||||
* | Add documentation for -v/--verbose option | Rob Crittenden | 2008-07-03 | 17 | -7/+65 |
| | | | | 451117 | ||||
* | Merge branch 'master' of ssh://rcritten@git.fedorahosted.org/git/freeipa | Rob Crittenden | 2008-07-03 | 1 | -1/+1 |
|\ | |||||
| * | Make sure we listen only on the krb5 port and therefore disable krb4 support | Simo Sorce | 2008-07-02 | 1 | -1/+1 |
| | | |||||
* | | NSS_DIR is already fetched into a variable, use that instead. | Rob Crittenden | 2008-07-03 | 1 | -6/+6 |
|/ | | | | 451098 | ||||
* | Properly convert the realm to a DS instance name | Rob Crittenden | 2008-07-01 | 1 | -1/+1 |
| | | | | 451014 | ||||
* | Ensure correct permissions and file ownership of Apache NSS database | Rob Crittenden | 2008-07-01 | 1 | -0/+12 |
| | | | | 451098 | ||||
* | Fix some small issues that caused compiler warnings, like uninitialized or ↵ | Martin Nagy | 2008-06-30 | 4 | -12/+13 |
| | | | | unused variables or missing krb5 prototypes. |