summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add permissions for named to communicate over ldapiRob Crittenden2010-02-031-1/+4
|
* Implement pwplicy_find to show all group password policiesRob Crittenden2010-02-031-0/+32
| | | | | find is a bit of a misnomer here because we consider no search terms, it is all or nothing.
* Add flag to allow a cert to be re-issuedRob Crittenden2010-02-031-3/+7
| | | | | I don't want a user to accidentally re-issue a certificate so I've added a new flag, --revoke, to revoke the old cert and load the new one.
* Only change the log level if it isn't already setRob Crittenden2010-02-031-4/+5
| | | | | | This primarily affects the installer. We want to log to the install/ uninstall file in DEBUG. This was getting reset to INFO causing lots of details to not show in the logs.
* Be more careful when base64-decoding certificatesRob Crittenden2010-02-024-16/+9
| | | | | Only decode certs that have a BEGIN/END block, otherwise assume it is in DER format.
* Base64-encode binary values on the command-lineRob Crittenden2010-02-021-3/+17
|
* Remove group-specific password policy on group deletionRob Crittenden2010-01-291-0/+8
|
* Remove some configuration files we create upon un-installationRob Crittenden2010-01-282-1/+12
| | | | | This is particularly important for Apache since we'd leave the web server handling unconfigured locations.
* Remove (un)wrap_binary_data cruft from */ipautil.pyJohn Dennis2010-01-282-124/+0
| | | | | | | | Remove SAFE_STRING_PATTERN, safe_string_re, needs_base64(), wrap_binary_data(), unwrap_binary_data() from both instances of ipautil.py. This code is no longer in use and the SAFE_STRING_PATTERN regular expression string was causing xgettext to abort because it wasn't a valid ASCII string.
* Remove __public__ and __proxy__ hold-overs from Plugin classJason Gerard DeRose2010-01-286-227/+1
|
* Update dogtag configuration to work after CVE-2009-3555 changesRob Crittenden2010-01-273-6/+18
| | | | | | | | NSS is going to disallow all SSL renegotiation by default. Because of this we need to always use the agent port of the dogtag server which always requires SSL client authentication. The end user port will prompt for a certificate if required but will attempt to re-do the handshake to make this happen which will fail with newer versions of NSS.
* Fix schema loading in the ldap backend.Pavel Zuna2010-01-271-1/+4
|
* Update spec to require python-wehjit >= 0.2.0Jason Gerard DeRose2010-01-271-1/+4
|
* Require that the hostname we are joining as is fully-qualifiedRob Crittenden2010-01-261-0/+6
|
* Remove duplicated codeRob Crittenden2010-01-261-6/+0
| | | | This strange bit of duplication was not surprisingly causing a double-free
* Enabled CRUDS in webUI using wehjit 0.2.0Jason Gerard DeRose2010-01-266-199/+239
|
* Fixed xmlrpc_test.fuzzy_digits for Fedora12Jason Gerard DeRose2010-01-222-2/+2
|
* Set BIND to use ldapi and use fake mnameMartin Nagy2010-01-212-1/+4
| | | | | | The fake_mname for now doesn't exists but is a feature that will be added in the near future. Since any unknown arguments to bind-dyndb-ldap are ignored, we are safe to use it now.
* Move some functions from ipa-server-install into installutilsMartin Nagy2010-01-212-54/+54
| | | | | We will need these functions in the new upcoming ipa-dns-install command.
* Allow a custom file mode when setting up debuggingMartin Nagy2010-01-211-2/+2
| | | | | | This will be handy in the future if we will want to install or uninstall only single IPA components and want to append to the installation logs. This will be used by the upcoming ipa-dns-install script.
* Only add an NTP SRV record if we really are setting up NTPMartin Nagy2010-01-214-8/+16
| | | | | | | The sample bind zone file that is generated if we don't use --setup-dns is also changed. Fixes #500238
* Use the dns plug-in for addition of records during installationMartin Nagy2010-01-214-146/+82
| | | | Fixes #528943
* Move api finalization in ipa-server-install after writing default.confMartin Nagy2010-01-211-23/+22
| | | | | We will need to have ipalib correctly configured before we start installing DNS entries with api.Command.dns.
* Fix merge issue, cut-and-paste errorRob Crittenden2010-01-211-2/+1
|
* Fix merge error, variable mis-named label instead of docRob Crittenden2010-01-211-1/+1
|
* User-defined certificate subjectsRob Crittenden2010-01-2011-46/+164
| | | | | | | | | | | | | | | Let the user, upon installation, set the certificate subject base for the dogtag CA. Certificate requests will automatically be given this subject base, regardless of what is in the CSR. The selfsign plugin does not currently support this dynamic name re-assignment and will reject any incoming requests that don't conform to the subject base. The certificate subject base is stored in cn=ipaconfig but it does NOT dynamically update the configuration, for dogtag at least. The file /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg would need to be updated and pki-cad restarted.
* Stop looking when removing entries from a keytab.Rob Crittenden2010-01-201-0/+5
| | | | keytab entries are locked when looping. Temporarily suspend the looping.
* Fix plugin to work with new output validation, add new helpersRob Crittenden2010-01-201-34/+57
| | | | | | | | Add a new get_subject() helper and return the subject when retrieving certificates. Add a normalizer so that everything before and after the BEGIN/END block is removed.
* Add DS migration plugin and password migration page.Pavel Zuna2010-01-2011-0/+637
|
* Add --enable-migration option in config plugin.Pavel Zuna2010-01-201-1/+14
|
* Add BIND pre-op for DS->IPA password migration to ipa-pwd-extop DS plugin.Pavel Zuna2010-01-203-15/+244
|
* Allow adding entries with pre-hashed passwords, but don't generate keys for ↵root2010-01-201-8/+15
| | | | | | them. Fix bug #528922.
* Temporary fix for name collision of textui.print_entry.Pavel Zuna2010-01-202-3/+3
| | | | Somehow there's two of them... rename old one to print_entry1.
* Make DNS plugin support output validation and thus make it work again.Pavel Zuna2010-01-201-39/+86
|
* Create pkiuser before calling pkicreate, pkicreate depends on the user existingJohn Dennis2010-01-201-1/+1
|
* Correct some comment errorsRob Crittenden2010-01-191-2/+1
|
* pass DER flag to x509.get_serial_number()John Dennis2010-01-191-1/+1
|
* Allow cospriority to be updated and fix description of priority orderingRob Crittenden2010-01-192-16/+40
| | | | | | Need to add a few more places where the DN will not be automatically normalized. The krb5 server expects a very specific format and normalizing causes it to not work.
* Use 'l' instead of 'localityname' in host plugin.Pavel Zuna2010-01-141-2/+14
| | | | | It seems that 'localityname' and 'locality' aliases were dropped in newer versions of DS.
* Make host objects aware of their membership and that l==localityName.Pavel Zuna2010-01-141-0/+6
|
* Add default values for krb ticket policy attributes during installation.Pavel Zuna2010-01-132-0/+8
|
* Add Kerberos Ticket Policy management plugin.Pavel Zuna2010-01-132-27/+167
|
* Fix backend.Executioner unit test.Pavel Zuna2010-01-131-6/+13
| | | | | | | | | | Before the patch that allows to create unshared instances of Connectible objects, all Connection object were deleted at once in destroy_context(). It made sense at the time, because there was always at most one Connection per Connectible subclass and Connectible.disconnect() was called only internally by the Executioner class. Now that we can make arbitrary connections, it makes more sense to delete the Connection object when Connectible.disconnect() is called.
* Improve modlist generation in ldap2. Some code cleanup as bonus.Pavel Zuna2010-01-111-65/+89
| | | | | | | | ldap2._generate_modlist now uses more sophisticated means to decide when to use MOD_ADD+MOD_DELETE instead of MOD_REPLACE. MOD_REPLACE is always used for single value attributes and never for multi value.
* Allow creation of new connections by unshared instances of backend.Connectible.Pavel Zuna2010-01-112-14/+22
|
* Add start/stop for the CARob Crittenden2010-01-111-0/+8
|
* Missed explicit reference to pki-ca, replace with self.service_nameRob Crittenden2010-01-111-2/+2
|
* Add --all to LDAPCreate and make LDAP commands always display default ↵Pavel Zuna2010-01-117-14/+30
| | | | attributes.
* Use the caIPAserviceCert profile for issuing service certs.Rob Crittenden2010-01-082-3/+3
| | | | | | | | | | | This profile enables subject validation and ensures that the subject that the CA issues is uniform. The client can only request a specific CN, the rest of the subject is fixed. This is the first step of allowing the subject to be set at installation time. Also fix 2 more issues related to the return results migration.
* Replace uses of %define with %global in the .spec fileRob Crittenden2010-01-071-7/+7
| | | | | | | Fixes rawhide builds per https://www.redhat.com/archives/fedora-devel-list/2010-January/msg00093.html Contributed by Nalin Dahyabhai
generated by cgit (git 2.34.1) at 2024-06-07 15:39:19 +0000