| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
The code for supporting custom layouts using HTML templates has been
removed. If it's needed again in the future the code can be restored.
Ticket #1501
|
|
|
|
| |
ticket 1288
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the most part the existing replication code worked with the
following exceptions:
- Added more port options
- It assumed that initial connections were done to an SSL port. Added
ability to use startTLS
- It assumed that the name of the agreement was the same on both sides.
In dogtag one is marked as master and one as clone. A new option is
added, master, the determines which side we're working on or None
if it isn't a dogtag agreement.
- Don't set the attribute exclude list on dogtag agreements
- dogtag doesn't set a schedule by default (which is actually recommended
by 389-ds). This causes problems when doing a force-sync though so
if one is done we set a schedule to run all the time. Otherwise the
temporary schedule can't be removed (LDAP operations error).
https://fedorahosted.org/freeipa/ticket/1250
|
|
|
|
|
|
|
|
| |
shows dialog if there are any HBAC deny rules. Dialog provides option to navigate to the HBAC page. Deny rules have their rule type value show up in red.
Only shows up fro administrators, not for self service users.
https://fedorahosted.org/freeipa/ticket/1421
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica is installed.
A new tool ipa-ca-install will configure dogtag if it wasn't configured
when the replica was initially installed.
This moves a fair bit of code out of ipa-replica-install into
installutils and cainstance to avoid duplication.
https://fedorahosted.org/freeipa/ticket/1251
|
|
|
|
|
|
|
|
| |
Fix a problem when a target missed a version-update requirement.
This caused build problems, especially in a parallel build
environment.
https://fedorahosted.org/freeipa/ticket/1215
|
|
|
|
|
| |
The Makefile.am freeipa.spec.in have been updated according to the
recent file changes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When connection between a master machine and future replica is not
sane, the replica installation may fail unexpectedly with
inconvenient error messages. One common problem is misconfigured
firewall.
This patch adds a program ipa-replica-conncheck which tests the
connection using the following procedure:
1) Execute the on-replica check testing the connection to master
2) Open required ports on local machine
3) Ask user to run the on-master part of the check OR run it
automatically:
a) kinit to master as default admin user with given password
b) run the on-master part using ssh
4) When master part is executed, it checks connection back to
the replica and prints the check result
This program is run by ipa-replica-install as mandatory part. It
can, however, be skipped using --skip-conncheck option.
ipa-replica-install now requires password for admin user to run
the command on remote master.
https://fedorahosted.org/freeipa/ticket/1107
|
|
|
|
| |
ticket 1212
|
|
|
|
|
|
| |
Done with conditionals so still installable on F-14.
ticket 1200
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1203
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Looking at the schema in 60basev2.ldif there were many attributes that did
not have an ORDERING matching rule specified correctly. There were also a
number of attributeTypes that should have been just SUP
distinguishedName that had a combination of SUP, SYNTAX, ORDERING, etc.
This requires 389-ds-base-1.2.8.0-1+
ticket 1153
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Re-enable ldapi code in ipa-ldap-updater and remove the searchbase
restriction when run in --upgrade mode. This allows us to autobind
giving root Directory Manager powers.
This also:
* corrects the ipa-ldap-updater man page
* remove automatic --realm, --server, --domain options
* handle upgrade errors properly
* saves a copy of dse.ldif before we change it so it can be recovered
* fixes an error discovered by pylint
ticket 1087
|
|
|
|
| |
ticket 969
|
|
|
|
| |
ticket 978
|
| |
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/935
|
|
|
|
|
|
|
| |
This moves a bunch of tools that only make sense to run on the actual
server from the admintools subpackage to the server subpackage.
ticket 947
|
| |
|
|
|
|
| |
ticket 926
|
| |
|
|
|
|
|
|
| |
* Set min version of 389-ds-base to 1.2.8
* Set min version of mod_nss 1.0.8-10
* Set min version of selinux-policy to 3.9.7-27
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a plugin, entitle, to register to the entitlement server, consume
entitlements and to count and track them. It is also possible to
import an entitlement certificate (if for example the remote entitlement
server is unaviailable).
This uses the candlepin server from https://fedorahosted.org/candlepin/wiki
for entitlements.
Add a cron job to validate the entitlement status and syslog the results.
tickets 28, 79, 278
|
|
|
|
| |
Ticket 804
|
|
|
|
| |
First part of: https://fedorahosted.org/freeipa/ticket/855
|
|
|
|
| |
modifying the directories so they find the assets in the right locations
|
|
https://fedorahosted.org/freeipa/ticket/581
|