| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Add man pages for ipa-run-tests, ipa-test-task, and ipa-test-config.
https://fedorahosted.org/freeipa/ticket/3855 (part 5)
|
| |
|
|
|
|
| |
The integration testing framework used Paramiko SFTP files as
context managers. This feature is only available in Paramiko 1.10+.
Use an explicit context manager so that we don't rely on the feature.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes:
- too long description for server-trust-ad subpackage
- adds (noreplace) flag %{_sysconfdir}/tmpfiles.d/ipa.conf to avoid
overwriting potential user changes
- changes permissions on default_encoding_utf8.so to prevent it
pollute python subpackage Provides.
- wrong address in GPL v2 license preamble in 2 distributed files
https://fedorahosted.org/freeipa/ticket/3855
|
| |
|
|
|
|
|
|
|
| |
Specifically:
- combination of spaces and tabs in one line
- using macros in comments
- using "egrep" instead of "grep -E"
https://fedorahosted.org/freeipa/ticket/3855
|
| |
|
|
|
|
|
|
|
| |
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.
https://fedorahosted.org/freeipa/ticket/3632
|
| |
|
|
|
| |
Require slapi-nis 0.47.7 and sssd 1.11.0-0.1.beta2 required for core
features of 3.3.0 release.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Old versions of SSSD do not directly support cross-realm trusts between IPA
and AD. This patch introduces plugins for the ipa-advise tool, which should
help with configuring an old version of SSSD (1.5-1.8) to gain access to
resources in trusted domain.
Since the configuration steps differ depending on whether the platform includes
the authconfig tool, two plugins are needed:
* config-redhat-sssd-before-1-9 - provides configuration for Red Hat based
systems, as these system include the autconfig utility
* config-generic-sssd-before-1-9 - provides configuration for other platforms
https://fedorahosted.org/freeipa/ticket/3671
https://fedorahosted.org/freeipa/ticket/3672
|
| |
|
|
|
|
|
|
|
|
| |
In external CA installation, ipa-server-install leaked NSS objects
which caused an installation crash later when a subsequent call of
NSSConnection tried to free them.
Properly freeing the NSS objects avoid this crash.
https://fedorahosted.org/freeipa/ticket/3773
|
| |
|
|
|
| |
The beakerLib plugin collects log files via compressed tarballs,
so these dependencies are needed
|
| |
|
|
|
|
|
| |
This script makes common testing tasks such as IPA installation
and uninstallation available outside of Python.
https://fedorahosted.org/freeipa/ticket/3721
|
| |
|
|
|
|
|
|
|
|
| |
There was already a dependency in server package, however,
the correct place for such dependency is in freeipa-python,
since the relevant code using keyutils resides there.
Both freeipa-server and freeipa-client require freeipa-python.
https://fedorahosted.org/freeipa/ticket/3808
|
| |
|
|
| |
Pick up latest SSSD 1.11 Beta development
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3772
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3652
|
| |
|
|
|
|
|
|
|
|
| |
Features of the new policy:
- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
writeable by PKI and readable by HTTPD
- contains Conflicts with old freeipa-server-selinux package to avoid
SELinux upgrade issues
https://fedorahosted.org/freeipa/ticket/3788
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provides a pluggable framework for generating configuration
scriptlets and instructions for various machine setups and use
cases.
Creates a new ipa-advise command, available to root user
on the IPA server.
Also provides an example configuration plugin,
config-fedora-authconfig.
https://fedorahosted.org/freeipa/ticket/3670
|
| |
|
|
|
|
| |
Documentation: http://www.freeipa.org/page/Web_UI_Integration_Tests
https://fedorahosted.org/freeipa/ticket/3744
|
| |
|
|
|
|
|
|
|
|
|
| |
Spec file modified so that /var/lib/ipa/pki-ca/publish/ is no
longer owned by created with package installation. The directory
is rather created/removed with the CA instance itself.
This ensures proper creation/removeal, group ownership
and SELinux context.
https://fedorahosted.org/freeipa/ticket/3727
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add methods to run commands and copy files to Host objects.
Adds a base class for integration tests which can currently install
and uninstall IPA in a "star" topology with per-test specified number
of hosts.
A simple test for user replication between two masters is provided.
Log files from the remote hosts can be marked for collection, but the
actual collection is left to a Nose plugin.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3621
|
| |
|
|
|
|
|
|
|
|
|
| |
Integration tests are configured via environment variables.
Add a framework for parsing these variables and storing them
in easy-to-use objects.
Add an `ipa-test-config` executable that loads the configuration
and prints out variables needed in shell scripts.
Part of the work for https://fedorahosted.org/freeipa/ticket/3621
|
| |
|
|
|
|
|
| |
Running server upgrade or restart in %post or %postun may cause issues when
there are still parts of old FreeIPA software (like entitlements plugin).
https://fedorahosted.org/freeipa/ticket/3739
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replica information file contains the file `cacert.p12` which is protected by
the Directory Manager password of the initial IPA server installation. The DM
password of the initial installation is also used for the PKI admin user
password.
If the DM password is changed after the IPA server installation, the replication
fails.
To prevent this failure, add the following steps to ipa-replica-prepare:
1. Regenerate the `cacert.p12` file and protect it with the current DM password
2. Update the password of the PKI admin user with the current DM password
https://fedorahosted.org/freeipa/ticket/3594
|
| |
|
|
|
|
| |
Assign a default priority of 10 to our SASL mappings.
https://fedorahosted.org/freeipa/ticket/3330
|
| |
|
|
|
|
|
| |
Entitlements code was not tested nor supported upstream since
version 3.0. Remove the associated code.
https://fedorahosted.org/freeipa/ticket/3739
|
| |
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
|
| |
|
|
|
|
|
| |
Rename the 'tests' directory to 'ipa-tests', and create an ipa-tests RPM
containing the test suite
Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
|
| |
|
|
| |
This directory is no longer used as session storage.
|
| |
|
|
|
|
|
|
|
| |
All SELinux policy needed by FreeIPA server is now part of the global
system SELinux policy which makes the subpackage redundant and slowing
down the installation. This patch drops it.
https://fedorahosted.org/freeipa/ticket/3683
https://fedorahosted.org/freeipa/ticket/3684
|
| |
|
|
|
|
|
|
|
|
|
| |
This daemon listens for RADIUS packets on a well known
UNIX domain socket. When a packet is received, it queries
LDAP to see if the user is configured for RADIUS authentication.
If so, then the packet is forwarded to the 3rd party RADIUS server.
Otherwise, a bind is attempted against the LDAP server.
https://fedorahosted.org/freeipa/ticket/3366
http://freeipa.org/page/V3/OTP
|
| |
|
|
|
| |
Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON
behavior for socket based connections (#960222).
|
| |
|
|
|
| |
The package is only available in Fedora 19.
This means SID resolution in the UI won't work in Fedora 18.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce new command, 'trust-resolve', to aid resolving SIDs to names
in the Web UI.
The command uses new SSSD interface, nss_idmap, to resolve actual SIDs.
SSSD caches resolved data so that future requests to resolve same SIDs
are returned from a memory cache.
Web UI code is using Dojo/Deferred to deliver result of SID resolution
out of band. Once resolved names are available, they replace SID values.
Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved
at the same time. They all sent within the single request to the server.
https://fedorahosted.org/freeipa/ticket/3302
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3235
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3235
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrading from d9 -> d10 does not set up the RESTful interface
in dogtag, they just never coded it. Rather than trying to backport
things they have decided to not support upgrades.
We need to catch this and report a more reasonable error. They are
returning a 501 (HTTP method unimplemented) in this case.
https://fedorahosted.org/freeipa/ticket/3549
|
| |
|
|
|
|
|
|
|
|
| |
nss-pam-ldapd in 0.8.4 changed the default to map uniqueMember to
member so it is no longer needed in the config file, and in fact
causes an error to be raised.
Add a Conflicts on older versions.
https://fedorahosted.org/freeipa/ticket/3589
|
| |
|
|
|
|
|
| |
Run sss_ssh_authorizedkeyscommand as nobody. Automatically update sshd_config
on openssh-server update.
https://fedorahosted.org/freeipa/ticket/3571
|
| |
|
|
|
|
|
|
| |
There were cases where a base64-encoded cert with no header/footer would
not be handled properly and rejected. This was causing the CA install
to fail.
https://fedorahosted.org/freeipa/ticket/3586
|
| |
|
|
|
|
| |
Correct ownership for /etc/ipa and remove unnecessary %config directive.
https://fedorahosted.org/freeipa/ticket/3551
|
| |
|
|
|
|
|
|
| |
Make sure /etc/ipa is created and owned by freeipa-python package.
Report correct error to user if /etc/ipa is missing during client installation.
https://fedorahosted.org/freeipa/ticket/3551
|
| |
|
|
|
|
|
|
|
|
| |
Require samba 4.0.5 (passdb API changed). Make sure that we use the
right epoch number with samba so that the Requires is correctly
enforced.
Require krb5 1.11.2-1 to fix missing PAC issue.
Also fix backup dir permissions.
|
| |
|
|
|
|
|
|
|
| |
This will allow one to backup and restore the IPA files and data. This
does not cover individual entry restoration.
http://freeipa.org/page/V3/Backup_and_Restore
https://fedorahosted.org/freeipa/ticket/3128
|
| |
|
|
|
|
|
| |
Find out Kerberos middle version to infer ABI changes in DAL driver.
We cannot load DAL driver into KDC with wrong ABI. This is also needed to
support ipa-devel repository where krb5 1.11 is available for Fedora 18.
|
| |
|
|
|
|
|
|
|
| |
Pulls the following fixes:
- upgrade deadlock caused by DNA plugin reconfiguration
- CVE-2013-1897: unintended information exposure when rootdse is
enabled
https://fedorahosted.org/freeipa/ticket/3540
|
| |
|
|
|
|
|
|
| |
This required target is no longer needed as systemd from version 38
has its own journal which is also in the basic set of service unit
requirementes.
https://fedorahosted.org/freeipa/ticket/3511
|
| |
|
|
|
|
| |
Fix rpm build warnings report in Fedora 19 build.
https://fedorahosted.org/freeipa/ticket/3500
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch includes several cleanups needed for Fedora 19 build:
* ipa-kdb is compatible with both krb5 1.10 and 1.11 which contains
an updated DAL interface. Remove the conflict from spec file.
* Fix ipa-ldap-updater call to produce errors only to avoid
cluttering rpm update output
* Remove httpd_conf constant which was not used
https://fedorahosted.org/freeipa/ticket/3502
|
| |
|
|
|
|
| |
The higher version is reported to fix a Fedora 17 to 18 upgrade issue.
https://fedorahosted.org/freeipa/ticket/3399
|
| |
|
|
|
|
|
|
|
| |
Default value "1" is added to replicated idnsZone objects
if idnsSOASerial attribute is missing.
https://fedorahosted.org/freeipa/ticket/3347
Signed-off-by: Petr Spacek <pspacek@redhat.com>
|
