summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* Add 'ipa_server_mode' option to SSSD configurationAna Krivokapic2013-07-181-1/+12
| | | | https://fedorahosted.org/freeipa/ticket/3652
* ipa-adtrust-install: configure compatibility tree to serve trusted domain usersAlexander Bokovoy2013-07-182-1/+40
| | | | | | | | | | | | | | | | | | | | | | | | | Enables support for trusted domains users for old clients through Schema Compatibility plugin. SSSD supports trusted domains natively starting with version 1.9 platform. For platforms that lack SSSD or run older SSSD version one needs to use this option. When enabled, slapi-nis package needs to be installed and schema-compat-plugin will be configured to provide lookup of users and groups from trusted domains via SSSD on IPA server. These users and groups will be available under cn=users,cn=compat,$SUFFIX and cn=groups,cn=compat,$SUFFIX trees. SSSD will normalize names of users and groups to lower case. In addition to providing these users and groups through the compat tree, this option enables authentication over LDAP for trusted domain users with DN under compat tree, i.e. using bind DN uid=administrator@ad.domain,cn=users,cn=compat,$SUFFIX. This authentication is related to PAM stack using 'system-auth' PAM service. If you have disabled HBAC rule 'allow_all', then make sure there is special service called 'system-auth' created and HBAC rule to allow access to anyone to this rule on IPA masters is added. Please note that system-auth PAM service is not used directly by any other application, therefore it is safe to create one specifically to support trusted domain users via compatibility path. https://fedorahosted.org/freeipa/ticket/3567
* Add Camellia ciphers to allowed list.Rob Crittenden2013-07-183-0/+10
| | | | https://fedorahosted.org/freeipa/ticket/3749
* Provide ipa-advise toolTomas Babej2013-07-174-0/+69
| | | | | | | | | | | | | | Provides a pluggable framework for generating configuration scriptlets and instructions for various machine setups and use cases. Creates a new ipa-advise command, available to root user on the IPA server. Also provides an example configuration plugin, config-fedora-authconfig. https://fedorahosted.org/freeipa/ticket/3670
* Fix container element in adder dialogsPetr Vobornik2013-07-162-9/+9
| | | | | | | | Host and DNS adder dialogs used span element as container for block elements. It's not valid nor consistent with other forms. 'span' was replaced by 'div' https://fedorahosted.org/freeipa/ticket/3744
* Better automated test supportPetr Vobornik2013-07-166-11/+19
| | | | | | | 1. add class to active facet instead of using direct style modification for hiding/showing 2. add name attribute to tables and dialog buttons and error dialog https://fedorahosted.org/freeipa/ticket/3744
* Change group ownership of CRL publish directoryTomas Babej2013-07-162-5/+5
| | | | | | | | | | | Spec file modified so that /var/lib/ipa/pki-ca/publish/ is no longer owned by created with package installation. The directory is rather created/removed with the CA instance itself. This ensures proper creation/removeal, group ownership and SELinux context. https://fedorahosted.org/freeipa/ticket/3727
* Fix for small syntax error in OTP schemaNathaniel McCallum2013-07-112-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3765
* Permit reads to ipatokenRadiusProxyUser objectsNathaniel McCallum2013-07-111-1/+1
| | | | | | This fixes an outstanding permissions issue from the OTP work. https://fedorahosted.org/freeipa/ticket/3693
* Add missing equality index for ipaUniqueId.Jan Cholasta2013-07-112-0/+15
| | | | https://fedorahosted.org/freeipa/ticket/3743
* Add missing substring indices for attributes managed by the referint plugin.Jan Cholasta2013-07-112-33/+43
| | | | | | | | The referint plugin does a substring search on these attributes each time an entry is deleted, which causes a noticable slowdown for large directories if the attributes are not indexed. https://fedorahosted.org/freeipa/ticket/3706
* Disable checkboxes and radios for readonly attributesPetr Vobornik2013-07-091-8/+15
| | | | https://fedorahosted.org/freeipa/ticket/3764
* Enable SASL mapping fallback.Jan Cholasta2013-06-273-0/+15
| | | | | | Assign a default priority of 10 to our SASL mappings. https://fedorahosted.org/freeipa/ticket/3330
* Create Firefox configuration extension on CA-less installPetr Vobornik2013-06-272-15/+17
| | | | | | | | | | Create: * kerberosauth.xpi * krb.js even when --http_pkcs12 option is used. https://fedorahosted.org/freeipa/ticket/3747
* Do not redirect to https in /ipa/ui on non-HTML filesPetr Vobornik2013-06-261-1/+2
| | | | | | Those resources are needed by page which has to use http(browser config) prior to acceptance of CA cert. https://fedorahosted.org/freeipa/ticket/3748
* Remove entitlement supportMartin Kosek2013-06-2629-2125/+4
| | | | | | | Entitlements code was not tested nor supported upstream since version 3.0. Remove the associated code. https://fedorahosted.org/freeipa/ticket/3739
* Fix CA-less check in ipa-replica-install and ipa-ca-install.Jan Cholasta2013-06-262-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3750
* Fix default value selection in radio widgetPetr Vobornik2013-06-241-1/+11
| | | | https://fedorahosted.org/freeipa/ticket/3718
* Do not redirect ipa/crl to HTTPSTomas Babej2013-06-201-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3713
* Make an ipa-tests packagePetr Viktorin2013-06-171-2/+2
| | | | | | | Rename the 'tests' directory to 'ipa-tests', and create an ipa-tests RPM containing the test suite Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
* Drop redundant directory /var/cache/ipa/sessionsMartin Kosek2013-06-171-4/+0
| | | | This directory is no longer used as session storage.
* Fix displaying of success messageAna Krivokapic2013-06-132-26/+31
| | | | | | | Make sure that the success message is properly populated with actual number of items that were successfully added/removed. https://fedorahosted.org/freeipa/ticket/3708
* Regression fix: rule table with ext. member support doesn't offer any itemsPetr Vobornik2013-06-131-1/+9
| | | | | | | | | | There is a JS error. Rule tables with external member has more than one column and therefore exclude parameter for adder dialog is not array of strings but array of objects. normalize_values function can't work with it and causes JS error. This patch creates proper exclude array before passing it to adder dialog. https://fedorahosted.org/freeipa/ticket/3711
* Do not allow installing CA replicas in CA-less setup.Jan Cholasta2013-06-122-0/+8
| | | | | https://fedorahosted.org/freeipa/ticket/3673 https://fedorahosted.org/freeipa/ticket/3674
* Remove stray error condition in ipa-server-install.Jan Cholasta2013-06-121-3/+0
|
* Use the correct PKCS#12 file for HTTP server.Jan Cholasta2013-06-121-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3665
* Add ipaRangeType attribute to LDAP SchemaTomas Babej2013-06-103-1/+5
| | | | | | | | | | This adds a new LDAP attribute ipaRangeType with OID 2.16.840.1.113730.3.8.11.41 to the LDAP Schema. ObjectClass ipaIDrange has been altered to require ipaRangeType attribute. Part of https://fedorahosted.org/freeipa/ticket/3647
* Manage ipa-otpd.socket by IPATomas Babej2013-06-063-14/+33
| | | | | | | | Adds a new simple service called OtpdInstance, that manages ipa-otpd.socket service. Added to server/replica installer and ipa-upgradeconfig script. https://fedorahosted.org/freeipa/ticket/3680
* Do not check userPassword with 7-bit pluginTomas Babej2013-06-062-0/+7
| | | | | | | | Default list of attributes that are checked with 7-bit plugin for being 7-bit clean includes userPassword. Consecutively, one is unable to set passwords that contain non-ascii characters. https://fedorahosted.org/freeipa/ticket/3640
* Fix regression: missing facet tab group labelsPetr Vobornik2013-06-052-10/+15
| | | | | | | | Currently there is only empty space between facet tabs and facet title. It's a regression caused by recent refactoring. https://fedorahosted.org/freeipa/ticket/3688
* Use private ccache in ipa install toolsTomas Babej2013-06-054-16/+22
| | | | | | | | All installers that handle Kerberos auth, have been altered to use private ccache, that is ipa-server-install, ipa-dns-install, ipa-replica-install, ipa-ca-install. https://fedorahosted.org/freeipa/ticket/3666
* Make ssbrowser.html work in IE 10Petr Vobornik2013-06-041-3/+9
| | | | | | | | Manual configuration page for other browsers (ssbrowser.html) doesn't work in IE 10 - error page is displayed. This patch is conditioning creation of Firefox configuration object so that configure.jar is requested only in Firefox. IE doesn't request it and so it does not fail. https://fedorahosted.org/freeipa/ticket/3645
* Regression fix: missing control buttons in nested search facetsPetr Vobornik2013-06-031-16/+24
| | | | | | Regression introduced by 6e90920233cc9a7c9feb040dea22cda837715c39 - 'Move spec modifications from facet factories to pre_ops'. https://fedorahosted.org/freeipa/ticket/3605
* Remove code to install Dogtag 9Petr Viktorin2013-05-314-38/+11
| | | | | | | | | Since we depend on Dogtag 10 now, there is no need to keep code that installs a Dogtag 9 CA. Support for upgraded Dogtag-9-style instances is left in. https://fedorahosted.org/freeipa/ticket/3529
* Web UI: move ./_base/metadata_provider.js to ./metadata.jsPetr Vobornik2013-05-1712-15/+18
| | | | | | Metadata provider is IPA specific object, not a framework object, so it should not be in _base directory. https://fedorahosted.org/freeipa/ticket/3604
* Unite and move facet pre_ops to related modulesPetr Vobornik2013-05-174-123/+90
| | | | | | | | | | Facet pre_ops defined in ./facet module were moved to modules where facet are actually defined. Moved pre_ops were united with the ones defined for the facets in these modules. The move simplifies module dependencies - there is no reason to have general facet module dependent on specialized facet modules. Pre_ops uniting makes the code simpler. https://fedorahosted.org/freeipa/ticket/3605
* Move spec modifications from facet factories to pre_opsPetr Vobornik2013-05-176-85/+99
| | | | | | | | Spec modifications in factories makes inheritance and extensibility more difficult. Moving them to pre_ops allows modification of their output by other pre_ops. https://fedorahosted.org/freeipa/ticket/3605
* Do not display success message on failure in web UIAna Krivokapic2013-05-174-16/+47
| | | | https://fedorahosted.org/freeipa/ticket/3591
* Add IPA OTP schema and ACLsNathaniel McCallum2013-05-177-2/+76
| | | | | | | | | | This commit adds schema support for two factor authentication via OTP devices, including RADIUS or TOTP. This schema will be used by future patches which will enable two factor authentication directly. https://fedorahosted.org/freeipa/ticket/3365 http://freeipa.org/page/V3/OTP
* Add ipaUserAuthType and ipaUserAuthTypeClassNathaniel McCallum2013-05-172-0/+6
| | | | | | | | | | This schema addition will be useful for future commits. It allows us to define permitted external authentication methods on both the user and global config. The implementation is generic, but the immediate usage is for otp support. https://fedorahosted.org/freeipa/ticket/3365 http://freeipa.org/page/V3/OTP
* Prompt for nameserver IP address in dnszone-addAna Krivokapic2013-05-163-0/+73
| | | | | | | | | | | | | | Prompt for nameserver IP address in interactive mode of dnszone-add. Add a corresponding field to dnszone creation dialog in the web UI. This parameter is required if and only if: * New zone is a forward zone * Nameserver is defined inside the new zone Add a new unit test to cover this functionality. https://fedorahosted.org/freeipa/ticket/3603
* Set KRB5CCNAME so that dirsrv can work with newer krb5-serverMartin Kosek2013-05-141-0/+1
| | | | | | | | | | | The DIR ccache format is now the default in krb5-server 1.11.2-4 but /run/user/<uid> isn't created for Apache by anything so it has no ccache (and it doesn't have SELinux permissions to write here either). Use KRB5CCNAME to set a file path instead in /etc/sysconfig/dirsrv. https://fedorahosted.org/freeipa/ticket/3628
* Fix: HBAC Test tab is missingPetr Vobornik2013-05-141-1/+1
| | | | | | | | Caused by typo in metadata provider source path. No metadata -> no HBAC test entity -> no tab https://fedorahosted.org/freeipa/ticket/3627
* Update translations from TransifexPetr Viktorin2013-05-0917-637/+3597
|
* Set KRB5CCNAME so httpd s4u2proxy can with with newer krb5-serverRob Crittenden2013-05-091-0/+1
| | | | | | | | | | | The DIR ccache format is now the default in krb5-server 1.11.2-4 but /run/user/<uid> isn't created for Apache by anything so it has no ccache (and it doesn't have SELinux permissions to write here either). Use KRB5CCNAME to set a file path instead in /etc/sysconfig/httpd. https://fedorahosted.org/freeipa/ticket/3607
* Resolve SIDs in Web UIAlexander Bokovoy2013-05-064-6/+79
| | | | | | | | | | | | | | | | | Introduce new command, 'trust-resolve', to aid resolving SIDs to names in the Web UI. The command uses new SSSD interface, nss_idmap, to resolve actual SIDs. SSSD caches resolved data so that future requests to resolve same SIDs are returned from a memory cache. Web UI code is using Dojo/Deferred to deliver result of SID resolution out of band. Once resolved names are available, they replace SID values. Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved at the same time. They all sent within the single request to the server. https://fedorahosted.org/freeipa/ticket/3302
* Enable standalone facets in menu.add_itemPetr Vobornik2013-05-061-14/+14
| | | | https://fedorahosted.org/freeipa/ticket/3235
* Fix crash on host deleletionPetr Vobornik2013-05-061-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3235
* Fix crash on ssh key addPetr Vobornik2013-05-061-7/+7
| | | | https://fedorahosted.org/freeipa/ticket/3235
* Fix WebUI crash when server installed as CA-lessPetr Vobornik2013-05-061-0/+2
| | | | https://fedorahosted.org/freeipa/ticket/3235
generated by cgit (git 2.34.1) at 2024-05-08 01:08:27 +0000