summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* Stretch content div and make Reset/Update buttons stick to right.Pavel Zuna2010-08-121-0/+5
|
* Correct CA options in ipa-server-install manpageRob Crittenden2010-08-101-3/+3
|
* Allow decoupling of user-private groups.Rob Crittenden2010-08-101-8/+8
| | | | | | | | | | | To do this we need to break the link manually on both sides, the user and the group. We also have to verify in advance that the user performing this is allowed to do both. Otherwise the user could be decoupled but not the group leaving it in a quasi broken state that only ldapmodify could fix. ticket 75
* Group add functionality now implmented.Adam Young2010-08-091-4/+63
| | | | | | - Proper navigation. (Add and edit versus add another) - posix field is respected - gid set accordingly
* IPA HTTPD config uses /usr/share/static as target for /ipa/uiAdam Young2010-08-091-2/+2
|
* Remove search field on group buttonAdam Young2010-08-093-7/+8
| | | | | | Hide the search bar when showing the groups listed for a user, and resotre it when doing other searches. The enroll button is added only on the groups page, and removed along with anything else in the searchButtons div when a new search is started.
* Add hbac service for su-l, su with a login shellRob Crittenden2010-08-061-0/+6
|
* Changes to the install and config files to support deploying the javascript ↵Adam Young2010-08-063-0/+17
| | | | code.
* The Javascript code for the new web UIAdam Young2010-08-0633-0/+10392
| | | | Now with whitespace cleanup.
* Images for the Javascript Based webui.Adam Young2010-08-0623-0/+0
| | | | These are all binary files, in png format.
* Add container and initial ACIs for entitlement supportRob Crittenden2010-07-292-0/+43
| | | | | | | | The entitlement entries themselves will be rather simple, consisting of the objectClasses ipaObject and pkiUser. We will just store userCertificate in it. The DN will contain the UUID of the entitlement. ticket #27
* This patch removes the existing UI functionality, as a prep for adding the ↵Adam Young2010-07-294-23/+0
| | | | Javascript based ui.
* 1. Schema cleanupDmitri Pal2010-07-211-13/+12
| | | | | | | | | | | | The ipaAssociation is the core of different association object. It seems that the service is an exception rather then rule. So it is moved into the object where it belongs. Fixed matching rules and some attribute types. Addressing ticket: https://fedorahosted.org/freeipa/ticket/89 Removed unused password attribute and realigned OIDs.
* Fix nis netgroup configurationRob Crittenden2010-07-151-1/+11
| | | | | | | | This was originally configured to pull from the compat area but Nalin thinks that is a bad idea (and it stopped working anyway). This configures the netgroup map to create the triples on its own. Ticket #87
* Fix ipa-compat-manage and ipa-nis-manageRob Crittenden2010-07-152-54/+100
| | | | | | | | | | | | | | | Neither of these was working properly, I assume due to changes in the ldap backend. The normalizer now appends the basedn if it isn't included and this was causing havoc with these utilities. After fixing the basics I found a few corner cases that I also addressed: - you can't/shouldn't disable compat if the nis plugin is enabled - we always want to load the nis LDAP update so we get the netgroup config - LDAPupdate.update() returns True/False, not an integer I took some time and fixed up some things pylint complained about too. Ticket #83
* Handle errors raised by plugins more gracefully in mod_wsgi.Rob Crittenden2010-07-121-6/+10
| | | | | | | | | | | | This started as an effort to display a more useful error message in the Apache error log if retrieving the schema failed. I broadened the scope a little to include limiting the output in the Apache error log so errors are easier to find. This adds a new configuration option, startup_traceback. Outside of lite-server.py it is False by default so does not display the traceback that lead to the StandardError being raised. This makes the mod_wsgi error much easier to follow.
* Add support for User-Private GroupsRob Crittenden2010-07-063-0/+37
| | | | | | | | | | | | | | | This uses a new 389-ds plugin, Managed Entries, to automatically create a group entry when a user is created. The DNA plugin ensures that the group has a gidNumber that matches the users uidNumber. When the user is removed the group is automatically removed as well. If the managed entries plugin is not available or if a specific, separate range for gidNumber is passed in at install time then User-Private Groups will not be configured. The code checking for the Managed Entries plugin may be removed at some point. This is there because this plugin is only available in a 389-ds alpha release currently (1.2.6-a4).
* Add maintainer-clean targetRob Crittenden2010-06-241-0/+2
|
* Add separate role group for enrolling hosts, enrollhostRob Crittenden2010-06-221-0/+8
|
* Remove unused attribute serviceName and re-number schemaRob Crittenden2010-06-211-8/+7
| | | | | | serviceName was originally part of the HBAC rules. We dropped it to use a separate service object instead so we could more easily do groups of services in rules.
* Drop --with-openldap option in the client. This is no longer optional.Rob Crittenden2010-06-211-0/+3
|
* Fall back to DM password if GSSAPI fails and make deleting more user-friendlyRob Crittenden2010-06-011-8/+38
| | | | | Try to be a bit more descriptive about why a deletion fails and generate a prettier error message.
* Query the remote server to see if this replica host already exists.Rob Crittenden2010-06-011-13/+23
| | | | | | If it does then the installation will fail trying to set up the keytabs, and not in a way that you say "aha, it's because the host is already enrolled."
* Add LDAP upgrade over ldapi support.Rob Crittenden2010-06-011-17/+25
| | | | | | | | | This disables all but the ldapi listener in DS so it will be quiet when we perform our upgrades. It is expected that any other clients that also use ldapi will be shut down by other already (krb5 and dns). Add ldapi as an option in ipaldap and add the beginning of pure offline support (e.g. direct editing of LDIF files).
* Include missing update file 30-hbacsvc.updateRob Crittenden2010-05-271-0/+35
|
* Add ipaUniqueID to HBAC services and service groupsRob Crittenden2010-05-273-31/+2
| | | | Also fix the memberOf attribute for the HBAC services
* Re-number some attributes to compress our usage to be contiguousRob Crittenden2010-05-277-48/+69
| | | | | | | No longer install the policy or key escrow schemas and remove their OIDs for now. 594149
* Add 'all' serviceCategory to default HBAC group and add some default servicesRob Crittenden2010-05-271-0/+31
|
* Add groups of services to HBACRob Crittenden2010-05-172-2/+18
| | | | | | | Replace serviceName with memberService so we can assign individual services or groups of services to an HBAC rule. 588574
* Update Kannada translationsJohn Dennis2010-05-111-80/+904
|
* named.conf: Add trailing dot to the fake_mnameMartin Nagy2010-05-061-1/+1
| | | | | Yet another trailing dot issue, but this one was kept hidden because only the latest bind-dyndb-ldap package uses the fake_mname option.
* Create default HBAC rule allowing any user to access any host from any hostRob Crittenden2010-05-054-2/+23
| | | | | | | | | This is to make initial installation and testing easier. Use the --no_hbac_allow option on the command-line to disable this when doing an install. To remove it from a running server do: ipa hbac-del allow_all
* Make the installer/uninstaller more aware of its stateRob Crittenden2010-05-031-8/+6
| | | | | | | | | | | | | | We have had a state file for quite some time that is used to return the system to its pre-install state. We can use that to determine what has been configured. This patch: - uses the state file to determine if dogtag was installed - prevents someone from trying to re-install an installed server - displays some output when uninstalling - re-arranges the ipa_kpasswd installation so the state is properly saved - removes pkiuser if it was added by the installer - fetches and installs the CA on both masters and clients
* Remove some duplicated schemaRob Crittenden2010-04-301-9/+0
| | | | | Newer versions of 389-ds provide this certificate schema so no need to provide it ourselves.
* Fix a couple of syntax errors in the installer.Rob Crittenden2010-04-271-2/+5
| | | | I meant to push these along with the original patch but pushed the wrong one.
* Replace a new instance of IPAdmin use in ipa-server-install.Pavel Zuna2010-04-271-8/+11
|
* Connect to the ldap during the uninstallationMartin Nagy2010-04-231-8/+28
| | | | | | We need to ask the user for a password and connect to the ldap so the bind uninstallation procedure can remove old records. This is of course only helpful if one has more than one IPA server configured.
* Fix installing IPA with an external CARob Crittenden2010-04-231-4/+18
| | | | | | | | - cache all interactive answers - set non-interactive to True for the second run so nothing is asked - convert boolean values that are read in - require absolute paths for the external CA and signed cert files - fix the invocation message for the second ipa-server-install run
* Use correct name for CA PKCS#12 file.Rob Crittenden2010-04-231-2/+2
| | | | I recently renamed this and missed this reference.
* Use ldap2 instead of legacy LDAP code from v1 in installer scripts.Pavel Zuna2010-04-1910-135/+135
|
* Use escapes in DNs instead of quoting.Rob Crittenden2010-04-191-2/+2
| | | | Based on initial patch from Pavel Zuna.
* Enable anonymous VLV so Solaris clients will work out of the box.Rob Crittenden2010-04-161-0/+4
| | | | | | | | Since one needs to enable the compat plugin we will enable anonymous VLV when that is configured. By default the DS installs an aci that grants read access to ldap:///all and we need ldap:///anyone
* Remove incorrect option -U for --uninstall. -U is short for --unattended.Rob Crittenden2010-04-161-1/+1
|
* Update Spanish translationsJohn Dennis2010-04-131-11/+185
|
* Update Polish and Chinese translationsJohn Dennis2010-03-222-322/+389
|
* update Polish translationsJohn Dennis2010-03-221-83/+886
|
* Use GSSAPI auth for the ipa-replica-manage list and del commands.Rob Crittenden2010-03-192-4/+55
| | | | | | | | | | | | This creates a new role, replicaadmin, so a non-DM user can do limited management of replication agreements. Note that with cn=config if an unauthorized user performs a search an error is not returned, no entries are returned. This makes it difficult to determine if there are simply no replication agreements or we aren't allowed to see them. Once the ipaldap.py module gets replaced by ldap2 we can use Get Effective Rights to easily tell the difference.
* Better customize the message regarding the CA based on the install options.Rob Crittenden2010-03-191-5/+10
| | | | | | | | | | There are now 3 cases: - Install a dogtag CA and issue server certs using that - Install a selfsign CA and issue server certs using that - Install using either dogtag or selfsign and use the provided PKCS#12 files for the server certs. The installed CA will still be used by the cert plugin to issue any server certs.
* Make CA PKCS#12 location arg for ipa-replica-prepare, default /root/cacert.p12Rob Crittenden2010-03-191-3/+5
| | | | | pki-silent puts a copy of the root CA into /root/tmp-ca.p12. Rename this to /root/cacert.p12.
* Initialize the api so imports work, trust all CAs included in the PKCS#12.Rob Crittenden2010-03-191-1/+9
|
generated by cgit (git 2.34.1) at 2024-05-09 08:56:19 +0000