summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipaclient
Commit message (Collapse)AuthorAgeFilesLines
* Check through all LDAP servers in the domain during IPA discoveryAlexander Bokovoy2011-12-091-9/+25
| | | | | | | | | When discovering IPA LDAP servers through DNS records, look through all servers found until first success. A master might be not available or denied access but replica may succeed. Ticket #1827 https://fedorahosted.org/freeipa/ticket/1827
* ticket 2022 - modify codebase to utilize IPALogManager, obsoletes loggingJohn Dennis2011-11-231-16/+16
| | | | | | | | | | | | change default_logger_level to debug in configure_standard_logging add new ipa_log_manager module, move log_mgr there, also export root_logger from log_mgr. change all log_manager imports to ipa_log_manager and change log_manager.root_logger to root_logger. add missing import for parse_log_level()
* ipa-client-install hangs if the discovered server is unresponsiveMartin Kosek2011-10-121-1/+2
| | | | | | | | Add a timeout to the wget call to cover a case when autodiscovered server does not response to our attempt to download ca.crt. Let user specify a different IPA server in that case. https://fedorahosted.org/freeipa/ticket/1960
* Before kinit, try to sync time with the NTP servers of the domain we are joiningAlexander Bokovoy2011-10-062-0/+43
| | | | | | | | | | | | | | When running ipa-client-install on a system whose clock is not in sync with the master, kinit fails and enrollment is aborted. Manual checking of current time at the master and adjusting on the client-to-be is then needed. The patch tries to fetch SRV records for NTP servers of the domain we aim to join and runs ntpdate to get time synchronized. If no SRV records are found, sync with IPA server itself. If that fails, warn that time might be not in sync with KDC. https://fedorahosted.org/freeipa/ticket/1773
* Setup and restore ntp configuration on the client side properlyAlexander Bokovoy2011-10-051-15/+37
| | | | | | | | | When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers point to IPA NTP server as well. When restoring the client during ipa-client-install --uninstall, make sure NTP configuration is fully restored and NTP service is disabled if it was disabled before the installation. https://fedorahosted.org/freeipa/ticket/1770
* Add a function for formatting network locations of the form host:port for ↵Jan Cholasta2011-10-051-4/+4
| | | | | | | | | use in URLs. If the host part is a literal IPv6 address, it must be enclosed in square brackets (RFC 2732). ticket 1869
* ipa-client assumes a single namingcontextMartin Kosek2011-09-301-18/+14
| | | | | | | | | When LDAP server contains more that one suffixes, the ipa client installation does not detect it as IPA server and fails to install. Fix ipa server discovery so that it correctly searches all naming contexts for the IPA one. https://fedorahosted.org/freeipa/ticket/1868
* ipa-client-install: Fix joining when LDAP access is restrictedSimo Sorce2011-09-301-22/+36
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/1881
* Don't remove /tmp when removing temp cert dirMarko Myllynen2011-09-221-1/+1
| | | | | | If /tmp happens to be empty os.removedirs() happily removes it... https://fedorahosted.org/freeipa/ticket/1843
* Convert client-side tools to platform-independent access to system servicesAlexander Bokovoy2011-09-131-2/+3
| | | | https://fedorahosted.org/freeipa/ticket/1605
* Make sure that hostname specified by user is not an IP address.Jan Cholasta2011-07-251-1/+4
| | | | ticket 1375
* Make ipa-client-install error messages more understandable and relevant.Rob Crittenden2011-07-191-11/+26
| | | | | | | | | | | * Check remote LDAP server to see if it is a V2 server * Replace numeric return values with alphanumeric constants * Display the error message from the ipa-enrollment extended op * Remove generic join failed error message when XML-RPC fails * Don't display Certificate subject base when enrollment fails * Return proper error message when LDAP bind fails https://fedorahosted.org/freeipa/ticket/1417
* KDC autodiscovery may fail when domain is not realmMartin Kosek2011-05-171-10/+16
| | | | | | | | | | | | | When ipa-client-install autodiscovers IPA server values it doesn't fill the fixed KDC address to Kerberos configuration file. However, when realm != domain or the autodiscovered values are overridden, installation may fail because it cannot find the KDC. This patch adds a failover to use static KDC address in case when such an issue occurs. https://fedorahosted.org/freeipa/ticket/1100
* Fix lint false positives.Jan Cholasta2011-04-131-1/+1
|
* Make retrieval of the CA during DNS discovery non-fatal.Rob Crittenden2011-03-301-1/+2
| | | | ticket 1135
* 18 Use TLS for ipadiscovery during ipa-client-install ↵Jr Aquino2011-02-211-0/+24
| | | | https://fedorahosted.org/freeipa/ticket/974
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-204-24/+24
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Better distinguish between when DNS discovery works and search more domains.Rob Crittenden2010-09-201-9/+61
| | | | | | | | | | | | | | | | | | | | | | Passing domain and server on the command-line used to be considered as DNS autodiscovery worked. This was problematic if there was in fact no SRV records because krb5.conf would be configured without a specific KDC causing all Kerberos ops to fail. Now if you pass in a domain/server it still tries to see if they are discoverable and if so won't hardcode a server, but will fall back to doing so if necessary. Also be a lot more aggressive on looking for the SRV records. Use the search and domain values from /etc/resolv.conf on the chance that the SRV records aren't in the domain of the hostname of the machine. An example of this would be if your laptop is in dhcp.example.com and your company's SRV records are in corp.example.com. Searching dhcp.example.com and example.com won't find the SRV records but the user is likely to have corp.redhat.com in the search list, at least. ticket 234
* Better LDAP error handling in ipa-client-installRob Crittenden2009-12-011-9/+5
|
* Clean up additional issues discovered with pylint and pycheckerRob Crittenden2009-08-201-4/+4
|
* Rename ipa-python directory to ipapython so it is a real python libraryRob Crittenden2009-02-092-45/+45
| | | | | We used to install it as ipa, now installing it as ipapython. The rpm is still ipa-python.
* Handle exceptions more gracefully on systems with python-ldap 2.2.0Rob Crittenden2008-04-141-5/+8
| | | | 442136
* Implement client uninstallSimo Sorce2008-03-311-6/+28
| | | | (including RHEL4 contrib setup script)
* Prevent server and domain from being undefined or blank when we need themRob Crittenden2008-03-051-7/+11
| | | | | | | Improve LDAP error reporting Don't return the str() of discovery values because it can return "None" 436130
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-043-5/+4
|
* Fix issues reported by rpmlint.Rob Crittenden2008-01-183-3/+1
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Move dnsclient into ipa-python so that I will be able to use it in ipaconfigSimo Sorce2007-12-104-454/+8
|
* NTP configuration for client and server.Karl MacMillan2007-11-012-0/+90
| | | | | | | | Configure ipa servers as an ntp server and clients to (by default) us the ipa server as an ntp server. Also corrected the messages about which ports should be opened.
* Autotool ipa-client - patch from William Jon McCann <mccann@jhu.edu>Karl MacMillan2007-10-171-0/+16
|
* Better file parsing routines,Simo Sorce2007-09-061-124/+336
| | | | | also switch to recreate ldap.conf and krb5.conf from scratch on clients, avoid nasty failures in case the original files contained strange directives
* Complete autodiscovery with autoconfigurationSimo Sorce2007-08-302-25/+49
| | | | | | | The code is still not perfect and rely on a yet unreleased nss_ldap package that fix dns discovery problems within nss_ldap itself. Also the manipulation of krb5.conf need to be improved
* Initial configuration library importSimo Sorce2007-08-282-3/+229
|
* Add a prototype client tool to configure a client of the IPA serverSimo Sorce2007-08-163-0/+707
Right now it does only discovery (or fallback)
generated by cgit (git 2.34.1) at 2024-11-13 06:46:41 +0000