| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
434542
|
|
|
|
| |
432814
|
| |
|
|
|
|
| |
433496
|
| |
|
|
|
|
| |
Resolves 429895
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you run ipa_generate_password() multiple times, one
after the other, then you get the same password each time.
This is because it uses the current time to seed the
pseudo random number generator.
The easiest solution is to just use the default method
which seeds itself from /dev/urandom if available,
and uses a fractional time value otherwise.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
|
|
|
| |
(python-pyasn1) for the specfile Requires.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Removing shebangs (#!) from a bunch of python libraries
- Don't use a variable name in init scripts for the lock file
- Keep the init script name consistent with the binary name, so renamed
ipa-kpasswd.init to ipa_kpasswd.init
- Add status option to the init scripts
- Move most python scripts out of /usr/share/ipa and into the python
site-packages directories (ipaserver and ipaclient)
- Remove unnecessary sys.path.append("/usr/share/ipa")
- Fix the license string in the spec files
- Rename ipa-webgui to ipa_webgui everywhere
- Fix a couple of issues reported by pychecker in ipa-python
|
|
|
|
|
|
| |
Add a simple helper to check whether a service is enabled.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
| |
easier to use.
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Latest Fedora 9 python distutils generates .egg-info files;
follow the recommendation at:
http://fedoraproject.org/wiki/Packaging/Python/Eggs
and just package everything under %{python_sitelib}/
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| | |
|
| |
| |
| |
| | |
fix some problems reported by pychecker.
|
|/ |
|
| |
|
|
|
|
| |
multiple entries are returned.
|
|
|
|
|
| |
python module. This is in preparation for user
supplied certs.
|
|\ |
|
| | |
|
| | |
|
|\| |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| |/
| |
| |
| |
| |
| |
| | |
This adds the UI and does error checking of the selected object classes but
it doesn't actually use the values yet.
It also generalizes some functions for doing multi-valued fields.
|
|\| |
|
| | |
|
| |
| |
| |
| | |
Don't allow the default group for users to be removed.
|
| | |
|
| |
| |
| |
| |
| |
| | |
cn=radius,cn=services,cn=etc
to
cn=radius
|
| |
| |
| |
| |
| |
| |
| |
| | |
profile command line tools to select between shared
and per user profiles
modify AttributeValueCompleter so default values prefer
previously entered values in editing session
|
|\| |
|
| |
| |
| |
| | |
Warning: this lacks any sort of authorization.
|
| | |
|
| |
| |
| |
| |
| |
| | |
specific version check on freeradius. Packages aren't
available and the freeradius support isn't ready
anyway.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This add replication setup through two new commands: ipa-replica-prepare
and ipa-replica-install. The procedure is to run ipa-replica-prepare
on an existing master. This will collect information about the realm
and the current master and create a file storing all of the information.
After copying that file to the new replica, ipa-replica-install is
run (with -r to create a read-only replica).
This version of the patch also includes fixes for the sasl mappings
on the replicas.
Remaining features:
- ssl for replication.
- automatic configuration of mesh topology for
master (or a simpler way to replicate multiple
masters.
- tool for view / configuring current replication.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds 2 new groups: activated and inactivated.
If you, or a group you are a member of, is in inactivated then you are too.
If you, or a group you are a member of, is in the activated group, then you
are too.
In a fight between activated and inactivated, activated wins.
The DNs for doing this matching is case and white space sensitive.
The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.
We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This includes a default password policy
Custom fields are now read from LDAP. The format is a list of
dicts with keys: label, field, required.
The LDAP-based configuration now specifies:
ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title
ipaGroupSearchFields: cn,description
ipaSearchTimeLimit: 2
ipaSearchRecordsLimit: 0
ipaCustomFields:
ipaHomesRootDir: /home
ipaDefaultLoginShell: /bin/sh
ipaDefaultPrimaryGroup: ipausers
ipaMaxUsernameLength: 8
ipaPwdExpAdvNotify: 4
This could use some optimization.
|
| | |
|
| |
| |
| |
| |
| |
| | |
Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"
|