| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
protected connections to other LDAP servers
Fix error reporting on replica creation.
|
|
|
|
|
|
| |
information. This way we do not risk to leave around sensitive data.
Set the destination host in the replica file too and do checks against
in ipa-replica-install
|
| |
|
|
|
|
|
|
|
| |
These are created by an object-signing cert and needs to be done
after the fact if a server is created with user-supplied PKCS#12 files.
452402
|
| |
|
|
|
|
|
|
|
|
| |
Add the ability to provide PKCS#12 files during initial installation
Add the ability to provide PKCS#12 files when preparing a replica
Correct some issues with ipa-server-certinstall
452402
|
|
|
|
|
|
| |
The import for version moved from ipaserver to ipa, fix that as well.
449858
|
|
|
|
|
| |
add the domain to the ipa.conf file for apps that need to know
This should fix a bug in the replica setup
|
|
|
|
|
|
|
| |
This may have failed either because the user pressed ^C or something
failed during installation.
442454
|
|
|
|
| |
442454
|
| |
|
|
|
|
| |
435019
|
|
|
|
|
|
|
|
|
| |
It implies that you are setting a new password and you really aren't.
Also added a catch for KeyboardInterrupt with instructions on how to
recover from a partial install.
441607
|
|
|
|
|
|
|
| |
If we generate a new keytab for each replica then effectively password
changes can only occur on the last replica created.
439905
|
|
|
|
| |
439057
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is used when a new replica is created as well as whenever a replica
is re-initialized from another master.
In order for this to work when not creating an instance the __init__
function needs to be able to determine the suffix and the dm_password
is needed.
I've also added the time to the RDN of the member task to ensure
uniqueness.
438222
|
|
|
|
| |
438220
|
|
|
|
| |
434980
|
|
|
|
|
| |
Make sure we do sync the clock leaping to the current correct time.
This avoids problems with bad dates on certificates, etc..
|
| |
|
|
|
|
| |
432691
|
|
|
|
|
|
| |
Verify the DM password earlier in the process
433368
|
|
|
|
|
|
| |
Use that domain when creating replicas
Resolves 432066
|
| |
|
|
|
|
|
|
|
| |
No longer create a PKCS#12 file that contains the CA
No longer send the entire CA to each replica, generate the SSL certs on master
Fix number of bugs in ipa-replica-install and prepare
Produce status output during replica creation
|
|
|
|
| |
Resolves 429853
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Removing shebangs (#!) from a bunch of python libraries
- Don't use a variable name in init scripts for the lock file
- Keep the init script name consistent with the binary name, so renamed
ipa-kpasswd.init to ipa_kpasswd.init
- Add status option to the init scripts
- Move most python scripts out of /usr/share/ipa and into the python
site-packages directories (ipaserver and ipaclient)
- Remove unnecessary sys.path.append("/usr/share/ipa")
- Fix the license string in the spec files
- Rename ipa-webgui to ipa_webgui everywhere
- Fix a couple of issues reported by pychecker in ipa-python
|
|
|
|
|
| |
- Add replication management script that allows listing
adding, and deleting replicas.
|
|
|
|
|
|
| |
correctly issue certs from the same authority. Also remove
support for read-only replicas since that work will not
be finished and tested for 1.0.
|
|
This add replication setup through two new commands: ipa-replica-prepare
and ipa-replica-install. The procedure is to run ipa-replica-prepare
on an existing master. This will collect information about the realm
and the current master and create a file storing all of the information.
After copying that file to the new replica, ipa-replica-install is
run (with -r to create a read-only replica).
This version of the patch also includes fixes for the sasl mappings
on the replicas.
Remaining features:
- ssl for replication.
- automatic configuration of mesh topology for
master (or a simpler way to replicate multiple
masters.
- tool for view / configuring current replication.
|