summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipa-install/share
Commit message (Collapse)AuthorAgeFilesLines
* Just add eq,pres to the existing indicesRich Megginson2008-10-131-8/+4
| | | | | There are already indexes created for ntUniqueID and ntUserDomainID by default We just need to make sure they are indexed for equality and presence
* fix issues brought up by initial review of ipa winsync enhancementsRich Megginson2008-10-131-0/+13
|
* add --no-host-dns option to ipa-server-install - allows specifying a ↵Rich Megginson2008-10-131-8/+0
| | | | hostname that might actually exist but you do not want to even attempt to resolve it via DNS
* CVE 2008 3274 related fixesSimo Sorce2008-09-101-2/+2
|
* Admin must be able to add/delete tooSimo Sorce2008-07-091-1/+1
|
* Make sure we listen only on the krb5 port and therefore disable krb4 supportSimo Sorce2008-07-021-1/+1
|
* Must index uidnumber and gidnumber and any attribute that dna plugin is goingSimo Sorce2008-06-121-0/+19
| | | | to generate or that we need to search on.
* Change default.Simo Sorce2008-06-121-2/+4
| | | | | | | By default increment by one but set the maximum value to one million. when installing a replica change values to start from 1 million +1 and cap it to 2 million and so on for any other replica.
* Index the memberof attributeRob Crittenden2008-06-111-0/+8
| | | | 450951
* Move admin into cn=users,cn=accountsSimo Sorce2008-05-232-4/+4
| | | | | | | After some deep thinking I think the advantages of keeping all posix enabled user accounts under cn=users,cn=accounts overweight a perceived better protection of the admin account by keeping it in a separate tree.
* Make sure recent ldapmodify tool (as in F9) do not complain by splitting theSimo Sorce2008-04-251-0/+5
| | | | operation into 2 modify operations
* Add _ntp SRV recordSimo Sorce2008-04-071-0/+2
|
* Make the memberof task a public function.Rob Crittenden2008-03-271-1/+2
| | | | | | | | | | | | | | This is used when a new replica is created as well as whenever a replica is re-initialized from another master. In order for this to work when not creating an instance the __init__ function needs to be able to determine the suffix and the dm_password is needed. I've also added the time to the RDN of the member task to ensure uniqueness. 438222
* Remove ACI that was causing RDN changes to failRob Crittenden2008-03-101-1/+0
| | | | | | Fix for session code so RDN change can succeed 433523
* Make sure all entries are generated by us according to IPASimo Sorce2008-02-282-9/+1
| | | | | default tree. This patch make sure that the DS setup script does not add unwanted entries.
* Make sure KrbPrincipalName is unique server-wideRob Crittenden2008-02-211-0/+35
| | | | Fix the build. Somehow this file didn't get committed.
* Make sure KrbPrincipalName is unique server-wideSimo Sorce2008-02-211-0/+1
|
* Let users write their own password, should fix 433707Simo Sorce2008-02-211-0/+1
|
* Start ntpd first unless we do not want it.Simo Sorce2008-02-202-0/+9
| | | | | Make sure we do sync the clock leaping to the current correct time. This avoids problems with bad dates on certificates, etc..
* Fix misspelling of the word indices.Rob Crittenden2008-01-252-1/+1
|
* Big changeset that includes the work around keytab management.Simo Sorce2007-12-215-4/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following the changelog history from my dev tree, some comments are useful imo ------------------------------------------------------ user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 03:05:36 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Remove remnants of the initial test tool changeset: 563:4fe574b7bdf1 user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 02:58:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Maybe actually encrypting the keys will help :-) changeset: 562:488ded41242a user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:50 2007 -0500 files: ipa-server/ipa-install/share/Makefile.am ipa-server/ipa-install/share/default-aci.ldif description: Fixes changeset: 561:4518f6f5ecaf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:32 2007 -0500 files: ipa-admintools/Makefile ipa-admintools/ipa-addservice description: transform the old ipa-getkeytab in a tool to add services as the new ipa-getkeytab won't do it (and IMO it makes more sense to keep the two functions separate anyway). changeset: 559:25a7f8ee973d user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:59 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Bugfixes changeset: 558:28fcabe4aeba user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:29 2007 -0500 files: ipa-client/configure.ac ipa-client/ipa-client.spec ipa-client/ipa-client.spec.in ipa-client/ipa-getkeytab.c description: Configure fixes Add ipa-getkeytab to spec Client fixes changeset: 557:e92a4ffdcda4 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:57:10 2007 -0500 files: ipa-client/Makefile.am ipa-client/configure.ac description: Try to make ipa-getkeytab build via autotools changeset: 556:224894175d6b user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:35:56 2007 -0500 files: ipa-admintools/ipa-getkeytab ipa-client/ipa-getkeytab.c description: Messed a bit with hg commands. To make it short: - Remove the python ipa-getkeytab program - Rename the keytab plugin test program to ipa-getkeytab - Put the program in ipa-client as it should be distributed with the client tools changeset: 555:5e1a068f2e90 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:20:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Polish the client program changeset: 554:0a5b19a167cf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 18:53:49 2007 -0500 files: ipa-server/ipa-install/share/default-aci.ldif ipa-server/ipa-install/share/default-keytypes.ldif ipa-server/ipa-install/share/kdc.conf.template ipa-server/ipa-install/share/kerberos.ldif ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c ipa-server/ipaserver/krbinstance.py description: Support retrieving enctypes from LDAP Filter enctypes Update test program changeset: 553:f75d7886cb91 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 00:17:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Fix ber generation and remove redundant keys changeset: 552:0769cafe6dcd user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 19:31:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Avoid stupid segfault changeset: 551:1acd5fdb5788 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:39:12 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: If ber_peek_tag() returns LBER_ERROR it may just be that we are at the end of the buffer. Unfortunately ber_scanf is broken in the sense that it doesn't actually really consider sequence endings (due probably to the fact they are just representation and do not reflect in the underlieing DER encoding.) changeset: 550:e974fb2726a4 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:35:07 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: First shot at the new method
* Fix ldif to work with ldapmodify in openldap-2.4.xMark McLoughlin2007-12-132-0/+6
| | | | | | | | | | | | It seems that in openldap-2.4.x ldapmodify has gotten somewhat more picky about the ldif it accepts. See here for more details: https://bugzilla.redhat.com/422251 Not sure whether ldapmodify will be fixed, but for now just fix the ldif. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Merge.Karl MacMillan2007-12-121-1/+1
|\
| * Merge in Rob aci patch (resolve conflict)Simo Sorce2007-12-121-1/+1
| |
* | Move radius server components into a separate package.Karl MacMillan2007-12-122-286/+0
|/
* Separate out ACIs that affect radiusSimo Sorce2007-12-121-1/+2
|
* - Better access control, make sure not even admins can read out passwordsSimo Sorce2007-12-112-9/+16
| | | | | - Insure admins can't locked out by mistake by inclusion in disabled groups - Fix also minor error in krbinstance.py
* Add automatic browser configuration for kerberos SSO using javascript.Rob Crittenden2007-12-122-0/+34
| | | | | | This uses the UniversalPreferencesWrite function to set the browser preferences to allow negotiation and ticket forwarding in the IPA domain. A self-signed certificate is generated to sign the javascript.
* Merge.Karl MacMillan2007-12-111-0/+1
|\
| * Fix delegation in the UI and add a missing aci that allows writes.Rob Crittenden2007-12-071-0/+1
| | | | | | | | Make ipa-deldelegation more user-friendly.
* | Merge.Karl MacMillan2007-12-112-2/+20
|\|
| * Add default e-mail domain to the IPA configurationRob Crittenden2007-12-102-1/+3
| |
| * Utilize user and group objectclass lists in cn=ipaconfigRob Crittenden2007-12-062-2/+14
| | | | | | | | Change the syntax on user and group objectclasses in cn=ipaconfig
| * Phase 1 of allowing admins to set the default object classes for users & groupsRob Crittenden2007-12-041-2/+6
| | | | | | | | | | | | | | This adds the UI and does error checking of the selected object classes but it doesn't actually use the values yet. It also generalizes some functions for doing multi-valued fields.
* | mergeJohn Dennis2007-12-042-11/+26
|\|
| * Increase default max password lifetime from 10 to 90 daysRob Crittenden2007-12-031-1/+1
| |
| * Improved ACIsSimo Sorce2007-11-301-9/+12
| |
| * minor typosSimo Sorce2007-11-301-0/+6
| |
| * Add utility to lock user accounts. Remove lock capability from ipa-deluserRob Crittenden2007-11-261-0/+6
| | | | | | | | | | Fix bootstrap.ldif to add new Class of Service entries properly Include some man pages that weren't being installed
* | change location of radius data in ldap fromJohn Dennis2007-11-301-10/+4
| | | | | | | | | | | | cn=radius,cn=services,cn=etc to cn=radius
* | fix merge errorJohn Dennis2007-11-291-2/+0
| |
* | merged radius work with latest mainline tipJohn Dennis2007-11-287-27/+148
|\|
| * Remove unnecessary attribute left over from testingRob Crittenden2007-11-261-1/+0
| |
| * Add xml-rpc interface for getting keytabs.Karl MacMillan2007-11-212-4/+10
| | | | | | | | Warning: this lacks any sort of authorization.
| * Initial replication setup.Karl MacMillan2007-11-211-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This add replication setup through two new commands: ipa-replica-prepare and ipa-replica-install. The procedure is to run ipa-replica-prepare on an existing master. This will collect information about the realm and the current master and create a file storing all of the information. After copying that file to the new replica, ipa-replica-install is run (with -r to create a read-only replica). This version of the patch also includes fixes for the sasl mappings on the replicas. Remaining features: - ssl for replication. - automatic configuration of mesh topology for master (or a simpler way to replicate multiple masters. - tool for view / configuring current replication.
| * more s/unique// wrt groups members/objectclassesSimo Sorce2007-11-212-3/+3
| |
| * Use groupOfNames and member, not groupOfUniqueNames and uniqueMemberSimo Sorce2007-11-201-4/+4
| |
| * Enable group inactivation by using the Class of Service plugin.Rob Crittenden2007-11-201-0/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds 2 new groups: activated and inactivated. If you, or a group you are a member of, is in inactivated then you are too. If you, or a group you are a member of, is in the activated group, then you are too. In a fight between activated and inactivated, activated wins. The DNs for doing this matching is case and white space sensitive. The goal is to never have to actually set nsAccountLock in a user directly but move them between these groups. We need to decide where in the CLI this will happen. Right it is split between ipa-deluser and ipa-usermod. To inactivate groups for now just add the group to inactivate or active.
| * fix ldif typoSimo Sorce2007-11-191-1/+0
| |
| * Minor fixes.Karl MacMillan2007-11-192-2/+1
| |
generated by cgit (git 2.34.1) at 2024-06-11 13:34:51 +0000