Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add detection to the update tool to detect when it would apply changes. | Rob Crittenden | 2008-09-19 | 1 | -1/+1 |
| | | | | Remove SUP name from RFC2307bis.update to match FDS | ||||
* | Add standard override options to ipa-replica-prepare | Martin Nagy | 2008-09-17 | 1 | -5/+3 |
| | | | | Fixes: 462489 | ||||
* | Run the LDAP updater at the end of the installation process. | Rob Crittenden | 2008-09-17 | 1 | -0/+5 |
| | | | | | | | | Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line. | ||||
* | Update files for the schema compatibility plugin and RFC4876 profiles | Rob Crittenden | 2008-09-12 | 6 | -0/+312 |
| | | | | | | | | | | | | | | | Also handle syntax errors a bit more gracefully and allow the updater to work on more than one file at a time. Adjust to new config.py and use a custom exception class for syntax errors. Also fix a error in parsing the separate files Include slapi-nis in Requires Includes work provided by Martin Nagy 460055 | ||||
* | The True/False logic was reversed, so "no" meant remove the existing instance | Rob Crittenden | 2008-09-12 | 1 | -1/+1 |
| | |||||
* | Rework config.py and change cli tools. Maintain order of IPA servers from ↵ | Martin Nagy | 2008-09-11 | 1 | -5/+5 |
| | | | | command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234 | ||||
* | CVE 2008 3274 related fixes | Simo Sorce | 2008-09-10 | 1 | -2/+2 |
| | |||||
* | When installing with an IPA-created CA generate the Firefox ↵ | Rob Crittenden | 2008-08-14 | 1 | -2/+2 |
| | | | | | | autoconfiguration files. 458871 | ||||
* | Install the ca.crt file early on so that we can always enforce SSL | Simo Sorce | 2008-08-13 | 1 | -7/+18 |
| | | | | | protected connections to other LDAP servers Fix error reporting on replica creation. | ||||
* | Used the encrypt_file and decrypt_file utility functions to encrypt replica | Simo Sorce | 2008-08-11 | 2 | -22/+60 |
| | | | | | | information. This way we do not risk to leave around sensitive data. Set the destination host in the replica file too and do checks against in ipa-replica-install | ||||
* | Fix few syntax errors. | Martin Nagy | 2008-08-06 | 1 | -2/+2 |
| | |||||
* | Fix python syntax error: missing colon. | Rob Crittenden | 2008-08-06 | 1 | -1/+1 |
| | |||||
* | Don't assume that the Firefox autoconfig files exist. | Rob Crittenden | 2008-07-28 | 2 | -11/+14 |
| | | | | | | | These are created by an object-signing cert and needs to be done after the fact if a server is created with user-supplied PKCS#12 files. 452402 | ||||
* | Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHS | Rob Crittenden | 2008-07-25 | 1 | -1/+1 |
| | | | | 455064 | ||||
* | Wrap up the raw_input() to user_input() for convenience and uniformity. | Martin Nagy | 2008-07-23 | 3 | -62/+31 |
| | |||||
* | Rework the way SSL certificates are imported from PKCS#12 files. | Rob Crittenden | 2008-07-14 | 4 | -59/+164 |
| | | | | | | | | Add the ability to provide PKCS#12 files during initial installation Add the ability to provide PKCS#12 files when preparing a replica Correct some issues with ipa-server-certinstall 452402 | ||||
* | Admin must be able to add/delete too | Simo Sorce | 2008-07-09 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' of ssh://rcritten@git.fedorahosted.org/git/freeipa | Rob Crittenden | 2008-07-03 | 1 | -1/+1 |
|\ | |||||
| * | Make sure we listen only on the krb5 port and therefore disable krb4 support | Simo Sorce | 2008-07-02 | 1 | -1/+1 |
| | | |||||
* | | NSS_DIR is already fetched into a variable, use that instead. | Rob Crittenden | 2008-07-03 | 1 | -6/+6 |
|/ | | | | 451098 | ||||
* | Properly convert the realm to a DS instance name | Rob Crittenden | 2008-07-01 | 1 | -1/+1 |
| | | | | 451014 | ||||
* | Ensure correct permissions and file ownership of Apache NSS database | Rob Crittenden | 2008-07-01 | 1 | -0/+12 |
| | | | | 451098 | ||||
* | Must index uidnumber and gidnumber and any attribute that dna plugin is going | Simo Sorce | 2008-06-12 | 1 | -0/+19 |
| | | | | to generate or that we need to search on. | ||||
* | Change default. | Simo Sorce | 2008-06-12 | 1 | -2/+4 |
| | | | | | | | By default increment by one but set the maximum value to one million. when installing a replica change values to start from 1 million +1 and cap it to 2 million and so on for any other replica. | ||||
* | Index the memberof attribute | Rob Crittenden | 2008-06-11 | 1 | -0/+8 |
| | | | | 450951 | ||||
* | Ensure that the realm name is upper-case. | Rob Crittenden | 2008-06-09 | 1 | -3/+4 |
| | | | | 449182 | ||||
* | Make it clear which packages are being configured and which aren't. | Rob Crittenden | 2008-06-09 | 1 | -3/+15 |
| | | | | 450175 | ||||
* | Fix typo | Rob Crittenden | 2008-06-05 | 1 | -1/+1 |
| | | | | 450077 | ||||
* | Fix import for version | Rob Crittenden | 2008-06-04 | 2 | -2/+2 |
| | |||||
* | Add -p/--password option so the DM password can be passed on the command-line. | Rob Crittenden | 2008-06-04 | 1 | -5/+10 |
| | | | | | | The import for version moved from ipaserver to ipa, fix that as well. 449858 | ||||
* | Move version.py to the common ipa directory instead of being server-based so ↵ | Rob Crittenden | 2008-06-03 | 1 | -1/+1 |
| | | | | | | it can be used by the client tool. Fix the client tool imports to fail more gracefully. | ||||
* | Don't prompt regarding previous DS installations in unattended mode. | Rob Crittenden | 2008-05-30 | 1 | -2/+4 |
| | | | | 449150 | ||||
* | Make check_inst() a standalone function in bindinstance. | Rob Crittenden | 2008-05-30 | 1 | -2/+2 |
| | | | | | | | | | | | | | When an install instance is created that contains a pointer to a sysrestore point it loads in the current configuration when instantiated. If an instance is instantiated but not used then changes may occur to the system state that it is unaware of. So one needs to take care in the order that things are done to avoid losing information. When bind was setup it was overwriting all data in sysrestore.state and leaving just a [named] section. This caused problems at uninstall. 448173 | ||||
* | Fix the case where domain != lower(REALM) | Simo Sorce | 2008-05-29 | 3 | -9/+12 |
| | | | | | add the domain to the ipa.conf file for apps that need to know This should fix a bug in the replica setup | ||||
* | Move admin into cn=users,cn=accounts | Simo Sorce | 2008-05-23 | 2 | -4/+4 |
| | | | | | | | After some deep thinking I think the advantages of keeping all posix enabled user accounts under cn=users,cn=accounts overweight a perceived better protection of the admin account by keeping it in a separate tree. | ||||
* | Fix up function return values so we can return 1 on an installation error. | Rob Crittenden | 2008-05-22 | 1 | -14/+13 |
| | | | | 447973 | ||||
* | Only ask the user to install bind. | Martin Nagy | 2008-05-22 | 1 | -1/+1 |
| | |||||
* | Ensure hostnames are lower during installation and when adding service princs | Rob Crittenden | 2008-05-20 | 1 | -0/+4 |
| | | | | 447381 | ||||
* | Use split instead of find as split does not fail to provide a complete | Simo Sorce | 2008-05-15 | 1 | -1/+1 |
| | | | | component if no '.' is found. | ||||
* | Don't ask the user again if he wants to replace bind configuration files if ↵ | Martin Nagy | 2008-05-14 | 1 | -10/+1 |
| | | | | | | he specified --setup-bind. 430090 | ||||
* | Display information on how to uninstall a partially installed server. | Rob Crittenden | 2008-05-09 | 1 | -4/+10 |
| | | | | | | | This may have failed either because the user pressed ^C or something failed during installation. 442454 | ||||
* | Detect existing DS instances and prompt for removal during replica install. | Rob Crittenden | 2008-05-08 | 1 | -0/+32 |
| | | | | 442454 | ||||
* | Add missing colon to function definition that broke the build | Rob Crittenden | 2008-05-08 | 1 | -1/+1 |
| | |||||
* | Add a version API to the server so it knows what version it is. | Rob Crittenden | 2008-05-08 | 4 | -14/+15 |
| | | | | 435019 | ||||
* | Don't prompt for confirmation of DM password when installing a replica. | Rob Crittenden | 2008-05-08 | 1 | -2/+7 |
| | | | | | | | | | It implies that you are setting a new password and you really aren't. Also added a catch for KeyboardInterrupt with instructions on how to recover from a partial install. 441607 | ||||
* | Make sure recent ldapmodify tool (as in F9) do not complain by splitting the | Simo Sorce | 2008-04-25 | 1 | -0/+5 |
| | | | | operation into 2 modify operations | ||||
* | Don't allow a replica to prepare a replica for itself. | Rob Crittenden | 2008-04-23 | 1 | -0/+3 |
| | | | | 442756 | ||||
* | Use the same kpasswd.keytab on all replicas. | Rob Crittenden | 2008-04-09 | 2 | -1/+5 |
| | | | | | | | If we generate a new keytab for each replica then effectively password changes can only occur on the last replica created. 439905 | ||||
* | Add _ntp SRV record | Simo Sorce | 2008-04-07 | 1 | -0/+2 |
| | |||||
* | Create /etc/ipa/ipa.conf earlier in the installation process. | Rob Crittenden | 2008-04-03 | 1 | -8/+8 |
| | | | | | | | Because the ipa.config() object raises an error if there is no configuration file and auto-detection fails, ipa_webgui may fail to start at install time. 440475 |