Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix stupid typo in update filerelease-1-2-1 | Simo Sorce | 2008-12-03 | 1 | -1/+1 |
| | |||||
* | Adding an index for memberuid. Alsthough we do not use this attribute, many ↵ | Simo Sorce | 2008-12-02 | 2 | -0/+12 |
| | | | | clients still ask for it so let's index it and make stuff faster. | ||||
* | Fix makefiles after schema compat changes | Simo Sorce | 2008-12-02 | 2 | -1/+1 |
| | |||||
* | Corrected usage messages and manpage to match the logic for the ↵ | Nathan Kinder | 2008-12-01 | 1 | -1/+1 |
| | | | | ipa-replica-manage init command. | ||||
* | Run updates on the replica too, otherwise changes to cn=config will be missing. | Simo Sorce | 2008-12-01 | 1 | -0/+4 |
| | |||||
* | Make sure the CA cert is copied to the replica, fail if no ca.crt is ↵ | Simo Sorce | 2008-12-01 | 1 | -1/+1 |
| | | | | available. Cope with some versions of ipa that forgot to copy the ca.crt cert in the right place. | ||||
* | Add tool to enable or disable the schema compatibility plugin | Simo Sorce | 2008-12-01 | 1 | -0/+0 |
| | |||||
* | do not use ipaerror directly in ipa-replica-manage - use ldap exception instead | Rich Megginson | 2008-11-25 | 1 | -1/+1 |
| | |||||
* | Present a less-cryptic error if the replication agreement doesn't exist | Rob Crittenden | 2008-11-12 | 1 | -1/+4 |
| | |||||
* | Create a user for Windows PassSync and grant password changing permissions | Rob Crittenden | 2008-11-12 | 1 | -2/+6 |
| | | | | | | | | | This does 3 things: 1. Create a user for the Windows PassSync service 2. Add this use to the list of users that can skip password policies 3. Add an aci that grants permission to write the password attributes 471130 | ||||
* | Fix deleting a winsync replication agreement. | Rob Crittenden | 2008-11-12 | 1 | -5/+8 |
| | |||||
* | Install replication update file | Rob Crittenden | 2008-10-31 | 1 | -1/+2 |
| | |||||
* | Ensure that every replica gets a unique replication ID. Otherwise changes ↵ | Rob Crittenden | 2008-10-29 | 2 | -1/+11 |
| | | | | | | won't propogate between all replicas. 468732 | ||||
* | add update to fix the index for the winsync attributes | Rich Megginson | 2008-10-13 | 2 | -0/+11 |
| | |||||
* | add --win-subtree argument to ipa-replica-manage | Rich Megginson | 2008-10-13 | 1 | -0/+4 |
| | |||||
* | Just add eq,pres to the existing indices | Rich Megginson | 2008-10-13 | 1 | -8/+4 |
| | | | | | There are already indexes created for ntUniqueID and ntUserDomainID by default We just need to make sure they are indexed for equality and presence | ||||
* | Add more winsync support to cli | Rich Megginson | 2008-10-13 | 1 | -2/+14 |
| | | | | | | | | | The ipa-replica-manage list, init, and synch commands do not work for winsync agreements. This patch adds that support and some additional verbose logging. The synch_master did not work correctly. The way it should work is to set the replication schedule to some bogus value, then reset it back to its original setting. This will force replication to take place immediately. | ||||
* | fix issues brought up by initial review of ipa winsync enhancements | Rich Megginson | 2008-10-13 | 2 | -7/+26 |
| | |||||
* | add --no-host-dns option to ipa-server-install - allows specifying a ↵ | Rich Megginson | 2008-10-13 | 2 | -12/+7 |
| | | | | hostname that might actually exist but you do not want to even attempt to resolve it via DNS | ||||
* | Added support to IPA server install to install the winsync plugin ↵ | Rich Megginson | 2008-10-13 | 1 | -4/+32 |
| | | | | configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert. | ||||
* | Add detection to the update tool to detect when it would apply changes. | Rob Crittenden | 2008-09-19 | 1 | -1/+1 |
| | | | | Remove SUP name from RFC2307bis.update to match FDS | ||||
* | Add standard override options to ipa-replica-prepare | Martin Nagy | 2008-09-17 | 1 | -5/+3 |
| | | | | Fixes: 462489 | ||||
* | Run the LDAP updater at the end of the installation process. | Rob Crittenden | 2008-09-17 | 1 | -0/+5 |
| | | | | | | | | Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line. | ||||
* | Update files for the schema compatibility plugin and RFC4876 profiles | Rob Crittenden | 2008-09-12 | 6 | -0/+312 |
| | | | | | | | | | | | | | | | Also handle syntax errors a bit more gracefully and allow the updater to work on more than one file at a time. Adjust to new config.py and use a custom exception class for syntax errors. Also fix a error in parsing the separate files Include slapi-nis in Requires Includes work provided by Martin Nagy 460055 | ||||
* | The True/False logic was reversed, so "no" meant remove the existing instance | Rob Crittenden | 2008-09-12 | 1 | -1/+1 |
| | |||||
* | Rework config.py and change cli tools. Maintain order of IPA servers from ↵ | Martin Nagy | 2008-09-11 | 1 | -5/+5 |
| | | | | command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234 | ||||
* | CVE 2008 3274 related fixes | Simo Sorce | 2008-09-10 | 1 | -2/+2 |
| | |||||
* | When installing with an IPA-created CA generate the Firefox ↵ | Rob Crittenden | 2008-08-14 | 1 | -2/+2 |
| | | | | | | autoconfiguration files. 458871 | ||||
* | Install the ca.crt file early on so that we can always enforce SSL | Simo Sorce | 2008-08-13 | 1 | -7/+18 |
| | | | | | protected connections to other LDAP servers Fix error reporting on replica creation. | ||||
* | Used the encrypt_file and decrypt_file utility functions to encrypt replica | Simo Sorce | 2008-08-11 | 2 | -22/+60 |
| | | | | | | information. This way we do not risk to leave around sensitive data. Set the destination host in the replica file too and do checks against in ipa-replica-install | ||||
* | Fix few syntax errors. | Martin Nagy | 2008-08-06 | 1 | -2/+2 |
| | |||||
* | Fix python syntax error: missing colon. | Rob Crittenden | 2008-08-06 | 1 | -1/+1 |
| | |||||
* | Don't assume that the Firefox autoconfig files exist. | Rob Crittenden | 2008-07-28 | 2 | -11/+14 |
| | | | | | | | These are created by an object-signing cert and needs to be done after the fact if a server is created with user-supplied PKCS#12 files. 452402 | ||||
* | Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHS | Rob Crittenden | 2008-07-25 | 1 | -1/+1 |
| | | | | 455064 | ||||
* | Wrap up the raw_input() to user_input() for convenience and uniformity. | Martin Nagy | 2008-07-23 | 3 | -62/+31 |
| | |||||
* | Rework the way SSL certificates are imported from PKCS#12 files. | Rob Crittenden | 2008-07-14 | 4 | -59/+164 |
| | | | | | | | | Add the ability to provide PKCS#12 files during initial installation Add the ability to provide PKCS#12 files when preparing a replica Correct some issues with ipa-server-certinstall 452402 | ||||
* | Admin must be able to add/delete too | Simo Sorce | 2008-07-09 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' of ssh://rcritten@git.fedorahosted.org/git/freeipa | Rob Crittenden | 2008-07-03 | 1 | -1/+1 |
|\ | |||||
| * | Make sure we listen only on the krb5 port and therefore disable krb4 support | Simo Sorce | 2008-07-02 | 1 | -1/+1 |
| | | |||||
* | | NSS_DIR is already fetched into a variable, use that instead. | Rob Crittenden | 2008-07-03 | 1 | -6/+6 |
|/ | | | | 451098 | ||||
* | Properly convert the realm to a DS instance name | Rob Crittenden | 2008-07-01 | 1 | -1/+1 |
| | | | | 451014 | ||||
* | Ensure correct permissions and file ownership of Apache NSS database | Rob Crittenden | 2008-07-01 | 1 | -0/+12 |
| | | | | 451098 | ||||
* | Must index uidnumber and gidnumber and any attribute that dna plugin is going | Simo Sorce | 2008-06-12 | 1 | -0/+19 |
| | | | | to generate or that we need to search on. | ||||
* | Change default. | Simo Sorce | 2008-06-12 | 1 | -2/+4 |
| | | | | | | | By default increment by one but set the maximum value to one million. when installing a replica change values to start from 1 million +1 and cap it to 2 million and so on for any other replica. | ||||
* | Index the memberof attribute | Rob Crittenden | 2008-06-11 | 1 | -0/+8 |
| | | | | 450951 | ||||
* | Ensure that the realm name is upper-case. | Rob Crittenden | 2008-06-09 | 1 | -3/+4 |
| | | | | 449182 | ||||
* | Make it clear which packages are being configured and which aren't. | Rob Crittenden | 2008-06-09 | 1 | -3/+15 |
| | | | | 450175 | ||||
* | Fix typo | Rob Crittenden | 2008-06-05 | 1 | -1/+1 |
| | | | | 450077 | ||||
* | Fix import for version | Rob Crittenden | 2008-06-04 | 2 | -2/+2 |
| | |||||
* | Add -p/--password option so the DM password can be passed on the command-line. | Rob Crittenden | 2008-06-04 | 1 | -5/+10 |
| | | | | | | The import for version moved from ipaserver to ipa, fix that as well. 449858 |