summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipaserver
Commit message (Collapse)AuthorAgeFilesLines
* wait for sync agreement to be ready before startingRich Megginson2008-11-131-0/+45
| | | | Added checking for error status - Added maxtries so that the script won't wait forever if there is something wrong
* Create a user for Windows PassSync and grant password changing permissionsRob Crittenden2008-11-121-0/+38
| | | | | | | | | This does 3 things: 1. Create a user for the Windows PassSync service 2. Add this use to the list of users that can skip password policies 3. Add an aci that grants permission to write the password attributes 471130
* Fix deleting a winsync replication agreement.Rob Crittenden2008-11-121-6/+24
|
* Use the local connection when getting a replication ID for winsync.Rob Crittenden2008-11-051-1/+5
| | | | | | | | We can't connect to the windows AD server to get a unique repliation ID. So first see if this master already has one and if not, get an id from the local DS. 469977
* use ipautil.CalledProcessError instead of CalledProcessErrorRich Megginson2008-11-041-3/+3
|
* Ensure that every replica gets a unique replication ID. Otherwise changes ↵Rob Crittenden2008-10-291-2/+46
| | | | | | won't propogate between all replicas. 468732
* Fix error if more than one values is being set in an only. The first entry ↵Rob Crittenden2008-10-151-1/+1
| | | | | | wasn't being properly converted into a list so subsequent values caused it to crap out. 467102
* Don't try to conditionally stop the server - it doesn't seem to workRich Megginson2008-10-131-4/+1
| | | | Just call stop() - if it's not already running, no big deal
* Add more winsync support to cliRich Megginson2008-10-131-1/+8
| | | | | | | | | The ipa-replica-manage list, init, and synch commands do not work for winsync agreements. This patch adds that support and some additional verbose logging. The synch_master did not work correctly. The way it should work is to set the replication schedule to some bogus value, then reset it back to its original setting. This will force replication to take place immediately.
* add --no-host-dns option to ipa-server-install - allows specifying a ↵Rich Megginson2008-10-131-1/+5
| | | | hostname that might actually exist but you do not want to even attempt to resolve it via DNS
* Added support to IPA server install to install the winsync plugin ↵Rich Megginson2008-10-133-19/+126
| | | | configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert.
* Fix class declaration to work with Python 2.4Rob Crittenden2008-09-191-1/+1
|
* Fix architecture detection in ldapupdateMartin Nagy2008-09-191-5/+4
|
* Add detection to the update tool to detect when it would apply changes.Rob Crittenden2008-09-191-3/+43
| | | | Remove SUP name from RFC2307bis.update to match FDS
* Fix syntax errorSimo Sorce2008-09-181-4/+4
|
* Move the bulk of ipa-ldap-updater into a python library.Rob Crittenden2008-09-173-18/+559
| | | | | This significantly simplifies the tool and makes it possible to apply updates from the installer without forking off another process.
* Run the LDAP updater at the end of the installation process.Rob Crittenden2008-09-171-0/+20
| | | | | | | | Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line.
* Allow passwords to work without a tty ala: echo password | some_programRob Crittenden2008-09-171-2/+8
|
* CVE 2008 3274 related fixesSimo Sorce2008-09-101-1/+7
|
* Minor bugs found while testing stuff.Simo Sorce2008-08-212-1/+2
| | | | | | - wrong import in certs.py makes ipa-replica-manage fail - close the fs after the stash file is written so that the file is updated immediately and not when the fd is garbage collected
* Create temporary files used in self-signed cert requests in a temporary ↵Rob Crittenden2008-08-151-2/+8
| | | | | | directory and ensure that it gets cleaned up when we're done with it. 458159
* Remove unused stuff.Simo Sorce2008-08-131-2/+1
|
* Install the ca.crt file early on so that we can always enforce SSLSimo Sorce2008-08-132-15/+9
| | | | | protected connections to other LDAP servers Fix error reporting on replica creation.
* NSS 3.12 added a header to the certutil output we need to skipRob Crittenden2008-07-281-0/+3
| | | | 456694
* Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHSRob Crittenden2008-07-251-6/+8
| | | | 455064
* Rework the way SSL certificates are imported from PKCS#12 files.Rob Crittenden2008-07-144-15/+78
| | | | | | | | Add the ability to provide PKCS#12 files during initial installation Add the ability to provide PKCS#12 files when preparing a replica Correct some issues with ipa-server-certinstall 452402
* When an LDAP connection fails, display the host one is trying to connect to.Rob Crittenden2008-06-091-2/+4
| | | | 450111
* Move version.py to the common ipa directory instead of being server-based so ↵Rob Crittenden2008-06-032-26/+0
| | | | | | it can be used by the client tool. Fix the client tool imports to fail more gracefully.
* Make check_inst() a standalone function in bindinstance.Rob Crittenden2008-05-301-8/+8
| | | | | | | | | | | | | When an install instance is created that contains a pointer to a sysrestore point it loads in the current configuration when instantiated. If an instance is instantiated but not used then changes may occur to the system state that it is unaware of. So one needs to take care in the order that things are done to avoid losing information. When bind was setup it was overwriting all data in sysrestore.state and leaving just a [named] section. This caused problems at uninstall. 448173
* Move admin into cn=users,cn=accountsSimo Sorce2008-05-231-1/+1
| | | | | | | After some deep thinking I think the advantages of keeping all posix enabled user accounts under cn=users,cn=accounts overweight a perceived better protection of the admin account by keeping it in a separate tree.
* Change file mode of log files to 600.Martin Nagy2008-05-201-0/+2
| | | | 446869
* Don't pass the Directory Manager password on the command-line to ldapmodify.Rob Crittenden2008-05-192-8/+23
| | | | 446865
* Use split instead of find as split does not fail to provide a completeSimo Sorce2008-05-152-2/+2
| | | | component if no '.' is found.
* Fix typo, /etc/resolve.conf -> /etc/resolv.conf.Martin Nagy2008-05-141-10/+10
| | | | 444660
* Make sure all services are stopped during uninstall.Rob Crittenden2008-05-141-1/+3
| | | | | | | | | We were just shutting down the KDC if it had been started prior to IPA installation. We need to stop it in all cases. And we should restart nscd as it may have made an LDAP connection. 440322
* Do a more thorough job of removing an existing DS instance.Rob Crittenden2008-05-131-0/+4
| | | | | | Add /usr/lib/dirsrv/slapd-INSTANCE to the list of directories removed. 442753
* Include information on where to look if a hostname resolves to localhost.Rob Crittenden2008-05-091-1/+1
| | | | 442812
* Return better ewrror message that gives a hint about who actually returned itSimo Sorce2008-05-081-9/+6
| | | | + Some cleanups (trainling spaces and such).
* Add a version API to the server so it knows what version it is.Rob Crittenden2008-05-082-0/+26
| | | | 435019
* Don't prompt for confirmation of DM password when installing a replica.Rob Crittenden2008-05-081-2/+5
| | | | | | | | | It implies that you are setting a new password and you really aren't. Also added a catch for KeyboardInterrupt with instructions on how to recover from a partial install. 441607
* Fix ownership of the Apache NSS cert and key databases.Rob Crittenden2008-04-301-0/+10
| | | | | The group "apache" needs to have read access to them so they will work in Fedora 9+.
* Better detection of DS not starting.Rob Crittenden2008-04-141-3/+23
| | | | | | | The dirsrv init script always returns 0 on status checks, even if an instance is not started. So we have to look through the output instead. 442452
* Configure the ipa_pwd_extop plugin on replicas.Rob Crittenden2008-04-141-1/+4
| | | | | | | | If plugin isn't configured then the kerberos attributes don't get populated. User's will get Preauthentication errors from the kerberos libraries because there is no krbPrincipalKey to match against. 442134
* Use the same kpasswd.keytab on all replicas.Rob Crittenden2008-04-091-2/+7
| | | | | | | If we generate a new keytab for each replica then effectively password changes can only occur on the last replica created. 439905
* The kpasswd keytab must not be owned by the dirsrv user.Simo Sorce2008-04-081-2/+0
| | | | Fix copy&paste error.
* Add missing start_creation() so the install process will get kicked off.Rob Crittenden2008-04-021-0/+1
|
* Sysrestore fixes.Simo Sorce2008-03-311-3/+8
| | | | | | | Latest patch used the wrong path and all files where actually going to /tmp even if a different path was specified. Makes also StateFile behave the same as FileStore, and be a public class, this way a common path can be used too.
* Better check for IPA nServer own address, avoid manually parsing /etc/hosts bySimo Sorce2008-03-301-36/+54
| | | | | | | using nsswitch calls that read it and also take in account any other name resolution mechanism that might be installed (like NIS lol :-). This also should make the check support IPv6 transparently too (not tested)
* Move sysrestore to ipa-python so it can be used by client scripts too.Simo Sorce2008-03-278-332/+130
| | | | | | Change backup format so files are all in a single directory (no dir hierarchies) and use an index file so we can save also ownership and permission info for the restore (and eventually other data later on).
* Properly detect when ports are available.Rob Crittenden2008-03-271-4/+3
| | | | | | | | The DS setup program uses Perl and does a similar port available test. It seems that perl always sets FD_CLOEXEC and python does not. This is why the port test would pass in python but fail in perl. 439024
generated by cgit (git 2.34.1) at 2024-05-09 04:55:56 +0000