summaryrefslogtreecommitdiffstats
path: root/ipa-server
Commit message (Collapse)AuthorAgeFilesLines
* Fix a free before use bug, it may lead to crashes but usually just corruptsrelease-1-2-0Simo Sorce2008-11-141-3/+2
| | | | | | the changepw dn we store so that it won't match. This causes normal password changes to be interpreted as password resets instead, and the new legit password is immediately expired.
* set winsync account disable sync default value to both instead of noneRich Megginson2008-11-131-1/+1
|
* wait for sync agreement to be ready before startingRich Megginson2008-11-131-0/+45
| | | | Added checking for error status - Added maxtries so that the script won't wait forever if there is something wrong
* Remove the column width from #details table.details tdRob Crittenden2008-11-121-1/+0
| | | | | | This should make the User Find results page look nicer. 470428
* Present a less-cryptic error if the replication agreement doesn't existRob Crittenden2008-11-121-1/+4
|
* Create a user for Windows PassSync and grant password changing permissionsRob Crittenden2008-11-122-2/+44
| | | | | | | | | This does 3 things: 1. Create a user for the Windows PassSync service 2. Add this use to the list of users that can skip password policies 3. Add an aci that grants permission to write the password attributes 471130
* Fix deleting a winsync replication agreement.Rob Crittenden2008-11-122-11/+32
|
* Make the list of users that can skip passwrod policies configurable.Simo Sorce2008-11-121-48/+105
| | | | | | | | | | | Addresses bz#471130 Also fix bugs in ipapwd_start. Also remove mutex, it is not necessary with the current code, we needed it when we used to change reload the configuration and keep it referenced in a static pointer. ipapwd_start runs only once and the global variables it sets are fixed in stone until DS is restarted.
* Make DNA work with internal operationsRich Megginson2008-11-101-3/+49
|
* Use the local connection when getting a replication ID for winsync.Rob Crittenden2008-11-051-1/+5
| | | | | | | | We can't connect to the windows AD server to get a unique repliation ID. So first see if this master already has one and if not, get an id from the local DS. 469977
* use ipautil.CalledProcessError instead of CalledProcessErrorRich Megginson2008-11-041-3/+3
|
* Fix error in validation when adding new groups via the UIRob Crittenden2008-10-311-0/+2
| | | | 469256
* Install replication update fileRob Crittenden2008-10-311-1/+2
|
* Gracefully handle running on an unconfigured IPA serverRob Crittenden2008-10-301-0/+4
|
* Don't report spurious upgrade message if IPA has not been configured yet.Rob Crittenden2008-10-291-9/+12
| | | | | | | | This was throwing the error "Unable to determine hostname from ipa-rewrite.conf" during RPM %post on unconfigured servers where there is nothing to do. 468947
* Ensure that every replica gets a unique replication ID. Otherwise changes ↵Rob Crittenden2008-10-293-3/+57
| | | | | | won't propogate between all replicas. 468732
* Fix error if more than one values is being set in an only. The first entry ↵Rob Crittenden2008-10-151-1/+1
| | | | | | wasn't being properly converted into a list so subsequent values caused it to crap out. 467102
* add update to fix the index for the winsync attributesRich Megginson2008-10-132-0/+11
|
* do not store the OUs from the AD DN in the IPA user entry when flatteningRich Megginson2008-10-131-35/+0
|
* add --win-subtree argument to ipa-replica-manageRich Megginson2008-10-132-0/+7
|
* Do not depend on MMR plugin - start before MMR pluginRich Megginson2008-10-131-2/+1
| | | | | | | | The ipa-winsync plugin needs to start before the MMR plugin, so that it can register the API functions. Also, the slapi-nis schema compat plugin creates an entry that looks exactly like the default IPA group gidNumber entry, so I added an extra (objectclass=groupOfNames) to the filter since the slapi-nis entry doesn't have that.
* Just add eq,pres to the existing indicesRich Megginson2008-10-131-8/+4
| | | | | There are already indexes created for ntUniqueID and ntUserDomainID by default We just need to make sure they are indexed for equality and presence
* Don't try to conditionally stop the server - it doesn't seem to workRich Megginson2008-10-131-4/+1
| | | | Just call stop() - if it's not already running, no big deal
* Add more winsync support to cliRich Megginson2008-10-132-3/+22
| | | | | | | | | The ipa-replica-manage list, init, and synch commands do not work for winsync agreements. This patch adds that support and some additional verbose logging. The synch_master did not work correctly. The way it should work is to set the replication schedule to some bogus value, then reset it back to its original setting. This will force replication to take place immediately.
* Do not add enabled user to activated group - clean up parse_acct_disableRich Megginson2008-10-132-19/+28
| | | | | | | | | If a user needs to be enabled, just delete the user from the inactivated group, but do not add to the activated group. If a user is in no group, the user is active by default. IPA uses the activated group for override purposes. parse_acct_disable is only used when the config changes, but I cleaned it up anyway to make the code clearer.
* add winsync options to ipa-replica-manage man pageRich Megginson2008-10-131-0/+15
|
* Adds winsync account disable and force syncRich Megginson2008-10-134-7/+772
|
* fix issues brought up by initial review of ipa winsync enhancementsRich Megginson2008-10-133-8/+29
|
* add --no-host-dns option to ipa-server-install - allows specifying a ↵Rich Megginson2008-10-133-13/+12
| | | | hostname that might actually exist but you do not want to even attempt to resolve it via DNS
* Added support to IPA server install to install the winsync plugin ↵Rich Megginson2008-10-135-24/+164
| | | | configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert.
* The library name is libipa_winsync not libipa-winsyncRich Megginson2008-10-131-3/+3
|
* Use dirsrv/file.h with includes by default - only use the other style if we ↵Rich Megginson2008-10-133-6/+135
| | | | are debugging within the directory server
* fix some memory leaksRich Megginson2008-10-131-1/+4
|
* Added ipa-winsync-config.c - this handles dynamic configuration via the DSE ↵Rich Megginson2008-10-132-0/+782
| | | | callbacks, and gets default values from various configuration entries in the IPA tree
* Added support for posixAccount -lookup attribute containing the ↵Rich Megginson2008-10-132-3/+184
| | | | homeDirectory prefix and use that to construct the homeDirectory attribute -lookup attribute containing the default gidNumber and use that to add the gidNumber to new users -construct the gecos field from the cn attribute
* Added the new IPA WinSync Plug-in Work done so far * added the new plugin to ↵Rich Megginson2008-10-135-18/+109
| | | | makefiles, spec file * added stubs for the api, including begin update, end update, and destroy callbacks * added config code to allow dynamic dse config changes and auto-discovery of realm and new user objectclass list
* Initial addition of ipa-winsync pluginRich Megginson2008-10-134-0/+456
|
* ipa-change-master-key: Really exit when not run as root Also fix this for ↵Martin Nagy2008-10-081-0/+1
| | | | ipa-fix-CVE-2008-3274
* Fix class declaration to work with Python 2.4Rob Crittenden2008-09-191-1/+1
|
* Fix architecture detection in ldapupdateMartin Nagy2008-09-191-5/+4
|
* Add detection to the update tool to detect when it would apply changes.Rob Crittenden2008-09-194-7/+52
| | | | Remove SUP name from RFC2307bis.update to match FDS
* Fix syntax errorSimo Sorce2008-09-181-4/+4
|
* Remove reference to very unlikely service examples that are notSimo Sorce2008-09-181-4/+1
| | | | currently kerberized (and may never be due to their nature).
* Restart httpd and dirsrv services after yum upgrade.Martin Nagy2008-09-171-10/+7
| | | | Fixes: 441566
* Add standard override options to ipa-replica-prepareMartin Nagy2008-09-171-5/+3
| | | | Fixes: 462489
* Move the bulk of ipa-ldap-updater into a python library.Rob Crittenden2008-09-174-529/+570
| | | | | This significantly simplifies the tool and makes it possible to apply updates from the installer without forking off another process.
* Run the LDAP updater at the end of the installation process.Rob Crittenden2008-09-174-1/+36
| | | | | | | | Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line.
* Allow passwords to work without a tty ala: echo password | some_programRob Crittenden2008-09-171-2/+8
|
* Add more development packages to test forRob Crittenden2008-09-121-2/+41
|
* Sort updates by DN length and by default process all files in the updates dir.Rob Crittenden2008-09-124-23/+157
| | | | | | | | | The updates directory is currently hardcoded to /usr/share/ipa/updates. All of the files are read into memory and then sorted by the length of the DN. This is so we can be sure that parent entries are added before children. Also add a man page.
generated by cgit (git 2.34.1) at 2024-05-01 08:20:37 +0000