Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix a free before use bug, it may lead to crashes but usually just corruptsrelease-1-2-0 | Simo Sorce | 2008-11-14 | 1 | -3/+2 |
| | | | | | | the changepw dn we store so that it won't match. This causes normal password changes to be interpreted as password resets instead, and the new legit password is immediately expired. | ||||
* | set winsync account disable sync default value to both instead of none | Rich Megginson | 2008-11-13 | 1 | -1/+1 |
| | |||||
* | wait for sync agreement to be ready before starting | Rich Megginson | 2008-11-13 | 1 | -0/+45 |
| | | | | Added checking for error status - Added maxtries so that the script won't wait forever if there is something wrong | ||||
* | Remove the column width from #details table.details td | Rob Crittenden | 2008-11-12 | 1 | -1/+0 |
| | | | | | | This should make the User Find results page look nicer. 470428 | ||||
* | Present a less-cryptic error if the replication agreement doesn't exist | Rob Crittenden | 2008-11-12 | 1 | -1/+4 |
| | |||||
* | Create a user for Windows PassSync and grant password changing permissions | Rob Crittenden | 2008-11-12 | 2 | -2/+44 |
| | | | | | | | | | This does 3 things: 1. Create a user for the Windows PassSync service 2. Add this use to the list of users that can skip password policies 3. Add an aci that grants permission to write the password attributes 471130 | ||||
* | Fix deleting a winsync replication agreement. | Rob Crittenden | 2008-11-12 | 2 | -11/+32 |
| | |||||
* | Make the list of users that can skip passwrod policies configurable. | Simo Sorce | 2008-11-12 | 1 | -48/+105 |
| | | | | | | | | | | | Addresses bz#471130 Also fix bugs in ipapwd_start. Also remove mutex, it is not necessary with the current code, we needed it when we used to change reload the configuration and keep it referenced in a static pointer. ipapwd_start runs only once and the global variables it sets are fixed in stone until DS is restarted. | ||||
* | Make DNA work with internal operations | Rich Megginson | 2008-11-10 | 1 | -3/+49 |
| | |||||
* | Use the local connection when getting a replication ID for winsync. | Rob Crittenden | 2008-11-05 | 1 | -1/+5 |
| | | | | | | | | We can't connect to the windows AD server to get a unique repliation ID. So first see if this master already has one and if not, get an id from the local DS. 469977 | ||||
* | use ipautil.CalledProcessError instead of CalledProcessError | Rich Megginson | 2008-11-04 | 1 | -3/+3 |
| | |||||
* | Fix error in validation when adding new groups via the UI | Rob Crittenden | 2008-10-31 | 1 | -0/+2 |
| | | | | 469256 | ||||
* | Install replication update file | Rob Crittenden | 2008-10-31 | 1 | -1/+2 |
| | |||||
* | Gracefully handle running on an unconfigured IPA server | Rob Crittenden | 2008-10-30 | 1 | -0/+4 |
| | |||||
* | Don't report spurious upgrade message if IPA has not been configured yet. | Rob Crittenden | 2008-10-29 | 1 | -9/+12 |
| | | | | | | | | This was throwing the error "Unable to determine hostname from ipa-rewrite.conf" during RPM %post on unconfigured servers where there is nothing to do. 468947 | ||||
* | Ensure that every replica gets a unique replication ID. Otherwise changes ↵ | Rob Crittenden | 2008-10-29 | 3 | -3/+57 |
| | | | | | | won't propogate between all replicas. 468732 | ||||
* | Fix error if more than one values is being set in an only. The first entry ↵ | Rob Crittenden | 2008-10-15 | 1 | -1/+1 |
| | | | | | | wasn't being properly converted into a list so subsequent values caused it to crap out. 467102 | ||||
* | add update to fix the index for the winsync attributes | Rich Megginson | 2008-10-13 | 2 | -0/+11 |
| | |||||
* | do not store the OUs from the AD DN in the IPA user entry when flattening | Rich Megginson | 2008-10-13 | 1 | -35/+0 |
| | |||||
* | add --win-subtree argument to ipa-replica-manage | Rich Megginson | 2008-10-13 | 2 | -0/+7 |
| | |||||
* | Do not depend on MMR plugin - start before MMR plugin | Rich Megginson | 2008-10-13 | 1 | -2/+1 |
| | | | | | | | | The ipa-winsync plugin needs to start before the MMR plugin, so that it can register the API functions. Also, the slapi-nis schema compat plugin creates an entry that looks exactly like the default IPA group gidNumber entry, so I added an extra (objectclass=groupOfNames) to the filter since the slapi-nis entry doesn't have that. | ||||
* | Just add eq,pres to the existing indices | Rich Megginson | 2008-10-13 | 1 | -8/+4 |
| | | | | | There are already indexes created for ntUniqueID and ntUserDomainID by default We just need to make sure they are indexed for equality and presence | ||||
* | Don't try to conditionally stop the server - it doesn't seem to work | Rich Megginson | 2008-10-13 | 1 | -4/+1 |
| | | | | Just call stop() - if it's not already running, no big deal | ||||
* | Add more winsync support to cli | Rich Megginson | 2008-10-13 | 2 | -3/+22 |
| | | | | | | | | | The ipa-replica-manage list, init, and synch commands do not work for winsync agreements. This patch adds that support and some additional verbose logging. The synch_master did not work correctly. The way it should work is to set the replication schedule to some bogus value, then reset it back to its original setting. This will force replication to take place immediately. | ||||
* | Do not add enabled user to activated group - clean up parse_acct_disable | Rich Megginson | 2008-10-13 | 2 | -19/+28 |
| | | | | | | | | | If a user needs to be enabled, just delete the user from the inactivated group, but do not add to the activated group. If a user is in no group, the user is active by default. IPA uses the activated group for override purposes. parse_acct_disable is only used when the config changes, but I cleaned it up anyway to make the code clearer. | ||||
* | add winsync options to ipa-replica-manage man page | Rich Megginson | 2008-10-13 | 1 | -0/+15 |
| | |||||
* | Adds winsync account disable and force sync | Rich Megginson | 2008-10-13 | 4 | -7/+772 |
| | |||||
* | fix issues brought up by initial review of ipa winsync enhancements | Rich Megginson | 2008-10-13 | 3 | -8/+29 |
| | |||||
* | add --no-host-dns option to ipa-server-install - allows specifying a ↵ | Rich Megginson | 2008-10-13 | 3 | -13/+12 |
| | | | | hostname that might actually exist but you do not want to even attempt to resolve it via DNS | ||||
* | Added support to IPA server install to install the winsync plugin ↵ | Rich Megginson | 2008-10-13 | 5 | -24/+164 |
| | | | | configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert. | ||||
* | The library name is libipa_winsync not libipa-winsync | Rich Megginson | 2008-10-13 | 1 | -3/+3 |
| | |||||
* | Use dirsrv/file.h with includes by default - only use the other style if we ↵ | Rich Megginson | 2008-10-13 | 3 | -6/+135 |
| | | | | are debugging within the directory server | ||||
* | fix some memory leaks | Rich Megginson | 2008-10-13 | 1 | -1/+4 |
| | |||||
* | Added ipa-winsync-config.c - this handles dynamic configuration via the DSE ↵ | Rich Megginson | 2008-10-13 | 2 | -0/+782 |
| | | | | callbacks, and gets default values from various configuration entries in the IPA tree | ||||
* | Added support for posixAccount -lookup attribute containing the ↵ | Rich Megginson | 2008-10-13 | 2 | -3/+184 |
| | | | | homeDirectory prefix and use that to construct the homeDirectory attribute -lookup attribute containing the default gidNumber and use that to add the gidNumber to new users -construct the gecos field from the cn attribute | ||||
* | Added the new IPA WinSync Plug-in Work done so far * added the new plugin to ↵ | Rich Megginson | 2008-10-13 | 5 | -18/+109 |
| | | | | makefiles, spec file * added stubs for the api, including begin update, end update, and destroy callbacks * added config code to allow dynamic dse config changes and auto-discovery of realm and new user objectclass list | ||||
* | Initial addition of ipa-winsync plugin | Rich Megginson | 2008-10-13 | 4 | -0/+456 |
| | |||||
* | ipa-change-master-key: Really exit when not run as root Also fix this for ↵ | Martin Nagy | 2008-10-08 | 1 | -0/+1 |
| | | | | ipa-fix-CVE-2008-3274 | ||||
* | Fix class declaration to work with Python 2.4 | Rob Crittenden | 2008-09-19 | 1 | -1/+1 |
| | |||||
* | Fix architecture detection in ldapupdate | Martin Nagy | 2008-09-19 | 1 | -5/+4 |
| | |||||
* | Add detection to the update tool to detect when it would apply changes. | Rob Crittenden | 2008-09-19 | 4 | -7/+52 |
| | | | | Remove SUP name from RFC2307bis.update to match FDS | ||||
* | Fix syntax error | Simo Sorce | 2008-09-18 | 1 | -4/+4 |
| | |||||
* | Remove reference to very unlikely service examples that are not | Simo Sorce | 2008-09-18 | 1 | -4/+1 |
| | | | | currently kerberized (and may never be due to their nature). | ||||
* | Restart httpd and dirsrv services after yum upgrade. | Martin Nagy | 2008-09-17 | 1 | -10/+7 |
| | | | | Fixes: 441566 | ||||
* | Add standard override options to ipa-replica-prepare | Martin Nagy | 2008-09-17 | 1 | -5/+3 |
| | | | | Fixes: 462489 | ||||
* | Move the bulk of ipa-ldap-updater into a python library. | Rob Crittenden | 2008-09-17 | 4 | -529/+570 |
| | | | | | This significantly simplifies the tool and makes it possible to apply updates from the installer without forking off another process. | ||||
* | Run the LDAP updater at the end of the installation process. | Rob Crittenden | 2008-09-17 | 4 | -1/+36 |
| | | | | | | | | Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line. | ||||
* | Allow passwords to work without a tty ala: echo password | some_program | Rob Crittenden | 2008-09-17 | 1 | -2/+8 |
| | |||||
* | Add more development packages to test for | Rob Crittenden | 2008-09-12 | 1 | -2/+41 |
| | |||||
* | Sort updates by DN length and by default process all files in the updates dir. | Rob Crittenden | 2008-09-12 | 4 | -23/+157 |
| | | | | | | | | | The updates directory is currently hardcoded to /usr/share/ipa/updates. All of the files are read into memory and then sorted by the length of the DN. This is so we can be sure that parent entries are added before children. Also add a man page. |