| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
| |
This does 3 things:
1. Create a user for the Windows PassSync service
2. Add this use to the list of users that can skip password policies
3. Add an aci that grants permission to write the password attributes
471130
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Addresses bz#471130
Also fix bugs in ipapwd_start.
Also remove mutex, it is not necessary with the current code,
we needed it when we used to change reload the configuration and
keep it referenced in a static pointer.
ipapwd_start runs only once and the global variables it sets are fixed
in stone until DS is restarted.
|
| |
|
|
|
|
|
|
|
|
| |
We can't connect to the windows AD server to get a unique repliation ID.
So first see if this master already has one and if not, get an id from
the local DS.
469977
|
| |
|
|
|
|
| |
469256
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This was throwing the error
"Unable to determine hostname from ipa-rewrite.conf"
during RPM %post on unconfigured servers where there is nothing to do.
468947
|
|
|
|
|
|
| |
won't propogate between all replicas.
468732
|
|
|
|
|
|
| |
wasn't being properly converted into a list so subsequent values caused it to crap out.
467102
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
The ipa-winsync plugin needs to start before the MMR plugin, so that it
can register the API functions. Also, the slapi-nis schema compat
plugin creates an entry that looks exactly like the default IPA group
gidNumber entry, so I added an extra (objectclass=groupOfNames) to the
filter since the slapi-nis entry doesn't have that.
|
|
|
|
|
| |
There are already indexes created for ntUniqueID and ntUserDomainID by default
We just need to make sure they are indexed for equality and presence
|
|
|
|
| |
Just call stop() - if it's not already running, no big deal
|
|
|
|
|
|
|
|
|
| |
The ipa-replica-manage list, init, and synch commands do not work for winsync
agreements. This patch adds that support and some additional verbose logging.
The synch_master did not work correctly. The way it should work is to set
the replication schedule to some bogus value, then reset it back to its
original setting. This will force replication to take place immediately.
|
|
|
|
|
|
|
|
|
| |
If a user needs to be enabled, just delete the user from the inactivated group,
but do not add to the activated group. If a user is in no group, the user is
active by default. IPA uses the activated group for override purposes.
parse_acct_disable is only used when the config changes, but I cleaned it
up anyway to make the code clearer.
|
| |
|
| |
|
| |
|
|
|
|
| |
hostname that might actually exist but you do not want to even attempt to resolve it via DNS
|
|
|
|
| |
configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert.
|
| |
|
|
|
|
| |
are debugging within the directory server
|
| |
|
|
|
|
| |
callbacks, and gets default values from various configuration entries in the IPA tree
|
|
|
|
| |
homeDirectory prefix and use that to construct the homeDirectory attribute -lookup attribute containing the default gidNumber and use that to add the gidNumber to new users -construct the gecos field from the cn attribute
|
|
|
|
| |
makefiles, spec file * added stubs for the api, including begin update, end update, and destroy callbacks * added config code to allow dynamic dse config changes and auto-discovery of realm and new user objectclass list
|
| |
|
|
|
|
| |
ipa-fix-CVE-2008-3274
|
| |
|
| |
|
|
|
|
| |
Remove SUP name from RFC2307bis.update to match FDS
|
| |
|
|
|
|
| |
currently kerberized (and may never be due to their nature).
|
|
|
|
| |
Fixes: 441566
|
|
|
|
| |
Fixes: 462489
|
|
|
|
|
| |
This significantly simplifies the tool and makes it possible to apply
updates from the installer without forking off another process.
|
|
|
|
|
|
|
|
| |
Running at the end ensures that /etc/ipa/ipa.conf is created and generally
makes it more likely to succeed.
Added a new argument to ipa-server-installl, -y <password_file>, so we
don't have to pass it on the command-line.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The updates directory is currently hardcoded to /usr/share/ipa/updates.
All of the files are read into memory and then sorted by the length of the DN.
This is so we can be sure that parent entries are added before children.
Also add a man page.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also handle syntax errors a bit more gracefully and allow the updater to
work on more than one file at a time.
Adjust to new config.py and use a custom exception class for syntax errors.
Also fix a error in parsing the separate files
Include slapi-nis in Requires
Includes work provided by Martin Nagy
460055
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This tool takes as input a file which contains basically an LDIF, prefixed
with a command: default, add, remove or only. These define the operations
to perform such as adding new entries, adding new sub-entries to an existing
entry, adding or modifying attributes in a record.
If an index entry is modified a task is created to re-create the index.
Schema may be added using this tool.
454031
|
| |
|
|
|
|
| |
command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234
|