Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Convert krbmaxpwdlife and krbminpwdlife from seconds into days and hours | Rob Crittenden | 2007-12-03 | 2 | -7/+18 |
| | |||||
* | Increase default max password lifetime from 10 to 90 days | Rob Crittenden | 2007-12-03 | 1 | -1/+1 |
| | |||||
* | Update build requires for libcap. | Karl MacMillan | 2007-12-03 | 1 | -0/+2 |
| | |||||
* | Improved ACIs | Simo Sorce | 2007-11-30 | 1 | -9/+12 |
| | |||||
* | minor typos | Simo Sorce | 2007-11-30 | 2 | -2/+8 |
| | |||||
* | Compatibility changes to work on RHEL 5 with python 2.4 | rcritten@redhat.com | 2007-11-30 | 9 | -31/+31 |
| | |||||
* | Min Pwd Change Time Check after Password reset and other minor fixes | Simo Sorce | 2007-11-30 | 2 | -26/+34 |
| | |||||
* | Revert logging setup change because it has unintended | Karl MacMillan | 2007-12-03 | 1 | -3/+3 |
| | | | | consequences during ipa-server-install. | ||||
* | Require that the default users group exists | Rob Crittenden | 2007-11-30 | 2 | -10/+21 |
| | | | | Fix some copy-paste errors from the password policy update | ||||
* | Don't allow the admins or editors groups to be removed. | Rob Crittenden | 2007-11-30 | 1 | -0/+10 |
| | | | | Don't allow the default group for users to be removed. | ||||
* | Remove optional arguments from the XML-RPC interface | Rob Crittenden | 2007-11-29 | 1 | -15/+15 |
| | |||||
* | Change the password expiration message to be more precise. | Rob Crittenden | 2007-11-29 | 2 | -4/+4 |
| | |||||
* | Add utility to lock user accounts. Remove lock capability from ipa-deluser | Rob Crittenden | 2007-11-26 | 1 | -0/+6 |
| | | | | | Fix bootstrap.ldif to add new Class of Service entries properly Include some man pages that weren't being installed | ||||
* | Add ipa-python to maintainer-clean and clean up .pyc files | Rob Crittenden | 2007-11-28 | 13 | -0/+13 |
| | |||||
* | Remove unnecessary attribute left over from testing | Rob Crittenden | 2007-11-26 | 1 | -1/+0 |
| | |||||
* | Fix mode on ipa-keytab-util. | Karl MacMillan | 2007-11-21 | 2 | -2/+4 |
| | |||||
* | Add ipa-keytab-util to spec. | Karl MacMillan | 2007-11-21 | 2 | -0/+2 |
| | |||||
* | Add xml-rpc interface for getting keytabs. | Karl MacMillan | 2007-11-21 | 9 | -4/+409 |
| | | | | Warning: this lacks any sort of authorization. | ||||
* | Move packages to ipa from freeipa. | Karl MacMillan | 2007-11-21 | 2 | -10/+16 |
| | |||||
* | Bump the version numbers for release. Also remove | Karl MacMillan | 2007-11-21 | 3 | -8/+8 |
| | | | | | | specific version check on freeradius. Packages aren't available and the freeradius support isn't ready anyway. | ||||
* | Generate master password from Simo. | Karl MacMillan | 2007-11-21 | 3 | -27/+5 |
| | |||||
* | Added replication.py | Karl MacMillan | 2007-11-21 | 1 | -0/+316 |
| | |||||
* | Initial replication setup. | Karl MacMillan | 2007-11-21 | 13 | -252/+704 |
| | | | | | | | | | | | | | | | | | | | This add replication setup through two new commands: ipa-replica-prepare and ipa-replica-install. The procedure is to run ipa-replica-prepare on an existing master. This will collect information about the realm and the current master and create a file storing all of the information. After copying that file to the new replica, ipa-replica-install is run (with -r to create a read-only replica). This version of the patch also includes fixes for the sasl mappings on the replicas. Remaining features: - ssl for replication. - automatic configuration of mesh topology for master (or a simpler way to replicate multiple masters. - tool for view / configuring current replication. | ||||
* | more s/unique// wrt groups members/objectclasses | Simo Sorce | 2007-11-21 | 2 | -3/+3 |
| | |||||
* | Use groupOfNames and member, not groupOfUniqueNames and uniqueMember | Simo Sorce | 2007-11-20 | 3 | -21/+21 |
| | |||||
* | Fix subtle errors in kpasswd | Simo Sorce | 2007-11-20 | 1 | -25/+73 |
| | |||||
* | Use same tzinfo as the time parser to avoid TypeError from being thrown | Rob Crittenden | 2007-11-21 | 1 | -1/+1 |
| | |||||
* | Enable group inactivation by using the Class of Service plugin. | Rob Crittenden | 2007-11-20 | 11 | -32/+214 |
| | | | | | | | | | | | | | | | | | | | | This adds 2 new groups: activated and inactivated. If you, or a group you are a member of, is in inactivated then you are too. If you, or a group you are a member of, is in the activated group, then you are too. In a fight between activated and inactivated, activated wins. The DNs for doing this matching is case and white space sensitive. The goal is to never have to actually set nsAccountLock in a user directly but move them between these groups. We need to decide where in the CLI this will happen. Right it is split between ipa-deluser and ipa-usermod. To inactivate groups for now just add the group to inactivate or active. | ||||
* | Fix bad segfault when pwvals is null | Simo Sorce | 2007-11-19 | 1 | -34/+24 |
| | |||||
* | Remove default SASL mappings if any to avoid conflicts with IPA SASL mappings | Simo Sorce | 2007-11-19 | 1 | -0/+19 |
| | |||||
* | fix ldif typo | Simo Sorce | 2007-11-19 | 1 | -1/+0 |
| | |||||
* | Minor fixes. | Karl MacMillan | 2007-11-19 | 3 | -3/+2 |
| | |||||
* | Add pyasn1 requirement to rpms. | Karl MacMillan | 2007-11-19 | 2 | -0/+2 |
| | |||||
* | Fix installation | Simo Sorce | 2007-11-18 | 4 | -0/+41 |
| | | | | | Add missing schema for GUI Config, and missing objectclass for cn=accounts container | ||||
* | Merge upstream and fix bad suffix in default-aci | Simo Sorce | 2007-11-18 | 18 | -168/+532 |
|\ | |||||
| * | - Report correct information back to users when policies prevent a successful | Simo Sorce | 2007-11-16 | 1 | -43/+202 |
| | | | | | | | | | | | | | | password change. - Fix some minor error Initial code to read the Kerberos Master Key from the Directory | ||||
| * | Small fix from Rob to pwd-extop-plugin | Karl MacMillan | 2007-11-17 | 1 | -1/+1 |
| | | |||||
| * | - Store Master Key in Ldap (Makes it easier to set up replicas) | Simo Sorce | 2007-11-16 | 4 | -183/+502 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Does not require dirsrv access to stash file - Finalize password history support - Fix strict password length default in pwd_extop (fix install sctript too) - fix plugin configuration - Introduce 3 kind of password change: normal, admin, and ds manager - normal require adherence to policies - admin does not but password is immediately expired - ds manager can just change the password any way he likes. Initial code to read the Kerberos Master Key from the Directory | ||||
| * | Implement the password policy UI and finish IPA policy UI | Rob Crittenden | 2007-11-16 | 10 | -142/+506 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This includes a default password policy Custom fields are now read from LDAP. The format is a list of dicts with keys: label, field, required. The LDAP-based configuration now specifies: ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title ipaGroupSearchFields: cn,description ipaSearchTimeLimit: 2 ipaSearchRecordsLimit: 0 ipaCustomFields: ipaHomesRootDir: /home ipaDefaultLoginShell: /bin/sh ipaDefaultPrimaryGroup: ipausers ipaMaxUsernameLength: 8 ipaPwdExpAdvNotify: 4 This could use some optimization. | ||||
| * | Replace references to Person and People with User and Users | Rob Crittenden | 2007-11-15 | 9 | -25/+25 |
| | | |||||
* | | - Report correct information back to users when policies prevent a successful | Simo Sorce | 2007-11-16 | 1 | -43/+202 |
| | | | | | | | | | | | | | | password change. - Fix some minor error Initial code to read the Kerberos Master Key from the Directory | ||||
* | | - Store Master Key in Ldap (Makes it easier to set up replicas) | Simo Sorce | 2007-11-16 | 4 | -183/+502 |
|/ | | | | | | | | | | | | | | - Does not require dirsrv access to stash file - Finalize password history support - Fix strict password length default in pwd_extop (fix install sctript too) - fix plugin configuration - Introduce 3 kind of password change: normal, admin, and ds manager - normal require adherence to policies - admin does not but password is immediately expired - ds manager can just change the password any way he likes. Initial code to read the Kerberos Master Key from the Directory | ||||
* | Add memberof-task.ldif. | Karl MacMillan | 2007-11-15 | 1 | -0/+7 |
| | |||||
* | Check for existance of of the target file in update_file. It used to silently | Rob Crittenden | 2007-11-15 | 1 | -1/+6 |
| | | | | fail if the file it was to update didn't exist. | ||||
* | Broke invididual Requires and BuildRequires onto separate lines and | Rob Crittenden | 2007-11-15 | 2 | -14/+68 |
| | | | | | | reordered them Added python-tgexpandingformwidget as a dependency Require at least fedora-ds-base 1.1 | ||||
* | Initialize memberof patch from Pete Rowley. | Karl MacMillan | 2007-11-15 | 2 | -1/+16 |
| | |||||
* | Remove reference to a bogus system and make the error message more generic | Rob Crittenden | 2007-11-14 | 1 | -1/+1 |
| | |||||
* | Forgot to include FQDN in the substitition list | Rob Crittenden | 2007-11-13 | 1 | -1/+1 |
| | |||||
* | Make the group cn an editable field though protected by default. | Rob Crittenden | 2007-11-14 | 3 | -26/+26 |
| | | | | Fix some issues with the multi-value to single-value reversion. | ||||
* | Include multi-value fields on the Add Person page | Rob Crittenden | 2007-11-14 | 7 | -117/+241 |
| | | | | Remove multi-valued cn from groups |