| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
+ Some cleanups (trainling spaces and such).
|
|
|
|
| |
442454
|
| |
|
|
|
|
| |
435019
|
|
|
|
| |
440282
|
|
|
|
|
|
|
|
|
| |
It implies that you are setting a new password and you really aren't.
Also added a catch for KeyboardInterrupt with instructions on how to
recover from a partial install.
441607
|
| |
|
|
|
|
| |
Used indent -kr -nut dna.c for most of the changes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UI: /ipa/ui
XML-RPC: /ipa/xml
errors: /ipa/errors
config: /ipa/config
I had to hardcode that URI into the CSS pages but TurboGears handles the
rest of the translations with tg.url().
Added a version to ipa.conf and ipa-rewrite.conf so we can update them
in the future if needed with ipa-upgradeconfig
440443
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The file VERSION is now the sole-source of versioning.
The generated .spec files will been removed in the maintainer-clean targets
and have been removed from the repository.
By default a GIT build is done. To do a non-GIT build do:
$ make TARGET IPA_VERSION_IS_GIT_SNAPSHOT=no
When updating the version you can run this to regenerate the version:
$ make version-update
The version can be determined in Python by using ipaserver.version.VERSION
|
|
|
|
|
|
|
|
|
| |
FreeIPA relies on RedHat's Directory Server, which uses mozldap.
A FreeIPA build using mozldap would reduce the project's dependencies and
redundant code. In addition, mozldap uses NSS instead of OpenSSL.
This is beneficial for the reasons listed in [1].
[1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation
|
|
|
|
|
| |
The group "apache" needs to have read access to them so they will work in
Fedora 9+.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've changed the variable name searchlimit to sizelimit to match the
name in python-ldap (and hopefully therefore be more readable).
The big change was changing the default value from 0 to -1. As 0 we were
never using the value from cn=ipaconfig
python-ldap expects this to be an int type
In the UI sizelimit was hardcoded at 0 for users
439880
|
|
|
|
| |
operation into 2 modify operations
|
|
|
|
| |
440242
|
|
|
|
| |
440895
|
|
|
|
| |
442756
|
|
|
|
| |
440474
|
| |
|
|
|
|
| |
442582
|
|
|
|
|
|
|
| |
The dirsrv init script always returns 0 on status checks, even if an
instance is not started. So we have to look through the output instead.
442452
|
|
|
|
|
|
|
|
| |
Users are considered activated by default so don't need to be in the
activated group explicitly. Ignore the "not in group" error when trying
to remove them.
442470
|
|
|
|
|
|
|
|
| |
If plugin isn't configured then the kerberos attributes don't get populated.
User's will get Preauthentication errors from the kerberos libraries
because there is no krbPrincipalKey to match against.
442134
|
|
|
|
|
|
|
| |
If we generate a new keytab for each replica then effectively password
changes can only occur on the last replica created.
439905
|
|
|
|
| |
Fix copy&paste error.
|
|
|
|
| |
440646
|
| |
|
|
|
|
| |
440651
|
| |
|
|
|
|
|
|
| |
- don't let a user set a password identical to the current one.
- don't check more then the policy defined number of passwords in history
- don't set an history longer than policy defined
|
|
|
|
| |
439281
|
|
|
|
| |
438387
|
|
|
|
|
|
|
| |
Because the ipa.config() object raises an error if there is no configuration
file and auto-detection fails, ipa_webgui may fail to start at install time.
440475
|
| |
|
|
|
|
|
|
|
|
| |
since they aren't being displayed anymore. They will just get blanked.
Also add some error handling in ipahelper.fix_incoming_fields()
438256
|
| |
|
|
|
|
| |
ipa-client-install
|
| |
|
| |
|
|
|
|
| |
440142
|
|
|
|
| |
440081
|
|
|
|
| |
438007
|
|
|
|
| |
430015
|
|
|
|
| |
client bits.
|
|
|
|
|
|
|
| |
Latest patch used the wrong path and all files where actually going to /tmp
even if a different path was specified.
Makes also StateFile behave the same as FileStore, and be a public class, this
way a common path can be used too.
|
|
|
|
| |
has different function names. This was a runtime linker crash bug :/
|
|
|
|
|
|
| |
Fix the redirection errors, it was going to back to the Add delegation page
438257
|
|
|
|
|
|
| |
This is done automatically and trying to do so will return an error.
432106
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We do account activation by using a Class of Service based on group
membership. A problem can happen if the entry itself has an nsaccountlock
attribute and you try doing Class of Service work as well because the
local attribute has priority. So try to detect that the entry has a local
nsAccountLock attribute and report an appropriate error.
Don't allow the admins or editors groups to be de-activated.
Return a better error message if account [in]activation fails.
Catch errors when doing group [in]activation.
439230
|
| |
|