summaryrefslogtreecommitdiffstats
path: root/ipa.spec.in
Commit message (Collapse)AuthorAgeFilesLines
* uuid plugin: convert the plugin to use the libuuid librarySimo Sorce2010-11-151-0/+1
| | | | | | | | | | The DS guys decided not to expose the DS inetrnal functions used to generate UUIDs for DS. This means the interface is not guaranteed to be available. Switch the ipa_uuid plugin to use the system libuuid plugin instead. NOTE: This causes once again a change in the tring format used for UUIDs. fixes: https://fedorahosted.org/freeipa/ticket/465
* Rewrite the migration page using WSGIJakub Hrozek2010-11-091-1/+0
|
* Remove ipa-fix-CVE-2008-3274, it isn't needed any more.Rob Crittenden2010-11-081-1/+3
| | | | ticket 331
* HBAC Details PageEndi S. Dewata2010-11-041-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The UI framework has been extended to include a collection of widgets: - ipa_widget: base class - ipa_text_widget: text field - ipa_radio_widget: radio button - ipa_textarea_widget: textarea - ipa_button_widget: button - ipa_column_widget: column for table - ipa_table_widget: table These widgets can be used to create input controls. They can also be extended to create custom controls. The framework has also been enhanced to support custom layouts. This can be used to change the look of the application without changing the code. Initially this is only available in details section. Layout consists of a collection of HTML templates. Each template is a complete and valid HTML file representing a portion of a page. The template will be loaded and initialized by the code, then filled with the data from the server. The layouts are located in install/static/layouts/<name> folder. By default, if no templates are used, the fields in the details page are rendered vertically using dd/dt/dd tags. For pages that require different layout, a custom UI needs to be developed. There are two ways to do that: - write a custom widget to generate the UI dynamically - create an HTML template and write the initialization code For components that are quite complex or used frequently, it's might be better to use the first method. For simple pages that are used only in one location or need to support customization, the second method might be preferable. Other benefits of templates: - cleaner code and UI separation - more flexibility in customization - new pages can be developed quickly and require less coding - multiple templates can be used with the same initialization code - easier to maintain The HBAC details page has been implemented using both methods. By default it will use custom widgets to generate the page. To use a custom layout, add the following parameter to the URL, then reload the page: &layout=<name> Currently the only available layout is 'default' which produces the same look as the custom widgets. The HBAC details page is usable, but it still needs additional work. The access time is not working yet. There is no undo button, hint, or validation yet. The table in the association facet has also been changed to use ipa_association_widget which is derived from ipa_table_widget. The Makefile has been updated to include the layouts. The unit tests have been updated as well.
* Add new plugin used to modify related attributes after a modrdn operation.Simo Sorce2010-10-281-0/+2
|
* remove rule for inc files.Adam Young2010-10-251-1/+0
|
* Grant /usr/sbin/ipa_kpasswd "name_bind" access.Rob Crittenden2010-10-221-1/+3
| | | | | | | Requires selinux-policy-3.6.32-123 on F12 Requires selinux-policy-3.7.19-40 on F13 ticket 73
* Add default python encoding module to reset default from ascii to utf-8Rob Crittenden2010-10-221-2/+7
| | | | Also clean up some duplicate files in the rpm for the UI.
* ipa-uuid: DNA-like plugin that generates uuidsSimo Sorce2010-10-221-0/+2
|
* Add Requires on ipa-client to ipa-admintools, ensure ipa client is configuredRob Crittenden2010-10-151-0/+1
| | | | | | | | | | It makes little sense to install ipa-admintools without ipa-client, require it. Also see if the client has been configured. This is a bit tricky since we have a full set of defaults. Add a new env option that gets set if at least one configuration file is loaded. ticket 213
* Drop python-configobj from Requires and remove message about ipa-ldap-updaterRob Crittenden2010-09-231-6/+4
| | | | | | | | python-configobj is a leftover from TurboGears requires as far as I can tell. The ipa-ldap-updater message was supposed to detect when an upgrade was installed but not applied. We are doing upgrades differently in v2. tickets 141 and 219
* Big webUI patch.Pavel Zuna2010-09-171-0/+1
| | | | | | | | | | | | | Quick summary: - use jQuery UI and jQuery BBQ libraries - code restructuring The patch has so many changes they can't be listed here. Many parts of the code have been rewritten from scrach. See freeipa-devel mailing list: webUI code restructuring [wall of text, diagrams, ... you've been warned!] 2010-09-07
* Clean up the spec file, add Requires for nss-pam-ldapd for F14+Rob Crittenden2010-09-101-14/+17
| | | | | | | | Also do the following: - Remove conflicts on mod_ssl - Remove a lot of version checking for EOL'd Fedora versions - Add a few conditionals for rhel6 - Add Requires of nss-tools on ipa-client
* Break out install into more steps, add -key_algorithm to pkisilentRob Crittenden2010-08-191-3/+10
| | | | | | | | | | | | | Installing dogtag is quite slow and it isn't always clear that things are working. This breaks out some restart calls into separate steps to show some amount of progress. There are still some steps that take more than a minute (pkicreate and pkisilent). Add new argument to pkisilent, -key_algorithm Update a bunch of minimum required versions in the spec file. tickets 139 (time) and 144 (key_algorithm)
* Add a BuildRequires for authconfigRob Crittenden2010-08-161-0/+4
| | | | ticket 137
* Changes to the install and config files to support deploying the javascript ↵Adam Young2010-08-061-0/+6
| | | | code.
* Drop our own PKCS#10 ASN.1 decoder and use the one from python-nssRob Crittenden2010-07-291-1/+4
| | | | | | | | | | | | | | | This patch: - bumps up the minimum version of python-nss - will initialize NSS with nodb if a CSR is loaded and it isn't already init'd - will shutdown NSS if initialized in the RPC subsystem so we use right db - updated and added a few more tests Relying more on NSS introduces a bit of a problem. For NSS to work you need to have initialized a database (either a real one or no_db). But once you've initialized one and want to use another you have to close down the first one. I've added some code to nsslib.py to do just that. This could potentially have some bad side-effects at some point, it works ok now.
* This patch removes the existing UI functionality, as a prep for adding the ↵Adam Young2010-07-291-4/+3
| | | | Javascript based ui.
* Include missing file from version plugin and update min version of 389-dsRob Crittenden2010-06-241-2/+7
|
* Replication version checking.Rob Crittenden2010-06-241-0/+2
| | | | | | | | Whenever we upgrade IPA such that any data incompatibilities might occur then we need to bump the DATA_VERSION value so that data will not replicate to other servers. The idea is that you can do an in-place upgrade of each IPA server and the different versions own't pollute each other with bad data.
* Drop --with-openldap option in the client. This is no longer optional.Rob Crittenden2010-06-211-1/+1
|
* use NSS for SSL operationsJohn Dennis2010-06-151-1/+1
|
* Remove Requires on separate package python-krbV in clientRob Crittenden2010-06-021-1/+3
| | | | | | We need the configured kerberos realm so we can clean up /etc/krb5.keytab. We have this already in /etc/ipa/default.conf so use that instead of requiring a whole other python package to do it.
* Move the dogtag SELinux rules loading into the spec fileRob Crittenden2010-05-271-2/+5
| | | | | | I couldn't put the dogtag rules into the spec file until we required dogtag as a component. If it wasn't pre-loaded them the rules loading would fail because types would be missing.
* client installation fixes: nscd, sssd min version, bogus join errorRob Crittenden2010-05-031-2/+5
| | | | | | - Don't run nscd if using sssd, the caching of nscd conflicts with sssd - Set the minimum version of sssd to 1.1.1 to pick up needed hbac fixes - only try to read the file configuration if the server isn't passed in
* Add ipa man page.Pavel Zuna2010-04-071-0/+1
|
* Fix the client and client-rpms make targetsrcrit2010-03-191-2/+2
|
* Don't create /var/log/ipa_error.log since we aren't using TurboGears any more.Rob Crittenden2010-03-081-4/+4
|
* Install Contributors.txtJohn Dennis2010-03-041-6/+6
|
* Make the CA a required component and configured by default.Rob Crittenden2010-03-021-0/+1
| | | | | | | | To install IPA without dogtag use the --selfsign option. The --ca option is now deprecated. 552995
* Fixed ipa.spec.in to include share/ipa/wsgi.py*Jason Gerard DeRose2010-03-011-1/+4
|
* Run ipaserver under mod_wsgiJason Gerard DeRose2010-03-011-0/+5
|
* Add fix for wehjit (ctypes) SELinux problemJason Gerard DeRose2010-02-121-3/+6
|
* Add support for building internationalized translations.John Dennis2010-02-091-1/+5
| | | | | | | | | | | A new directory install/po has been added which contains all the translations for all files in IPA. The build has been agumented to build these files. Also the autogen.sh script was mostly replaced by autoreconf, the preferred method. The old autogen.sh sript also had some serious bugs in the way it compared versions which caused it to run old versions of some of the tools, using standared autoreconf is much better.
* Add ipa-dns-install scriptMartin Nagy2010-02-091-0/+1
| | | | Unfortunately, for now there is no --uninstall option.
* Configure sssd and certmonger in ipa-client-installRob Crittenden2010-02-031-0/+5
| | | | | | | | | | | This does a number of things under the hood: - Use authconfig to enable sssd in nss and pam - Configure /etc/sssd/sssd.conf to use our IPA provider - Enable the certmonger process and request a server cert - join the IPA domain and retrieve a principal. The clinet machine *must* exist in IPA to be able to do a join. - And then undo all this on uninstall
* Update spec to require python-wehjit >= 0.2.0Jason Gerard DeRose2010-01-271-1/+4
|
* Add DS migration plugin and password migration page.Pavel Zuna2010-01-201-0/+6
|
* Replace uses of %define with %global in the .spec fileRob Crittenden2010-01-071-7/+7
| | | | | | | Fixes rawhide builds per https://www.redhat.com/archives/fedora-devel-list/2010-January/msg00093.html Contributed by Nalin Dahyabhai
* A utility for removing principals from a keytab.Rob Crittenden2009-12-041-0/+5
| | | | | | | | | | | | When we un-enroll a client we'll do a bit of cleanup including removing any principals for the IPA realm from /etc/krb5.keytab. This removes principals in 2 ways: - By principal, only entries matching the full principal are removed - By realm. Any principal for that realm is removed This does not change the KDC at all, just removes entries from a file on the client machine.
* Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1 Any typeRob Crittenden2009-12-021-1/+5
|
* Replace /etc/ipa/ipa.conf with /etc/ipa/default.confRob Crittenden2009-12-011-3/+6
| | | | | | | The new framework uses default.conf instead of ipa.conf. This is useful also because Apache uses a configuration file named ipa.conf. This wipes out the last vestiges of the old ipa.conf from v1.
* Add SELinux policy for CRL file publishing.Rob Crittenden2009-11-261-0/+1
| | | | | | | | | | This policy should really be provided by dogtag. We don't want to grant read/write access to everything dogtag can handle so we change the context to cert_t instead. But we have to let dogtag read/write that too hence this policy. To top it off we can't load this policy unless dogtag is also loaded so we insert it in the IPA installer
* Bash tab completion scriptRob Crittenden2009-11-251-0/+11
|
* Require current versions of python-nss & python-lxmlJohn Dennis2009-11-231-1/+2
| | | | | | ipa.spec.in | 3 ++- ipapython/nsslib.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)
* Add SELinux policy for UI assetsRob Crittenden2009-11-041-3/+5
| | | | | | | | This also removes the Index option of /ipa-assets as well as the deprecated IPADebug option. No need to build or install ipa_webgui anymore. Leaving in the code for reference purposes for now.
* ipa-server-install now renders UI assetsJason Gerard DeRose2009-11-041-0/+1
|
* Add a separate client-only targetRob Crittenden2009-10-171-4/+37
|
* Giant webui patch take 2Jason Gerard DeRose2009-10-131-2/+6
|
* Add man page for ipa-join commandRob Crittenden2009-10-121-0/+1
|
generated by cgit (git 2.34.1) at 2024-04-27 22:37:46 +0000