summaryrefslogtreecommitdiffstats
path: root/ipa.spec.in
Commit message (Collapse)AuthorAgeFilesLines
* Rename package to freeipaJan Zeleny2011-01-251-776/+0
| | | | https://fedorahosted.org/freeipa/ticket/581
* Clean up some rpmlint errors in the spec file.Rob Crittenden2011-01-251-30/+24
| | | | | | | | | | Re-arrange doc and defattr to clean up rpmlint warnings Remove conditionals on older releases Move some man pages into admintools subpackage Remove some explicit Requires in client that aren't needed Consistent use of buildroot vs RPM_BUILD_ROOT Ticket 804
* Update kerberos password policy values on LDAP binds.Rob Crittenden2011-01-211-0/+2
| | | | | | | | | | | | | | | On a failed bind this will update krbLoginFailedCount and krbLastFailedAuth and will potentially fail the bind altogether. On a successful bind it will zero krbLoginFailedCount and set krbLastSuccessfulAuth. This will also enforce locked-out accounts. See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on kerberos lockout. ticket 343
* rename static to uiAdam Young2011-01-201-10/+14
| | | | Directory rename
* Add API version and have server reject incompatible clients.Rob Crittenden2011-01-141-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | This patch contains 2 parts. The first part is a small utility to create and validate the current API. To do this it needs to load ipalib which on a fresh system introduces a few problems, namely that it relies on a python plugin to set the default encoding to utf8. For our purposes we can skip that. It is also important that any optional plugins be loadable so the API can be examined. The second part is a version exchange between the client and server. The version has a major and a minor version. The major verion is updated whenever existing API changes. The minor version is updated when new API is added. A request will be rejected if either the major versions don't match or if the client major version is higher than then server major version (though by implication new API would return a command not found if allowed to proceed). To determine the API version of the server from a client use the ping command. ticket 584
* Remove dependency on nss_ldap/nss-pam-ldapdSimo Sorce2011-01-141-5/+4
| | | | | | We use sssd in ipa v2 Fixes: https://fedorahosted.org/freeipa/ticket/757
* Remove radius options completely.Simo Sorce2011-01-141-51/+3
| | | | | | | This has been completely abandoned since ipa v1 and is not built by default. Instead of carrying dead weight, let's remove it for now. Fixes: https://fedorahosted.org/freeipa/ticket/761
* spinning wheel display a spinning icon gif during network traffic. Fixes the ↵Adam Young2011-01-141-0/+1
| | | | following from first patch: 1 primary key set in span as opposed to appended, so it only appears once. 2. call hide for the network activity icon only in success or failure functions, not multiple times
* Set minimum version of dogtag to 9Rob Crittenden2011-01-141-2/+5
| | | | ticket 763
* Drop dependency on mozldapRob Crittenden2011-01-121-2/+4
|
* Ship the ipa-dns-install man pageRob Crittenden2011-01-101-0/+1
| | | | ticket 734
* Include some directories in spec fileJan Zeleny2011-01-061-0/+2
| | | | | | | | Two directories were left out from package file list: ..../site-packages/ipalib ..../site-packages/ipaserver http://fedorahosted.org/freeipa/ticket/688
* add missing files in rpmAdam Young2011-01-051-0/+1
| | | | Fonts, header images, and json.js
* sudo and netgroup schema compat updates - fix quoting of netgroup entries - ↵Nalin Dahyabhai2010-12-211-1/+1
| | | | don't bother looking for members of netgroups by looking for entries which list "memberOf: $netgroup" -- the netgroup should list them as "member" values - use newer slapi-nis functionality to produce cn=sudoers - drop the real cn=sudoers container to make room for the compat container
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-7/+7
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Add krb5-pkinit-openssl as a Requires on ipa-server packageRob Crittenden2010-12-161-0/+4
| | | | ticket 599
* managed entry hostgroup netgroup support ↵Jr Aquino2010-12-131-2/+7
| | | | https://fedorahosted.org/freeipa/ticket/543
* Introduce ipa control script that reads configuration off ldapSimo Sorce2010-12-101-4/+12
| | | | | | | | | | | This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
* Make use of mozldap vs openldap for plugins selectableSimo Sorce2010-12-061-0/+4
|
* Add new version of DNS plugin: complete rework with baseldap + unit tests.Pavel Zuna2010-12-011-0/+1
| | | | | Ticket #36 Ticket #450
* build tweaks - use automake's foreign mode, avoid creating empty files to ↵Nalin Dahyabhai2010-11-291-4/+0
| | | | satisfy gnu mode - run autoreconf -f to ensure that everything matches
* Display user and host membership in netgroups.Rob Crittenden2010-11-241-2/+5
| | | | | | | This uses an enhanced memberof plugin that allows multiple attributes to be configured to create memberOf attributes. tickets 109 and 110
* Fix build error due to rename of index.xhtml to index.htmlRob Crittenden2010-11-191-1/+1
|
* uuid plugin: convert the plugin to use the libuuid librarySimo Sorce2010-11-151-0/+1
| | | | | | | | | | The DS guys decided not to expose the DS inetrnal functions used to generate UUIDs for DS. This means the interface is not guaranteed to be available. Switch the ipa_uuid plugin to use the system libuuid plugin instead. NOTE: This causes once again a change in the tring format used for UUIDs. fixes: https://fedorahosted.org/freeipa/ticket/465
* Rewrite the migration page using WSGIJakub Hrozek2010-11-091-1/+0
|
* Remove ipa-fix-CVE-2008-3274, it isn't needed any more.Rob Crittenden2010-11-081-1/+3
| | | | ticket 331
* HBAC Details PageEndi S. Dewata2010-11-041-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The UI framework has been extended to include a collection of widgets: - ipa_widget: base class - ipa_text_widget: text field - ipa_radio_widget: radio button - ipa_textarea_widget: textarea - ipa_button_widget: button - ipa_column_widget: column for table - ipa_table_widget: table These widgets can be used to create input controls. They can also be extended to create custom controls. The framework has also been enhanced to support custom layouts. This can be used to change the look of the application without changing the code. Initially this is only available in details section. Layout consists of a collection of HTML templates. Each template is a complete and valid HTML file representing a portion of a page. The template will be loaded and initialized by the code, then filled with the data from the server. The layouts are located in install/static/layouts/<name> folder. By default, if no templates are used, the fields in the details page are rendered vertically using dd/dt/dd tags. For pages that require different layout, a custom UI needs to be developed. There are two ways to do that: - write a custom widget to generate the UI dynamically - create an HTML template and write the initialization code For components that are quite complex or used frequently, it's might be better to use the first method. For simple pages that are used only in one location or need to support customization, the second method might be preferable. Other benefits of templates: - cleaner code and UI separation - more flexibility in customization - new pages can be developed quickly and require less coding - multiple templates can be used with the same initialization code - easier to maintain The HBAC details page has been implemented using both methods. By default it will use custom widgets to generate the page. To use a custom layout, add the following parameter to the URL, then reload the page: &layout=<name> Currently the only available layout is 'default' which produces the same look as the custom widgets. The HBAC details page is usable, but it still needs additional work. The access time is not working yet. There is no undo button, hint, or validation yet. The table in the association facet has also been changed to use ipa_association_widget which is derived from ipa_table_widget. The Makefile has been updated to include the layouts. The unit tests have been updated as well.
* Add new plugin used to modify related attributes after a modrdn operation.Simo Sorce2010-10-281-0/+2
|
* remove rule for inc files.Adam Young2010-10-251-1/+0
|
* Grant /usr/sbin/ipa_kpasswd "name_bind" access.Rob Crittenden2010-10-221-1/+3
| | | | | | | Requires selinux-policy-3.6.32-123 on F12 Requires selinux-policy-3.7.19-40 on F13 ticket 73
* Add default python encoding module to reset default from ascii to utf-8Rob Crittenden2010-10-221-2/+7
| | | | Also clean up some duplicate files in the rpm for the UI.
* ipa-uuid: DNA-like plugin that generates uuidsSimo Sorce2010-10-221-0/+2
|
* Add Requires on ipa-client to ipa-admintools, ensure ipa client is configuredRob Crittenden2010-10-151-0/+1
| | | | | | | | | | It makes little sense to install ipa-admintools without ipa-client, require it. Also see if the client has been configured. This is a bit tricky since we have a full set of defaults. Add a new env option that gets set if at least one configuration file is loaded. ticket 213
* Drop python-configobj from Requires and remove message about ipa-ldap-updaterRob Crittenden2010-09-231-6/+4
| | | | | | | | python-configobj is a leftover from TurboGears requires as far as I can tell. The ipa-ldap-updater message was supposed to detect when an upgrade was installed but not applied. We are doing upgrades differently in v2. tickets 141 and 219
* Big webUI patch.Pavel Zuna2010-09-171-0/+1
| | | | | | | | | | | | | Quick summary: - use jQuery UI and jQuery BBQ libraries - code restructuring The patch has so many changes they can't be listed here. Many parts of the code have been rewritten from scrach. See freeipa-devel mailing list: webUI code restructuring [wall of text, diagrams, ... you've been warned!] 2010-09-07
* Clean up the spec file, add Requires for nss-pam-ldapd for F14+Rob Crittenden2010-09-101-14/+17
| | | | | | | | Also do the following: - Remove conflicts on mod_ssl - Remove a lot of version checking for EOL'd Fedora versions - Add a few conditionals for rhel6 - Add Requires of nss-tools on ipa-client
* Break out install into more steps, add -key_algorithm to pkisilentRob Crittenden2010-08-191-3/+10
| | | | | | | | | | | | | Installing dogtag is quite slow and it isn't always clear that things are working. This breaks out some restart calls into separate steps to show some amount of progress. There are still some steps that take more than a minute (pkicreate and pkisilent). Add new argument to pkisilent, -key_algorithm Update a bunch of minimum required versions in the spec file. tickets 139 (time) and 144 (key_algorithm)
* Add a BuildRequires for authconfigRob Crittenden2010-08-161-0/+4
| | | | ticket 137
* Changes to the install and config files to support deploying the javascript ↵Adam Young2010-08-061-0/+6
| | | | code.
* Drop our own PKCS#10 ASN.1 decoder and use the one from python-nssRob Crittenden2010-07-291-1/+4
| | | | | | | | | | | | | | | This patch: - bumps up the minimum version of python-nss - will initialize NSS with nodb if a CSR is loaded and it isn't already init'd - will shutdown NSS if initialized in the RPC subsystem so we use right db - updated and added a few more tests Relying more on NSS introduces a bit of a problem. For NSS to work you need to have initialized a database (either a real one or no_db). But once you've initialized one and want to use another you have to close down the first one. I've added some code to nsslib.py to do just that. This could potentially have some bad side-effects at some point, it works ok now.
* This patch removes the existing UI functionality, as a prep for adding the ↵Adam Young2010-07-291-4/+3
| | | | Javascript based ui.
* Include missing file from version plugin and update min version of 389-dsRob Crittenden2010-06-241-2/+7
|
* Replication version checking.Rob Crittenden2010-06-241-0/+2
| | | | | | | | Whenever we upgrade IPA such that any data incompatibilities might occur then we need to bump the DATA_VERSION value so that data will not replicate to other servers. The idea is that you can do an in-place upgrade of each IPA server and the different versions own't pollute each other with bad data.
* Drop --with-openldap option in the client. This is no longer optional.Rob Crittenden2010-06-211-1/+1
|
* use NSS for SSL operationsJohn Dennis2010-06-151-1/+1
|
* Remove Requires on separate package python-krbV in clientRob Crittenden2010-06-021-1/+3
| | | | | | We need the configured kerberos realm so we can clean up /etc/krb5.keytab. We have this already in /etc/ipa/default.conf so use that instead of requiring a whole other python package to do it.
* Move the dogtag SELinux rules loading into the spec fileRob Crittenden2010-05-271-2/+5
| | | | | | I couldn't put the dogtag rules into the spec file until we required dogtag as a component. If it wasn't pre-loaded them the rules loading would fail because types would be missing.
* client installation fixes: nscd, sssd min version, bogus join errorRob Crittenden2010-05-031-2/+5
| | | | | | - Don't run nscd if using sssd, the caching of nscd conflicts with sssd - Set the minimum version of sssd to 1.1.1 to pick up needed hbac fixes - only try to read the file configuration if the server isn't passed in
* Add ipa man page.Pavel Zuna2010-04-071-0/+1
|
* Fix the client and client-rpms make targetsrcrit2010-03-191-2/+2
|
generated by cgit (git 2.34.1) at 2024-05-10 07:27:29 +0000