Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Consolidate to single WSGI entry point | Jason Gerard DeRose | 2010-03-01 | 1 | -1/+1 | |
| | ||||||
* | Allow one-character Param names | Rob Crittenden | 2010-02-12 | 1 | -1/+1 | |
| | | | | This is done explicitly to support the l/localityname attribute. | |||||
* | ipa-server-install now renders UI assets | Jason Gerard DeRose | 2009-11-04 | 1 | -2/+1 | |
| | ||||||
* | Giant webui patch take 2 | Jason Gerard DeRose | 2009-10-13 | 1 | -3/+15 | |
| | ||||||
* | Add external CA signing and abstract out the RA backend | Rob Crittenden | 2009-09-15 | 1 | -1/+3 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | External CA signing is a 2-step process. You first have to run the IPA installer which will generate a CSR. You pass this CSR to your external CA and get back a cert. You then pass this cert and the CA cert and re-run the installer. The CSR is always written to /root/ipa.csr. A run would look like: # ipa-server-install --ca --external-ca -p password -a password -r EXAMPLE.COM -u dirsrv -n example.com --hostname=ipa.example.com -U [ sign cert request ] # ipa-server-install --ca --external-ca -p password -a password --external_cert_file=/tmp/rob.crt --external_ca_file=/tmp/cacert.crt -U -p password -a password -r EXAMPLE.COM -u dirsrv -n example.com --hostname=ipa.example.com This also abstracts out the RA backend plugin so the self-signed CA we create can be used in a running server. This means that the cert plugin can request certs (and nothing else). This should let us do online replica creation. To handle the self-signed CA the simple ca_serialno file now contains additional data so we don't have overlapping serial numbers in replicas. This isn't used yet. Currently the cert plugin will not work on self-signed replicas. One very important change for self-signed CAs is that the CA is no longer held in the DS database. It is now in the Apache database. Lots of general fixes were also made in ipaserver.install.certs including: - better handling when multiple CA certificates are in a single file - A temporary directory for request certs is not always created when the class is instantiated (you have to call setup_cert_request()) | |||||
* | Enable ldapi connections in the management framework. | Rob Crittenden | 2009-08-27 | 1 | -2/+0 | |
| | | | | | | If you don't want to use ldapi then you can remove the ldap_uri setting in /etc/ipa/default.conf. The default for the framework is to use ldap://localhost:389/ | |||||
* | Allow replicas of an IPA server using an internal dogtag server as the CA | Rob Crittenden | 2009-07-15 | 1 | -1/+1 | |
| | | | | | | | | This involves creating a new CA instance on the replica and using pkisilent to create a clone of the master CA. Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of changes to ports and configuration have been done recently. | |||||
* | Implement support for non-LDAP-based actions that use the LDAP ACI subsystem. | Rob Crittenden | 2009-07-10 | 1 | -0/+1 | |
| | | | | | | | | | | | | There are some operations, like those for the certificate system, that don't need to write to the directory server. So instead we have an entry that we test against to determine whether the operation is allowed or not. This is done by attempting a write on the entry. If it would succeed then permission is granted. If not then denied. The write we attempt is actually invalid so the write itself will fail but the attempt will fail first if access is not permitted, so we can distinguish between the two without polluting the entry. | |||||
* | Remove use_ldap2 constant. | Pavel Zuna | 2009-07-02 | 1 | -1/+0 | |
| | ||||||
* | Add new env variables: container_taskgroup, container_rolegroup and ↵ | Pavel Zuna | 2009-05-26 | 1 | -0/+3 | |
| | | | | container_netgroup. | |||||
* | Dogtag keeps telling me to use port 9444 and not 9443, use it. | Rob Crittenden | 2009-05-26 | 1 | -1/+1 | |
| | ||||||
* | Force xmlrpc tests to run with in_tree=True so config files in /etc/ipa/ ↵ | Jason Gerard DeRose | 2009-05-11 | 1 | -22/+22 | |
| | | | | don't get read; cleaned up config.Env automagic with regard to running in-tree vs. installed | |||||
* | Add new env variables. 'container_dns' for DNS plugin, 'use_ldap2' for new ↵ | Pavel Zuna | 2009-04-22 | 1 | -0/+2 | |
| | | | | LDAP backend debugging. | |||||
* | Add 'container_hbac' env variable. | root | 2009-04-03 | 1 | -1/+1 | |
| | ||||||
* | Implemented more elegant way for entire plugin module to be conditionally ↵ | Jason Gerard DeRose | 2009-02-17 | 1 | -1/+1 | |
| | | | | skipped; updated cert.py and ra.py modules to use this | |||||
* | Added env.enable_ra variable and change cert.py and ra.py plugin modules to ↵ | Jason Gerard DeRose | 2009-02-17 | 1 | -0/+3 | |
| | | | | register plugins conditionally | |||||
* | Add policy-related container constants | Jakub Hrozek | 2009-02-10 | 1 | -0/+7 | |
| | ||||||
* | Finished reworked cli.CLI class into cli.cli plugin | Jason Gerard DeRose | 2009-02-03 | 1 | -0/+4 | |
| | ||||||
* | More work on xmlrpc stuff, started migrated more code to use errors2 instead ↵ | Jason Gerard DeRose | 2009-02-03 | 1 | -2/+2 | |
| | | | | of errors | |||||
* | Added ca_host, ca_port, and ca_ssl_port Env variables that Andrew requested | Jason Gerard DeRose | 2009-02-03 | 1 | -0/+6 | |
| | ||||||
* | Added Object.params_minus() method; various small tweaks | Jason Gerard DeRose | 2009-02-03 | 1 | -24/+8 | |
| | ||||||
* | Started moving some core classes and functions from plugable.py to new ↵ | Jason Gerard DeRose | 2008-12-30 | 1 | -2/+8 | |
| | | | | base.py module | |||||
* | Some more reorganization in Env and added class docstring to Env with lots ↵ | Jason Gerard DeRose | 2008-12-22 | 1 | -2/+2 | |
| | | | | of examples | |||||
* | Cleaned up Env.__setattr__() and Env.__setitem__() a bit updated their unit ↵ | Jason Gerard DeRose | 2008-12-22 | 1 | -1/+6 | |
| | | | | tests | |||||
* | The Env.__setitem__() implied conversion is now case sensitive; ↵ | Jason Gerard DeRose | 2008-12-22 | 1 | -17/+20 | |
| | | | | Env.__setitem__() now also accepts None as a value | |||||
* | Started work on per-request gettext setup | Jason Gerard DeRose | 2008-12-18 | 1 | -2/+4 | |
| | ||||||
* | New Param: added unit tests for TypeError cases in DefaultFrom.__init__() | Jason Gerard DeRose | 2008-12-18 | 1 | -1/+1 | |
| | ||||||
* | New Param: added missing unit tests for TypeError and ValueError cases in ↵ | Jason Gerard DeRose | 2008-12-18 | 1 | -1/+1 | |
| | | | | parse_param_spec() | |||||
* | Finished kwarg validation and extension mechanism in parameter.Param | Jason Gerard DeRose | 2008-12-11 | 1 | -0/+6 | |
| | ||||||
* | Started roughing out the consolidated type/parameter system in ↵ | Jason Gerard DeRose | 2008-12-10 | 1 | -1/+5 | |
| | | | | parameters.py; started corresponding unit tests | |||||
* | Add autmount-specific location and default entries | Rob Crittenden | 2008-11-14 | 1 | -0/+1 | |
| | ||||||
* | Changed calling signature of output_for_cli(); started work on 'textui' ↵ | Jason Gerard DeRose | 2008-11-12 | 1 | -0/+2 | |
| | | | | backend plugin | |||||
* | Added 'conf_dir' env variable, which is directory containing config files | Jason Gerard DeRose | 2008-11-10 | 1 | -0/+1 | |
| | ||||||
* | Revive the hostgroup_container and include add/remove hosts in hostgroups plugin | Rob Crittenden | 2008-11-04 | 1 | -0/+1 | |
| | ||||||
* | Added custom log formatter util.LogFormatter that makes the human-readable ↵ | Jason Gerard DeRose | 2008-10-31 | 1 | -2/+2 | |
| | | | | time stamp in UTC | |||||
* | Logging formats are now env variables; added log_format_stderr_debug format ↵ | Jason Gerard DeRose | 2008-10-31 | 1 | -17/+33 | |
| | | | | used when env.debug is True | |||||
* | lite-xmlrpc.py now uses api.bootstrap() property, logs to api.logger | Jason Gerard DeRose | 2008-10-28 | 1 | -1/+2 | |
| | ||||||
* | Added util.configure_logging() function; API.bootstrap() now calls ↵ | Jason Gerard DeRose | 2008-10-28 | 1 | -0/+16 | |
| | | | | util.configure_logging() | |||||
* | More CLI cleanup, got all basics working again | Jason Gerard DeRose | 2008-10-27 | 1 | -0/+1 | |
| | ||||||
* | More docstrings, functionality, and unit tests for improved CLI class | Jason Gerard DeRose | 2008-10-27 | 1 | -1/+0 | |
| | ||||||
* | Env._bootstrap() now also sets Env.conf_default | Jason Gerard DeRose | 2008-10-27 | 1 | -1/+2 | |
| | ||||||
* | Added more needed config in DEFAULT_CONFIG | Jason Gerard DeRose | 2008-10-24 | 1 | -4/+31 | |
| | ||||||
* | Finished Env._finalize_core() and corresponding unit tests | Jason Gerard DeRose | 2008-10-24 | 1 | -1/+37 | |
| | ||||||
* | Added ipalib/constants.py; added Env._load_config() method along with ↵ | Jason Gerard DeRose | 2008-10-24 | 1 | -0/+25 | |
comprehensive unit tests for same |