| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ticket #158
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This also requires a resolvable hostname on services as well. I want
people to think long and hard about adding things that aren't resolvable.
The cert plugin can automatically create services on the user's behalf when
issuing a cert. It will always set the force flag to True.
We use a lot of made-up host names in the test system, all of which require
the force flag now.
ticket #25
|
| |
|
|
|
|
|
|
| |
This patch does the following:
- drops our in-tree x509v3 parser to use the python-nss one
- return more information on certificates
- make an API change, renaming cert-get to cert-show
- Drop a lot of duplicated code
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I have to do some pretty low-level LDAP work to achieve this. Since
we can't read the key using our modlist generator won't work and lots of
tricks would be needed to use the LDAPUpdate object in any case.
I pulled usercertificate out of the global params and put into each
appropriate function because it makes no sense for service-disable.
This also adds a new variable, has_keytab, to service/host_show output.
This flag tells us whether there is a krbprincipalkey.
|
| | |
|
| |
|
|
|
| |
We were being left with orphan services if the host entry was not removed
using the FQDN.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The attributes displayed is now dependant upon their definition in
a Param. This enhances that, giving some level of control over how
the result is displayed to the user.
This also fixes displaying group membership, including failures of
adding/removing entries.
All tests pass now though there is still one problem. We need to
return the dn as well. Once that is fixed we just need to comment
out all the dn entries in the tests and they should once again
pass.
|
| | |
|
| |
|
|
|
| |
It seems that 'localityname' and 'locality' aliases were dropped in
newer versions of DS.
|
| | |
|
| |
|
|
| |
attributes.
|
| | |
|
| |
|
|
|
| |
This patch should make joining a client to the domain and using certmonger
to get an initial certificate work.
|
| |
|
|
| |
output_for_cli(); enable more webUI stuff
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This will create a host service principal and may create a host entry (for
admins). A keytab will be generated, by default in /etc/krb5.keytab
If no kerberos credentails are available then enrollment over LDAPS is used
if a password is provided.
This change requires that openldap be used as our C LDAP client. It is much
easier to do SSL using openldap than mozldap (no certdb required). Otherwise
we'd have to write a slew of extra code to create a temporary cert database,
import the CA cert, ...
|
| |
|
|
|
|
|
|
|
| |
ipaObject is defined as an auxiliary objectclass so it is up to the
plugin author to ensure that the objectclass is included an a UUID generated.
ipaUniqueId is a MUST attribute so if you include the objectclass you must
ensure that the uuid is generated.
This also fixes up some unrelated unit test failures.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
If we use cn for hostname there is no easy way to distinguish between
a host and a hostgroup. So adding a fqdn attribute to be used to store
the hostname instead.
|
| |
|
|
| |
a service is removed
|
| | |
|
| | |
|
| | |
|
| |
|
