Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add --{set,add,del}attr options to commands which are missing them. | Jan Cholasta | 2012-08-03 | 1 | -1/+1 |
| | | | | ticket 2963 | ||||
* | Handle various forms of admin accounts when establishing trusts | Alexander Bokovoy | 2012-07-18 | 1 | -0/+8 |
| | | | | | | | | | | | | | | | | | | | | | | Realm administrator account may be specified using different form: Administrator, DOM\Administrator, Administrator@DOMAIN This patch introduces handling of the second two forms: - In DOM\Administrator only user name is used, short domain name is then taken from a discovered record from the AD DC - In Administrator@DOMAIN first DOMAIN is verified to be the same as the domain we are establishing trust to, and then user name is taken, together with short domain name taken from a discovered record from the AD DC Note that we do not support using to-be-trusted domain's trusted domains' accounts to establish trust as there is basically zero chance to verify that things will work with them. In addition, in order to establish trust one needs to belong to Enterprise Admins group in AD or have specially delegated permissions. These permissions are unlikely delegated to the ones in already trusted domain. https://fedorahosted.org/freeipa/ticket/2864 | ||||
* | ipalib/plugins/trust.py: ValidationError takes 'error' named argument, not ↵ | Alexander Bokovoy | 2012-07-18 | 1 | -3/+3 |
| | | | | | | 'reason' https://fedorahosted.org/freeipa/ticket/2865 | ||||
* | Add support for external group members | Alexander Bokovoy | 2012-06-28 | 1 | -0/+4 |
| | | | | | | | | | When using ipaExternalGroup/ipaExternalMember attributes it is possible to add group members which don't exist in IPA database. This is primarily is required for AD trusts support and therefore validation is accepting only secure identifier (SID) format. https://fedorahosted.org/freeipa/ticket/2664 | ||||
* | Rename 'ipa trust-add-ad' to 'ipa trust-add --type=ad' | Alexander Bokovoy | 2012-06-25 | 1 | -4/+22 |
| | |||||
* | Use correct SID attribute for trusted domains | Alexander Bokovoy | 2012-06-25 | 1 | -2/+2 |
| | | | | | | We have two SID attributes, ipaNTSecurityIdentifier and ipaNTTrustedDomainSID. First is used for recording SID of our users/groups, second is to store SID of a remote trusted domain. | ||||
* | Add trust management for Active Directory trusts | Alexander Bokovoy | 2012-06-07 | 1 | -0/+254 |