| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provides two new options for the ipa-client-install:
--nisdomain: specifies the NIS domain name
--no_nisdomain: flag to aviod setting the NIS domain name
In case no --nisdomain is specified and --no_nisdomain flag was
not set, the IPA domain is used.
Manual pages updated.
http://fedorahosted.org/freeipa/ticket/3202
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a parameter that represents a DateTime format using datetime.datetime
object from python's native datetime library.
In the CLI, accepts one of the following formats:
Accepts LDAP Generalized time without in the following format:
'%Y%m%d%H%M%SZ'
Accepts subset of values defined by ISO 8601:
'%Y-%m-%dT%H:%M:%SZ'
'%Y-%m-%dT%H:%MZ'
'%Y-%m-%dZ'
Also accepts above formats using ' ' (space) as a separator instead of 'T'.
As a simplification, it does not deal with timezone info and ISO 8601
values with timezone info (+-hhmm) are rejected. Values are expected
to be in the UTC timezone.
Values are saved to LDAP as LDAP Generalized time values in the format
'%Y%m%d%H%SZ' (no time fractions and UTC timezone is assumed). To avoid
confusion, in addition to subset of ISO 8601 values, the LDAP generalized
time in the format '%Y%m%d%H%M%SZ' is also accepted as an input (as this is the
format user will see on the output).
Part of: https://fedorahosted.org/freeipa/ticket/3306
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
| |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
| |
get_type returns the Python type for an LDAP attribute.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
| |
Before, this was done by dogtag-ipa-retrieve-agent-submit.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4138
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Run function can now run the specified command as different user by
setting the both real and effective UID and GID for executed process.
Add both the missing run function attribute doc strings as well as
a doc string for the runas attribute.
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
|
|
|
| |
Use LDAPEntry.generate_modlist instead of LDAPClient._generate_modlist and
remove LDAPClient._generate_modlist.
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
|
|
| |
Remove legacy IPAdmin methods generateModList and updateEntry.
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
|
|
| |
Add some default overrides.
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
|
|
| |
Refactor IPASimpleLDAPObject methods get_syntax and get_single_value.
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
|
|
|
|
|
|
|
|
|
| |
Fix both the service restart procedure and registration of old
pki-cad well known service name.
This patch was adapted from original patch of Jan Cholasta 178 to
fix ticket 4092.
https://fedorahosted.org/freeipa/ticket/4092
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.
FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2
https://fedorahosted.org/freeipa/ticket/3438
Updated by pviktori@redhat.com
|
| |
|
|
|
|
|
|
|
| |
Server and client installer should allow kernel keyring ccache when
supported.
https://fedorahosted.org/freeipa/ticket/4013
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3971
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3971
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3971
|
|
|
|
|
|
|
| |
Creating a LDAPEntry from dict does not set the raw entries,
to display everything we need to combine the underlying data.
https://fedorahosted.org/freeipa/ticket/4015
|
|
|
|
|
|
|
|
|
|
|
| |
During the installation, copy the CA certificate to the systemwide
store (/etc/pki/ca-trust/source/anchors/ipa-ca.crt) and update the
systemwide CA database.
This allows browsers to access IPA WebUI without warning out of the
box.
https://fedorahosted.org/freeipa/ticket/3504
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3504
|
|
|
|
|
|
|
| |
Now that there's a dedicated schema updater, we do not need the code
in ldapupdate.
https://fedorahosted.org/freeipa/ticket/3454
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new updater is run as part of `ipa-ldap-updater --upgrade`
and `ipa-ldap-updater --schema` (--schema is a new option).
The --schema-file option to ipa-ldap-updater may be used (multiple
times) to select a non-default set of schema files to update against.
The updater adds an X-ORIGIN tag with the current IPA version to
all elements it adds or modifies.
https://fedorahosted.org/freeipa/ticket/3454
|
|
|
|
|
|
|
|
|
| |
Option --configure-firefox configures firefox to use Kerberos
credentials within IPA domain
Optional option --firefox-dir=DIR allows to user to specify non-standard
path where firefox install directory is placed.
Part of ticket: https://fedorahosted.org/freeipa/ticket/3821
|
|
|
|
|
| |
The utf8_encode_value/_values functions from ipautil are no longer used.
Remove them.
|
|
|
|
|
|
| |
This change makes single_value consistent with the raw property.
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
|
|
|
|
|
|
|
| |
This is achieved by storing both decoded and encoded attribute values in
LDAPEntry and synchronizing changes between them whenever an attribute is
accessed.
Added a new property "raw" to LDAPEntry. It provides a dictionary-like
object which can be used to directly access encoded attribute values.
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
|
|
|
| |
Outside of LDAPEntry, it is still possible to use non-lists. Once we enforce
lists for attribute values, this will be removed.
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
|
|
|
| |
This method is intended as a counterpart of IPASimpleLDAPObject.encode and
replaces IPASimpleLDAPObject.convert_value_list.
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch for ticket 3964 changed the installer so that it does not
always wait for CA if the proxy is not configured. However,
it was found out that it may freeze an installation when
a step subsequent after CA restart call the CA and receives no
reply.
Change the wait so that it always waits for CA to start up. If
HTTP proxy is already configured, it should wait on port 443.
If not, it should wait on local PKI port 8443.
https://fedorahosted.org/freeipa/ticket/3973
|
|
|
|
|
|
|
|
| |
Proxy configuration was not detected correctly. Both
ipa-pki-proxy.conf and ipa.conf need to be in place and httpd
restarted to be able to check it's status.
https://fedorahosted.org/freeipa/ticket/3964
|
|
|
|
|
| |
Previously NSPRError was given arguments in the wrong order.
Fix this by naming the arguments.
|
|
|
|
|
|
|
|
|
| |
Updating a CIDict with data like {'A': 1, 'a': 2} would lead to data
loss since only one of the items would get to the CIDict.
This can result in non-obvious bugs similar to this one in python-ldap:
https://bugzilla.redhat.com/show_bug.cgi?id=1007820
Raise an error in this case; any resolution must be done by the caller.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the CIDict interface match standard dict (except view* methods).
Add __contains__, __iter__, clear.
Add keyword and iterable support for __init__, update.
Also add values() and itervalues(). Previously the dict versions were
used; the new ones guarantee that the order matches keys().
Mark view* methods as not implemented.
CIDict.copy() now returns a CIDict.
Test the above additions, and fromkeys() which worked but wasn't tested.
|
|
|
|
|
|
|
|
| |
Nose doesn't pick up directories that don't begin with 'test'.
Rename ipatests/test_ipaserver/install to test_install so that it's run.
Also, merge test_ipautil.py from ipapython/test into tests/test_ipapython,
so the whole test suite is in one place.
|
|
|
|
| |
Don't use Python.h from the platform specific path
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When configuring the 389 Directory Server instance, we tune it
so that number of file descriptors available to the DS is increased
from the default 1024 to 8192.
There are platform specific steps that need to be conducted
differently on systemd compatible platforms and sysV compatible
platforms.
systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd
sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv
set ulimit - nofile 8192 in /etc/security/limits.conf
https://fedorahosted.org/freeipa/ticket/3823
|