summaryrefslogtreecommitdiffstats
path: root/ipaserver
Commit message (Collapse)AuthorAgeFilesLines
* Add class variable to indicate whether SSL is required or not.Rob Crittenden2009-07-071-2/+4
| | | | | Older python-ldap versions will crash if you call ldap.get_option() on a value that has not been set.
* Fix bug in ldap2.modify_password and make adding/removing members slightly ↵Pavel Zuna2009-07-071-4/+4
| | | | more efficient.
* Add conversion of attribute name synonyms when generating modlists.Pavel Zuna2009-06-151-0/+28
|
* Add support for incomplete (truncated) search results.Pavel Zuna2009-06-151-14/+29
| | | | | | | | | | ldap2.find_entries now returns a tuple containing 2 values. First, a list of entries (dn, entry_attrs), Second, the truncated flag. If the truncated flag is True, search results hit a server limitation and are incomplete. This patch also removes decoding of non-string scalar python types into unicode (they are left unchanged).
* Fix bugs in ldap2.Pavel Zuna2009-06-121-18/+8
|
* Fix bug in ldap2.normalize_dn.Pavel Zuna2009-06-101-1/+1
| | | | DN was always returned as lower-case, sometimes resulting in 2 RDN values with different cases when creating entries.
* Use LDAP instead of flat file for zone storageMartin Nagy2009-06-024-19/+16
|
* Move the __ldap_mod function to the Service classMartin Nagy2009-06-023-65/+47
| | | | | | We were duplicating it for KrbInstance and DsInstance. Since we will also need it for BindInstance as well, it will be better if it is in the Service class instead.
* Make it easier to search for a single entry by attribute value ↵Pavel Zuna2009-05-261-6/+19
| | | | (find_entry_by_attr). Fix minor search filter generation issues.
* Make ldap2 always return attribute names as lowercase. Add Encoder to ldap2 ↵Pavel Zuna2009-05-221-117/+43
| | | | base classes and use encode_args/decode_retval where applicable.
* Fix password setting on python 2.4 systems (it doesn't like None for oldpw)Rob Crittenden2009-05-211-1/+1
|
* Schema change so the nisnetgroup triples work properly.Rob Crittenden2009-05-191-1/+1
| | | | | | If we use cn for hostname there is no easy way to distinguish between a host and a hostgroup. So adding a fqdn attribute to be used to store the hostname instead.
* Use the csv module instead of my own hackish lexer.Rob Crittenden2009-05-191-34/+30
| | | | | | | | The first character in a line is used to determine how the line will be quoted. If it begins with no quote we use '. If it begins with either ' or " we use that character. So if you have a quoted string and you don't want it to be considered a comma-separated value put the other quote string around the whole block.
* Don't pass non-existent arguments to _handle_errors()Rob Crittenden2009-05-191-9/+5
|
* Fix a comment and some typosRob Crittenden2009-05-131-2/+7
|
* Drop the binary subtype. This usage is deprecated according to Rich M.Rob Crittenden2009-05-131-1/+1
|
* Add a reason to the NotFound exception so we can provide more robust errorsRob Crittenden2009-05-132-10/+10
|
* Fix replica installation for self-signed CA (no dogtag)Rob Crittenden2009-05-041-0/+58
|
* Utilize the new dogtag library for retrieving the CA cert chainRob Crittenden2009-05-041-15/+4
|
* Add signing profile to CA installation so we can sign the firefox jar file.Rob Crittenden2009-05-044-57/+170
| | | | | | | Use the requestId we get back from the CA when requesting the RA agent cert and use that to issue the certificate rather than hardcoding 7. This also adds some clean-up of file permissions and leaking fds
* Make search filter generation a bit safer. Minor bug fixes/code improvements.Pavel Zuna2009-04-301-8/+12
|
* Add method to generate DN from attribute directly, without making RDN first.Pavel Zuna2009-04-301-0/+10
|
* Use XML rather than string routines to handle response from dogtag Remove ↵Rob Crittenden2009-04-281-6/+17
| | | | trailing CR/LF from the password file
* Rename errors2.py to errors.py. Modify all affected files.Pavel Zuna2009-04-239-76/+76
|
* Fix filter generator in ldapapi. Shouldn't produce invalid filters anymore.Pavel Zuna2009-04-231-6/+12
|
* Throw AlreadyGroupMember instead of EmptyModlist when trying to re-add ↵Pavel Zuna2009-04-221-3/+4
| | | | member to a group.
* Change ldap2.__handle_errors into the global _handle_errors function.Pavel Zuna2009-04-221-52/+53
|
* Make it possible to construct partial match filters using make_filter_* ↵Pavel Zuna2009-04-221-6/+20
| | | | methods. Add missing _sasl_auth variable.
* Convert the RA plugin to use nsslib and remove the configure methodsRob Crittenden2009-04-201-134/+39
|
* Issue DS and Apache server certs during CA installation.Rob Crittenden2009-04-204-102/+355
| | | | | | | Notes: - will create a CA instance (pki-ca) if it doesn't exist - maintains support for a self-signed CA - A signing cert is still not created so Firefox autoconfig still won't work
* Remove unwanted white spaceRob Crittenden2009-04-201-12/+12
|
* Finish work replacing the errors module with errors2Rob Crittenden2009-04-204-95/+153
| | | | | | Once this is committed we can start the process of renaming errors2 as errors. I thought that combinig this into one commit would be more difficult to review.
* Renaming the backend ldap plugin to ldapapi.py to prevent module import issuesRob Crittenden2009-04-061-0/+0
|
* Use full OID for LDAP SYNTAX identification. Don't convert Booleans and ↵Pavel Zuna2009-04-061-24/+20
| | | | Integers into respective python types as their ranges might not match. Rename module-scope functions.
* Add new LDAP backend plugin.root2009-04-031-0/+741
|
* Implement an installer for the Dogtag certificate system.Rob Crittenden2009-04-035-17/+764
| | | | | | | | | | | | | | | The CA is currently not automatically installed. You have to pass in the --ca flag to install it. What works: - installation - unistallation - cert/ra plugins can issue and retrieve server certs What doesn't work: - self-signed CA is still created and issues Apache and DS certs - dogtag and python-nss not in rpm requires - requires that CS be in the "pre" install state from pkicreate
* Renamed remaining plugins still using f_* b_* conventionJason Gerard DeRose2009-04-011-0/+0
|
* Translate variables on all lines and sort files to be updatedRob Crittenden2009-03-251-3/+5
| | | | | | | | Only the dn and the first line of any entry that was spread across multiple lines were getting passed through the template engine. If we are given a directory to process, sort the files in that directory so the order can be predicted. Some updates rely on others.
* DNA is now configured using an update fileRob Crittenden2009-03-251-4/+0
|
* Allow a search using only the exact search filterRob Crittenden2009-03-251-4/+10
|
* Raise a more specific error when a user lacks the proper permissions.Rob Crittenden2009-03-251-1/+5
| | | | | The info part of the message will contain details on what permission failed on what attribute.
* Update objectclasses for groups, by default not posix groups.Rob Crittenden2009-02-271-1/+1
| | | | | | This change depends on DS bugs 487574 and 487725. Groups cannot be promoted properly without these fixed. It will fail with an Object Class violation because gidNumber isn't set.
* Enforce netgroup uniqueness, allow netgroups to be members of netgroupsRob Crittenden2009-02-271-0/+6
| | | | | When adding an entry, convert a constraint violation of "already exists" into a DuplicateEntry exception so the user gets a useful response
* Removed 'Assert False' that was mistakingly left in cert.py; small cleanup ↵Jason Gerard DeRose2009-02-171-4/+2
| | | | in cert.py and ra.py imports
* Implemented more elegant way for entire plugin module to be conditionally ↵Jason Gerard DeRose2009-02-171-3/+7
| | | | skipped; updated cert.py and ra.py modules to use this
* Added env.enable_ra variable and change cert.py and ra.py plugin modules to ↵Jason Gerard DeRose2009-02-171-1/+2
| | | | register plugins conditionally
* Cleaned up ra.revoke_certificate() and ra.take_certificate_off_hold(); added ↵Jason Gerard DeRose2009-02-171-142/+121
| | | | more tests in integration.py
* Some cleanup in ra.request_certificate()Jason Gerard DeRose2009-02-171-44/+41
|
* More work on ra.check_request_status() and ra.get_certificate()Jason Gerard DeRose2009-02-171-55/+83
|
* Continued cleanup cert/ra pluginsJason Gerard DeRose2009-02-171-20/+57
|