Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add class variable to indicate whether SSL is required or not. | Rob Crittenden | 2009-07-07 | 1 | -2/+4 |
| | | | | | Older python-ldap versions will crash if you call ldap.get_option() on a value that has not been set. | ||||
* | Fix bug in ldap2.modify_password and make adding/removing members slightly ↵ | Pavel Zuna | 2009-07-07 | 1 | -4/+4 |
| | | | | more efficient. | ||||
* | Add conversion of attribute name synonyms when generating modlists. | Pavel Zuna | 2009-06-15 | 1 | -0/+28 |
| | |||||
* | Add support for incomplete (truncated) search results. | Pavel Zuna | 2009-06-15 | 1 | -14/+29 |
| | | | | | | | | | | ldap2.find_entries now returns a tuple containing 2 values. First, a list of entries (dn, entry_attrs), Second, the truncated flag. If the truncated flag is True, search results hit a server limitation and are incomplete. This patch also removes decoding of non-string scalar python types into unicode (they are left unchanged). | ||||
* | Fix bugs in ldap2. | Pavel Zuna | 2009-06-12 | 1 | -18/+8 |
| | |||||
* | Fix bug in ldap2.normalize_dn. | Pavel Zuna | 2009-06-10 | 1 | -1/+1 |
| | | | | DN was always returned as lower-case, sometimes resulting in 2 RDN values with different cases when creating entries. | ||||
* | Use LDAP instead of flat file for zone storage | Martin Nagy | 2009-06-02 | 4 | -19/+16 |
| | |||||
* | Move the __ldap_mod function to the Service class | Martin Nagy | 2009-06-02 | 3 | -65/+47 |
| | | | | | | We were duplicating it for KrbInstance and DsInstance. Since we will also need it for BindInstance as well, it will be better if it is in the Service class instead. | ||||
* | Make it easier to search for a single entry by attribute value ↵ | Pavel Zuna | 2009-05-26 | 1 | -6/+19 |
| | | | | (find_entry_by_attr). Fix minor search filter generation issues. | ||||
* | Make ldap2 always return attribute names as lowercase. Add Encoder to ldap2 ↵ | Pavel Zuna | 2009-05-22 | 1 | -117/+43 |
| | | | | base classes and use encode_args/decode_retval where applicable. | ||||
* | Fix password setting on python 2.4 systems (it doesn't like None for oldpw) | Rob Crittenden | 2009-05-21 | 1 | -1/+1 |
| | |||||
* | Schema change so the nisnetgroup triples work properly. | Rob Crittenden | 2009-05-19 | 1 | -1/+1 |
| | | | | | | If we use cn for hostname there is no easy way to distinguish between a host and a hostgroup. So adding a fqdn attribute to be used to store the hostname instead. | ||||
* | Use the csv module instead of my own hackish lexer. | Rob Crittenden | 2009-05-19 | 1 | -34/+30 |
| | | | | | | | | The first character in a line is used to determine how the line will be quoted. If it begins with no quote we use '. If it begins with either ' or " we use that character. So if you have a quoted string and you don't want it to be considered a comma-separated value put the other quote string around the whole block. | ||||
* | Don't pass non-existent arguments to _handle_errors() | Rob Crittenden | 2009-05-19 | 1 | -9/+5 |
| | |||||
* | Fix a comment and some typos | Rob Crittenden | 2009-05-13 | 1 | -2/+7 |
| | |||||
* | Drop the binary subtype. This usage is deprecated according to Rich M. | Rob Crittenden | 2009-05-13 | 1 | -1/+1 |
| | |||||
* | Add a reason to the NotFound exception so we can provide more robust errors | Rob Crittenden | 2009-05-13 | 2 | -10/+10 |
| | |||||
* | Fix replica installation for self-signed CA (no dogtag) | Rob Crittenden | 2009-05-04 | 1 | -0/+58 |
| | |||||
* | Utilize the new dogtag library for retrieving the CA cert chain | Rob Crittenden | 2009-05-04 | 1 | -15/+4 |
| | |||||
* | Add signing profile to CA installation so we can sign the firefox jar file. | Rob Crittenden | 2009-05-04 | 4 | -57/+170 |
| | | | | | | | Use the requestId we get back from the CA when requesting the RA agent cert and use that to issue the certificate rather than hardcoding 7. This also adds some clean-up of file permissions and leaking fds | ||||
* | Make search filter generation a bit safer. Minor bug fixes/code improvements. | Pavel Zuna | 2009-04-30 | 1 | -8/+12 |
| | |||||
* | Add method to generate DN from attribute directly, without making RDN first. | Pavel Zuna | 2009-04-30 | 1 | -0/+10 |
| | |||||
* | Use XML rather than string routines to handle response from dogtag Remove ↵ | Rob Crittenden | 2009-04-28 | 1 | -6/+17 |
| | | | | trailing CR/LF from the password file | ||||
* | Rename errors2.py to errors.py. Modify all affected files. | Pavel Zuna | 2009-04-23 | 9 | -76/+76 |
| | |||||
* | Fix filter generator in ldapapi. Shouldn't produce invalid filters anymore. | Pavel Zuna | 2009-04-23 | 1 | -6/+12 |
| | |||||
* | Throw AlreadyGroupMember instead of EmptyModlist when trying to re-add ↵ | Pavel Zuna | 2009-04-22 | 1 | -3/+4 |
| | | | | member to a group. | ||||
* | Change ldap2.__handle_errors into the global _handle_errors function. | Pavel Zuna | 2009-04-22 | 1 | -52/+53 |
| | |||||
* | Make it possible to construct partial match filters using make_filter_* ↵ | Pavel Zuna | 2009-04-22 | 1 | -6/+20 |
| | | | | methods. Add missing _sasl_auth variable. | ||||
* | Convert the RA plugin to use nsslib and remove the configure methods | Rob Crittenden | 2009-04-20 | 1 | -134/+39 |
| | |||||
* | Issue DS and Apache server certs during CA installation. | Rob Crittenden | 2009-04-20 | 4 | -102/+355 |
| | | | | | | | Notes: - will create a CA instance (pki-ca) if it doesn't exist - maintains support for a self-signed CA - A signing cert is still not created so Firefox autoconfig still won't work | ||||
* | Remove unwanted white space | Rob Crittenden | 2009-04-20 | 1 | -12/+12 |
| | |||||
* | Finish work replacing the errors module with errors2 | Rob Crittenden | 2009-04-20 | 4 | -95/+153 |
| | | | | | | Once this is committed we can start the process of renaming errors2 as errors. I thought that combinig this into one commit would be more difficult to review. | ||||
* | Renaming the backend ldap plugin to ldapapi.py to prevent module import issues | Rob Crittenden | 2009-04-06 | 1 | -0/+0 |
| | |||||
* | Use full OID for LDAP SYNTAX identification. Don't convert Booleans and ↵ | Pavel Zuna | 2009-04-06 | 1 | -24/+20 |
| | | | | Integers into respective python types as their ranges might not match. Rename module-scope functions. | ||||
* | Add new LDAP backend plugin. | root | 2009-04-03 | 1 | -0/+741 |
| | |||||
* | Implement an installer for the Dogtag certificate system. | Rob Crittenden | 2009-04-03 | 5 | -17/+764 |
| | | | | | | | | | | | | | | | The CA is currently not automatically installed. You have to pass in the --ca flag to install it. What works: - installation - unistallation - cert/ra plugins can issue and retrieve server certs What doesn't work: - self-signed CA is still created and issues Apache and DS certs - dogtag and python-nss not in rpm requires - requires that CS be in the "pre" install state from pkicreate | ||||
* | Renamed remaining plugins still using f_* b_* convention | Jason Gerard DeRose | 2009-04-01 | 1 | -0/+0 |
| | |||||
* | Translate variables on all lines and sort files to be updated | Rob Crittenden | 2009-03-25 | 1 | -3/+5 |
| | | | | | | | | Only the dn and the first line of any entry that was spread across multiple lines were getting passed through the template engine. If we are given a directory to process, sort the files in that directory so the order can be predicted. Some updates rely on others. | ||||
* | DNA is now configured using an update file | Rob Crittenden | 2009-03-25 | 1 | -4/+0 |
| | |||||
* | Allow a search using only the exact search filter | Rob Crittenden | 2009-03-25 | 1 | -4/+10 |
| | |||||
* | Raise a more specific error when a user lacks the proper permissions. | Rob Crittenden | 2009-03-25 | 1 | -1/+5 |
| | | | | | The info part of the message will contain details on what permission failed on what attribute. | ||||
* | Update objectclasses for groups, by default not posix groups. | Rob Crittenden | 2009-02-27 | 1 | -1/+1 |
| | | | | | | This change depends on DS bugs 487574 and 487725. Groups cannot be promoted properly without these fixed. It will fail with an Object Class violation because gidNumber isn't set. | ||||
* | Enforce netgroup uniqueness, allow netgroups to be members of netgroups | Rob Crittenden | 2009-02-27 | 1 | -0/+6 |
| | | | | | When adding an entry, convert a constraint violation of "already exists" into a DuplicateEntry exception so the user gets a useful response | ||||
* | Removed 'Assert False' that was mistakingly left in cert.py; small cleanup ↵ | Jason Gerard DeRose | 2009-02-17 | 1 | -4/+2 |
| | | | | in cert.py and ra.py imports | ||||
* | Implemented more elegant way for entire plugin module to be conditionally ↵ | Jason Gerard DeRose | 2009-02-17 | 1 | -3/+7 |
| | | | | skipped; updated cert.py and ra.py modules to use this | ||||
* | Added env.enable_ra variable and change cert.py and ra.py plugin modules to ↵ | Jason Gerard DeRose | 2009-02-17 | 1 | -1/+2 |
| | | | | register plugins conditionally | ||||
* | Cleaned up ra.revoke_certificate() and ra.take_certificate_off_hold(); added ↵ | Jason Gerard DeRose | 2009-02-17 | 1 | -142/+121 |
| | | | | more tests in integration.py | ||||
* | Some cleanup in ra.request_certificate() | Jason Gerard DeRose | 2009-02-17 | 1 | -44/+41 |
| | |||||
* | More work on ra.check_request_status() and ra.get_certificate() | Jason Gerard DeRose | 2009-02-17 | 1 | -55/+83 |
| | |||||
* | Continued cleanup cert/ra plugins | Jason Gerard DeRose | 2009-02-17 | 1 | -20/+57 |
| |