freeipa.git/install/tools, branch master Unnamed repository; edit this file 'description' to name the repository. Automatically update IPA LDAP on rpm upgrades 2011-03-21T17:23:53+00:00 Rob Crittenden rcritten@redhat.com 2011-03-18T15:19:53+00:00 ca5332951c68904b0763f79f3612209271206b2a Re-enable ldapi code in ipa-ldap-updater and remove the searchbase restriction when run in --upgrade mode. This allows us to autobind giving root Directory Manager powers. This also: * corrects the ipa-ldap-updater man page * remove automatic --realm, --server, --domain options * handle upgrade errors properly * saves a copy of dse.ldif before we change it so it can be recovered * fixes an error discovered by pylint ticket 1087 
Re-enable ldapi code in ipa-ldap-updater and remove the searchbase
restriction when run in --upgrade mode. This allows us to autobind
giving root Directory Manager powers.

This also:
 * corrects the ipa-ldap-updater man page
 * remove automatic --realm, --server, --domain options
 * handle upgrade errors properly
 * saves a copy of dse.ldif before we change it so it can be recovered
 * fixes an error discovered by pylint

ticket 1087
Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance. 2011-03-15T18:09:57+00:00 Rob Crittenden rcritten@redhat.com 2011-03-14T20:27:19+00:00 861d1bbdca4793fb45fb233d236d3793cc23da36 This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be defined to use TLS On 7389. * We were symlinking to the main IPA 389-ds NSS certificate databsae. Instead generate a separate NSS database and certificate and have certmonger track it separately I also noticed some variable inconsistency in cainstance.py. Everywhere else we use self.fqdn and that was using self.host_name. I found it confusing so I fixed it. ticket 1085 
This fixes 2 AVCS:

* One because we are enabling port 7390 because an SSL port must be
  defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
  Instead generate a separate NSS database and certificate and have
  certmonger track it separately

I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.

ticket 1085
Use TLS for dogtag replication agreements. 2011-03-10T14:57:36+00:00 Rob Crittenden rcritten@redhat.com 2011-03-10T05:06:15+00:00 9dfb0f05b03176dd8478b56ce684c9a2f4f07b0e Configure the dogtag 389-ds instance with SSL so we can enable TLS for the dogtag replication agreements. The NSS database we use is a symbolic link to the IPA 389-ds instance. ticket 1060 
Configure the dogtag 389-ds instance with SSL so we can enable TLS
for the dogtag replication agreements. The NSS database we use is a
symbolic link to the IPA 389-ds instance.

ticket 1060
chkconfig the ipa service off when it is uninstalled. 2011-03-08T15:23:10+00:00 Rob Crittenden rcritten@redhat.com 2011-03-07T21:29:08+00:00 8c50ea3da319a43bb9a7627b598566f3987be5f5 ticket 1056 
ticket 1056
Improve error handling and return status codes in ipactl 2011-03-07T23:16:48+00:00 Martin Kosek mkosek@redhat.com 2011-03-07T16:35:17+00:00 46221e57bf31bdba833da7d4f61ad215d8d083f3 There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055 
There are cases when ipactl returns success even when it fails. Plus,
when the error really is detected the status codes are not LSB
compliant. This may result in consequent issues.

This patch improves error handling in ipactl and adds LSB compliant
status codes. Namely:

0   program is running or service is OK
3   program is not running
4   program or service status is unknown

for "status" action. Status code 4 is issued when IPA is not
configured to distinguish this state from not running IPA.

For other actions, the following non-zero status codes are
implemented:

1   generic or unspecified error
2   invalid or excess argument(s)
4   user had insufficient privilege
6   program is not configured

https://fedorahosted.org/freeipa/ticket/1055
Skip DNS validation checks if we're setting up DNS in ipa-server-install. 2011-03-04T16:05:40+00:00 Rob Crittenden rcritten@redhat.com 2011-03-03T21:03:44+00:00 c0ecdd1395e457592407c2d4d622a2758896d8ca If we're going to be authoritative ourselves don't bother with what other DNS servers think. ticket 1036 
If we're going to be authoritative ourselves don't bother with what
other DNS servers think.

ticket 1036
Use ldapi: instead of unsecured ldap: in ipa core tools. 2011-03-03T19:04:34+00:00 Pavel Zuna pzuna@redhat.com 2011-02-15T19:11:27+00:00 64575a411b27dde7919406fdaf5bdec07c6645f3 The patch also corrects exception handling in some of the tools. Fix #874 
The patch also corrects exception handling in some of the tools.

Fix #874
Need to restart the dogtag 388-ds instance before using it. 2011-03-03T16:02:03+00:00 Rob Crittenden rcritten@redhat.com 2011-03-02T21:45:45+00:00 f69dc03f07ef1dd7dde4f2db8ba0ffc57fedcab7 Restart the 389-ds instance to ensure all schema is loaded that dogtag may have installed as files. According to bug https://bugzilla.redhat.com/show_bug.cgi?id=680984 this it is only needed on clones. ticket 1024 
Restart the 389-ds instance to ensure all schema is loaded that
dogtag may have installed as files.

According to bug
https://bugzilla.redhat.com/show_bug.cgi?id=680984 this it is only needed
on clones.

ticket 1024
Inconsistent sysrestore file handling by IPA server installer 2011-03-03T16:02:02+00:00 Martin Kosek mkosek@redhat.com 2011-03-01T13:17:03+00:00 f785af4efea088466f8ec2259c79640b9f94e542 IPA server/replica uninstallation may fail when it tries to restore a Directory server configuration file in sysrestore directory, which was already restored before. The problem is in Directory Server uninstaller which uses and modifies its own image of sysrestore directory state instead of using the common uninstaller image. https://fedorahosted.org/freeipa/ticket/1026 
IPA server/replica uninstallation may fail when it tries to restore
a Directory server configuration file in sysrestore directory, which
was already restored before.

The problem is in Directory Server uninstaller which uses and modifies
its own image of sysrestore directory state instead of using the
common uninstaller image.

https://fedorahosted.org/freeipa/ticket/1026
IPA replica/server install does not check for a client 2011-03-03T15:20:39+00:00 Martin Kosek mkosek@redhat.com 2011-02-24T12:02:27+00:00 5a9a9723deffbeef23248e0f145788c9159b726a When IPA replica or server is configured it does not check for possibly installed client. This will cause the installation to fail in the very end. This patch adds a check for already configured client and suggests removing it before server/replica installation. https://fedorahosted.org/freeipa/ticket/1002 
When IPA replica or server is configured it does not check for
possibly installed client. This will cause the installation to
fail in the very end.

This patch adds a check for already configured client and suggests
removing it before server/replica installation.

https://fedorahosted.org/freeipa/ticket/1002