freeipa.git/ipaserver, branch master Unnamed repository; edit this file 'description' to name the repository. Wait for Directory Server ports to open 2011-03-21T18:31:08+00:00 Martin Kosek mkosek@redhat.com 2011-03-14T16:56:17+00:00 18542cd165d047cba69ed2b3ac12e59993bf2fb0 When Directory Server operation is run right after the server restart the listening ports may not be opened yet. This makes the installation fail. This patch fixes this issue by waiting for both secure and insecure Directory Server ports to open after every restart. https://fedorahosted.org/freeipa/ticket/1076 
When Directory Server operation is run right after the server restart
the listening ports may not be opened yet. This makes the installation
fail.

This patch fixes this issue by waiting for both secure and insecure
Directory Server ports to open after every restart.

https://fedorahosted.org/freeipa/ticket/1076
Automatically update IPA LDAP on rpm upgrades 2011-03-21T17:23:53+00:00 Rob Crittenden rcritten@redhat.com 2011-03-18T15:19:53+00:00 ca5332951c68904b0763f79f3612209271206b2a Re-enable ldapi code in ipa-ldap-updater and remove the searchbase restriction when run in --upgrade mode. This allows us to autobind giving root Directory Manager powers. This also: * corrects the ipa-ldap-updater man page * remove automatic --realm, --server, --domain options * handle upgrade errors properly * saves a copy of dse.ldif before we change it so it can be recovered * fixes an error discovered by pylint ticket 1087 
Re-enable ldapi code in ipa-ldap-updater and remove the searchbase
restriction when run in --upgrade mode. This allows us to autobind
giving root Directory Manager powers.

This also:
 * corrects the ipa-ldap-updater man page
 * remove automatic --realm, --server, --domain options
 * handle upgrade errors properly
 * saves a copy of dse.ldif before we change it so it can be recovered
 * fixes an error discovered by pylint

ticket 1087
Ensure that the system hostname is lower-case. 2011-03-18T18:54:01+00:00 Rob Crittenden rcritten@redhat.com 2011-03-17T14:22:33+00:00 15e213d0258f69feaf6031a8721902f63c864ac2 ticket 1080 
ticket 1080
Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance. 2011-03-15T18:09:57+00:00 Rob Crittenden rcritten@redhat.com 2011-03-14T20:27:19+00:00 861d1bbdca4793fb45fb233d236d3793cc23da36 This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be defined to use TLS On 7389. * We were symlinking to the main IPA 389-ds NSS certificate databsae. Instead generate a separate NSS database and certificate and have certmonger track it separately I also noticed some variable inconsistency in cainstance.py. Everywhere else we use self.fqdn and that was using self.host_name. I found it confusing so I fixed it. ticket 1085 
This fixes 2 AVCS:

* One because we are enabling port 7390 because an SSL port must be
  defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
  Instead generate a separate NSS database and certificate and have
  certmonger track it separately

I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.

ticket 1085
Domain to Realm 2011-03-14T19:26:07+00:00 Simo Sorce ssorce@redhat.com 2011-03-14T19:22:27+00:00 0b6b2342d0d723336b2c612460e3b7ec43f21112 Explicitly use the realm specified on the command line. Many places were assuming that the domain and realm were the same. https://bugzilla.redhat.com/show_bug.cgi?id=684690 https://fedorahosted.org/freeipa/ticket/1091 
Explicitly use the realm specified on the command line.
Many places were assuming that the domain and realm were the same.

https://bugzilla.redhat.com/show_bug.cgi?id=684690
https://fedorahosted.org/freeipa/ticket/1091
Use TLS for dogtag replication agreements. 2011-03-10T14:57:36+00:00 Rob Crittenden rcritten@redhat.com 2011-03-10T05:06:15+00:00 9dfb0f05b03176dd8478b56ce684c9a2f4f07b0e Configure the dogtag 389-ds instance with SSL so we can enable TLS for the dogtag replication agreements. The NSS database we use is a symbolic link to the IPA 389-ds instance. ticket 1060 
Configure the dogtag 389-ds instance with SSL so we can enable TLS
for the dogtag replication agreements. The NSS database we use is a
symbolic link to the IPA 389-ds instance.

ticket 1060
ipa-dns-install script fails 2011-03-08T15:24:53+00:00 Martin Kosek mkosek@redhat.com 2011-03-08T13:44:19+00:00 1c741e62780e966cc0d1efc6541bd19e2c9e4e86 This patch fixes a typo in class Service, function __get_conn which causes ipa-dns-install script to fail every time. https://fedorahosted.org/freeipa/ticket/1065 
This patch fixes a typo in class Service, function __get_conn which
causes ipa-dns-install script to fail every time.

https://fedorahosted.org/freeipa/ticket/1065
Use ldapi: instead of unsecured ldap: in ipa core tools. 2011-03-03T19:04:34+00:00 Pavel Zuna pzuna@redhat.com 2011-02-15T19:11:27+00:00 64575a411b27dde7919406fdaf5bdec07c6645f3 The patch also corrects exception handling in some of the tools. Fix #874 
The patch also corrects exception handling in some of the tools.

Fix #874
Replace only if old and new have nothing in common 2011-03-03T16:02:02+00:00 Rob Crittenden rcritten@redhat.com 2011-02-23T15:43:40+00:00 f476c097d2ac5f0270ea3207955cd7184ffb9e1d Jakub did the initial diagnosis of this, I added a fix for removing the last entry when removing members and a test case. ticket 1000 
Jakub did the initial diagnosis of this, I added a fix for removing
the last entry when removing members and a test case.

ticket 1000
Inconsistent sysrestore file handling by IPA server installer 2011-03-03T16:02:02+00:00 Martin Kosek mkosek@redhat.com 2011-03-01T13:17:03+00:00 f785af4efea088466f8ec2259c79640b9f94e542 IPA server/replica uninstallation may fail when it tries to restore a Directory server configuration file in sysrestore directory, which was already restored before. The problem is in Directory Server uninstaller which uses and modifies its own image of sysrestore directory state instead of using the common uninstaller image. https://fedorahosted.org/freeipa/ticket/1026 
IPA server/replica uninstallation may fail when it tries to restore
a Directory server configuration file in sysrestore directory, which
was already restored before.

The problem is in Directory Server uninstaller which uses and modifies
its own image of sysrestore directory state instead of using the
common uninstaller image.

https://fedorahosted.org/freeipa/ticket/1026