Mass tree reorganization for IPAv2. To view previous history of files use:

% git log --follow -- <file>

renamed: ipa-server/autogen.sh -> autogen.sh
renamed: ipa-server/ipa-kpasswd/Makefile.am -> daemons/ipa-kpasswd/Makefile.am
renamed: ipa-server/ipa-kpasswd/README -> daemons/ipa-kpasswd/README
renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.c -> daemons/ipa-kpasswd/ipa_kpasswd.c
renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.init -> daemons/ipa-kpasswd/ipa_kpasswd.init
renamed: ipa-server/ipa-slapi-plugins/Makefile.am -> daemons/ipa-slapi-plugins/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/README -> daemons/ipa-slapi-plugins/README
renamed: ipa-server/ipa-slapi-plugins/dna/Makefile.am -> daemons/ipa-slapi-plugins/dna/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/dna/dna-conf.ldif -> daemons/ipa-slapi-plugins/dna/dna-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/dna/dna.c -> daemons/ipa-slapi-plugins/dna/dna.c
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/Makefile.am -> daemons/ipa-slapi-plugins/ipa-memberof/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif -> daemons/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am -> daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/README -> daemons/ipa-slapi-plugins/ipa-pwd-extop/README
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c -> daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif -> daemons/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/Makefile.am -> daemons/ipa-slapi-plugins/ipa-winsync/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/README -> daemons/ipa-slapi-plugins/ipa-winsync/README
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
renamed: ipa-server/xmlrpc-server/ipa-rewrite.conf -> install/conf/ipa-rewrite.conf
renamed: ipa-server/xmlrpc-server/ipa.conf -> install/conf/ipa.conf
renamed: ipa-server/xmlrpc-server/ssbrowser.html -> install/html/ssbrowser.html
renamed: ipa-server/xmlrpc-server/unauthorized.html -> install/html/unauthorized.html
renamed: ipa-server/ipa-install/share/60ipaconfig.ldif -> install/share/60ipaconfig.ldif
renamed: ipa-server/ipa-install/share/60kerberos.ldif -> install/share/60kerberos.ldif
renamed: ipa-server/ipa-install/share/60radius.ldif -> install/share/60radius.ldif
renamed: ipa-server/ipa-install/share/60samba.ldif -> install/share/60samba.ldif
renamed: ipa-server/ipa-install/share/Makefile.am -> install/share/Makefile.am
renamed: ipa-server/ipa-install/share/bind.named.conf.template -> install/share/bind.named.conf.template
renamed: ipa-server/ipa-install/share/bind.zone.db.template -> install/share/bind.zone.db.template
renamed: ipa-server/ipa-install/share/bootstrap-template.ldif -> install/share/bootstrap-template.ldif
renamed: ipa-server/ipa-install/share/certmap.conf.template -> install/share/certmap.conf.template
renamed: ipa-server/ipa-install/share/default-aci.ldif -> install/share/default-aci.ldif
renamed: ipa-server/ipa-install/share/default-keytypes.ldif -> install/share/default-keytypes.ldif
renamed: ipa-server/ipa-install/share/dna-posix.ldif -> install/share/dna-posix.ldif
renamed: ipa-server/ipa-install/share/encrypted_attribute.ldif -> install/share/encrypted_attribute.ldif
renamed: ipa-server/ipa-install/share/fedora-ds.init.patch -> install/share/fedora-ds.init.patch
renamed: ipa-server/ipa-install/share/indices.ldif -> install/share/indices.ldif
renamed: ipa-server/ipa-install/share/kdc.conf.template -> install/share/kdc.conf.template
renamed: ipa-server/ipa-install/share/kerberos.ldif -> install/share/kerberos.ldif
renamed: ipa-server/ipa-install/share/krb.con.template -> install/share/krb.con.template
renamed: ipa-server/ipa-install/share/krb5.conf.template -> install/share/krb5.conf.template
renamed: ipa-server/ipa-install/share/krb5.ini.template -> install/share/krb5.ini.template
renamed: ipa-server/ipa-install/share/krbrealm.con.template -> install/share/krbrealm.con.template
renamed: ipa-server/ipa-install/share/master-entry.ldif -> install/share/master-entry.ldif
renamed: ipa-server/ipa-install/share/memberof-task.ldif -> install/share/memberof-task.ldif
renamed: ipa-server/ipa-install/share/ntp.conf.server.template -> install/share/ntp.conf.server.template
renamed: ipa-server/ipa-install/share/ntpd.sysconfig.template -> install/share/ntpd.sysconfig.template
renamed: ipa-server/ipa-install/share/preferences.html.template -> install/share/preferences.html.template
renamed: ipa-server/ipa-install/share/referint-conf.ldif -> install/share/referint-conf.ldif
renamed: ipa-server/ipa-install/share/schema_compat.uldif -> install/share/schema_compat.uldif
renamed: ipa-server/ipa-install/share/unique-attributes.ldif -> install/share/unique-attributes.ldif
renamed: ipa-server/ipa-install/Makefile.am -> install/tools/Makefile.am
renamed: ipa-server/ipa-install/README -> install/tools/README
renamed: ipa-server/ipa-compat-manage -> install/tools/ipa-compat-manage
renamed: ipa-server/ipa-fix-CVE-2008-3274 -> install/tools/ipa-fix-CVE-2008-3274
renamed: ipa-server/ipa-ldap-updater -> install/tools/ipa-ldap-updater
renamed: ipa-server/ipa-install/ipa-replica-install -> install/tools/ipa-replica-install
renamed: ipa-server/ipa-install/ipa-replica-manage -> install/tools/ipa-replica-manage
renamed: ipa-server/ipa-install/ipa-replica-prepare -> install/tools/ipa-replica-prepare
renamed: ipa-server/ipa-install/ipa-server-certinstall -> install/tools/ipa-server-certinstall
renamed: ipa-server/ipa-install/ipa-server-install -> install/tools/ipa-server-install
renamed: ipa-server/ipa-upgradeconfig -> install/tools/ipa-upgradeconfig
renamed: ipa-server/ipa-install/ipactl -> install/tools/ipactl
renamed: ipa-server/man/Makefile.am -> install/tools/man/Makefile.am
renamed: ipa-server/man/ipa-compat-manage.1 -> install/tools/man/ipa-compat-manage.1
renamed: ipa-server/man/ipa-ldap-updater.1 -> install/tools/man/ipa-ldap-updater.1
renamed: ipa-server/man/ipa-replica-install.1 -> install/tools/man/ipa-replica-install.1
renamed: ipa-server/man/ipa-replica-manage.1 -> install/tools/man/ipa-replica-manage.1
renamed: ipa-server/man/ipa-replica-prepare.1 -> install/tools/man/ipa-replica-prepare.1
renamed: ipa-server/man/ipa-server-certinstall.1 -> install/tools/man/ipa-server-certinstall.1
renamed: ipa-server/man/ipa-server-install.1 -> install/tools/man/ipa-server-install.1
renamed: ipa-server/man/ipa_kpasswd.8 -> install/tools/man/ipa_kpasswd.8
renamed: ipa-server/man/ipa_webgui.8 -> install/tools/man/ipa_webgui.8
renamed: ipa-server/man/ipactl.8 -> install/tools/man/ipactl.8
renamed: ipa-server/ipa-install/updates/Makefile.am -> install/updates/Makefile.am
renamed: ipa-server/ipa-install/updates/RFC2307bis.update -> install/updates/RFC2307bis.update
renamed: ipa-server/ipa-install/updates/RFC4876.update -> install/updates/RFC4876.update
renamed: ipa-server/ipa-install/updates/indices.update -> install/updates/indices.update
renamed: ipa-server/ipa-install/updates/nss_ldap.update -> install/updates/nss_ldap.update
renamed: ipa-server/ipa-install/updates/replication.update -> install/updates/replication.update
renamed: ipa-server/ipa-install/updates/winsync_index.update -> install/updates/winsync_index.update
renamed: ipa-server/ipaserver/Makefile.am -> ipaserver/install/Makefile.am
renamed: ipa-server/ipaserver/__init__.py -> ipaserver/install/__init__.py
renamed: ipa-server/ipaserver/bindinstance.py -> ipaserver/install/bindinstance.py
renamed: ipa-server/ipaserver/certs.py -> ipaserver/install/certs.py
renamed: ipa-server/ipaserver/dsinstance.py -> ipaserver/install/dsinstance.py
renamed: ipa-server/ipaserver/httpinstance.py -> ipaserver/install/httpinstance.py
renamed: ipa-server/ipaserver/installutils.py -> ipaserver/install/installutils.py
renamed: ipa-server/ipaserver/ipaldap.py -> ipaserver/install/ipaldap.py
renamed: ipa-server/ipaserver/krbinstance.py -> ipaserver/install/krbinstance.py
renamed: ipa-server/ipaserver/ldapupdate.py -> ipaserver/install/ldapupdate.py
renamed: ipa-server/ipaserver/ntpinstance.py -> ipaserver/install/ntpinstance.py
renamed: ipa-server/ipaserver/replication.py -> ipaserver/install/replication.py
renamed: ipa-server/ipaserver/service.py -> ipaserver/install/service.py
renamed: ipa-server/selinux/Makefile -> selinux/Makefile
renamed: ipa-server/selinux/ipa-server-selinux.spec.in -> selinux/ipa-server-selinux.spec.in
renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.fc -> selinux/ipa_kpasswd/ipa_kpasswd.fc
renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te -> selinux/ipa_kpasswd/ipa_kpasswd.te
renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.fc -> selinux/ipa_webgui/ipa_webgui.fc
renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.te -> selinux/ipa_webgui/ipa_webgui.te
renamed: ipa-server/version.m4.in -> version.m4.in

11 files changed, 548 insertions, 0 deletions

diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am
new file mode 100644
index 00000000..244b06b8
--- /dev/null
+++ b/install/tools/man/Makefile.am
@@ -0,0 +1,27 @@
+# This file will be processed with automake-1.7 to create Makefile.in
+
+AUTOMAKE_OPTIONS = 1.7
+
+NULL=
+
+man1_MANS = 				\
+	ipa-replica-install.1		\
+	ipa-replica-manage.1		\
+	ipa-replica-prepare.1		\
+	ipa-server-certinstall.1	\
+	ipa-server-install.1		\
+	ipa-ldap-updater.1			\
+	ipa-compat-manage.1
+
+man8_MANS =				\
+	ipactl.8			\
+	ipa_kpasswd.8			\
+	ipa_webgui.8
+
+install-data-hook:
+	@for i in $(man1_MANS) ; do gzip -f $(DESTDIR)$(man1dir)/$$i ; done
+	@for i in $(man8_MANS) ; do gzip -f $(DESTDIR)$(man8dir)/$$i ; done
+
+MAINTAINERCLEANFILES =          \
+        Makefile.in             \
+        $(NULL)
diff --git a/install/tools/man/ipa-compat-manage.1 b/install/tools/man/ipa-compat-manage.1
new file mode 100644
index 00000000..767384a4
--- /dev/null
+++ b/install/tools/man/ipa-compat-manage.1
@@ -0,0 +1,45 @@
+.\" A man page for ipa-ldap-updater
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\"
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\"
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\"
+.\" Author: Simo Sorce <ssorce@redhat.com>
+.\"
+.TH "ipa-compat-manage" "1" "Dec 2 2008" "freeipa" ""
+.SH "NAME"
+ipa\-compat\-manage \- Enables or disables the schema compatibility plugin
+.SH "SYNOPSIS"
+ipa\-compat\-manage [options] <enable|disable>
+.SH "DESCRIPTION"
+Run the command with the \fBenable\fR option to enable the compat plugin.
+
+Run the command with the \fBdisable\fR option to disable the compat plugin.
+
+In both cases the user will be prompted to provide the Directory Manager's password unless option \fB\-y\fR is used.
+
+Directory Server will need to be restarted after the schema compatibility plugin has been enabled.
+
+.SH "OPTIONS"
+.TP
+\fB\-d\fR, \fB\-\-debug\fR
+Enable debug logging when more verbose output is needed
+.TP
+\fB\-y\fR \fIfile\fR
+File containing the Directory Manager password
+.SH "EXIT STATUS"
+0 if the command was successful
+
+1 if an error occurred
+
+2 if the plugin is already in the required status (enabled or disabled)
diff --git a/install/tools/man/ipa-ldap-updater.1 b/install/tools/man/ipa-ldap-updater.1
new file mode 100644
index 00000000..453ac758
--- /dev/null
+++ b/install/tools/man/ipa-ldap-updater.1
@@ -0,0 +1,78 @@
+.\" A man page for ipa-ldap-updater
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\" 
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\" 
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\" 
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\" 
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\" 
+.TH "ipa-ldap-updater" "1" "Sep 12 2008" "freeipa" ""
+.SH "NAME"
+ipa\-ldap\-updater \- Update the IPA LDAP configuration
+.SH "SYNOPSIS"
+ipa\-ldap\-updater [options] input_file(s)
+ipa\-ldap\-updater [options]
+.SH "DESCRIPTION"
+Run with no file arguments, ipa\-ldap\-updater will process all files with the extension .update in /usr/share/ipa/updates.
+
+An update file describes an LDAP entry and a set of operations to be performed on that entry. It can be used to add new entries or modify existing entries. It cannot remove entries, just specific values in a given attribute.
+
+Blank lines and lines beginning with # are ignored.
+
+There are 4 keywords:
+
+    * default: the starting value
+    * add: add a value (or values) to an attribute
+    * remove: remove a value (or values) from an attribute
+    * only: set an attribute to this 
+
+Values is a comma\-separated field so multi\-values may be added at one time. Double or single quotes may be put around individual values that contain embedded commas.
+
+The difference between the default and add keywords is if the DN of the entry exists then default is ignored. So for updating something like schema, which will be under cn=schema, you must always use add (because cn=schema is guaranteed to exist). It will not re\-add the same information again and again.
+
+It alsos provide some things that can be templated such as architecture (for plugin paths), realm and domain name.
+
+The available template variables are:
+
+    * $REALM \- the kerberos realm (EXAMPLE.COM)
+    * $FQDN \- the fully\-qualified domain name of the IPA server being updated (ipa.example.com)
+    * $DOMAIN \- the domain name (example.com)
+    * $SUFFIX \- the IPA LDAP suffix (dc=example,dc=com)
+    * $LIBARCH \- set to 64 on x86_64 systems to be used for plugin paths
+    * $TIME \- an integer representation of current time 
+
+A few rules:
+
+   1. Only one rule per line
+   2. Each line stands alone (e.g. an only followed by an only results in the last only being used)
+   3. adding a value that exists is ok. The request is ignored, duplicate values are not added
+   4. removing a value that doesn't exist is ok. It is simply ignored.
+   5. If a DN doesn't exist it is created from the 'default' entry and all updates are applied
+   6. If a DN does exist the default values are skipped
+   7. Only the first rule on a line is respected 
+.SH "OPTIONS"
+.TP 
+\fB\-d\fR, \fB\-\-debug
+Enable debug logging when more verbose output is needed
+.TP 
+\fB\-t\fR, \fB\-\-test\fR
+Run through the update without changing anything. If changes are available then the command returns 2. If no updates are available it returns 0.
+.TP 
+\fB\-y\fR
+File containing the Directory Manager password
+.SH "EXIT STATUS"
+0 if the command was successful
+
+1 if an error occurred
+
+2 if run with in test mode (\-t) and updates are available
diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1
new file mode 100644
index 00000000..674afd12
--- /dev/null
+++ b/install/tools/man/ipa-replica-install.1
@@ -0,0 +1,41 @@
+.\" A man page for ipa-replica-install
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\" 
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\" 
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\" 
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\" 
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\" 
+.TH "ipa-replica-install" "1" "Mar 14 2008" "freeipa" ""
+.SH "NAME"
+ipa\-replica\-install \- Create an IPA replica
+.SH "SYNOPSIS"
+ipa\-replica\-install [\fIOPTION\fR]... replica_file
+.SH "DESCRIPTION"
+Configures a new IPA server that is a replica of the server that generated it. Once it has been created it is an exact copy of the original IPA server and is an equal master. Changes made to any master are automatically replicated to other masters.
+
+The replica_file is created using the ipa\-replica\-prepare utility.
+.SH "OPTIONS"
+.TP 
+\fB\-d\fR, \fB\-\-debug
+Enable debug logging when more verbose output is needed
+.TP 
+\fB\-n\fR, \fB\-\-no\-ntp\fR
+Do not configure NTP
+.TP 
+\fB\-p\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR 
+Directory Manager (existing master) password
+.SH "EXIT STATUS"
+0 if the command was successful
+
+1 if an error occurred
diff --git a/install/tools/man/ipa-replica-manage.1 b/install/tools/man/ipa-replica-manage.1
new file mode 100644
index 00000000..810cf1de
--- /dev/null
+++ b/install/tools/man/ipa-replica-manage.1
@@ -0,0 +1,70 @@
+.\" A man page for ipa-replica-manage
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\" 
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\" 
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\" 
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\" 
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\" 
+.TH "ipa-replica-manage" "1" "Mar 14 2008" "freeipa" ""
+.SH "NAME"
+ipa\-replica\-manage \- Manage an IPA replica
+.SH "SYNOPSIS"
+ipa\-replica\-manage [\fIOPTION\fR]... [add|del|list|init|synch] [SERVER]
+.SH "DESCRIPTION"
+Manages the replication agreements of an IPA server.
+.TP 
+add \- Adds a new replication agreement between two existing IPA servers
+.TP 
+del \- Removes a replication agreement
+.TP 
+list \- Lists the hostnames that HOST IPA server has agreements with
+.TP 
+init \- Forces a full initialization of the IPA server on SERVER from HOST
+.TP 
+synch \- Immediately flush any data to be replicated to SERVER
+.SH "OPTIONS"
+.TP 
+\fB\-H HOST\fR, \fB\-\-host\fR=\fIHOST\fR
+The IPA server to manage
+.TP 
+\fB\-p DM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
+The Directory Manager password to use for authentication
+.TP 
+\fB\-v\fR, \fB\-\-verbose\fR
+Provide additional information
+.TP
+\fB\-\-winsync\fR
+Specifies to create/use a Windows Sync Agreement
+.TP
+\fB\-\-port\fR=\fISERVER_PORT\fR
+Port number of other server (default is 636, the LDAPS port)
+.TP
+\fB\-\-binddn\fR=\fIADMIN_DN\fR
+Bind DN to use with remote server (default is cn=Directory Manager) - Be careful to quote this value on the command line
+.TP
+\fB--bindpw\fR=\fIADMIN_PWD\fR
+Password for Bind DN to use with remote server (default is the DM_PASSWORD above)
+.TP
+\fB\-\-cacert\fR=\fI/path/to/cacertfile\fR
+Full path and filename of CA certificate to use with TLS/SSL to the remote server - this CA certificate will be installed in the directory server's certificate database
+.TP
+\fB\-\-win-subtree\fR=\fIcn=Users,dc=example,dc=com\fR
+DN of Windows subtree containing the users you want to sync (default cn=Users,<domain suffix> - this is typically what Windows AD uses as the default value) - Be careful to quote this value on the command line
+.TP
+\fB\-\-passsync\fR=\fIPASSSYNC_PWD\fR
+Password for the Windows PassSync user.
+.SH "EXIT STATUS"
+0 if the command was successful
+
+1 if an error occurred
diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1
new file mode 100644
index 00000000..8eb49444
--- /dev/null
+++ b/install/tools/man/ipa-replica-prepare.1
@@ -0,0 +1,48 @@
+.\" A man page for ipa-replica-prepare
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\" 
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\" 
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\" 
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\" 
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\" 
+.TH "ipa-replica-prepare" "1" "Mar 14 2008" "freeipa" ""
+.SH "NAME"
+ipa\-replica\-prepare \- Create an IPA replica file
+.SH "SYNOPSIS"
+ipa\-replica\-prepare [\fIOPTION\fR]... hostname
+.SH "DESCRIPTION"
+Generates a replica file that may be used with ipa\-replica\-install to create a replica of an IPA server.
+
+A replica can only be created on an IPA server installed with ipa\-server\-install (the first server).
+
+You must provide the fully\-qualified hostname of the machine you want to install the replica on and a host\-specific replica_file will be created. It is host\-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname.
+
+Once the file has been created it will be named replica\-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa\-replica\-install replica\-hostname.
+.SH "OPTIONS"
+.TP
+\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Directory Server SSL Certificate
+.TP
+\fB\-\-http_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Apache Server SSL Certificate
+.TP
+\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
+The password of the Directory Server PKCS#12 file
+.TP
+\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
+The password of the Apache Server PKCS#12 file
+.SH "EXIT STATUS"
+0 if the command was successful
+
+1 if an error occurred
diff --git a/install/tools/man/ipa-server-certinstall.1 b/install/tools/man/ipa-server-certinstall.1
new file mode 100644
index 00000000..946ab9f8
--- /dev/null
+++ b/install/tools/man/ipa-server-certinstall.1
@@ -0,0 +1,48 @@
+.\" A man page for ipa-server-certinstall
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\" 
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\" 
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\" 
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\" 
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\" 
+.TH "ipa-server-certinstall" "1" "Mar 14 2008" "freeipa" ""
+.SH "NAME"
+ipa\-server\-certinstall \- Install new SSL server certificates
+.SH "SYNOPSIS"
+ipa\-server\-certinstall [\fIOPTION\fR]... PKCS12_FILE
+.SH "DESCRIPTION"
+Replace the current SSL Directory and/or Apache server certificate(s) with the certificate in the PKCS#12 file.
+
+PKCS#12 is a file format used to safely transport SSL certificates and public/private keypairs.
+
+They may be generated and managed using the NSS pk12util command or the OpenSSL pkcs12 command.
+
+The service(s) are not automatically restarted. In order to use the newly installed certificate(s) you will need to manually restart the Directory and/or Apache servers.
+.SH "OPTIONS"
+.TP 
+\fB\-d\fR, \fB\-\-dirsrv\fR
+Install the certificate on the Directory Server
+.TP 
+\fB\-w\fR, \fB\-\-http\fR
+Install the certificate in the Apache Web Server
+.TP
+\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
+The password of the Directory Server PKCS#12 file
+.TP
+\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
+The password of the Apache Server PKCS#12 file
+.SH "EXIT STATUS"
+0 if the installation was successful
+
+1 if an error occurred
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
new file mode 100644
index 00000000..8854f4e5
--- /dev/null
+++ b/install/tools/man/ipa-server-install.1
@@ -0,0 +1,81 @@
+.\" A man page for ipa-server-install
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\" 
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\" 
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\" 
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\" 
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\" 
+.TH "ipa-server-install" "1" "Mar 14 2008" "freeipa" ""
+.SH "NAME"
+ipa\-server\-install \- Configure an IPA server
+.SH "SYNOPSIS"
+ipa\-server\-install [\fIOPTION\fR]...
+.SH "DESCRIPTION"
+Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) with an LDAP back\-end, configuring Apache, configuring NTP and starting some IPA\-provided services: ipa_kpasswd and ipa_webgui.
+.SH "OPTIONS"
+.TP 
+\fB\-u\fR, \fB\-\-user\fR=\fIDS_USER\fR
+The user that the Directory Server will run as
+.TP 
+\fB\-r\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR
+The Kerberos realm name for the IPA server
+.TP 
+\fB\-n\fR, \fB\-\-domain\fR=\fIDOMAIN_NAME\fR
+Your DNS domain name
+.TP 
+\fB\-p\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
+The password to be used by the Directory Server for the Directory Manager user
+.TP 
+\fB\-P\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
+The kerberos master password (normally autogenerated)
+.TP 
+\fB\-a\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
+The password for the IPA admin user
+.TP 
+\fB\-d\fR, \fB\-\-debug\fR
+Enable debug logging when more verbose output is needed
+.TP 
+\fB\-\-hostname\fR=\fIHOST_NAME\fR
+The fully\-qualified DNS name of this server
+.TP 
+\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
+The IP address of this server
+.TP 
+\fB\-U\fR, \fB\-\-unattended\fR
+An unattended installation that will never prompt for user input
+.TP 
+\fB\-\-setup\-bind\fR
+Generate a DNS zone file that contains auto\-discovery records for this IPA server
+.TP 
+\fB\-n\fR, \fB\-\-no\-ntp\fR
+Do not configure NTP
+\fB\-U\fR, \fB\-\-uninstall\fR
+Uninstall an existing IPA installation
+.TP
+\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Directory Server SSL Certificate
+.TP
+\fB\-\-http_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Apache Server SSL Certificate
+.TP
+\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
+The password of the Directory Server PKCS#12 file
+.TP
+\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
+The password of the Apache Server PKCS#12 file
+.PP 
+.SH "EXIT STATUS"
+0 if the installation was successful
+
+1 if an error occurred
diff --git a/install/tools/man/ipa_kpasswd.8 b/install/tools/man/ipa_kpasswd.8
new file mode 100644
index 00000000..f2ba3dd9
--- /dev/null
+++ b/install/tools/man/ipa_kpasswd.8
@@ -0,0 +1,36 @@
+.\" A man page for ipa_kpasswd
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\" 
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\" 
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\" 
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\" 
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\" 
+.TH "ipa_kpasswd" "8" "Mar 14 2008" "freeipa" ""
+.SH "NAME"
+ipa_kpasswd \- Proxy Kerberos password change requests
+.SH "SYNOPSIS"
+ipa_kpasswd
+.SH "DESCRIPTION"
+Implementation of the kpasswd protocol (RFC 3244). 
+
+It is used to proxy password change operations to Directory Server.
+.SH "ENVIRONMENT VARIABLES"
+.TP 
+KRB5_KTNAME
+Location of the keytab to be used by ipa_kpasswd
+.TP 
+IPA_KPASSWD_DEBUG
+Enable additional syslog output from ipa_kpasswd. Setting greater than 0 gets basic output. Setting higher than 100 gets more.
+.SH "EXIT STATUS"
+\-1 if an error occurred
diff --git a/install/tools/man/ipa_webgui.8 b/install/tools/man/ipa_webgui.8
new file mode 100644
index 00000000..20545363
--- /dev/null
+++ b/install/tools/man/ipa_webgui.8
@@ -0,0 +1,37 @@
+.\" A man page for ipa_webgui
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\" 
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\" 
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\" 
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\" 
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\" 
+.TH "ipa_webgui" "8" "Mar 14 2008" "freeipa" ""
+.SH "NAME"
+ipa_webgui \- Start the IPA Web User Interface
+.SH "SYNOPSIS"
+ipa_webgui [\fIOPTION\fR]...
+
+.SH "DESCRIPTION"
+Used to start the TurboGears web user interface for IPA
+.SH "OPTIONS"
+.TP 
+\fB\-f\fR, \fB\-\-foreground\fR
+Remain in the foreground instead of becoming a daemon.
+.TP 
+\fB\-d\fR, \fB\-\-debug\fR
+.TP 
+Increase the amount of logging and print it to stdout instead of logging to /var/log/ipa_error.log
+
+.SH "EXIT STATUS"
+1 if an error occurred
diff --git a/install/tools/man/ipactl.8 b/install/tools/man/ipactl.8
new file mode 100644
index 00000000..a4797f96
--- /dev/null
+++ b/install/tools/man/ipactl.8
@@ -0,0 +1,37 @@
+.\" A man page for ipactl
+.\" Copyright (C) 2008 Red Hat, Inc.
+.\" 
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\" 
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\" General Public License for more details.
+.\" 
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\" 
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\" 
+.TH "ipactl" "8" "Mar 14 2008" "freeipa" ""
+.SH "NAME"
+ipactl \- IPA Server Control Interface
+.SH "SYNOPSIS"
+ipactl \fIcommand\fR
+.SH "DESCRIPTION"
+A tool to help an administer control an IPA environment.
+
+IPA glues several discrete services together to work in concert and the order that these services are started and stopped is important. ipactl ensures that they are started and stopped in the correct order.
+.SH "OPTIONS"
+.TP 
+start
+Start all of the services that make up IPA
+.TP 
+stop
+Stop all of the services that make up IPA
+.TP 
+restart
+Stop then start all of the services that make up IPA