summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Back down to version 1.9.0 in preparation for release of first alpha.alpha-1-9-0Rob Crittenden2009-10-261-2/+2
| | | | | | | There was much back and forth and gnashing of teeth about what the version should actually be in these pre-releases. We decided it isn't 2.0-ish enough so went with 1.9.0, 1.9.1, etc until we're ready to declare 2.0.0.
* Remove a bunch of unused imports, general cleanupRob Crittenden2009-10-251-13/+4
|
* Remove ipalib/plugins/basegroup.py. It's become obsolete.Pavel Zuna2009-10-231-551/+0
|
* Fix bug in print_attribute.Pavel Zuna2009-10-231-1/+1
| | | | | When the attribute had no values an exception was generated while trying to word-wrap it.
* Auto-detect whether dogtag needs to be uninstalledRob Crittenden2009-10-211-5/+8
|
* Display membership attributes (member, memberOf) by default in show/find.Pavel Zuna2009-10-213-3/+5
|
* Require that a host exist before creating a service for it.Rob Crittenden2009-10-211-0/+5
|
* The name coming out of DNS will have a trailing dot (.). Remove it.Rob Crittenden2009-10-211-1/+1
|
* First pass at enforcing certificates be requested from same hostRob Crittenden2009-10-216-36/+131
| | | | | | | | | | | | We want to only allow a machine to request a certificate for itself, not for other machines. I've added a new taksgroup which will allow this. The requesting IP is resolved and compared to the subject of the CSR to determine if they are the same host. The same is done with the service principal. Subject alt names are not queried yet. This does not yet grant machines actual permission to request certificates yet, that is still limited to the taskgroup request_certs.
* Add can_add() and can_delete() GER helpersRob Crittenden2009-10-211-0/+37
|
* Change Password param so (password, confirm_password) can be passed to ↵Jason Gerard DeRose2009-10-183-0/+29
| | | | _convert_scalar()
* Add a separate client-only targetRob Crittenden2009-10-173-6/+106
|
* Fix ACI for host delegationRob Crittenden2009-10-171-2/+2
| | | | | We had changed the DN format, I must have missed these ACIs the first go around.
* Fix an oops where I forgot to replace a string with a templateRob Crittenden2009-10-171-6/+6
|
* Fixed compatability break in rpcserver.pyJason Gerard DeRose2009-10-171-2/+2
|
* Add a sleep() prior to calling tasks to ensure postop writes are doneRob Crittenden2009-10-161-0/+3
| | | | | | We were seeing a rare deadlock of DS when creating the memberOf task because one thread was adding memberOf in a postop while another was trying to create an index and this was causing a PRLock deadlock.
* Use the FQDN and not just the hostname internally.Rob Crittenden2009-10-161-2/+2
|
* Be more forgiving when trying to replace older DS schema.Rob Crittenden2009-10-161-4/+8
| | | | | | | We have to replace 05rfc2247.ldif because it contains some conflicting attributes with DNS in some older versions of 389-DS/RHDS. This fails on some newer versions of 389-DS/RHDS so this lets it continue installing if the new file is not needed.
* Fixed 'import json' for simplejson compatabilityJason Gerard DeRose2009-10-164-3/+54
|
* parse_qs is in cgi on Python < 2.6, use that insteadRob Crittenden2009-10-161-1/+1
| | | | | Python 2.6's cgi module calls the parse_qs in urlparse for backwards compatibility
* Fixed try/except/finally for Python 2.4 compatabilityJason Gerard DeRose2009-10-151-19/+20
|
* Make plugin browser show plugin parent classJason Gerard DeRose2009-10-142-0/+8
|
* Removed util.add_global_options() and frontend.ApplicationJason Gerard DeRose2009-10-145-109/+4
|
* Giant webui patch take 2Jason Gerard DeRose2009-10-1330-4302/+956
|
* Add man page for ipa-join commandRob Crittenden2009-10-123-1/+63
|
* Use nestedgroup instead of groupofnames for rolegroups so we have memberofRob Crittenden2009-10-121-50/+50
|
* No longer use the IPA-specific memberof plugin. Use the DS-supplied one.Rob Crittenden2009-10-124-3/+6
|
* Improve debugging, general output, initialize xmlrpc-c properlyRob Crittenden2009-10-121-9/+34
|
* Fix bug in HBAC and netgroup plugin get_primary_key_from_dn methods.Pavel Zuna2009-10-082-2/+8
|
* Fix bug in group plugin. Was using wrong variable for attributes.Pavel Zuna2009-10-081-1/+1
| | | | Fix bug #527537.
* Fix unit tests for plugins using baseldap classes.Pavel Zuna2009-10-071-3/+1
|
* Make the taskgroup plugin use baseldap classes.Pavel Zuna2009-10-071-135/+40
|
* Make the rolegroup plugin use baseldap classes.Pavel Zuna2009-10-051-46/+41
|
* Make the hostgroup plugin use baseldap classes.Pavel Zuna2009-10-051-173/+45
|
* Make the netgroup plugin use baseldap classes.Pavel Zuna2009-10-051-309/+116
|
* Make the user plugin use baseldap classes.Pavel Zuna2009-10-051-230/+76
|
* Make the service plugin use baseldap classes.Pavel Zuna2009-10-051-205/+66
|
* Fix unit tests for plugins using baseldap classes.Pavel Zuna2009-10-0511-277/+231
|
* Make the group plugin use baseldap classes.Pavel Zuna2009-10-051-124/+65
|
* Make the config plugin use baseldap classes.Pavel Zuna2009-10-051-103/+33
|
* Add HBAC plugin and introduce GeneralizedTime parameter type.Pavel Zuna2009-10-055-1/+738
|
* Add support for per-group kerberos password policy.Rob Crittenden2009-10-054-20/+437
| | | | | | | | | | Use a Class of Service template to do per-group password policy. The design calls for non-overlapping groups but with cospriority we can still make sense of things. The password policy entries stored under the REALM are keyed only on the group name because the MIT ldap plugin can't handle quotes in the DN. It also can't handle spaces between elements in the DN.
* Make primary_key optional.Rob Crittenden2009-10-051-2/+4
| | | | | The pwpolicy plugin doesn't have a primary key but can still take advantage of other parts of the framework.
* Loosen the ACI for the KDC to allow adds/deletesRob Crittenden2009-10-051-3/+1
| | | | | | | | Password policy entries must be a child of the entry protected by this ACI. Also change the format of this because in DS it was stored as: \n(target)\n so was base64-encoded when it was retrieved.
* Robustness fix for updater, in case updates['updates'] is not set yet.Rob Crittenden2009-10-051-1/+1
|
* Let the updater delete entries and add small test harnessRob Crittenden2009-10-0513-7/+322
| | | | | | | | In order to run the tests you must put your DM password into ~/.ipa/.dmpw Some tests are expected to generate errors. Don't let any ERROR messages from the updater fool you, watch the pass/fail of the nosetests.
* Add option to not normalize a DN when adding/updating a record.Rob Crittenden2009-10-051-4/+6
| | | | | The KDC ldap plugin is very picky about the format of DNs. It does not allow spacing between elements so we can't normalize it.
* Fix aci plugin, enhance aci parsing capabilities, add user group supportRob Crittenden2009-09-283-34/+138
| | | | | | | | | | | | - The aci plugin didn't quite work with the new ldap2 backend. - We already walk through the target part of the ACI syntax so skip that in the regex altogether. This now lets us handle all current ACIs in IPA (some used to be ignored/skipped) - Add support for user groups so one can do v1-style delegation (group A can write attributes x,y,z in group B). It is actually quite a lot more flexible than that but you get the idea) - Improve error messages in the aci library - Add a bit of documentation to the aci plugin
* Only initialize the API once in the installerRob Crittenden2009-09-284-35/+36
| | | | | | Make the ldap2 plugin schema loader ignore SERVER_DOWN errors 525303
* Properly own (via ghost) the Apache configuration files.Rob Crittenden2009-09-281-2/+6
|
generated by cgit (git 2.34.1) at 2024-05-04 17:17:21 +0000