summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Require current versions of python-nss & python-lxmlJohn Dennis2009-11-232-2/+3
| | | | | | ipa.spec.in | 3 ++- ipapython/nsslib.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)
* along with stdout, stderr also log the initial commandJohn Dennis2009-11-231-2/+3
| | | | | | | | | | | | Signed-off-by: John Dennis <jdennis@redhat.com> along with stdout,stderr also log the initial command This implements better logging of external commands. Formerly we were just outputting stdout and stderr without labeling which was which. We also omitted the initial command and it's arguments. This made it difficult when reviewing the logs to know what the command was and what was stdout vs. stderr. This patch fixes that.
* If plugin fails to load log the tracebackJohn Dennis2009-11-231-1/+2
| | | | | | | | | | Signed-off-by: John Dennis <jdennis@redhat.com> If plugin fails to load log the traceback If a plugin fails to load due to some kind of error it would be nice if the error log contained the traceback so you can examine what went wrong rather than being left blind as to why it failed to load.
* Make NotImplementedError in rabase return the correct function nameJohn Dennis2009-11-191-4/+4
| | | | | ipaserver/plugins/rabase.py | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-)
* add new error class for certificate operationsJohn Dennis2009-11-191-1/+28
| | | | add new error class for certificate operations
* error strings in documentation were missing unicode specifierJohn Dennis2009-11-191-3/+3
| | | | error strings in documentation were missing unicode specifier
* respect debug arg during server installJohn Dennis2009-11-191-0/+1
| | | | | The debug flag (e.g. -d) was not being respected during server install. This patch corrects that.
* Provide additional help to --help optionRob Crittenden2009-11-191-0/+7
|
* Gracefully handle a valid kerberos ticket for a deleted entry.Rob Crittenden2009-11-191-7/+10
| | | | | | | I saw this with a host where I joined a host, obtained a host principal, kinited to that principal, then deleted the host from the IPA server. The ticket was still valid so Apache let it through but it failed to bind to LDAP.
* Clean up some return valuesRob Crittenden2009-11-191-12/+20
| | | | | | | Because ipa-join calls ipa-getkeytab I'd like to keep the return values in sync. ipa-join returns the value returned by ipa-getkeytab so in order to tell what failed the return values need to mean the same things and not overlap.
* Handle ipaEnabledFlag as bool (TRUE/FALSE) instead of string (enabled/disabled).Pavel Zuna2009-11-181-4/+4
|
* Remove 'ipaObject' objectClass from rolegroups and taskgroups.Pavel Zuna2009-11-182-4/+2
|
* Filter all NULL values in ldap2.add_entry. python-ldap doesn't like'em.Pavel Zuna2009-11-181-1/+1
| | | | Previously we only filtered None values, but it turns out that's not enough.
* Cache installer questions for the 2-step process of an externally-signed CARob Crittenden2009-11-182-7/+64
| | | | | | | | Installing a CA that is signed by another CA is a 2-step process. The first step is to generate a CSR for the CA and the second step is to install the certificate issued by the external CA. To avoid asking questions over and over (and potentially getting different answers) the answers are cached.
* Fix SASL mappingsSimo Sorce2009-11-181-2/+2
|
* Add fail-safe so any kind of exception is handled in XML-RPC server.Rob Crittenden2009-11-181-0/+5
| | | | | | | If an exception is not handled here then the context isn't destroyed leaving at least an LDAP connection dangling. This means the next time this thread/process tries to handle a connection it will fail because a context already exists.
* Add support for setting/adding arbitrary attributesRob Crittenden2009-11-172-0/+106
| | | | | | | | | | | | | | | | | | | | | | | This introduces 2 new params: --setattr and --addattr Both take a name/value pair, ala: ipa user-mod --setattr=postalcode=20601 jsmith --setattr replaces or sets the current attribute to the value --addattr adds the value to an attribute (or sets a new attribute) OptionsParser allows multiple versions of this, so you can have multiple setattr and addattr, either for the same attribute or for different attributes. ipa user-mod --addattr=postalcode=20601 --addattr=postalcode=30330 jsmith Values are silent dropped if either of these on an existing param: ipa user-mod --setattr=givenname=Jerry jsmith Is a no-op.
* _convert_scalar() should throw an error if passed a tuple or listRob Crittenden2009-11-172-1/+19
| | | | | A parameter needs to have multivalue set in order to work on lists/tuples and even then _convert_scalar() will be sent one value at a time.
* Fix typo in name of exceptionRob Crittenden2009-11-121-1/+1
|
* Use File parameter for CSR in cert_request command plugin.Pavel Zuna2009-11-061-29/+12
|
* Add 'File' parameter type.Pavel Zuna2009-11-063-2/+47
| | | | Accepts filenames and loads file contents as parameter value.
* Add SELinux policy for UI assetsRob Crittenden2009-11-046-12/+18
| | | | | | | | This also removes the Index option of /ipa-assets as well as the deprecated IPADebug option. No need to build or install ipa_webgui anymore. Leaving in the code for reference purposes for now.
* ipa-server-install now renders UI assetsJason Gerard DeRose2009-11-046-14/+45
|
* Use a new mechanism for delegating certificate issuance.Rob Crittenden2009-11-036-45/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | Using the client IP address was a rather poor mechanism for controlling who could request certificates for whom. Instead the client machine will bind using the host service principal and request the certificate. In order to do this: * the service will need to exist * the machine needs to be in the certadmin rolegroup * the host needs to be in the managedBy attribute of the service It might look something like: admin ipa host-add client.example.com --password=secret123 ipa service-add HTTP/client.example.com ipa service-add-host --hosts=client.example.com HTTP/client.example.com ipa rolegroup-add-member --hosts=client.example.com certadmin client ipa-client-install ipa-join -w secret123 kinit -kt /etc/krb5.keytab host/client.example.com ipa -d cert-request file://web.csr --principal=HTTP/client.example.com
* Use Directory String sytnax for the fqdn attribute, not DN syntax.Rob Crittenden2009-10-281-1/+1
|
* Add mod_python adapter and some UI tuningJason Gerard DeRose2009-10-277-64/+236
|
* Back down to version 1.9.0 in preparation for release of first alpha.alpha-1-9-0Rob Crittenden2009-10-261-2/+2
| | | | | | | There was much back and forth and gnashing of teeth about what the version should actually be in these pre-releases. We decided it isn't 2.0-ish enough so went with 1.9.0, 1.9.1, etc until we're ready to declare 2.0.0.
* Remove a bunch of unused imports, general cleanupRob Crittenden2009-10-251-13/+4
|
* Remove ipalib/plugins/basegroup.py. It's become obsolete.Pavel Zuna2009-10-231-551/+0
|
* Fix bug in print_attribute.Pavel Zuna2009-10-231-1/+1
| | | | | When the attribute had no values an exception was generated while trying to word-wrap it.
* Auto-detect whether dogtag needs to be uninstalledRob Crittenden2009-10-211-5/+8
|
* Display membership attributes (member, memberOf) by default in show/find.Pavel Zuna2009-10-213-3/+5
|
* Require that a host exist before creating a service for it.Rob Crittenden2009-10-211-0/+5
|
* The name coming out of DNS will have a trailing dot (.). Remove it.Rob Crittenden2009-10-211-1/+1
|
* First pass at enforcing certificates be requested from same hostRob Crittenden2009-10-216-36/+131
| | | | | | | | | | | | We want to only allow a machine to request a certificate for itself, not for other machines. I've added a new taksgroup which will allow this. The requesting IP is resolved and compared to the subject of the CSR to determine if they are the same host. The same is done with the service principal. Subject alt names are not queried yet. This does not yet grant machines actual permission to request certificates yet, that is still limited to the taskgroup request_certs.
* Add can_add() and can_delete() GER helpersRob Crittenden2009-10-211-0/+37
|
* Change Password param so (password, confirm_password) can be passed to ↵Jason Gerard DeRose2009-10-183-0/+29
| | | | _convert_scalar()
* Add a separate client-only targetRob Crittenden2009-10-173-6/+106
|
* Fix ACI for host delegationRob Crittenden2009-10-171-2/+2
| | | | | We had changed the DN format, I must have missed these ACIs the first go around.
* Fix an oops where I forgot to replace a string with a templateRob Crittenden2009-10-171-6/+6
|
* Fixed compatability break in rpcserver.pyJason Gerard DeRose2009-10-171-2/+2
|
* Add a sleep() prior to calling tasks to ensure postop writes are doneRob Crittenden2009-10-161-0/+3
| | | | | | We were seeing a rare deadlock of DS when creating the memberOf task because one thread was adding memberOf in a postop while another was trying to create an index and this was causing a PRLock deadlock.
* Use the FQDN and not just the hostname internally.Rob Crittenden2009-10-161-2/+2
|
* Be more forgiving when trying to replace older DS schema.Rob Crittenden2009-10-161-4/+8
| | | | | | | We have to replace 05rfc2247.ldif because it contains some conflicting attributes with DNS in some older versions of 389-DS/RHDS. This fails on some newer versions of 389-DS/RHDS so this lets it continue installing if the new file is not needed.
* Fixed 'import json' for simplejson compatabilityJason Gerard DeRose2009-10-164-3/+54
|
* parse_qs is in cgi on Python < 2.6, use that insteadRob Crittenden2009-10-161-1/+1
| | | | | Python 2.6's cgi module calls the parse_qs in urlparse for backwards compatibility
* Fixed try/except/finally for Python 2.4 compatabilityJason Gerard DeRose2009-10-151-19/+20
|
* Make plugin browser show plugin parent classJason Gerard DeRose2009-10-142-0/+8
|
* Removed util.add_global_options() and frontend.ApplicationJason Gerard DeRose2009-10-145-109/+4
|
* Giant webui patch take 2Jason Gerard DeRose2009-10-1330-4302/+956
|
generated by cgit (git 2.34.1) at 2024-09-27 22:40:46 +0000