summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipaserver/dsinstance.py
Commit message (Collapse)AuthorAgeFilesLines
* Mass tree reorganization for IPAv2. To view previous history of files use:Rob Crittenden2009-02-031-479/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | % git log --follow -- <file> renamed: ipa-server/autogen.sh -> autogen.sh renamed: ipa-server/ipa-kpasswd/Makefile.am -> daemons/ipa-kpasswd/Makefile.am renamed: ipa-server/ipa-kpasswd/README -> daemons/ipa-kpasswd/README renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.c -> daemons/ipa-kpasswd/ipa_kpasswd.c renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.init -> daemons/ipa-kpasswd/ipa_kpasswd.init renamed: ipa-server/ipa-slapi-plugins/Makefile.am -> daemons/ipa-slapi-plugins/Makefile.am renamed: ipa-server/ipa-slapi-plugins/README -> daemons/ipa-slapi-plugins/README renamed: ipa-server/ipa-slapi-plugins/dna/Makefile.am -> daemons/ipa-slapi-plugins/dna/Makefile.am renamed: ipa-server/ipa-slapi-plugins/dna/dna-conf.ldif -> daemons/ipa-slapi-plugins/dna/dna-conf.ldif renamed: ipa-server/ipa-slapi-plugins/dna/dna.c -> daemons/ipa-slapi-plugins/dna/dna.c renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/Makefile.am -> daemons/ipa-slapi-plugins/ipa-memberof/Makefile.am renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif -> daemons/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am -> daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/README -> daemons/ipa-slapi-plugins/ipa-pwd-extop/README renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c -> daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif -> daemons/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/Makefile.am -> daemons/ipa-slapi-plugins/ipa-winsync/Makefile.am renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/README -> daemons/ipa-slapi-plugins/ipa-winsync/README renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h renamed: ipa-server/xmlrpc-server/ipa-rewrite.conf -> install/conf/ipa-rewrite.conf renamed: ipa-server/xmlrpc-server/ipa.conf -> install/conf/ipa.conf renamed: ipa-server/xmlrpc-server/ssbrowser.html -> install/html/ssbrowser.html renamed: ipa-server/xmlrpc-server/unauthorized.html -> install/html/unauthorized.html renamed: ipa-server/ipa-install/share/60ipaconfig.ldif -> install/share/60ipaconfig.ldif renamed: ipa-server/ipa-install/share/60kerberos.ldif -> install/share/60kerberos.ldif renamed: ipa-server/ipa-install/share/60radius.ldif -> install/share/60radius.ldif renamed: ipa-server/ipa-install/share/60samba.ldif -> install/share/60samba.ldif renamed: ipa-server/ipa-install/share/Makefile.am -> install/share/Makefile.am renamed: ipa-server/ipa-install/share/bind.named.conf.template -> install/share/bind.named.conf.template renamed: ipa-server/ipa-install/share/bind.zone.db.template -> install/share/bind.zone.db.template renamed: ipa-server/ipa-install/share/bootstrap-template.ldif -> install/share/bootstrap-template.ldif renamed: ipa-server/ipa-install/share/certmap.conf.template -> install/share/certmap.conf.template renamed: ipa-server/ipa-install/share/default-aci.ldif -> install/share/default-aci.ldif renamed: ipa-server/ipa-install/share/default-keytypes.ldif -> install/share/default-keytypes.ldif renamed: ipa-server/ipa-install/share/dna-posix.ldif -> install/share/dna-posix.ldif renamed: ipa-server/ipa-install/share/encrypted_attribute.ldif -> install/share/encrypted_attribute.ldif renamed: ipa-server/ipa-install/share/fedora-ds.init.patch -> install/share/fedora-ds.init.patch renamed: ipa-server/ipa-install/share/indices.ldif -> install/share/indices.ldif renamed: ipa-server/ipa-install/share/kdc.conf.template -> install/share/kdc.conf.template renamed: ipa-server/ipa-install/share/kerberos.ldif -> install/share/kerberos.ldif renamed: ipa-server/ipa-install/share/krb.con.template -> install/share/krb.con.template renamed: ipa-server/ipa-install/share/krb5.conf.template -> install/share/krb5.conf.template renamed: ipa-server/ipa-install/share/krb5.ini.template -> install/share/krb5.ini.template renamed: ipa-server/ipa-install/share/krbrealm.con.template -> install/share/krbrealm.con.template renamed: ipa-server/ipa-install/share/master-entry.ldif -> install/share/master-entry.ldif renamed: ipa-server/ipa-install/share/memberof-task.ldif -> install/share/memberof-task.ldif renamed: ipa-server/ipa-install/share/ntp.conf.server.template -> install/share/ntp.conf.server.template renamed: ipa-server/ipa-install/share/ntpd.sysconfig.template -> install/share/ntpd.sysconfig.template renamed: ipa-server/ipa-install/share/preferences.html.template -> install/share/preferences.html.template renamed: ipa-server/ipa-install/share/referint-conf.ldif -> install/share/referint-conf.ldif renamed: ipa-server/ipa-install/share/schema_compat.uldif -> install/share/schema_compat.uldif renamed: ipa-server/ipa-install/share/unique-attributes.ldif -> install/share/unique-attributes.ldif renamed: ipa-server/ipa-install/Makefile.am -> install/tools/Makefile.am renamed: ipa-server/ipa-install/README -> install/tools/README renamed: ipa-server/ipa-compat-manage -> install/tools/ipa-compat-manage renamed: ipa-server/ipa-fix-CVE-2008-3274 -> install/tools/ipa-fix-CVE-2008-3274 renamed: ipa-server/ipa-ldap-updater -> install/tools/ipa-ldap-updater renamed: ipa-server/ipa-install/ipa-replica-install -> install/tools/ipa-replica-install renamed: ipa-server/ipa-install/ipa-replica-manage -> install/tools/ipa-replica-manage renamed: ipa-server/ipa-install/ipa-replica-prepare -> install/tools/ipa-replica-prepare renamed: ipa-server/ipa-install/ipa-server-certinstall -> install/tools/ipa-server-certinstall renamed: ipa-server/ipa-install/ipa-server-install -> install/tools/ipa-server-install renamed: ipa-server/ipa-upgradeconfig -> install/tools/ipa-upgradeconfig renamed: ipa-server/ipa-install/ipactl -> install/tools/ipactl renamed: ipa-server/man/Makefile.am -> install/tools/man/Makefile.am renamed: ipa-server/man/ipa-compat-manage.1 -> install/tools/man/ipa-compat-manage.1 renamed: ipa-server/man/ipa-ldap-updater.1 -> install/tools/man/ipa-ldap-updater.1 renamed: ipa-server/man/ipa-replica-install.1 -> install/tools/man/ipa-replica-install.1 renamed: ipa-server/man/ipa-replica-manage.1 -> install/tools/man/ipa-replica-manage.1 renamed: ipa-server/man/ipa-replica-prepare.1 -> install/tools/man/ipa-replica-prepare.1 renamed: ipa-server/man/ipa-server-certinstall.1 -> install/tools/man/ipa-server-certinstall.1 renamed: ipa-server/man/ipa-server-install.1 -> install/tools/man/ipa-server-install.1 renamed: ipa-server/man/ipa_kpasswd.8 -> install/tools/man/ipa_kpasswd.8 renamed: ipa-server/man/ipa_webgui.8 -> install/tools/man/ipa_webgui.8 renamed: ipa-server/man/ipactl.8 -> install/tools/man/ipactl.8 renamed: ipa-server/ipa-install/updates/Makefile.am -> install/updates/Makefile.am renamed: ipa-server/ipa-install/updates/RFC2307bis.update -> install/updates/RFC2307bis.update renamed: ipa-server/ipa-install/updates/RFC4876.update -> install/updates/RFC4876.update renamed: ipa-server/ipa-install/updates/indices.update -> install/updates/indices.update renamed: ipa-server/ipa-install/updates/nss_ldap.update -> install/updates/nss_ldap.update renamed: ipa-server/ipa-install/updates/replication.update -> install/updates/replication.update renamed: ipa-server/ipa-install/updates/winsync_index.update -> install/updates/winsync_index.update renamed: ipa-server/ipaserver/Makefile.am -> ipaserver/install/Makefile.am renamed: ipa-server/ipaserver/__init__.py -> ipaserver/install/__init__.py renamed: ipa-server/ipaserver/bindinstance.py -> ipaserver/install/bindinstance.py renamed: ipa-server/ipaserver/certs.py -> ipaserver/install/certs.py renamed: ipa-server/ipaserver/dsinstance.py -> ipaserver/install/dsinstance.py renamed: ipa-server/ipaserver/httpinstance.py -> ipaserver/install/httpinstance.py renamed: ipa-server/ipaserver/installutils.py -> ipaserver/install/installutils.py renamed: ipa-server/ipaserver/ipaldap.py -> ipaserver/install/ipaldap.py renamed: ipa-server/ipaserver/krbinstance.py -> ipaserver/install/krbinstance.py renamed: ipa-server/ipaserver/ldapupdate.py -> ipaserver/install/ldapupdate.py renamed: ipa-server/ipaserver/ntpinstance.py -> ipaserver/install/ntpinstance.py renamed: ipa-server/ipaserver/replication.py -> ipaserver/install/replication.py renamed: ipa-server/ipaserver/service.py -> ipaserver/install/service.py renamed: ipa-server/selinux/Makefile -> selinux/Makefile renamed: ipa-server/selinux/ipa-server-selinux.spec.in -> selinux/ipa-server-selinux.spec.in renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.fc -> selinux/ipa_kpasswd/ipa_kpasswd.fc renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te -> selinux/ipa_kpasswd/ipa_kpasswd.te renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.fc -> selinux/ipa_webgui/ipa_webgui.fc renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.te -> selinux/ipa_webgui/ipa_webgui.te renamed: ipa-server/version.m4.in -> version.m4.in
* use ipautil.CalledProcessError instead of CalledProcessErrorRich Megginson2008-11-041-3/+3
|
* Don't try to conditionally stop the server - it doesn't seem to workRich Megginson2008-10-131-4/+1
| | | | Just call stop() - if it's not already running, no big deal
* Added support to IPA server install to install the winsync plugin ↵Rich Megginson2008-10-131-0/+59
| | | | configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert.
* Move the bulk of ipa-ldap-updater into a python library.Rob Crittenden2008-09-171-18/+4
| | | | | This significantly simplifies the tool and makes it possible to apply updates from the installer without forking off another process.
* Run the LDAP updater at the end of the installation process.Rob Crittenden2008-09-171-0/+20
| | | | | | | | Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line.
* Rework the way SSL certificates are imported from PKCS#12 files.Rob Crittenden2008-07-141-1/+8
| | | | | | | | Add the ability to provide PKCS#12 files during initial installation Add the ability to provide PKCS#12 files when preparing a replica Correct some issues with ipa-server-certinstall 452402
* Move admin into cn=users,cn=accountsSimo Sorce2008-05-231-1/+1
| | | | | | | After some deep thinking I think the advantages of keeping all posix enabled user accounts under cn=users,cn=accounts overweight a perceived better protection of the admin account by keeping it in a separate tree.
* Don't pass the Directory Manager password on the command-line to ldapmodify.Rob Crittenden2008-05-191-4/+12
| | | | 446865
* Use split instead of find as split does not fail to provide a completeSimo Sorce2008-05-151-1/+1
| | | | component if no '.' is found.
* Do a more thorough job of removing an existing DS instance.Rob Crittenden2008-05-131-0/+4
| | | | | | Add /usr/lib/dirsrv/slapd-INSTANCE to the list of directories removed. 442753
* Better detection of DS not starting.Rob Crittenden2008-04-141-3/+23
| | | | | | | The dirsrv init script always returns 0 on status checks, even if an instance is not started. So we have to look through the output instead. 442452
* Make the memberof task a public function.Rob Crittenden2008-03-271-9/+16
| | | | | | | | | | | | | | This is used when a new replica is created as well as whenever a replica is re-initialized from another master. In order for this to work when not creating an instance the __init__ function needs to be able to determine the suffix and the dm_password is needed. I've also added the time to the RDN of the member task to ensure uniqueness. 438222
* Fix boot.ldif generation, the domain name component must be derivedSimo Sorce2008-03-041-1/+1
| | | | | from the realm not the domain. One line fix.
* Make sure all entries are generated by us according to IPASimo Sorce2008-02-281-0/+21
| | | | | default tree. This patch make sure that the DS setup script does not add unwanted entries.
* Don't log passwords in ipaserver-install.logRob Crittenden2008-02-261-2/+4
| | | | 433509
* Make sure KrbPrincipalName is unique server-wideSimo Sorce2008-02-211-0/+4
|
* cosmetic fixesSimo Sorce2008-02-211-4/+5
|
* Verify current domain with user during installationRob Crittenden2008-02-151-2/+2
| | | | | | Use that domain when creating replicas Resolves 432066
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-041-1/+1
|
* Use file to store the current CA serial numberRob Crittenden2008-02-051-2/+1
| | | | | | | No longer create a PKCS#12 file that contains the CA No longer send the entire CA to each replica, generate the SSL certs on master Fix number of bugs in ipa-replica-install and prepare Produce status output during replica creation
* Fix misspelling of the word indices.Rob Crittenden2008-01-251-3/+3
|
* Initialise DsInstance.pkcs12_infoMark McLoughlin2008-01-221-0/+1
| | | | | | | | DsInstance.pkcs12_info isn't currently initialised in the constructore so, e.g. __enable_ssl() assumes that create_instance() has initialised it. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Small refactor of dsinstance.config_dirname()Mark McLoughlin2008-01-221-11/+11
| | | | | | | | | | | | | If, in future, we change the server ID so that it's not derived from the realm name, there's a fair few places that need to be changed. Make that easier by having config_dirname() take the server ID rather than the realm name. That makes sense anyway so we don't have to realm_to_serverid() so much. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Remove questions from ipaserver.dsinstanceMark McLoughlin2008-01-221-22/+6
| | | | | | | | | | | | | Let's assume that all ipaserver.dsinstance could be used somewhere where asking questions on stdout/stdin is not approriate and re-factor the code to be suitable in those situations too. i.e. make check_existing_installation() return a list of server IDs and make check_ports() return an (unsecure, secure) tuple indication which ports are in use. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Fix issues reported by rpmlint.Rob Crittenden2008-01-181-1/+0
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Add ipa-server-install --uninstallMark McLoughlin2008-01-111-0/+25
| | | | | | | | Add a --uninstall option to ipa-server-install which tries to restore the system to the way it was before ipa-server-install was run using the state backed up through sysrestore.py. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Backup system state in ipa-server-installRob Crittenden2008-01-141-1/+12
| | | | | | | | | | | | | This patch adds a sysrestore module which allows ipa-server-install code to backup any system state so that it can be restored again with e.g. ipa-server-install --uninstall. The idea is that any files ipa-server-install modifies gets backed up to /var/cache/ipa/sysrestore/ while any "meta" state, like whether a service is enabled with chkconfig, is saved to /var/cache/ipa/sysrestore.state. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Use service.py helpersMark McLoughlin2008-01-111-1/+1
| | | | | | | In dsinstance.py, there's one place we could use the service.py helpers where we don't currently. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Correct serial number for ds certs.Karl MacMillan2007-12-211-1/+1
|
* Convert replication to use the new cert infrastructure andKarl MacMillan2007-12-201-11/+14
| | | | | | correctly issue certs from the same authority. Also remove support for read-only replicas since that work will not be finished and tested for 1.0.
* Refactor krbinstance and dsinstance creation stepsMark McLoughlin2007-12-131-49/+34
| | | | | | | | | | | | | | | | | | | | Creation steps are currently done with: self.start_creation(2, "Create foo") self.step("do foo") self.foo() self.step("do bar") self.bar() self.done_creation() This patch refactors that into the much more straightforward: self.step("do foo", self.foo) self.step("do bar", self.bar) self.start_creation("Create foo") Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Don't template files which don't contain variablesMark McLoughlin2007-12-131-16/+25
| | | | | | | | | | | | The following files hav no template variables, so don't bother templating them: - memberof-conf.ldif - referint-conf.ldif - dna-conf.ldif - certmap.conf.template Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Refactor dsinstance ldap modify codeMark McLoughlin2007-12-131-74/+23
| | | | | | | | | | | | | | Just a patch to refactor lots of similar code in dsinstance and krbinstance using a simple helper method. Note, there are some differences: - Some code used to call ldapmodify without -h 127.0.0.1 - Some of the code used to just print an error rather than using logging.critical() - Some code used to log some extra debug Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* User provided certs.Karl MacMillan2007-12-121-1/+1
|
* Convert the setup of ssl from a shell script to aKarl MacMillan2007-12-061-7/+32
| | | | | python module. This is in preparation for user supplied certs.
* Add default e-mail domain to the IPA configurationRob Crittenden2007-12-101-1/+3
|
* Fix errors with ipautil.CalledProcessError and cleanup some imports.Karl MacMillan2007-12-041-38/+37
|
* Compatibility changes to work on RHEL 5 with python 2.4rcritten@redhat.com2007-11-301-14/+13
|
* Initial replication setup.Karl MacMillan2007-11-211-25/+79
| | | | | | | | | | | | | | | | | | | This add replication setup through two new commands: ipa-replica-prepare and ipa-replica-install. The procedure is to run ipa-replica-prepare on an existing master. This will collect information about the realm and the current master and create a file storing all of the information. After copying that file to the new replica, ipa-replica-install is run (with -r to create a read-only replica). This version of the patch also includes fixes for the sasl mappings on the replicas. Remaining features: - ssl for replication. - automatic configuration of mesh topology for master (or a simpler way to replicate multiple masters. - tool for view / configuring current replication.
* Enable group inactivation by using the Class of Service plugin.Rob Crittenden2007-11-201-1/+1
| | | | | | | | | | | | | | | | | | | | This adds 2 new groups: activated and inactivated. If you, or a group you are a member of, is in inactivated then you are too. If you, or a group you are a member of, is in the activated group, then you are too. In a fight between activated and inactivated, activated wins. The DNs for doing this matching is case and white space sensitive. The goal is to never have to actually set nsAccountLock in a user directly but move them between these groups. We need to decide where in the CLI this will happen. Right it is split between ipa-deluser and ipa-usermod. To inactivate groups for now just add the group to inactivate or active.
* Minor fixes.Karl MacMillan2007-11-191-1/+1
|
* Fix installationSimo Sorce2007-11-181-0/+2
| | | | | Add missing schema for GUI Config, and missing objectclass for cn=accounts container
* Initialize memberof patch from Pete Rowley.Karl MacMillan2007-11-151-1/+15
|
* Add posix auto gen for single master casePete Rowley2007-11-061-0/+34
|
* Introduce service base class and clean up ipa-server-installKarl MacMillan2007-11-051-26/+28
| | | | | | | | | | | | 1) Add a base class for all of the instance objects. 2) Normalize usage of logging. 3) General cleanups of ipa-server-install. 4) Make better use of httpinstance. 5) Add webguiinstance. 6) Improve progress reporting during installation. Works Here (TM), but it would be nice to get someone else to test since this moves code around a bit.
* merge initial radius workJohn Dennis2007-11-031-0/+2
|
* Enable referential integrity plugin.Karl MacMillan2007-11-051-0/+10
|
* NTP configuration for client and server.Karl MacMillan2007-11-011-2/+0
| | | | | | | | Configure ipa servers as an ntp server and clients to (by default) us the ipa server as an ntp server. Also corrected the messages about which ports should be opened.
* Create LDAP indeces on installation for fields the web GUI searches againstRob Crittenden2007-10-301-0/+14
|
generated by cgit (git 2.34.1) at 2024-06-07 05:56:54 +0000