Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Make sure all services are stopped during uninstall. | Rob Crittenden | 2008-05-14 | 1 | -1/+3 |
| | | | | | | | | | We were just shutting down the KDC if it had been started prior to IPA installation. We need to stop it in all cases. And we should restart nscd as it may have made an LDAP connection. 440322 | ||||
* | Enforce the maximum username length set by IPA Policy | Rob Crittenden | 2008-05-14 | 1 | -0/+25 |
| | | | | 439891 | ||||
* | Do a more thorough job of removing an existing DS instance. | Rob Crittenden | 2008-05-13 | 1 | -0/+4 |
| | | | | | | Add /usr/lib/dirsrv/slapd-INSTANCE to the list of directories removed. 442753 | ||||
* | The admin user doesn't have the inetorgperson objectclass so don't have a ↵ | Rob Crittenden | 2008-05-13 | 1 | -0/+10 |
| | | | | | | | | | givenname attribute. The UI is currently hardcoded to require "first name" which renders the admin user uneditable via the UI. This is a hack that will allow admin to be edited, assuming that one doesn't try to add a firstname field. 440548 | ||||
* | Display information on how to uninstall a partially installed server. | Rob Crittenden | 2008-05-09 | 1 | -4/+10 |
| | | | | | | | This may have failed either because the user pressed ^C or something failed during installation. 442454 | ||||
* | Include information on where to look if a hostname resolves to localhost. | Rob Crittenden | 2008-05-09 | 1 | -1/+1 |
| | | | | 442812 | ||||
* | Return better ewrror message that gives a hint about who actually returned it | Simo Sorce | 2008-05-08 | 1 | -9/+6 |
| | | | | + Some cleanups (trainling spaces and such). | ||||
* | Detect existing DS instances and prompt for removal during replica install. | Rob Crittenden | 2008-05-08 | 1 | -0/+32 |
| | | | | 442454 | ||||
* | Add missing colon to function definition that broke the build | Rob Crittenden | 2008-05-08 | 1 | -1/+1 |
| | |||||
* | Add a version API to the server so it knows what version it is. | Rob Crittenden | 2008-05-08 | 8 | -14/+47 |
| | | | | 435019 | ||||
* | Don't allow the IPA server service principals to be removed. | Rob Crittenden | 2008-05-08 | 1 | -0/+3 |
| | | | | 440282 | ||||
* | Don't prompt for confirmation of DM password when installing a replica. | Rob Crittenden | 2008-05-08 | 2 | -4/+12 |
| | | | | | | | | | It implies that you are setting a new password and you really aren't. Also added a catch for KeyboardInterrupt with instructions on how to recover from a partial install. 441607 | ||||
* | Second half of the redoing how the version is managed. | Rob Crittenden | 2008-05-07 | 3 | -0/+10 |
| | |||||
* | Indent the plugin accordingly to our style guidelines. | Simo Sorce | 2008-05-07 | 1 | -802/+758 |
| | | | | Used indent -kr -nut dna.c for most of the changes | ||||
* | Refine our web space some more so that everything we reference is in /ipa | Rob Crittenden | 2008-05-07 | 11 | -46/+170 |
| | | | | | | | | | | | | | | | UI: /ipa/ui XML-RPC: /ipa/xml errors: /ipa/errors config: /ipa/config I had to hardcode that URI into the CSS pages but TurboGears handles the rest of the translations with tg.url(). Added a version to ipa.conf and ipa-rewrite.conf so we can update them in the future if needed with ipa-upgradeconfig 440443 | ||||
* | Redo the way versioning works in freeIPA. | Rob Crittenden | 2008-05-05 | 2 | -350/+0 |
| | | | | | | | | | | | | | | | | | The file VERSION is now the sole-source of versioning. The generated .spec files will been removed in the maintainer-clean targets and have been removed from the repository. By default a GIT build is done. To do a non-GIT build do: $ make TARGET IPA_VERSION_IS_GIT_SNAPSHOT=no When updating the version you can run this to regenerate the version: $ make version-update The version can be determined in Python by using ipaserver.version.VERSION | ||||
* | This patch begins the process of replacing OpenLDAP with mozldap. | W. Michael Petullo | 2008-05-01 | 5 | -54/+60 |
| | | | | | | | | | FreeIPA relies on RedHat's Directory Server, which uses mozldap. A FreeIPA build using mozldap would reduce the project's dependencies and redundant code. In addition, mozldap uses NSS instead of OpenSSL. This is beneficial for the reasons listed in [1]. [1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation | ||||
* | Fix ownership of the Apache NSS cert and key databases. | Rob Crittenden | 2008-04-30 | 1 | -0/+10 |
| | | | | | The group "apache" needs to have read access to them so they will work in Fedora 9+. | ||||
* | Fix the client-side search size limit. | Rob Crittenden | 2008-04-25 | 2 | -25/+25 |
| | | | | | | | | | | | | | | I've changed the variable name searchlimit to sizelimit to match the name in python-ldap (and hopefully therefore be more readable). The big change was changing the default value from 0 to -1. As 0 we were never using the value from cn=ipaconfig python-ldap expects this to be an int type In the UI sizelimit was hardcoded at 0 for users 439880 | ||||
* | Make sure recent ldapmodify tool (as in F9) do not complain by splitting the | Simo Sorce | 2008-04-25 | 1 | -0/+5 |
| | | | | operation into 2 modify operations | ||||
* | Add nfs as a service principal type. | Rob Crittenden | 2008-04-23 | 1 | -0/+1 |
| | | | | 440242 | ||||
* | Don't let a user change their own uid. Fix some related errors if they try. | Rob Crittenden | 2008-04-23 | 2 | -3/+8 |
| | | | | 440895 | ||||
* | Don't allow a replica to prepare a replica for itself. | Rob Crittenden | 2008-04-23 | 1 | -0/+3 |
| | | | | 442756 | ||||
* | Fixed various memory leaks in memberOf plug-in. | Nathan Kinder | 2008-04-22 | 1 | -2/+9 |
| | | | | 440474 | ||||
* | Become version 1.0.0release-1-0-0 | Rob Crittenden | 2008-04-16 | 4 | -4/+16 |
| | |||||
* | Catch all errors when obtaining an LDAP connection. | Rob Crittenden | 2008-04-15 | 1 | -0/+2 |
| | | | | 442582 | ||||
* | Better detection of DS not starting. | Rob Crittenden | 2008-04-14 | 1 | -3/+23 |
| | | | | | | | The dirsrv init script always returns 0 on status checks, even if an instance is not started. So we have to look through the output instead. 442452 | ||||
* | Don't quit trying to lock a user if they aren't in the activated group. | Rob Crittenden | 2008-04-14 | 1 | -1/+5 |
| | | | | | | | | Users are considered activated by default so don't need to be in the activated group explicitly. Ignore the "not in group" error when trying to remove them. 442470 | ||||
* | Configure the ipa_pwd_extop plugin on replicas. | Rob Crittenden | 2008-04-14 | 1 | -1/+4 |
| | | | | | | | | If plugin isn't configured then the kerberos attributes don't get populated. User's will get Preauthentication errors from the kerberos libraries because there is no krbPrincipalKey to match against. 442134 | ||||
* | Use the same kpasswd.keytab on all replicas. | Rob Crittenden | 2008-04-09 | 3 | -3/+12 |
| | | | | | | | If we generate a new keytab for each replica then effectively password changes can only occur on the last replica created. 439905 | ||||
* | The kpasswd keytab must not be owned by the dirsrv user. | Simo Sorce | 2008-04-08 | 1 | -2/+0 |
| | | | | Fix copy&paste error. | ||||
* | SELinux fix from Dan Walsh | Rob Crittenden | 2008-04-07 | 1 | -1/+1 |
| | | | | 440646 | ||||
* | Add (post) to Requires: ipa-server-spec | Rob Crittenden | 2008-04-07 | 2 | -2/+4 |
| | |||||
* | Some SELinux policy changes provided by Dan Walsh. | Rob Crittenden | 2008-04-07 | 3 | -4/+18 |
| | | | | 440651 | ||||
* | Add _ntp SRV record | Simo Sorce | 2008-04-07 | 1 | -0/+2 |
| | |||||
* | Password policy checks fixes. | Simo Sorce | 2008-04-07 | 1 | -37/+94 |
| | | | | | | - don't let a user set a password identical to the current one. - don't check more then the policy defined number of passwords in history - don't set an history longer than policy defined | ||||
* | Don't allow the admin user to be removed from the admins group. | Rob Crittenden | 2008-04-04 | 1 | -0/+10 |
| | | | | 439281 | ||||
* | Add missing normalizeDN() when removing members from a group. | Rob Crittenden | 2008-04-04 | 1 | -4/+11 |
| | | | | 438387 | ||||
* | Create /etc/ipa/ipa.conf earlier in the installation process. | Rob Crittenden | 2008-04-03 | 1 | -8/+8 |
| | | | | | | | Because the ipa.config() object raises an error if there is no configuration file and auto-detection fails, ipa_webgui may fail to start at install time. 440475 | ||||
* | Add missing image | Rob Crittenden | 2008-04-03 | 1 | -0/+1 |
| | |||||
* | Don't try to update ipauserobjectclasses or ipagroupobjectclasses | Rob Crittenden | 2008-04-02 | 2 | -9/+13 |
| | | | | | | | | since they aren't being displayed anymore. They will just get blanked. Also add some error handling in ipahelper.fix_incoming_fields() 438256 | ||||
* | Add missing start_creation() so the install process will get kicked off. | Rob Crittenden | 2008-04-02 | 1 | -0/+1 |
| | |||||
* | Make sure we have ipa-client installed as now ipa-server-install calls | Simo Sorce | 2008-04-02 | 2 | -0/+2 |
| | | | | ipa-client-install | ||||
* | Stricter directory control for ipa daemons, each one it's own directory | Simo Sorce | 2008-04-01 | 3 | -1/+16 |
| | |||||
* | Move ipa_kpasswd credential cache in its own directory | Simo Sorce | 2008-04-01 | 4 | -3/+15 |
| | |||||
* | Fix typo in python directive. Fixes marking a group active. | Rob Crittenden | 2008-04-01 | 1 | -1/+1 |
| | | | | 440142 | ||||
* | Fix crash when creating new groups. You can't iterate over a None variable. | Rob Crittenden | 2008-04-01 | 1 | -0/+2 |
| | | | | 440081 | ||||
* | Fix AVC when for reading /proc during password change on RHEL 5 | Rob Crittenden | 2008-04-01 | 1 | -0/+2 |
| | | | | 438007 | ||||
* | No need to use a regular expression to find the replication host | Rob Crittenden | 2008-03-31 | 1 | -3/+1 |
| | | | | 430015 | ||||
* | Call client uninstall from server uninstall so that uninstall reverses also | Simo Sorce | 2008-03-31 | 1 | -0/+15 |
| | | | | client bits. |