| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The file VERSION is now the sole-source of versioning.
The generated .spec files will been removed in the maintainer-clean targets
and have been removed from the repository.
By default a GIT build is done. To do a non-GIT build do:
$ make TARGET IPA_VERSION_IS_GIT_SNAPSHOT=no
When updating the version you can run this to regenerate the version:
$ make version-update
The version can be determined in Python by using ipaserver.version.VERSION
|
|
|
|
|
| |
The group "apache" needs to have read access to them so they will work in
Fedora 9+.
|
|\
| |
| |
| | |
into ipa-1-0
|
| |
| |
| |
| | |
operation into 2 modify operations
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've changed the variable name searchlimit to sizelimit to match the
name in python-ldap (and hopefully therefore be more readable).
The big change was changing the default value from 0 to -1. As 0 we were
never using the value from cn=ipaconfig
python-ldap expects this to be an int type
In the UI sizelimit was hardcoded at 0 for users
439880
|
|
|
|
| |
440242
|
|
|
|
| |
440895
|
|
|
|
| |
442756
|
|
|
|
| |
440474
|
| |
|
|
|
|
| |
442582
|
|
|
|
|
|
|
| |
The dirsrv init script always returns 0 on status checks, even if an
instance is not started. So we have to look through the output instead.
442452
|
|
|
|
|
|
|
|
| |
Users are considered activated by default so don't need to be in the
activated group explicitly. Ignore the "not in group" error when trying
to remove them.
442470
|
|
|
|
|
|
|
|
| |
If plugin isn't configured then the kerberos attributes don't get populated.
User's will get Preauthentication errors from the kerberos libraries
because there is no krbPrincipalKey to match against.
442134
|
|
|
|
|
|
|
| |
If we generate a new keytab for each replica then effectively password
changes can only occur on the last replica created.
439905
|
|
|
|
| |
Fix copy&paste error.
|
|
|
|
| |
440646
|
| |
|
|
|
|
| |
440651
|
| |
|
|
|
|
|
|
| |
- don't let a user set a password identical to the current one.
- don't check more then the policy defined number of passwords in history
- don't set an history longer than policy defined
|
|
|
|
| |
439281
|
|
|
|
| |
438387
|
|
|
|
|
|
|
| |
Because the ipa.config() object raises an error if there is no configuration
file and auto-detection fails, ipa_webgui may fail to start at install time.
440475
|
| |
|
|
|
|
|
|
|
|
| |
since they aren't being displayed anymore. They will just get blanked.
Also add some error handling in ipahelper.fix_incoming_fields()
438256
|
| |
|
|
|
|
| |
ipa-client-install
|
| |
|
| |
|
|
|
|
| |
440142
|
|
|
|
| |
440081
|
|
|
|
| |
438007
|
|
|
|
| |
430015
|
|
|
|
| |
client bits.
|
|
|
|
|
|
|
| |
Latest patch used the wrong path and all files where actually going to /tmp
even if a different path was specified.
Makes also StateFile behave the same as FileStore, and be a public class, this
way a common path can be used too.
|
|
|
|
| |
has different function names. This was a runtime linker crash bug :/
|
|
|
|
|
|
| |
Fix the redirection errors, it was going to back to the Add delegation page
438257
|
|
|
|
|
|
| |
This is done automatically and trying to do so will return an error.
432106
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We do account activation by using a Class of Service based on group
membership. A problem can happen if the entry itself has an nsaccountlock
attribute and you try doing Class of Service work as well because the
local attribute has priority. So try to detect that the entry has a local
nsAccountLock attribute and report an appropriate error.
Don't allow the admins or editors groups to be de-activated.
Return a better error message if account [in]activation fails.
Catch errors when doing group [in]activation.
439230
|
| |
|
|
|
|
|
|
|
| |
using nsswitch calls that read it and also take in account any other name
resolution mechanism that might be installed (like NIS lol :-).
This also should make the check support IPv6 transparently too (not tested)
|
|
|
|
|
|
|
|
|
|
| |
is created.
We basically just need to add a check to see if we're to use a group
DN as the memberOf value when performing an operation on itself for
all operation types.
439450
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
values without specifying the values to delete in the memberOf
plug-in. Member entries were not being updated because the code
used the values in the mod to find the member entries to update.
The fix is to detect when a delete modify has no values specified
and just use the replace code since it compares the pre-op and
post-op copies of the group to figure out what member entries to
update.
439097
|
|
|
|
| |
439120
|
|
|
|
|
|
| |
Change backup format so files are all in a single directory (no dir
hierarchies) and use an index file so we can save also ownership and
permission info for the restore (and eventually other data later on).
|
|
|
|
|
|
| |
If a site really wants it gone then can delete it via LDAP.
439281
|
|
|
|
|
|
|
|
|
|
| |
current value to prevent unnecessary LPAP updates (and failed writes)
Don't check against these lists on updates, only add them on new entries.
Disable the ability to configure in the UI these values for now.
438256
|
|
|
|
|
|
|
|
| |
The DS setup program uses Perl and does a similar port available test.
It seems that perl always sets FD_CLOEXEC and python does not. This is
why the port test would pass in python but fail in perl.
439024
|
|
|
|
| |
439057
|