summaryrefslogtreecommitdiffstats
path: root/ipaserver
Commit message (Collapse)AuthorAgeFilesLines
* Fix bug in _get_syntax (it was always returning None).Pavel Zuna2009-08-031-15/+7
| | | | Also prevent a few cases of double processing of arguments.
* Fixed whitespace indentation error in certs.pyJason Gerard DeRose2009-07-271-34/+34
|
* Identify CAs to trust from an imported PKCS#12 fileRob Crittenden2009-07-272-14/+45
| | | | | | | | | | We used to use certutil -O to determine the cert chain to trust. This behavior changed in F-11 such that untrusted CAs are not displayed. This is only used when we import PKCS#12 files so use pk12util -l to display the list of certs and keys in the file to determine the nickname(s) of the CAs to trust. 509111
* Fix deprecation warning for the sha library on Python 2.6Rob Crittenden2009-07-231-2/+8
| | | | | | | | | | sha has been replaced by hashlib. We need to support Python 2.4 - 2.6 so this will use hashlib if available but fall back onto sha if not. Fortunately they use the same API for the function we need. 509042 Signed-off-by: Jason Gerard DeRose <jderose@redhat.com>
* No need to trust NSS built-in CA's, more specific regex for finding CA nicknameRob Crittenden2009-07-231-4/+16
| | | | | | | | | | - Add some logging so we have a better idea of what happened if things fail - Default to self-signed CA to trust if one is not found. This will fix the self-signed CA case where certutil doesn't return untrusted CA's in -O output. - Remove unused httplib import Signed-off-by: Jason Gerard DeRose <jderose@redhat.com>
* Make --setup-dns work on replica installationMartin Nagy2009-07-221-4/+34
| | | | | | | The ipa-replica-install script will setup the DNS if user specifies the --setup-dns option. It will only add the zone into LDAP if the cn=dns,$SUFFIX container doesn't exist. For now, however, we do not add the records.
* Add a reverse zone with server's PTR recordMartin Nagy2009-07-221-5/+17
| | | | Also, small cosmetic change in dns.ldif.
* Allow replicas of an IPA server using an internal dogtag server as the CARob Crittenden2009-07-154-93/+201
| | | | | | | | This involves creating a new CA instance on the replica and using pkisilent to create a clone of the master CA. Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of changes to ports and configuration have been done recently.
* Basic changes to get a default principal for DNSSimo Sorce2009-07-102-1/+61
| | | | | | | | Also moves delagation layout installation in dsinstance. This is needed to allow us to set default membership in other modules like bindinstance. Signed-off-by: Martin Nagy <mnagy@redhat.com>
* Import explode_dn from ldap.functions for backward compatibility with older ↵Pavel Zuna2009-07-081-2/+4
| | | | | | version of python-ldap. Fix bug in add_entry_to_group. Resolves 510149
* Add class variable to indicate whether SSL is required or not.Rob Crittenden2009-07-071-2/+4
| | | | | Older python-ldap versions will crash if you call ldap.get_option() on a value that has not been set.
* Fix bug in ldap2.modify_password and make adding/removing members slightly ↵Pavel Zuna2009-07-071-4/+4
| | | | more efficient.
* Add conversion of attribute name synonyms when generating modlists.Pavel Zuna2009-06-151-0/+28
|
* Add support for incomplete (truncated) search results.Pavel Zuna2009-06-151-14/+29
| | | | | | | | | | ldap2.find_entries now returns a tuple containing 2 values. First, a list of entries (dn, entry_attrs), Second, the truncated flag. If the truncated flag is True, search results hit a server limitation and are incomplete. This patch also removes decoding of non-string scalar python types into unicode (they are left unchanged).
* Fix bugs in ldap2.Pavel Zuna2009-06-121-18/+8
|
* Fix bug in ldap2.normalize_dn.Pavel Zuna2009-06-101-1/+1
| | | | DN was always returned as lower-case, sometimes resulting in 2 RDN values with different cases when creating entries.
* Use LDAP instead of flat file for zone storageMartin Nagy2009-06-024-19/+16
|
* Move the __ldap_mod function to the Service classMartin Nagy2009-06-023-65/+47
| | | | | | We were duplicating it for KrbInstance and DsInstance. Since we will also need it for BindInstance as well, it will be better if it is in the Service class instead.
* Make it easier to search for a single entry by attribute value ↵Pavel Zuna2009-05-261-6/+19
| | | | (find_entry_by_attr). Fix minor search filter generation issues.
* Make ldap2 always return attribute names as lowercase. Add Encoder to ldap2 ↵Pavel Zuna2009-05-221-117/+43
| | | | base classes and use encode_args/decode_retval where applicable.
* Fix password setting on python 2.4 systems (it doesn't like None for oldpw)Rob Crittenden2009-05-211-1/+1
|
* Schema change so the nisnetgroup triples work properly.Rob Crittenden2009-05-191-1/+1
| | | | | | If we use cn for hostname there is no easy way to distinguish between a host and a hostgroup. So adding a fqdn attribute to be used to store the hostname instead.
* Use the csv module instead of my own hackish lexer.Rob Crittenden2009-05-191-34/+30
| | | | | | | | The first character in a line is used to determine how the line will be quoted. If it begins with no quote we use '. If it begins with either ' or " we use that character. So if you have a quoted string and you don't want it to be considered a comma-separated value put the other quote string around the whole block.
* Don't pass non-existent arguments to _handle_errors()Rob Crittenden2009-05-191-9/+5
|
* Fix a comment and some typosRob Crittenden2009-05-131-2/+7
|
* Drop the binary subtype. This usage is deprecated according to Rich M.Rob Crittenden2009-05-131-1/+1
|
* Add a reason to the NotFound exception so we can provide more robust errorsRob Crittenden2009-05-132-10/+10
|
* Fix replica installation for self-signed CA (no dogtag)Rob Crittenden2009-05-041-0/+58
|
* Utilize the new dogtag library for retrieving the CA cert chainRob Crittenden2009-05-041-15/+4
|
* Add signing profile to CA installation so we can sign the firefox jar file.Rob Crittenden2009-05-044-57/+170
| | | | | | | Use the requestId we get back from the CA when requesting the RA agent cert and use that to issue the certificate rather than hardcoding 7. This also adds some clean-up of file permissions and leaking fds
* Make search filter generation a bit safer. Minor bug fixes/code improvements.Pavel Zuna2009-04-301-8/+12
|
* Add method to generate DN from attribute directly, without making RDN first.Pavel Zuna2009-04-301-0/+10
|
* Use XML rather than string routines to handle response from dogtag Remove ↵Rob Crittenden2009-04-281-6/+17
| | | | trailing CR/LF from the password file
* Rename errors2.py to errors.py. Modify all affected files.Pavel Zuna2009-04-239-76/+76
|
* Fix filter generator in ldapapi. Shouldn't produce invalid filters anymore.Pavel Zuna2009-04-231-6/+12
|
* Throw AlreadyGroupMember instead of EmptyModlist when trying to re-add ↵Pavel Zuna2009-04-221-3/+4
| | | | member to a group.
* Change ldap2.__handle_errors into the global _handle_errors function.Pavel Zuna2009-04-221-52/+53
|
* Make it possible to construct partial match filters using make_filter_* ↵Pavel Zuna2009-04-221-6/+20
| | | | methods. Add missing _sasl_auth variable.
* Convert the RA plugin to use nsslib and remove the configure methodsRob Crittenden2009-04-201-134/+39
|
* Issue DS and Apache server certs during CA installation.Rob Crittenden2009-04-204-102/+355
| | | | | | | Notes: - will create a CA instance (pki-ca) if it doesn't exist - maintains support for a self-signed CA - A signing cert is still not created so Firefox autoconfig still won't work
* Remove unwanted white spaceRob Crittenden2009-04-201-12/+12
|
* Finish work replacing the errors module with errors2Rob Crittenden2009-04-204-95/+153
| | | | | | Once this is committed we can start the process of renaming errors2 as errors. I thought that combinig this into one commit would be more difficult to review.
* Renaming the backend ldap plugin to ldapapi.py to prevent module import issuesRob Crittenden2009-04-061-0/+0
|
* Use full OID for LDAP SYNTAX identification. Don't convert Booleans and ↵Pavel Zuna2009-04-061-24/+20
| | | | Integers into respective python types as their ranges might not match. Rename module-scope functions.
* Add new LDAP backend plugin.root2009-04-031-0/+741
|
* Implement an installer for the Dogtag certificate system.Rob Crittenden2009-04-035-17/+764
| | | | | | | | | | | | | | | The CA is currently not automatically installed. You have to pass in the --ca flag to install it. What works: - installation - unistallation - cert/ra plugins can issue and retrieve server certs What doesn't work: - self-signed CA is still created and issues Apache and DS certs - dogtag and python-nss not in rpm requires - requires that CS be in the "pre" install state from pkicreate
* Renamed remaining plugins still using f_* b_* conventionJason Gerard DeRose2009-04-011-0/+0
|
* Translate variables on all lines and sort files to be updatedRob Crittenden2009-03-251-3/+5
| | | | | | | | Only the dn and the first line of any entry that was spread across multiple lines were getting passed through the template engine. If we are given a directory to process, sort the files in that directory so the order can be predicted. Some updates rely on others.
* DNA is now configured using an update fileRob Crittenden2009-03-251-4/+0
|
* Allow a search using only the exact search filterRob Crittenden2009-03-251-4/+10
|
generated by cgit (git 2.34.1) at 2024-06-25 02:24:10 +0000