summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* Enable Retro Changelog and Content Synchronization DS pluginsAna Krivokapic2014-01-143-1/+14
| | | | | | | | | Enable Retro Changelog and Content Synchronization DS plugins which are required for SyncRepl support. Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+. https://fedorahosted.org/freeipa/ticket/3967
* acl: Remove krbPrincipalExpiration from list of admin's excluded attrsTomas Babej2014-01-142-2/+4
| | | | | | | | Since we're exposing the krbPrincipalExpiration attribute for direct editing in the CLI, remove it from the list of attributes that admin cannot edit by default. Part of: https://fedorahosted.org/freeipa/ticket/3306
* Revert restart scripts file permissions changeMartin Kosek2014-01-082-0/+0
| | | | | Previous commit accidentally added executable permission to restart_pkicad and stop_pkicad.
* PKI service restart after CA renewal failedJan Cholasta2014-01-083-27/+35
| | | | | | | | | | Fix both the service restart procedure and registration of old pki-cad well known service name. This patch was adapted from original patch of Jan Cholasta 178 to fix ticket 4092. https://fedorahosted.org/freeipa/ticket/4092
* Use /usr/bin/python2Xiao-Long Chen2014-01-0328-28/+28
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* Fix incorrect path in error message on sysrestore failureTomas Babej2013-12-201-5/+10
| | | | | | | | On sysrestore failure, user is prompted out to remove the sysrestore file. However, the path to the sysrestore file mentioned in the sentence is not correct. https://fedorahosted.org/freeipa/ticket/4080
* Prevent garbage from readline on standard output of dogtag-ipa-retrieve-agent.Jan Cholasta2013-12-201-0/+4
| | | | https://fedorahosted.org/freeipa/ticket/4064
* Increase stack size for Web UI builderPetr Vobornik2013-12-132-6/+8
| | | | | | | | | Web UI build fails on some architectures or configuration due to StackOverflow. This patch increases the stack size to solve it. 512k is usually enough but we encountered fail on ppc64 even with 2m, therefore the 8m. The build is single threaded so it shouldn't waste much memory.
* Add new permission schemaPetr Viktorin2013-12-131-0/+9
| | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Design: http://www.freeipa.org/page/V3/Permissions_V2
* Allow kernel keyring CCACHE when supportedMartin Kosek2013-12-091-1/+1
| | | | | | | Server and client installer should allow kernel keyring ccache when supported. https://fedorahosted.org/freeipa/ticket/4013
* Fix license in some Web UI filesPetr Vobornik2013-12-094-20/+17
| | | | | | Modified web ui files had incorrect GPLv2 headers instead of GPLv3 ones. All of the affected code is of FreeIPA origin.
* Add RADIUS proxy support to ipalib CLINathaniel McCallum2013-12-034-1/+14
| | | | https://fedorahosted.org/freeipa/ticket/3368
* Make Expression field required when adding automember conditionAna Krivokapic2013-11-271-2/+4
| | | | https://fedorahosted.org/freeipa/ticket/4053
* Remove mod_ssl port workaround.Jan Cholasta2013-11-261-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/4021
* Break long doc string in the Host pluginPetr Viktorin2013-11-213-69/+376
| | | | | | Also split the translations in French and Ukraininan Part of https://fedorahosted.org/freeipa/ticket/3587
* Update translations from TransifexPetr Viktorin2013-11-2117-734/+541
|
* WebUI: Add userClass attribute to user and host pagesAna Krivokapic2013-11-192-2/+9
| | | | | | | | | Add userClass attribute to: - user and host adder dialogs - user and host detail facets Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems https://fedorahosted.org/freeipa/ticket/3590
* Add userClass attribute for usersAna Krivokapic2013-11-191-0/+1
| | | | | | | | | This new freeform user attribute will allow provisioning systems to add custom tags for user objects which can be later used for automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems https://fedorahosted.org/freeipa/ticket/3588
* Unify capitalization of attribute names in schema filesPetr Viktorin2013-11-183-19/+19
| | | | | | | | | | | Due to a bug[0], python-ldap doesn't parse schema LDIF files correctly if they use inconsistent capitalization. This patch works around the bug in IPA schema files. [0] https://bugzilla.redhat.com/show_bug.cgi?id=1007820 Note: git's --word-diff option is recommended for viewing these changes
* Add formerly update-only schemaPetr Viktorin2013-11-184-1/+42
| | | | | | Some schema was only delivered in updates. Add it back as ldif files. https://fedorahosted.org/freeipa/ticket/3454
* Make schema files conform to new updaterPetr Viktorin2013-11-187-20/+20
| | | | | | | | | | | | | | | | | The new schema updater only compares textual representations of schema elements, as formatted by python-ldap. This works well, but it is too strict for the current schema files in two ways: - For attribute names in MAY and MUST, the correct letter case must be used - AttributeTypes must specify explicit EQUALITY and SYNTAX fields even if they are the same as its supertype's. When these restrictions are not followed, the updater will always overwrite the schema element. This is harmless but it fills up the log unnecessarily. Modify the schema files to conform to these restrictions. Part of the work for https://fedorahosted.org/freeipa/ticket/3454 Note: git's --word-diff option is recommended for viewing these changes
* Remove schema modifications from update filesPetr Viktorin2013-11-1813-532/+1
| | | | | | | As schema is now handled by the schema updater, these entries are superfluous. https://fedorahosted.org/freeipa/ticket/3454
* Update the man page for ipa-ldap-updaterPetr Viktorin2013-11-181-8/+20
|
* Add automember rebuild command to the web UIAna Krivokapic2013-11-154-7/+81
| | | | | Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership https://fedorahosted.org/freeipa/ticket/3928
* Fix error message when adding duplicate automember ruleAna Krivokapic2013-11-151-2/+2
| | | | | | Also fix object_name and object_name_plural for automember rules. https://fedorahosted.org/freeipa/ticket/2708
* Add a privilege and a permission needed for automember rebuild commandAna Krivokapic2013-11-151-0/+19
| | | | | Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership https://fedorahosted.org/freeipa/ticket/3752
* Add support for managing user auth typesNathaniel McCallum2013-11-081-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/3368
* Turn LDAPEntry.single_value into a dictionary-like property.Jan Cholasta2013-11-054-48/+48
| | | | | | This change makes single_value consistent with the raw property. https://fedorahosted.org/freeipa/ticket/3521
* Guard import of adtrustinstance for case without trustsAlexander Bokovoy2013-11-041-2/+8
| | | | https://fedorahosted.org/freeipa/ticket/4011
* Remove deprecated AllowLMhash configMartin Kosek2013-11-011-1/+1
| | | | | | | Remove this ipaConfigString value as LM hash is deprecated and in fact even insecure. https://fedorahosted.org/freeipa/ticket/3795
* Remove AllowLMhash from the allowed IPA config stringsSumit Bose2013-11-013-3/+1
| | | | Fixes https://fedorahosted.org/freeipa/ticket/3795
* Fix password expiration notificationPetr Vobornik2013-10-303-5/+6
| | | | | | - was broken by navigation and application controller refactoring https://fedorahosted.org/freeipa/ticket/4003
* Track DS certificate with certmonger on replicas.Jan Cholasta2013-10-291-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/3975
* Remove mod_ssl conflictMartin Kosek2013-10-253-0/+9
| | | | | | | | | | | Since mod_nss-1.0.8-24, mod_nss and mod_ssl can co-exist on one machine (of course, when listening to different ports). To make sure that mod_ssl is not configured to listen on 443 (default mod_ssl configuration), add a check to the installer checking of either mod_nss or mod_ssl was configured to listen on that port. https://fedorahosted.org/freeipa/ticket/3974
* Do not add kadmin/changepw ACIs on new installsMartin Kosek2013-10-252-2/+0
| | | | | | | | | | | | These ACI were needed when FreeIPA had a custom ipa_kpasswd daemon, now that a standard kadmin is used, ACIs are not needed anymore as kadmin uses the same driver as the KDC. The ACIs is not removed on upgrades to avoid breaking older replicas which may still use FreeIPA version with the ipa_kpasswd daemon. https://fedorahosted.org/freeipa/ticket/3987
* Add ipa-advise plugins for nss-pam-ldapd legacy clientsAna Krivokapic2013-10-185-3/+52
| | | | | | | | | | | Add three new ipa-advise plugins, to facilitate configuration of legacy clients using nss-pam-ldapd: * config-redhat-nss-pam-ldapd * config-generic-linux-nss-pam-ldapd * config-freebsd-nss-pam-ldapd https://fedorahosted.org/freeipa/ticket/3672
* Registries and Build GuidePetr Vobornik2013-10-162-0/+310
|
* Navigation GuidePetr Vobornik2013-10-162-0/+276
|
* Plugin Infrastructure GuidePetr Vobornik2013-10-162-0/+79
|
* Debugging Web UI guidePetr Vobornik2013-10-162-0/+85
|
* Phases GuidePetr Vobornik2013-10-163-0/+131
|
* Configuration for JSDuck documentation generatorPetr Vobornik2013-10-165-0/+252
| | | | | | | | | | Installation: https://github.com/senchalabs/jsduck/wiki/Installation Basically it requires ruby and jsduck gem. Usage: $ cd install/ui/doc $ make Documentation will be generated into: install/ui/build/code_doc directory
* Web UI source code annotationPetr Vobornik2013-10-1643-479/+5571
| | | | Part of ongoing Web UI documentation effort. Source code is annotated in a way that it can be processed by documentation generator.
* Removal of unused codePetr Vobornik2013-10-161-14/+0
|
* Load updated Web UI files after server upgradePetr Vobornik2013-10-1612-103/+240
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
* adtrustinstance: Properly handle uninstall of AD trust instanceTomas Babej2013-10-142-2/+5
| | | | | | | | | | | | | | | | | | The uninstall method of the AD trust instance was not called upon at all in the ipa-server-install --uninstall phase. This patch makes sure that AD trust instance is unconfigured when the server is uninstalled. The following steps are undertaken: * Remove /var/run/samba/krb5cc_samba * Remove our keys from /etc/samba/samba.keytab using ipa-rmkeytab * Remove /var/lib/samba/*.tdb files Additionally, we make sure winbind service is stopped from within the stop() method. Part of: https://fedorahosted.org/freeipa/ticket/3479
* ipa-adtrust-install: Add warning that we will break existing samba configurationTomas Babej2013-10-141-3/+15
| | | | | | | | In case /etc/samba/smb.conf exists and it was not created by ipa-adtrust-install, print a warning that we will break existing samba configuration and ask for a confirmation in the interactive mode. Part of: https://fedorahosted.org/freeipa/ticket/3479
* ipa-upgradeconfig: Remove backed up smb.confTomas Babej2013-10-141-0/+14
| | | | | | | | | | | Since we are not able to properly restore the Samba server to the working state after running ipa-adtrust-install, we should not keep the smb.conf in the fstore. This patch makes sure that any backed up smb.conf is removed from the backup and that this file is not backed up anymore. Part of: https://fedorahosted.org/freeipa/ticket/3479
* Winsync re-initialize should not run memberOf fixup taskMartin Kosek2013-10-111-5/+6
| | | | | | | Change re-initialize command to consider memberOf fixup task only for non-winsync replication agreements. https://fedorahosted.org/freeipa/ticket/3854
* Remove --no-serial-autoincrementMartin Kosek2013-10-115-16/+2
| | | | | | | | Deprecate this option and do not offer it in installation tools. Without this option enabled, advanced DNS features like DNSSEC would not work. https://fedorahosted.org/freeipa/ticket/3962
generated by cgit (git 2.34.1) at 2024-05-18 16:26:41 +0000