freeipa.git/install/share, branch master

Enable anonymous VLV so Solaris clients will work out of the box.

2010-04-16T15:05:20+00:00

Since one needs to enable the compat plugin we will enable anonymous
VLV when that is configured.

By default the DS installs an aci that grants read access to ldap:///all
and we need ldap:///anyone

Run ipaserver under mod_wsgi

2010-03-02T03:22:22+00:00

- also ensure that krbCanonicalName is unique

2010-02-05T20:34:23+00:00

- allow the KDC to read krbCanonicalName

2010-02-05T20:34:04+00:00

- pull in updated schema which adds the krbCanonicalName attribute

2010-02-04T16:36:13+00:00

Set BIND to use ldapi and use fake mname

2010-01-21T22:37:42+00:00

The fake_mname for now doesn't exists but is a feature that will be
added in the near future. Since any unknown arguments to bind-dyndb-ldap
are ignored, we are safe to use it now.

Only add an NTP SRV record if we really are setting up NTP

2010-01-21T22:09:21+00:00

The sample bind zone file that is generated if we don't use --setup-dns
is also changed.

Fixes #500238

Use the dns plug-in for addition of records during installation

2010-01-21T22:09:18+00:00

Fixes #528943

Fix merge issue, cut-and-paste error

2010-01-21T20:23:36+00:00

User-defined certificate subjects

2010-01-20T22:24:01+00:00

Let the user, upon installation, set the certificate subject base
for the dogtag CA. Certificate requests will automatically be given
this subject base, regardless of what is in the CSR.

The selfsign plugin does not currently support this dynamic name
re-assignment and will reject any incoming requests that don't
conform to the subject base.

The certificate subject base is stored in cn=ipaconfig but it does
NOT dynamically update the configuration, for dogtag at least. The
file /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg would need to
be updated and pki-cad restarted.