freeipa.git/install/tools, branch master Unnamed repository; edit this file to name it for gitweb. Connect to the ldap during the uninstallation 2010-04-19T12:21:08+00:00 Martin Nagy mnagy@redhat.com 2010-04-15T09:08:48+00:00 0ee68892980e1011232cdc23cd2ed5fd3d329972 We need to ask the user for a password and connect to the ldap so the bind uninstallation procedure can remove old records. This is of course only helpful if one has more than one IPA server configured. 
We need to ask the user for a password and connect to the ldap so the
bind uninstallation procedure can remove old records. This is of course
only helpful if one has more than one IPA server configured.
Remove incorrect option -U for --uninstall. -U is short for --unattended. 2010-04-16T13:28:08+00:00 Rob Crittenden rcritten@redhat.com 2010-04-16T13:28:08+00:00 45acd086f57b67cd8ee1069883c546c110a63711 






Use GSSAPI auth for the ipa-replica-manage list and del commands.
2010-03-19T21:17:14+00:00

Rob Crittenden
rcritten@redhat.com

2010-02-19T18:29:14+00:00

c19911845d93e4cbbf296caf18568231549a3e60

This creates a new role, replicaadmin, so a non-DM user can do
limited management of replication agreements.

Note that with cn=config if an unauthorized user performs a search
an error is not returned, no entries are returned. This makes it
difficult to determine if there are simply no replication agreements or
we aren't allowed to see them. Once the ipaldap.py module gets
replaced by ldap2 we can use Get Effective Rights to easily tell the
difference.





This creates a new role, replicaadmin, so a non-DM user can do
limited management of replication agreements.

Note that with cn=config if an unauthorized user performs a search
an error is not returned, no entries are returned. This makes it
difficult to determine if there are simply no replication agreements or
we aren't allowed to see them. Once the ipaldap.py module gets
replaced by ldap2 we can use Get Effective Rights to easily tell the
difference.







Better customize the message regarding the CA based on the install options.
2010-03-19T10:55:33+00:00

Rob Crittenden
rcritten@redhat.com

2010-03-10T16:55:48+00:00

ff4ddbbb72512259179d7021a5ff5c313e2fdbfe

There are now 3 cases:

- Install a dogtag CA and issue server certs using that
- Install a selfsign CA and issue server certs using that
- Install using either dogtag or selfsign and use the provided PKCS#12 files
  for the server certs. The installed CA will still be used by the cert
  plugin to issue any server certs.





There are now 3 cases:

- Install a dogtag CA and issue server certs using that
- Install a selfsign CA and issue server certs using that
- Install using either dogtag or selfsign and use the provided PKCS#12 files
  for the server certs. The installed CA will still be used by the cert
  plugin to issue any server certs.







Make CA PKCS#12 location arg for ipa-replica-prepare, default /root/cacert.p12
2010-03-19T10:45:41+00:00

Rob Crittenden
rcritten@redhat.com

2010-03-10T16:53:24+00:00

f4cb248497d630c4218c3d4ef2112fc4efc2a4e5

pki-silent puts a copy of the root CA into /root/tmp-ca.p12. Rename this
to /root/cacert.p12.





pki-silent puts a copy of the root CA into /root/tmp-ca.p12. Rename this
to /root/cacert.p12.







Initialize the api so imports work, trust all CAs included in the PKCS#12.
2010-03-19T10:41:05+00:00

Rob Crittenden
rcritten@redhat.com

2010-03-10T16:02:50+00:00

99cb2fe64a4d6969178544601cb5ba694e65132b












Retrieve the LDAP schema using kerberos credentials.
2010-03-18T05:36:53+00:00

Rob Crittenden
rcritten@redhat.com

2010-03-17T14:01:24+00:00

f0d51b65f18d73e9b97e22e9fa4146468fed3d16

This is required so we can disable anonymous access in 389-ds.





This is required so we can disable anonymous access in 389-ds.







Proper use of set up vs setup (verb vs noun)
2010-03-17T04:37:26+00:00

Rob Crittenden
rcritten@redhat.com

2010-02-03T19:56:17+00:00

4216a627c3d614e3c0804449c80d2f59bba60b05

Resolves #529787





Resolves #529787







Make the CA a required component and configured by default.
2010-03-02T23:21:12+00:00

Rob Crittenden
rcritten@redhat.com

2010-02-24T16:38:09+00:00

bc47ad0c22af7095ee7833aadf3586472df20327

To install IPA without dogtag use the --selfsign option.

The --ca option is now deprecated.

552995





To install IPA without dogtag use the --selfsign option.

The --ca option is now deprecated.

552995







Add A and PTR records during ipa-replica-prepare
2010-02-09T21:30:25+00:00

Martin Nagy
mnagy@redhat.com

2009-11-23T15:16:58+00:00

8fd41d0434dddcd6959d460df7a9f8b736ac81ac

Fixes #528996





Fixes #528996