freeipa.git/ipaserver/plugins, branch master Unnamed repository; edit this file to name it for gitweb. Retrieve the LDAP schema using kerberos credentials. 2010-03-18T05:36:53+00:00 Rob Crittenden rcritten@redhat.com 2010-03-17T14:01:24+00:00 f0d51b65f18d73e9b97e22e9fa4146468fed3d16 This is required so we can disable anonymous access in 389-ds. 
This is required so we can disable anonymous access in 389-ds.
localize doc strings 2010-03-09T04:10:36+00:00 John Dennis jdennis@redhat.com 2010-03-05T21:11:21+00:00 b75d06e18938015ad6eafe53e15aa2d7a2f92f02 A number of doc strings were not localized, wrap them in _(). Some messages were not localized, wrap them in _() Fix a couple of failing tests: The method name in RPC should not be unicode. The doc attribute must use the .msg attribute for comparison. Also clean up imports of _() The import should come from ipalib or ipalib.text, not ugettext from request. 
A number of doc strings were not localized, wrap them in _().
Some messages were not localized, wrap them in _()

Fix a couple of failing tests:
The method name in RPC should not be unicode.
The doc attribute must use the .msg attribute for comparison.

Also clean up imports of _() The import should come from
ipalib or ipalib.text, not ugettext from request.
Consolidate to single WSGI entry point 2010-03-02T03:21:38+00:00 Jason Gerard DeRose jderose@redhat.com 2010-02-23T17:53:47+00:00 942919bef77030b10a96cab66ab878a8a3d7ef10 






Convert integer and boolean values to unicode, don't leave them as str.
2010-02-17T15:56:08+00:00

Pavel Zuna
pzuna@redhat.com

2010-02-17T14:48:06+00:00

3785ec49ab9de73b7569e6acc9a06fa0a210327e












Move the HTTP/S request code to a common library
2010-02-09T10:26:01+00:00

Rob Crittenden
rcritten@redhat.com

2010-02-03T03:52:11+00:00

8a4ab2a0e55b8d2d3531f3b19dd2c3d46d2959ea

This moves code that does HTTP and HTTPS requests into a common library
that can be used by both the installer and the dogtag plugin.

These functions are not generic HTTP/S clients, they are designed
specifically to talk to dogtag, so use accordingly.





This moves code that does HTTP and HTTPS requests into a common library
that can be used by both the installer and the dogtag plugin.

These functions are not generic HTTP/S clients, they are designed
specifically to talk to dogtag, so use accordingly.







fix error message to be i18n translator friendly
2010-02-03T19:43:31+00:00

John Dennis
jdennis@redhat.com

2010-01-28T17:57:00+00:00

487e1cadc8f418f399636759c9ac8f3c94c8426f

This error message was producing a warning from xgettext
because there were multiple substations in the string.
In some languages it may be necessary to reorder the
substitutions for a proper translation, this is only
possible if the substitutions use named values.





This error message was producing a warning from xgettext
because there were multiple substations in the string.
In some languages it may be necessary to reorder the
substitutions for a proper translation, this is only
possible if the substitutions use named values.







Be more careful when base64-decoding certificates
2010-02-02T19:02:46+00:00

Rob Crittenden
rcritten@redhat.com

2010-02-01T19:00:28+00:00

dc55240fe8ce2f27aaca05a5287089080c902c85

Only decode certs that have a BEGIN/END block, otherwise assume it
is in DER format.





Only decode certs that have a BEGIN/END block, otherwise assume it
is in DER format.







Update dogtag configuration to work after CVE-2009-3555 changes
2010-01-27T22:01:26+00:00

Rob Crittenden
rcritten@redhat.com

2010-01-27T20:31:51+00:00

b7cda86697cfb8ffc25ab5d3c051f181e145648d

NSS is going to disallow all SSL renegotiation by default. Because of
this we need to always use the agent port of the dogtag server which
always requires SSL client authentication. The end user port will
prompt for a certificate if required but will attempt to re-do the
handshake to make this happen which will fail with newer versions of NSS.





NSS is going to disallow all SSL renegotiation by default. Because of
this we need to always use the agent port of the dogtag server which
always requires SSL client authentication. The end user port will
prompt for a certificate if required but will attempt to re-do the
handshake to make this happen which will fail with newer versions of NSS.







Fix schema loading in the ldap backend.
2010-01-27T21:24:20+00:00

Pavel Zuna
pzuna@redhat.com

2010-01-27T16:00:33+00:00

c092f3780df4417e5cf3512a1afedd109183628d












User-defined certificate subjects
2010-01-20T22:24:01+00:00

Rob Crittenden
rcritten@redhat.com

2010-01-20T16:26:20+00:00

e4470f8165242fba6c5ce477a2eeca0141891701

Let the user, upon installation, set the certificate subject base
for the dogtag CA. Certificate requests will automatically be given
this subject base, regardless of what is in the CSR.

The selfsign plugin does not currently support this dynamic name
re-assignment and will reject any incoming requests that don't
conform to the subject base.

The certificate subject base is stored in cn=ipaconfig but it does
NOT dynamically update the configuration, for dogtag at least. The
file /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg would need to
be updated and pki-cad restarted.





Let the user, upon installation, set the certificate subject base
for the dogtag CA. Certificate requests will automatically be given
this subject base, regardless of what is in the CSR.

The selfsign plugin does not currently support this dynamic name
re-assignment and will reject any incoming requests that don't
conform to the subject base.

The certificate subject base is stored in cn=ipaconfig but it does
NOT dynamically update the configuration, for dogtag at least. The
file /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg would need to
be updated and pki-cad restarted.