| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
450111
|
|
|
|
|
|
| |
it can be used by the client tool.
Fix the client tool imports to fail more gracefully.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an install instance is created that contains a pointer to a sysrestore
point it loads in the current configuration when instantiated. If an
instance is instantiated but not used then changes may occur to the
system state that it is unaware of. So one needs to take care in the order
that things are done to avoid losing information.
When bind was setup it was overwriting all data in sysrestore.state and
leaving just a [named] section. This caused problems at uninstall.
448173
|
|
|
|
|
|
|
| |
After some deep thinking I think the advantages of keeping all
posix enabled user accounts under cn=users,cn=accounts overweight a
perceived better protection of the admin account by keeping it in a
separate tree.
|
|
|
|
| |
446869
|
|
|
|
| |
446865
|
|
|
|
| |
component if no '.' is found.
|
|
|
|
| |
444660
|
|
|
|
|
|
|
|
|
| |
We were just shutting down the KDC if it had been started prior to IPA
installation. We need to stop it in all cases.
And we should restart nscd as it may have made an LDAP connection.
440322
|
|
|
|
|
|
| |
Add /usr/lib/dirsrv/slapd-INSTANCE to the list of directories removed.
442753
|
|
|
|
| |
442812
|
|
|
|
| |
+ Some cleanups (trainling spaces and such).
|
|
|
|
| |
435019
|
|
|
|
|
|
|
|
|
| |
It implies that you are setting a new password and you really aren't.
Also added a catch for KeyboardInterrupt with instructions on how to
recover from a partial install.
441607
|
|
|
|
|
| |
The group "apache" needs to have read access to them so they will work in
Fedora 9+.
|
|
|
|
|
|
|
| |
The dirsrv init script always returns 0 on status checks, even if an
instance is not started. So we have to look through the output instead.
442452
|
|
|
|
|
|
|
|
| |
If plugin isn't configured then the kerberos attributes don't get populated.
User's will get Preauthentication errors from the kerberos libraries
because there is no krbPrincipalKey to match against.
442134
|
|
|
|
|
|
|
| |
If we generate a new keytab for each replica then effectively password
changes can only occur on the last replica created.
439905
|
|
|
|
| |
Fix copy&paste error.
|
| |
|
|
|
|
|
|
|
| |
Latest patch used the wrong path and all files where actually going to /tmp
even if a different path was specified.
Makes also StateFile behave the same as FileStore, and be a public class, this
way a common path can be used too.
|
|
|
|
|
|
|
| |
using nsswitch calls that read it and also take in account any other name
resolution mechanism that might be installed (like NIS lol :-).
This also should make the check support IPv6 transparently too (not tested)
|
|
|
|
|
|
| |
Change backup format so files are all in a single directory (no dir
hierarchies) and use an index file so we can save also ownership and
permission info for the restore (and eventually other data later on).
|
|
|
|
|
|
|
|
| |
The DS setup program uses Perl and does a similar port available test.
It seems that perl always sets FD_CLOEXEC and python does not. This is
why the port test would pass in python but fail in perl.
439024
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is used when a new replica is created as well as whenever a replica
is re-initialized from another master.
In order for this to work when not creating an instance the __init__
function needs to be able to determine the suffix and the dm_password
is needed.
I've also added the time to the RDN of the member task to ensure
uniqueness.
438222
|
|
|
|
|
|
|
|
| |
Add ability to force a synch to occur
Clean up a lot of unused code in ipaldap.py. This lets us do a simple bind
without being root (it used to try to read dse.ldif)
436237
|
|
|
|
|
|
| |
Don't ignore exceptions when getting the hostname from the user
433515
|
| |
|
|
|
|
|
|
| |
match.
433515
|
|
|
|
|
| |
from the realm not the domain.
One line fix.
|
|
|
|
|
| |
default tree. This patch make sure that the DS setup script
does not add unwanted entries.
|
| |
|
|
|
|
| |
433509
|
|
|
|
| |
435055
|
| |
|
|
|
|
|
|
|
| |
We update the mod_nss configuration (nss.conf) during installation to include
ipa-rewrite.conf to handle the SSL side.
433054
|
|
|
|
| |
433347
|
| |
|
|
|
|
|
| |
Make sure we do sync the clock leaping to the current correct time.
This avoids problems with bad dates on certificates, etc..
|
|
|
|
|
|
| |
Verify the DM password earlier in the process
433368
|
|
|
|
|
|
| |
Use that domain when creating replicas
Resolves 432066
|
|
|
|
| |
Resolves 430017
|
|
|
|
|
|
| |
Name the file created by ipa-replica-prepare after the FQDN of the target
Resolves 432904
|
|
|
|
|
| |
This makes a from-tree installation work. We also do this in the rpm spec file.
Contributed by Pieter D.J. Krul
|
| |
|
| |
|
|
|
|
|
|
|
| |
No longer create a PKCS#12 file that contains the CA
No longer send the entire CA to each replica, generate the SSL certs on master
Fix number of bugs in ipa-replica-install and prepare
Produce status output during replica creation
|
|
|
|
| |
Resolves 430724
|
|
|
|
|
| |
Remove 8080 as a port that needs to be opened
bz 430088
|
| |
|