summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipaserver
Commit message (Collapse)AuthorAgeFilesLines
* When an LDAP connection fails, display the host one is trying to connect to.Rob Crittenden2008-06-091-2/+4
| | | | 450111
* Move version.py to the common ipa directory instead of being server-based so ↵Rob Crittenden2008-06-032-26/+0
| | | | | | it can be used by the client tool. Fix the client tool imports to fail more gracefully.
* Make check_inst() a standalone function in bindinstance.Rob Crittenden2008-05-301-8/+8
| | | | | | | | | | | | | When an install instance is created that contains a pointer to a sysrestore point it loads in the current configuration when instantiated. If an instance is instantiated but not used then changes may occur to the system state that it is unaware of. So one needs to take care in the order that things are done to avoid losing information. When bind was setup it was overwriting all data in sysrestore.state and leaving just a [named] section. This caused problems at uninstall. 448173
* Move admin into cn=users,cn=accountsSimo Sorce2008-05-231-1/+1
| | | | | | | After some deep thinking I think the advantages of keeping all posix enabled user accounts under cn=users,cn=accounts overweight a perceived better protection of the admin account by keeping it in a separate tree.
* Change file mode of log files to 600.Martin Nagy2008-05-201-0/+2
| | | | 446869
* Don't pass the Directory Manager password on the command-line to ldapmodify.Rob Crittenden2008-05-192-8/+23
| | | | 446865
* Use split instead of find as split does not fail to provide a completeSimo Sorce2008-05-152-2/+2
| | | | component if no '.' is found.
* Fix typo, /etc/resolve.conf -> /etc/resolv.conf.Martin Nagy2008-05-141-10/+10
| | | | 444660
* Make sure all services are stopped during uninstall.Rob Crittenden2008-05-141-1/+3
| | | | | | | | | We were just shutting down the KDC if it had been started prior to IPA installation. We need to stop it in all cases. And we should restart nscd as it may have made an LDAP connection. 440322
* Do a more thorough job of removing an existing DS instance.Rob Crittenden2008-05-131-0/+4
| | | | | | Add /usr/lib/dirsrv/slapd-INSTANCE to the list of directories removed. 442753
* Include information on where to look if a hostname resolves to localhost.Rob Crittenden2008-05-091-1/+1
| | | | 442812
* Return better ewrror message that gives a hint about who actually returned itSimo Sorce2008-05-081-9/+6
| | | | + Some cleanups (trainling spaces and such).
* Add a version API to the server so it knows what version it is.Rob Crittenden2008-05-082-0/+26
| | | | 435019
* Don't prompt for confirmation of DM password when installing a replica.Rob Crittenden2008-05-081-2/+5
| | | | | | | | | It implies that you are setting a new password and you really aren't. Also added a catch for KeyboardInterrupt with instructions on how to recover from a partial install. 441607
* Fix ownership of the Apache NSS cert and key databases.Rob Crittenden2008-04-301-0/+10
| | | | | The group "apache" needs to have read access to them so they will work in Fedora 9+.
* Better detection of DS not starting.Rob Crittenden2008-04-141-3/+23
| | | | | | | The dirsrv init script always returns 0 on status checks, even if an instance is not started. So we have to look through the output instead. 442452
* Configure the ipa_pwd_extop plugin on replicas.Rob Crittenden2008-04-141-1/+4
| | | | | | | | If plugin isn't configured then the kerberos attributes don't get populated. User's will get Preauthentication errors from the kerberos libraries because there is no krbPrincipalKey to match against. 442134
* Use the same kpasswd.keytab on all replicas.Rob Crittenden2008-04-091-2/+7
| | | | | | | If we generate a new keytab for each replica then effectively password changes can only occur on the last replica created. 439905
* The kpasswd keytab must not be owned by the dirsrv user.Simo Sorce2008-04-081-2/+0
| | | | Fix copy&paste error.
* Add missing start_creation() so the install process will get kicked off.Rob Crittenden2008-04-021-0/+1
|
* Sysrestore fixes.Simo Sorce2008-03-311-3/+8
| | | | | | | Latest patch used the wrong path and all files where actually going to /tmp even if a different path was specified. Makes also StateFile behave the same as FileStore, and be a public class, this way a common path can be used too.
* Better check for IPA nServer own address, avoid manually parsing /etc/hosts bySimo Sorce2008-03-301-36/+54
| | | | | | | using nsswitch calls that read it and also take in account any other name resolution mechanism that might be installed (like NIS lol :-). This also should make the check support IPv6 transparently too (not tested)
* Move sysrestore to ipa-python so it can be used by client scripts too.Simo Sorce2008-03-278-332/+130
| | | | | | Change backup format so files are all in a single directory (no dir hierarchies) and use an index file so we can save also ownership and permission info for the restore (and eventually other data later on).
* Properly detect when ports are available.Rob Crittenden2008-03-271-4/+3
| | | | | | | | The DS setup program uses Perl and does a similar port available test. It seems that perl always sets FD_CLOEXEC and python does not. This is why the port test would pass in python but fail in perl. 439024
* Make the memberof task a public function.Rob Crittenden2008-03-271-9/+16
| | | | | | | | | | | | | | This is used when a new replica is created as well as whenever a replica is re-initialized from another master. In order for this to work when not creating an instance the __init__ function needs to be able to determine the suffix and the dm_password is needed. I've also added the time to the RDN of the member task to ensure uniqueness. 438222
* Add ability to initialize a replication agreementRob Crittenden2008-03-072-42/+24
| | | | | | | | Add ability to force a synch to occur Clean up a lot of unused code in ipaldap.py. This lets us do a simple bind without being root (it used to try to read dse.ldif) 436237
* Verify that the hostname is correct in /etc/hostsRob Crittenden2008-03-061-0/+30
| | | | | | Don't ignore exceptions when getting the hostname from the user 433515
* Use standard size and alignment for the packed data so it works on 64-bit hostsRob Crittenden2008-03-061-1/+1
|
* Require that the hostname is a DNS A record and that the forward and reverseRob Crittenden2008-03-031-0/+21
| | | | | | match. 433515
* Fix boot.ldif generation, the domain name component must be derivedSimo Sorce2008-03-041-1/+1
| | | | | from the realm not the domain. One line fix.
* Make sure all entries are generated by us according to IPASimo Sorce2008-02-281-0/+21
| | | | | default tree. This patch make sure that the DS setup script does not add unwanted entries.
* Fix off-by-one error in the number of steps to install a serviceRob Crittenden2008-02-281-1/+1
|
* Don't log passwords in ipaserver-install.logRob Crittenden2008-02-261-2/+4
| | | | 433509
* Use correct variable for determining the host nameRob Crittenden2008-02-261-1/+1
| | | | 435055
* Make sure KrbPrincipalName is unique server-wideSimo Sorce2008-02-211-0/+4
|
* Redirect users when they don't use the FQDN on both SSL and non-SSL portsRob Crittenden2008-02-211-2/+13
| | | | | | | We update the mod_nss configuration (nss.conf) during installation to include ipa-rewrite.conf to handle the SSL side. 433054
* Add some additional error handlingRob Crittenden2008-02-201-1/+4
| | | | 433347
* cosmetic fixesSimo Sorce2008-02-211-4/+5
|
* Start ntpd first unless we do not want it.Simo Sorce2008-02-201-8/+18
| | | | | Make sure we do sync the clock leaping to the current correct time. This avoids problems with bad dates on certificates, etc..
* Add some error handling for LDAP connection issuesRob Crittenden2008-02-191-9/+15
| | | | | | Verify the DM password earlier in the process 433368
* Verify current domain with user during installationRob Crittenden2008-02-154-17/+13
| | | | | | Use that domain when creating replicas Resolves 432066
* memberOf attribute should not be replicatedRob Crittenden2008-02-181-0/+1
| | | | Resolves 430017
* Don't create a backup of the PKCS#12 cert on replicasRob Crittenden2008-02-141-10/+15
| | | | | | Name the file created by ipa-replica-prepare after the FQDN of the target Resolves 432904
* Always do a chkconfig --add/--del on install/uninstallRob Crittenden2008-02-081-0/+14
| | | | | This makes a from-tree installation work. We also do this in the rpm spec file. Contributed by Pieter D.J. Krul
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-0411-11/+11
|
* Fix two typosRob Crittenden2008-02-051-2/+2
|
* Use file to store the current CA serial numberRob Crittenden2008-02-054-16/+58
| | | | | | | No longer create a PKCS#12 file that contains the CA No longer send the entire CA to each replica, generate the SSL certs on master Fix number of bugs in ipa-replica-install and prepare Produce status output during replica creation
* Use correct variable for domain when restoring a file.Rob Crittenden2008-01-311-1/+1
| | | | Resolves 430724
* Include some additional information when installing IPA.Rob Crittenden2008-01-251-1/+1
| | | | | Remove 8080 as a port that needs to be opened bz 430088
* Fix misspelling of the word indices.Rob Crittenden2008-01-251-3/+3
|
generated by cgit (git 2.34.1) at 2024-06-22 07:19:50 +0000