freeipa.git/ipaserver/install/plugins, branch master Unnamed repository; edit this file 'description' to name the repository. Restore privileges after forward zones update 2014-07-04T10:48:50+00:00 Martin Basti mbasti@redhat.com 2014-07-03T13:50:27+00:00 f8b6595f4999740a704bcdae6d4f9b5021f7f61f Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Spacek <pspacek@redhat.com> 
Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Fix upgrade to forward zones 2014-07-03T12:04:57+00:00 Martin Basti mbasti@redhat.com 2014-07-02T17:04:39+00:00 eea101544125895b3d4f66b61cf8e3870bffed66 Reviewed-By: Petr Spacek <pspacek@redhat.com> 
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Upgrade special master zones to forward zones 2014-06-27T12:54:35+00:00 Martin Basti mbasti@redhat.com 2014-06-13T08:20:23+00:00 aa2ef07b8c74d05e8a83928dab4b5cae8722a52f This upgrade is executed only if IPA version is older than 4.0 Requires detection if 'idnsforwardzone' objectclass is presented in schema before schema is upgraded Design: http://www.freeipa.org/page/V4/Forward_zones#Updates_and_Upgrades Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Martin Kosek <mkosek@redhat.com> 
This upgrade is executed only if IPA version is older than 4.0
Requires detection if 'idnsforwardzone' objectclass is presented in
schema before schema is upgraded

Design: http://www.freeipa.org/page/V4/Forward_zones#Updates_and_Upgrades

Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Added upgrade step executed before schmema is upgraded 2014-06-27T12:54:35+00:00 Martin Basti mbasti@redhat.com 2014-06-13T08:15:23+00:00 c1f3fd6831c47a2672f37e12db149be1b1122d75 Class PreSchemaUpdate is executed before ldap schema update This is required by ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Martin Kosek <mkosek@redhat.com> 
Class PreSchemaUpdate is executed before ldap schema update

This is required by ticket: https://fedorahosted.org/freeipa/ticket/3210

Reviewed-By: Martin Kosek <mkosek@redhat.com>
permission plugin: Join --type objectclass filters with OR 2014-06-23T08:54:43+00:00 Petr Viktorin pviktori@redhat.com 2014-06-19T16:14:31+00:00 02b5074d84ad42cb6ffc2abd7a84fbff62747470 For groups, we will need to filter on either posixgroup (which UPGs have but non-posix groups don't) and groupofnames/nestedgroup (which normal groups have but UPGs don't). Join permission_filter_objectclasses with `|` and add them as a single ipapermtargetfilter value. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Reviewed-By: Martin Kosek <mkosek@redhat.com> 
For groups, we will need to filter on either posixgroup (which UPGs
have but non-posix groups don't) and groupofnames/nestedgroup
(which normal groups have but UPGs don't).
Join permission_filter_objectclasses with `|` and add them as
a single ipapermtargetfilter value.

Part of the work for: https://fedorahosted.org/freeipa/ticket/3566

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Add $REALM to variables supported by the managed permission updater 2014-06-18T12:56:42+00:00 Petr Viktorin pviktori@redhat.com 2014-06-12T07:46:36+00:00 83cb98285810970909162cd1de1615bec7f8e685 This will allow converting password policy permissions Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com> 
This will allow converting password policy permissions

Part of the work for: https://fedorahosted.org/freeipa/ticket/4346

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Remove the update_dns_permissions plugin 2014-06-18T12:45:51+00:00 Petr Viktorin pviktori@redhat.com 2014-06-13T16:35:08+00:00 700ac6c11627137db758ad376c44745db579dc84 This plugin created permissions that the managed permission updater would remove right away. Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com> 
This plugin created permissions that the managed permission
updater would remove right away.

Part of the work for: https://fedorahosted.org/freeipa/ticket/4346

Reviewed-By: Martin Kosek <mkosek@redhat.com>
managed permission updater: Add mechanism to replace SYSTEM permissions 2014-06-18T12:45:50+00:00 Petr Viktorin pviktori@redhat.com 2014-06-13T13:58:24+00:00 16ee6847e493df0d28b6c1baa9a48ea29752bef5 The "Read DNS Entries" permission, which was marked SYSTEM (no associated ACI), can now be converted to a regular managed permission. Add a mechanism for the updater to replace old SYSTEM permissions. This cannot be done in an update file because we do not want to replace V2 permissions with the same name. Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com> 
The "Read DNS Entries" permission, which was marked SYSTEM (no associated
ACI), can now be converted to a regular managed permission.

Add a mechanism for the updater to replace old SYSTEM permissions.

This cannot be done in an update file because we do not want to replace
V2 permissions with the same name.

Part of the work for: https://fedorahosted.org/freeipa/ticket/4346

Reviewed-By: Martin Kosek <mkosek@redhat.com>
ipaplatform: Move all filesystem paths to ipaplatform.paths module 2014-06-16T17:48:20+00:00 Tomas Babej tbabej@redhat.com 2014-05-29T12:47:17+00:00 4d2ef43f287aa96df3d65b97977fc7a824b6b33c https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Make 'permission' the default bind type for managed permissions 2014-06-11T11:21:29+00:00 Petr Viktorin pviktori@redhat.com 2014-06-09T15:59:53+00:00 2f3cdba54620989afba0ce1b423cddb56b841ab3 This reduces typing (or copy/pasting), and draws a bit of attention to any non-default privileges (currently 'any' or 'anonymous'). Leaving the bindtype out by mistake isn't dangerous: by default a permission is not granted to anyone, since it is not included in any priviliges. Reviewed-By: Martin Kosek <mkosek@redhat.com> 
This reduces typing (or copy/pasting), and draws a bit of attention
to any non-default privileges (currently 'any' or 'anonymous').

Leaving the bindtype out by mistake isn't dangerous: by default
a permission is not granted to anyone, since it is not included in
any priviliges.

Reviewed-By: Martin Kosek <mkosek@redhat.com>