summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* Do not allow '%' in DM passwordMartin Kosek2013-10-041-1/+1
| | | | | | | Having '%' in DM password causes pkispawn to crash. Do not allow users to enter it until pkispawn is fixed. https://bugzilla.redhat.com/show_bug.cgi?id=953488
* Update translations from TransifexPetr Viktorin2013-10-0417-516/+2596
|
* Remove faulty DNS memberOf TaskMartin Kosek2013-10-041-9/+2
| | | | | | | | | | | This task was added with a DN colliding with privilege update memberOf task being run later and caused this task to be ineffective and thus miss some privilege membership, like "SELinux User Map Administrators" DNS update plugin do not need to run any task at all as privileges will be updated later in scope of 55-pbacmemberof.update https://fedorahosted.org/freeipa/ticket/3877
* Allow PKCS#12 files with empty password in install tools.Jan Cholasta2013-10-041-6/+6
| | | | https://fedorahosted.org/freeipa/ticket/3897
* Read passwords from stdin when importing PKCS#12 files with pk12util.Jan Cholasta2013-10-042-18/+25
| | | | | | | This works around pk12util refusing to use empty password files, which prevents the use of PKCS#12 files with empty password. https://fedorahosted.org/freeipa/ticket/3897
* Warn user about realm-domain mismatch in install scriptsTomas Babej2013-10-034-1/+31
| | | | | | | | | | | | | | If the IPA server is setup with non-matching domain and realm names, it will not be able to estabilish trust with the Active Directory. Adds warnings to the ipa-server-install and warning to the ipa-adtrust-install (which has to be confirmed). Man pages for the ipa-server-install and ipa-adtrust-install were updated with the relevant notes. https://fedorahosted.org/freeipa/ticket/3924
* Fix enablement of automount map type selectorPetr Vobornik2013-10-031-1/+1
| | | | | | Map type radio used old way of defining that its value should not be used in add command. Recent patch related to 'enable' attribute hardened/fixed the behavior of radio widgets so they are disabled in UI as well when enabled==false. Automount did not reflect this change. https://fedorahosted.org/freeipa/ticket/3954
* Allow edit of ipakrbokasdelegate in Web UI when attrlevelrights are unknownPetr Vobornik2013-09-261-1/+2
| | | | | | | | Old host entries are missing object class with krbticketflags attribute. Therefore UI does not receive attrlevelrights for it. This OC is added when ipakrbokasdelegate is set. This patch adds the usual hack for such cases. https://fedorahosted.org/freeipa/ticket/3940
* ipa-sam: do not modify objectclass when trust object already createdAlexander Bokovoy2013-09-201-0/+1
| | | | | | | | | | | When trust is established, last step done by IPA framework is to set encryption types associated with the trust. This operation fails due to ipa-sam attempting to modify object classes in trust object entry which is not allowed by ACI. Additionally, wrong handle was used by dcerpc.py code when executing SetInformationTrustedDomain() against IPA smbd which prevented even to reach the point where ipa-sam would be asked to modify the trust object.
* Fix redirection on deletion of last dns record entryPetr Vobornik2013-09-161-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3907
* Fix nsslapdPlugin object class after initial replication.Jan Cholasta2013-09-102-0/+8
| | | | | | This is a workaround for <https://fedorahosted.org/389/ticket/47490>. https://fedorahosted.org/freeipa/ticket/3915
* Do not crash if DS is down during server uninstallAna Krivokapic2013-09-091-23/+41
| | | | | | | | DS is contacted during server uninstallation, in order to obtain information about replication agreements. If DS is unavailable, warn and continue with uninstallation. https://fedorahosted.org/freeipa/ticket/3867
* Add timestamps to named debug logs in /var/named/data/named.runPetr Spacek2013-09-061-0/+1
|
* Fix RUV search scope in ipa-replica-managePetr Vobornik2013-09-041-1/+1
| | | | | | | | The search had an incorrect scope and therefore it didn't find any RUV. This issue prevented removing of replica. https://fedorahosted.org/freeipa/ticket/3876
* Add warning when uninstalling active replicaAna Krivokapic2013-09-041-5/+31
| | | | | | | Add a warning when trying to uninstall a replica that has active replication agreements. https://fedorahosted.org/freeipa/ticket/3867
* Create DS user and group during ipa-restoreAna Krivokapic2013-09-022-27/+6
| | | | | | | ipa-restore would fail if DS user did not exist. Check for presence of DS user and group and create them if needed. https://fedorahosted.org/freeipa/ticket/3856
* Update idrange search facet after trust creationPetr Vobornik2013-08-281-0/+10
| | | | | | Adding a trust creates a range -> range search facet should be marked as expired. https://fedorahosted.org/freeipa/ticket/3874
* Add --dirman-password option to ipa-server-certinstall.Jan Cholasta2013-08-281-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3869
* Make CS.cfg edits with CA instance stoppedTomas Babej2013-08-264-3/+6
| | | | | | | | | | | This patch makes sure that all edits to CS.cfg configuration file are performed while pki-tomcatd service is stopped. Introduces a new contextmanager stopped_service for handling a general problem of performing a task that needs certain service being stopped. https://fedorahosted.org/freeipa/ticket/3804
* Show human-readable error name in error dialog titlePetr Vobornik2013-08-261-1/+2
| | | | | | Fixes RPC server's JSON encoding of exception's name. It allows to show the name in Web UI's error dialog title.
* Hide 'New Certificate' action on CA-less installPetr Vobornik2013-08-221-0/+1
| | | | | | This action calls cert-request command which is not available on CA-less installs. Thus this action won't be enabled and therefore there is no reason to keep it visible. https://fedorahosted.org/freeipa/ticket/3363
* Add base-id, range-size and range-type options to trust-add dialogPetr Vobornik2013-08-222-0/+48
| | | | https://fedorahosted.org/freeipa/ticket/3049
* Fix broken replica installationAna Krivokapic2013-08-201-4/+10
| | | | | | | Make sure the subject base parameter is correctly passed and used during the creation of the DS instance on a replica. https://fedorahosted.org/freeipa/ticket/3868
* Add --pin option to ipa-server-certinstall.Jan Cholasta2013-08-201-5/+2
| | | | | | Hide the unnecessary --dirsrv_pin and --http_pin options. https://fedorahosted.org/freeipa/ticket/3869
* Port ipa-server-certinstall to the admintool framework.Jan Cholasta2013-08-201-141/+4
| | | | | | | Change the log file path from /var/log/ipa/default.log to admintool's default path. https://fedorahosted.org/freeipa/ticket/3641
* Make PKCS#12 handling in ipa-server-certinstall closer to what other tools do.Jan Cholasta2013-08-201-34/+18
| | | | | | | In particular, PKCS#12 validation and server certificate selection is now done the same way as in ipa-server-install and ipa-replica-prepare. https://fedorahosted.org/freeipa/ticket/3641
* Bypass ipa-replica-conncheck ssh tests when ssh is not installedNathaniel McCallum2013-08-151-29/+31
| | | | https://fedorahosted.org/freeipa/ticket/3777
* Removal of deprecated selenium testsPetr Vobornik2013-08-15134-23441/+0
| | | | | | Tests were deprecated by new FreeIPA 3.3 Web UI integration tests (ticket #3744). https://fedorahosted.org/freeipa/ticket/3857
* Remove systemd upgrader as it is not used anymoreAlexander Bokovoy2013-08-151-1/+0
|
* Fix selected minor issues in the spec file and licenseMartin Kosek2013-08-132-4/+4
| | | | | | | | | | | | This patch fixes: - too long description for server-trust-ad subpackage - adds (noreplace) flag %{_sysconfdir}/tmpfiles.d/ipa.conf to avoid overwriting potential user changes - changes permissions on default_encoding_utf8.so to prevent it pollute python subpackage Provides. - wrong address in GPL v2 license preamble in 2 distributed files https://fedorahosted.org/freeipa/ticket/3855
* Prevent *.pyo and *.pyc multilib problemsMartin Kosek2013-08-131-0/+1
| | | | | | | | | | | | | Differences in the python byte code fails in a build validation (rpmdiff) done on difference architecture of the same package. This patch: 1) Ensures that timestamps of generated *.pyo and *.pyc files match 2) Python integer literals greater or equal 2^32 and lower than 2^64 are converted to long right away to prevent different type of the integer on architectures with different size of int https://fedorahosted.org/freeipa/ticket/3858
* Fix handling of CSS files in sync.sh scriptAna Krivokapic2013-08-131-2/+2
|
* Hide delete button in multivalued widget if attr is not writablePetr Vobornik2013-08-131-9/+16
| | | | https://fedorahosted.org/freeipa/ticket/3799
* Make ssh_widget not-editable if attr is readonlyPetr Vobornik2013-08-132-11/+24
| | | | https://fedorahosted.org/freeipa/ticket/3800
* Remove support for IPA deployments with no persistent searchTomas Babej2013-08-0911-157/+81
| | | | | | | | | Drops the code from ipa-server-install, ipa-dns-install and the BindInstance itself. Also changed ipa-upgradeconfig script so that it does not set zone_refresh to 0 on upgrades, as the option is deprecated. https://fedorahosted.org/freeipa/ticket/3632
* Handle --subject option in ipa-server-installAna Krivokapic2013-08-082-4/+96
| | | | | | | | | | Properly handle --subject option of ipa-server-install, making sure this value gets passed to certmap.conf. Introduce a new template variable $SUBJECT_BASE for this purpose. Also make sure that this value is preserved on upgrades. https://fedorahosted.org/freeipa/ticket/3783
* Increase default SASL buffer sizeMartin Kosek2013-08-071-0/+6
| | | | | | | Default SASL buffer size was too small and could lead for example to migration errors. https://fedorahosted.org/freeipa/ticket/3826
* Add ipa-advise plugins for legacy clientsAna Krivokapic2013-08-076-0/+73
| | | | | | | | | | | | | | | | | Old versions of SSSD do not directly support cross-realm trusts between IPA and AD. This patch introduces plugins for the ipa-advise tool, which should help with configuring an old version of SSSD (1.5-1.8) to gain access to resources in trusted domain. Since the configuration steps differ depending on whether the platform includes the authconfig tool, two plugins are needed: * config-redhat-sssd-before-1-9 - provides configuration for Red Hat based systems, as these system include the autconfig utility * config-generic-sssd-before-1-9 - provides configuration for other platforms https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672
* Update translationsPetr Viktorin2013-08-0217-1838/+1222
| | | | | | | | Regenerate the POT file and pull new translations from Transifex. Also, update the Transifex URL in the configuration file: transifex.net has redirected to transifex.com for some time, and now its certificate has expired.
* Expose ipaRangeType in Web UIAna Krivokapic2013-07-292-52/+129
| | | | https://fedorahosted.org/freeipa/ticket/3759
* Honor 'enabled' option for widgets.Ana Krivokapic2013-07-265-57/+93
| | | | https://fedorahosted.org/freeipa/ticket/3793
* Free NSS objects in --external-ca scenarioMartin Kosek2013-07-261-0/+5
| | | | | | | | | | In external CA installation, ipa-server-install leaked NSS objects which caused an installation crash later when a subsequent call of NSSConnection tried to free them. Properly freeing the NSS objects avoid this crash. https://fedorahosted.org/freeipa/ticket/3773
* Print newline after receiving EOF in installutils.read_password.Jan Cholasta2013-07-2411-13/+13
|
* Ask for PKCS#12 password interactively in ipa-server-install.Jan Cholasta2013-07-241-26/+50
| | | | https://fedorahosted.org/freeipa/ticket/3717
* Remove word 'field' from GECOS param labelPetr Vobornik2013-07-233-10/+10
| | | | No other param/field has 'field' in a label.
* Break long words in notification areaPetr Vobornik2013-07-231-0/+1
| | | | Long words (ie. service principal) breaks out of notification area. It doesn't look good. Patch adds word-wrap to break them to multiple pieces.
* Web UI search optimizationPetr Vobornik2013-07-235-11/+21
| | | | | | | | | | | | This patch optimizes options used in commands executed by search pages. 1) Removed --all from _find and _show commands used by search pages. All displayed attributes should be already included in default attributes. 2) Removed search_all_attributes - Not needed since introduction of paging. 3) Added --no-members options to search _show commmands. Members are not displayed on search pages and such change drastically improves performance. It reduces computations on server and amount of data transferred to Web UI. https://fedorahosted.org/freeipa/ticket/3706
* ipa-adtrust-install: configure compatibility tree to serve trusted domain usersAlexander Bokovoy2013-07-182-1/+40
| | | | | | | | | | | | | | | | | | | | | | | | | Enables support for trusted domains users for old clients through Schema Compatibility plugin. SSSD supports trusted domains natively starting with version 1.9 platform. For platforms that lack SSSD or run older SSSD version one needs to use this option. When enabled, slapi-nis package needs to be installed and schema-compat-plugin will be configured to provide lookup of users and groups from trusted domains via SSSD on IPA server. These users and groups will be available under cn=users,cn=compat,$SUFFIX and cn=groups,cn=compat,$SUFFIX trees. SSSD will normalize names of users and groups to lower case. In addition to providing these users and groups through the compat tree, this option enables authentication over LDAP for trusted domain users with DN under compat tree, i.e. using bind DN uid=administrator@ad.domain,cn=users,cn=compat,$SUFFIX. This authentication is related to PAM stack using 'system-auth' PAM service. If you have disabled HBAC rule 'allow_all', then make sure there is special service called 'system-auth' created and HBAC rule to allow access to anyone to this rule on IPA masters is added. Please note that system-auth PAM service is not used directly by any other application, therefore it is safe to create one specifically to support trusted domain users via compatibility path. https://fedorahosted.org/freeipa/ticket/3567
* Add 'ipa_server_mode' option to SSSD configurationAna Krivokapic2013-07-181-1/+12
| | | | https://fedorahosted.org/freeipa/ticket/3652
* Add Camellia ciphers to allowed list.Rob Crittenden2013-07-183-0/+10
| | | | https://fedorahosted.org/freeipa/ticket/3749
generated by cgit (git 2.34.1) at 2024-11-19 22:38:09 +0000