summaryrefslogtreecommitdiffstats
path: root/ipaserver
Commit message (Collapse)AuthorAgeFilesLines
* ipa tool: Print the name of the server we are connecting to with -vPetr Viktorin2014-02-051-0/+5
| | | | | | | | | | | | | The logging level for these messages was decreaed so that they do not show up in ipa-advise output. Reset the log level to INFO and configure ipa-advise to not display INFO messages from xmlclient by default. Partially reverts commit efe5a96725d3ddcd05b03a1ca9df5597eee693be https://fedorahosted.org/freeipa/ticket/4135 Reviewed-By: Tomáš Babej <tbabej@redhat.com>
* Remove working directory for bind-dyndb-ldap plugin.Petr Spacek2014-01-271-13/+0
| | | | | | | | | The working directory will be provided directly by bind-dyndb-ldap package. This partially reverts commit 689382dc833e687d30349b10a8fd7dc740d54d08. https://fedorahosted.org/freeipa/ticket/3967
* Convert remaining frontend code to LDAPEntry API.Jan Cholasta2014-01-241-9/+9
|
* Convert remaining update code to LDAPEntry API.Jan Cholasta2014-01-248-28/+25
|
* Convert remaining installer code to LDAPEntry API.Jan Cholasta2014-01-243-21/+22
|
* Implement XML introspectionPetr Viktorin2014-01-141-6/+51
| | | | https://fedorahosted.org/freeipa/ticket/2937
* rpcserver: Consolidate __call__ in xmlclient and jsonclient_kerbPetr Viktorin2013-12-101-54/+34
| | | | | | | | | The two classes had very similar __call__ methods, but the JSON server lacked error handling. Create a common class for the __call__ method. https://fedorahosted.org/freeipa/ticket/4069
* httpd should destroy all CCACHEsMartin Kosek2014-01-221-1/+1
| | | | | | | | Use "kdestroy -A" command to destroy all CCACHEs, both the primary and the non-primary ones to make sure that the non-primary ones are not used later. https://fedorahosted.org/freeipa/ticket/4084
* Switch httpd to use default CCACHEMartin Kosek2014-01-221-19/+3
| | | | | | | | | | | | | Stock httpd no longer uses systemd EnvironmentFile option which is making FreeIPA's KRB5CCNAME setting ineffective. This can lead in hard to debug problems during subsequent ipa-server-install's where HTTP may use a stale CCACHE in the default kernel keyring CCACHE. Avoid forcing custom CCACHE and switch to system one, just make sure that it is properly cleaned by kdestroy run as "apache" user during FreeIPA server installation process. https://fedorahosted.org/freeipa/ticket/4084
* ipa-adtrust-install: configure host netbios name by defaultAlexander Bokovoy2014-01-201-0/+3
| | | | | | Ensure we set host netbios name by default in smb.conf https://fedorahosted.org/freeipa/ticket/4116
* Treat error during write to /etc/resolv.conf as non-fatal.Petr Spacek2014-01-161-5/+8
| | | | https://fedorahosted.org/freeipa/ticket/4110
* Do not start the service in stopped_service if it was not running before.Jan Cholasta2014-01-151-3/+0
| | | | This fixes a possible NSS database corruption in renew_ca_cert.
* ipaserver/install/installutils: clean up properly after yieldAlexander Bokovoy2014-01-151-11/+14
| | | | | When a context to which we yield generates exception, the code in private_ccache() and stopped_service() didn't get called for cleanup.
* Enable Retro Changelog and Content Synchronization DS pluginsAna Krivokapic2014-01-141-0/+13
| | | | | | | | | Enable Retro Changelog and Content Synchronization DS plugins which are required for SyncRepl support. Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+. https://fedorahosted.org/freeipa/ticket/3967
* Use raw LDAP data in ldapupdate.Jan Cholasta2014-01-101-23/+7
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Store old entry state in dict rather than LDAPEntry.Jan Cholasta2014-01-101-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Remove legacy LDAPEntry properties data and orig_data.Jan Cholasta2014-01-102-8/+4
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Add LDAPEntry method generate_modlist.Jan Cholasta2014-01-102-2/+2
| | | | | | | Use LDAPEntry.generate_modlist instead of LDAPClient._generate_modlist and remove LDAPClient._generate_modlist. https://fedorahosted.org/freeipa/ticket/3488
* Reduce amount of LDAPEntry.reset_modlist calls in ldapupdate.Jan Cholasta2014-01-101-8/+4
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Use LDAPClient.update_entry for LDAP mods in ldapupdate.Jan Cholasta2014-01-101-2/+2
| | | | | | Remove legacy IPAdmin methods generateModList and updateEntry. https://fedorahosted.org/freeipa/ticket/3488
* Rename LDAPEntry method commit to reset_modlist.Jan Cholasta2014-01-101-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3488
* PKI service restart after CA renewal failedJan Cholasta2014-01-081-2/+2
| | | | | | | | | | Fix both the service restart procedure and registration of old pki-cad well known service name. This patch was adapted from original patch of Jan Cholasta 178 to fix ticket 4092. https://fedorahosted.org/freeipa/ticket/4092
* Use /usr/bin/python2Xiao-Long Chen2014-01-031-1/+0
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* Convert remaining backend code to LDAPEntry API.Jan Cholasta2013-12-163-24/+21
|
* Allow kernel keyring CCACHE when supportedMartin Kosek2013-12-091-0/+10
| | | | | | | Server and client installer should allow kernel keyring ccache when supported. https://fedorahosted.org/freeipa/ticket/4013
* subdomains: Use AD admin credentials when trust is being establishedAlexander Bokovoy2013-11-291-14/+28
| | | | | | | | | | | | | | | | | | | | When AD administrator credentials passed, they stored in realm_passwd, not realm_password in the options. When passing credentials to ipaserver.dcerpc.fetch_domains(), make sure to normalize them. Additionally, force Samba auth module to use NTLMSSP in case we have credentials because at the point when trust is established, KDC is not yet ready to issue tickets to a service in the other realm due to MS-PAC information caching effects. The logic is a bit fuzzy because credentials code makes decisions on what to use based on the smb.conf parameters and Python bindings to set parameters to smb.conf make it so that auth module believes these parameters were overidden by the user through the command line and ignore some of options. We have to do calls in the right order to force NTLMSSP use instead of Kerberos. Fixes https://fedorahosted.org/freeipa/ticket/4046
* Remove unused method get_api of the ldap2 plugin.Jan Cholasta2013-11-271-3/+0
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Refactor indirect membership processing.Jan Cholasta2013-11-271-182/+67
| | | | | | A single LDAP search is now used instead of one search per member. https://fedorahosted.org/freeipa/ticket/3971
* Support searches with paged results control in LDAPClient.Jan Cholasta2013-11-271-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Move IPA specific code from LDAPClient to the ldap2 plugin.Jan Cholasta2013-11-271-0/+204
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Add server/protocol type to rpcserver logsPetr Viktorin2013-11-261-4/+17
| | | | | | Add the server class name, such as [xmlserver] or [jsonserver_kerb] to the server logs. This will allow easier debugging of problems specific to a protocol or server class.
* Make jsonserver_kerb start a cookie-based sessionPetr Viktorin2013-11-261-1/+10
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/3299
* Switch client to JSON-RPCPetr Viktorin2013-11-262-104/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | Modify ipalib.rpc to support JSON-RPC in addition to XML-RPC. This is done by subclassing and extending xmlrpclib, because our existing code relies on xmlrpclib internals. The URI to use is given in the new jsonrpc_uri env variable. When it is not given, it is generated from xmlrpc_uri by replacing /xml with /json. The rpc_json_uri env variable existed before, but was unused, undocumented and not set the install scripts. This patch removes it in favor of jsonrpc_uri (for consistency with xmlrpc_uri). Add the rpc_protocol env variable to control the protocol IPA uses. rpc_protocol defaults to 'jsonrpc', but may be changed to 'xmlrpc'. Make backend.Executioner and tests use the backend specified by rpc_protocol. For compatibility with unwrap_xml, decoding JSON now gives tuples instead of lists. Design: http://freeipa.org/page/V3/JSON-RPC Ticket: https://fedorahosted.org/freeipa/ticket/3299
* trusts: Always stop and disable smb service on uninstallTomas Babej2013-11-261-8/+7
| | | | https://fedorahosted.org/freeipa/ticket/4042
* Remove mod_ssl port workaround.Jan Cholasta2013-11-261-9/+8
| | | | https://fedorahosted.org/freeipa/ticket/4021
* Add formerly update-only schemaPetr Viktorin2013-11-181-1/+3
| | | | | | Some schema was only delivered in updates. Add it back as ldif files. https://fedorahosted.org/freeipa/ticket/3454
* Remove schema special-casing from the LDAP updaterPetr Viktorin2013-11-181-111/+4
| | | | | | | Now that there's a dedicated schema updater, we do not need the code in ldapupdate. https://fedorahosted.org/freeipa/ticket/3454
* Add schema updater based on IPA schema filesPetr Viktorin2013-11-183-5/+174
| | | | | | | | | | | | The new updater is run as part of `ipa-ldap-updater --upgrade` and `ipa-ldap-updater --schema` (--schema is a new option). The --schema-file option to ipa-ldap-updater may be used (multiple times) to select a non-default set of schema files to update against. The updater adds an X-ORIGIN tag with the current IPA version to all elements it adds or modifies. https://fedorahosted.org/freeipa/ticket/3454
* dsinstance: Move the list of schema filenames to a constantPetr Viktorin2013-11-181-9/+14
| | | | Preparation for: https://fedorahosted.org/freeipa/ticket/3454
* ldapupdate: Factor out connection codePetr Viktorin2013-11-181-40/+36
| | | | | | | The connection code will be the same for both the LDAP updater and the new schema updater. Preparation for: https://fedorahosted.org/freeipa/ticket/3454
* Use EXTERNAL auth mechanism in ldapmodifyAna Krivokapic2013-11-141-10/+10
| | | | | | Default to using the EXTERNAL authorization mechanism in calls to ldapmodify https://fedorahosted.org/freeipa/ticket/3895
* Map NT_STATUS_INVALID_PARAMETER to most likely error cause: clock skewAlexander Bokovoy2013-11-131-0/+3
| | | | | | | | When we get NT_STATUS_INVALID_PARAMETER in response to establish DCE RPC pipe with Kerberos, the most likely reason is clock skew. Suggest that it is so in the error message. https://fedorahosted.org/freeipa/ticket/4024
* Fix regression which prevents creating a winsync agreementAna Krivokapic2013-11-131-1/+2
| | | | | | | A regression, which prevented creation of a winsync agreement, was introduced in the original fix for ticket #3989. https://fedorahosted.org/freeipa/ticket/3989
* Server does not detect different server and IPA domainMartin Kosek2013-11-111-7/+11
| | | | | | | | | | | | | | Server installer does not properly recognize a situation when server fqdn is not in a subdomain of the IPA domain, but shares the same suffix. For example, if server FQDN is ipa-idm.example.com and domain is idm.example.com, server's FQDN is not in the main domain, but installer does not recognize that. proper Kerberos realm-domain mapping is not created in this case and server does not work (httpd reports gssapi errors). https://fedorahosted.org/freeipa/ticket/4012
* Turn LDAPEntry.single_value into a dictionary-like property.Jan Cholasta2013-11-059-47/+45
| | | | | | This change makes single_value consistent with the raw property. https://fedorahosted.org/freeipa/ticket/3521
* ipatests: Use command -v instead of which in legacy client adviceTomas Babej2013-11-011-2/+2
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* Remove legacy toDict and origDataDict methods of LDAPEntry.Jan Cholasta2013-10-312-6/+5
| | | | https://fedorahosted.org/freeipa/ticket/3521
* advice: Add legacy client configuration script using nss-ldapTomas Babej2013-10-311-1/+36
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* Track DS certificate with certmonger on replicas.Jan Cholasta2013-10-291-2/+9
| | | | https://fedorahosted.org/freeipa/ticket/3975
* Remove mod_ssl conflictMartin Kosek2013-10-251-5/+41
| | | | | | | | | | | Since mod_nss-1.0.8-24, mod_nss and mod_ssl can co-exist on one machine (of course, when listening to different ports). To make sure that mod_ssl is not configured to listen on 443 (default mod_ssl configuration), add a check to the installer checking of either mod_nss or mod_ssl was configured to listen on that port. https://fedorahosted.org/freeipa/ticket/3974
generated by cgit (git 2.34.1) at 2024-11-11 14:45:40 +0000