Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Become version 1.0.0release-1-0-0 | Rob Crittenden | 2008-04-16 | 16 | -26/+71 |
| | |||||
* | Catch all errors when obtaining an LDAP connection. | Rob Crittenden | 2008-04-15 | 1 | -0/+2 |
| | | | | 442582 | ||||
* | Move print statement to the correct scope so it displays both lock and unlock. | Rob Crittenden | 2008-04-15 | 1 | -1/+1 |
| | | | | 442625 | ||||
* | Better detection of DS not starting. | Rob Crittenden | 2008-04-14 | 1 | -3/+23 |
| | | | | | | | The dirsrv init script always returns 0 on status checks, even if an instance is not started. So we have to look through the output instead. 442452 | ||||
* | Don't quit trying to lock a user if they aren't in the activated group. | Rob Crittenden | 2008-04-14 | 1 | -1/+5 |
| | | | | | | | | Users are considered activated by default so don't need to be in the activated group explicitly. Ignore the "not in group" error when trying to remove them. 442470 | ||||
* | Handle exceptions more gracefully on systems with python-ldap 2.2.0 | Rob Crittenden | 2008-04-14 | 1 | -5/+8 |
| | | | | 442136 | ||||
* | Configure the ipa_pwd_extop plugin on replicas. | Rob Crittenden | 2008-04-14 | 1 | -1/+4 |
| | | | | | | | | If plugin isn't configured then the kerberos attributes don't get populated. User's will get Preauthentication errors from the kerberos libraries because there is no krbPrincipalKey to match against. 442134 | ||||
* | Use the same kpasswd.keytab on all replicas. | Rob Crittenden | 2008-04-09 | 3 | -3/+12 |
| | | | | | | | If we generate a new keytab for each replica then effectively password changes can only occur on the last replica created. 439905 | ||||
* | Fix client discovery and make sure command line options are not overwritten | Simo Sorce | 2008-04-09 | 1 | -36/+53 |
| | | | | with discovered options, just verified. | ||||
* | Make sure we use the configured server in ipa.conf first, and | Simo Sorce | 2008-04-09 | 1 | -28/+23 |
| | | | | fallback to the discovered ones only if that's not available | ||||
* | Add --permitted-enctypes command and add it to the man page too | Simo Sorce | 2008-04-08 | 2 | -8/+52 |
| | |||||
* | Make sure we start the NSCD daemon. | Simo Sorce | 2008-04-08 | 1 | -0/+15 |
| | | | | It makes a huge difference on clients, if we cache lookups | ||||
* | is_integer returns the integer, don't use an if clause, just check it, if it | Simo Sorce | 2008-04-08 | 1 | -12/+12 |
| | | | | | is wrong it will just throw an exception and exit. Fix error reporting to use the canonical str(e) | ||||
* | Fix error where password was getting set wrong if passed in on command-line. | Rob Crittenden | 2008-04-08 | 1 | -1/+1 |
| | | | | 439905 | ||||
* | The kpasswd keytab must not be owned by the dirsrv user. | Simo Sorce | 2008-04-08 | 1 | -2/+0 |
| | | | | Fix copy&paste error. | ||||
* | SELinux fix from Dan Walsh | Rob Crittenden | 2008-04-07 | 1 | -1/+1 |
| | | | | 440646 | ||||
* | Add (post) to Requires: ipa-server-spec | Rob Crittenden | 2008-04-07 | 2 | -2/+4 |
| | |||||
* | Some SELinux policy changes provided by Dan Walsh. | Rob Crittenden | 2008-04-07 | 3 | -4/+18 |
| | | | | 440651 | ||||
* | Add _ntp SRV record | Simo Sorce | 2008-04-07 | 1 | -0/+2 |
| | |||||
* | Password policy checks fixes. | Simo Sorce | 2008-04-07 | 1 | -37/+94 |
| | | | | | | - don't let a user set a password identical to the current one. - don't check more then the policy defined number of passwords in history - don't set an history longer than policy defined | ||||
* | Don't allow the admin user to be removed from the admins group. | Rob Crittenden | 2008-04-04 | 2 | -0/+15 |
| | | | | 439281 | ||||
* | Add missing normalizeDN() when removing members from a group. | Rob Crittenden | 2008-04-04 | 2 | -4/+16 |
| | | | | 438387 | ||||
* | Create /etc/ipa/ipa.conf earlier in the installation process. | Rob Crittenden | 2008-04-03 | 1 | -8/+8 |
| | | | | | | | Because the ipa.config() object raises an error if there is no configuration file and auto-detection fails, ipa_webgui may fail to start at install time. 440475 | ||||
* | Add missing image | Rob Crittenden | 2008-04-03 | 1 | -0/+1 |
| | |||||
* | Need python-ldap in Requires | Simo Sorce | 2008-04-02 | 1 | -0/+1 |
| | |||||
* | Don't try to update ipauserobjectclasses or ipagroupobjectclasses | Rob Crittenden | 2008-04-02 | 2 | -9/+13 |
| | | | | | | | | since they aren't being displayed anymore. They will just get blanked. Also add some error handling in ipahelper.fix_incoming_fields() 438256 | ||||
* | Add missing start_creation() so the install process will get kicked off. | Rob Crittenden | 2008-04-02 | 1 | -0/+1 |
| | |||||
* | Make sure we have ipa-client installed as now ipa-server-install calls | Simo Sorce | 2008-04-02 | 2 | -0/+2 |
| | | | | ipa-client-install | ||||
* | Cut&patse error | Simo Sorce | 2008-04-02 | 1 | -3/+3 |
| | |||||
* | Stricter directory control for ipa daemons, each one it's own directory | Simo Sorce | 2008-04-01 | 3 | -1/+16 |
| | |||||
* | - Better defaults for nss_ldap | Simo Sorce | 2008-04-01 | 2 | -6/+26 |
| | | | | | | | | - Make sure timeouts are not too high, so that machine does not hang if remote servers are not reachable - Make sure root can always login no matter what the status of the ldap servers - use rfc2307bis schema directive | ||||
* | Move ipa_kpasswd credential cache in its own directory | Simo Sorce | 2008-04-01 | 4 | -3/+15 |
| | |||||
* | Fix typo in python directive. Fixes marking a group active. | Rob Crittenden | 2008-04-01 | 1 | -1/+1 |
| | | | | 440142 | ||||
* | Fix crash when creating new groups. You can't iterate over a None variable. | Rob Crittenden | 2008-04-01 | 1 | -0/+2 |
| | | | | 440081 | ||||
* | Fix AVC when for reading /proc during password change on RHEL 5 | Rob Crittenden | 2008-04-01 | 1 | -0/+2 |
| | | | | 438007 | ||||
* | No need to use a regular expression to find the replication host | Rob Crittenden | 2008-03-31 | 1 | -3/+1 |
| | | | | 430015 | ||||
* | Call client uninstall from server uninstall so that uninstall reverses also | Simo Sorce | 2008-03-31 | 1 | -0/+15 |
| | | | | client bits. | ||||
* | RHEL4 contrib client uninstall | Simo Sorce | 2008-03-31 | 1 | -4/+20 |
| | |||||
* | Implement client uninstall | Simo Sorce | 2008-03-31 | 4 | -8/+80 |
| | | | | (including RHEL4 contrib setup script) | ||||
* | Sysrestore fixes. | Simo Sorce | 2008-03-31 | 2 | -47/+50 |
| | | | | | | | Latest patch used the wrong path and all files where actually going to /tmp even if a different path was specified. Makes also StateFile behave the same as FileStore, and be a public class, this way a common path can be used too. | ||||
* | Some more function name errors due to merge from DS own memberof plugin that | Simo Sorce | 2008-03-31 | 1 | -6/+6 |
| | | | | has different function names. This was a runtime linker crash bug :/ | ||||
* | On the delegation edit screen allow the direct entry of a group name | Rob Crittenden | 2008-03-24 | 1 | -4/+28 |
| | | | | | | Fix the redirection errors, it was going to back to the Add delegation page 438257 | ||||
* | Don't try to add the default group to a user when creating the group. | Rob Crittenden | 2008-03-31 | 1 | -4/+19 |
| | | | | | | This is done automatically and trying to do so will return an error. 432106 | ||||
* | Fix account activation. | Rob Crittenden | 2008-03-31 | 3 | -12/+89 |
| | | | | | | | | | | | | | | | | We do account activation by using a Class of Service based on group membership. A problem can happen if the entry itself has an nsaccountlock attribute and you try doing Class of Service work as well because the local attribute has priority. So try to detect that the entry has a local nsAccountLock attribute and report an appropriate error. Don't allow the admins or editors groups to be de-activated. Return a better error message if account [in]activation fails. Catch errors when doing group [in]activation. 439230 | ||||
* | Fix typo | Simo Sorce | 2008-03-31 | 1 | -2/+2 |
| | |||||
* | Better check for IPA nServer own address, avoid manually parsing /etc/hosts by | Simo Sorce | 2008-03-30 | 1 | -36/+54 |
| | | | | | | | using nsswitch calls that read it and also take in account any other name resolution mechanism that might be installed (like NIS lol :-). This also should make the check support IPv6 transparently too (not tested) | ||||
* | Avoid listing a group as a memberOf itself when a circular grouping | Nathan Kinder | 2008-03-28 | 1 | -10/+23 |
| | | | | | | | | | | is created. We basically just need to add a check to see if we're to use a group DN as the memberOf value when performing an operation on itself for all operation types. 439450 | ||||
* | Fixed handling of modify operations that delete all present member | Nathan Kinder | 2008-03-28 | 1 | -2/+13 |
| | | | | | | | | | | | | | values without specifying the values to delete in the memberOf plug-in. Member entries were not being updated because the code used the values in the mod to find the member entries to update. The fix is to detect when a delete modify has no values specified and just use the replace code since it compares the pre-op and post-op copies of the group to figure out what member entries to update. 439097 | ||||
* | Put replica info file into /var/lib/ipa instead of the current directory | Rob Crittenden | 2008-03-28 | 1 | -2/+2 |
| | | | | 439120 | ||||
* | Move sysrestore to ipa-python so it can be used by client scripts too. | Simo Sorce | 2008-03-27 | 13 | -350/+471 |
| | | | | | | Change backup format so files are all in a single directory (no dir hierarchies) and use an index file so we can save also ownership and permission info for the restore (and eventually other data later on). |