summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Become 3.2.2release-3-2-2Martin Kosek2013-07-171-1/+1
|
* Require new selinux-policy replacing old server-selinux subpackageMartin Kosek2013-07-171-1/+5
| | | | | | | | | | Features of the new policy: - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is writeable by PKI and readable by HTTPD - contains Conflicts with old freeipa-server-selinux package to avoid SELinux upgrade issues https://fedorahosted.org/freeipa/ticket/3788
* Run gpg-agent explicitly when encrypting/decrypting files.Jan Cholasta2013-07-171-7/+12
| | | | | | Also add an option to ipautil.run to redirect command output to /dev/null. https://fedorahosted.org/freeipa/ticket/3767
* Run server upgrade and restart in posttransMartin Kosek2013-07-161-9/+14
| | | | | | | Running server upgrade or restart in %post or %postun may cause issues when there are still parts of old FreeIPA software (like entitlements plugin). https://fedorahosted.org/freeipa/ticket/3739
* Change group ownership of CRL publish directoryTomas Babej2013-07-164-7/+20
| | | | | | | | | | | Spec file modified so that /var/lib/ipa/pki-ca/publish/ is no longer owned by created with package installation. The directory is rather created/removed with the CA instance itself. This ensures proper creation/removeal, group ownership and SELinux context. https://fedorahosted.org/freeipa/ticket/3727
* Use --ignore-dependencies only when necessaryAna Krivokapic2013-07-161-4/+5
| | | | | | | | | | Using the --ignore-dependencies switch was causing the ipactl stop command not to stop all instances of dirsrv and dogtag. Make sure the switch is used only when necessary, i.e. to prevent ipa-otpd.socket from getting stuck during the shutdown transaction. https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729
* Drop redundant directory /var/cache/ipa/sessionsMartin Kosek2013-07-162-6/+1
| | | | This directory is no longer used as session storage.
* Drop SELinux subpackageMartin Kosek2013-07-1611-354/+8
| | | | | | | | | All SELinux policy needed by FreeIPA server is now part of the global system SELinux policy which makes the subpackage redundant and slowing down the installation. This patch drops it. https://fedorahosted.org/freeipa/ticket/3683 https://fedorahosted.org/freeipa/ticket/3684
* Use pkg-config to detect cmockaLukas Slebodnik2013-07-151-25/+12
| | | | https://fedorahosted.org/freeipa/ticket/3434
* Return the correct Content-type on negotiated XML-RPC requests.Rob Crittenden2013-07-151-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3745
* Make sure replication works after DM password is changedAna Krivokapic2013-07-112-3/+42
| | | | | | | | | | | | | | | | Replica information file contains the file `cacert.p12` which is protected by the Directory Manager password of the initial IPA server installation. The DM password of the initial installation is also used for the PKI admin user password. If the DM password is changed after the IPA server installation, the replication fails. To prevent this failure, add the following steps to ipa-replica-prepare: 1. Regenerate the `cacert.p12` file and protect it with the current DM password 2. Update the password of the PKI admin user with the current DM password https://fedorahosted.org/freeipa/ticket/3594
* Fix for small syntax error in OTP schemaNathaniel McCallum2013-07-112-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3765
* Avoid systemd service deadlock during shutdownAna Krivokapic2013-07-111-1/+11
| | | | https://fedorahosted.org/freeipa/ticket/3729
* Use correct DS instance in ipactl statusAna Krivokapic2013-07-112-13/+31
| | | | | | | Make sure ipactl status check for correct DS instance. It should check for 'dirsrv@IPA-REALM' and not 'dirsrv.target'. https://fedorahosted.org/freeipa/ticket/3730
* Permit reads to ipatokenRadiusProxyUser objectsNathaniel McCallum2013-07-112-2/+2
| | | | | | This fixes an outstanding permissions issue from the OTP work. https://fedorahosted.org/freeipa/ticket/3693
* Add missing equality index for ipaUniqueId.Jan Cholasta2013-07-112-0/+15
| | | | https://fedorahosted.org/freeipa/ticket/3743
* Add missing substring indices for attributes managed by the referint plugin.Jan Cholasta2013-07-112-33/+43
| | | | | | | | The referint plugin does a substring search on these attributes each time an entry is deleted, which causes a noticable slowdown for large directories if the attributes are not indexed. https://fedorahosted.org/freeipa/ticket/3706
* Use LDAP modify operation directly to add/remove group members.Jan Cholasta2013-07-111-23/+13
| | | | | | This prevents getting full member list from LDAP and putting it back later. https://fedorahosted.org/freeipa/ticket/3706
* Use LDAP search instead of *group_show to check for a group objectclass.Jan Cholasta2013-07-113-37/+41
| | | | https://fedorahosted.org/freeipa/ticket/3706
* Use LDAP search instead of *group_show to check if a group exists.Jan Cholasta2013-07-116-9/+15
| | | | https://fedorahosted.org/freeipa/ticket/3706
* Check trust chain length in CA-less install.Jan Cholasta2013-07-111-2/+9
| | | | https://fedorahosted.org/freeipa/ticket/3707
* Skip cert issuer validation in service and host commands in CA-less install.Jan Cholasta2013-07-091-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3736
* Fix client install exception if /etc/ssh is missingNathaniel McCallum2013-07-091-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3766
* Disable checkboxes and radios for readonly attributesPetr Vobornik2013-07-091-8/+15
| | | | https://fedorahosted.org/freeipa/ticket/3764
* Fix bug in adtrustinstanceAna Krivokapic2013-07-091-2/+2
| | | | | | | Incorrect tuple unpacking in adtrustinstance was causing ipa-adtrust-install to fail when IPA was installed with no DNS. https://fedorahosted.org/freeipa/ticket/3746
* Enable SASL mapping fallback.Martin Kosek2013-06-276-4/+28
| | | | | | Assign a default priority of 10 to our SASL mappings. https://fedorahosted.org/freeipa/ticket/3330
* Create Firefox configuration extension on CA-less installPetr Vobornik2013-06-274-26/+33
| | | | | | | | | | Create: * kerberosauth.xpi * krb.js even when --http_pkcs12 option is used. https://fedorahosted.org/freeipa/ticket/3747
* Do not skip SSSD known hosts in ipa-client-install --ssh-trust-dns.Jan Cholasta2013-06-271-3/+3
| | | | https://fedorahosted.org/freeipa/ticket/3705
* Do not redirect to https in /ipa/ui on non-HTML filesPetr Vobornik2013-06-261-1/+2
| | | | | | Those resources are needed by page which has to use http(browser config) prior to acceptance of CA cert. https://fedorahosted.org/freeipa/ticket/3748
* Remove entitlement supportMartin Kosek2013-06-2636-2972/+4
| | | | | | | Entitlements code was not tested nor supported upstream since version 3.0. Remove the associated code. https://fedorahosted.org/freeipa/ticket/3739
* Fix CA-less check in ipa-replica-install and ipa-ca-install.Jan Cholasta2013-06-262-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3750
* Fix default value selection in radio widgetPetr Vobornik2013-06-241-1/+11
| | | | https://fedorahosted.org/freeipa/ticket/3718
* Do not display traceback to userAna Krivokapic2013-06-241-5/+4
| | | | | | | | Logging tracebacks at the INFO level caused them to be displayed to user on the command line. Change the log level to DEBUG, so that tracebacks are not visible to user. https://fedorahosted.org/freeipa/ticket/3704
* Do not redirect ipa/crl to HTTPSTomas Babej2013-06-201-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3713
* Improve handling of options in ipa-client-installAna Krivokapic2013-06-201-0/+9
| | | | | | | | | | | Improve handling of command line options related to forced client re-enrollment in ipa-client-install: * Make --keytab and --principal options mutually exclusive. * Warn that using --force-join together with --keytab provides no additional functionality. https://fedorahosted.org/freeipa/ticket/3686
* Fix displaying of success messageAna Krivokapic2013-06-132-26/+31
| | | | | | | Make sure that the success message is properly populated with actual number of items that were successfully added/removed. https://fedorahosted.org/freeipa/ticket/3708
* Regression fix: rule table with ext. member support doesn't offer any itemsPetr Vobornik2013-06-131-1/+9
| | | | | | | | | | There is a JS error. Rule tables with external member has more than one column and therefore exclude parameter for adder dialog is not array of strings but array of objects. normalize_values function can't work with it and causes JS error. This patch creates proper exclude array before passing it to adder dialog. https://fedorahosted.org/freeipa/ticket/3711
* Do not track DS certificate in CA-less setup.Jan Cholasta2013-06-121-2/+0
| | | | https://fedorahosted.org/freeipa/ticket/3675
* Do not allow installing CA replicas in CA-less setup.Jan Cholasta2013-06-122-0/+8
| | | | | https://fedorahosted.org/freeipa/ticket/3673 https://fedorahosted.org/freeipa/ticket/3674
* Skip empty lines when parsing pk12util output.Jan Cholasta2013-06-121-1/+1
|
* Handle exceptions gracefully when verifying PKCS#12 files.Jan Cholasta2013-06-122-2/+11
| | | | https://fedorahosted.org/freeipa/ticket/3667
* Remove stray error condition in ipa-server-install.Jan Cholasta2013-06-121-3/+0
|
* Use the correct PKCS#12 file for HTTP server.Jan Cholasta2013-06-121-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3665
* Fix type of printf argumentSumit Bose2013-06-101-1/+2
|
* Become 3.2.1release-3-2-1Martin Kosek2013-06-071-1/+1
|
* Prevent error when running IPA commands with su/sudoAna Krivokapic2013-06-071-5/+5
| | | | https://fedorahosted.org/freeipa/ticket/3685
* Manage ipa-otpd.socket by IPATomas Babej2013-06-066-22/+68
| | | | | | | | Adds a new simple service called OtpdInstance, that manages ipa-otpd.socket service. Added to server/replica installer and ipa-upgradeconfig script. https://fedorahosted.org/freeipa/ticket/3680
* Do not check userPassword with 7-bit pluginTomas Babej2013-06-062-0/+7
| | | | | | | | Default list of attributes that are checked with 7-bit plugin for being 7-bit clean includes userPassword. Consecutively, one is unable to set passwords that contain non-ascii characters. https://fedorahosted.org/freeipa/ticket/3640
* Remove redundant u'' characterMartin Kosek2013-06-062-2/+2
| | | | | | One Python's unicode marking character was being printed by RPC plugin which then appeared in ipa-client-install output. This patch removes it.
* Fix regression: missing facet tab group labelsPetr Vobornik2013-06-052-10/+15
| | | | | | | | Currently there is only empty space between facet tabs and facet title. It's a regression caused by recent refactoring. https://fedorahosted.org/freeipa/ticket/3688
generated by cgit (git 2.34.1) at 2024-05-07 01:17:19 +0000