| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
| |
Features of the new policy:
- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
writeable by PKI and readable by HTTPD
- contains Conflicts with old freeipa-server-selinux package to avoid
SELinux upgrade issues
https://fedorahosted.org/freeipa/ticket/3788
|
|
|
|
|
|
| |
Also add an option to ipautil.run to redirect command output to /dev/null.
https://fedorahosted.org/freeipa/ticket/3767
|
|
|
|
|
|
|
| |
Running server upgrade or restart in %post or %postun may cause issues when
there are still parts of old FreeIPA software (like entitlements plugin).
https://fedorahosted.org/freeipa/ticket/3739
|
|
|
|
|
|
|
|
|
|
|
| |
Spec file modified so that /var/lib/ipa/pki-ca/publish/ is no
longer owned by created with package installation. The directory
is rather created/removed with the CA instance itself.
This ensures proper creation/removeal, group ownership
and SELinux context.
https://fedorahosted.org/freeipa/ticket/3727
|
|
|
|
|
|
|
|
|
|
| |
Using the --ignore-dependencies switch was causing the ipactl stop command
not to stop all instances of dirsrv and dogtag. Make sure the switch is used
only when necessary, i.e. to prevent ipa-otpd.socket from getting stuck during
the shutdown transaction.
https://fedorahosted.org/freeipa/ticket/3730
https://fedorahosted.org/freeipa/ticket/3729
|
|
|
|
| |
This directory is no longer used as session storage.
|
|
|
|
|
|
|
|
|
| |
All SELinux policy needed by FreeIPA server is now part of the global
system SELinux policy which makes the subpackage redundant and slowing
down the installation. This patch drops it.
https://fedorahosted.org/freeipa/ticket/3683
https://fedorahosted.org/freeipa/ticket/3684
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3434
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3745
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replica information file contains the file `cacert.p12` which is protected by
the Directory Manager password of the initial IPA server installation. The DM
password of the initial installation is also used for the PKI admin user
password.
If the DM password is changed after the IPA server installation, the replication
fails.
To prevent this failure, add the following steps to ipa-replica-prepare:
1. Regenerate the `cacert.p12` file and protect it with the current DM password
2. Update the password of the PKI admin user with the current DM password
https://fedorahosted.org/freeipa/ticket/3594
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3765
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3729
|
|
|
|
|
|
|
| |
Make sure ipactl status check for correct DS instance. It should check for
'dirsrv@IPA-REALM' and not 'dirsrv.target'.
https://fedorahosted.org/freeipa/ticket/3730
|
|
|
|
|
|
| |
This fixes an outstanding permissions issue from the OTP work.
https://fedorahosted.org/freeipa/ticket/3693
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3743
|
|
|
|
|
|
|
|
| |
The referint plugin does a substring search on these attributes each time an
entry is deleted, which causes a noticable slowdown for large directories if
the attributes are not indexed.
https://fedorahosted.org/freeipa/ticket/3706
|
|
|
|
|
|
| |
This prevents getting full member list from LDAP and putting it back later.
https://fedorahosted.org/freeipa/ticket/3706
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3706
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3706
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3707
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3736
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3766
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3764
|
|
|
|
|
|
|
| |
Incorrect tuple unpacking in adtrustinstance was causing ipa-adtrust-install
to fail when IPA was installed with no DNS.
https://fedorahosted.org/freeipa/ticket/3746
|
|
|
|
|
|
| |
Assign a default priority of 10 to our SASL mappings.
https://fedorahosted.org/freeipa/ticket/3330
|
|
|
|
|
|
|
|
|
|
| |
Create:
* kerberosauth.xpi
* krb.js
even when --http_pkcs12 option is used.
https://fedorahosted.org/freeipa/ticket/3747
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3705
|
|
|
|
|
|
| |
Those resources are needed by page which has to use http(browser config) prior to acceptance of CA cert.
https://fedorahosted.org/freeipa/ticket/3748
|
|
|
|
|
|
|
| |
Entitlements code was not tested nor supported upstream since
version 3.0. Remove the associated code.
https://fedorahosted.org/freeipa/ticket/3739
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3750
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3718
|
|
|
|
|
|
|
|
| |
Logging tracebacks at the INFO level caused them to be displayed to user on the
command line. Change the log level to DEBUG, so that tracebacks are not visible
to user.
https://fedorahosted.org/freeipa/ticket/3704
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3713
|
|
|
|
|
|
|
|
|
|
|
| |
Improve handling of command line options related to forced client re-enrollment
in ipa-client-install:
* Make --keytab and --principal options mutually exclusive.
* Warn that using --force-join together with --keytab provides no additional
functionality.
https://fedorahosted.org/freeipa/ticket/3686
|
|
|
|
|
|
|
| |
Make sure that the success message is properly populated with actual number of
items that were successfully added/removed.
https://fedorahosted.org/freeipa/ticket/3708
|
|
|
|
|
|
|
|
|
|
| |
There is a JS error.
Rule tables with external member has more than one column and therefore exclude parameter for adder dialog is not array of strings but array of objects. normalize_values function can't work with it and causes JS error.
This patch creates proper exclude array before passing it to adder dialog.
https://fedorahosted.org/freeipa/ticket/3711
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3675
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3673
https://fedorahosted.org/freeipa/ticket/3674
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3667
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3665
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3685
|
|
|
|
|
|
|
|
| |
Adds a new simple service called OtpdInstance, that manages
ipa-otpd.socket service. Added to server/replica installer
and ipa-upgradeconfig script.
https://fedorahosted.org/freeipa/ticket/3680
|
|
|
|
|
|
|
|
| |
Default list of attributes that are checked with 7-bit plugin
for being 7-bit clean includes userPassword. Consecutively, one
is unable to set passwords that contain non-ascii characters.
https://fedorahosted.org/freeipa/ticket/3640
|
|
|
|
|
|
| |
One Python's unicode marking character was being printed by RPC plugin
which then appeared in ipa-client-install output. This patch removes
it.
|
|
|
|
|
|
|
|
| |
Currently there is only empty space between facet tabs and facet title.
It's a regression caused by recent refactoring.
https://fedorahosted.org/freeipa/ticket/3688
|