summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Do not store SID string in a local bufferSumit Bose2013-05-021-6/+8
| | | | https://fedorahosted.org/freeipa/ticket/3596
* Do not lookup up the domain too early if only the SID is knownSumit Bose2013-05-021-3/+13
| | | | | | | | Request with a SID as input parameter do not contain the domain name, hence is must be tried to resolve the SID first before the corresponding domain can be looked up. https://fedorahosted.org/freeipa/ticket/3596
* Add Nathaniel McCallum to Contributors.txtRob Crittenden2013-05-021-0/+1
|
* Ignore log files from automake testsNathaniel McCallum2013-05-021-0/+2
|
* Handle connection timeout in ipa-replica-manageTomas Babej2013-05-021-1/+13
| | | | | | | | When connecting to replica, ipa-replica-manage could fail with unknown error due to connection time out. This patch properly handles the situation Fixed in conjunction with https://fedorahosted.org/freeipa/ticket/3524
* Enforce host existence only where needed in ipa-replica-manageTomas Babej2013-05-022-48/+73
| | | | | | | | | | | In ipa-replica-manage commands, we enforce that hostnames we work with are resolvable. However, this caused errors while deleting or disconnecting a ipa / winsync replica, if that replica was down and authoritative server for itself. Also adds an --no-lookup flag to disable host existence checks. https://fedorahosted.org/freeipa/ticket/3524
* Drop uniqueMember mapping with nss-pam-ldapd.Rob Crittenden2013-05-022-1/+9
| | | | | | | | | | nss-pam-ldapd in 0.8.4 changed the default to map uniqueMember to member so it is no longer needed in the config file, and in fact causes an error to be raised. Add a Conflicts on older versions. https://fedorahosted.org/freeipa/ticket/3589
* Fix: Certificate status is not visible in Service and Host pagePetr Vobornik2013-04-301-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3593
* Add support for OpenSSH 6.2.Jan Cholasta2013-04-302-21/+81
| | | | | | | Run sss_ssh_authorizedkeyscommand as nobody. Automatically update sshd_config on openssh-server update. https://fedorahosted.org/freeipa/ticket/3571
* Preserve already configured options in openldap confTomas Babej2013-04-302-11/+65
| | | | | | | | | | | | | We should respect already configured options present in /etc/openldap/ldap.conf when generating our own configuration. With this patch, we only rewrite URI, BASE and TLS_CACERT options only if they are not configured. In the case they are, our suggested configuration is inserted as a comment. Also adds tab as a delimeter character in /etc/openldap/ldap.conf https://fedorahosted.org/freeipa/ticket/3582
* Require version of NSS that properly parses base64-encoded certsRob Crittenden2013-04-291-2/+10
| | | | | | | | There were cases where a base64-encoded cert with no header/footer would not be handled properly and rejected. This was causing the CA install to fail. https://fedorahosted.org/freeipa/ticket/3586
* Always stop dirsrv in 'ipactl stop'Ana Krivokapic2013-04-291-11/+9
| | | | | | | Ensure that 'ipactl stop' stops the dirsrv instance, even when no other services are running. https://fedorahosted.org/freeipa/ticket/3574
* Fix syntax errors in schema filesPetr Viktorin2013-04-265-4/+69
| | | | | | | | | | | | | | | | - add missing closing parenthesis in idnsRecord declaration - remove extra dollar sign from ipaSudoRule declaration - handle missing/extraneous X-ORIGIN lines in 10-selinuxusermap.update This does not use the schema updater because the syntax needs to be fixed in the files themselves, otherwise 389 1.3.2+ will fail to start. Older DS versions transparently fix the syntax errors. The existing ldap-updater directive for ipaSudoRule is fixed (ldap-updater runs after upgradeconfig). https://fedorahosted.org/freeipa/ticket/3578
* Fix syntax of the dc attributeTypePetr Viktorin2013-04-262-1/+4
| | | | | | | dc syntax is changed from Directory String to IA5 String to conform to RFC 2247. Part of the work for https://fedorahosted.org/freeipa/ticket/3578
* Add userClass attribute for hostsMartin Kosek2013-04-266-5/+39
| | | | | | | | | This new freeform host attribute will allow provisioning systems to add custom tags for host objects which can be later used for in automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems Ticket: https://fedorahosted.org/freeipa/ticket/3583
* Make gecos field editable in Web UITomas Babej2013-04-251-1/+2
| | | | | | This patch exposes user entry gecos field in Web UI. https://fedorahosted.org/freeipa/ticket/3569
* Allow underscore in record targetsTomas Babej2013-04-252-4/+4
| | | | | | | Makes record target validation less strict and allows underscore. This is requirement for IPA sites. https://fedorahosted.org/freeipa/ticket/3550
* Add missing permissions to Host Administrators privilegeAna Krivokapic2013-04-241-0/+8
| | | | | | | | The 'Host Administrators' privilege was missing two permissions ('Retrieve Certificates from the CA' and 'Revoke Certificate'), causing the inability to remove a host with a certificate. https://fedorahosted.org/freeipa/ticket/3585
* Do not display an interactive mode message in unattended modeAna Krivokapic2013-04-241-2/+3
| | | | https://fedorahosted.org/freeipa/ticket/3576
* Handle socket.gethostbyaddr() exceptions when verifying hostnames.Rob Crittenden2013-04-241-0/+2
| | | | | | | | | | Log any socket exceptions raised and let the process continue. This failure isn't a show-stopper. Other checks past this will catch any other problems. This was seen when /etc/hosts and /etc/resolv.conf were both empty. https://fedorahosted.org/freeipa/ticket/3581
* Add ipa-ca records for existing CA masters when installing DNS for the first ↵Jan Cholasta2013-04-241-5/+29
| | | | | | time. https://fedorahosted.org/freeipa/ticket/3564
* Add DNS records for existing masters when installing DNS for the first time.Jan Cholasta2013-04-241-41/+85
| | | | https://fedorahosted.org/freeipa/ticket/3564
* Avoid removing sss from nssswitch.conf during client uninstallTomas Babej2013-04-231-5/+7
| | | | | | | | | This patch makes sure that sss is not removed from nsswitch.conf which causes probles with later uses of sssd. Makes sure that authconfig with --disablesssd option is not executed during ipa client uninstall. https://fedorahosted.org/freeipa/ticket/3577
* Add hint message about --force-join option when enrollment failsTomas Babej2013-04-231-0/+4
| | | | | | | | When client enrollment fails due to the fact that host entry already exists on the server, display an message informing the user about the possibility of using --force-join option. https://fedorahosted.org/freeipa/ticket/3572
* Fix the spec fileAna Krivokapic2013-04-221-1/+1
| | | | | | Correct ownership for /etc/ipa and remove unnecessary %config directive. https://fedorahosted.org/freeipa/ticket/3551
* Handle missing /etc/ipa in ipa-client-installAna Krivokapic2013-04-192-1/+10
| | | | | | | | Make sure /etc/ipa is created and owned by freeipa-python package. Report correct error to user if /etc/ipa is missing during client installation. https://fedorahosted.org/freeipa/ticket/3551
* Use two digits for each part of NUM_VERSIONPetr Viktorin2013-04-191-2/+4
| | | | https://fedorahosted.org/freeipa/ticket/3545
* Do not sort dictionaries in assert_deepequal utility functionAna Krivokapic2013-04-192-8/+13
| | | | | | | | Sorting lists of dictionaries in assert_deepequal was causing inconsistencies in unit test execution. To fix this, do not sort lists if their elements are dictionaries. https://fedorahosted.org/freeipa/ticket/3562
* Improve help text for HBAC service groupsAna Krivokapic2013-04-181-4/+0
| | | | | | | | Remove the part of help text for HBAC service groups which contains an example suggesting that nested groups are supported. Nested groups are not supported in HBAC service groups. https://fedorahosted.org/freeipa/ticket/3548
* Use correct zone when removing DNS records of a master.Jan Cholasta2013-04-181-3/+2
| | | | https://fedorahosted.org/freeipa/ticket/3563
* Become 3.2.0 Beta 1beta_1-3-2-0Rob Crittenden2013-04-161-2/+2
|
* Require new samba and krb5Martin Kosek2013-04-161-4/+9
| | | | | | | | | | Require samba 4.0.5 (passdb API changed). Make sure that we use the right epoch number with samba so that the Requires is correctly enforced. Require krb5 1.11.2-1 to fix missing PAC issue. Also fix backup dir permissions.
* Update only selected attributes for winsync agreementTomas Babej2013-04-165-17/+33
| | | | | | | | | | | | Trying to insert nsDS5ReplicatedAttributeListTotal and nsds5ReplicaStripAttrs to winsync agreements caused upgrade errors. With this patch, these attributes are skipped for winsync agreements. Made find_ipa_replication_agreements() in replication.py more corresponding to find_replication_agreements. It returns list of entries instead of unicode strings now. https://fedorahosted.org/freeipa/ticket/3522
* Integrate realmdomains with IPA DNSAna Krivokapic2013-04-164-1/+248
| | | | | | | | | | | | | Add an entry to realmdomains when a DNS zone is added to IPA. Delete the related entry from realmdomains when the DNS zone is deleted from IPA. Add _kerberos TXT record to DNS zone when a new realmdomain is added. Delete _kerberos TXT record from DNS zone when realmdomain is deleted. Add unit tests to cover new functionality. https://fedorahosted.org/freeipa/ticket/3544
* Drop --selfsign server functionalityPetr Viktorin2013-04-1510-808/+140
| | | | | Design: http://freeipa.org/page/V3/Drop_selfsign_functionality Ticket: https://fedorahosted.org/freeipa/ticket/3494
* Remove obsolete self-sign references from man pages, docstrings, commentsPetr Viktorin2013-04-156-13/+8
| | | | Part of the work for https://fedorahosted.org/freeipa/ticket/3494
* Uninstall selfsign CA on upgradePetr Viktorin2013-04-154-8/+43
| | | | | | | | | This will convert a master with a selfsign CA to a CA-less one in ipa-upgradeconfig. The relevant files are left in place and can be used to manage certs manually. Part of the work for: https://fedorahosted.org/freeipa/ticket/3494
* Delete DNS records in ipa-ca on ipa-csreplica-manage del.Jan Cholasta2013-04-151-1/+13
| | | | https://fedorahosted.org/freeipa/ticket/3547
* Use A/AAAA records instead of CNAME records in ipa-ca.Jan Cholasta2013-04-156-53/+142
| | | | https://fedorahosted.org/freeipa/ticket/3547
* Update translations from TransifexPetr Viktorin2013-04-1518-5902/+7895
|
* Add nfs:NONE to default PAC types only when neededTomas Babej2013-04-153-5/+58
| | | | | | | | | We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555
* ipa-server-install: correct help text for --external_{cert,ca}_filePetr Viktorin2013-04-152-7/+7
| | | | | | | The options take PEM certificates, not PKCS#10. This corrects both the --help output and the man page. https://fedorahosted.org/freeipa/ticket/3523
* Deprecate HBAC source hosts from CLIAna Krivokapic2013-04-129-256/+86
| | | | | | | | | | | | | Hide the commands and options listed below from the CLI, but keep them in the API. When called directly from the API, raise appropriate exceptions informing the user that the functionality has been deprecated. Affected commands: hbacrule_add_sourcehost, hbacrule_remove_sourcehost. Affected options: sourcehostcategory, sourcehost_host and sourcehost_hostgroup (hbacrule); sourcehost (hbactest). https://fedorahosted.org/freeipa/ticket/3528
* Remove any reference to HBAC source hosts from helpAna Krivokapic2013-04-122-12/+10
| | | | https://fedorahosted.org/freeipa/ticket/3528
* Remove HBAC source hosts from web UIAna Krivokapic2013-04-123-94/+0
| | | | https://fedorahosted.org/freeipa/ticket/3528
* Revert "Fix permission_find test error"Rob Crittenden2013-04-121-0/+1
| | | | | | | This reverts commit f7e27b547547be06f511a3ddfaff8db7d0b7898f. This test was failing because we were adding a permission as a member of a role before creating the permission, so no memberof was generated.
* Apply LDAP update files in blocks of 10, as originally designed.Rob Crittenden2013-04-125-8/+49
| | | | | | | | | | | | | | | In order to have control over the order that updates are applied a numbering system was created for the update files. These values were not actually used. The updates were sorted by DN length and in most cases this was adequate for proper function. The exception was with roles where in some cases a role was added as a member of a permission before the role itself was added so the memberOf value was never created. Now updates are computed and applied in blocks of 10. https://fedorahosted.org/freeipa/ticket/3377
* Full system backup and restoreRob Crittenden2013-04-1212-133/+1648
| | | | | | | | | This will allow one to backup and restore the IPA files and data. This does not cover individual entry restoration. http://freeipa.org/page/V3/Backup_and_Restore https://fedorahosted.org/freeipa/ticket/3128
* Add missing summary message to dnszone_delAna Krivokapic2013-04-112-4/+6
| | | | https://fedorahosted.org/freeipa/ticket/3503
* Fix output for some CLI commandsAna Krivokapic2013-04-115-19/+21
| | | | | | | | | Fix output of dnsrecord_del: it now uses output.standard_delete and excludes --all and --raw flags. Fix output of sudorule_{add,remove}_option: they now use output.standard_entry and include --all and --raw flags. https://fedorahosted.org/freeipa/ticket/3503
generated by cgit (git 2.34.1) at 2025-09-08 10:20:19 +0000