| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Prevent showing of unfriendly "Unexpected error" message, when providing
incorrect DM password to ipa-ldap-updater.
https://fedorahosted.org/freeipa/ticket/3825
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3442
|
|
|
|
|
|
| |
This is a workaround for <https://fedorahosted.org/389/ticket/47490>.
https://fedorahosted.org/freeipa/ticket/3915
|
|
|
|
|
|
|
|
| |
DS is contacted during server uninstallation, in order to obtain information
about replication agreements. If DS is unavailable, warn and continue with
uninstallation.
https://fedorahosted.org/freeipa/ticket/3867
|
|
|
|
|
|
|
|
| |
Some of the FileErrors in ipa-client-install were raised incorrectly
(without the 'reason' argument), which resulted in bad error messages
during ipa-client-install.
https://fedorahosted.org/freeipa/ticket/3758
|
|
|
|
|
|
|
| |
Due to the upcoming deprecation of the ntpdate program (targeted for Fedora 20),
replace ntpdate calls with ntpd.
https://fedorahosted.org/freeipa/ticket/3797
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pylint 1.0 was released[0] and it brings some incompatibilities,
as well as a bug[1] that's triggered by FreeIPA code.
This patch updates make-lint to be compatible with Pylint 1.0,
while keeping support for version 0.26.
[0] http://www.logilab.org/blogentry/163292
[1] https://bitbucket.org/logilab/pylint/issue/47
Ticket: https://fedorahosted.org/freeipa/ticket/3865
|
|
|
|
|
|
|
|
|
|
|
| |
The __all__ list does not cause submodules to be imported, e.g.
one would still have to `import ipaclient.ipachangeconf` rather than
just `import ipaclient` to use `ipaclient.ipachangeconf`.
Even if they did do anything, the lists were incomplete, and (since
`import *` is not used on these modules) unnecessary.
Pylint 1.0 reports undeclared names in __all__ as a warning.
|
| |
|
|
|
|
|
|
|
| |
Add the --automount-location option to ipa-client-install. If the option is
used, ipa-client-automount is called at the end of ipa-client-install.
https://fedorahosted.org/freeipa/ticket/3740
|
|
|
|
|
|
|
|
| |
The search had an incorrect scope and therefore it didn't find any RUV.
This issue prevented removing of replica.
https://fedorahosted.org/freeipa/ticket/3876
|
|
|
|
|
|
|
| |
Add a warning when trying to uninstall a replica that has active replication
agreements.
https://fedorahosted.org/freeipa/ticket/3867
|
|
|
|
|
|
|
| |
ipa-restore would fail if DS user did not exist. Check for presence of DS
user and group and create them if needed.
https://fedorahosted.org/freeipa/ticket/3856
|
|
|
|
|
|
|
| |
Add integration tests for the forced client re-enrollment feature:
http://www.freeipa.org/page/V3/Forced_client_re-enrollment#Test_Plan
https://fedorahosted.org/freeipa/ticket/3832
|
| |
|
|
|
|
|
|
| |
If ipa_cldap_decode() reply is not initialized.
Fixes https://fedorahosted.org/freeipa/ticket/3885
|
|
|
|
|
|
|
|
| |
There is no risk of crash here as slapi_valueset_first_value() can handle
the case where the valueset is NULL, but there is no point in calling that
if we know there are no values.
https://fedorahosted.org/freeipa/ticket/3880
|
|
|
|
|
|
| |
Add man pages for ipa-run-tests, ipa-test-task, and ipa-test-config.
https://fedorahosted.org/freeipa/ticket/3855 (part 5)
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3886
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Differences from the test plan at
http://www.freeipa.org/index.php?title=V3/CA-less_install&oldid=6669 are:
- The following tests are included in all applicable positive
install tests, rather than being standalone test cases:
- Verify CA certificate stored in LDAP
- Verify CA PEM file created by IPA server install
- Verify that IPA server install does not configure certmonger
- Verify CA PEM file created by IPA replica install
- Verify that IPA replica install does not configure certmonger
- Verify CA PEM file created by IPA client install
- PKI setup is done only once for each test class
- Master installation is done once for the IPA command tests, and
once for the certinstall tests
- Certificates are compared after base64 decoding to avoid failures
from formatting mismatches
- Minor changes necessary for automation (e.g. adding --unattended
and --password options, correcting error messages)
- Web UI tests are not included here
https://fedorahosted.org/freeipa/ticket/3830
|
|
|
|
|
|
|
|
|
|
| |
Some unit tests were failing after ipa-adtrust-install has been run on the
IPA server, due to missing attributes ('ipantsecurityidentifier') and
objectclasses ('ipantuserattrs' and 'ipantgroupattrs'). This patch detects if
ipa-adtrust-install has been run, and adds missing attributes and objectclasses
where appropriate.
https://fedorahosted.org/freeipa/ticket/3852
|
| |
|
|
|
|
|
|
| |
Adding a trust creates a range -> range search facet should be marked as expired.
https://fedorahosted.org/freeipa/ticket/3874
|
|
|
|
|
|
|
|
|
|
| |
If we do not store the keys in the entry we need to free the array before
continuing or the data is leaked.
CoverityID: 11910
Fixes:
https://fedorahosted.org/freeipa/ticket/3884
|
|
|
|
|
|
|
|
|
|
| |
This memset was harmless as the following data is then set again, but an
optimizing compiler might conceivably reorder instructions causing issues.
CoverityID: 11909
Fixes:
https://fedorahosted.org/freeipa/ticket/3883
|
|
|
|
|
|
|
|
|
| |
CoverityID: 11904
Also remove 'inline', the compiler can do it on its own if needed.
Fixes:
https://fedorahosted.org/freeipa/ticket/3882
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3869
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3869
|
|
|
|
|
|
| |
This is a workaround for <https://fedorahosted.org/389/ticket/47490>.
https://fedorahosted.org/freeipa/ticket/3778
|
|
|
|
|
|
|
|
|
| |
You cannot re-add the trust and modify the range in the process.
The check in the code was malfunctioning since it assumed that
range_size parameter has default value. However, default value
is assigned only later in the add_range function.
https://fedorahosted.org/freeipa/ticket/3870
|
|
|
|
|
|
|
|
| |
Add integration tests for the Kerberos Flags feature:
http://www.freeipa.org/page/V3/Kerberos_Flags#Test_Plan
(except the web UI tests).
https://fedorahosted.org/freeipa/ticket/3831
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes sure that all edits to CS.cfg configuration file
are performed while pki-tomcatd service is stopped.
Introduces a new contextmanager stopped_service for handling
a general problem of performing a task that needs certain service
being stopped.
https://fedorahosted.org/freeipa/ticket/3804
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When configuring the 389 Directory Server instance, we tune it
so that number of file descriptors available to the DS is increased
from the default 1024 to 8192.
There are platform specific steps that need to be conducted
differently on systemd compatible platforms and sysV compatible
platforms.
systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd
sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv
set ulimit - nofile 8192 in /etc/security/limits.conf
https://fedorahosted.org/freeipa/ticket/3823
|
|
|
|
|
|
| |
Fixes RPC server's JSON encoding of exception's name.
It allows to show the name in Web UI's error dialog title.
|
|
|
|
|
|
| |
Remove redundant shebangs from files that are not used as scripts.
https://fedorahosted.org/freeipa/ticket/3853
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3834
|
|
|
|
|
|
| |
Tests according to: http://www.freeipa.org/page/V3/Kerberos_Flags
https://fedorahosted.org/freeipa/ticket/3831
|
|
|
|
|
|
| |
Test cases according to: http://www.freeipa.org/page/V3/CA-less_install
https://fedorahosted.org/freeipa/ticket/3830
|
|
|
|
|
|
| |
This action calls cert-request command which is not available on CA-less installs. Thus this action won't be enabled and therefore there is no reason to keep it visible.
https://fedorahosted.org/freeipa/ticket/3363
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3049
|
|
|
|
|
|
|
| |
Make sure the subject base parameter is correctly passed and used during the
creation of the DS instance on a replica.
https://fedorahosted.org/freeipa/ticket/3868
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3641
|
|
|
|
|
|
| |
Hide the unnecessary --dirsrv_pin and --http_pin options.
https://fedorahosted.org/freeipa/ticket/3869
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3641
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3641
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3641
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3641
|
|
|
|
|
|
|
| |
Change the log file path from /var/log/ipa/default.log to admintool's default
path.
https://fedorahosted.org/freeipa/ticket/3641
|
|
|
|
|
|
|
| |
In particular, PKCS#12 validation and server certificate selection is now done
the same way as in ipa-server-install and ipa-replica-prepare.
https://fedorahosted.org/freeipa/ticket/3641
|