summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update schema for bind-dyndb-ldapMartin Kosek2012-02-244-3/+86
| | | | | | | | | | | Add new attributes and objectclasses to support new features: - global bind-dyndb-ldap settings in LDAP - conditional per-zone forwarding - per-zone configuration of automatic PTR updates - AllowQuery and AllowTransfer ACIs https://fedorahosted.org/freeipa/ticket/2215 https://fedorahosted.org/freeipa/ticket/2072
* Don't allow IPA master hosts or important services be deleted.Rob Crittenden2012-02-235-0/+51
| | | | | | | | | Deleting these would cause the IPA master to blow up. For services I'm taking a conservative approach and only limiting the deletion of known services we care about. https://fedorahosted.org/freeipa/ticket/2425
* Add Conflicts on mod_ssl because it interferes with mod_proxy and dogtagRob Crittenden2012-02-221-0/+7
| | | | | | | | | | | | We had this in v1 but removed it with v2 because we no longer used TurboGears for the UI. Because we are now proxying requests to dogtag we need to re-add this so that mod_ssl doesn't interfere with our communication. mod_ssl always blindly registers itself as the SSL provider for mod_proxy. mod_nss will only register itself if mod_ssl hasn't already done so. https://fedorahosted.org/freeipa/ticket/2177
* Don't check for schema uniqueness when comparing in ldapupdate.Rob Crittenden2012-02-221-1/+6
| | | | | | | | | | This is needed on F-17+, otherwise things blow up when we try to see if we've added new schema. Introspection is required to see if the argument check_uniqueness is available. https://fedorahosted.org/freeipa/ticket/2383
* Make sure memberof is in replication attribute exclusion list.Rob Crittenden2012-02-233-12/+80
| | | | | | | A previous bug caused this attribute to not be added which would lead to unnecessary replication. This runs as an updater plugin. https://fedorahosted.org/freeipa/ticket/2223
* Add the -v option to sslget to provide more verbose errorsRob Crittenden2012-02-232-2/+4
| | | | | | | | I noticed a couple of bad references in ipapython/dogtag.py and fixed those as well. We used to call sslget for all our SSL client needs before python-nss was written. https://fedorahosted.org/freeipa/ticket/2391
* Don't allow "Modify Group membership" permission to manage adminsRob Crittenden2012-02-232-1/+5
| | | | | | | | The permission "Modify Group membership" is used to delegate group management responsibilities. We don't want that to include managing the admins group. https://fedorahosted.org/freeipa/ticket/2416
* update translation pot fileJohn Dennis2012-02-211-235/+240
|
* pulled new po files from TransifexJohn Dennis2012-02-2123-87604/+86410
|
* Update pot file and list of explicit Python files needing translationJohn Dennis2012-02-212-1339/+2082
|
* Added missing configuration optionsPetr Voborník2012-02-204-0/+23
| | | | | | | | | | Missing options were added to Web UI's IPA Server/Configuration page. * ipaconfigstring * ipaselinuxusermaporder * ipaselinuxusermapdefault https://fedorahosted.org/freeipa/ticket/2285 https://fedorahosted.org/freeipa/ticket/2400
* Fixed problem when attributes_widget was displaying empty optionPetr Voborník2012-02-201-1/+6
| | | | | | Attribute table was modified to skip creation of option for empty value. https://fedorahosted.org/freeipa/ticket/2291
* policy: add function to check lockout policySimo Sorce2012-02-193-1/+62
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/2393
* Limit the change password permission so it can't change admin passwordsRob Crittenden2012-02-202-1/+6
| | | | | | | We don't want those in the helpdesk role to be able to reset administrators passwords. https://fedorahosted.org/freeipa/ticket/2271
* Add common helper for interactive promptsPetr Viktorin2012-02-192-30/+40
| | | | | | | | | | | | | | | This patch adds a common method, textui.prompt_helper, that handles encoding, decoding and error handling for interactive prompts. On EOFError (Ctrl+D) or KeyboardInterrupt (Ctrl+C), it raises a new InvocationError, PromptFailed. The helper is used in prompt, prompt_yesno, and prompt_password, each of which originally only handled one of Ctrl+C and Ctrl+D. This fixes https://fedorahosted.org/freeipa/ticket/2345 And it means prompt_yesno will no longer return None on error. A minor fix restores errors.py's ability print out the list of errors when run as a script.
* Add extra checking function to XMLRPC test frameworkPetr Viktorin2012-02-192-8/+43
| | | | | | | | | | | | | | | | This fixes https://fedorahosted.org/freeipa/ticket/1968 (Add ability in test framework to compare two values in result) in a general way: adding an optional extra_check key to the test dict, so a custom checking function with access to the whole result can be called. The particular test mentioned in that issue, checking that the uidnumber and gidnumber for new isers are the same, is added. Also, this adds a docstring to the Declarative class. And finally, the test dictionary is passed to check() via keyword arguments, preventing spelling mistakes in keys from going unnoticed.
* Make ipausers a non-posix group on new installsPetr Viktorin2012-02-191-2/+0
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/2238 It doesn't make a lot of sense for ipausers to be a posix group and we will save a few cycles in compat and sssd by making it non-posix. This is for new installs only.
* Ease zonemgr restrictionsMartin Kosek2012-02-205-10/+7
| | | | | | | | | | | | Admin e-mail validator currently requires an email to be in a second-level domain (hostmaster@example.com). This is too restrictive. Top level domain e-mails (hostmaster@testrelm) should also be allowed. This patch also fixes default zonemgr value in help texts and man pages. https://fedorahosted.org/freeipa/ticket/2272
* ipa-kdb: Fix ACL evaluatorSimo Sorce2012-02-201-1/+4
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/2343
* Set min for 389-ds-base to 1.2.10.1-1 to fix install segfault, schema ↵Rob Crittenden2012-02-151-1/+5
| | | | | | replication. https://fedorahosted.org/freeipa/ticket/2118
* Require krb5 1.10Simo Sorce2012-02-161-2/+2
|
* Remove compat definesSimo Sorce2012-02-161-32/+0
| | | | | | | These definitions were needed during development to be a le to build against krb5 version < 1.10 These function headers and defintions are now available in 1.10 that is a hard dependency for freeipa 3.0, so we can safely drop them.
* Use FQDN in place of FQHN for consistency in sub_dict.Rob Crittenden2012-02-154-7/+7
| | | | | | | For some reason lost to history the sub_dict in dsinstance and cainstance used FQHN instead of FQDN. This made upgrade scripts not work reliably as the variable might be different depending on context. Use FQDN universally instead.
* Configure ipa_memcached when a replica is installed.Rob Crittenden2012-02-161-0/+4
| | | | https://fedorahosted.org/freeipa/ticket/2401
* Enable ipa_memcached when upgradingRob Crittenden2012-02-164-9/+41
| | | | | | | | | | Add support for autobind to services. This is a bit of a special case so I currently require the caller to specify ldapi separately. It only makes sense to do this only in upgrade cases. Also uninstall ipa_memcached when uninstalling the server. https://fedorahosted.org/freeipa/ticket/2399
* ipa-kdb: set krblastpwdchange only when keys have been effectively changedSimo Sorce2012-02-151-2/+4
|
* ipa-kdb: Avoid lookup on modify if possibleSimo Sorce2012-02-151-19/+27
| | | | This avoids one useless search if we already have the entry_dn.
* Disable false pylint error in freeipa-systemd-upgradeRob Crittenden2012-02-151-1/+1
|
* Add S4U2Proxy delegation permissions on upgradesRob Crittenden2012-02-151-0/+6
| | | | https://fedorahosted.org/freeipa/ticket/2396
* Remove Apache ccache on upgrade.Rob Crittenden2012-02-152-0/+7
| | | | | | | Make this removal a common function that can be shared between installer and upgrade tool. https://fedorahosted.org/freeipa/ticket/2395
* Correct update syntax in 30-s4u2proxy.updateRob Crittenden2012-02-152-7/+7
| | | | | | | Always have FQDN available in the update dictionary. There were cases where it would contain the ldapi socket path and not the FQDN. https://fedorahosted.org/freeipa/ticket/2147
* Update S4U2proxy delegation list when creating replicasRob Crittenden2012-02-154-1/+15
|
* Don't set delegation flag in client, we're using S4U2Proxy nowRob Crittenden2012-02-157-17/+33
| | | | | | | | | | | | A forwardable ticket is still required but we no longer need to send the TGT to the IPA server. A new flag, --delegate, is available if the old behavior is required. Set the minimum n-v-r for mod_auth_kerb and krb5-server to pick up needed patches for S4U2Proxy to work. https://fedorahosted.org/freeipa/ticket/1098 https://fedorahosted.org/freeipa/ticket/2246
* Stop and uninstall ipa_kpasswd on upgrade, fix dbmodules in krb5.confRob Crittenden2012-02-152-1/+76
| | | | | | | | | | | The ipa_kpasswd service was deprecated in 2.2, replaced by kadmin. On upgrade it will be left running by the previous installation, we need to stop it and uninstall the service. The dbmodules section needs to reflect that we're now using the new IPA kdb backend instead of the standard MIT ldap backend. https://fedorahosted.org/freeipa/ticket/2341
* Add update file for new schema in v2.2/3.0Rob Crittenden2012-02-152-0/+7
| | | | https://fedorahosted.org/freeipa/ticket/2147
* Add update files for SELinuxUserMapRob Crittenden2012-02-153-2/+53
| | | | https://fedorahosted.org/freeipa/ticket/2344
* Redirection to PTR records from A,AAAA recordsPetr Voborník2012-02-153-2/+255
| | | | | | | | | | | | | | | | | | | Address column in A, AAAA DNS records was exented of redirection capabilities. Redirection dialog is shown after a click on a value. Dialog does following steps: 1) fetch all dns zones 2) find most accurate reverse zone for IP address 2 -fail) show error message, stop 3) checks if target record exists in the zone 3 -fail) show 'dns record create link', stop 4) redirects Click on 'dns record create link': 1) creates record 1 -fail) show error, stop 2) redirects https://fedorahosted.org/freeipa/ticket/1975
* UI support for ssh keysPetr Voborník2012-02-1515-26/+369
| | | | | | | | To user and host details pages was added ipasshpubkey attribute. New widget for ssh public keys was created. https://fedorahosted.org/freeipa/ticket/2340
* ipa-kdb: add AS auditing supportSimo Sorce2012-02-148-91/+257
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/2334
* Don't use sets when calculating the modlist so order is preserved.Rob Crittenden2012-02-131-4/+5
| | | | | | | | | | | | This is for the LDAP updater in particular. When adding new schema order can be important when one objectclass depends on another via SUP. This calculation will preserve the order of changes in the update file. Discovered trying to add SSH schema. https://fedorahosted.org/freeipa/ticket/754
* Move the compat module from ipalib to ipapython.Jan Cholasta2012-02-135-4/+4
| | | | | | Fixes import problems trying to import just ipalib/compat.py. https://fedorahosted.org/freeipa/ticket/754
* Add SSH service to platform-specific services.Jan Cholasta2012-02-133-4/+23
| | | | | | | | Add method for getting configuration directory path of a service, so that a different SSH configuration directory can be specified on different platforms. https://fedorahosted.org/freeipa/ticket/754
* Base64-decode unicode values in Bytes parameters.Jan Cholasta2012-02-133-9/+19
| | | | | | | | | | | Fix wrong handling of strings in --setattr/--addattr/--delattr. These changes make it possible to use Bytes in --setattr/--addattr/ --delattr without errors. Fixes managing SSH keys on command-line https://fedorahosted.org/freeipa/ticket/754
* Configure ssh and sshd during ipa-client-install.Jan Cholasta2012-02-136-0/+142
| | | | | | | | | | | For ssh, VerifyHostKeyDNS option is set to 'yes' if --ssh-trust-dns ipa-client-install option is used. For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM options are enabled (this can be disabled using --no-sshd ipa-client-install option). ticket 1634
* Update host SSH public keys on the server during client install.Jan Cholasta2012-02-137-3/+86
| | | | | | | | This is done by calling host-mod to update the keys on IPA server and nsupdate to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp ipa-client-install option. https://fedorahosted.org/freeipa/ticket/1634
* Move the nsupdate functionality to separate function in ipa-client-install.Jan Cholasta2012-02-131-18/+26
| | | | | | Done as part of adding SSH support. https://fedorahosted.org/freeipa/ticket/1634
* Add API initialization to ipa-client-install.Jan Cholasta2012-02-132-10/+30
| | | | | | | | This change makes it possible to call IPA commands from ipa-client-install. Done to support adding SSH host keys to DNS. https://fedorahosted.org/freeipa/ticket/1634
* Add support for SSH public keys to user and host objects.Jan Cholasta2012-02-138-35/+192
| | | | | | | | | | | This patch adds a new multivalue param "sshpubkey" for specifying SSH public keys to both user and host objects. The accepted value is base64-encoded public key blob as specified in RFC4253, section 6.6. Additionaly, host commands automatically update DNS SSHFP records when requested by user. https://fedorahosted.org/freeipa/ticket/754
* Add LDAP ACIs for SSH public key schema.Jan Cholasta2012-02-134-0/+52
| | | | https://fedorahosted.org/freeipa/ticket/754
* Add LDAP schema for SSH public keys.Jan Cholasta2012-02-135-0/+29
| | | | https://fedorahosted.org/freeipa/ticket/754
generated by cgit (git 2.34.1) at 2025-09-03 12:08:17 +0000