summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Move print statement to the correct scope so it displays both lock and unlock.Rob Crittenden2008-04-151-1/+1
| | | | 442625
* Better detection of DS not starting.Rob Crittenden2008-04-141-3/+23
| | | | | | | The dirsrv init script always returns 0 on status checks, even if an instance is not started. So we have to look through the output instead. 442452
* Don't quit trying to lock a user if they aren't in the activated group.Rob Crittenden2008-04-141-1/+5
| | | | | | | | Users are considered activated by default so don't need to be in the activated group explicitly. Ignore the "not in group" error when trying to remove them. 442470
* Handle exceptions more gracefully on systems with python-ldap 2.2.0Rob Crittenden2008-04-141-5/+8
| | | | 442136
* Configure the ipa_pwd_extop plugin on replicas.Rob Crittenden2008-04-141-1/+4
| | | | | | | | If plugin isn't configured then the kerberos attributes don't get populated. User's will get Preauthentication errors from the kerberos libraries because there is no krbPrincipalKey to match against. 442134
* Use the same kpasswd.keytab on all replicas.Rob Crittenden2008-04-093-3/+12
| | | | | | | If we generate a new keytab for each replica then effectively password changes can only occur on the last replica created. 439905
* Fix client discovery and make sure command line options are not overwrittenSimo Sorce2008-04-091-36/+53
| | | | with discovered options, just verified.
* Make sure we use the configured server in ipa.conf first, andSimo Sorce2008-04-091-28/+23
| | | | fallback to the discovered ones only if that's not available
* Add --permitted-enctypes command and add it to the man page tooSimo Sorce2008-04-082-8/+52
|
* Make sure we start the NSCD daemon.Simo Sorce2008-04-081-0/+15
| | | | It makes a huge difference on clients, if we cache lookups
* is_integer returns the integer, don't use an if clause, just check it, if itSimo Sorce2008-04-081-12/+12
| | | | | is wrong it will just throw an exception and exit. Fix error reporting to use the canonical str(e)
* Fix error where password was getting set wrong if passed in on command-line.Rob Crittenden2008-04-081-1/+1
| | | | 439905
* The kpasswd keytab must not be owned by the dirsrv user.Simo Sorce2008-04-081-2/+0
| | | | Fix copy&paste error.
* SELinux fix from Dan WalshRob Crittenden2008-04-071-1/+1
| | | | 440646
* Add (post) to Requires: ipa-server-specRob Crittenden2008-04-072-2/+4
|
* Some SELinux policy changes provided by Dan Walsh.Rob Crittenden2008-04-073-4/+18
| | | | 440651
* Add _ntp SRV recordSimo Sorce2008-04-071-0/+2
|
* Password policy checks fixes.Simo Sorce2008-04-071-37/+94
| | | | | | - don't let a user set a password identical to the current one. - don't check more then the policy defined number of passwords in history - don't set an history longer than policy defined
* Don't allow the admin user to be removed from the admins group.Rob Crittenden2008-04-042-0/+15
| | | | 439281
* Add missing normalizeDN() when removing members from a group.Rob Crittenden2008-04-042-4/+16
| | | | 438387
* Create /etc/ipa/ipa.conf earlier in the installation process.Rob Crittenden2008-04-031-8/+8
| | | | | | | Because the ipa.config() object raises an error if there is no configuration file and auto-detection fails, ipa_webgui may fail to start at install time. 440475
* Add missing imageRob Crittenden2008-04-031-0/+1
|
* Need python-ldap in RequiresSimo Sorce2008-04-021-0/+1
|
* Don't try to update ipauserobjectclasses or ipagroupobjectclassesRob Crittenden2008-04-022-9/+13
| | | | | | | | since they aren't being displayed anymore. They will just get blanked. Also add some error handling in ipahelper.fix_incoming_fields() 438256
* Add missing start_creation() so the install process will get kicked off.Rob Crittenden2008-04-021-0/+1
|
* Make sure we have ipa-client installed as now ipa-server-install callsSimo Sorce2008-04-022-0/+2
| | | | ipa-client-install
* Cut&patse errorSimo Sorce2008-04-021-3/+3
|
* Stricter directory control for ipa daemons, each one it's own directorySimo Sorce2008-04-013-1/+16
|
* - Better defaults for nss_ldapSimo Sorce2008-04-012-6/+26
| | | | | | | | - Make sure timeouts are not too high, so that machine does not hang if remote servers are not reachable - Make sure root can always login no matter what the status of the ldap servers - use rfc2307bis schema directive
* Move ipa_kpasswd credential cache in its own directorySimo Sorce2008-04-014-3/+15
|
* Fix typo in python directive. Fixes marking a group active.Rob Crittenden2008-04-011-1/+1
| | | | 440142
* Fix crash when creating new groups. You can't iterate over a None variable.Rob Crittenden2008-04-011-0/+2
| | | | 440081
* Fix AVC when for reading /proc during password change on RHEL 5Rob Crittenden2008-04-011-0/+2
| | | | 438007
* No need to use a regular expression to find the replication hostRob Crittenden2008-03-311-3/+1
| | | | 430015
* Call client uninstall from server uninstall so that uninstall reverses alsoSimo Sorce2008-03-311-0/+15
| | | | client bits.
* RHEL4 contrib client uninstallSimo Sorce2008-03-311-4/+20
|
* Implement client uninstallSimo Sorce2008-03-314-8/+80
| | | | (including RHEL4 contrib setup script)
* Sysrestore fixes.Simo Sorce2008-03-312-47/+50
| | | | | | | Latest patch used the wrong path and all files where actually going to /tmp even if a different path was specified. Makes also StateFile behave the same as FileStore, and be a public class, this way a common path can be used too.
* Some more function name errors due to merge from DS own memberof plugin thatSimo Sorce2008-03-311-6/+6
| | | | has different function names. This was a runtime linker crash bug :/
* On the delegation edit screen allow the direct entry of a group nameRob Crittenden2008-03-241-4/+28
| | | | | | Fix the redirection errors, it was going to back to the Add delegation page 438257
* Don't try to add the default group to a user when creating the group.Rob Crittenden2008-03-311-4/+19
| | | | | | This is done automatically and trying to do so will return an error. 432106
* Fix account activation.Rob Crittenden2008-03-313-12/+89
| | | | | | | | | | | | | | | | We do account activation by using a Class of Service based on group membership. A problem can happen if the entry itself has an nsaccountlock attribute and you try doing Class of Service work as well because the local attribute has priority. So try to detect that the entry has a local nsAccountLock attribute and report an appropriate error. Don't allow the admins or editors groups to be de-activated. Return a better error message if account [in]activation fails. Catch errors when doing group [in]activation. 439230
* Fix typoSimo Sorce2008-03-311-2/+2
|
* Better check for IPA nServer own address, avoid manually parsing /etc/hosts bySimo Sorce2008-03-301-36/+54
| | | | | | | using nsswitch calls that read it and also take in account any other name resolution mechanism that might be installed (like NIS lol :-). This also should make the check support IPv6 transparently too (not tested)
* Avoid listing a group as a memberOf itself when a circular groupingNathan Kinder2008-03-281-10/+23
| | | | | | | | | | is created. We basically just need to add a check to see if we're to use a group DN as the memberOf value when performing an operation on itself for all operation types. 439450
* Fixed handling of modify operations that delete all present memberNathan Kinder2008-03-281-2/+13
| | | | | | | | | | | | | values without specifying the values to delete in the memberOf plug-in. Member entries were not being updated because the code used the values in the mod to find the member entries to update. The fix is to detect when a delete modify has no values specified and just use the replace code since it compares the pre-op and post-op copies of the group to figure out what member entries to update. 439097
* Put replica info file into /var/lib/ipa instead of the current directoryRob Crittenden2008-03-281-2/+2
| | | | 439120
* Move sysrestore to ipa-python so it can be used by client scripts too.Simo Sorce2008-03-2713-350/+471
| | | | | | Change backup format so files are all in a single directory (no dir hierarchies) and use an index file so we can save also ownership and permission info for the restore (and eventually other data later on).
* Don't allow the admin user to be removed using the XML-RPC Interface.Rob Crittenden2008-03-282-0/+7
| | | | | | If a site really wants it gone then can delete it via LDAP. 439281
* Do case-less comparisons when considering objectclass but store theRob Crittenden2008-03-283-3/+7
| | | | | | | | | | current value to prevent unnecessary LPAP updates (and failed writes) Don't check against these lists on updates, only add them on new entries. Disable the ability to configure in the UI these values for now. 438256
generated by cgit (git 2.34.1) at 2025-09-05 16:40:45 +0000