summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Suppress managed netgroups from showing as memberof hostgroups.Rob Crittenden2011-08-315-28/+47
| | | | | | | By design these managed netgroups are not supposed to show unless you specifically want to see them. https://fedorahosted.org/freeipa/ticket/1738
* Sort lists so order is predictable and tests pass as expected.Rob Crittenden2011-08-312-5/+7
| | | | Related to https://fedorahosted.org/freeipa/ticket/1272
* 34 Create FreeIPA CLI Plugin for the 389 Auto Membership pluginJr Aquino2011-08-3110-0/+1834
| | | | | | | | | | | | Added new container in etc to hold the automembership configs. Modified constants to point to the new container Modified dsinstance to create the container Created automember.py to add the new commands Added xmlrpc test to verify functionality Added minor fix to user.py for constant behavior between memberof and automember https://fedorahosted.org/freeipa/ticket/1272
* Enable update and reset button only if dirtyPetr Vobornik2011-08-313-4/+124
| | | | | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1697 Original problem: WEBUI: Update automount location refer to unknown command Update name of the automount location (Policy -> Automount -> custom_location -> Settings -> Update) in the WEBUI refer to an unknown command. Solution: Tracking dirty state in field -> section -> details facet. 'Reset' and 'Updates' in details facet are enabled only if facet is dirty. Removes the problem above and 'no modification to be performed' annoyance.
* Add netgroup as possible memberOf for hostgroupsRob Crittenden2011-08-295-2/+17
| | | | https://fedorahosted.org/freeipa/ticket/1563
* Fix sudo help and summariesMartin Kosek2011-08-295-58/+70
| | | | | | | | | | | | | | | | 1) Add sudorule docstring headline 2) Fix naming inconsistency in Sudo plugins help and summaries, especially capitalization of Sudo objects - Sudo Rule, Sudo Command and Sudo Command Group 3) Add missing summaries for sudorule-add-option and sudorule-remove-option. To keep backward compatibility with older clients, just print the missing summary with output_for_cli(), don't expand Output. https://fedorahosted.org/freeipa/ticket/1595 https://fedorahosted.org/freeipa/ticket/1596
* Fixed host adder dialog to show default DNS zone.Endi S. Dewata2011-08-302-4/+14
| | | | | | | The DNS zone widget for host adder dialog has been modified not to provide an empty option, so it will show the first available zone. Ticket #1685
* Roll back changes if client installation fails.Rob Crittenden2011-08-291-80/+115
| | | | | | | | | | | | If the client installer fails for some reason and --force was not used then roll back the configuration. This is needed because we touch /etc/sysconfig/network early in the configuration and if it fails due to any number of issues (mostly related to authentication) it will not be reset. We may as well run through the entire uninstall process to be sure the system has been reset. https://fedorahosted.org/freeipa/ticket/1704
* Add external source hosts to HBAC.Rob Crittenden2011-08-293-2/+125
| | | | | | | | When adding/removing source hosts if the host isn't found in IPA it is considered external. The attribute externalhost is used to store external hosts. ticket https://fedorahosted.org/freeipa/ticket/1574
* Add common is_installed() fn, better uninstall logging, check for errors.Rob Crittenden2011-08-294-43/+96
| | | | | | | | | | | | | | The installer and ipactl used two different methods to determine whether IPA was configured, unify them. When uninstalling report any thing that looks suspicious and warn that a re-install may fail. This includes any remaining 389-ds instances and any state or files that remains after all the module uninstallers are complete. Add wrappers for removing files and directories to log failures. https://fedorahosted.org/freeipa/ticket/1715
* enable proxy for dogtagAdam Young2011-08-2911-10/+74
| | | | | | | | | | | | | | | | | | | Dogtag is going to be proxied through httpd. To make this work, it has to support renegotiation of the SSL connection. This patch enables renegotiate in the nss configuration file during during apache configuration, as well as modifies libnss to set the appropriate optins on the ssl connection in order to renegotiate. The IPA install uses the internal ports instead of proxying through httpd since httpd is not set up yet. IPA needs to Request the certificate through a port that uses authentication. On the Dogtag side, they provide an additional mapping for this: /ca/eeca/ca as opposed tp /ca/ee/ca just for this purpose. https://fedorahosted.org/freeipa/ticket/1334 add flag to pkicreate in order to enable using proxy. add the proxy file in /etc/http/conf.d/ Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Set min nvr of pki-ca to 9.0.12 for fix in BZ 700505Rob Crittenden2011-08-281-3/+6
| | | | https://fedorahosted.org/freeipa/ticket/1686
* Modifying sudo options refreshes the whole pagePetr Vobornik2011-08-292-13/+38
| | | | | | https://fedorahosted.org/freeipa/ticket/1689 Currently adding or deleting sudo options will refresh the entire page. It's not a problem but the code could be optimized to refresh only the sudo options table
* ipa-client-install breaks network configurationMartin Kosek2011-08-291-5/+5
| | | | | | | | | Do not forget to add new line in updated /etc/sysconfig/network configuration. Move the actual change of the hostname after the user confirmation about proceeding with installation. It confused users when the hostname change occurred before this prompt. https://fedorahosted.org/freeipa/ticket/1724
* Remove 389-ds upgrade state during uninstallRob Crittenden2011-08-251-0/+6
| | | | | | | | | | | | | When we perform an upgrade 389-ds is set to listen only on its ldapi port. Theoretically it should be restored to the previous state regardless of whether the upgrades were successful or not. To be sure that a subsequent re-install will be successful go ahead and remove the state for these options. Think of it as wearing a belt and suspenders. Otherwise a re-install could return an error message that IPA is already configured. https://fedorahosted.org/freeipa/ticket/1667
* Remove more 389-ds files/directories on uninstallation.Rob Crittenden2011-08-251-0/+17
| | | | | | | We were orphaning a few files/directories when uninstalling 389-instances both for IPA and dogtag. This should remove everything but the logs. ticket https://fedorahosted.org/freeipa/ticket/1700
* Disable reverse lookups in ipa-join and ipa-getkeytabRob Crittenden2011-08-252-0/+14
| | | | | | This prevents broken DNS from causing enrollment problems. https://fedorahosted.org/freeipa/ticket/1693
* Fixed host keytab status after setting OTP.Endi S. Dewata2011-08-263-48/+96
| | | | | | | The host details page has been modified to update the keytab status based on the data returned by the host-mod command for setting OTP. Ticket #1710
* Fixed host OTP status.Endi S. Dewata2011-08-265-155/+343
| | | | | | | The host details page has been modified to show the status of the OTP. Setting a new OTP is now done using a dialog box. Ticket #1710
* v3-schema: Add new ipaExternalGroup objectclassSimo Sorce2011-08-263-0/+10
| | | | | | | | This construct allows to have a group of ipaExternalMember attributes, that can be nested in a normal ipa Group ('memberOf' is allowed). It cannot contain normal ipa users/groups and cannot be nested with another group of the same type ('member' is not allowed).
* schema: Split ipadns definitions from basev2 onesSimo Sorce2011-08-264-42/+48
|
* daemons: Remove ipa_kpasswdSimo Sorce2011-08-2618-1700/+14
| | | | | | Now that we have our own database we can properly enforce stricter constraints on how the db can be changed. Stop shipping our own kpasswd daemon and instead use the regular kadmin daemon.
* install: Use proper case for boolean valuesSimo Sorce2011-08-261-2/+2
|
* ipa-kdb: Be flexibleSimo Sorce2011-08-261-2/+2
| | | | | | | Although the proper values for booleans from LDAP should be only uppercase, 389ds does allow wrong cased values without complaining. And we still have some places where the wrong case is used. Avoid getting frustrating errors when reading these values out.
* install: Remove uid=kdc userSimo Sorce2011-08-265-35/+1
| | | | | The ipadb DAL driver gets access to the ldap server as Directory Manager now so this user is not needed anymore.
* ipa-kdb: Change install to use the new ipa-kdb kdc backendSimo Sorce2011-08-268-166/+60
| | | | | | Use ipakdb instead of kldap and change install procedures accordingly Note that we do not need to store the master key in a keytab as we can read it off of ldap in our driver.
* ipa-pwd-extop: Allow kadmin to set krb keysSimo Sorce2011-08-262-48/+100
| | | | | | | Prevent the ipa-pwd-extop plugin from re-generating keys when kadimn is storing a new set of keys. Only generate the userPassword and sambaXXPassword hashes. Also avoid checking policies in this case and if history is provided avoid regenerating the passwordHistory too.
* ipa-kdb: add password policy supportSimo Sorce2011-08-264-8/+347
| | | | Use default policy for new principals created by kadmin
* ipa-pwd-extop: Use common password policy codeSimo Sorce2011-08-264-448/+127
|
* util: add password policy manipulation functionsSimo Sorce2011-08-262-0/+699
|
* ipa-kdb: implement change_pwd functionSimo Sorce2011-08-267-11/+153
|
* ipa-kdb: implement function to retrieve password policiesSimo Sorce2011-08-264-43/+209
|
* ipa-kdb: Get/Store Master Key directly from LDAPSimo Sorce2011-08-265-12/+264
|
* ipa-kdb: add functions to change principalsSimo Sorce2011-08-263-1/+804
|
* ipa-kdb: add function to iterate over principalsSimo Sorce2011-08-261-1/+41
|
* ipa-kdb: add functions to delete principalsSimo Sorce2011-08-261-1/+121
|
* ipa-kdb: add function to free principalsSimo Sorce2011-08-261-1/+16
|
* ipa-kdb: functions to get principalSimo Sorce2011-08-264-35/+884
|
* ipa-kdb: add common utility ldap wrapper functionsSimo Sorce2011-08-263-0/+464
|
* ipa-kdb: implement get_time functionSimo Sorce2011-08-262-1/+6
|
* ipa-kdb: initialize module functionsSimo Sorce2011-08-263-6/+384
| | | | | Initialize module also on ipadb_create invocation. This is what kdb5_util expects.
* ipa-kdb: add exports fileSimo Sorce2011-08-262-1/+14
| | | | limit exported symbols only to the ones actually needed by krb5kdc
* ipa-kdb: Initial plugin skeletonSimo Sorce2011-08-266-0/+233
|
* ipa-pwd-extop: make encsalt parsing function commonSimo Sorce2011-08-263-91/+99
| | | | It is going to be used by the ipa-kdb module too.
* ipa-pwd-extop: Move encoding in common tooSimo Sorce2011-08-266-202/+174
| | | | Also to be used by ipa-kdb
* ipa-pwd-extop: Move encryption of keys in commonSimo Sorce2011-08-263-207/+244
| | | | This way we can reuse the same code from ipa-kdb later
* ipa-pwd-extop: Use common krb5 structs from kdb.hSimo Sorce2011-08-264-19/+14
| | | | This removes custom structures and allows easier sharing of code with ipa-kdb
* ipa-pwd-extop: re-indent code using old styleSimo Sorce2011-08-261-30/+30
|
* ipa-pwd-extop: Use the proper mkvno number in keysSimo Sorce2011-08-264-6/+6
| | | | | | | | Setting 0 will work as MIT KDCs assume the current master key when that is found. But it is a legacy compatibility mode and we should instead set the proper mkvno number on keys so changeing master key becomes possible w/o having to do a dump reload and stopping the service. This is especially important in replicated environments.
* ipa-pwd-extop: do not append mkvno to krbExtraDataSimo Sorce2011-08-261-9/+2
| | | | | mkvno is actually available as part of the key material. There is no need to store it in the krbExtraData field as it is unused there.
generated by cgit (git 2.34.1) at 2025-09-02 05:21:58 +0000