summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Improve modlist generation in ldap2. Some code cleanup as bonus.Pavel Zuna2010-01-111-65/+89
| | | | | | | | ldap2._generate_modlist now uses more sophisticated means to decide when to use MOD_ADD+MOD_DELETE instead of MOD_REPLACE. MOD_REPLACE is always used for single value attributes and never for multi value.
* Allow creation of new connections by unshared instances of backend.Connectible.Pavel Zuna2010-01-112-14/+22
|
* Add start/stop for the CARob Crittenden2010-01-111-0/+8
|
* Missed explicit reference to pki-ca, replace with self.service_nameRob Crittenden2010-01-111-2/+2
|
* Add --all to LDAPCreate and make LDAP commands always display default ↵Pavel Zuna2010-01-117-14/+30
| | | | attributes.
* Use the caIPAserviceCert profile for issuing service certs.Rob Crittenden2010-01-082-3/+3
| | | | | | | | | | | This profile enables subject validation and ensures that the subject that the CA issues is uniform. The client can only request a specific CN, the rest of the subject is fixed. This is the first step of allowing the subject to be set at installation time. Also fix 2 more issues related to the return results migration.
* Replace uses of %define with %global in the .spec fileRob Crittenden2010-01-071-7/+7
| | | | | | | Fixes rawhide builds per https://www.redhat.com/archives/fedora-devel-list/2010-January/msg00093.html Contributed by Nalin Dahyabhai
* Change the service name to reflect changes in pki-ca (now pki-cad).Rob Crittenden2010-01-071-3/+3
| | | | | | Also properly use the instance name where appropriate. There were a couple of places where the service name was used and this worked because they were the same.
* Remove hardcoded domain, example.comRob Crittenden2009-12-182-6/+6
|
* Add messages, declarative tests for rolegroup, taskgroup pluginsJason Gerard DeRose2009-12-185-273/+856
|
* Added Fuzzy docstrings; make-test now runs doctests in tests/*; fixed ↵Jason Gerard DeRose2009-12-187-32/+106
| | | | 'existant' mispelling
* Need to supsend looping through the keytab entries when doing a delete.Rob Crittenden2009-12-181-0/+5
|
* Handle base64-encoded certificates better, import missing functionRob Crittenden2009-12-183-0/+11
|
* Fuzzy feelingsJason Gerard DeRose2009-12-178-395/+653
|
* Make hosts more like real services so we can issue certs for host principalsRob Crittenden2009-12-165-17/+71
| | | | | This patch should make joining a client to the domain and using certmonger to get an initial certificate work.
* Set the context of files needed by the selfsign CA so Apache can write themRob Crittenden2009-12-162-1/+6
|
* Remove some left-over debugging statementsRob Crittenden2009-12-161-3/+0
|
* host and hostgroup summary messages, declarative tests; fix tests for 'dn'Jason Gerard DeRose2009-12-166-224/+499
|
* Add simple tests for the aci pluginRob Crittenden2009-12-141-0/+77
|
* Add some missing labelsRob Crittenden2009-12-142-0/+5
|
* Convert to using new result output handlingRob Crittenden2009-12-142-27/+85
| | | | | This also inserts the dn into the response when adding a record. We need this in the ACI plugin when adding a taskgroup
* Make the IPA server host and its services "real" IPA entriesRob Crittenden2009-12-1111-24/+146
| | | | | | | | | | | We use kadmin.local to bootstrap the creation of the kerberos principals for the IPA server machine: host, HTTP and ldap. This works fine and has the side-effect of protecting the services from modification by an admin (which would likely break the server). Unfortunately this also means that the services can't be managed by useful utilities such as certmonger. So we have to create them as "real" services instead.
* Add pdb options to make-test to pass onto nosetestsRob Crittenden2009-12-111-0/+14
|
* This plugin was replaced by the aci pluginRob Crittenden2009-12-111-93/+0
|
* Add force option to ipa-replica-manage to allow forcing deletion of a replicaRob Crittenden2009-12-111-5/+13
| | | | | | If a replica is not up for some reason (e.g. you've already deleted it) this used to quit and not let you delete the replica, generating errors in the DS logs. This will let you force a deletion.
* Take 2: Extensible return values and validation; steps toward a single ↵Jason Gerard DeRose2009-12-1044-1035/+2962
| | | | output_for_cli(); enable more webUI stuff
* Pass on debug option from ipa-client-install to ipa-joinRob Crittenden2009-12-091-0/+2
|
* rebase dogtag clean-up patchJohn Dennis2009-12-096-292/+1742
|
* A utility for removing principals from a keytab.Rob Crittenden2009-12-045-0/+324
| | | | | | | | | | | | When we un-enroll a client we'll do a bit of cleanup including removing any principals for the IPA realm from /etc/krb5.keytab. This removes principals in 2 ways: - By principal, only entries matching the full principal are removed - By realm. Any principal for that realm is removed This does not change the KDC at all, just removes entries from a file on the client machine.
* Bump the installation version number to V2.0Rob Crittenden2009-12-031-1/+1
|
* Add minimal test for the cert pluginRob Crittenden2009-12-031-0/+104
| | | | | | | This assumes that the developer has the equivalent of a selfsign CA installed. To do this, install IPA without a CA and copy /etc/httpd/alias/*.db to ~/.ipa/alias and /etc/httpd/alias/pwdfile.txt to ~/.ipa/alias/.pwd
* Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1 Any typeRob Crittenden2009-12-021-1/+5
|
* Add idnsUpdatePolicy into the dns plug-inMartin Nagy2009-12-021-1/+5
| | | | | | The idnsUpdatePolicy takes a list of BIND dynamic update policies, each of which must be terminated by ";". Also fix a minor error in the documentation string.
* Ask the user before overwriting /etc/named.confMartin Nagy2009-12-023-9/+13
|
* Remove unnecessary "error: " prefixesMartin Nagy2009-12-022-6/+6
| | | | | The parser.error() method prepends the "error: " prefix itself. Adding it to the error string is not necessary and doesn't look good.
* Remove ldap2.convert_attr_synonyms. Turns out python-ldap can replace it.Pavel Zuna2009-12-021-30/+1
|
* Add NotImplementedError type so CA plugins can return client-friendly errorsRob Crittenden2009-12-012-3/+18
| | | | | | | | Ignore NotImplementedError when revoking a certificate as this isn't implemented in the selfsign plugin. Also use the new type argument in x509.load_certificate(). Certificates are coming out of LDAP as binary instead of base64-encoding.
* Add type argument to x509.load_certificate() so it can handle binary certsRob Crittenden2009-12-011-9/+12
|
* Better LDAP error handling in ipa-client-installRob Crittenden2009-12-011-9/+5
|
* Replace /etc/ipa/ipa.conf with /etc/ipa/default.confRob Crittenden2009-12-017-37/+24
| | | | | | | The new framework uses default.conf instead of ipa.conf. This is useful also because Apache uses a configuration file named ipa.conf. This wipes out the last vestiges of the old ipa.conf from v1.
* Add ipaUserGroup objectClass to default groups where missing.Pavel Zuna2009-12-011-0/+2
|
* Rename GeneralizedTime to AccessTime.Pavel Zuna2009-12-013-8/+8
|
* Add {user,host,sourcehost}Category to HBAC and make accessTime multivalue.Pavel Zuna2009-12-012-17/+108
|
* Add server option to ipa-join so the IPA server can be specified.Rob Crittenden2009-11-302-5/+9
| | | | | | | This is needed because in the client installer we actually perform the join before creating the configuration files that join uses. All we need is the IPA server to join to and we have that from the CLI options so use that.
* Use pyasn1-based PKCS#10 and X509v3 parsers instead of pyOpenSSL.Rob Crittenden2009-11-3011-32/+983
| | | | | | | | | The pyOpenSSL PKCS#10 parser doesn't support attributes so we can't identify requests with subject alt names. Subject alt names are only allowed if: - the host for the alt name exists in IPA - if binding as host principal, the host is in the services managedBy attr
* Add option to have ipautil.run() not raise an exceptionRob Crittenden2009-11-306-17/+17
| | | | | | | There are times where a caller will want to determine the course of action based on the returncode instead of relying on it != 0. This also lets the caller get the contents of stdout and stderr.
* Fix boolean attributes in DNS plugin.Pavel Zuna2009-11-301-3/+9
| | | | | Sometimes they worked fine and sometimes DS rejected them as invalid.
* Fix Bool parameter type. It was impossible to set it to FALSE.Pavel Zuna2009-11-302-3/+5
|
* Fix takes_options in automount plugin.Pavel Zuna2009-11-301-1/+1
|
* Print only one line of docstrings in command listings.Pavel Zuna2009-11-301-4/+3
| | | | Full docstring is shown on `ipa help COMMAND`.
generated by cgit (git 2.34.1) at 2025-09-03 19:41:27 +0000