summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix bug in dns_find - execute() returned different value than expected.Pavel Zuna2009-09-081-1/+1
|
* Make ldap2.add_entry proof to None values, because python-ldap hate'em.Pavel Zuna2009-09-081-0/+4
|
* Fixed dns_forwarders not being defined when options.setup_dns is FalseJason Gerard DeRose2009-09-081-0/+2
|
* Add A and PTR records of ourselves during installationMartin Nagy2009-09-023-5/+29
| | | | | | | If the DNS zones already exist but don't contain our own records, add them. This patch introduces the ipalib.api into the installers. For now, the code is still little messy. Later patches will abandon the way we create zones now and use ipalib.api exclusively.
* Remove old --setup-bind optionMartin Nagy2009-09-021-3/+0
| | | | | Since we are changing the behaviour of the --setup-dns option substantially, we might as well remove the old --setup-bind option.
* Setup bind only after restarting kdc and dirsrvMartin Nagy2009-09-022-10/+11
| | | | | | | BIND starting before we apply LDAP updates and restart kdc and directory server causes trouble. We resolve this for now by postponing BIND setup to the end of installation. Another reason is that we will be using xml-rpc during the setup in the future.
* Use DNS forwarders in /etc/named.confMartin Nagy2009-09-024-3/+71
| | | | | | | | | This patch adds options --forwarder and --no-forwarders. At least one of them must be used if you are doing a setup with DNS server. They are also mutually exclusive. The --forwarder option can be used more than once to specify more servers. If the installer runs in interactive mode, it will prompt the user if none of these option was given at the command line.
* Fleshed out krb plugin and added example of scripting against Python APIJason Gerard DeRose2009-08-312-0/+120
|
* Introduce a list of attributes for which only MOD_REPLACE operations are ↵Pavel Zuna2009-08-281-2/+10
| | | | generated.
* Install the ldapi ldif fileRob Crittenden2009-08-281-0/+1
|
* Add the CA constraint to the self-signed CA we generateRob Crittenden2009-08-271-8/+19
| | | | 514027
* Add option to the installer for uid/gid starting numbers.Rob Crittenden2009-08-276-11/+37
| | | | | | | | | | | | This also adds a new option to the template system. If you include eval(string) in a file that goes through the templater then the string in the eval will be evaluated by the Python interpreter. This is used so one can do $UIDSTART+1. If any errors occur during the evaluation the original string is is returned, eval() and all so it is up to the developer to make sure the evaluation passes. The default value for uid and gid is now a random value between 1,000,000 and (2^31 - 1,000,000)
* Enable ldapi connections in the management framework.Rob Crittenden2009-08-276-22/+23
| | | | | | If you don't want to use ldapi then you can remove the ldap_uri setting in /etc/ipa/default.conf. The default for the framework is to use ldap://localhost:389/
* Generate CRLs and make them available from the IPA web serverRob Crittenden2009-08-265-4/+81
|
* Fix service_mod and add a test caseRob Crittenden2009-08-262-9/+18
|
* Remove Python 2.6 BaseException.message deprecation warningRob Crittenden2009-08-201-5/+5
|
* Clean up additional issues discovered with pylint and pycheckerRob Crittenden2009-08-208-22/+30
|
* Clean up some problems discovered with pylint and pycheckerRob Crittenden2009-08-1217-107/+99
| | | | | Much of this is formatting to make pylint happy but it also fixes some real bugs.
* Add a new objectclass, ipaObject, that will add a UUID to many IPA objectsRob Crittenden2009-08-1016-31/+54
| | | | | | | | | ipaObject is defined as an auxiliary objectclass so it is up to the plugin author to ensure that the objectclass is included an a UUID generated. ipaUniqueId is a MUST attribute so if you include the objectclass you must ensure that the uuid is generated. This also fixes up some unrelated unit test failures.
* Include schema for key escrow managementRob Crittenden2009-08-102-1/+10
| | | | https://fedoraproject.org/wiki/Disk_encryption_key_escrow_in_IPA
* Removed PluginProxy and all its usesJason Gerard DeRose2009-08-057-287/+35
|
* Add options in baseldap classes to display unaltered LDAP entries.Pavel Zuna2009-08-051-10/+44
| | | | The options in question is '--raw'.
* Fix three broken unit testsJason Gerard DeRose2009-08-043-10/+9
|
* All-around improvements to baseldap.py classes.Pavel Zuna2009-08-031-47/+245
| | | | | | | | | | | | | | - attribute re-mapping, ordering and hiding (Enables plugins to completely hide LDAP internals from users and full localisation of command output.) - translation of member DNs into object names (No more DNs when listing group members etc.) - support for "singleton" LDAP objects (Objects like "pwpolicy"; not accessed by primary key.) - new base classes for commands: LDAPModMember, LDAPAddMember and LDAPRemoveMember (Providing support for objects with 'member'-like attributes.) - LDAPSearch implicit exit code changed to 1 when nothing is found
* Fix bug in _get_syntax (it was always returning None).Pavel Zuna2009-08-031-15/+7
| | | | Also prevent a few cases of double processing of arguments.
* Prevent double encoding/decoding when processing compound types.Pavel Zuna2009-08-031-5/+10
|
* Enable attribute re-mapping and ordering when printing entries.Pavel Zuna2009-08-031-10/+22
| | | | Also print multiple values on one line separated by commas.
* Fixed whitespace indentation error in certs.pyJason Gerard DeRose2009-07-271-34/+34
|
* Identify CAs to trust from an imported PKCS#12 fileRob Crittenden2009-07-272-14/+45
| | | | | | | | | | We used to use certutil -O to determine the cert chain to trust. This behavior changed in F-11 such that untrusted CAs are not displayed. This is only used when we import PKCS#12 files so use pk12util -l to display the list of certs and keys in the file to determine the nickname(s) of the CAs to trust. 509111
* Fix deprecation warning for the sha library on Python 2.6Rob Crittenden2009-07-231-2/+8
| | | | | | | | | | sha has been replaced by hashlib. We need to support Python 2.4 - 2.6 so this will use hashlib if available but fall back onto sha if not. Fortunately they use the same API for the function we need. 509042 Signed-off-by: Jason Gerard DeRose <jderose@redhat.com>
* No need to trust NSS built-in CA's, more specific regex for finding CA nicknameRob Crittenden2009-07-231-4/+16
| | | | | | | | | | - Add some logging so we have a better idea of what happened if things fail - Default to self-signed CA to trust if one is not found. This will fix the self-signed CA case where certutil doesn't return untrusted CA's in -O output. - Remove unused httplib import Signed-off-by: Jason Gerard DeRose <jderose@redhat.com>
* Add conditional for new SELinux capabilities available in Fedora 11rcrit2009-07-232-11/+14
|
* Make --setup-dns work on replica installationMartin Nagy2009-07-224-6/+79
| | | | | | | The ipa-replica-install script will setup the DNS if user specifies the --setup-dns option. It will only add the zone into LDAP if the cn=dns,$SUFFIX container doesn't exist. For now, however, we do not add the records.
* Add a reverse zone with server's PTR recordMartin Nagy2009-07-223-7/+43
| | | | Also, small cosmetic change in dns.ldif.
* Add --setup-dns option. It will replace --setup-bindMartin Nagy2009-07-222-11/+14
|
* Allow replicas of an IPA server using an internal dogtag server as the CARob Crittenden2009-07-159-116/+299
| | | | | | | | This involves creating a new CA instance on the replica and using pkisilent to create a clone of the master CA. Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of changes to ports and configuration have been done recently.
* Catch and handle HTTP exceptions (like 401, 404, etc)Rob Crittenden2009-07-151-1/+3
|
* Use uppercase boolean values in dns.ldifMartin Nagy2009-07-151-2/+2
| | | | | | The newest 389 server implements syntax checking and causes problems if the boolean attribute is set to "True". The correct value should be "TRUE".
* Require a password only once when it is passed in via a pipeRob Crittenden2009-07-101-21/+13
|
* Add a one-character option for parametersRob Crittenden2009-07-102-1/+12
|
* Let anonymous users browse the VLV indexRob Crittenden2009-07-102-0/+10
| | | | | | This is needed for automount support on Solaris http://docs.sun.com/app/docs/doc/819-5201/6n7a588i7?l=en&a=view
* Add a return value to exceptions.Rob Crittenden2009-07-102-4/+13
| | | | | | | | Returning the exception value doesn't work because a shell return value is in the range of 0-255. The default return value is 1 which means "something went wrong." The only specific return value implemented so far is 2 which is "not found".
* Add textui function to display and prompt user for selection for *-find.Rob Crittenden2009-07-102-8/+66
| | | | | Since we may end up executing a *-show when an entry is selected we need to defer destroying the connection context.
* Implement support for non-LDAP-based actions that use the LDAP ACI subsystem.Rob Crittenden2009-07-105-6/+230
| | | | | | | | | | | | There are some operations, like those for the certificate system, that don't need to write to the directory server. So instead we have an entry that we test against to determine whether the operation is allowed or not. This is done by attempting a write on the entry. If it would succeed then permission is granted. If not then denied. The write we attempt is actually invalid so the write itself will fail but the attempt will fail first if access is not permitted, so we can distinguish between the two without polluting the entry.
* Configure BIND LDAP driver to use SASL authenticationMartin Nagy2009-07-101-15/+16
| | | | | We use /etc/named.keytab generated by ipa-server-install to authenticate against the LDAP server. Also tidy up /etc/named.conf since we're there.
* Basic changes to get a default principal for DNSSimo Sorce2009-07-107-2/+432
| | | | | | | | Also moves delagation layout installation in dsinstance. This is needed to allow us to set default membership in other modules like bindinstance. Signed-off-by: Martin Nagy <mnagy@redhat.com>
* Check error in kpasswdSimo Sorce2009-07-101-2/+3
|
* Make object classes of automatically created entries lowercase.Pavel Zuna2009-07-101-16/+16
| | | | | This makes them more consistent with entries created by plugins. It's a cosmetic thing, not that useful.
* Change command names from *group-del-member to *group-remove-member.Pavel Zuna2009-07-096-17/+17
| | | | Signed-off-by: Jason Gerard DeRose <jderose@redhat.com>
* Import explode_dn from ldap.functions for backward compatibility with older ↵Pavel Zuna2009-07-081-2/+4
| | | | | | version of python-ldap. Fix bug in add_entry_to_group. Resolves 510149
generated by cgit (git 2.34.1) at 2025-09-03 14:38:26 +0000