summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Filter all NULL values in ldap2.add_entry. python-ldap doesn't like'em.Pavel Zuna2009-11-181-1/+1
| | | | Previously we only filtered None values, but it turns out that's not enough.
* Cache installer questions for the 2-step process of an externally-signed CARob Crittenden2009-11-182-7/+64
| | | | | | | | Installing a CA that is signed by another CA is a 2-step process. The first step is to generate a CSR for the CA and the second step is to install the certificate issued by the external CA. To avoid asking questions over and over (and potentially getting different answers) the answers are cached.
* Fix SASL mappingsSimo Sorce2009-11-181-2/+2
|
* Add fail-safe so any kind of exception is handled in XML-RPC server.Rob Crittenden2009-11-181-0/+5
| | | | | | | If an exception is not handled here then the context isn't destroyed leaving at least an LDAP connection dangling. This means the next time this thread/process tries to handle a connection it will fail because a context already exists.
* Add support for setting/adding arbitrary attributesRob Crittenden2009-11-172-0/+106
| | | | | | | | | | | | | | | | | | | | | | | This introduces 2 new params: --setattr and --addattr Both take a name/value pair, ala: ipa user-mod --setattr=postalcode=20601 jsmith --setattr replaces or sets the current attribute to the value --addattr adds the value to an attribute (or sets a new attribute) OptionsParser allows multiple versions of this, so you can have multiple setattr and addattr, either for the same attribute or for different attributes. ipa user-mod --addattr=postalcode=20601 --addattr=postalcode=30330 jsmith Values are silent dropped if either of these on an existing param: ipa user-mod --setattr=givenname=Jerry jsmith Is a no-op.
* _convert_scalar() should throw an error if passed a tuple or listRob Crittenden2009-11-172-1/+19
| | | | | A parameter needs to have multivalue set in order to work on lists/tuples and even then _convert_scalar() will be sent one value at a time.
* Fix typo in name of exceptionRob Crittenden2009-11-121-1/+1
|
* Use File parameter for CSR in cert_request command plugin.Pavel Zuna2009-11-061-29/+12
|
* Add 'File' parameter type.Pavel Zuna2009-11-063-2/+47
| | | | Accepts filenames and loads file contents as parameter value.
* Add SELinux policy for UI assetsRob Crittenden2009-11-046-12/+18
| | | | | | | | This also removes the Index option of /ipa-assets as well as the deprecated IPADebug option. No need to build or install ipa_webgui anymore. Leaving in the code for reference purposes for now.
* ipa-server-install now renders UI assetsJason Gerard DeRose2009-11-046-14/+45
|
* Use a new mechanism for delegating certificate issuance.Rob Crittenden2009-11-036-45/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | Using the client IP address was a rather poor mechanism for controlling who could request certificates for whom. Instead the client machine will bind using the host service principal and request the certificate. In order to do this: * the service will need to exist * the machine needs to be in the certadmin rolegroup * the host needs to be in the managedBy attribute of the service It might look something like: admin ipa host-add client.example.com --password=secret123 ipa service-add HTTP/client.example.com ipa service-add-host --hosts=client.example.com HTTP/client.example.com ipa rolegroup-add-member --hosts=client.example.com certadmin client ipa-client-install ipa-join -w secret123 kinit -kt /etc/krb5.keytab host/client.example.com ipa -d cert-request file://web.csr --principal=HTTP/client.example.com
* Use Directory String sytnax for the fqdn attribute, not DN syntax.Rob Crittenden2009-10-281-1/+1
|
* Add mod_python adapter and some UI tuningJason Gerard DeRose2009-10-277-64/+236
|
* Back down to version 1.9.0 in preparation for release of first alpha.alpha-1-9-0Rob Crittenden2009-10-261-2/+2
| | | | | | | There was much back and forth and gnashing of teeth about what the version should actually be in these pre-releases. We decided it isn't 2.0-ish enough so went with 1.9.0, 1.9.1, etc until we're ready to declare 2.0.0.
* Remove a bunch of unused imports, general cleanupRob Crittenden2009-10-251-13/+4
|
* Remove ipalib/plugins/basegroup.py. It's become obsolete.Pavel Zuna2009-10-231-551/+0
|
* Fix bug in print_attribute.Pavel Zuna2009-10-231-1/+1
| | | | | When the attribute had no values an exception was generated while trying to word-wrap it.
* Auto-detect whether dogtag needs to be uninstalledRob Crittenden2009-10-211-5/+8
|
* Display membership attributes (member, memberOf) by default in show/find.Pavel Zuna2009-10-213-3/+5
|
* Require that a host exist before creating a service for it.Rob Crittenden2009-10-211-0/+5
|
* The name coming out of DNS will have a trailing dot (.). Remove it.Rob Crittenden2009-10-211-1/+1
|
* First pass at enforcing certificates be requested from same hostRob Crittenden2009-10-216-36/+131
| | | | | | | | | | | | We want to only allow a machine to request a certificate for itself, not for other machines. I've added a new taksgroup which will allow this. The requesting IP is resolved and compared to the subject of the CSR to determine if they are the same host. The same is done with the service principal. Subject alt names are not queried yet. This does not yet grant machines actual permission to request certificates yet, that is still limited to the taskgroup request_certs.
* Add can_add() and can_delete() GER helpersRob Crittenden2009-10-211-0/+37
|
* Change Password param so (password, confirm_password) can be passed to ↵Jason Gerard DeRose2009-10-183-0/+29
| | | | _convert_scalar()
* Add a separate client-only targetRob Crittenden2009-10-173-6/+106
|
* Fix ACI for host delegationRob Crittenden2009-10-171-2/+2
| | | | | We had changed the DN format, I must have missed these ACIs the first go around.
* Fix an oops where I forgot to replace a string with a templateRob Crittenden2009-10-171-6/+6
|
* Fixed compatability break in rpcserver.pyJason Gerard DeRose2009-10-171-2/+2
|
* Add a sleep() prior to calling tasks to ensure postop writes are doneRob Crittenden2009-10-161-0/+3
| | | | | | We were seeing a rare deadlock of DS when creating the memberOf task because one thread was adding memberOf in a postop while another was trying to create an index and this was causing a PRLock deadlock.
* Use the FQDN and not just the hostname internally.Rob Crittenden2009-10-161-2/+2
|
* Be more forgiving when trying to replace older DS schema.Rob Crittenden2009-10-161-4/+8
| | | | | | | We have to replace 05rfc2247.ldif because it contains some conflicting attributes with DNS in some older versions of 389-DS/RHDS. This fails on some newer versions of 389-DS/RHDS so this lets it continue installing if the new file is not needed.
* Fixed 'import json' for simplejson compatabilityJason Gerard DeRose2009-10-164-3/+54
|
* parse_qs is in cgi on Python < 2.6, use that insteadRob Crittenden2009-10-161-1/+1
| | | | | Python 2.6's cgi module calls the parse_qs in urlparse for backwards compatibility
* Fixed try/except/finally for Python 2.4 compatabilityJason Gerard DeRose2009-10-151-19/+20
|
* Make plugin browser show plugin parent classJason Gerard DeRose2009-10-142-0/+8
|
* Removed util.add_global_options() and frontend.ApplicationJason Gerard DeRose2009-10-145-109/+4
|
* Giant webui patch take 2Jason Gerard DeRose2009-10-1330-4302/+956
|
* Add man page for ipa-join commandRob Crittenden2009-10-123-1/+63
|
* Use nestedgroup instead of groupofnames for rolegroups so we have memberofRob Crittenden2009-10-121-50/+50
|
* No longer use the IPA-specific memberof plugin. Use the DS-supplied one.Rob Crittenden2009-10-124-3/+6
|
* Improve debugging, general output, initialize xmlrpc-c properlyRob Crittenden2009-10-121-9/+34
|
* Fix bug in HBAC and netgroup plugin get_primary_key_from_dn methods.Pavel Zuna2009-10-082-2/+8
|
* Fix bug in group plugin. Was using wrong variable for attributes.Pavel Zuna2009-10-081-1/+1
| | | | Fix bug #527537.
* Fix unit tests for plugins using baseldap classes.Pavel Zuna2009-10-071-3/+1
|
* Make the taskgroup plugin use baseldap classes.Pavel Zuna2009-10-071-135/+40
|
* Make the rolegroup plugin use baseldap classes.Pavel Zuna2009-10-051-46/+41
|
* Make the hostgroup plugin use baseldap classes.Pavel Zuna2009-10-051-173/+45
|
* Make the netgroup plugin use baseldap classes.Pavel Zuna2009-10-051-309/+116
|
* Make the user plugin use baseldap classes.Pavel Zuna2009-10-051-230/+76
|
generated by cgit (git 2.34.1) at 2025-09-02 19:46:56 +0000