summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
...
* Update pki proxy configurationMartin Kosek2013-05-061-2/+2
| | | | | | | Replicas with Dogtag pki-ca 10.0.2 CA require access to additional Dogtag REST API calls. Update pki proxy configuration to allow that. https://fedorahosted.org/freeipa/ticket/3601
* Handle connection timeout in ipa-replica-manageTomas Babej2013-05-021-1/+13
| | | | | | | | When connecting to replica, ipa-replica-manage could fail with unknown error due to connection time out. This patch properly handles the situation Fixed in conjunction with https://fedorahosted.org/freeipa/ticket/3524
* Enforce host existence only where needed in ipa-replica-manageTomas Babej2013-05-022-48/+73
| | | | | | | | | | | In ipa-replica-manage commands, we enforce that hostnames we work with are resolvable. However, this caused errors while deleting or disconnecting a ipa / winsync replica, if that replica was down and authoritative server for itself. Also adds an --no-lookup flag to disable host existence checks. https://fedorahosted.org/freeipa/ticket/3524
* Fix: Certificate status is not visible in Service and Host pagePetr Vobornik2013-04-301-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3593
* Always stop dirsrv in 'ipactl stop'Ana Krivokapic2013-04-291-11/+9
| | | | | | | Ensure that 'ipactl stop' stops the dirsrv instance, even when no other services are running. https://fedorahosted.org/freeipa/ticket/3574
* Fix syntax errors in schema filesPetr Viktorin2013-04-265-4/+69
| | | | | | | | | | | | | | | | - add missing closing parenthesis in idnsRecord declaration - remove extra dollar sign from ipaSudoRule declaration - handle missing/extraneous X-ORIGIN lines in 10-selinuxusermap.update This does not use the schema updater because the syntax needs to be fixed in the files themselves, otherwise 389 1.3.2+ will fail to start. Older DS versions transparently fix the syntax errors. The existing ldap-updater directive for ipaSudoRule is fixed (ldap-updater runs after upgradeconfig). https://fedorahosted.org/freeipa/ticket/3578
* Fix syntax of the dc attributeTypePetr Viktorin2013-04-262-1/+4
| | | | | | | dc syntax is changed from Directory String to IA5 String to conform to RFC 2247. Part of the work for https://fedorahosted.org/freeipa/ticket/3578
* Add userClass attribute for hostsMartin Kosek2013-04-262-1/+2
| | | | | | | | | This new freeform host attribute will allow provisioning systems to add custom tags for host objects which can be later used for in automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems Ticket: https://fedorahosted.org/freeipa/ticket/3583
* Make gecos field editable in Web UITomas Babej2013-04-251-1/+2
| | | | | | This patch exposes user entry gecos field in Web UI. https://fedorahosted.org/freeipa/ticket/3569
* Add missing permissions to Host Administrators privilegeAna Krivokapic2013-04-241-0/+8
| | | | | | | | The 'Host Administrators' privilege was missing two permissions ('Retrieve Certificates from the CA' and 'Revoke Certificate'), causing the inability to remove a host with a certificate. https://fedorahosted.org/freeipa/ticket/3585
* Do not display an interactive mode message in unattended modeAna Krivokapic2013-04-241-2/+3
| | | | https://fedorahosted.org/freeipa/ticket/3576
* Update only selected attributes for winsync agreementTomas Babej2013-04-162-4/+15
| | | | | | | | | | | | Trying to insert nsDS5ReplicatedAttributeListTotal and nsds5ReplicaStripAttrs to winsync agreements caused upgrade errors. With this patch, these attributes are skipped for winsync agreements. Made find_ipa_replication_agreements() in replication.py more corresponding to find_replication_agreements. It returns list of entries instead of unicode strings now. https://fedorahosted.org/freeipa/ticket/3522
* Drop --selfsign server functionalityPetr Viktorin2013-04-152-8/+2
| | | | | Design: http://freeipa.org/page/V3/Drop_selfsign_functionality Ticket: https://fedorahosted.org/freeipa/ticket/3494
* Remove obsolete self-sign references from man pages, docstrings, commentsPetr Viktorin2013-04-151-1/+1
| | | | Part of the work for https://fedorahosted.org/freeipa/ticket/3494
* Uninstall selfsign CA on upgradePetr Viktorin2013-04-151-1/+24
| | | | | | | | | This will convert a master with a selfsign CA to a CA-less one in ipa-upgradeconfig. The relevant files are left in place and can be used to manage certs manually. Part of the work for: https://fedorahosted.org/freeipa/ticket/3494
* Delete DNS records in ipa-ca on ipa-csreplica-manage del.Jan Cholasta2013-04-151-1/+13
| | | | https://fedorahosted.org/freeipa/ticket/3547
* Use A/AAAA records instead of CNAME records in ipa-ca.Jan Cholasta2013-04-154-27/+32
| | | | https://fedorahosted.org/freeipa/ticket/3547
* Update translations from TransifexPetr Viktorin2013-04-1518-5902/+7895
|
* Add nfs:NONE to default PAC types only when neededTomas Babej2013-04-151-5/+0
| | | | | | | | | We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555
* ipa-server-install: correct help text for --external_{cert,ca}_filePetr Viktorin2013-04-152-7/+7
| | | | | | | The options take PEM certificates, not PKCS#10. This corrects both the --help output and the man page. https://fedorahosted.org/freeipa/ticket/3523
* Remove HBAC source hosts from web UIAna Krivokapic2013-04-122-91/+0
| | | | https://fedorahosted.org/freeipa/ticket/3528
* Apply LDAP update files in blocks of 10, as originally designed.Rob Crittenden2013-04-121-4/+19
| | | | | | | | | | | | | | | In order to have control over the order that updates are applied a numbering system was created for the update files. These values were not actually used. The updates were sorted by DN length and in most cases this was adequate for proper function. The exception was with roles where in some cases a role was added as a member of a permission before the role itself was added so the memberOf value was never created. Now updates are computed and applied in blocks of 10. https://fedorahosted.org/freeipa/ticket/3377
* Full system backup and restoreRob Crittenden2013-04-128-118/+278
| | | | | | | | | This will allow one to backup and restore the IPA files and data. This does not cover individual entry restoration. http://freeipa.org/page/V3/Backup_and_Restore https://fedorahosted.org/freeipa/ticket/3128
* Remove 'cn' attribute from idnsRecord and idnsZone objectClassesPetr Viktorin2013-04-102-1/+2
| | | | | | A commonName attribute has no meaning in DNS records. https://fedorahosted.org/freeipa/ticket/3514
* Fix regression in group type selection in group adder dialogPetr Vobornik2013-04-101-4/+3
| | | | Refactoring of radio widget (04325fbb4c64ee4aef6d8c9adf0ff95b8b653101) caused that value is no longer supplied to value_change handler.
* Don't show trusts pages when trust is not configuredPetr Vobornik2013-04-103-2/+49
| | | | | | When trust is not configured trust-config page is raising an error. Trusts search page won't find anything either -> no use for the pages -> hiding. https://fedorahosted.org/freeipa/ticket/3333
* Global trust config pagePetr Vobornik2013-04-106-3/+255
| | | | https://fedorahosted.org/freeipa/ticket/3333
* Do actually stop pki_cad in stop_pkicad instead of starting it.Jan Cholasta2013-04-091-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3554
* Run permission target switch action only for visible widgetsPetr Vobornik2013-04-051-1/+1
| | | | | | | | | | | | Permission details page was incorrectly evaluated as dirty (update button enabled) right after load when permission type={subtree,filter} and some attrs are set. Can be reproduced by opening 'Modify Automount maps' permission. The culprit is that attrs widget is populated and dirty-checked even targets where it doesn't belong. Fixed by running target_mapping action only for visible targets. https://fedorahosted.org/freeipa/ticket/3527
* Add ipakrbokasdelegate option to service and host Web UI pagesPetr Vobornik2013-04-048-5/+45
| | | | https://fedorahosted.org/freeipa/ticket/3329
* Change CNAME and DNAME attributes to single valuedMartin Kosek2013-04-022-2/+4
| | | | | | | | These DNS attributeTypes are of a singleton type, update LDAP schema to reflect it. https://fedorahosted.org/freeipa/ticket/3440 https://fedorahosted.org/freeipa/ticket/3450
* Properly handle ipa-replica-install when its zone is not managed by IPATomas Babej2013-04-021-6/+16
| | | | | | | | | The ipa-replica-install script tries to add replica's A and PTR records to the master DNS, if master does manage DNS. However, master need not manage replica's zone. Properly handle this use case. https://fedorahosted.org/freeipa/ticket/3496
* Web UI: Disable cert functionality if a CA is not availablePetr Vobornik2013-04-021-11/+13
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/3363
* Load the CA cert into server NSS databasesPetr Viktorin2013-04-022-4/+8
| | | | | | | | | The CA cert was not loaded, so if it was missing from the PKCS#12 file, installation would fail. Pass the cert filename to the server installers and include it in the NSS DB. Part of the work for: https://fedorahosted.org/freeipa/ticket/3363
* Support installing with custom SSL certs, without a CAPetr Viktorin2013-04-022-12/+56
| | | | | Design: http://freeipa.org/page/V3/CA-less_install https://fedorahosted.org/freeipa/ticket/3363
* ipa-server-install: Remove the --selfsign optionPetr Viktorin2013-04-022-44/+33
| | | | | | | | | Instead, certificates in pkcs12 files can be given to set up IPA with no CA at all. Use a flag, setup_ca, to signal if a CA is being installed. Design: http://freeipa.org/page/V3/Drop_selfsign Part of the work for: https://fedorahosted.org/freeipa/ticket/3494
* ipa-server-install: Make temporary pin files available for the whole ↵Petr Viktorin2013-04-021-37/+21
| | | | | | | | | | | | | | | installation We pass names of files with pkcs12 pins to installers which may continue to use the files after the initial call to create_instance, at which point the installer has already removed them. Also, some of the files were not properly removed on failure. Use ipautil.write_tmp_file for the pin files, which returns a NamedTemporaryFile object that removes the underlying file when it is garbage-collected. Create the files at start of installation. This will allow checking the pkcs#12 files before the system is modified.
* Added Web UI support for service PAC type option: NONEPetr Vobornik2013-03-292-3/+33
| | | | | | | | | ipakrbauthzdata accepts [null, 'NONE', 'MS-PAC, 'PAD'] New nesting feature of radios/checkboxes was used to handle mutual exclusivity between ['MS-PAC', 'PAD'], 'NONE' and ''. https://fedorahosted.org/freeipa/ticket/3404
* Nestable checkbox/radio widgetPetr Vobornik2013-03-294-143/+390
| | | | | | | | | New component: option_widget_base. It's not a regular widget but it share some of its characteristics. It should extend regular widget or it can be nested in itself alone. checkbox_widget, checkboxes_widget, radio_widget were modified to use it. Built as a prerequisite for: https://fedorahosted.org/freeipa/ticket/3404
* Add Kerberos ticket flags management to service and host plugins.Jan Cholasta2013-03-292-2/+4
| | | | https://fedorahosted.org/freeipa/ticket/3329
* Update mod_wsgi socket directoryMartin Kosek2013-03-291-2/+2
| | | | | Fedora 19 splitted /var/run and /run directories. Update mod_wsgi configuration so that it generates its sockets in the right one.
* Put pid-file to named.confMartin Kosek2013-03-292-1/+45
| | | | | | | | | Fedora 19 has splitted /var/run and /run directories while in Fedora 18 it used to be a symlink. Thus, named may expect its PID file to be in other direct than it really is and fail to start. Add pid-file configuration option to named.conf both for new installations and for upgraded machines.
* Add mkhomedir option to ipa-server-install and ipa-replica-installAna Krivokapic2013-03-284-0/+22
| | | | | | | Add the option to create home directories for users on their first login to ipa-server-install and ipa-replica-install. https://fedorahosted.org/freeipa/ticket/3515
* Use default NETBIOS name in unattended ipa-adtrust-installAna Krivokapic2013-03-221-1/+4
| | | | | | | | Unattended ipa-adtrust-install used to fail if --netbios option was not provided. This patches fixes this, so that instead of failing the default NETBIOS name is used. https://fedorahosted.org/freeipa/ticket/3497
* Configure ipa_dns DS plugin on install and upgradeMartin Kosek2013-03-221-0/+16
| | | | | | | | | | The plugin is configured unconditionally (i.e. does not check if IPA was configured with DNS) as the plugin is needed on all replicas to prevent objectclass violations due to missing SOA serial in idnsZone objectclass. The violation could happen if just one replica configured DNS and added a new zone. https://fedorahosted.org/freeipa/ticket/3347
* Add DNS Setup Prompt to InstallBrian Cook2013-03-211-0/+5
| | | | | | | | | Currently the only way to setup integrated DNS is by passing --setup-dns to ipa-server-install. This patch modifies install so that if --setup-dns is not passed, the user is asked if they want to configure integrated dns. http://fedorahosted.org/freeipa/ticket/2575
* Fixed Web UI build error caused by rhino changes in F19Petr Vobornik2013-03-211-1/+7
| | | | | | | | | rhino-1.7R4-2.fc19.noarch dropped -main flag which made the build fail in rawhide (F19). We can't use the same command for rhino-1.7R3-6 (F18) and rhino-1.7R4-2 (F19). This patch adds check if rhino supports '-require' option. If so it calls rhino with it if not it calls rhino with -main option. https://fedorahosted.org/freeipa/ticket/3501
* Realm Domains pageAna Krivokapic2013-03-186-2/+179
| | | | | | Add support for Realm Domains to web UI. https://fedorahosted.org/freeipa/ticket/3407
* Web UI:Choose different search option for cert-findPetr Vobornik2013-03-184-4/+128
| | | | | | | | | | This extends certificate search page by search option select. Therefore the search is not restricted to 'subject'. It should be replaced by https://fedorahosted.org/freeipa/ticket/191 in a future. https://fedorahosted.org/freeipa/ticket/3419
* Web UI:Certificate pagesPetr Vobornik2013-03-1812-31/+614
| | | | | | | | | | | | | | | | | Following pages were added to Web UI: * certificated details * certificate search Certificate is not regular object so it gets no metadata. Therefore artificial metadata were created for it to allow usage of search and details facet. Search and details facet were modified to allow removing of add/remove/update/ reset buttons - certificates have no mod operation and they are not added by standard means. User can revoke and restore certificated in details facet. https://fedorahosted.org/freeipa/ticket/3419
generated by cgit (git 2.34.1) at 2025-09-09 12:08:53 +0000