| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
specific version check on freeradius. Packages aren't
available and the freeradius support isn't ready
anyway.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This add replication setup through two new commands: ipa-replica-prepare
and ipa-replica-install. The procedure is to run ipa-replica-prepare
on an existing master. This will collect information about the realm
and the current master and create a file storing all of the information.
After copying that file to the new replica, ipa-replica-install is
run (with -r to create a read-only replica).
This version of the patch also includes fixes for the sasl mappings
on the replicas.
Remaining features:
- ssl for replication.
- automatic configuration of mesh topology for
master (or a simpler way to replicate multiple
masters.
- tool for view / configuring current replication.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds 2 new groups: activated and inactivated.
If you, or a group you are a member of, is in inactivated then you are too.
If you, or a group you are a member of, is in the activated group, then you
are too.
In a fight between activated and inactivated, activated wins.
The DNs for doing this matching is case and white space sensitive.
The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.
We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes a default password policy
Custom fields are now read from LDAP. The format is a list of
dicts with keys: label, field, required.
The LDAP-based configuration now specifies:
ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title
ipaGroupSearchFields: cn,description
ipaSearchTimeLimit: 2
ipaSearchRecordsLimit: 0
ipaCustomFields:
ipaHomesRootDir: /home
ipaDefaultLoginShell: /bin/sh
ipaDefaultPrimaryGroup: ipausers
ipaMaxUsernameLength: 8
ipaPwdExpAdvNotify: 4
This could use some optimization.
|
| | |
|
| |
|
|
|
|
| |
Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"
|
| |
|
|
|
| |
Better error reporting in the GUI
Include a document describing how multi-valued fields work
|
| |
|
|
| |
add the radiusprofile to the list of objectclasses used when creating a user
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fix a bug in the local transport version of memberOf()
|
| |
|
|
| |
Make find-groups use memberOf to have a prettier dispaly of members
|
| |
|
|
| |
NOTE: this doesn't handle referential integrity.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need the elaborate python requires, since a requires
for e.g. "python-abi = 2.5" is automatically added.
We also don't need the elaborate build requires, since all
it does is query the currently installed version of python
and require that you have it's appropriate python-devel
installed. But if python-devel is installed at all, this
should hold true.
(Also, IMHO the .spec files should be removed from mercurial
since they are automatically generated)
Signed-off-by: Mark McLouglin <markmc@redhat.com>
|
| |
|
|
| |
Move some ACI functions around in preparation for cli delegation
|
| |
|
|
|
|
|
| |
Current ipa-python imports and calls code from ipaserver (which is in
the ipa-server package). This makes it impossible to use the admin
tools or the ipa-python package on a system without the server bits
installed. This fixes that in a fairly minimal way.
|
| |
|
|
|
| |
For now I've added a new API call. The field-specific searching is
a ways off.
|
| | |
|
| | |
|
| |
|
|
|
| |
Karl MacMillan
Remove #!/usr/bin/python from many files to quiet rpmlint
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
will need in the delegation UI.
|
| |
|
|
| |
Also a couple double-escaping fixes I missed in the last patch.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Modify the way we detect SELinux to use selinuxenabled instead of using
a try/except.
Handle SASL/GSSAPI authentication failures when getting a connection
|
| |
|
|
|
|
|
| |
the exception to contain the complete command.
Add a check to make sure installer is running as root.
Add signal handler to detect a user-cancelled installation.
Detect existing DS instances and prompt to remove them.
|
| |
|
|
|
| |
Add new class of errors for connections
Raise an exception if a connection cannot be made due to missing ccache
|
| |
|
|
|
|
|
| |
Don't read ipa.conf to get the realm, the kerberos libs do that for you.
Use the krbPrincipalName to change passwords
Make it possible to specify the principal at user creation.
Mail is not a required attribute so far, don't require it.
|
| |
|
|
| |
Added a couple more API calls to make the inverse operations easier.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install the turbogears web gui including an init script. This
patch includes a few related changes:
* create a production configuration
* rename the web gui startup scrip to ipa-webgui
* add an init script
* chkconfig on the ipa-webgui init script
* make the start script properly daemonize the app when not
in a development directory.
* Install everything to the correct places (/usr/sbin/ipa-webgui
and /usr/share/ipa/ipagui mainly).
There are some things still left to do:
* Sort out the logging - the config needs to be adjusted so
that logging messages end up in /var/log.
|
| |
|
|
|
|
|
| |
* Remove the rpmbuild tree with the dist-clean target.
* Move ipa-server-setupssl from /usr/sbin to /usr/share/ipa
* Check in requirement change for generated freeipa-python.spec
* Fix interactive hostname in ipa-server-install.
|
| |
|
|
|
| |
Renamed some of the user_group parameters to be self-evident.
Binary wrapping isn't necessary on strings, so removed from xmlrpc calls.
|
| |
|
|
| |
Fixes a bug with the group by member where is wasn't trapping not found errors.
|
| | |
|
| |
|
|
|
|
|
| |
Add ipa-passwd tool
Add simple field validation package
This patch adds a package requirement, python-krbV. This is needed to
determine the current user based on their kerberos ticket.
|
| |\ |
|
| | |
| |
| |
| | |
Use the filter generation code to search on multiple fields.
|
| | |
| |
| |
| |
| | |
Limit editgroup user ajax search.
Minor UI cleanup for editgroup.
|
| | |
| |
| |
| |
| |
| | |
name and location of the keytab. In order for this keytab to be usable
TurboGears and Apache will need to run as the same user. We will also need
to listen only on localhost in TG.
|
| |/
|
|
| |
Remove some unused calls to retrieve the current realm
|
