summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipaserver
Commit message (Collapse)AuthorAgeFilesLines
* Include information on where to look if a hostname resolves to localhost.Rob Crittenden2008-05-091-1/+1
| | | | 442812
* Return better ewrror message that gives a hint about who actually returned itSimo Sorce2008-05-081-9/+6
| | | | + Some cleanups (trainling spaces and such).
* Add a version API to the server so it knows what version it is.Rob Crittenden2008-05-082-0/+26
| | | | 435019
* Don't prompt for confirmation of DM password when installing a replica.Rob Crittenden2008-05-081-2/+5
| | | | | | | | | It implies that you are setting a new password and you really aren't. Also added a catch for KeyboardInterrupt with instructions on how to recover from a partial install. 441607
* Fix ownership of the Apache NSS cert and key databases.Rob Crittenden2008-04-301-0/+10
| | | | | The group "apache" needs to have read access to them so they will work in Fedora 9+.
* Better detection of DS not starting.Rob Crittenden2008-04-141-3/+23
| | | | | | | The dirsrv init script always returns 0 on status checks, even if an instance is not started. So we have to look through the output instead. 442452
* Configure the ipa_pwd_extop plugin on replicas.Rob Crittenden2008-04-141-1/+4
| | | | | | | | If plugin isn't configured then the kerberos attributes don't get populated. User's will get Preauthentication errors from the kerberos libraries because there is no krbPrincipalKey to match against. 442134
* Use the same kpasswd.keytab on all replicas.Rob Crittenden2008-04-091-2/+7
| | | | | | | If we generate a new keytab for each replica then effectively password changes can only occur on the last replica created. 439905
* The kpasswd keytab must not be owned by the dirsrv user.Simo Sorce2008-04-081-2/+0
| | | | Fix copy&paste error.
* Add missing start_creation() so the install process will get kicked off.Rob Crittenden2008-04-021-0/+1
|
* Sysrestore fixes.Simo Sorce2008-03-311-3/+8
| | | | | | | Latest patch used the wrong path and all files where actually going to /tmp even if a different path was specified. Makes also StateFile behave the same as FileStore, and be a public class, this way a common path can be used too.
* Better check for IPA nServer own address, avoid manually parsing /etc/hosts bySimo Sorce2008-03-301-36/+54
| | | | | | | using nsswitch calls that read it and also take in account any other name resolution mechanism that might be installed (like NIS lol :-). This also should make the check support IPv6 transparently too (not tested)
* Move sysrestore to ipa-python so it can be used by client scripts too.Simo Sorce2008-03-278-332/+130
| | | | | | Change backup format so files are all in a single directory (no dir hierarchies) and use an index file so we can save also ownership and permission info for the restore (and eventually other data later on).
* Properly detect when ports are available.Rob Crittenden2008-03-271-4/+3
| | | | | | | | The DS setup program uses Perl and does a similar port available test. It seems that perl always sets FD_CLOEXEC and python does not. This is why the port test would pass in python but fail in perl. 439024
* Make the memberof task a public function.Rob Crittenden2008-03-271-9/+16
| | | | | | | | | | | | | | This is used when a new replica is created as well as whenever a replica is re-initialized from another master. In order for this to work when not creating an instance the __init__ function needs to be able to determine the suffix and the dm_password is needed. I've also added the time to the RDN of the member task to ensure uniqueness. 438222
* Add ability to initialize a replication agreementRob Crittenden2008-03-072-42/+24
| | | | | | | | Add ability to force a synch to occur Clean up a lot of unused code in ipaldap.py. This lets us do a simple bind without being root (it used to try to read dse.ldif) 436237
* Verify that the hostname is correct in /etc/hostsRob Crittenden2008-03-061-0/+30
| | | | | | Don't ignore exceptions when getting the hostname from the user 433515
* Use standard size and alignment for the packed data so it works on 64-bit hostsRob Crittenden2008-03-061-1/+1
|
* Require that the hostname is a DNS A record and that the forward and reverseRob Crittenden2008-03-031-0/+21
| | | | | | match. 433515
* Fix boot.ldif generation, the domain name component must be derivedSimo Sorce2008-03-041-1/+1
| | | | | from the realm not the domain. One line fix.
* Make sure all entries are generated by us according to IPASimo Sorce2008-02-281-0/+21
| | | | | default tree. This patch make sure that the DS setup script does not add unwanted entries.
* Fix off-by-one error in the number of steps to install a serviceRob Crittenden2008-02-281-1/+1
|
* Don't log passwords in ipaserver-install.logRob Crittenden2008-02-261-2/+4
| | | | 433509
* Use correct variable for determining the host nameRob Crittenden2008-02-261-1/+1
| | | | 435055
* Make sure KrbPrincipalName is unique server-wideSimo Sorce2008-02-211-0/+4
|
* Redirect users when they don't use the FQDN on both SSL and non-SSL portsRob Crittenden2008-02-211-2/+13
| | | | | | | We update the mod_nss configuration (nss.conf) during installation to include ipa-rewrite.conf to handle the SSL side. 433054
* Add some additional error handlingRob Crittenden2008-02-201-1/+4
| | | | 433347
* cosmetic fixesSimo Sorce2008-02-211-4/+5
|
* Start ntpd first unless we do not want it.Simo Sorce2008-02-201-8/+18
| | | | | Make sure we do sync the clock leaping to the current correct time. This avoids problems with bad dates on certificates, etc..
* Add some error handling for LDAP connection issuesRob Crittenden2008-02-191-9/+15
| | | | | | Verify the DM password earlier in the process 433368
* Verify current domain with user during installationRob Crittenden2008-02-154-17/+13
| | | | | | Use that domain when creating replicas Resolves 432066
* memberOf attribute should not be replicatedRob Crittenden2008-02-181-0/+1
| | | | Resolves 430017
* Don't create a backup of the PKCS#12 cert on replicasRob Crittenden2008-02-141-10/+15
| | | | | | Name the file created by ipa-replica-prepare after the FQDN of the target Resolves 432904
* Always do a chkconfig --add/--del on install/uninstallRob Crittenden2008-02-081-0/+14
| | | | | This makes a from-tree installation work. We also do this in the rpm spec file. Contributed by Pieter D.J. Krul
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-0411-11/+11
|
* Fix two typosRob Crittenden2008-02-051-2/+2
|
* Use file to store the current CA serial numberRob Crittenden2008-02-054-16/+58
| | | | | | | No longer create a PKCS#12 file that contains the CA No longer send the entire CA to each replica, generate the SSL certs on master Fix number of bugs in ipa-replica-install and prepare Produce status output during replica creation
* Use correct variable for domain when restoring a file.Rob Crittenden2008-01-311-1/+1
| | | | Resolves 430724
* Include some additional information when installing IPA.Rob Crittenden2008-01-251-1/+1
| | | | | Remove 8080 as a port that needs to be opened bz 430088
* Fix misspelling of the word indices.Rob Crittenden2008-01-251-3/+3
|
* Re-factor the ipa_webgui and ipa_kpasswd instance codeMark McLoughlin2008-01-225-63/+39
| | | | | | | | | The ipa_webgui and ipa_kpasswd instance code is identical and I want to add another similar instance down the line, so re-factor the code into a service.SimpleServiceInstance class. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Initialise DsInstance.pkcs12_infoMark McLoughlin2008-01-221-0/+1
| | | | | | | | DsInstance.pkcs12_info isn't currently initialised in the constructore so, e.g. __enable_ssl() assumes that create_instance() has initialised it. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Small refactor of dsinstance.config_dirname()Mark McLoughlin2008-01-222-13/+13
| | | | | | | | | | | | | If, in future, we change the server ID so that it's not derived from the realm name, there's a fair few places that need to be changed. Make that easier by having config_dirname() take the server ID rather than the realm name. That makes sense anyway so we don't have to realm_to_serverid() so much. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Remove questions from ipaserver.dsinstanceMark McLoughlin2008-01-221-22/+6
| | | | | | | | | | | | | Let's assume that all ipaserver.dsinstance could be used somewhere where asking questions on stdout/stdin is not approriate and re-factor the code to be suitable in those situations too. i.e. make check_existing_installation() return a list of server IDs and make check_ports() return an (unsecure, secure) tuple indication which ports are in use. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Fix issues reported by rpmlint.Rob Crittenden2008-01-187-23/+18
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Add ipa-server-install --uninstallMark McLoughlin2008-01-117-0/+122
| | | | | | | | Add a --uninstall option to ipa-server-install which tries to restore the system to the way it was before ipa-server-install was run using the state backed up through sysrestore.py. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Backup system state in ipa-server-installRob Crittenden2008-01-1410-14/+354
| | | | | | | | | | | | | This patch adds a sysrestore module which allows ipa-server-install code to backup any system state so that it can be restored again with e.g. ipa-server-install --uninstall. The idea is that any files ipa-server-install modifies gets backed up to /var/cache/ipa/sysrestore/ while any "meta" state, like whether a service is enabled with chkconfig, is saved to /var/cache/ipa/sysrestore.state. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Use tempfile.mkdtemp() rather than hardcoded tmpdirMark McLoughlin2008-01-111-9/+4
| | | | | | | httpinstance.py currently uses a hardcoded /tmp/ipa temporary directory. Make it use tempfile.mkdtemp() instead. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Refactor some krbinstance templating codeMark McLoughlin2008-01-111-25/+12
| | | | Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Use service.py helpersMark McLoughlin2008-01-111-1/+1
| | | | | | | In dsinstance.py, there's one place we could use the service.py helpers where we don't currently. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-09 03:34:47 +0000