| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
- Add replication management script that allows listing
adding, and deleting replicas.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following the changelog history from my dev tree, some comments are useful imo
------------------------------------------------------
user: Simo Sorce <ssorce@redhat.com>
date: Fri Dec 21 03:05:36 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
Remove remnants of the initial test tool
changeset: 563:4fe574b7bdf1
user: Simo Sorce <ssorce@redhat.com>
date: Fri Dec 21 02:58:37 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
description:
Maybe actually encrypting the keys will help :-)
changeset: 562:488ded41242a
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 23:53:50 2007 -0500
files: ipa-server/ipa-install/share/Makefile.am ipa-server/ipa-install/share/default-aci.ldif
description:
Fixes
changeset: 561:4518f6f5ecaf
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 23:53:32 2007 -0500
files: ipa-admintools/Makefile ipa-admintools/ipa-addservice
description:
transform the old ipa-getkeytab in a tool to add services as the new
ipa-getkeytab won't do it (and IMO it makes more sense to keep the
two functions separate anyway).
changeset: 559:25a7f8ee973d
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 23:48:59 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
description:
Bugfixes
changeset: 558:28fcabe4aeba
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 23:48:29 2007 -0500
files: ipa-client/configure.ac ipa-client/ipa-client.spec ipa-client/ipa-client.spec.in ipa-client/ipa-getkeytab.c
description:
Configure fixes
Add ipa-getkeytab to spec
Client fixes
changeset: 557:e92a4ffdcda4
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 20:57:10 2007 -0500
files: ipa-client/Makefile.am ipa-client/configure.ac
description:
Try to make ipa-getkeytab build via autotools
changeset: 556:224894175d6b
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 20:35:56 2007 -0500
files: ipa-admintools/ipa-getkeytab ipa-client/ipa-getkeytab.c
description:
Messed a bit with hg commands.
To make it short:
- Remove the python ipa-getkeytab program
- Rename the keytab plugin test program to ipa-getkeytab
- Put the program in ipa-client as it should be distributed with the client
tools
changeset: 555:5e1a068f2e90
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 20:20:40 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
Polish the client program
changeset: 554:0a5b19a167cf
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 18:53:49 2007 -0500
files: ipa-server/ipa-install/share/default-aci.ldif ipa-server/ipa-install/share/default-keytypes.ldif ipa-server/ipa-install/share/kdc.conf.template ipa-server/ipa-install/share/kerberos.ldif ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c ipa-server/ipaserver/krbinstance.py
description:
Support retrieving enctypes from LDAP
Filter enctypes
Update test program
changeset: 553:f75d7886cb91
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 00:17:40 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
Fix ber generation and remove redundant keys
changeset: 552:0769cafe6dcd
user: Simo Sorce <ssorce@redhat.com>
date: Wed Dec 19 19:31:37 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
Avoid stupid segfault
changeset: 551:1acd5fdb5788
user: Simo Sorce <ssorce@redhat.com>
date: Wed Dec 19 18:39:12 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
description:
If ber_peek_tag() returns LBER_ERROR it may just be that we are at the
end of the buffer. Unfortunately ber_scanf is broken in the sense that
it doesn't actually really consider sequence endings (due probably to the fact
they are just representation and do not reflect in the underlieing DER
encoding.)
changeset: 550:e974fb2726a4
user: Simo Sorce <ssorce@redhat.com>
date: Wed Dec 19 18:35:07 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
First shot at the new method
|
| | |
|
| |
|
|
|
|
| |
correctly issue certs from the same authority. Also remove
support for read-only replicas since that work will not
be finished and tested for 1.0.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
There's a few places where we spawn of kadmin to add/modify
principals and create keytabs.
Refactor all that code into installutils.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
| |
Just in case there is an existing ipa-webgui running
before ipa-server-install, restart the instance rather
than just starting it.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
| |
Merging the "host keytab" and "creation steps" patchs left
a stray old-style call to Service.step()
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Creation steps are currently done with:
self.start_creation(2, "Create foo")
self.step("do foo")
self.foo()
self.step("do bar")
self.bar()
self.done_creation()
This patch refactors that into the much more
straightforward:
self.step("do foo", self.foo)
self.step("do bar", self.bar)
self.start_creation("Create foo")
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The following files hav no template variables, so don't
bother templating them:
- memberof-conf.ldif
- referint-conf.ldif
- dna-conf.ldif
- certmap.conf.template
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Just a patch to refactor lots of similar code in
dsinstance and krbinstance using a simple helper
method.
Note, there are some differences:
- Some code used to call ldapmodify without -h 127.0.0.1
- Some of the code used to just print an error rather than
using logging.critical()
- Some code used to log some extra debug
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
update_key_val_in_file() shouldn't try and write to
a file if the key is already set to the given value
in the file
Rationale here is that if we write these files out
while building a system image, ipa-server-install
shouldn't need to re-write them and, therefore,
they don't need to be writable.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
| |
Recently, dsinstance and krbinstance was fixed to
not import * from ipautil; do the same for the
rest of ipaserver.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
- Insure admins can't locked out by mistake by inclusion in disabled groups
- Fix also minor error in krbinstance.py
|
| |
|
|
|
|
| |
This uses the UniversalPreferencesWrite function to set the browser
preferences to allow negotiation and ticket forwarding in the IPA domain.
A self-signed certificate is generated to sign the javascript.
|
| | |
|
| |
|
|
| |
ipa-radius-install.
|
| |
|
|
|
| |
Fixes problem changing passwords seen only on servers where
re-installations where performed (and old secrets piled up)
|
| | |
|
| | |
|
| |
|
|
|
| |
python module. This is in preparation for user
supplied certs.
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We used to return the entire argument string ala:
('dc=freeipa,dc=org', 2, 'uid=foo', ['*'])
This adds a regex to try to print anything after = in the filter.
Not perfect but better.
|
| | | |
|
| |\| |
|
| | | |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| | |
Warning: this lacks any sort of authorization.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This add replication setup through two new commands: ipa-replica-prepare
and ipa-replica-install. The procedure is to run ipa-replica-prepare
on an existing master. This will collect information about the realm
and the current master and create a file storing all of the information.
After copying that file to the new replica, ipa-replica-install is
run (with -r to create a read-only replica).
This version of the patch also includes fixes for the sasl mappings
on the replicas.
Remaining features:
- ssl for replication.
- automatic configuration of mesh topology for
master (or a simpler way to replicate multiple
masters.
- tool for view / configuring current replication.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds 2 new groups: activated and inactivated.
If you, or a group you are a member of, is in inactivated then you are too.
If you, or a group you are a member of, is in the activated group, then you
are too.
In a fight between activated and inactivated, activated wins.
The DNs for doing this matching is case and white space sensitive.
The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.
We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Add missing schema for GUI Config, and missing objectclass for cn=accounts
container
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Does not require dirsrv access to stash file
- Finalize password history support
- Fix strict password length default in pwd_extop (fix install sctript too)
- fix plugin configuration
- Introduce 3 kind of password change: normal, admin, and ds manager
- normal require adherence to policies
- admin does not but password is immediately expired
- ds manager can just change the password any way he likes.
Initial code to read the Kerberos Master Key from the Directory
|
| | |
| |
| |
| | |
fail if the file it was to update didn't exist.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Add secretary to the list of indexes otherwise RDN changing could be slow
Port --addattr, --setattr and --delattr from usermod to groupmod
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
|
| | | |
|
| |\| |
|
