| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch uses the kerberos schema policy, this is the same policy used by
kadmin.
While this patch allows for krbPwdPolicy objects anywhere the kldap module
will make the kdc fail to provide tickets if the "krbPwdPolicyReference"
points to any object that is not a child of cn=<REALM>,cn=kerberos,dc=....
To let us set policies anywhere in the tree I enabled the code to actually
look at parent entries and the user entry itself and specify policies directly
on these objects by adding the krbPwdPolicy objectclass to them (I know its
structural but DS seem to allow multiple Structural classes on the same
entry).
The only side effect is that kadmin will not understand this, but we don't
want to use kadmin anyway as it does not understand way too many things about the
directory.
I've tested a few scenarios and all seem working as expected, but further
testing is welcome of course.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Set gid to the group "ipausers"
Add the user to this default group
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Add secretary to the list of indexes otherwise RDN changing could be slow
Port --addattr, --setattr and --delattr from usermod to groupmod
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
forked-model detection was incorrect.
Both of these return an error instead of raising one
|
| | | |
| | |
| | |
| | | |
Fix some error messages that were printing the entire detail message
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"
|
| | | |
| | |
| | |
| | | |
Restore the CSS to display the up/down arrow on sort columns
|
| | | | |
|
| | | |
| | |
| | |
| | | |
More work is needed as the values are currently hardcoded and not saved
|
| | |/
|/|
| |
| |
| | |
Better error reporting in the GUI
Include a document describing how multi-valued fields work
|
| | | |
|
| | |
| |
| |
| | |
add the radiusprofile to the list of objectclasses used when creating a user
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1) Add a base class for all of the instance objects.
2) Normalize usage of logging.
3) General cleanups of ipa-server-install.
4) Make better use of httpinstance.
5) Add webguiinstance.
6) Improve progress reporting during installation.
Works Here (TM), but it would be nice to get someone else
to test since this moves code around a bit.
|
| | |
|
| | |
|
| |
|
|
|
| |
This has the side-effect of removing the realm from Loggin in as. This
can be changed by using user_name instead of display_name in master.kid.
|
| | |
|
| |
|
|
| |
groups returned. Skip that element.
|
| |
|
|
|
|
|
|
| |
Configure ipa servers as an ntp server and clients
to (by default) us the ipa server as an ntp server.
Also corrected the messages about which ports should
be opened.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The error log is rotated weekly on Sunday. 4 backups are saved.
The access log is not stored since it would be a duplicate of the
Apache logs. It can be enabled if desired.
Had to move the call to daemonize() in ipa-webgui so that the
fork is done before TurboGears is initialized. Otherwise the log
files end up getting closed.
|
| | |
|
| |
|
|
|
|
| |
This is necessary for services that need to be able to respond
to requests from client that acquired a service ticket just before
a password change.
|
| | |
|
| |
|
|
| |
Fix a bug in the local transport version of memberOf()
|
| |
|
|
| |
Make find-groups use memberOf to have a prettier dispaly of members
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
http://hostname/config so users can point their MIT client at the IPA
server and automatically fetch the configuration.
|
| |
|
|
| |
NOTE: this doesn't handle referential integrity.
|
| | |
|
| |
|
|
|
|
| |
user -> user_fields
group -> group_fields
delegate -> delegate_fields
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a couple of buglets with read_ip_address():
1) It writes host_name to /etc/hosts, but isn't currently
being passed host_name
2) It doesn't return the IP address even though the caller
expects it
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
| |
Ignore errors if setsebool fails and print a warning.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After looking into setting up ntpd on the IPA servers I decided it
was better just to warn admins. There are just too many valid setups
for time synchronization for us to try to get this right. Additionally,
just installing ntp and accepting the default config will result in
a configuration that is perfectly valid for IPA.
This patch checks if ntpd is running and suggests enabling it if it
is not - for client and server. It also adds some suggested next
steps to the server installation.
|
| | |
|
| | |
|
| |
|
|
| |
Move some ACI functions around in preparation for cli delegation
|
| |
|
|
| |
to be available to the XML-RPC interface
|
| | |
|
