summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/adtrustinstance.py
Commit message (Collapse)AuthorAgeFilesLines
* Ensure ipa-adtrust-install is run with Kerberos ticket for admin userAlexander Bokovoy2012-07-311-10/+11
| | | | | | | | | | | | When setting up AD trusts support, ipa-adtrust-install utility needs to be run as: - root, for performing Samba configuration and using LDAPI/autobind - kinit-ed IPA admin user, to ensure proper ACIs are granted to fetch keytab As result, we can get rid of Directory Manager credentials in ipa-adtrust-install https://fedorahosted.org/freeipa/ticket/2815
* Use DN objects instead of strings in adtrustinstanceSumit Bose2012-07-011-16/+25
|
* Set RID bases for local domain during ipa-adtrust-installSumit Bose2012-06-291-1/+87
|
* Add external domain extop DS pluginSumit Bose2012-06-281-5/+18
| | | | | | This extop can be used by clients of the IPA domain, e.g. sssd, to retrieve data from trusted external domains. It can be used e.g. to map Windows SIDs to user or groups names and back.
* Add sidgen postop and taskSumit Bose2012-06-281-0/+8
| | | | | | | | A postop plugin is added to create the SID for new created users and groups. A directory server task allows to set the SID for existing users and groups. Fixes https://fedorahosted.org/freeipa/ticket/2825
* restart dirsrv as part of ipa-adtrust-installAlexander Bokovoy2012-06-221-4/+4
| | | | | | | | | We should restart Directory Server when performing AD trusts configuration to enable new CLDAP plugin and force KDC to notice MS PAC is now available. Previously we only restarted KDC but if dirsrv is restarted, KDC will notice its socket disappeared and will refresh itself http://fedorahosted.org/freeipa/ticket/2862
* Set samba_portmapper SELinux boolean during ipa-adtrust-installsbose2012-06-071-0/+51
|
* Add trust-related ACIsAlexander Bokovoy2012-06-071-68/+22
| | | | | | | | | A high-level description of the design and ACIs for trusts is available at https://www.redhat.com/archives/freeipa-devel/2011-December/msg00224.html and https://www.redhat.com/archives/freeipa-devel/2011-December/msg00248.html Ticket #1731
* Restart KDC after installing trust support to allow MS PAC generationAlexander Bokovoy2012-06-071-7/+16
| | | | | | | | Also make sure all exceptions are captured when creating CIFS service record. The one we care about is duplicate entry and we do nothing in that case anyway. Also make uniform use of action descriptors.
* Add trust management for Active Directory trustsAlexander Bokovoy2012-06-071-5/+9
|
* Use dedicated keytab for SambaAlexander Bokovoy2012-06-071-11/+16
| | | | | | | | Samba just needs the cifs/ key on the ipa server. Configure samba to use a different keytab file so that we do not risk samba commands (net, or similar) to mess up the system keytab. https://fedorahosted.org/freeipa/ticket/2168
* activate CLDAPSumit Bose2011-12-061-0/+4
|
* Fix some pylint warningsSumit Bose2011-12-061-40/+67
|
* Use new objectclasses and attributes for trustSumit Bose2011-12-061-14/+32
|
* Move our own domain info into cn=etcSumit Bose2011-12-061-9/+17
| | | | https://fedorahosted.org/freeipa/ticket/2001
* Add DNS service records for WindowsSumit Bose2011-11-301-2/+57
| | | | https://fedorahosted.org/freeipa/ticket/1939
* Revert "Add DNS service records for Windows"Martin Kosek2011-11-291-25/+0
| | | | | | A wrong version of the patch has been pushed. This reverts commit d24dda2fe3e188b4904deb184cc098d979e7f611.
* Add DNS service records for WindowsSumit Bose2011-11-231-0/+25
| | | | https://fedorahosted.org/freeipa/ticket/1939
* ticket 2022 - modify codebase to utilize IPALogManager, obsoletes loggingJohn Dennis2011-11-231-8/+7
| | | | | | | | | | | | change default_logger_level to debug in configure_standard_logging add new ipa_log_manager module, move log_mgr there, also export root_logger from log_mgr. change all log_manager imports to ipa_log_manager and change log_manager.root_logger to root_logger. add missing import for parse_log_level()
* Add admin SIDsSumit Bose2011-09-231-6/+56
| | | | | The admin SID DOMAIN-SID-500 will be assigned to the IPA admin user and the admin group SID DOMAIN-SID-512 to the admins group.
* Fix ACIs in ipa-adtrust-installSumit Bose2011-09-201-2/+13
|
* Add ipa-adtrust-install utilitySumit Bose2011-09-141-0/+281
https://fedorahosted.org/freeipa/ticket/1619
generated by cgit (git 2.34.1) at 2025-09-05 07:11:28 +0000