freeipa.git/install/tools, branch abbra Unnamed repository; edit this file 'description' to name the repository. Add trust-related ACIs 2012-05-30T08:19:02+00:00 Alexander Bokovoy abokovoy@redhat.com 2012-05-15T17:03:16+00:00 498cd80b6d6aeee29f45c735bb9ab664f095be29 A high-level description of the design and ACIs for trusts is available at https://www.redhat.com/archives/freeipa-devel/2011-December/msg00224.html and https://www.redhat.com/archives/freeipa-devel/2011-December/msg00248.html Ticket #1731 
A high-level description of the design and ACIs for trusts is available at
https://www.redhat.com/archives/freeipa-devel/2011-December/msg00224.html
and
https://www.redhat.com/archives/freeipa-devel/2011-December/msg00248.html

Ticket #1731
Properly handle multiple IP addresses per host when installing trust support 2012-05-30T07:24:43+00:00 Alexander Bokovoy abokovoy@redhat.com 2012-03-27T09:50:48+00:00 3425fbf84ad861848930c14dc4ed7a74d3ba9e0d resolve_host() function returns a list of IP addresses. Handle it all rather than expecting that there is a single address. It wouldn't hurt to make a common function that takes --ip-address into account when resolving host addresses and use it everywhere. 
resolve_host() function returns a list of IP addresses. Handle it all rather
than expecting that there is a single address.

It wouldn't hurt to make a common function that takes --ip-address into account
when resolving host addresses and use it everywhere.
Add trust management for Active Directory trusts 2012-05-30T07:24:43+00:00 Alexander Bokovoy abokovoy@redhat.com 2012-02-28T11:24:41+00:00 04a2a4530f1ec857e8100f68ec663b4767876e8d 






Replace DNS client based on acutil with python-dns
2012-05-24T11:55:56+00:00

Martin Kosek
mkosek@redhat.com

2012-05-11T12:38:09+00:00

f1ed123caddd7525a0081c4a9de931cabdfda43f

IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
  but but rather C-like interface based on functions and
  structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
  authconfig and thus can break without notice

Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
  in installutils to make the whole DNS check simpler and
  less error-prone. Logging was improves for the remaining
  checks
- improved logging for ipa-client-install DNS discovery

https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837





IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
  but but rather C-like interface based on functions and
  structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
  authconfig and thus can break without notice

Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
  in installutils to make the whole DNS check simpler and
  less error-prone. Logging was improves for the remaining
  checks
- improved logging for ipa-client-install DNS discovery

https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837







ipa-server-install reword message
2012-05-22T13:16:18+00:00

Ondrej Hamada
ohamada@redhat.com

2012-05-22T10:19:53+00:00

dd3c4ef49b25a0752a11c3c321170ac73f0de89f

Output message of the 'read_domain_name' function in ipa-server-install
was reworded.

https://fedorahosted.org/freeipa/ticket/2704





Output message of the 'read_domain_name' function in ipa-server-install
was reworded.

https://fedorahosted.org/freeipa/ticket/2704







During replication installation see if an agreement already exists.
2012-05-17T15:12:45+00:00

Rob Crittenden
rcritten@redhat.com

2012-05-16T22:11:11+00:00

4b539a41d9b562ed3372ea70fbb5d52c141a43f1

We were inferring that an agreement existed if the host was present
as an IPA host. This was not enough if the replica installation failed
early enough.

https://fedorahosted.org/freeipa/ticket/2030





We were inferring that an agreement existed if the host was present
as an IPA host. This was not enough if the replica installation failed
early enough.

https://fedorahosted.org/freeipa/ticket/2030







Validate on the user-provided domain name in the installer.
2012-05-17T06:01:42+00:00

Rob Crittenden
rcritten@redhat.com

2012-05-11T19:56:43+00:00

13b51f3011bfb5c5c265e08c6f207f769dbde807

Wrap printing exceptions in unicode() to do Gettext conversion.

https://fedorahosted.org/freeipa/ticket/2196





Wrap printing exceptions in unicode() to do Gettext conversion.

https://fedorahosted.org/freeipa/ticket/2196







Disallow '<' and non-ASCII characters in the DM password
2012-05-15T08:26:17+00:00

Petr Viktorin
pviktori@redhat.com

2012-05-11T13:08:59+00:00

1de37e8110e2b9fb69253cadfe4c1da1bc2e30f6

pkisilent does not handle these properly.

https://fedorahosted.org/freeipa/ticket/2675





pkisilent does not handle these properly.

https://fedorahosted.org/freeipa/ticket/2675







Remove duplicate and unused utility code
2012-05-09T09:54:20+00:00

Petr Viktorin
pviktori@redhat.com

2012-04-18T15:22:35+00:00

f19218f7d87f5847d51f79b5d2850f90b0ae8407

IPA has some unused code from abandoned features (Radius, ipa 1.x user
input, commant-line tab completion), as well as some duplicate utilities.
This patch cleans up the utility modules.

Duplicate code consolidated into ipapython.ipautil:
    {ipalib.util,ipaserver.ipautil,ipapython.ipautil}.realm_to_suffix
    {ipaserver,ipapython}.ipautil.CIDict
            (with style improvements from the ipaserver version)
    {ipapython.entity,ipaserver.ipautil}.utf8_encode_value
    {ipapython.entity,ipaserver.ipautil}.utf8_encode_values

ipalib.util.get_fqdn was removed in favor of the same function in
ipaserver.install.installutils

Removed unused code:
    ipalib.util:
        load_plugins_in_dir
        import_plugins_subpackage
        make_repr (was imported but unused; also removed from tests)

    ipapython.ipautil:
        format_list
        parse_key_value_pairs
        read_pairs_file
        read_items_file
        user_input_plain
        AttributeValueCompleter
        ItemCompleter

    ipaserver.ipautil:
        get_gsserror (a different version exists in ipapython.ipautil)

ipaserver.ipautil ended up empty and is removed entirely.

https://fedorahosted.org/freeipa/ticket/2650





IPA has some unused code from abandoned features (Radius, ipa 1.x user
input, commant-line tab completion), as well as some duplicate utilities.
This patch cleans up the utility modules.

Duplicate code consolidated into ipapython.ipautil:
    {ipalib.util,ipaserver.ipautil,ipapython.ipautil}.realm_to_suffix
    {ipaserver,ipapython}.ipautil.CIDict
            (with style improvements from the ipaserver version)
    {ipapython.entity,ipaserver.ipautil}.utf8_encode_value
    {ipapython.entity,ipaserver.ipautil}.utf8_encode_values

ipalib.util.get_fqdn was removed in favor of the same function in
ipaserver.install.installutils

Removed unused code:
    ipalib.util:
        load_plugins_in_dir
        import_plugins_subpackage
        make_repr (was imported but unused; also removed from tests)

    ipapython.ipautil:
        format_list
        parse_key_value_pairs
        read_pairs_file
        read_items_file
        user_input_plain
        AttributeValueCompleter
        ItemCompleter

    ipaserver.ipautil:
        get_gsserror (a different version exists in ipapython.ipautil)

ipaserver.ipautil ended up empty and is removed entirely.

https://fedorahosted.org/freeipa/ticket/2650







Configure SELinux for httpd during upgrades
2012-04-03T22:20:51+00:00

Martin Kosek
mkosek@redhat.com

2012-04-03T08:47:40+00:00

17a0738d2d352f9c3d73167b3fb22cd566fd98d4

SELinux configuration for httpd instance was set for new
installations only. Upgraded IPA servers (namely 2.1.x -> 2.2.x
upgrade) missed the configuration. This lead to AVCs when httpd
tries to contact ipa_memcached and user not being able to log in.

This patch updates ipa-upgradeconfig to configure SELinux
in the same way as ipa-server-install does.

https://fedorahosted.org/freeipa/ticket/2603





SELinux configuration for httpd instance was set for new
installations only. Upgraded IPA servers (namely 2.1.x -> 2.2.x
upgrade) missed the configuration. This lead to AVCs when httpd
tries to contact ipa_memcached and user not being able to log in.

This patch updates ipa-upgradeconfig to configure SELinux
in the same way as ipa-server-install does.

https://fedorahosted.org/freeipa/ticket/2603