summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Stop looking when removing entries from a keytab.Rob Crittenden2010-01-201-0/+5
| | | | keytab entries are locked when looping. Temporarily suspend the looping.
* Fix plugin to work with new output validation, add new helpersRob Crittenden2010-01-201-34/+57
| | | | | | | | Add a new get_subject() helper and return the subject when retrieving certificates. Add a normalizer so that everything before and after the BEGIN/END block is removed.
* Add DS migration plugin and password migration page.Pavel Zuna2010-01-2011-0/+637
|
* Add --enable-migration option in config plugin.Pavel Zuna2010-01-201-1/+14
|
* Add BIND pre-op for DS->IPA password migration to ipa-pwd-extop DS plugin.Pavel Zuna2010-01-203-15/+244
|
* Allow adding entries with pre-hashed passwords, but don't generate keys for ↵root2010-01-201-8/+15
| | | | | | them. Fix bug #528922.
* Temporary fix for name collision of textui.print_entry.Pavel Zuna2010-01-202-3/+3
| | | | Somehow there's two of them... rename old one to print_entry1.
* Make DNS plugin support output validation and thus make it work again.Pavel Zuna2010-01-201-39/+86
|
* Create pkiuser before calling pkicreate, pkicreate depends on the user existingJohn Dennis2010-01-201-1/+1
|
* Correct some comment errorsRob Crittenden2010-01-191-2/+1
|
* pass DER flag to x509.get_serial_number()John Dennis2010-01-191-1/+1
|
* Allow cospriority to be updated and fix description of priority orderingRob Crittenden2010-01-192-16/+40
| | | | | | Need to add a few more places where the DN will not be automatically normalized. The krb5 server expects a very specific format and normalizing causes it to not work.
* Use 'l' instead of 'localityname' in host plugin.Pavel Zuna2010-01-141-2/+14
| | | | | It seems that 'localityname' and 'locality' aliases were dropped in newer versions of DS.
* Make host objects aware of their membership and that l==localityName.Pavel Zuna2010-01-141-0/+6
|
* Add default values for krb ticket policy attributes during installation.Pavel Zuna2010-01-132-0/+8
|
* Add Kerberos Ticket Policy management plugin.Pavel Zuna2010-01-132-27/+167
|
* Fix backend.Executioner unit test.Pavel Zuna2010-01-131-6/+13
| | | | | | | | | | Before the patch that allows to create unshared instances of Connectible objects, all Connection object were deleted at once in destroy_context(). It made sense at the time, because there was always at most one Connection per Connectible subclass and Connectible.disconnect() was called only internally by the Executioner class. Now that we can make arbitrary connections, it makes more sense to delete the Connection object when Connectible.disconnect() is called.
* Improve modlist generation in ldap2. Some code cleanup as bonus.Pavel Zuna2010-01-111-65/+89
| | | | | | | | ldap2._generate_modlist now uses more sophisticated means to decide when to use MOD_ADD+MOD_DELETE instead of MOD_REPLACE. MOD_REPLACE is always used for single value attributes and never for multi value.
* Allow creation of new connections by unshared instances of backend.Connectible.Pavel Zuna2010-01-112-14/+22
|
* Add start/stop for the CARob Crittenden2010-01-111-0/+8
|
* Missed explicit reference to pki-ca, replace with self.service_nameRob Crittenden2010-01-111-2/+2
|
* Add --all to LDAPCreate and make LDAP commands always display default ↵Pavel Zuna2010-01-117-14/+30
| | | | attributes.
* Use the caIPAserviceCert profile for issuing service certs.Rob Crittenden2010-01-082-3/+3
| | | | | | | | | | | This profile enables subject validation and ensures that the subject that the CA issues is uniform. The client can only request a specific CN, the rest of the subject is fixed. This is the first step of allowing the subject to be set at installation time. Also fix 2 more issues related to the return results migration.
* Replace uses of %define with %global in the .spec fileRob Crittenden2010-01-071-7/+7
| | | | | | | Fixes rawhide builds per https://www.redhat.com/archives/fedora-devel-list/2010-January/msg00093.html Contributed by Nalin Dahyabhai
* Change the service name to reflect changes in pki-ca (now pki-cad).Rob Crittenden2010-01-071-3/+3
| | | | | | Also properly use the instance name where appropriate. There were a couple of places where the service name was used and this worked because they were the same.
* Remove hardcoded domain, example.comRob Crittenden2009-12-182-6/+6
|
* Add messages, declarative tests for rolegroup, taskgroup pluginsJason Gerard DeRose2009-12-185-273/+856
|
* Added Fuzzy docstrings; make-test now runs doctests in tests/*; fixed ↵Jason Gerard DeRose2009-12-187-32/+106
| | | | 'existant' mispelling
* Need to supsend looping through the keytab entries when doing a delete.Rob Crittenden2009-12-181-0/+5
|
* Handle base64-encoded certificates better, import missing functionRob Crittenden2009-12-183-0/+11
|
* Fuzzy feelingsJason Gerard DeRose2009-12-178-395/+653
|
* Make hosts more like real services so we can issue certs for host principalsRob Crittenden2009-12-165-17/+71
| | | | | This patch should make joining a client to the domain and using certmonger to get an initial certificate work.
* Set the context of files needed by the selfsign CA so Apache can write themRob Crittenden2009-12-162-1/+6
|
* Remove some left-over debugging statementsRob Crittenden2009-12-161-3/+0
|
* host and hostgroup summary messages, declarative tests; fix tests for 'dn'Jason Gerard DeRose2009-12-166-224/+499
|
* Add simple tests for the aci pluginRob Crittenden2009-12-141-0/+77
|
* Add some missing labelsRob Crittenden2009-12-142-0/+5
|
* Convert to using new result output handlingRob Crittenden2009-12-142-27/+85
| | | | | This also inserts the dn into the response when adding a record. We need this in the ACI plugin when adding a taskgroup
* Make the IPA server host and its services "real" IPA entriesRob Crittenden2009-12-1111-24/+146
| | | | | | | | | | | We use kadmin.local to bootstrap the creation of the kerberos principals for the IPA server machine: host, HTTP and ldap. This works fine and has the side-effect of protecting the services from modification by an admin (which would likely break the server). Unfortunately this also means that the services can't be managed by useful utilities such as certmonger. So we have to create them as "real" services instead.
* Add pdb options to make-test to pass onto nosetestsRob Crittenden2009-12-111-0/+14
|
* This plugin was replaced by the aci pluginRob Crittenden2009-12-111-93/+0
|
* Add force option to ipa-replica-manage to allow forcing deletion of a replicaRob Crittenden2009-12-111-5/+13
| | | | | | If a replica is not up for some reason (e.g. you've already deleted it) this used to quit and not let you delete the replica, generating errors in the DS logs. This will let you force a deletion.
* Take 2: Extensible return values and validation; steps toward a single ↵Jason Gerard DeRose2009-12-1044-1035/+2962
| | | | output_for_cli(); enable more webUI stuff
* Pass on debug option from ipa-client-install to ipa-joinRob Crittenden2009-12-091-0/+2
|
* rebase dogtag clean-up patchJohn Dennis2009-12-096-292/+1742
|
* A utility for removing principals from a keytab.Rob Crittenden2009-12-045-0/+324
| | | | | | | | | | | | When we un-enroll a client we'll do a bit of cleanup including removing any principals for the IPA realm from /etc/krb5.keytab. This removes principals in 2 ways: - By principal, only entries matching the full principal are removed - By realm. Any principal for that realm is removed This does not change the KDC at all, just removes entries from a file on the client machine.
* Bump the installation version number to V2.0Rob Crittenden2009-12-031-1/+1
|
* Add minimal test for the cert pluginRob Crittenden2009-12-031-0/+104
| | | | | | | This assumes that the developer has the equivalent of a selfsign CA installed. To do this, install IPA without a CA and copy /etc/httpd/alias/*.db to ~/.ipa/alias and /etc/httpd/alias/pwdfile.txt to ~/.ipa/alias/.pwd
* Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1 Any typeRob Crittenden2009-12-021-1/+5
|
* Add idnsUpdatePolicy into the dns plug-inMartin Nagy2009-12-021-1/+5
| | | | | | The idnsUpdatePolicy takes a list of BIND dynamic update policies, each of which must be terminated by ";". Also fix a minor error in the documentation string.
generated by cgit (git 2.34.1) at 2024-09-30 11:38:20 +0000