| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Original dnf builddep command does not work, unless --spec option is
added.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
All the new attributes are unused for now, but this allows us to keep tailing
upstream in case of other useful changes later on.
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/2086
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
| |
Change CLI option, label and type to reflect that it is a only a DN
of the suffix.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5441
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
First instance of KRA should be installed by ipa-kra-install.
https://fedorahosted.org/freeipa/ticket/5460
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5460
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The previous way of implementing trackers in the module with
the test caused circular imports. The separate package resolves
this issue.
https://fedorahosted.org/freeipa/ticket/5467
Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When uninstalling domain level 1 master its removal from topology is checked
on remote masters. The uninstaller also checks whether the uninstallation
disconnects the topology and if yes aborts the procedure. The
'--ignore-disconnected-topology' options skips this check.
https://fedorahosted.org/freeipa/ticket/5377
https://fedorahosted.org/freeipa/ticket/5409
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This facilitates reusability of this code in other components, e.g. IPA server
uninstallers.
https://fedorahosted.org/freeipa/ticket/5409
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
| |
Update .mailmap with misconfigured patch authors since the last
feature release. Based on the git history, add new Developer
contributors.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5310
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Commit 46ae52569a179f73b1445922f7bac993d598c953 reimplemented reporting of
managed topology suffixes in server-find/show commands using membership
attributes. This patch fixes consumers of this attribute in ipa-replica-manage
command and webui to reflect this change.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
| |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
In non-interactive more option --auto-forwarders can be used to do the
same. --forward option can be used to supply additional IP addresses.
https://fedorahosted.org/freeipa/ticket/5438
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5471
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With the ability to promote replicas from an enrolled client the
uninstallation procedure has to be changed slightly. If the client-side
components are not removed last during replica uninstallation, we can end up
with leftover ipa default.conf preventing future client re-enrollment.
https://fedorahosted.org/freeipa/ticket/5410
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Default ldap search limit is now 30 sec by default during upgrade.
Limits must be changed for the whole ldap2 connection, because this
connection is used inside update plugins and commands called from
upgrade.
Together with increasing the time limit, also size limit should be
unlimited during upgrade. With sizelimit=None we may get the
TimeExceeded exception from getting default value of the sizelimit from LDAP.
https://fedorahosted.org/freeipa/ticket/5267
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
Needs a 'break' otherwise prevents correct reporting of data and it always overrides
it with the placeholder data.
Reviewed-By: Simo Sorce <ssorce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 2606f5aecd6ac0db31abb515b691529bb7eaf14e
has:
- realm, hostname, dirman_passwd, port, starttls=True)
+ realm, hostname, dirman_passwd, port)
In CSReplicationManager
which causes, e.g.:
ipa-csreplica-manage -p Secret123 list ipa.example.com
cannot connect to 'ldaps://ipa.example.com:389': TLS error -5938:Encountered end of file
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
If a first 4.3+ replica is installed in the domain, the custodia
container does not exist. Make sure it is created to avoid failures
during key generation.
https://fedorahosted.org/freeipa/ticket/5474
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
installing kra on promoted replica (domain level > 0) does not require
replica file.
https://fedorahosted.org/freeipa/ticket/5455
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Message that installation started/failed was shown even when
install_check fail (installation itself did not start).
This commit show messages only if installation started.
Enhacement for https://fedorahosted.org/freeipa/ticket/5455
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
with replica promotion (domain level > 0) there are no replica files,
thus adding replica file as parameter when domain level > 0 should be
disallowed.
https://fedorahosted.org/freeipa/ticket/5455
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Use ding-libs to parse /etc/ipa/default.conf to find the IPA server
to contact by default.
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/2203
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When topology graph was shown with domain level == 0, a view describing
that domain level needs to be at least 1 was shown.
If domain level is raised, this view is then properly replaced by the
graph when shown again.
https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
prerequisite for: https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
prerequisite for: https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Into:
* ActionMixin
* HeaderMixin
It is supposed to be used as a mixin classes to facet.Facets. In long
term it should replace/serve as a base class for facet.facet.
e.g:
var SomeFacet = declare([Facet, ActionMixin, HeaderMixin], {
foo: function() {}
});
Then following spec can be used:
some_facet_spec = {
name: 'some',
label: 'Some Facet',
tab_label: 'Some Facet',
facet_groups: [foo.bar_facet_group],
facet_group: 'search',
actions: ['refresh'],
control_buttons: [
{
name: 'refresh',
label: '@i18n:buttons.refresh',
icon: 'fa-refresh'
}
],
header_actions: [refresh]
};
reg.facet.register({
type: 'some',
ctor: SomeFacet,
spec: some_facet_spec
});
prerequisite for: https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
So that facet.simple_facet_header could be used even in pages without
entity structure - e.g. future topology graph.
prerequisite for: https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
so that commands could be easily chained
prerequisite for: https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When we promote an IPA client to replica, we need to write master-like
default.conf once we start configuring directory server instance. This way
even if DS configuration fails for some reason the server uninstall code can
work properly and clean up partially configured replica.
https://fedorahosted.org/freeipa/ticket/5417
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default mod_auth_gssapi allows all locally available mechanisms. If
the gssntlmssp package is installed, it also offers ntlmssp. This has
the annoying side effect that some browser will pop up a
username/password request dialog if no Krb5 credentials are available.
The patch restricts the mechanism to krb5 and removes ntlmssp and
iakerb support from Apache's ipa.conf.
The new feature was added to mod_auth_gssapi 1.3.0.
https://fedorahosted.org/freeipa/ticket/5114
Reviewed-By: Simo Sorce <ssorce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Simple regexp substitution caused that the domain directive fell under
an inapprorpiate section, if the domain directive was not present. Hence
the idmapd.conf file was not properly parsed.
Use IPAChangeConf to put the directive in its correct place even if it
the domain directive is missing.
https://fedorahosted.org/freeipa/ticket/5069
Reviewed-By: Gabe Alford <redhatrises@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The IPAChangeConf normallizes section names to lower case. There are
cases where this behaviour might not be desirable, so provide a way to
opt out.
https://fedorahosted.org/freeipa/ticket/5069
Reviewed-By: Gabe Alford <redhatrises@gmail.com>
|
| |
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5477
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
Objectclasses must be handled as case insensitive.
https://fedorahosted.org/freeipa/ticket/5456
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
Only warning is shown
https://fedorahosted.org/freeipa/ticket/5483
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Python dns resolver append configured domain to queries which may lead
to false positive answer.
Exmaple: resolving "ipa.example.com" may return records for
"ipa.example.com.example.com" if domain is configured as "example.com"
https://fedorahosted.org/freeipa/ticket/5421
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
