| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5018
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
If value does not exists then do not update entry. Otherwise, together with
nonexistent entry, the LDAP decode error will be raised.
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port
for installation.
Without enabled LDAPi socket checking doesnt work.
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4302
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bad ordering of LDAP entries during replica removal resulted in a failure to
delete replica and its services from cn=masters,cn=ipa,cn=etc,$SUFFIX. This
patch enforces the correct ordering of entries resulting in proper removal of
services before the host entry itself.
https://fedorahosted.org/freeipa/ticket/5019
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This also prevent the script ipa-upgradeconfig execute upgrading.
Upgrade of services is called from ipa-server-upgrade
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This is a prerequisite to further refactoring of KRA install/uninstall
functionality in all IPA install scripts.
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With Samba 4.2 there is a bug that prevents Samba to consider Kerberos
credentials used by IPA httpd process when talking to smbd. As result,
LSA RPC connection is seen as anonymous by Samba client code and we cannot
derive session key to use for encrypting trust secrets before transmitting
them.
Additionally, rewrite of the SMB protocol support in Samba caused previously
working logic of choosing DCE RPC binding string to fail. We need to try
a different set of priorities until they fail or succeed.
Requires Samba fixes from https://bugzilla.redhat.com/show_bug.cgi?id=1219832
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1219834
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
| |
Accidentaly schema upgrade has not been executed.
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
During server upgrade we should wait until DS is ready after restart, otherwise
connection error is raised.
Instead of 389 port, the DS socket is checked.
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
ipa-kra-install validates and asks for directory manager password during
uninstallation phase. Since this password is never used during service
uninstall, the uninstaller will not perform these checks anymore.
https://fedorahosted.org/freeipa/ticket/5028
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is required modification to be able move to new installers.
DNS subsystem will be installed by functions in this module in each of
ipa-server-install, ipa-dns-install, ipa-replica-install install
scripts.
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
during IPA server uninstall, the httpd service ccache is not removed from
runtime directory. This file then causes server-side client install to fail
when performing subsequent installation without rebooting/recreating runtime
directories.
This patch ensures that the old httpd ccache is explicitly destroyed during
uninstallation.
https://fedorahosted.org/freeipa/ticket/4973
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
| |
IPA creates own instance of CA, so there is no need to check if previous
instance was enabled, because there could not be any.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
Kasp should not be replaced by DNS reinstallation with new file.
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ipa-ldap-updater is now just util which applies changes specified in update
files or schema files.
ipa-ldap-updater will not do overall server upgrade anymore, use
ipa-server-upgrade instead.
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
* Prevent to continue with upgrade if a fatal error happened
* Use exceptions to handle failures
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Ldapupdater should not call sys.exit() in the middle of execution and
should fail gracefully
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Creation of stage user administrator
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows to use base64 encoded values in update files.
Double colon ('::') must be used as separator between attribute name
and base64 encoded value.
add:attr::<base64-value>
replace:attr::<old-base64-value>::<new-base64-value>
https://fedorahosted.org/freeipa/ticket/4984
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CSV values are not supported in upgrade files anymore
Instead of
add:attribute: 'first, part', second
please use
add:attribute: firts, part
add:attribute: second
Required for ticket: https://fedorahosted.org/freeipa/ticket/4984
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Destroy connection is an internal function of Connectible and therefore
it should not be used directly.
https://fedorahosted.org/freeipa/ticket/4991
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
A regression fix.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch forces replicas to use DELETE+ADD operations to increment
'nsDS5ReplicaId' in 'cn=replication,cn=etc,$SUFFIX' on master, and retry
multiple times in the case of conflict with another update. Thus when multiple
replicas are set-up against single master none of them will have duplicate ID.
https://fedorahosted.org/freeipa/ticket/4378
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
CAInstance.stop_tracking_certificates() no longer has dogtag_constants
argument.
https://fedorahosted.org/freeipa/ticket/4775
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4925
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4925
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
To avoid cyclic imports realm_to_serverid function had to be moved to
installutils from dsinstance.
Required for: https://fedorahosted.org/freeipa/ticket/4925
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
DN sorting was removed in previous patches
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4575
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Verify version and platform before upgrade or ipactl start|restart
Upgrade:
* do not allow upgrade on different platforms
* do not allow upgrade data with higher version than build has
Start:
* do not start services if platform mismatch
* do not start services if upgrade is needed
* do not start services if data with higher version than build has
New ipactl options:
--skip-version-check: do not validate IPA version
--ignore-service-failures (was --force): ignore if a service start fail
and continue with starting other services
--force: combine --skip-version-check and --ignore-service-failures
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch adds an error handler which prints out the paths to logs related to
configuration and installation of Dogtag/CA in the case of failure.
https://fedorahosted.org/freeipa/ticket/4900
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
pylint added 'confidence' parameter to 'add_message' method of PyLinter.
To be compatible with both, pre- and post- 1.4 IPALinter must accept
the parameter but not pass it over.
Also python3 checker was added and enabled by default. FreeIPA is still
not ready for python3.
Additionally few false-positives was marked.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the old implementation tried to get all entries which are member of group.
That means also user. User can't have any members therefore this costly
processing was unnecessary.
New implementation reduces the search only to entries which have members.
Also page size was removed to avoid paging by small pages(default size: 100)
which is very slow for many members.
https://fedorahosted.org/freeipa/ticket/4947
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
This was the last use of EditableDN in IPA; the class can now be removed.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Calls to ipautil.run using kinit were replaced with calls
kinit_keytab/kinit_password functions implemented in the PATCH 0015.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Removes extra class DSRestart which do the same thing
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Connection should be closed if update is done
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
This is required to have proper LDAP connection in plugins
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
