freeipa.git/VERSION, branch custodia FreeIPA patches vault: add vault container commands 2015-09-17T12:55:54+00:00 Petr Vobornik pvoborni@redhat.com 2015-08-25T17:56:00+00:00 d396913e9c0578fa68847b84e44a4f0dd916fbfd adds commands: * vaultcontainer-show [--service <service>|--user <user>|--shared ] * vaultcontainer-del [--service <service>|--user <user>|--shared ] * vaultcontainer-add-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] * vaultcontainer-remove-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
adds commands:
* vaultcontainer-show [--service <service>|--user <user>|--shared ]
* vaultcontainer-del [--service <service>|--user <user>|--shared ]
* vaultcontainer-add-owner
     [--service <service>|--user <user>|--shared ]
     [--users <users>]  [--groups <groups>] [--services <services>]
* vaultcontainer-remove-owner
     [--service <service>|--user <user>|--shared ]
     [--users <users>]  [--groups <groups>] [--services <services>]

https://fedorahosted.org/freeipa/ticket/5250

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
certprofile: remove 'rename' option 2015-09-02T11:47:48+00:00 Fraser Tweedale ftweedal@redhat.com 2015-09-02T01:04:34+00:00 86cd47af0245a216324900be39be1a145bf0741b The initial fix of ticket 5247 rejected renames, but left the option behind for API compatibility. Remove the option now, according to the consensus that because it never worked, it is fine to remove it. Fixes: https://fedorahosted.org/freeipa/ticket/5247 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
The initial fix of ticket 5247 rejected renames, but left the option
behind for API compatibility.  Remove the option now, according to
the consensus that because it never worked, it is fine to remove it.

Fixes: https://fedorahosted.org/freeipa/ticket/5247
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
vault: change default vault type to symmetric 2015-08-26T08:56:28+00:00 Petr Vobornik pvoborni@redhat.com 2015-08-25T16:25:50+00:00 19dd2ed758210e859a5b0085de558cf13ba09104 https://fedorahosted.org/freeipa/ticket/5251 Reviewed-By: Martin Basti <mbasti@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5251

Reviewed-By: Martin Basti <mbasti@redhat.com>
Added support for changing vault encryption. 2015-08-25T17:11:53+00:00 Endi S. Dewata edewata@redhat.com 2015-07-31T05:53:15+00:00 e46d9236d19f714b67fdf2865f19146c3016f46d The vault-mod command has been modified to support changing vault encryption attributes (i.e. type, password, public/private keys) in addition to normal attributes (i.e. description). Changing the encryption requires retrieving the stored secret with the old attributes and rearchiving it with the new attributes. https://fedorahosted.org/freeipa/ticket/5176 Reviewed-By: Martin Basti <mbasti@redhat.com> 
The vault-mod command has been modified to support changing vault
encryption attributes (i.e. type, password, public/private keys)
in addition to normal attributes (i.e. description). Changing the
encryption requires retrieving the stored secret with the old
attributes and rearchiving it with the new attributes.

https://fedorahosted.org/freeipa/ticket/5176

Reviewed-By: Martin Basti <mbasti@redhat.com>
Add user-stage command 2015-08-21T10:29:03+00:00 Martin Basti mbasti@redhat.com 2015-08-17T18:11:21+00:00 fb98e77104cee4fb23223a25128e75d88cfe5ba8 This patch replaces 'stageuser-add --from-delete' with new command user-stage. Original way always required to specify first and last name, and overall combination of options was hard to manage. The new command requires only login of deleted user (user-del --preserve). https://fedorahosted.org/freeipa/ticket/5041 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
This patch replaces 'stageuser-add --from-delete' with new command
user-stage.

Original way always required  to specify first and last name, and
overall combination of options was hard to manage. The new command
requires only login of deleted user (user-del --preserve).

https://fedorahosted.org/freeipa/ticket/5041

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Add flag to list all service and user vaults 2015-08-19T12:47:58+00:00 Christian Heimes cheimes@redhat.com 2015-08-19T11:32:01+00:00 0abaf195dc3b0920d2439dd4ec6df61e0aadc4f9 The vault-find plugin has two additional arguments to list all service vaults or user vaults. Since the name of a vault is only unique for a particular user or service, the commands also print the vault user or vault service. The virtual attributes were added in rev 01dd951ddc0181b559eb3dd5ff0336c81e245628. Example: $ ipa vault-find --users ---------------- 2 vaults matched ---------------- Vault name: myvault Type: standard Vault user: admin Vault name: UserVault Type: standard Vault user: admin ---------------------------- Number of entries returned 2 ---------------------------- $ ipa vault-find --services ---------------- 2 vaults matched ---------------- Vault name: myvault Type: standard Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL Vault name: myvault Type: standard Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL ---------------------------- Number of entries returned 2 ---------------------------- https://fedorahosted.org/freeipa/ticket/5150 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
The vault-find plugin has two additional arguments to list all
service vaults or user vaults. Since the name of a vault is only unique
for a particular user or service, the commands also print the vault user
or vault service. The virtual attributes were added in rev
01dd951ddc0181b559eb3dd5ff0336c81e245628.

Example:

$ ipa vault-find --users
----------------
2 vaults matched
----------------
  Vault name: myvault
  Type: standard
  Vault user: admin

  Vault name: UserVault
  Type: standard
  Vault user: admin
----------------------------
Number of entries returned 2
----------------------------

$ ipa vault-find --services
----------------
2 vaults matched
----------------
  Vault name: myvault
  Type: standard
  Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL

  Vault name: myvault
  Type: standard
  Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL
----------------------------
Number of entries returned 2
----------------------------

https://fedorahosted.org/freeipa/ticket/5150

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
vault: validate vault type 2015-08-18T11:28:32+00:00 Petr Vobornik pvoborni@redhat.com 2015-08-18T10:50:54+00:00 6941f4eec70456c542fb565405eed02cceb54e10 https://fedorahosted.org/freeipa/ticket/5211 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5211

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Added CLI param and ACL for vault service operations. 2015-08-17T06:10:59+00:00 Endi S. Dewata edewata@redhat.com 2015-08-11T06:19:59+00:00 0dd95a19ee87a04836f12ad4c1194ad31ac22b93 The CLIs to manage vault owners and members have been modified to accept services with a new parameter. A new ACL has been added to allow a service to create its own service container. https://fedorahosted.org/freeipa/ticket/5172 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com> 
The CLIs to manage vault owners and members have been modified
to accept services with a new parameter.

A new ACL has been added to allow a service to create its own
service container.

https://fedorahosted.org/freeipa/ticket/5172

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
user-show: add --out option to save certificates to file 2015-07-31T14:11:17+00:00 Fraser Tweedale ftweedal@redhat.com 2015-07-24T13:31:26+00:00 896783bae817ef16ca1cb31a0c434fe863287cc3 Add the --out option to user-show, bringing it into line with host-show and service-show with the ability to save the user's certificate(s) to a file. https://fedorahosted.org/freeipa/ticket/5171 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Add the --out option to user-show, bringing it into line with
host-show and service-show with the ability to save the user's
certificate(s) to a file.

https://fedorahosted.org/freeipa/ticket/5171

Reviewed-By: Martin Basti <mbasti@redhat.com>
DNS: Consolidate DNS RR types in API and schema 2015-07-21T15:18:29+00:00 Martin Basti mbasti@redhat.com 2015-07-15T07:44:07+00:00 5ea41abe9836c94579115f9b220a8205b15d520d * Remove NSEC3, DNSKEY, TSIG, TKEY, TA records from API: These records never worked, they dont have attributes in schema. TSIG and TKEY are meta-RR should not be in LDAP TA is not supported by BIND NSEC3, DNSKEY are DNSSEC records generated by BIND, should not be in LDAP. *! SIG, NSEC are already defined in schema, must stay in API. * Add HINFO, MINFO, MD, NXT records to API as unsupported records These records are already defined in LDAP schema * Add schema for RP, APL, IPSEC, DHCID, HIP, SPF records These records were defined in IPA API as unsupported, but schema definition was missing. This causes that ACI cannot be created for these records and dnszone-find failed. (#5055) https://fedorahosted.org/freeipa/ticket/4934 https://fedorahosted.org/freeipa/ticket/5055 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com> 
* Remove NSEC3, DNSKEY, TSIG, TKEY, TA records from API:
    These records never worked, they dont have attributes in schema.
    TSIG and TKEY are meta-RR should not be in LDAP
    TA is not supported by BIND
    NSEC3, DNSKEY are DNSSEC records generated by BIND, should not be
    in LDAP.
    *! SIG, NSEC are already defined in schema, must stay in API.

* Add HINFO, MINFO, MD, NXT records to API as unsupported records
    These records are already defined in LDAP schema

* Add schema for RP, APL, IPSEC, DHCID, HIP, SPF records
    These records were defined in IPA API as unsupported, but schema definition was
    missing. This causes that ACI cannot be created for these records
    and dnszone-find failed. (#5055)

https://fedorahosted.org/freeipa/ticket/4934
https://fedorahosted.org/freeipa/ticket/5055

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>