freeipa.git/VERSION, branch ipa-2-2 FreeIPA patches Become IPA 2.2.0 2012-05-03T00:11:41+00:00 Rob Crittenden rcritten@redhat.com 2012-05-03T00:11:41+00:00 b16d4340c4b9b9057c980284afe3f03e19bdc8cb 






Limit permission and selfservice names to alphanumerics, -, _, space
2012-04-10T00:56:47+00:00

Petr Viktorin
pviktori@redhat.com

2012-04-06T08:56:46+00:00

04427136b097daebedbb08532c935f605b908905

The DN and ACI code doesn't always escape special characters properly.
Rather than trying to fix it, this patch takes the easy way out and
enforces that the names are safe.

https://fedorahosted.org/freeipa/ticket/2585





The DN and ACI code doesn't always escape special characters properly.
Rather than trying to fix it, this patch takes the easy way out and
enforces that the names are safe.

https://fedorahosted.org/freeipa/ticket/2585







Make revocation_reason required when revoking a certificate.
2012-04-05T06:51:38+00:00

Rob Crittenden
rcritten@redhat.com

2012-04-04T18:57:22+00:00

66317ac7ca4a21fd1055f3ff971ab03dc5ea9a43

This will prevent errors if an empty reason is provided and it is
set by default one doesn't have to always set it on the command-line.

https://fedorahosted.org/freeipa/ticket/2597





This will prevent errors if an empty reason is provided and it is
set by default one doesn't have to always set it on the command-line.

https://fedorahosted.org/freeipa/ticket/2597







Netgroup nisdomain and hosts validation
2012-03-28T14:23:53+00:00

Ondrej Hamada
ohamada@redhat.com

2012-03-27T13:15:20+00:00

df0e73a5dbfb4ad09a74c930f4d7e6d0721e5c9b

nisdomain validation:
Added pattern to the 'nisdomain' parameter to validate the specified
nisdomain name. According to most common use cases the same pattern as
for netgroup should fit. Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2448

'add_external_pre_callback' function was created to allow validation of
all external members. Validation is based on usage of objects primary
key parameter. The 'add_external_pre_callback' fucntion has to be called
directly from in the 'pre_callback' function. This change affects
netgroup, hbacrule and sudorule commands.

For hostname, the validator allows non-fqdn and underscore characters.
validate_hostname function in ipalib.util was modified and contains
additional option that allows hostname to contain underscore characters.
This option is disabled by default.

Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2447





nisdomain validation:
Added pattern to the 'nisdomain' parameter to validate the specified
nisdomain name. According to most common use cases the same pattern as
for netgroup should fit. Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2448

'add_external_pre_callback' function was created to allow validation of
all external members. Validation is based on usage of objects primary
key parameter. The 'add_external_pre_callback' fucntion has to be called
directly from in the 'pre_callback' function. This change affects
netgroup, hbacrule and sudorule commands.

For hostname, the validator allows non-fqdn and underscore characters.
validate_hostname function in ipalib.util was modified and contains
additional option that allows hostname to contain underscore characters.
This option is disabled by default.

Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2447







Add missing global options in dnsconfig
2012-03-20T14:40:18+00:00

Martin Kosek
mkosek@redhat.com

2012-03-07T14:54:38+00:00

957fd7e4206bad9d28d10949d09955e71286659f

Add a support for new global options in bind-dyndb-ldap, that is:
 * idnsforwardpolicy: Default policy for conditional forwarding
 * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
   updates
 * idnszonerefresh: Default interval between regular polls of the
   name server for new DNS zones

https://fedorahosted.org/freeipa/ticket/2439





Add a support for new global options in bind-dyndb-ldap, that is:
 * idnsforwardpolicy: Default policy for conditional forwarding
 * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
   updates
 * idnszonerefresh: Default interval between regular polls of the
   name server for new DNS zones

https://fedorahosted.org/freeipa/ticket/2439







Really Become IPA v2.2.0 RC 1 (2.1.90.rc1)
2012-03-04T23:51:55+00:00

Rob Crittenden
rcritten@redhat.com

2012-03-04T23:51:55+00:00

cde4a1977880808ff511c99c12cb700746815377

I had inadvertently set PRE to 0 and not blank so it was overriding
the RC option.





I had inadvertently set PRE to 0 and not blank so it was overriding
the RC option.







Become IPA v2.2.0 RC 1 (2.1.90.rc1)
2012-03-04T23:42:20+00:00

Rob Crittenden
rcritten@redhat.com

2012-03-04T23:42:20+00:00

a13a64dbd8a71f8d8e8261eaad0f84f0496f6c8a












Fix API.txt and VERSION to reflect new sudoOrder option.
2012-03-02T03:24:37+00:00

Rob Crittenden
rcritten@redhat.com

2012-03-02T20:31:25+00:00

2f17d2d66aa2702a806c51b096b32603f44cf95a












Migration warning when compat enabled
2012-02-29T23:30:53+00:00

Ondrej Hamada
ohamada@redhat.com

2012-03-01T10:41:53+00:00

23134479f6fb5aa79486987992f8c245522feca8

Added check into migration plugin to warn user when compat is enabled.
If compat is enabled, the migration fails and user is warned that he
must turn the compat off or run the script with (the newly introduced)
option '--with-compat'.

'--with-compat' is new flag. If it is set, the compat status is ignored.

https://fedorahosted.org/freeipa/ticket/2274





Added check into migration plugin to warn user when compat is enabled.
If compat is enabled, the migration fails and user is warned that he
must turn the compat off or run the script with (the newly introduced)
option '--with-compat'.

'--with-compat' is new flag. If it is set, the compat status is ignored.

https://fedorahosted.org/freeipa/ticket/2274







Add support defaultNamingContext and add --basedn to migrate-ds
2012-02-29T14:28:32+00:00

Rob Crittenden
rcritten@redhat.com

2012-01-30T21:29:32+00:00

c9e0473c6c6ddf8e09af076934afba6bf43f3fe0

There are two sides to this, the server and client side.

On the server side we attempt to add a defaultNamingContext on already
installed servers. This will fail on older 389-ds instances but the
failure is not fatal. New installations on versions of 389-ds that
support this attribute will have it already defined.

On the client side we need to look for both defaultNamingContext and
namingContexts. We still need to check that the defaultNamingContext
is an IPA server (info=IPAV2).

The migration change also takes advantage of this and adds a new
option which allows one to provide a basedn to use instead of trying
to detect it.

https://fedorahosted.org/freeipa/ticket/1919
https://fedorahosted.org/freeipa/ticket/2314





There are two sides to this, the server and client side.

On the server side we attempt to add a defaultNamingContext on already
installed servers. This will fail on older 389-ds instances but the
failure is not fatal. New installations on versions of 389-ds that
support this attribute will have it already defined.

On the client side we need to look for both defaultNamingContext and
namingContexts. We still need to check that the defaultNamingContext
is an IPA server (info=IPAV2).

The migration change also takes advantage of this and adds a new
option which allows one to provide a basedn to use instead of trying
to detect it.

https://fedorahosted.org/freeipa/ticket/1919
https://fedorahosted.org/freeipa/ticket/2314