freeipa.git/install/share, branch custodia FreeIPA patches Allow to setup the CA when promoting a replica 2015-10-15T12:24:33+00:00 Simo Sorce simo@redhat.com 2015-08-07T19:14:58+00:00 2606f5aecd6ac0db31abb515b691529bb7eaf14e This patch makes --setup-ca work to set upa clone CA while creating a new replica. The standalone ipa-ca-install script is not converted yet though. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
This patch makes --setup-ca work to set upa clone CA while creating
a new replica. The standalone ipa-ca-install script is not converted
yet though.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
handle multiple managed suffixes 2015-10-15T12:24:33+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-08-06T14:40:52+00:00 fcb9854dcb047018a1904c7e6db655af0596e3ae trigger topology updaet if suffix entry is added trigger topology update if managedSuffix is modified in host entry Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
    trigger topology updaet if suffix entry is added
    trigger topology update if managedSuffix is modified in host entry

Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
topology: manage ca replication agreements 2015-10-15T12:24:33+00:00 Petr Vobornik pvoborni@redhat.com 2015-07-15T09:17:14+00:00 fff31ca220311421f1ac8cef0888aaa892e97584 Configure IPA so that topology plugin will manage also CA replication agreements. upgrades if CA is congigured: - ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX - ipaReplTopoManagedSuffix: o=ipaca is added to master entry - binddngroup is added to o=ipaca replica entry Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Configure IPA so that topology plugin will manage also CA replication
agreements.

upgrades if CA is congigured:
- ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX
- ipaReplTopoManagedSuffix: o=ipaca is added to master entry
- binddngroup is added to o=ipaca replica entry

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Add ipa-custodia service 2015-10-15T12:24:33+00:00 Simo Sorce simo@redhat.com 2015-05-08T17:39:29+00:00 463dda30679da9ac5eea5683984002989965e2a5 Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Add a customized Custodia daemon and enable it after installation.
Generates server keys and loads them in LDAP autonomously on install
or update.
Provides client code classes too.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
schema: do not derive ipaVaultPublicKey from ipaPublicKey 2015-10-12T13:48:42+00:00 Jan Cholasta jcholast@redhat.com 2015-10-12T06:04:38+00:00 275e1482de279081ca90ee2951bf379fbdab887f This is a workaround for DS bug: https://bugzilla.redhat.com/show_bug.cgi?id=1267782 https://fedorahosted.org/freeipa/ticket/5359 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
This is a workaround for DS bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1267782

https://fedorahosted.org/freeipa/ticket/5359

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Replace StandardError with Exception 2015-09-30T08:51:36+00:00 Robert Kuska rkuska@redhat.com 2015-08-24T10:40:33+00:00 01da4a8de3ed8651cc95df6125751e1603dbd14e StandardError was removed in Python3 and instead Exception should be used. Signed-off-by: Robert Kuska <rkuska@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
StandardError was removed in Python3 and instead
Exception should be used.

Signed-off-by: Robert Kuska <rkuska@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
install: support KRA update 2015-09-17T12:55:54+00:00 Jan Cholasta jcholast@redhat.com 2015-09-14T05:56:44+00:00 5137478fb8bba16d9cbecba53983c893dc0884d5 https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5250

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
vault: update access control 2015-09-17T12:55:54+00:00 Jan Cholasta jcholast@redhat.com 2015-09-03T07:02:41+00:00 d3503043c47a1adc139688776341dc86b7085448 Do not allow vault and container owners to manage owners. Allow adding vaults and containers only if owner is set to the current user. https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
Do not allow vault and container owners to manage owners. Allow adding vaults
and containers only if owner is set to the current user.

https://fedorahosted.org/freeipa/ticket/5250

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Added CLI param and ACL for vault service operations. 2015-08-17T06:10:59+00:00 Endi S. Dewata edewata@redhat.com 2015-08-11T06:19:59+00:00 0dd95a19ee87a04836f12ad4c1194ad31ac22b93 The CLIs to manage vault owners and members have been modified to accept services with a new parameter. A new ACL has been added to allow a service to create its own service container. https://fedorahosted.org/freeipa/ticket/5172 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com> 
The CLIs to manage vault owners and members have been modified
to accept services with a new parameter.

A new ACL has been added to allow a service to create its own
service container.

https://fedorahosted.org/freeipa/ticket/5172

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Modernize 'except' clauses 2015-08-12T16:17:23+00:00 Petr Viktorin pviktori@redhat.com 2015-07-30T14:49:29+00:00 27dabb45282911e375336f75934af9dd6cc5d963 The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com> 
The 'as' syntax works from Python 2 on, and Python 3 will
drop the "comma" syntax.

Reviewed-By: Tomas Babej <tbabej@redhat.com>