freeipa.git/install/tools/ipa-upgradeconfig, branch mspac

Remove support for IPA deployments with no persistent search

2013-08-09T10:14:42+00:00

Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.

https://fedorahosted.org/freeipa/ticket/3632

Handle --subject option in ipa-server-install

2013-08-08T14:52:48+00:00

Properly handle --subject option of ipa-server-install, making sure this
value gets passed to certmap.conf. Introduce a new template variable
$SUBJECT_BASE for this purpose.

Also make sure that this value is preserved on upgrades.

https://fedorahosted.org/freeipa/ticket/3783

Add 'ipa_server_mode' option to SSSD configuration

2013-07-18T15:49:23+00:00

https://fedorahosted.org/freeipa/ticket/3652

Change group ownership of CRL publish directory

2013-07-16T10:17:40+00:00

Spec file modified so that /var/lib/ipa/pki-ca/publish/ is no
longer owned by created with package installation. The directory
is rather created/removed with the CA instance itself.

This ensures proper creation/removeal, group ownership
and SELinux context.

https://fedorahosted.org/freeipa/ticket/3727

Manage ipa-otpd.socket by IPA

2013-06-06T16:16:59+00:00

Adds a new simple service called OtpdInstance, that manages
ipa-otpd.socket service. Added to server/replica installer
and ipa-upgradeconfig script.

https://fedorahosted.org/freeipa/ticket/3680

Set KRB5CCNAME so that dirsrv can work with newer krb5-server

2013-05-14T21:01:03+00:00

The DIR ccache format is now the default in krb5-server 1.11.2-4
but /run/user/ isn't created for Apache by anything so it
has no ccache (and it doesn't have SELinux permissions to write here
either).

Use KRB5CCNAME to set a file path instead in /etc/sysconfig/dirsrv.

https://fedorahosted.org/freeipa/ticket/3628

Set KRB5CCNAME so httpd s4u2proxy can with with newer krb5-server

2013-05-09T07:15:47+00:00

The DIR ccache format is now the default in krb5-server 1.11.2-4
but /run/user/ isn't created for Apache by anything so it
has no ccache (and it doesn't have SELinux permissions to write here
either).

Use KRB5CCNAME to set a file path instead in /etc/sysconfig/httpd.

https://fedorahosted.org/freeipa/ticket/3607

Fix syntax errors in schema files

2013-04-26T15:15:16+00:00

- add missing closing parenthesis in idnsRecord declaration
- remove extra dollar sign from ipaSudoRule declaration
- handle missing/extraneous X-ORIGIN lines in 10-selinuxusermap.update

This does not use the schema updater because the syntax needs to be
fixed in the files themselves, otherwise 389 1.3.2+ will fail
to start.
Older DS versions transparently fix the syntax errors.

The existing ldap-updater directive for ipaSudoRule is fixed
(ldap-updater runs after upgradeconfig).

https://fedorahosted.org/freeipa/ticket/3578

Uninstall selfsign CA on upgrade

2013-04-15T20:55:27+00:00

This will convert a master with a selfsign CA to a CA-less one in
ipa-upgradeconfig.
The relevant files are left in place and can be used to manage certs
manually.

Part of the work for: https://fedorahosted.org/freeipa/ticket/3494

Use A/AAAA records instead of CNAME records in ipa-ca.

2013-04-15T19:12:36+00:00

https://fedorahosted.org/freeipa/ticket/3547