freeipa.git/install/tools, branch cakeysfix FreeIPA patches fix minor typos in ipa-adtrust-install.1 2017-04-25T10:20:45+00:00 realsobek liebundartig@freenet.de 2017-04-15T11:52:44+00:00 298f725e5b2f820369c337dd1ab4bfd9ad3cd01f Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
compat-manage: behave the same for all users 2017-04-24T15:11:51+00:00 Stanislav Laznicka slaznick@redhat.com 2017-04-21T07:32:34+00:00 0c0af8cf7adf61ef03ba1240ecbdecef7fa15275 Due to LDAP connection refactoring, compat-manage would have behaved differently for root and for other users even though it requires the directory manager password. This is caused by it trying to do external bind when it does not have the DIRMAN password which was previously not supplied. https://pagure.io/freeipa/issue/6821 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Due to LDAP connection refactoring, compat-manage would have behaved
differently for root and for other users even though it requires
the directory manager password. This is caused by it trying to do
external bind when it does not have the DIRMAN password which was
previously not supplied.

https://pagure.io/freeipa/issue/6821

Reviewed-By: Martin Basti <mbasti@redhat.com>
Minor typo fixes 2017-04-12T13:42:17+00:00 Abhijeet Kasurde akasurde@redhat.com 2017-04-11T10:09:04+00:00 cb869314729022d4c16339bb08b79c5c30fe29df Fixes https://pagure.io/freeipa/issue/6865 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
Fixes https://pagure.io/freeipa/issue/6865

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
ipa-ca-install man page: Add domain level 1 help 2017-03-31T10:16:58+00:00 Florence Blanc-Renaud flo@redhat.com 2017-03-30T16:23:59+00:00 b96a942cdca09496be9f911499036bee60084aee In domain level 1 ipa-ca-install does not require a replica-file. Update the man page to distinguish the domain level 0 or 1 usage. https://pagure.io/freeipa/issue/5831 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
In domain level 1 ipa-ca-install does not require a replica-file. Update the
man page to distinguish the domain level 0 or 1 usage.

https://pagure.io/freeipa/issue/5831

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
replica-prepare man: remove pkinit option refs 2017-03-30T13:41:35+00:00 Stanislav Laznicka slaznick@redhat.com 2017-03-24T11:29:53+00:00 8af884d0489d5d57895959d27ca6eb8815c6c922 Remove the references to the pkinit options which was forgotten about in 46d4d534c0 https://pagure.io/freeipa/issue/6801 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Remove the references to the pkinit options which was forgotten
about in 46d4d534c0

https://pagure.io/freeipa/issue/6801

Reviewed-By: Martin Basti <mbasti@redhat.com>
Don't allow setting pkinit-related options on DL0 2017-03-30T13:41:35+00:00 Stanislav Laznicka slaznick@redhat.com 2017-03-22T16:26:51+00:00 9e3ae785ac9b62b8e0809a4aa56363c458316135 pkinit is not supported on DL0, remove options that allow to set it from ipa-{server,replica}-install. https://pagure.io/freeipa/issue/6801 Reviewed-By: Martin Basti <mbasti@redhat.com> 
pkinit is not supported on DL0, remove options that allow to set it
from ipa-{server,replica}-install.

https://pagure.io/freeipa/issue/6801

Reviewed-By: Martin Basti <mbasti@redhat.com>
Use Custodia 0.3.1 features 2017-03-28T13:02:06+00:00 Christian Heimes cheimes@redhat.com 2017-02-28T11:07:19+00:00 f5bf5466eda0de2a211b4f2682e5c50b82577701 * Use sd-notify in ipa-custodia.service * Introduce libexec/ipa/ipa-custodia script. It comes with correct default setting for IPA's config file. The new file also makes it simpler to run IPA's custodia instance with its own SELinux context. * ipapython no longer depends on custodia The patch addresses three issues: * https://bugzilla.redhat.com/show_bug.cgi?id=1430247 Forward compatibility with Custodia 0.3 in Fedora rawhide * https://pagure.io/freeipa/issue/5825 Use sd-notify * https://pagure.io/freeipa/issue/6788 Prepare for separate SELinux context Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
* Use sd-notify in ipa-custodia.service
* Introduce libexec/ipa/ipa-custodia script. It comes with correct
  default setting for IPA's config file. The new file also makes it
  simpler to run IPA's custodia instance with its own SELinux context.
* ipapython no longer depends on custodia

The patch addresses three issues:

* https://bugzilla.redhat.com/show_bug.cgi?id=1430247
  Forward compatibility with Custodia 0.3 in Fedora rawhide
* https://pagure.io/freeipa/issue/5825
  Use sd-notify
* https://pagure.io/freeipa/issue/6788
  Prepare for separate SELinux context

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
man ipa-cacert-manage install needs clarification 2017-03-22T09:13:56+00:00 Florence Blanc-Renaud flo@redhat.com 2017-03-22T07:49:39+00:00 3ea2834b76a72c97186b01487e885800754c0fbc The customers are often confused by ipa-cacert-manage install. The man page should make it clear that IPA CA is not modified in any way by this command. https://pagure.io/freeipa/issue/6795 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> 
The customers are often confused by ipa-cacert-manage install. The man page
should make it clear that IPA CA is not modified in any way by this command.

https://pagure.io/freeipa/issue/6795

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Fix Python 3 pylint errors 2017-03-15T18:11:32+00:00 Christian Heimes cheimes@redhat.com 2017-03-15T07:47:46+00:00 602b395cf19b0ae0b8ade1c13ddaf09175ed7291 ************* Module ipaserver.install.ipa_kra_install ipaserver/install/ipa_kra_install.py:25: [W0402(deprecated-module), ] Uses of a deprecated module 'optparse') ************* Module ipapython.install.core ipapython/install/core.py:163: [E1101(no-member), _knob] Module 'types' has no 'TypeType' member) ************* Module ipatests.test_ipapython.test_dn ipatests/test_ipapython/test_dn.py:1205: [W1505(deprecated-method), TestDN.test_x500_text] Using deprecated method assertEquals()) ************* Module ipa-ca-install install/tools/ipa-ca-install:228: [E1101(no-member), install_master] Instance of 'ValueError' has no 'message' member) install/tools/ipa-ca-install:232: [E1101(no-member), install_master] Instance of 'ValueError' has no 'message' member) Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
************* Module ipaserver.install.ipa_kra_install
ipaserver/install/ipa_kra_install.py:25: [W0402(deprecated-module), ] Uses of a deprecated module 'optparse')
************* Module ipapython.install.core
ipapython/install/core.py:163: [E1101(no-member), _knob] Module 'types' has no 'TypeType' member)
************* Module ipatests.test_ipapython.test_dn
ipatests/test_ipapython/test_dn.py:1205: [W1505(deprecated-method), TestDN.test_x500_text] Using deprecated method assertEquals())
************* Module ipa-ca-install
install/tools/ipa-ca-install:228: [E1101(no-member), install_master] Instance of 'ValueError' has no 'message' member)
install/tools/ipa-ca-install:232: [E1101(no-member), install_master] Instance of 'ValueError' has no 'message' member)

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Don't allow standalone KRA uninstalls 2017-03-13T15:27:23+00:00 Stanislav Laznicka slaznick@redhat.com 2017-03-08T15:38:12+00:00 5d3a0e6758866239c886e998a6d89c5a4b150184 KRA uninstallation is very likely to break the user's setup. Don't allow it at least till we can be safely sure we are able to remove it in a standalone manner without breaking anything. https://pagure.io/freeipa/issue/6538 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> 
KRA uninstallation is very likely to break the user's setup. Don't
allow it at least till we can be safely sure we are able to remove
it in a standalone manner without breaking anything.

https://pagure.io/freeipa/issue/6538

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>