freeipa.git/install/updates, branch ipasam_getkeytab FreeIPA patches Convert ipa-sam to use the new getkeytab control 2015-12-03T13:19:14+00:00 Simo Sorce simo@redhat.com 2015-12-01T18:43:35+00:00 b384d65b20f88c11ac9dd637ea54ea35bbe636a6 Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/5495 
Signed-off-by: Simo Sorce <simo@redhat.com>

Ticket: https://fedorahosted.org/freeipa/ticket/5495
Add profiles and default CA ACL on migration 2015-11-24T09:12:24+00:00 Fraser Tweedale ftweedal@redhat.com 2015-11-23T01:09:32+00:00 620036d26e98fdcefff00168e9e5463a8257d49c Profiles and the default CA ACL were not being added during replica install from pre-4.2 servers. Update ipa-replica-install to add these if they are missing. Also update the caacl plugin to prevent deletion of the default CA ACL and instruct the administrator to disable it instead. To ensure that the cainstance installation can add profiles, supply the RA certificate as part of the instance configuration. Certmonger renewal setup is avoided at this point because the NSSDB gets reinitialised later in installation procedure. Also move the addition of the default CA ACL from dsinstance installation to cainstance installation. Fixes: https://fedorahosted.org/freeipa/ticket/5459 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Profiles and the default CA ACL were not being added during replica
install from pre-4.2 servers.  Update ipa-replica-install to add
these if they are missing.

Also update the caacl plugin to prevent deletion of the default CA
ACL and instruct the administrator to disable it instead.

To ensure that the cainstance installation can add profiles, supply
the RA certificate as part of the instance configuration.
Certmonger renewal setup is avoided at this point because the NSSDB
gets reinitialised later in installation procedure.

Also move the addition of the default CA ACL from dsinstance
installation to cainstance installation.

Fixes: https://fedorahosted.org/freeipa/ticket/5459
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
custodia: ipa-upgrade failed on replica 2015-11-05T10:46:48+00:00 Gabe redhatrises@gmail.com 2015-11-05T02:09:58+00:00 1e91ef33b522c3b316c7917379e56c168b1e2d52 - Add 73-custodia.update to install/updates/Makefile.am https://fedorahosted.org/freeipa/ticket/5374 Reviewed-By: Martin Basti <mbasti@redhat.com> 
- Add 73-custodia.update to install/updates/Makefile.am

https://fedorahosted.org/freeipa/ticket/5374

Reviewed-By: Martin Basti <mbasti@redhat.com>
Remove 50-lockout-policy.update file 2015-10-30T13:20:16+00:00 Gabe redhatrises@gmail.com 2015-10-30T12:27:11+00:00 7ef827eeb6b65af8915019bac82932a2c831fc95 Remove lockout policy update file because all currently supported versions have krbPwdMaxFailure defaulting to 6 and krbPwdLockoutDuration defaulting to 600. Keeping lockout policy update file prevents from creating a more scrict policy in environments subject to regulatory compliance https://fedorahosted.org/freeipa/ticket/5418 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
Remove lockout policy update file because all currently supported versions
have krbPwdMaxFailure defaulting to 6 and krbPwdLockoutDuration defaulting to 600.

Keeping lockout policy update file prevents from creating a more scrict policy in
environments subject to regulatory compliance

https://fedorahosted.org/freeipa/ticket/5418

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
topology plugin configuration workaround 2015-10-15T12:24:33+00:00 Petr Vobornik pvoborni@redhat.com 2015-07-23T12:56:12+00:00 80e11d24696c30ee311bd019ed39df8fc0f908a2 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
enable topology plugin on upgrade 2015-10-15T12:24:33+00:00 Petr Vobornik pvoborni@redhat.com 2015-07-31T14:22:13+00:00 834b5fd513d799bb9fe2cbc29417ff8ec7357033 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
topology: manage ca replication agreements 2015-10-15T12:24:33+00:00 Petr Vobornik pvoborni@redhat.com 2015-07-15T09:17:14+00:00 fff31ca220311421f1ac8cef0888aaa892e97584 Configure IPA so that topology plugin will manage also CA replication agreements. upgrades if CA is congigured: - ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX - ipaReplTopoManagedSuffix: o=ipaca is added to master entry - binddngroup is added to o=ipaca replica entry Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Configure IPA so that topology plugin will manage also CA replication
agreements.

upgrades if CA is congigured:
- ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX
- ipaReplTopoManagedSuffix: o=ipaca is added to master entry
- binddngroup is added to o=ipaca replica entry

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Add ipa-custodia service 2015-10-15T12:24:33+00:00 Simo Sorce simo@redhat.com 2015-05-08T17:39:29+00:00 463dda30679da9ac5eea5683984002989965e2a5 Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Add a customized Custodia daemon and enable it after installation.
Generates server keys and loads them in LDAP autonomously on install
or update.
Provides client code classes too.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
topology: add realm suffix to master entry on update 2015-10-15T12:08:47+00:00 Petr Vobornik pvoborni@redhat.com 2015-10-15T11:58:46+00:00 ba22999cefb57f344acdc63a553d569ab6249099 Realm suffix was set only during installation but not on update. Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Realm suffix was set only during installation but not on update.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
vault: fix private service vault creation 2015-10-13T12:34:00+00:00 Jan Cholasta jcholast@redhat.com 2015-10-13T08:10:48+00:00 2f3450249ded2c14d2ca55f15bdcace7007a6ebb https://fedorahosted.org/freeipa/ticket/5361 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5361

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>