freeipa.git/install/updates, branch my-master FreeIPA patches Add IPA OTP schema and ACLs 2013-05-17T07:30:51+00:00 Nathaniel McCallum npmccallum@redhat.com 2013-04-11T17:24:46+00:00 cb689354357d5311e7ecb231a34e867c23b8a803 This commit adds schema support for two factor authentication via OTP devices, including RADIUS or TOTP. This schema will be used by future patches which will enable two factor authentication directly. https://fedorahosted.org/freeipa/ticket/3365 http://freeipa.org/page/V3/OTP 
This commit adds schema support for two factor authentication via
OTP devices, including RADIUS or TOTP. This schema will be used
by future patches which will enable two factor authentication
directly.

https://fedorahosted.org/freeipa/ticket/3365
http://freeipa.org/page/V3/OTP
Add ipaUserAuthType and ipaUserAuthTypeClass 2013-05-17T07:30:51+00:00 Nathaniel McCallum npmccallum@redhat.com 2013-04-11T16:30:23+00:00 bc26d87b3445b26b5d33235c1dfeedb7a11cdfc8 This schema addition will be useful for future commits. It allows us to define permitted external authentication methods on both the user and global config. The implementation is generic, but the immediate usage is for otp support. https://fedorahosted.org/freeipa/ticket/3365 http://freeipa.org/page/V3/OTP 
This schema addition will be useful for future commits. It allows us to
define permitted external authentication methods on both the user and
global config. The implementation is generic, but the immediate usage
is for otp support.

https://fedorahosted.org/freeipa/ticket/3365
http://freeipa.org/page/V3/OTP
Fix syntax errors in schema files 2013-04-26T15:15:16+00:00 Petr Viktorin pviktori@redhat.com 2013-04-22T13:21:04+00:00 d4a0fa34afd30765e5ea6f0df21976a6494f13d6 - add missing closing parenthesis in idnsRecord declaration - remove extra dollar sign from ipaSudoRule declaration - handle missing/extraneous X-ORIGIN lines in 10-selinuxusermap.update This does not use the schema updater because the syntax needs to be fixed in the files themselves, otherwise 389 1.3.2+ will fail to start. Older DS versions transparently fix the syntax errors. The existing ldap-updater directive for ipaSudoRule is fixed (ldap-updater runs after upgradeconfig). https://fedorahosted.org/freeipa/ticket/3578 
- add missing closing parenthesis in idnsRecord declaration
- remove extra dollar sign from ipaSudoRule declaration
- handle missing/extraneous X-ORIGIN lines in 10-selinuxusermap.update

This does not use the schema updater because the syntax needs to be
fixed in the files themselves, otherwise 389 1.3.2+ will fail
to start.
Older DS versions transparently fix the syntax errors.

The existing ldap-updater directive for ipaSudoRule is fixed
(ldap-updater runs after upgradeconfig).

https://fedorahosted.org/freeipa/ticket/3578
Fix syntax of the dc attributeType 2013-04-26T15:13:52+00:00 Petr Viktorin pviktori@redhat.com 2013-04-22T11:52:21+00:00 e9863e3fe3cc5ca016c4e216ae3d34b750a34c73 dc syntax is changed from Directory String to IA5 String to conform to RFC 2247. Part of the work for https://fedorahosted.org/freeipa/ticket/3578 
dc syntax is changed from Directory String to IA5 String to conform
to RFC 2247.

Part of the work for https://fedorahosted.org/freeipa/ticket/3578
Add userClass attribute for hosts 2013-04-26T14:20:17+00:00 Martin Kosek mkosek@redhat.com 2013-04-23T07:59:24+00:00 5af2e1779ae1a0eca785493c8ed2eb044c8e282a This new freeform host attribute will allow provisioning systems to add custom tags for host objects which can be later used for in automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems Ticket: https://fedorahosted.org/freeipa/ticket/3583 
This new freeform host attribute will allow provisioning systems
to add custom tags for host objects which can be later used for
in automember rules or for additional local interpretation.

Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
Ticket: https://fedorahosted.org/freeipa/ticket/3583
Add missing permissions to Host Administrators privilege 2013-04-24T18:35:22+00:00 Ana Krivokapic akrivoka@redhat.com 2013-04-22T19:43:12+00:00 4cff518517fb400a399fc3cb5cc8bf5285c7cbc5 The 'Host Administrators' privilege was missing two permissions ('Retrieve Certificates from the CA' and 'Revoke Certificate'), causing the inability to remove a host with a certificate. https://fedorahosted.org/freeipa/ticket/3585 
The 'Host Administrators' privilege was missing two permissions
('Retrieve Certificates from the CA' and 'Revoke Certificate'), causing
the inability to remove a host with a certificate.

https://fedorahosted.org/freeipa/ticket/3585
Add nfs:NONE to default PAC types only when needed 2013-04-15T12:46:21+00:00 Tomas Babej tbabej@redhat.com 2013-04-11T14:59:41+00:00 75f080132421d7f3cfe6f82ab0d446f563a5d7bf We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 
We need to add nfs:NONE as a default PAC type only if there's no
other default PAC type for nfs. Adds a update plugin which
determines whether default PAC type for nfs is set and adds
nfs:NONE PAC type accordingly.

https://fedorahosted.org/freeipa/ticket/3555
Apply LDAP update files in blocks of 10, as originally designed. 2013-04-12T14:16:01+00:00 Rob Crittenden rcritten@redhat.com 2013-04-10T16:05:29+00:00 8377f4e92f6c927d6303a4be9d22e71a90af9ab0 In order to have control over the order that updates are applied a numbering system was created for the update files. These values were not actually used. The updates were sorted by DN length and in most cases this was adequate for proper function. The exception was with roles where in some cases a role was added as a member of a permission before the role itself was added so the memberOf value was never created. Now updates are computed and applied in blocks of 10. https://fedorahosted.org/freeipa/ticket/3377 
In order to have control over the order that updates are applied
a numbering system was created for the update files. These values
were not actually used.

The updates were sorted by DN length and in most cases this was
adequate for proper function. The exception was with roles where
in some cases a role was added as a member of a permission before
the role itself was added so the memberOf value was never created.

Now updates are computed and applied in blocks of 10.

https://fedorahosted.org/freeipa/ticket/3377
Remove 'cn' attribute from idnsRecord and idnsZone objectClasses 2013-04-10T11:56:11+00:00 Petr Viktorin pviktori@redhat.com 2013-04-09T14:40:22+00:00 74abb432fb35ce222fd2a9b954557080cad63bf4 A commonName attribute has no meaning in DNS records. https://fedorahosted.org/freeipa/ticket/3514 
A commonName attribute has no meaning in DNS records.

https://fedorahosted.org/freeipa/ticket/3514
Change CNAME and DNAME attributes to single valued 2013-04-02T15:11:46+00:00 Martin Kosek mkosek@redhat.com 2013-03-04T11:48:05+00:00 81be28d6bd49cad19d41a572b0d09c6fe9663359 These DNS attributeTypes are of a singleton type, update LDAP schema to reflect it. https://fedorahosted.org/freeipa/ticket/3440 https://fedorahosted.org/freeipa/ticket/3450 
These DNS attributeTypes are of a singleton type, update LDAP schema
to reflect it.

https://fedorahosted.org/freeipa/ticket/3440
https://fedorahosted.org/freeipa/ticket/3450