freeipa.git/install, branch AD-binds FreeIPA patches Server Upgrade: create default config for NIS Server plugin 2015-06-18T15:48:36+00:00 Martin Basti mbasti@redhat.com 2015-06-11T11:59:09+00:00 20ffd4b61434e2630bf6512170a213767ff8d679 Plugin is disabled by default. This commit prevents false positive upgrade errors. Reviewed-By: Martin Basti <mbasti@redhat.com> 
Plugin is disabled by default.

This commit prevents false positive upgrade errors.

Reviewed-By: Martin Basti <mbasti@redhat.com>
webui: adjust user deleter dialog to new api 2015-06-18T13:50:44+00:00 Petr Vobornik pvoborni@redhat.com 2015-06-18T10:59:05+00:00 baca55c665b2bdfa5cb9a6ad88daeccef0500999 In user_del, flags 'permanently' and 'preserve' were replaced with single bool option 'preserve' part of: https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com> 
In user_del, flags 'permanently' and 'preserve' were replaced with single
bool option 'preserve'

part of: https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: David Kupka <dkupka@redhat.com>
add DS index for userCertificate attribute 2015-06-18T13:42:03+00:00 Martin Babinsky mbabinsk@redhat.com 2015-06-16T11:20:15+00:00 3bea4418089dc97136040cfc58157a77aea8b0aa 'eq' and 'pres' indices for userCertificate attribute allow for more efficient lookup and matching of binary certificates assigned to users, hosts, and services. Part of http://www.freeipa.org/page/V4/User_Certificates Reviewed-By: Martin Basti <mbasti@redhat.com> 
'eq' and 'pres' indices for userCertificate attribute allow for more efficient
lookup and matching of binary certificates assigned to users, hosts, and
services.

Part of http://www.freeipa.org/page/V4/User_Certificates

Reviewed-By: Martin Basti <mbasti@redhat.com>
DNS: add UnknownRecord to schema 2015-06-18T12:37:28+00:00 Martin Basti mbasti@redhat.com 2015-05-22T10:39:08+00:00 3ababb763b93af4012705d59d2f55801d172835c defintion of UnknownRecord attributetype https://fedorahosted.org/freeipa/ticket/4939 Reviewed-By: Petr Spacek <pspacek@redhat.com> 
defintion of UnknownRecord attributetype

https://fedorahosted.org/freeipa/ticket/4939

Reviewed-By: Petr Spacek <pspacek@redhat.com>
ipa-replica-manage: adjust del to work with managed topology 2015-06-15T14:06:48+00:00 Petr Vobornik pvoborni@redhat.com 2015-06-12T13:56:30+00:00 e9e4509b10e5064556f0aa9a6f0124f38f14b31b Introduces new method for deletion of replica. This method is used if managed topology is enabled. part of https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
Introduces new method for deletion of replica. This method is used if
managed topology is enabled.

part of https://fedorahosted.org/freeipa/ticket/4302

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
ipa-replica-manage: Do not allow topology altering commands from DL 1 2015-06-15T13:02:06+00:00 Petr Vobornik pvoborni@redhat.com 2015-06-10T16:23:37+00:00 45dccedd12e6d26e146ad9c30c2c304e6b2eded1 With Domain Level 1 and above, the usage of ipa-replica-manage commands that alter the replica topology is deprecated. Following commands are prohibited: * connect * disconnect Upon executing any of these commands, users are pointed out to the ipa topologysegment-* replacements. Exception is creation/deletion of winsync agreement. Part of: https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
With Domain Level 1 and above, the usage of ipa-replica-manage commands
that alter the replica topology is deprecated. Following commands
are prohibited:

* connect
* disconnect

Upon executing any of these commands, users are pointed out to the
ipa topologysegment-* replacements.

Exception is creation/deletion of winsync agreement.

Part of: https://fedorahosted.org/freeipa/ticket/4302

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
topology: restrict direction changes 2015-06-15T07:38:46+00:00 Petr Vobornik pvoborni@redhat.com 2015-06-10T12:44:09+00:00 6b153ba876edf1ed9249ed29420a4af2b2e1830d topology plugin doesn't properly handle: - creation of segment with direction 'none' and then upgrade to other direction - downgrade of direction These situations are now forbidden in API. part of: https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
topology plugin doesn't properly handle:
- creation of segment with direction 'none' and then upgrade to other
  direction
- downgrade of direction

These situations are now forbidden in API.

part of: https://fedorahosted.org/freeipa/ticket/4302

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Add CA ACL plugin 2015-06-11T10:50:31+00:00 Fraser Tweedale ftweedal@redhat.com 2015-05-25T12:39:07+00:00 bc0c60688505968daf6851e3e179aab20e23af7d Implement the caacl commands, which are used to indicate which principals may be issued certificates from which (sub-)CAs, using which profiles. At this commit, and until sub-CAs are implemented, all rules refer to the top-level CA (represented as ".") and no ca-ref argument is exposed. Also, during install and upgrade add a default CA ACL that permits certificate issuance for all hosts and services using the profile 'caIPAserviceCert' on the top-level CA. Part of: https://fedorahosted.org/freeipa/ticket/57 Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Implement the caacl commands, which are used to indicate which
principals may be issued certificates from which (sub-)CAs, using
which profiles.

At this commit, and until sub-CAs are implemented, all rules refer
to the top-level CA (represented as ".") and no ca-ref argument is
exposed.

Also, during install and upgrade add a default CA ACL that permits
certificate issuance for all hosts and services using the profile
'caIPAserviceCert' on the top-level CA.

Part of: https://fedorahosted.org/freeipa/ticket/57
Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Martin Basti <mbasti@redhat.com>
webui: make topology suffices UI readonly 2015-06-11T10:21:47+00:00 Petr Vobornik pvoborni@redhat.com 2015-06-10T13:20:50+00:00 ae56ca422d1897569717fa44a5d483b10e490f6a Admins should not modify topology suffices. They are created on install/upgrade. part of: https://fedorahosted.org/freeipa/ticket/4997 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
Admins should not modify topology suffices. They are created on
install/upgrade.

part of: https://fedorahosted.org/freeipa/ticket/4997

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
add entries required by topology plugin on update 2015-06-11T10:10:40+00:00 Petr Vobornik pvoborni@redhat.com 2015-06-04T14:27:51+00:00 99ce650b59dbf9da7dc95f1cade91fcfa55b8375 These entries were not added on upgrade from old IPA servers and on replica creation. https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
These entries were not added on upgrade from old IPA servers and on replica
creation.

https://fedorahosted.org/freeipa/ticket/4302

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>