freeipa.git/ipaplatform/base, branch AD-binds FreeIPA patches Use 389-ds centralized scripts. 2015-06-11T11:16:06+00:00 David Kupka dkupka@redhat.com 2015-04-01T15:27:36+00:00 4d05b5d18da84c1e9cc89e9d3c3432261863837a Directory server is deprecating use of tools in instance specific paths. Instead tools in bin/sbin path should be used. https://fedorahosted.org/freeipa/ticket/4051 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Directory server is deprecating use of tools in instance specific paths. Instead
tools in bin/sbin path should be used.

https://fedorahosted.org/freeipa/ticket/4051

Reviewed-By: Martin Basti <mbasti@redhat.com>
vault: Fix ipa-kra-install 2015-06-10T16:17:34+00:00 Jan Cholasta jcholast@redhat.com 2015-06-10T08:50:42+00:00 e7ac57e1390c76c3d7fdb2710808def107d21d6d Use state in LDAP rather than local state to check if KRA is installed. Use correct log file names. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com> 
Use state in LDAP rather than local state to check if KRA is installed.
Use correct log file names.

https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: David Kupka <dkupka@redhat.com>
vault: Move vaults to cn=vaults,cn=kra 2015-06-10T16:17:34+00:00 Jan Cholasta jcholast@redhat.com 2015-06-10T10:35:43+00:00 81729e22d35c5313e85081b6b3e8658b3d542af1 https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com> 
https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: David Kupka <dkupka@redhat.com>
explicitly destroy httpd service ccache file during httpinstance removal 2015-05-19T12:59:18+00:00 Martin Babinsky mbabinsk@redhat.com 2015-05-15T13:45:34+00:00 5a741b614f39a148d849877e743200de5a7302db during IPA server uninstall, the httpd service ccache is not removed from runtime directory. This file then causes server-side client install to fail when performing subsequent installation without rebooting/recreating runtime directories. This patch ensures that the old httpd ccache is explicitly destroyed during uninstallation. https://fedorahosted.org/freeipa/ticket/4973 Reviewed-By: David Kupka <dkupka@redhat.com> 
during IPA server uninstall, the httpd service ccache is not removed from
runtime directory. This file then causes server-side client install to fail
when performing subsequent installation without rebooting/recreating runtime
directories.

This patch ensures that the old httpd ccache is explicitly destroyed during
uninstallation.

https://fedorahosted.org/freeipa/ticket/4973

Reviewed-By: David Kupka <dkupka@redhat.com>
Server Upgrade: Verify version and platform 2015-05-04T11:16:26+00:00 Martin Basti mbasti@redhat.com 2015-04-10T13:42:58+00:00 9f049ca14403f3696d54d186e6b1b15181f055df Verify version and platform before upgrade or ipactl start|restart Upgrade: * do not allow upgrade on different platforms * do not allow upgrade data with higher version than build has Start: * do not start services if platform mismatch * do not start services if upgrade is needed * do not start services if data with higher version than build has New ipactl options: --skip-version-check: do not validate IPA version --ignore-service-failures (was --force): ignore if a service start fail and continue with starting other services --force: combine --skip-version-check and --ignore-service-failures https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com> 
Verify version and platform before upgrade or ipactl start|restart

Upgrade:
* do not allow upgrade on different platforms
* do not allow upgrade data with higher version than build has

Start:
* do not start services if platform mismatch
* do not start services if upgrade is needed
* do not start services if data with higher version than build has

New ipactl options:
--skip-version-check: do not validate IPA version
--ignore-service-failures (was --force): ignore if a service start fail
      and continue with starting other services
--force: combine --skip-version-check and --ignore-service-failures

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
DNSSEC CI tests 2015-04-14T17:29:36+00:00 Martin Basti mbasti@redhat.com 2014-10-23T13:06:34+00:00 0a1a3d73120bdf20ae05bcf663f14ca1a8b02c25 Tests: * install master, replica, then instal DNSSEC on master * test if zone is signed (added on master) * test if zone is signed (added on replica) * install master with DNSSEC, then install replica * test if root zone is signed * add zone, verify signatures using our root zone https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Milan Kubik <mkubik@redhat.com> 
Tests:
* install master, replica, then instal DNSSEC on master
  * test if zone is signed (added on master)
  * test if zone is signed (added on replica)

* install master with DNSSEC, then install replica
  * test if root zone is signed
  * add zone, verify signatures using our root zone

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Milan Kubik <mkubik@redhat.com>
Timeout when performing time sync during client install 2015-03-16T14:55:26+00:00 Nathan Kinder nkinder@redhat.com 2015-02-25T23:19:47+00:00 a58b77ca9cd3620201306258dd6bd05ea1c73c73 We use ntpd now to sync time before fetching a TGT during client install. Unfortuantely, ntpd will hang forever if it is unable to reach the NTP server. This patch adds the ability for commands run via ipautil.run() to have an optional timeout. This capability is used by the NTP sync code that is run during ipa-client-install. Ticket: https://fedorahosted.org/freeipa/ticket/4842 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
We use ntpd now to sync time before fetching a TGT during client
install.  Unfortuantely, ntpd will hang forever if it is unable to
reach the NTP server.

This patch adds the ability for commands run via ipautil.run() to
have an optional timeout.  This capability is used by the NTP sync
code that is run during ipa-client-install.

Ticket: https://fedorahosted.org/freeipa/ticket/4842
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Use 'remove-ds.pl' to remove DS instance 2015-01-27T12:35:06+00:00 Martin Babinsky mbabinsk@redhat.com 2015-01-21T12:40:36+00:00 55b7eed77e5f76c159ba157d020e93aa9d43bdc5 The patch adds a function which calls 'remove-ds.pl' during DS instance removal. This should allow for a more thorough removal of DS related data during server uninstallation (such as closing custom ports, cleaning up slapd-* entries etc.) This patch is related to https://fedorahosted.org/freeipa/ticket/4487. Reviewed-By: Martin Basti <mbasti@redhat.com> 
The patch adds a function which calls 'remove-ds.pl' during DS instance
removal. This should allow for a more thorough removal of DS related data
during server uninstallation (such as closing custom ports, cleaning up
slapd-* entries etc.)

This patch is related to https://fedorahosted.org/freeipa/ticket/4487.

Reviewed-By: Martin Basti <mbasti@redhat.com>
Make certificate renewal process synchronized 2015-01-13T18:34:59+00:00 Jan Cholasta jcholast@redhat.com 2015-01-08T09:06:46+00:00 b9ae7690489368ead9f4983d386fa210dc265dfa Synchronization is achieved using a global renewal lock. https://fedorahosted.org/freeipa/ticket/4803 Reviewed-By: David Kupka <dkupka@redhat.com> 
Synchronization is achieved using a global renewal lock.

https://fedorahosted.org/freeipa/ticket/4803

Reviewed-By: David Kupka <dkupka@redhat.com>
Improve validation of --instance and --backend options in ipa-restore 2014-12-09T13:46:29+00:00 Jan Cholasta jcholast@redhat.com 2014-12-01T12:12:15+00:00 7b0149f32b95b42598dd30acde4d2c589ffcfce1 https://fedorahosted.org/freeipa/ticket/4744 Reviewed-By: David Kupka <dkupka@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4744

Reviewed-By: David Kupka <dkupka@redhat.com>