freeipa.git/ipaserver/install, branch webui-cleanup

Drop our own PKCS#10 ASN.1 decoder and use the one from python-nss

2010-07-29T14:50:10+00:00

This patch:
- bumps up the minimum version of python-nss
- will initialize NSS with nodb if a CSR is loaded and it isn't already
  init'd
- will shutdown NSS if initialized in the RPC subsystem so we use right db
- updated and added a few more tests

Relying more on NSS introduces a bit of a problem. For NSS to work you
need to have initialized a database (either a real one or no_db). But once
you've initialized one and want to use another you have to close down the
first one.  I've added some code to nsslib.py to do just that. This could
potentially have some bad side-effects at some point, it works ok now.

Add support for User-Private Groups

2010-07-06T19:39:34+00:00

This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.

If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.

The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).

Fix indentation problem causing build breakage

2010-06-25T02:51:05+00:00

Replication version checking.

2010-06-24T14:33:53+00:00

Whenever we upgrade IPA such that any data incompatibilities might occur
then we need to bump the DATA_VERSION value so that data will not
replicate to other servers. The idea is that you can do an in-place
upgrade of each IPA server and the different versions own't pollute
each other with bad data.

use NSS for SSL operations

2010-06-15T19:03:36+00:00

Catch the condition where dogtag is already configured (no preop.pin)

2010-06-01T13:53:10+00:00

This causes the installation to blow up badly otherwise.

To remove an existing instance run:

 # pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca

Add LDAP upgrade over ldapi support.

2010-06-01T13:52:10+00:00

This disables all but the ldapi listener in DS so it will be quiet when
we perform our upgrades. It is expected that any other clients that
also use ldapi will be shut down by other already (krb5 and dns).

Add ldapi as an option in ipaldap and add the beginning of pure offline
support (e.g. direct editing of LDIF files).

Re-number some attributes to compress our usage to be contiguous

2010-05-27T14:50:49+00:00

No longer install the policy or key escrow schemas and remove their
OIDs for now.

594149

Move the dogtag SELinux rules loading into the spec file

2010-05-27T14:50:13+00:00

I couldn't put the dogtag rules into the spec file until we required
dogtag as a component. If it wasn't pre-loaded them the rules loading
would fail because types would be missing.

Include -clone_uri argument to pkisilent setting the clone URI.

2010-05-27T14:48:49+00:00

This makes creating a clone from a clone work as expected.