summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* install: Migrate ipa-replica-install to the install frameworkJan Cholasta2015-06-103-201/+275
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Allow setting usage in CLI toolsJan Cholasta2015-06-101-4/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Add support for positional arguments in CLI toolsJan Cholasta2015-06-101-34/+106
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Handle Knob cli_name and cli_aliases values consistentlyJan Cholasta2015-06-102-23/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix s4u2proxy README and add warningSimo Sorce2015-06-081-2/+14
| | | | | | | | The attribute mentioned was using an older name that was later changed in the implementation. Also add a prominent warning about the use of the kadmin flags. Reviewed-by: Rob Crittenden <rcritten@redhat.com>
* install: Migrate ipa-server-install to the install frameworkJan Cholasta2015-06-084-499/+660
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Introduce installer framework ipapython.installJan Cholasta2015-06-088-1/+1084
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move private_ccache from ipaserver to ipapythonJan Cholasta2015-06-085-29/+29
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Fix external CA server installJan Cholasta2015-06-082-20/+19
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Fix CA-less server installJan Cholasta2015-06-081-0/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* Added vault-archive and vault-retrieve commands.Endi S. Dewata2015-06-085-4/+634
| | | | | | | | | | New commands have been added to archive and retrieve data into and from a vault, also to retrieve the transport certificate. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: Fix missing variable initialization in replica installJan Cholasta2015-06-081-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/4468
* Move CA installation code into single module.David Kupka2015-06-085-345/+330
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Migration now accepts scope as argumentDrew Erny2015-06-053-4/+22
| | | | | | | | | | | Adds a new option to command ipa migrate-ds, --scope=[base,onelevel,subtree] which allows the user to specify LDAP search depth for users and groups. 'onelevel' was the hard-coded level before this patch and is still default. Specify 'subtree' to search nested OUs for users and groups. https://fedorahosted.org/freeipa/ticket/2547 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Clarify host name output in ipa-client-installPetr Spacek2015-06-051-1/+1
| | | | | | Proposed by Tomas Capek Reviewed-By: Martin Basti <mbasti@redhat.com>
* Grammar fix in 'Estimated time' messages printed by installerPetr Spacek2015-06-051-1/+1
| | | | | | Proposed by Tomas Capek. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Clarify messages related to adding DNS forwardersPetr Spacek2015-06-051-6/+5
| | | | | | Proposed by Tomas Capek. Reviewed-By: Martin Basti <mbasti@redhat.com>
* webui: better error reportingPetr Vobornik2015-06-054-1/+11
| | | | | | | - ActionDropdownWidget - report error if required action is missing - report build errors to console Reviewed-By: Martin Basti <mbasti@redhat.com>
* webui: don't log in back after logoutPetr Vobornik2015-06-052-1/+18
| | | | | | | | | | | | | | Automatic login attempt is initiated by first failed xhr request which happens in metadata phase. New phase was added before metadata phase. It interrupts UI load and shows login page if it's directly after logout(marked in session storage). Successfull manual login resolves the phase so that metadata phase can follow. https://fedorahosted.org/freeipa/ticket/5008 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-pki-proxy: allow certificate and password authenticationFraser Tweedale2015-06-051-3/+10
| | | | | | | | | | | ipa-replica-install --setup-ca is failing because the security domain login attempts password authentication, but the current ipa-pki-proxy requires certificate authentication. Set NSSVerifyClient optional to allow both certificate and password authentication to work. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Import profiles earlier during installFraser Tweedale2015-06-053-6/+12
| | | | | | | | | | | | | | | | | Currently, IPA certificate profile import happens at end of install. Certificates issuance during the install process does work but uses an un-customised caIPAserviceCert profile, resulting in incorrect subject DNs and missing extensions. Furthermore, the caIPAserviceCert profile shipped with Dogtag will eventually be removed. Move the import of included certificate profiles to the end of the cainstance deployment phase, prior to the issuance of DS and HTTP certificates. Part of: https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix certificate subject baseFraser Tweedale2015-06-051-1/+1
| | | | | | | | | | Profile management patches introduced a regression where a custom certificate subject base (if configured) is not used in the default profile. Use the configured subject base. Part of: https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Abstract the HostTracker class from host plugin testMilan Kubík2015-06-052-150/+292
| | | | | | | | | | | Implements a base class to help test LDAP based plugins. The class has been decoupled from the original host plugin test and moved to separate module ipatests.test_xmlrpc.ldaptracker. https://fedorahosted.org/freeipa/ticket/5032 Reviewed-By: David Kupka <dkupka@redhat.com>
* webui: configurable refresh commandPetr Vobornik2015-06-041-2/+11
| | | | | | Allows to change the default 'show' command to something different. E.g. 'get' Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* webui: topology pluginPetr Vobornik2015-06-047-1/+440
| | | | | | https://fedorahosted.org/freeipa/ticket/4997 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* webui: make usage of --all in details facet optionalPetr Vobornik2015-06-041-2/+13
| | | | | | | refactoring for domains level UI https://fedorahosted.org/freeipa/ticket/4997 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* webui: use command_dialog as a base class for password dialogPetr Vobornik2015-06-042-197/+6
| | | | | | | refactoring for: https://fedorahosted.org/freeipa/ticket/4997 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* webui: IPA.command_dialog - a new dialog base classPetr Vobornik2015-06-043-3/+217
| | | | | | | | refactoring for: https://fedorahosted.org/freeipa/ticket/4997 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* topology: ipa management commandsPetr Vobornik2015-06-044-2/+543
| | | | | | | | | | | ipalib part of topology management Design: - http://www.freeipa.org/page/V4/Manage_replication_topology https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* crash when removing a replicaLudwig Krispenz2015-06-041-3/+11
| | | | | | | | | | | when a server is removed from the topology the plugin tries to remove the credentials from the replica and the bind dn group. It performs an internal search for the ldap principal, but can fail if it was already removed Due to an unitialized variable in this case it can eitehr crash or erroneously remove all principals. Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* plugin uses 1 as minimum domain level to become active no calculation based ↵Ludwig Krispenz2015-06-044-28/+12
| | | | | | | on plugin version Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Update cert-request to support user certs and profilesFraser Tweedale2015-06-043-89/+135
| | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/57 Part of: https://fedorahosted.org/freeipa/ticket/4938 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add usercertificate attribute to user pluginFraser Tweedale2015-06-046-10/+27
| | | | | | Part of: https://fedorahosted.org/freeipa/tickets/4938 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add profile_id parameter to 'request_certificate'Fraser Tweedale2015-06-046-6/+12
| | | | | | | | | | | | Add the profile_id parameter to the 'request_certificate' function and update call sites. Also remove multiple occurrences of the default profile ID 'caIPAserviceCert'. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add generic split_any_principal methodFraser Tweedale2015-06-041-8/+19
| | | | | | | | | | | | | | | There exist methods to split user or service/host principals, but there is no method to split any kind of principal and allow the caller to decide what to do. Generalize ``ipalib.plugins.service.split_principal`` to return a service of ``None`` if the principal is a user principal, rename it ``split_any_principal`` and reimplement ``split_principal`` to preserve existing behaviour. Part of: https://fedorahosted.org/freeipa/ticket/4938 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Import included profiles during install or upgradeFraser Tweedale2015-06-0412-223/+228
| | | | | | | | | | | | Add a default service profile template as part of FreeIPA and format and import it as part of installation or upgrade process. Also remove the code that modifies the old (file-based) `caIPAserviceCert' profile. Fixes https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Enable LDAP-based profiles in CA on upgradeFraser Tweedale2015-06-041-0/+40
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4560 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add certprofile pluginFraser Tweedale2015-06-049-13/+534
| | | | | | | | | | | | | Add the 'certprofile' plugin which defines the commands for managing certificate profiles and associated permissions. Also update Dogtag network code in 'ipapython.dogtag' to support headers and arbitrary request bodies, to facilitate use of the Dogtag profiles REST API. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add ACL to allow CA agent to modify profilesFraser Tweedale2015-06-042-0/+40
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-pki-proxy: provide access to profiles REST APIFraser Tweedale2015-06-041-2/+10
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add schema for certificate profilesFraser Tweedale2015-06-044-0/+17
| | | | | | | | | The certprofile object class is used to track IPA-managed certificate profiles in Dogtag and store IPA-specific settings. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Install CA with LDAP profiles backendFraser Tweedale2015-06-042-3/+4
| | | | | | | | | Install the Dogtag CA to use the LDAPProfileSubsystem instead of the default (file-based) ProfileSubsystem. Part of: https://fedorahosted.org/freeipa/ticket/4560 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix certificate management with service-modFraser Tweedale2015-06-031-1/+1
| | | | | | | | | | Adding or removing certificates from a service via --addattr or --delattr is broken. Get certificates from entry_attrs instead of options. https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix: regression in host and service pluginMartin Basti2015-06-032-7/+14
| | | | | | | | | | | Test failures: * wrong error message * mod operation always delete usercertificates https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Milan Kubik <mkubik@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* accept missing binddn groupLudwig Krispenz2015-06-031-2/+2
| | | | | | | replicas installed from older versions do not have a binddn group just accept the errror Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add plugin to manage service constraint delegationsRob Crittenden2015-06-038-2/+1320
| | | | | | | | | | Service Constraints are the delegation model used by ipa-kdb to grant service A to obtain a TGT for a user against service B. https://fedorahosted.org/freeipa/ticket/3644 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Support multiple host and service certificatesFraser Tweedale2015-06-024-91/+124
| | | | | | | | | | | | | | | | | | | | | | Update the framework to support multiple host and service certificates. host-mod and service-mod revoke existing certificates that are not included in the modified entry. Using addattr=certificate=... will result in no certificates being revoked. The existing behaviour of host-disable, host-del, service-disable and service-del (revoke existing certificate) is preserved but now applies to all certificates in the host or service entry. Also update host-show and service-show to write all the principal's certificates to the file given by the ``--out=FILE`` option. Part of: http://www.freeipa.org/page/V4/User_Certificates https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Do not print traceback when pipe is brokenGabe2015-06-021-1/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/2284 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Allow ipa help command to run when ipa-client-install is not configuredGabe2015-06-021-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3584 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ULC: fix: upgrade for stage Stage User Admins failedMartin Basti2015-06-021-0/+5
| | | | | | | | | | | Upgrade failed because entry 'dn: cn=Stage User Administrators,cn=privileges,cn=pbac,$SUFFIX' doesnt exist. Now upgrade will create the privilege if it does not exist. https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-01 10:04:59 +0000