summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix nsSaslMapping object class before configuring SASL mappings.Jan Cholasta2013-08-271-0/+11
| | | | | | This is a workaround for <https://fedorahosted.org/389/ticket/47490>. https://fedorahosted.org/freeipa/ticket/3778
* Fix incorrect error message occurence when re-adding the trustTomas Babej2013-08-271-1/+1
| | | | | | | | | You cannot re-add the trust and modify the range in the process. The check in the code was malfunctioning since it assumed that range_size parameter has default value. However, default value is assigned only later in the add_range function. https://fedorahosted.org/freeipa/ticket/3870
* Add integration tests for Kerberos FlagsAna Krivokapic2013-08-271-0/+191
| | | | | | | | Add integration tests for the Kerberos Flags feature: http://www.freeipa.org/page/V3/Kerberos_Flags#Test_Plan (except the web UI tests). https://fedorahosted.org/freeipa/ticket/3831
* Make CS.cfg edits with CA instance stoppedTomas Babej2013-08-266-40/+101
| | | | | | | | | | | This patch makes sure that all edits to CS.cfg configuration file are performed while pki-tomcatd service is stopped. Introduces a new contextmanager stopped_service for handling a general problem of performing a task that needs certain service being stopped. https://fedorahosted.org/freeipa/ticket/3804
* Perform dirsrv tuning at platform levelTomas Babej2013-08-263-57/+100
| | | | | | | | | | | | | | | | When configuring the 389 Directory Server instance, we tune it so that number of file descriptors available to the DS is increased from the default 1024 to 8192. There are platform specific steps that need to be conducted differently on systemd compatible platforms and sysV compatible platforms. systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv set ulimit - nofile 8192 in /etc/security/limits.conf https://fedorahosted.org/freeipa/ticket/3823
* Show human-readable error name in error dialog titlePetr Vobornik2013-08-262-2/+3
| | | | | | Fixes RPC server's JSON encoding of exception's name. It allows to show the name in Web UI's error dialog title.
* Remove redundant shebangsTomas Babej2013-08-265-7/+2
| | | | | | Remove redundant shebangs from files that are not used as scripts. https://fedorahosted.org/freeipa/ticket/3853
* Web UI integration tests: ID range typesPetr Vobornik2013-08-224-68/+277
| | | | https://fedorahosted.org/freeipa/ticket/3834
* Web UI Integration tests: Kerberos FlagsPetr Vobornik2013-08-222-3/+49
| | | | | | Tests according to: http://www.freeipa.org/page/V3/Kerberos_Flags https://fedorahosted.org/freeipa/ticket/3831
* Web UI integration tests: CA-lessPetr Vobornik2013-08-224-3/+101
| | | | | | Test cases according to: http://www.freeipa.org/page/V3/CA-less_install https://fedorahosted.org/freeipa/ticket/3830
* Hide 'New Certificate' action on CA-less installPetr Vobornik2013-08-221-0/+1
| | | | | | This action calls cert-request command which is not available on CA-less installs. Thus this action won't be enabled and therefore there is no reason to keep it visible. https://fedorahosted.org/freeipa/ticket/3363
* Add base-id, range-size and range-type options to trust-add dialogPetr Vobornik2013-08-223-0/+49
| | | | https://fedorahosted.org/freeipa/ticket/3049
* Fix broken replica installationAna Krivokapic2013-08-202-8/+22
| | | | | | | Make sure the subject base parameter is correctly passed and used during the creation of the DS instance on a replica. https://fedorahosted.org/freeipa/ticket/3868
* Ask for PKCS#12 password interactively in ipa-server-certinstall.Jan Cholasta2013-08-201-3/+7
| | | | https://fedorahosted.org/freeipa/ticket/3641
* Add --pin option to ipa-server-certinstall.Jan Cholasta2013-08-202-15/+12
| | | | | | Hide the unnecessary --dirsrv_pin and --http_pin options. https://fedorahosted.org/freeipa/ticket/3869
* Untrack old and track new cert with certmonger in ipa-server-certinstall.Jan Cholasta2013-08-201-3/+12
| | | | https://fedorahosted.org/freeipa/ticket/3641
* Replace only the cert instead of the whole NSS DB in ipa-server-certinstall.Jan Cholasta2013-08-202-13/+23
| | | | https://fedorahosted.org/freeipa/ticket/3641
* Ignore empty mod error when updating DS SSL config in ipa-server-certinstall.Jan Cholasta2013-08-201-2/+5
| | | | https://fedorahosted.org/freeipa/ticket/3641
* Remove unused NSSDatabase and CertDB method find_root_cert_from_pkcs12.Jan Cholasta2013-08-201-44/+0
| | | | https://fedorahosted.org/freeipa/ticket/3641
* Port ipa-server-certinstall to the admintool framework.Jan Cholasta2013-08-202-141/+158
| | | | | | | Change the log file path from /var/log/ipa/default.log to admintool's default path. https://fedorahosted.org/freeipa/ticket/3641
* Make PKCS#12 handling in ipa-server-certinstall closer to what other tools do.Jan Cholasta2013-08-201-34/+18
| | | | | | | In particular, PKCS#12 validation and server certificate selection is now done the same way as in ipa-server-install and ipa-replica-prepare. https://fedorahosted.org/freeipa/ticket/3641
* Bypass ipa-replica-conncheck ssh tests when ssh is not installedNathaniel McCallum2013-08-151-29/+31
| | | | https://fedorahosted.org/freeipa/ticket/3777
* Removal of deprecated selenium testsPetr Vobornik2013-08-15134-23441/+0
| | | | | | Tests were deprecated by new FreeIPA 3.3 Web UI integration tests (ticket #3744). https://fedorahosted.org/freeipa/ticket/3857
* Remove systemd upgrader as it is not used anymoreAlexander Bokovoy2013-08-152-96/+0
|
* Allow API plugin registration via a decoratorPetr Viktorin2013-08-142-3/+32
| | | | | | | | | | | | This makes plugin registration easier to read, less error-prone, and, for many Plugins in a single module, faster to write. Functionally, the decorator is equivalent to current plugin registration. However, in the future this style will allow cleaner semantics. As an example, and to exercise the new syntax to prevent regressions, the ping plugin is converted to this style.
* Allow freeipa-tests to work with older paramiko versionsPetr Viktorin2013-08-132-3/+22
| | | | | | The integration testing framework used Paramiko SFTP files as context managers. This feature is only available in Paramiko 1.10+. Use an explicit context manager so that we don't rely on the feature.
* Fix selected minor issues in the spec file and licenseMartin Kosek2013-08-133-8/+9
| | | | | | | | | | | | This patch fixes: - too long description for server-trust-ad subpackage - adds (noreplace) flag %{_sysconfdir}/tmpfiles.d/ipa.conf to avoid overwriting potential user changes - changes permissions on default_encoding_utf8.so to prevent it pollute python subpackage Provides. - wrong address in GPL v2 license preamble in 2 distributed files https://fedorahosted.org/freeipa/ticket/3855
* Remove rpmlint warnings in spec fileMartin Kosek2013-08-131-23/+23
| | | | | | | | | Specifically: - combination of spaces and tabs in one line - using macros in comments - using "egrep" instead of "grep -E" https://fedorahosted.org/freeipa/ticket/3855
* Prevent *.pyo and *.pyc multilib problemsMartin Kosek2013-08-1310-7/+12
| | | | | | | | | | | | | Differences in the python byte code fails in a build validation (rpmdiff) done on difference architecture of the same package. This patch: 1) Ensures that timestamps of generated *.pyo and *.pyc files match 2) Python integer literals greater or equal 2^32 and lower than 2^64 are converted to long right away to prevent different type of the integer on architectures with different size of int https://fedorahosted.org/freeipa/ticket/3858
* Fix handling of CSS files in sync.sh scriptAna Krivokapic2013-08-131-2/+2
|
* Hide delete button in multivalued widget if attr is not writablePetr Vobornik2013-08-131-9/+16
| | | | https://fedorahosted.org/freeipa/ticket/3799
* Make ssh_widget not-editable if attr is readonlyPetr Vobornik2013-08-132-11/+24
| | | | https://fedorahosted.org/freeipa/ticket/3800
* Remove support for IPA deployments with no persistent searchTomas Babej2013-08-0916-188/+105
| | | | | | | | | Drops the code from ipa-server-install, ipa-dns-install and the BindInstance itself. Also changed ipa-upgradeconfig script so that it does not set zone_refresh to 0 on upgrades, as the option is deprecated. https://fedorahosted.org/freeipa/ticket/3632
* Bump 3.4 development version to 3.3.90Martin Kosek2013-08-081-1/+1
|
* Handle --subject option in ipa-server-installAna Krivokapic2013-08-083-5/+103
| | | | | | | | | | Properly handle --subject option of ipa-server-install, making sure this value gets passed to certmap.conf. Introduce a new template variable $SUBJECT_BASE for this purpose. Also make sure that this value is preserved on upgrades. https://fedorahosted.org/freeipa/ticket/3783
* Become 3.3.0Martin Kosek2013-08-081-1/+1
|
* Add requires for slapi-nis and SSSDMartin Kosek2013-08-081-2/+6
| | | | | Require slapi-nis 0.47.7 and sssd 1.11.0-0.1.beta2 required for core features of 3.3.0 release.
* Become 3.3.0 Beta 2Martin Kosek2013-08-071-1/+1
|
* Increase default SASL buffer sizeMartin Kosek2013-08-071-0/+6
| | | | | | | Default SASL buffer size was too small and could lead for example to migration errors. https://fedorahosted.org/freeipa/ticket/3826
* Add new command compat-is-enabledAna Krivokapic2013-08-073-1/+49
| | | | | | | | | Add a new API command 'compat-is-enabled' which can be used to determine whether Schema Compatibility plugin is configured to serve trusted domain users and groups. The new command is not visible in IPA CLI. https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672
* Enable running API commands in ipa-advise pluginsAna Krivokapic2013-08-072-2/+4
| | | | | https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672
* Add ipa-advise plugins for legacy clientsAna Krivokapic2013-08-078-0/+239
| | | | | | | | | | | | | | | | | Old versions of SSSD do not directly support cross-realm trusts between IPA and AD. This patch introduces plugins for the ipa-advise tool, which should help with configuring an old version of SSSD (1.5-1.8) to gain access to resources in trusted domain. Since the configuration steps differ depending on whether the platform includes the authconfig tool, two plugins are needed: * config-redhat-sssd-before-1-9 - provides configuration for Red Hat based systems, as these system include the autconfig utility * config-generic-sssd-before-1-9 - provides configuration for other platforms https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672
* Rename slapi-nis configuration variableAlexander Bokovoy2013-08-061-5/+5
|
* Wrap lines in the list of available advicesTomas Babej2013-08-061-6/+14
| | | | | | | | | | | | Now the list of available advices is neatly formatted: ------------------------- List of available advices ------------------------- config-fedora-authconfig : Authconfig instructions for configuring Fedora 18/19 client with IPA server without use of SSSD. The advice header printing has been reformatted to conform with the changes.
* Add a word wrapping for comment log messages to AdviceLoggerTomas Babej2013-08-062-3/+13
| | | | | The comments logged through AdviceLogger are now wrapped up to 70 characters. This change has been documented in the docstrings.
* Remove overlapping use-cases of the same result variableTomas Babej2013-08-061-4/+4
|
* Improve help entry for ipa hostTomas Babej2013-08-062-5/+32
| | | | | | | | Updates old information produced by the ipa help host command. Also adds a section to ipa-client-install manpage about client re-enrollment. https://fedorahosted.org/freeipa/ticket/3820
* Use case-insensitive dict for trusted domain infoTomas Babej2013-08-061-12/+24
| | | | | | | | | | | In DomainValidator, we store a dictionary containing information for trusted domains. This is a case-sensitive dictionary keyed by the domain name. We need to use case-insensitive dictionary since domain names are generally case-insensitive. https://fedorahosted.org/freeipa/ticket/3816
* Fix installutils.get_password without a TTYPetr Viktorin2013-08-061-1/+7
| | | | | | | | | | | | | If stdin is a TTY, ipaserver.install.installutils uses getpass and all is well. Without a TTY, though, there were two problems: * The prompt was not printed * On end of file, an empty string was returned, which caused read_password to enter an infinite loop. Fix both problems. https://fedorahosted.org/freeipa/ticket/3824
* Limit pwpolicy maxlife to 20000 daysTomas Babej2013-08-053-4/+5
| | | | | | | | | | | | Since krbMaxPwdLife attribute is represented as number of seconds, setting maxlife to high values such as 999 999 days (~2739 years) would result to overflow when parsing this attribute in kdb plugin, and hence default maxlife of 90 days would be applied. Limit the maximum value of maxlife that can be set through the framework to 20 000 days (~ 54 years). https://fedorahosted.org/freeipa/ticket/3817
generated by cgit (git 2.34.1) at 2025-05-06 13:20:39 +0000