summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* install: Add common base class for server and replica installJan Cholasta2015-09-223-564/+525
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: Support overriding knobs in subclassesJan Cholasta2015-09-222-94/+124
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Simplify the install_replica_ca functionSimo Sorce2015-09-221-10/+5
| | | | | | | | Instantiate CAInstall only once instead of 3 times in a row always with the same values. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused argumentsSimo Sorce2015-09-224-15/+9
| | | | | | | | In the dogtag/ca/kra instances self.domain is never used. Remove it. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Standardize minvalue for ipasearchrecordlimit and ipasesarchsizelimit for ↵Gabe2015-09-226-20/+25
| | | | | | | | unlimited minvalue https://fedorahosted.org/freeipa/ticket/4023 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: use manual Firefox configuration for Firefox >= 40Petr Vobornik2015-09-212-6/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | The intended course of action is to show manual configuration in browserconfig.html instead of configuration with the extension for versions of Firefox >= 40. The reasoning is: * plan for enterprise environments was not published yet which forces as to use AMO (addons.mozilla.org) * with AMO the user experience is worse than a manual configuration steps for AMO: * go to AMO page * installed the extension * go back to IPA page * probably refresh * click configure * confirm manual config: * go to about:config * set network.negotiate-auth.trusted-uris with *domain.name https://fedorahosted.org/freeipa/ticket/4906 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Server Upgrade: addifnew should not create entryMartin Basti2015-09-211-2/+2
| | | | | | | addifnew should add value only if entry exists, instead of creating entry. Reviewed-By: David Kupka <dkupka@redhat.com>
* Limit max age of replication changelogMartin Basti2015-09-212-0/+5
| | | | | | | | | Limit max age of replication changelog to seven days, instead of grow to unlimited size. https://fedorahosted.org/freeipa/ticket/5086 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: support KRA updateJan Cholasta2015-09-178-42/+60
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: add permissions and administrator privilegeJan Cholasta2015-09-173-0/+128
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: update access controlJan Cholasta2015-09-171-8/+14
| | | | | | | | | Do not allow vault and container owners to manage owners. Allow adding vaults and containers only if owner is set to the current user. https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: set owner to current user on container creationJan Cholasta2015-09-171-20/+1
| | | | | | | | This reverts commit 419754b1c11139435ae5b5082a51026da0d5e730. https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: add vault container commandsPetr Vobornik2015-09-173-23/+277
| | | | | | | | | | | | | | | | adds commands: * vaultcontainer-show [--service <service>|--user <user>|--shared ] * vaultcontainer-del [--service <service>|--user <user>|--shared ] * vaultcontainer-add-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] * vaultcontainer-remove-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* baseldap: make subtree deletion optional in LDAPDeleteJan Cholasta2015-09-171-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Use byte literals where appropriateJan Cholasta2015-09-177-28/+28
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use bytes instead of str where appropriateJan Cholasta2015-09-176-33/+33
| | | | | | Under Python 2, "str" and "bytes" are synonyms. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-1790-0/+394
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Add basic tests for certificate profile pluginMilan Kubík2015-09-166-1/+1158
| | | | | Reviewed-By: Lenka Doudova <ldoudova@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* ipatests: Add Certprofile tracker class implementationMilan Kubík2015-09-162-0/+145
| | | | | | | https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Lenka Doudova <ldoudova@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Add Chromium configuration note to ssbrowserGabe2015-09-161-0/+5
| | | | | | | | | | | - As Chromium and Chrome share most of the same code base but are configured in different locations, add a note showing the different configuration locations. A part of https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* backup CI: test DNS/DNSSEC after backup and restoreMartin Basti2015-09-162-0/+155
| | | | Reviewed-By: Milan Kubík <mkubik@redhat.com>
* DNSSEC CI: test master migrationMartin Basti2015-09-161-0/+149
| | | | Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: improve CI testMartin Basti2015-09-161-4/+109
| | | | | | Test disabling and re-enabling zone signing. Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* winsync: Add inetUser objectclass to the passsync sysaccountTomas Babej2015-09-163-1/+5
| | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=1262315 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* config: allow user/host attributes with tagging optionsJan Cholasta2015-09-161-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5295 Reviewed-By: David Kupka <dkupka@redhat.com>
* Updated number of legacy permission in ipatestsAbhijeet Kasurde2015-09-161-1/+1
| | | | | | | | | | | | Since IPA 4.2 has an additional permission "Request Certificate ignoring CA ACLs", the number of legacy permission in testcase is updated from 8 to 9. https://fedorahosted.org/freeipa/ticket/5264 Signed off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Server Install: print message that client is being installedMartin Basti2015-09-112-0/+2
| | | | | | | | IPA client is installed on server side during "Restarting web server" step, which lasts too long. This commit explicitly print message that IPA client is being installed. Reviewed-By: Simo Sorce <ssorce@redhat.com>
* IPA Restore: allows to specify files that should be removedMartin Basti2015-09-111-0/+28
| | | | | | | | | | | | | Some files/directories should be removed before backup files are copied to filesystem. In case of DNSSEC, the /var/lib/ipa/dnssec/tokens directory has to be removed, otherwise tokens that are backed up and existing tokens will be mixed and SOFTHSM log in will not work https://fedorahosted.org/freeipa/ticket/5293 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: backup CS.cfg when dogtag is turned offMartin Basti2015-09-111-1/+4
| | | | | | | | Is unable to made CS.cfg when dogtag is running. https://fedorahosted.org/freeipa/ticket/5287 Reviewed-By: David Kupka <dkupka@redhat.com>
* Handle timeout error in ipa-httpd-kdcproxyChristian Heimes2015-09-101-1/+2
| | | | | | | | | The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly. A timeout does no longer result into an Apache startup error. https://fedorahosted.org/freeipa/ticket/5292 Reviewed-By: Martin Basti <mbasti@redhat.com>
* FIX vault testsMartin Basti2015-09-091-6/+33
| | | | Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* load RA backend plugins during standalone CA install on CA-less IPA masterMartin Babinsky2015-09-091-1/+3
| | | | | | | | | | CA-less IPA master has 'ra_plugin' set to 'none' in IPA config. When setting up Dogtag CA on the master we must override this setting in order to load dogtag backend plugins and succesfully complete CA installation. https://fedorahosted.org/freeipa/ticket/5288 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Using LDAPI to setup CA and KRA agents.Endi S. Dewata2015-09-073-92/+72
| | | | | | | | | | | The CA and KRA installation code has been modified to use LDAPI to create the CA and KRA agents directly in the CA and KRA database. This way it's no longer necessary to use the Directory Manager password or CA and KRA admin certificate. https://fedorahosted.org/freeipa/ticket/5257 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Decode script arguments using file system encodingJan Cholasta2015-09-075-4/+23
| | | | | | | | This mimics Python 3's behavior, where sys.argv is automatically decoded using file system encoding, as returned by sys.getfilesystemencoding(). This includes reimplementation of os.fsdecode() from Python 3. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use six.python_2_unicode_compatibleJan Cholasta2015-09-073-15/+23
| | | | | | | | | | | Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use six.with_metaclass to specify metaclassesJan Cholasta2015-09-073-11/+7
| | | | | | | Metaclass specification is incompatible between Python 2 and 3. Use the six.with_metaclass helper to specify metaclasses. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Make ldap2 connection management thread-safe againJan Cholasta2015-09-042-41/+24
| | | | | | | | | | | This fixes the connection code in LDAPClient to not store the LDAP connection in an attribute of the object, which in combination with ldap2's per-thread connections lead to race conditions resulting in connection failures. ldap2 code was updated accordingly. https://fedorahosted.org/freeipa/ticket/5268 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.Petr Spacek2015-09-031-3/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: Fix key metadata exportPetr Spacek2015-09-031-1/+1
| | | | | | | | | | Incorrect SQL join condition could lead to situation where metadata from ZSK and KSK were interchanged. https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC ↵Petr Spacek2015-09-031-1/+1
| | | | | | | | | key master https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interactionPetr Spacek2015-09-031-8/+31
| | | | | | | https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: prevent ipa-ods-exporter from looping after service auto-restartPetr Spacek2015-09-031-0/+6
| | | | | | | | | | | | It might happen that systemd will restart the service even if there is no incomming connection to service socket. In that case we want to exit because HSM synchronization is done before socket.accept() and we want to synchronize HSM and DNS zones at the same time. https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: remove ccache and keytab of ipa-ods-exporterMartin Basti2015-09-033-1/+9
| | | | | | | | | Reusing old ccache after reinstall causes authentication error. And prevents DNSSEC from working. Related to ticket: https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC: backup and restore opendnssec zone list fileMartin Basti2015-09-031-1/+5
| | | | | | | | | | When zone list is not restored after unninstall, this may slow down enbaling DNSSEC signing for zones and print unwanted errors into log after new installation. Related to: https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Installer: do not modify /etc/hosts before user agreementMartin Basti2015-09-034-18/+53
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/4561 As side effect this also fixes: https://fedorahosted.org/freeipa/ticket/5266 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: fix traceback caused by cidictMartin Basti2015-09-031-1/+1
| | | | | | | | Traceback caused by recent py3 code migration. https://fedorahosted.org/freeipa/ticket/5283 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* certprofile: remove 'rename' optionFraser Tweedale2015-09-023-6/+4
| | | | | | | | | The initial fix of ticket 5247 rejected renames, but left the option behind for API compatibility. Remove the option now, according to the consensus that because it never worked, it is fine to remove it. Fixes: https://fedorahosted.org/freeipa/ticket/5247 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Backup: back up the hosts fileMartin Basti2015-09-021-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/5275 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* DNSSEC: remove "DNSSEC is experimental" warningsMartin Basti2015-09-022-20/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/5265 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Convert zip() result to list()Petr Viktorin2015-09-011-2/+2
| | | | | | | | | | In Python 3, zip() returns an iterator. To get a list, it must be explicitly converted. In most cases, zip() result is iterated over so this is not necessary. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-03 17:26:07 +0000