summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Use PATH in env when running commands to find binaries.ipa-1-2Rob Crittenden2010-11-176-12/+15
| | | | | | | | Fedora 14 moved the kerberos binaries from /usr/kerberos/[s]bin to /usr/[s]bin. Pass PATH to the environment in ipautil.run() so we can work universally across distributions. Bug 650725
* Add libvirt as a service typeRob Crittenden2010-07-061-0/+1
| | | | 476652
* gpg2 requires --batch to use the --passphrase* arguments.Rob Crittenden2010-05-271-10/+10
| | | | | | This was causing replica creation and installation to fail. 596446
* handle kdb stash being a keytabRob Crittenden2010-04-011-3/+59
| | | | | | | | | | | | | | | In krb5 1.7 and later, the stash file (/var/kerberos/krb5kdc/.k5.$REALM on Fedora) is created in the regular keytab format instead of the older less-portable one. Based from comments and code in kt_file.c, here's a change to try to recognize that case (the file starts with a magic number) and read the master key from Python. The KDC will still read either format, so I left the bits that set things up on replicas alone (advice appreciated). The patch works as expected on my 64-bit box, both on RHEL5 (krb5 1.6.1 with a traditional stash file) and on Raw Hide (krb5 1.7 with a keytab). Backported from IPA v2 patch submitted by Nalin Dahyabhai <nalin@redhat.com>
* Since one needs to enable the compat plugin we will enable anonymous VLV ↵Rob Crittenden2010-04-011-0/+4
| | | | | | | | | when that is configured. By default the DS installs an aci that grants read access to ldap:///all and we need ldap:///anyone This is needed for Solaris to be able to see users.
* Explicitly pull the schema attribute operational attributesRob Crittenden2010-01-181-1/+1
| | | | | | | | 389-ds changed changed its schema related to schema to be more RFC-complaint, making the schema attributes operational so we need to explicitly request the ones we want. Resolves BZ #544927
* Become version 1.2.2release-1-2-2Rob Crittenden2009-09-091-1/+1
|
* Own the Apache configuration files we will generateRob Crittenden2009-09-041-0/+10
|
* Better upgrade detection so we don't print spurious errorsRob Crittenden2009-09-041-15/+40
| | | | | | Also add copyright 519414
* Add an option for a CA to be regenerated, fix bug in CA basic constraintRob Crittenden2009-09-021-16/+29
|
* Add the CA constraint to the self-signed CA we generateRob Crittenden2009-08-271-11/+19
| | | | 514027
* Rename new selinux file accidentally committed to the wrong directoryRob Crittenden2009-07-301-0/+0
|
* Fix deprecation error of BaseException.message in Python 2.6Rob Crittenden2009-07-3019-23/+23
|
* Backport certs.py patches from master.Rob Crittenden2009-07-301-10/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix deprecation warning for the sha library on Python 2.6 sha has been replaced by hashlib. We need to support Python 2.4 - 2.6 so this will use hashlib if available but fall back onto sha if not. Fortunately they use the same API for the function we need. 509042 Identify CAs to trust from an imported PKCS#12 file We used to use certutil -O to determine the cert chain to trust. This behavior changed in F-11 such that untrusted CAs are not displayed. This is only used when we import PKCS#12 files so use pk12util -l to display the list of certs and keys in the file to determine the nickname(s) of the CAs to trust. 509111 No need to trust NSS built-in CA's, more specific regex for finding CA nickname - Add some logging so we have a better idea of what happened if things fail - Default to self-signed CA to trust if one is not found. This will fix the self-signed CA case where certutil doesn't return untrusted CA's in -O output. - Remove unused httplib import
* Remove unused imports, popen2 was causing python 2.6 deprecation errorsRob Crittenden2009-07-301-34/+28
| | | | | Also rename some variables, type and filter, that shadowed builtins Fixed the naming of some private functions
* Add conditional for new SELinux capabilities available in Fedora 11rcrit2009-07-232-11/+11
|
* Make the UI work when both python-cherrypy and python-cherrypy2 are installedRob Crittenden2009-06-181-1/+6
| | | | | | | Also shut down logging different in ipa_webui. Rather than calling logging.shutdown() pull all the log handlers and close them. 505686
* Fix group deletion.Rob Crittenden2009-02-101-1/+3
| | | | | | | | The attributes on the group new, edit, etc pages are limited to a few known/needed ones. Add dn to the list of hidden fields so we can pass this onto the subcontroller group.delete(). 484050
* Fix delegation using the special python-kerberos patch.Simo Sorce2009-01-261-1/+4
|
* memberof was not indexed in older versions of fedora-ds, keep it aroundSimo Sorce2008-12-051-0/+7
| | | | as an update so that if it is not there it will be added
* Fix stupid typo in update filerelease-1-2-1Simo Sorce2008-12-031-1/+1
|
* Bump up the version number for a new releaseSimo Sorce2008-12-031-1/+1
|
* Change ipa-compat-manage to work on older python versions too. Break ↵Simo Sorce2008-12-031-36/+50
| | | | try,except,finally into a try,try,finally,except Add also checks for LDAPError, errors.
* One line fix for ipa-server spec fileSimo Sorce2008-12-031-0/+1
|
* Adding an index for memberuid. Alsthough we do not use this attribute, many ↵Simo Sorce2008-12-022-0/+12
| | | | clients still ask for it so let's index it and make stuff faster.
* Forgot to add ipa-compat-manage to the sbin programsSimo Sorce2008-12-021-0/+1
|
* Add man page for ipa-compat-manageSimo Sorce2008-12-022-0/+47
|
* Fix makefiles after schema compat changesSimo Sorce2008-12-023-2/+3
|
* Corrected usage messages and manpage to match the logic for the ↵Nathan Kinder2008-12-012-2/+2
| | | | ipa-replica-manage init command.
* Fix typo, thanks to Michele for pointing it outSimo Sorce2008-12-011-1/+1
|
* Run updates on the replica too, otherwise changes to cn=config will be missing.Simo Sorce2008-12-011-0/+4
|
* Make sure the CA cert is copied to the replica, fail if no ca.crt is ↵Simo Sorce2008-12-012-1/+16
| | | | available. Cope with some versions of ipa that forgot to copy the ca.crt cert in the right place.
* Add tool to enable or disable the schema compatibility pluginSimo Sorce2008-12-012-0/+157
|
* add passsync to ipa-replica-manage man pageRich Megginson2008-11-251-0/+3
|
* do not use ipaerror directly in ipa-replica-manage - use ldap exception insteadRich Megginson2008-11-251-1/+1
|
* Fix memleaks found by valgrindSimo Sorce2008-11-201-5/+17
|
* We must always zero out the target ientry unconditionally where it is usedSimo Sorce2008-11-201-14/+6
| | | | and never free it in the destructor.
* Avoid potential crashbug on invalid DNs (not in the tree).Simo Sorce2008-11-191-25/+81
|
* Fix error in validation when editing new groups via the UIRob Crittenden2008-11-191-0/+2
| | | | 471808
* Fix a free before use bug, it may lead to crashes but usually just corruptsrelease-1-2-0Simo Sorce2008-11-141-3/+2
| | | | | | the changepw dn we store so that it won't match. This causes normal password changes to be interpreted as password resets instead, and the new legit password is immediately expired.
* This is not a git snapshotSimo Sorce2008-11-131-1/+1
|
* set winsync account disable sync default value to both instead of noneRich Megginson2008-11-131-1/+1
|
* Bump up version number to 1.2.0Simo Sorce2008-11-131-2/+2
|
* wait for sync agreement to be ready before startingRich Megginson2008-11-131-0/+45
| | | | Added checking for error status - Added maxtries so that the script won't wait forever if there is something wrong
* Fix appending to a multi-valued field.Rob Crittenden2008-11-121-1/+1
| | | | | There was a bug where only the first value of a multi-valued field would be returned.
* Remove the column width from #details table.details tdRob Crittenden2008-11-121-1/+0
| | | | | | This should make the User Find results page look nicer. 470428
* Present a less-cryptic error if the replication agreement doesn't existRob Crittenden2008-11-121-1/+4
|
* Create a user for Windows PassSync and grant password changing permissionsRob Crittenden2008-11-122-2/+44
| | | | | | | | | This does 3 things: 1. Create a user for the Windows PassSync service 2. Add this use to the list of users that can skip password policies 3. Add an aci that grants permission to write the password attributes 471130
* Fix deleting a winsync replication agreement.Rob Crittenden2008-11-122-11/+32
|
* Make the list of users that can skip passwrod policies configurable.Simo Sorce2008-11-121-48/+105
| | | | | | | | | | | Addresses bz#471130 Also fix bugs in ipapwd_start. Also remove mutex, it is not necessary with the current code, we needed it when we used to change reload the configuration and keep it referenced in a static pointer. ipapwd_start runs only once and the global variables it sets are fixed in stone until DS is restarted.
generated by cgit (git 2.34.1) at 2025-08-31 05:24:50 +0000