summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix replication setupipa-2-1Simo Sorce2012-01-132-10/+20
| | | | | | Changes to add a cs-replication management tool mistakenly always set a flag that caused replicas to not add the list of attribute we exclude from replication.
* Move ONLY_CLIENT in spec so services.py always gets generated in %installRob Crittenden2012-01-111-1/+1
| | | | Discovered this difference when merging in master branch patches
* Fix two typos in role help.Rob Crittenden2012-01-041-2/+2
| | | | Contributed by Jérôme Fenal
* update i18n pot file for branch ipa-2-1John Dennis2012-01-031-3463/+3271
|
* Make sure that install tools logMartin Kosek2012-01-035-0/+48
| | | | | | | | | | | | | | When any log message is emitted before IPA install tools logging is configured, it may break and leave install tools log empty. This happens for example when ipa-server-install --ip-address=$IP_ADDRESS is run. This patch makes sure that logging is right in these cases. https://fedorahosted.org/freeipa/ticket/2214
* Re-enable web password migration on Fedora 16 after SE Linux policy restrictionsAlexander Bokovoy2011-12-211-0/+2
| | | | | Web password migration tool uses connection to the LDAPI socket. Enable access to the ns-slapd socket.
* Fix some pylint issues found in F-16Rob Crittenden2011-12-093-5/+10
| | | | | | | | * Using default_attributes rather than what would be defined in output is the preferred mechanism for determining what attributes to retrieve. * Replace some add_s() calls with addEntry()
* Remove old RPMROOT contents before it is used for rpmbuildJohn Dennis2011-12-091-0/+1
|
* Add connection failure recovery to IPAdminMartin Kosek2011-12-081-6/+29
| | | | | | | | | | | Recover from connection failures in IPAdmin LDAP bind functions and rather try reconnect in scope of a given timeout instead of giving up after the first failed connection. The recovery fixes ipa-ldap-updater on F-16 which always failed because of a missing dirsrv socket. https://fedorahosted.org/freeipa/ticket/2175
* Reorder privileges so that memberof for permissions are generated properly.Rob Crittenden2011-12-084-21/+34
| | | | | | | | | | | | The privilege was added after the permission causing the memberof to not be generated. Add a new task to regenerate memberof for existing PBAC to fix upgrades. https://fedorahosted.org/freeipa/ticket/2058 https://fedorahosted.org/freeipa/ticket/2059 https://fedorahosted.org/freeipa/ticket/2060 https://fedorahosted.org/freeipa/ticket/2061
* Use absolute paths when trying to find certmonger request id.Rob Crittenden2011-12-081-9/+14
| | | | | | | | | The value stored in certmonger is not guaranteed to be normalized nor is the value passed-in (could be a relative path and may or not contain trailing slash). We do direct string compares so they need to match exactly or we won't find the request. https://fedorahosted.org/freeipa/ticket/1942
* ticket 2172 - If "make rpms" fails so will the next makeJohn Dennis2011-12-082-11/+11
| | | | | | | | | | | | | If "make rpms" fails it doesn't clean up the rpmbuild directory it created. The next make-lint will also fail because it finds files under rpmbuild. make-lint is invoked by "make rpms", a vicous cycle. The patch contains two sets of changes Include "rpmbuild" in the IGNORE_PATHS list of make-lint. Fix the Makefile to use $(RPMBUILD) consistently, there were a number of hardcoded uses of "rpmbuild" as a direcotry.
* Become IPA 2.1.4Rob Crittenden2011-12-051-1/+1
|
* Remove extraneous trailing single quote in nis.uldifRob Crittenden2011-12-051-1/+1
|
* Require an HTTP Referer header in the server. Send one in ipa tools.Rob Crittenden2011-12-055-5/+67
| | | | | | | | | | This is to prevent a Cross-Site Request Forgery (CSRF) attack where a rogue server tricks a user who was logged into the FreeIPA management interface into visiting a specially-crafted URL where the attacker could perform FreeIPA oonfiguration changes with the privileges of the logged-in user. https://bugzilla.redhat.com/show_bug.cgi?id=747710
* ipa_kpasswd: Update selinux policies for ldap and urandomEvgeny Sinelnikov2011-12-041-0/+6
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/2160
* Make ipa-server-install clean after itselfMartin Kosek2011-11-291-9/+36
| | | | | | | | | | | | | | | ipa-server-install may create some files in the first phase of installation before the actual installation and configuring of services starts. If the installation is interrupted, these files may prevent installing the server again until IPA server is uninstalled. This may be confusing and annoying for the user. This patch safely recovers all known files that could be created in the first phase of the installation. No clean up is done if the actual installation has not started yet or the installation returned success. https://fedorahosted.org/freeipa/ticket/1980
* Enable automember for upgraded serversMartin Kosek2011-11-292-0/+23
| | | | | | | | | automember functionality is depends on predefined data is in LDAP. Since we add it for fresh installs only, automember cannot be used for upgraded servers. Make sure that automember LDAP data is added during upgrade too. https://fedorahosted.org/freeipa/ticket/1992
* Client install root privileges checkOndrej Hamada2011-11-211-2/+2
| | | | | | | | | ipa-client-install was failing and returning traceback when wasn't run by root. It was caused by logging initialization that was taking part before the root privileges check. To correct it, the check was moved before the logging initialization. https://fedorahosted.org/freeipa/ticket/2123
* Let PublicError accept Gettext objectsMartin Kosek2011-11-161-1/+4
| | | | | | | | Make sure that PublicError does not crash when it receives Gettext/NGettext object. Instead of throwing a type error, do the translation to receive the required unicode text. https://fedorahosted.org/freeipa/ticket/2096
* Fix ipa-managed-entries bind procedureMartin Kosek2011-11-161-7/+13
| | | | | | | | | Make sure that when Directory Manager password is entered, we directly do a simple bind instead of trying binding via GSSAPI. Also capture ldap.INVALID_CREDENTIALS exception and provide nice error message than crash. https://fedorahosted.org/freeipa/ticket/1927
* Don't allow default objectclass list to be empty.Rob Crittenden2011-11-091-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/1945
* Added current password field.Endi S. Dewata2011-11-073-6/+32
| | | | | | | | The reset password dialog for user has been modified to provide a field to specify the current password when changing the user's own password. Ticket #2065
* Modify random salt creation for interoperabilitySimo Sorce2011-11-051-8/+32
| | | | | | | | port to ipa-2-1 ameneded math safety issue See: https://fedorahosted.org/freeipa/ticket/2038
* Fix ipa-replica-conncheck port labelsMartin Kosek2011-11-041-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/2057
* Fix ipa-server-install answer cacheMartin Kosek2011-11-031-39/+26
| | | | | | | | | | | | | Current Answer Cache storing mechanism is not ideal for storing non-trivial Python types like arrays, custom classes, etc. RawConfigParser just translates values to string, which are not correctly decoded when the Answer Cache is parsed and restored in the installer. This patch replaces RawConfigParser with Python's standard pickle module, which is a recommended way for serialization in Python. https://fedorahosted.org/freeipa/ticket/2054
* Fix nis netgroup config entry so users appear in netgroup triple.Rob Crittenden2011-10-273-1/+5
| | | | https://fedorahosted.org/freeipa/ticket/2028
* Fix ipa-managed-entries password option long formMartin Kosek2011-10-261-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1913
* Quote multiple workers optionAlexander Bokovoy2011-10-251-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2023
* Update spec file to F-16Alexander Bokovoy2011-10-241-1/+77
|
* Spin for connection success also when socket is not (yet) availableAlexander Bokovoy2011-10-241-1/+1
| | | | | | | | | | We were spinning for socket connection if attempt to connect returned errno 111 (connection refused). However, it is not enough for local AF_UNIX sockets as heavy applications might not be able to start yet and therefore the whole path might be missing. So spin for errno 2 (no such file or directory) as well. Partial fix for https://fedorahosted.org/freeipa/ticket/1990
* Add support for systemd environments and use it to support Fedora 16Alexander Bokovoy2011-10-2412-19/+381
| | | | https://fedorahosted.org/freeipa/ticket/1192
* Fix problems in help systemRob Crittenden2011-10-201-0/+8
| | | | | | | | | | Fixes 3 issues: - If a topic has all its commands disabled, it should be disabled - If a command is disabled its help should be disabled - The show-mappings help was missing a doc string so no help was displayed https://fedorahosted.org/freeipa/ticket/1998
* Ticket 1201 - Unable to Download Certificate with BrowserJohn Dennis2011-10-212-15/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Certificates are passed through the IPA XML-RPC and JSON as binary data in DER X509 format. Queries peformed against the LDAP server also return binary DER X509 format. In all cases the binary DER data is base-64 encoded. PEM is standard text format for certificates. It also uses base64 to encode the binary DER data, but had specific formatting requirements. The base64 data must be wrapped inside PEM delimiters and the base64 data must be line wrapped at 64 characters. Most external software which accepts certificates as input will only accept DER or PEM format (e.g. openssl & NSS). Although base64 is closely related to PEM it is not PEM unless the PEM delimters are present and the base64 data is line wrapped at 64 characters. We already convert binary DER certificates which have been passed as base64 in other parts of the IPA code. However this conversion has not been available in the web UI. When the web UI presented certificates it did so by filling a dialog box with a single line of base64 data. A user could not copy this data and use it as input to openssl or NSS for example. We resolve this problem by introducing new javascript functions in certificate.js. IPA.cert.pem_cert_format(text) will examine the text input and if it's already in PEM format just return it unmodified, otherwise it will line wrap the base64 data and add the PEM delimiters. Thus it is safe to call on either a previously formated PEM cert or a binary DER cert encoded as base64. This applies to pem_csr_format() as well for CSR's. Because pem_cert_format() is safe to call on either format the web UI will see the use of the flag add_pem_delimiters was eliminated except in the one case where the IPA.cert.download_dialog() was being abused to display PKCS12 binary data (pkcs12 is neither a cert nor a cert request). Because of the abuse of the cert.download_dialog() for pkcs12 it was necessary to retain the flag which in effect said "do not treat the data as PEM". Modify the CSR (Certificate Signing Request) dialog box to accept a PEM formatted CSR. Remove the artifical PEM delimiters above and below the dialog box which were used to suggest the input needed to be sans the delimiters. The dialog box continues to accept bare base64 thus allowing either text format. Also note this solves the display of certificate data in the UI without touching anything existing code in the server or command line, thus it's isolated.
* hbactest fails while you have svcgroup in hbacruleAlexander Bokovoy2011-10-201-2/+3
| | | | https://fedorahosted.org/freeipa/ticket/1988
* Fix client krb5 domain mapping and DNSMartin Kosek2011-10-211-7/+13
| | | | | | | | | | | Add Kerberos mapping for clients outside of server domain. Otherwise certmonger had problems issuing the certificate. Also make sure that client DNS records on the server are set before certmonger is started and certificate is requested. Based on Lars Sjostrom patch. https://fedorahosted.org/freeipa/ticket/2006
* Become IPA 2.1.3Rob Crittenden2011-10-171-1/+1
|
* Fixed: Unable to add external user for RunAs User for Sudo rulesPetr Vobornik2011-10-171-0/+2
| | | | | | | https://fedorahosted.org/freeipa/ticket/1987 There is no way to add root or any external user as a RunAs User for a Sudo Rule.
* Improve hostgroup/netgroup collision checksMartin Kosek2011-10-172-2/+32
| | | | | | | | | | | | | | | When the NGP plugin is enabled, a managed netgroup is created for every hostgroup. We already check that netgroup with the same name does not exist and provide a meaningful error message. However, this error message was also printed when a duplicate hostgroup existed. This patch checks for duplicate hostgroup existence first and netgroup on the second place. It also makes sure that when NGP plugin is (temporarily) disabled, a colliding netgroup cannot be created. https://fedorahosted.org/freeipa/ticket/1914
* Fix typo in invalid PTR record error messageRob Crittenden2011-10-131-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1982
* If our domain is already configured in sssd.conf start with a new config.Rob Crittenden2011-10-131-1/+12
| | | | https://fedorahosted.org/freeipa/ticket/1989
* Update all LDAP configuration files that we can.Rob Crittenden2011-10-131-2/+5
| | | | | | | LDAP can be configured in any number of places, we need to update everything we find. https://fedorahosted.org/freeipa/ticket/1986
* Use set class instead of dictview class as set is wider supportedAlexander Bokovoy2011-10-131-2/+2
|
* Handle an empty value in a name/value pair in config_replace_variables()Rob Crittenden2011-10-131-1/+3
| | | | | | | | | This would blow up if you tried to append a value to an entry that looked like: NAME= https://fedorahosted.org/freeipa/ticket/1983
* Set min nvr of 389-ds-base to 1.2.10-0.4.a4 for limits fixes (740942, 742324)Rob Crittenden2011-10-131-3/+5
|
* Fix ipa-client-install -U option alignmentMartin Kosek2011-10-141-0/+1
|
* Document --preserve-sssd option of ipa-client-installAlexander Bokovoy2011-10-141-0/+9
| | | | | | | | | | | Add documentation about --preserve-sssd, an ipa-client-install's option to honor previously available SSSD configuration in case it is not possible to merge it cleanly with the new one. In this case ipa-client-install will fail and ask user to fix SSSD config before continuing. Additional fix for https://fedorahosted.org/freeipa/ticket/1750 https://fedorahosted.org/freeipa/ticket/1769
* Add explicit instructions to ipa-replica-manage for winsync replicationRob Crittenden2011-10-141-2/+29
| | | | https://fedorahosted.org/freeipa/ticket/1946
* Save the value of hostname even if it doesn't appear in /etc/sysconfig/networkRob Crittenden2011-10-131-1/+4
| | | | https://fedorahosted.org/freeipa/ticket/1871
* Check /etc/hosts file in ipa-server-installMartin Kosek2011-10-133-10/+42
| | | | | | | | There may already be a record in /etc/hosts for chosen IP address which may not be detected under some circumstances. Make sure that /etc/hosts is checked properly. https://fedorahosted.org/freeipa/ticket/1923
generated by cgit (git 2.34.1) at 2025-08-31 06:05:38 +0000