| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
The string "wbclient" is not mentioned anywhere in
source code and there isn't any issue with building
freeipa packages without this package.
Reviewed-By: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Like for services setting the ipaKrbAuthzData attribute on a user object will
allow us to control exactly what authz data is allowed for that user.
Setting NONE would allow no authz data, while setting MS-PAC would allow only
Active Directory compatible data.
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/2579
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The value of LDAP_PAGE_SIZE was changed in samba-4.4
and it caused warning because it's already defined
in samba header files
ipa_sam.c:114:0: warning: "LDAP_PAGE_SIZE" redefined
#define LDAP_PAGE_SIZE 1024
In file included from /usr/include/samba-4.0/smbldap.h:24:0,
from ipa_sam.c:31:
/usr/include/samba-4.0/smb_ldap.h:81:0: note: this is the location of the previous definition
#define LDAP_PAGE_SIZE 1000
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
nsSSLCiphers: "default" provides only secure ciphers that should be used when
connecting to DS
https://fedorahosted.org/freeipa/ticket/5684
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The short hostname construction for the negative test case in
test_cert_plugin::test_cert_find suite could not work when domain name was
different as hostname of the test runner, leading to test failure. A more
naive approach works better in this case.
https://fedorahosted.org/freeipa/ticket/5688
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The AC_PROG_LIBTOOL macro is obsoleted by since libtool-2.0
which is already in rhel6+
https://fedorahosted.org/FedoraReview/wiki/AutoTools
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some legacy softare is not able to properly cope with preauthentication,
allow the admins to disable the requirement to use preauthentication for
all Service Principal Names if they so desire. IPA Users are excluded,
for users, which use password of lessere entrpy, preauthentication is
always required by default.
This setting does NOT override explicit policies set on service principals
or in the global policy, it only affects the default.
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/3860
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
| |
Reviewed-By: Milan Kubik <mkubik@redhat.com>
|
| |
|
|
|
|
|
| |
The config file specifies 8 cores but Pylint very quickly
ends up with 3 cores so do not worry about overwhelming your system.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
| |
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
|
|
|
| |
First argumet has been unused and can be safely removed, because server
is not used for nsupdate anymore
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The "except ValueError as UnicodeDecodeError" looks very suspicious.
Commit change except to catch both exceptions.
https://fedorahosted.org/freeipa/ticket/5718
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Reworks also sessionStorage test because disablement of cookies might be connected
with sessionStorage and localStorage. E.g. Chrome raises exception when *Storage
is accessed with "Block sites from setting any data" settings set in
"Content Settings/Cookies" section.
https://fedorahosted.org/freeipa/ticket/4338
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Test will use tasks methods instead of custom commands to be able work
with domain levels.
https://fedorahosted.org/freeipa/ticket/5606
Reviewed-By: Milan Kubik <mkubik@redhat.com>
|
| |
|
|
|
|
| |
We're not using Transifex to manage our translations anymore.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The 'net' command fails unless smb.conf exists. Touch
the file prior to any 'net' call to make sure we do not crash
for this very reason.
https://fedorahosted.org/freeipa/ticket/5687
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for https://fedorahosted.org/freeipa/ticket/5638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
module
For historical reasons, the string module contained some functions
that mirror methods of the str type. These are eremoved in Python 3.
Use str methods instead.
Part of the work for https://fedorahosted.org/freeipa/ticket/5638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
ipacheckldap uses a schema-less connection with decode_attrs=False,
so bytes need to be decoded manually.
This was not a problem in Python2 where bytes and unicode could
be mixed freely.
Part of the work for https://fedorahosted.org/freeipa/ticket/5638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
| |
The function wasn't used anywhere else.
Part of the work for https://fedorahosted.org/freeipa/ticket/5638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
Call the add_message() method of Command from anywhere in the implementation
of a command to add a message to the result of the command.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
| |
Add context which is valid for the duration of command call. The context
is accessible using the `context` attribute of Command and Object plugins.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4026
When a replica needs to extend its DNA range, it selects the remote replica with the
larger available range. If there is no replica agreement to that remote replica,
the shared config entry needs to contain the connection method/protocol.
This fix requires 389-ds
* https://fedorahosted.org/389/ticket/47779
* https://fedorahosted.org/389/ticket/48362
That are both fixed in 1.3.4.6
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
| |
Reviewed-By: Milan Kubik <mkubik@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
pylint 1.5 prints many false positive no-member errors which are
supressed by this commit.
https://fedorahosted.org/freeipa/ticket/5615
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Help and status text used incorrect name "ipa-migrate-winsync"
https://fedorahosted.org/freeipa/ticket/5713
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Regression caused by commit 9818e463f5d0a91b300801ee7c8f31f25de402b2,
admin_conn should be connected in method if there is no connection.
https://fedorahosted.org/freeipa/ticket/5665
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
| |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5709
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
| |
Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
|
| |
|
|
| |
Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The deployment descriptor used during CA/KRA install was modified to use LDAPS
to communicate with DS backend. This will enable standalone CA/KRA
installation on top of hardened directory server configuration.
https://fedorahosted.org/freeipa/ticket/5570
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
authconfig in config_redhat_nss_ldap and config_redhat_nss_pam_ldapd got
new option --enableldaptls
It should have effect primarily on el5 systems.
https://fedorahosted.org/freeipa/ticket/5654
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4403
https://fedorahosted.org/freeipa/ticket/4436
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently in an environment with trust to AD the compat tree does not
show AD users as members of IPA groups. The reason is that IPA groups
are read directly from the IPA DS tree and external groups are not
handled.
slapi-nis project has added support for it in 0.55, make sure we update
configuration for the group map if it exists and depend on 0.55 version.
https://fedorahosted.org/freeipa/ticket/4403
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
PTR records are not mandratory for IPA, result fo checks should be only
warning not hard error.
https://fedorahosted.org/freeipa/ticket/5686
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for https://fedorahosted.org/freeipa/ticket/5638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The scripts in this directory are simple python scripts, nothing arch-specific
in them. Having them under libexec would simplify the code a bit too, since
there would be no need to worry about lib vs lib64 (which also cause trouble
on Debian).
https://fedorahosted.org/freeipa/ticket/5586
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Configure certmonger to start tracking certificate for httpd.
https://fedorahosted.org/freeipa/ticket/5586
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
| |
Configure certmonger to start tracing certificate for DS.
https://fedorahosted.org/freeipa/ticket/5586
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
| |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This permission cannot be MANAGED permission because it is located in
nonreplicating part of the LDAP tree.
As side effect, the particular ACI has not been created on all replicas.
This commit makes Read Replication Agreements non managed permission and
also fix missing ACI on replicas.
https://fedorahosted.org/freeipa/ticket/5631
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Attributes are added to IPA error objects dynamicaly and pylint is not
able to handle it itself. Add missing attributes to definitions in
pylint plugin.
https://fedorahosted.org/freeipa/ticket/5615
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
Both exceptions have been catched before, so it is bacically dead code
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Newer versions of sssd use native IPA schema to process sudo rules.
However, this schema currently has no support for hostmask-based rules
and causes some sudo CI tests to fail. We have to temporarily set
sssd.conf to use ou=sudoers,$SUFFIX as a sudo rule search base when
executing them.
https://fedorahosted.org/freeipa/ticket/5625
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
| |
This reverts commit 8112ac69ccf56dd98c5eb6e77ea131b4665bd1cf.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Don't put any IPA certificates to /etc/pki/nssdb - IPA itself uses
/etc/ipa/nssdb and IPA CA certificates are provided to the system using
p11-kit. Remove leftovers on upgrade.
https://fedorahosted.org/freeipa/ticket/5592
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
