summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* ipa-server-install: mark master_password Knob as deprecatedMartin Babinsky2015-10-011-0/+1
| | | | | | | | | fixes a regression introduced during fixing https://fedorahosted.org/freeipa/ticket/5184 https://fedorahosted.org/freeipa/ticket/5335 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: fix ipa-server-install fail on missing --forwarderJan Cholasta2015-10-013-4/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Added a proper workaround for dnssec test failures in Beaker environmentOleg Fayans2015-10-011-3/+9
| | | | | | | | | | | | | | In beaker lab the situation when master and replica have ip addresses from different subnets is quite frequent. When a replica has ip from different subnet than master's, ipa-replica-prepare looks up a proper reverse zone to add a pointer record, and if it does not find it, it asks a user for permission to create it automatically. It breaks the tests adding the unexpected input. The workaround is to always create a reverse zone for a new replica. Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: fix invocation of KRAInstance.create_instance()Jan Cholasta2015-10-011-1/+1
| | | | Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Replace StandardError with ExceptionRobert Kuska2015-09-3021-49/+49
| | | | | | | | StandardError was removed in Python3 and instead Exception should be used. Signed-off-by: Robert Kuska <rkuska@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: improve performance of search in association dialogPetr Vobornik2015-09-301-5/+12
| | | | | | | | | | By adding no_members option to commands which supports it. It then skips memberof procession on the server side. https://fedorahosted.org/freeipa/ticket/5271 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix an integer underflow bug in libotpNathaniel McCallum2015-09-291-3/+3
| | | | | | | | | | Temporarily storing the offset time in an unsigned integer causes the value of the offset to underflow when a (valid) negative offset value is generated. Using a signed variable avoids this problem. https://fedorahosted.org/freeipa/ticket/5333 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Replica inst. fix: do not require -r, -a, -p options in unattended modeMartin Basti2015-09-292-7/+6
| | | | | | | | | | Previous patches for this ticket introduced error, that replica install requires to specify -r, -p and -a option in unattended mode. This options are not needed on replica side. https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Milan Kubík <mkubik@redhat.com>
* dnssec option missing in ipa-dns-install man pageGabe2015-09-253-0/+18
| | | | | | | | - Add DNSSEC option ipa-replica-install and ipa-server-install man page as well https://fedorahosted.org/freeipa/ticket/5300 Reviewed-By: Martin Basti <mbasti@redhat.com>
* CI: backup and restore with KRAMartin Basti2015-09-251-0/+77
| | | | Reviewed-By: Milan Kubík <mkubik@redhat.com>
* winsync-migrate: Properly handle collisions in the names of external groupsTomas Babej2015-09-231-3/+14
| | | | | | | | | | | | | Since the names of the external groups containing the migrated users must be stripped of characters which are not valid for use in group names, two different groups might be mapped to one during this process. Properly handle collisions in the names by adding an incremental numeric suffix. https://fedorahosted.org/freeipa/ticket/5319 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* winsync-migrate: Convert entity names to posix friendly stringsTomas Babej2015-09-232-3/+35
| | | | | | | | | | | | | | | | | | | | | | During the migration from winsync replicated users to their trusted identities, memberships are being preserved. However, trusted users are external and as such cannot be added as direct members to the IPA entities. External groups which encapsulate the migrated users are added as members to those entities instead. The name of the external group is generated from the type of the entity and its name. However, the entity's name can contain characters which are invalid for use in the group name. Adds a helper function to convert a given string to a string which would be valid for such use and leverages it in the winsync-migrate tool. https://fedorahosted.org/freeipa/ticket/5319 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: fix kdcproxy user home directoryJan Cholasta2015-09-233-2/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* platform: add option to create home directory when adding userJan Cholasta2015-09-232-4/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* destroy httpd ccache after stopping the serviceMartin Babinsky2015-09-231-0/+1
| | | | | | | | | This will force recreation of the file-based ccache after IPA restore and prevent a mismatch between cached and restored Kerberos keys. https://fedorahosted.org/freeipa/ticket/5296 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: create kdcproxy user during server installJan Cholasta2015-09-224-13/+18
| | | | | | | | | | This change makes kdcproxy user creation consistent with DS and CA user creation. Before, the user was created in the spec file, in %pre scriptlet of freeipa-server. https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Rewrap errors in get_principal to CCacheErrorMichael Simacek2015-09-224-8/+16
| | | | | | | | | Causes nicer error message when kerberos credentials are not available. https://fedorahosted.org/freeipa/ticket/5272 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipa-backup: Add mechanism to store empty directory structureTomas Babej2015-09-223-3/+51
| | | | | | | | | | | | | Certain subcomponents of IPA, such as Dogtag, cannot function if non-critical directories (such as log directories) have not been stored in the backup. This patch implements storage of selected empty directories, while preserving attributes and SELinux context. https://fedorahosted.org/freeipa/ticket/5297 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move unattended option to the general help sectionJan Cholasta2015-09-221-10/+11
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: Add common base class for server and replica installJan Cholasta2015-09-223-564/+525
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: Support overriding knobs in subclassesJan Cholasta2015-09-222-94/+124
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Simplify the install_replica_ca functionSimo Sorce2015-09-221-10/+5
| | | | | | | | Instantiate CAInstall only once instead of 3 times in a row always with the same values. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused argumentsSimo Sorce2015-09-224-15/+9
| | | | | | | | In the dogtag/ca/kra instances self.domain is never used. Remove it. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Standardize minvalue for ipasearchrecordlimit and ipasesarchsizelimit for ↵Gabe2015-09-226-20/+25
| | | | | | | | unlimited minvalue https://fedorahosted.org/freeipa/ticket/4023 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: use manual Firefox configuration for Firefox >= 40Petr Vobornik2015-09-212-6/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | The intended course of action is to show manual configuration in browserconfig.html instead of configuration with the extension for versions of Firefox >= 40. The reasoning is: * plan for enterprise environments was not published yet which forces as to use AMO (addons.mozilla.org) * with AMO the user experience is worse than a manual configuration steps for AMO: * go to AMO page * installed the extension * go back to IPA page * probably refresh * click configure * confirm manual config: * go to about:config * set network.negotiate-auth.trusted-uris with *domain.name https://fedorahosted.org/freeipa/ticket/4906 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Server Upgrade: addifnew should not create entryMartin Basti2015-09-211-2/+2
| | | | | | | addifnew should add value only if entry exists, instead of creating entry. Reviewed-By: David Kupka <dkupka@redhat.com>
* Limit max age of replication changelogMartin Basti2015-09-212-0/+5
| | | | | | | | | Limit max age of replication changelog to seven days, instead of grow to unlimited size. https://fedorahosted.org/freeipa/ticket/5086 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: support KRA updateJan Cholasta2015-09-178-42/+60
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: add permissions and administrator privilegeJan Cholasta2015-09-173-0/+128
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: update access controlJan Cholasta2015-09-171-8/+14
| | | | | | | | | Do not allow vault and container owners to manage owners. Allow adding vaults and containers only if owner is set to the current user. https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: set owner to current user on container creationJan Cholasta2015-09-171-20/+1
| | | | | | | | This reverts commit 419754b1c11139435ae5b5082a51026da0d5e730. https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: add vault container commandsPetr Vobornik2015-09-173-23/+277
| | | | | | | | | | | | | | | | adds commands: * vaultcontainer-show [--service <service>|--user <user>|--shared ] * vaultcontainer-del [--service <service>|--user <user>|--shared ] * vaultcontainer-add-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] * vaultcontainer-remove-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* baseldap: make subtree deletion optional in LDAPDeleteJan Cholasta2015-09-171-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Use byte literals where appropriateJan Cholasta2015-09-177-28/+28
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use bytes instead of str where appropriateJan Cholasta2015-09-176-33/+33
| | | | | | Under Python 2, "str" and "bytes" are synonyms. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-1790-0/+394
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Add basic tests for certificate profile pluginMilan Kubík2015-09-166-1/+1158
| | | | | Reviewed-By: Lenka Doudova <ldoudova@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* ipatests: Add Certprofile tracker class implementationMilan Kubík2015-09-162-0/+145
| | | | | | | https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Lenka Doudova <ldoudova@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Add Chromium configuration note to ssbrowserGabe2015-09-161-0/+5
| | | | | | | | | | | - As Chromium and Chrome share most of the same code base but are configured in different locations, add a note showing the different configuration locations. A part of https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* backup CI: test DNS/DNSSEC after backup and restoreMartin Basti2015-09-162-0/+155
| | | | Reviewed-By: Milan Kubík <mkubik@redhat.com>
* DNSSEC CI: test master migrationMartin Basti2015-09-161-0/+149
| | | | Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: improve CI testMartin Basti2015-09-161-4/+109
| | | | | | Test disabling and re-enabling zone signing. Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* winsync: Add inetUser objectclass to the passsync sysaccountTomas Babej2015-09-163-1/+5
| | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=1262315 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* config: allow user/host attributes with tagging optionsJan Cholasta2015-09-161-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5295 Reviewed-By: David Kupka <dkupka@redhat.com>
* Updated number of legacy permission in ipatestsAbhijeet Kasurde2015-09-161-1/+1
| | | | | | | | | | | | Since IPA 4.2 has an additional permission "Request Certificate ignoring CA ACLs", the number of legacy permission in testcase is updated from 8 to 9. https://fedorahosted.org/freeipa/ticket/5264 Signed off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Server Install: print message that client is being installedMartin Basti2015-09-112-0/+2
| | | | | | | | IPA client is installed on server side during "Restarting web server" step, which lasts too long. This commit explicitly print message that IPA client is being installed. Reviewed-By: Simo Sorce <ssorce@redhat.com>
* IPA Restore: allows to specify files that should be removedMartin Basti2015-09-111-0/+28
| | | | | | | | | | | | | Some files/directories should be removed before backup files are copied to filesystem. In case of DNSSEC, the /var/lib/ipa/dnssec/tokens directory has to be removed, otherwise tokens that are backed up and existing tokens will be mixed and SOFTHSM log in will not work https://fedorahosted.org/freeipa/ticket/5293 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: backup CS.cfg when dogtag is turned offMartin Basti2015-09-111-1/+4
| | | | | | | | Is unable to made CS.cfg when dogtag is running. https://fedorahosted.org/freeipa/ticket/5287 Reviewed-By: David Kupka <dkupka@redhat.com>
* Handle timeout error in ipa-httpd-kdcproxyChristian Heimes2015-09-101-1/+2
| | | | | | | | | The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly. A timeout does no longer result into an Apache startup error. https://fedorahosted.org/freeipa/ticket/5292 Reviewed-By: Martin Basti <mbasti@redhat.com>
* FIX vault testsMartin Basti2015-09-091-6/+33
| | | | Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
generated by cgit (git 2.34.1) at 2026-03-09 11:11:12 +0000