summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* webui: unable to select single value in CB by enter keyPetr Vobornik2015-04-141-0/+1
| | | | | Fix: If editable combobox has one value, the value is selected and changed by hand, it can't be re-selected by enter key. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* User life cycle: stageuser-add verbThierry bordaz (tbordaz)2015-04-087-415/+856
| | | | | | | | | | | | | | | Add a accounts plugin (accounts class) that defines variables and methods common to 'users' and 'stageuser'. accounts is a superclass of users/stageuser Add the stageuser plugin, with support of stageuser-add verb. Reviewed By: David Kupka, Martin Basti, Jan Cholasta https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* User Life Cycle: Exclude subtree for ipaUniqueID generationThierry bordaz (tbordaz)2015-04-081-0/+16
| | | | | | | | | | | IPA UUID should not generate ipaUniqueID for entries under 'cn=provisioning,SUFFIX' Add in the configuration the ability to set (optional) 'ipaUuidExcludeSubtree' https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix ldap2 shared connectionMartin Basti2015-04-023-8/+8
| | | | | | | | | Since API is not singleton anymore, ldap2 connections should not be shared by default. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* fix improper handling of boolean option inMartin Babinsky2015-04-021-1/+1
| | | | | | | | read_replica_info_kra_enabled This patch fixes https://fedorahosted.org/freeipa/ticket/4530. Reviewed-By: Martin Basti <mbasti@redhat.com>
* do not log BINDs to non-existent users as errorsMartin Babinsky2015-04-021-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4889 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Ipatests DNS SOA Record MaintenanceAles 'alich' Marecek2015-04-021-0/+757
| | | | | | https://fedorahosted.org/freeipa/ticket/4746 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: port of p11helper test from githubMilan Kubik2015-04-022-1/+277
| | | | | | | | | | | | Ported the github hosted [1] script to use pytest's abilities and included it in ipatests/test_ipapython directory. [1]: https://github.com/spacekpe/freeipa-pkcs11/blob/master/python/run.py https://fedorahosted.org/freeipa/ticket/4829 Signed-off-by: Martin Basti <mbasti@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: Do not log into filesMartin Basti2015-04-023-3/+3
| | | | | | | | We want to log DNSSEC daemons only into console (journald) https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Server Upgrade: Fix commentsMartin Basti2015-04-021-8/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Bump ipa.conf version to 17.David Kupka2015-03-301-1/+1
| | | | | | | Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Use mod_auth_gssapi instead of mod_auth_kerb.David Kupka2015-03-305-23/+20
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/4190 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Remove unused part of ipa.conf.David Kupka2015-03-301-15/+0
| | | | | | | | | | Separate configuration of '/var/www/cgi-bin' is no longer needed legacy from IPA 1.0. Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Skip time sync during client install when using --no-ntpNathan Kinder2015-03-261-1/+2
| | | | | | | | | | When --no-ntp is specified during ipa-client-install, we still attempt to perform a time sync before obtaining a TGT from the KDC. We should not be attempting to sync time with the KDC if we are explicitly told to not configure ntp. Ticket: https://fedorahosted.org/freeipa/ticket/4842 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* slapi-nis: require 0.54.2 for CVE-2015-0283 fixesAlexander Bokovoy2015-03-261-1/+1
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* extdom: fix wrong realloc sizeSumit Bose2015-03-261-1/+1
| | | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Sumit Bose <sbose@redhat.com>
* fix Makefile.am for daemonsAlexander Bokovoy2015-03-264-4/+1
| | | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Sumit Bose <sbose@redhat.com>
* show the exception message thrown by dogtag._parse_ca_status during installMartin Babinsky2015-03-261-2/+2
| | | | | | | https://fedorahosted.org/freeipa/ticket/4885 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* migrate-ds: print out failed attempts when no users/groups are migratedMartin Babinsky2015-03-231-9/+8
| | | | | | | This patch should fix both https://fedorahosted.org/freeipa/ticket/4846 and https://fedorahosted.org/freeipa/ticket/4952. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* upload_cacrt: Fix empty cACertificate in cn=CAcertJan Cholasta2015-03-191-24/+30
| | | | | | https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* client: Fix ca_is_enabled callsJan Cholasta2015-03-192-4/+4
| | | | | | | | | The command was added in API version 2.107. Old IPA servers may crash with NetworkError on ca_is_enabled, handle this case gracefully. https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* client-install: Do not crash on invalid CA certificate in LDAPJan Cholasta2015-03-191-4/+13
| | | | | | | | | When CA certificates in LDAP are corrupted, use the otherwise acquired CA certificates from before. https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* certstore: Make certificate retrieval more robustJan Cholasta2015-03-191-22/+52
| | | | | | https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: remove --test optionMartin Basti2015-03-197-73/+47
| | | | | | | | | As --test option is not used for developing, and it is not recommended to test if upgrade will pass, this path removes it copmletely. https://fedorahosted.org/freeipa/ticket/3448 Reviewed-By: David Kupka <dkupka@redhat.com>
* Revert "Server Upgrade: respect --test option in plugins"Tomas Babej2015-03-197-35/+0
| | | | This reverts commit c95c4849ae1ecc90ac926b8b7d61e153b42e7699.
* Server Upgrade: respect --test option in pluginsMartin Basti2015-03-197-0/+35
| | | | | | | | | Several plugins do the LDAP data modification directly. In test mode these plugis should not be executed. https://fedorahosted.org/freeipa/ticket/3448 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: order update files by defaultMartin Basti2015-03-194-5/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Update entries in order specified in fileMartin Basti2015-03-199-88/+30
| | | | | | | | | | | | Dictionary replaced with list. Particular upgrades are executed in the same order as they are specified in update a file. Different updates for the smae cn, are not merged into one upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Set modified to false, before each updateMartin Basti2015-03-191-1/+2
| | | | | | | Variable self.modified should be set to false before each run of update Ticket: https://fedorahosted.org/freeipa/ticket/3560 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Upgrade one file per timeMartin Basti2015-03-191-36/+18
| | | | | | | | * Files are sorted alphabetically, no numbering required anymore * One file updated per time Ticket: https://fedorahosted.org/freeipa/ticket/3560 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: do not sort updates by DNMartin Basti2015-03-191-13/+2
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Remove unused PRE_SCHEMA_UPDATEMartin Basti2015-03-196-56/+10
| | | | | | | This is not used anymore. Ticket: https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* extdom: migrate check-based test to cmockaSumit Bose2015-03-185-245/+176
| | | | | | | | | Besides moving the existing tests to cmocka two new tests are added which were missing from the old tests. Related to https://fedorahosted.org/freeipa/ticket/4922 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* SPEC: Require python2 version of sssd bindingsLukas Slebodnik2015-03-181-0/+6
| | | | | | | | | | | | | | | | | | | | Python modules pysss and pysss_murmur was part of package sssd-common. Fedora 22 tries to get rid of python2 and therefore these modules were extracted from package sssd-common to separate packages python-sss and python-sss-murmur and python3 version of packages python3-sss python3-sss-murmur git grep "pysss" | grep import ipalib/plugins/trust.py: import pysss_murmur #pylint: disable=F0401 ipaserver/dcerpc.py:import pysss ipaserver/dcerpc.py is pacakged in freeipa-server-trust-ad palib/plugins/trust.py is packaged in freeipa-python Resolves: https://fedorahosted.org/freeipa/ticket/4929 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* SPEC: Explicitly requires python-sssdconfigLukas Slebodnik2015-03-181-0/+2
| | | | | | | Resolves: https://fedorahosted.org/freeipa/ticket/4929 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* extdom: add selected error messagesSumit Bose2015-03-181-13/+38
| | | | Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* extdom: add add_err_msg() with testSumit Bose2015-03-183-0/+67
| | | | Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* extdom: add err_msg member to request contextSumit Bose2015-03-183-1/+6
| | | | Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* Always reload StateFile before getting or modifying the stored values.David Kupka2015-03-181-2/+11
| | | | | | | | | | This change does not solve using multiple instances of StateFile concurently because there is no use for it in near future. Instead this solves an issue of loosing records when more instances of StateFile are interleaved in sequential code. https://fedorahosted.org/freeipa/ticket/4901 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-dns-install: use LDAPI to connect to DSMartin Babinsky2015-03-185-50/+37
| | | | | | | | | | | | | ipa-dns-install now uses LDAPI/autobind to connect to DS during the setup of DNS/DNSSEC-related service and thus makes -p option obsolete. Futhermore, now it makes more sense to use LDAPI also for API Backend connections to DS and thus all forms of Kerberos auth were removed. This fixes https://fedorahosted.org/freeipa/ticket/4933 and brings us closer to fixing https://fedorahosted.org/freeipa/ticket/2957 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-dns-install: use STARTTLS to connect to DSMartin Babinsky2015-03-186-17/+33
| | | | | | | BindInstance et al. now use STARTTLS to set up secure connection to DS during ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Timeout when performing time sync during client installNathan Kinder2015-03-163-2/+19
| | | | | | | | | | | | | We use ntpd now to sync time before fetching a TGT during client install. Unfortuantely, ntpd will hang forever if it is unable to reach the NTP server. This patch adds the ability for commands run via ipautil.run() to have an optional timeout. This capability is used by the NTP sync code that is run during ipa-client-install. Ticket: https://fedorahosted.org/freeipa/ticket/4842 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-replica-prepare can only be created on the first masterGabe2015-03-131-2/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4944 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix dead code in ipap11helper moduleMartin Basti2015-03-111-7/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* extdom: fix memory leakSumit Bose2015-03-101-0/+1
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* extdom: return LDAP_NO_SUCH_OBJECT to the clientSumit Bose2015-03-101-2/+6
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* DNS: remove NSEC3PARAM from recordsMartin Basti2015-03-093-17/+7
| | | | | | | | NSEC3PARAM is configurable only from zone commands. This patch removes this record type from DNS records. Ticket: https://fedorahosted.org/freeipa/ticket/4930 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS fix: do not show part options for unsupported recordsMartin Basti2015-03-091-1/+2
| | | | | | | Do not show parts options in help output, if record is marked as unsupported. Ticket: https://fedorahosted.org/freeipa/ticket/4930 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS fix: do not traceback if unsupported records are in LDAPMartin Basti2015-03-091-32/+32
| | | | | | | | | | Show records which are unsupported, if they are in LDAP. Those records are not editable, and web UI doesnt show them. Fixes traceback caused by --structured option Ticket: https://fedorahosted.org/freeipa/ticket/4930 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* extdom: make nss buffer configurableSumit Bose2015-03-093-22/+48
| | | | | | | | | | | | The get*_r_wrapper() calls expect a maximum buffer size to avoid memory shortage if too many threads try to allocate buffers e.g. for large groups. With this patch this size can be configured by setting ipaExtdomMaxNssBufSize in the plugin config object cn=ipa_extdom_extop,cn=plugins,cn=config. Related to https://fedorahosted.org/freeipa/ticket/4908 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
generated by cgit (git 2.34.1) at 2026-03-11 21:45:28 +0000